Code Review / openocd.git / blob
? search:


658315b261cb742d9c405c15c1e6f73efbe45845
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
95 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
96
97 fields[0].num_bits = 1;
98 fields[0].out_value = &access_type_buf;
99 fields[0].in_value = NULL;
100
101 fields[1].num_bits = 32;
102 fields[1].out_value = NULL;
103 fields[1].in_value = NULL;
104
105 fields[2].num_bits = 6;
106 fields[2].out_value = &reg_addr_buf;
107 fields[2].in_value = NULL;
108
109 fields[3].num_bits = 1;
110 fields[3].out_value = &nr_w_buf;
111 fields[3].in_value = NULL;
112
113 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
114
115 fields[1].in_value = (uint8_t *)value;
116
117 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
118
119 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
120
121 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
122 jtag_execute_queue();
123 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
124 #endif
125
126 return ERROR_OK;
127 }
128
129 static int arm920t_write_cp15_physical(struct target *target,
130 int reg_addr, uint32_t value)
131 {
132 struct arm920t_common *arm920t = target_to_arm920(target);
133 struct arm_jtag *jtag_info;
134 struct scan_field fields[4];
135 uint8_t access_type_buf = 1;
136 uint8_t reg_addr_buf = reg_addr & 0x3f;
137 uint8_t nr_w_buf = 1;
138 uint8_t value_buf[4];
139
140 jtag_info = &arm920t->arm7_9_common.jtag_info;
141
142 buf_set_u32(value_buf, 0, 32, value);
143
144 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
145 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
146
147 fields[0].num_bits = 1;
148 fields[0].out_value = &access_type_buf;
149 fields[0].in_value = NULL;
150
151 fields[1].num_bits = 32;
152 fields[1].out_value = value_buf;
153 fields[1].in_value = NULL;
154
155 fields[2].num_bits = 6;
156 fields[2].out_value = &reg_addr_buf;
157 fields[2].in_value = NULL;
158
159 fields[3].num_bits = 1;
160 fields[3].out_value = &nr_w_buf;
161 fields[3].in_value = NULL;
162
163 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
164
165 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
166 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
167 #endif
168
169 return ERROR_OK;
170 }
171
172 /* See table 9-10 for scan chain 15 format during interpreted access mode.
173 * If the TESTSTATE register is set for interpreted access, certain CP15
174 * MRC and MCR instructions may be executed through scan chain 15.
175 *
176 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
177 * executed using scan chain 15 interpreted mode.
178 */
179 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
180 uint32_t arm_opcode)
181 {
182 int retval;
183 struct arm920t_common *arm920t = target_to_arm920(target);
184 struct arm_jtag *jtag_info;
185 struct scan_field fields[4];
186 uint8_t access_type_buf = 0; /* interpreted access */
187 uint8_t reg_addr_buf = 0x0;
188 uint8_t nr_w_buf = 0;
189 uint8_t cp15_opcode_buf[4];
190
191 jtag_info = &arm920t->arm7_9_common.jtag_info;
192
193 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
194 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
195
196 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
197
198 fields[0].num_bits = 1;
199 fields[0].out_value = &access_type_buf;
200 fields[0].in_value = NULL;
201
202 fields[1].num_bits = 32;
203 fields[1].out_value = cp15_opcode_buf;
204 fields[1].in_value = NULL;
205
206 fields[2].num_bits = 6;
207 fields[2].out_value = &reg_addr_buf;
208 fields[2].in_value = NULL;
209
210 fields[3].num_bits = 1;
211 fields[3].out_value = &nr_w_buf;
212 fields[3].in_value = NULL;
213
214 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
215
216 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
217 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
218 retval = arm7_9_execute_sys_speed(target);
219 if (retval != ERROR_OK)
220 return retval;
221
222 if ((retval = jtag_execute_queue()) != ERROR_OK)
223 {
224 LOG_ERROR("failed executing JTAG queue");
225 return retval;
226 }
227
228 return ERROR_OK;
229 }
230
231 static int arm920t_read_cp15_interpreted(struct target *target,
232 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
233 {
234 struct arm *armv4_5 = target_to_arm(target);
235 uint32_t* regs_p[1];
236 uint32_t regs[2];
237 uint32_t cp15c15 = 0x0;
238 struct reg *r = armv4_5->core_cache->reg_list;
239
240 /* load address into R1 */
241 regs[1] = address;
242 arm9tdmi_write_core_regs(target, 0x2, regs);
243
244 /* read-modify-write CP15 test state register
245 * to enable interpreted access mode */
246 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
247 jtag_execute_queue();
248 cp15c15 |= 1; /* set interpret mode */
249 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
250
251 /* execute CP15 instruction and ARM load (reading from coprocessor) */
252 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
253
254 /* disable interpreted access mode */
255 cp15c15 &= ~1U; /* clear interpret mode */
256 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
257
258 /* retrieve value from R0 */
259 regs_p[0] = value;
260 arm9tdmi_read_core_regs(target, 0x1, regs_p);
261 jtag_execute_queue();
262
263 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
264 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
265 cp15_opcode, address, *value);
266 #endif
267
268 if (!is_arm_mode(armv4_5->core_mode))
269 return ERROR_FAIL;
270
271 r[0].dirty = 1;
272 r[1].dirty = 1;
273
274 return ERROR_OK;
275 }
276
277 static
278 int arm920t_write_cp15_interpreted(struct target *target,
279 uint32_t cp15_opcode, uint32_t value, uint32_t address)
280 {
281 uint32_t cp15c15 = 0x0;
282 struct arm *armv4_5 = target_to_arm(target);
283 uint32_t regs[2];
284 struct reg *r = armv4_5->core_cache->reg_list;
285
286 /* load value, address into R0, R1 */
287 regs[0] = value;
288 regs[1] = address;
289 arm9tdmi_write_core_regs(target, 0x3, regs);
290
291 /* read-modify-write CP15 test state register
292 * to enable interpreted access mode */
293 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
294 jtag_execute_queue();
295 cp15c15 |= 1; /* set interpret mode */
296 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
297
298 /* execute CP15 instruction and ARM store (writing to coprocessor) */
299 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
300
301 /* disable interpreted access mode */
302 cp15c15 &= ~1U; /* set interpret mode */
303 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
304
305 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
306 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
307 cp15_opcode, value, address);
308 #endif
309
310 if (!is_arm_mode(armv4_5->core_mode))
311 return ERROR_FAIL;
312
313 r[0].dirty = 1;
314 r[1].dirty = 1;
315
316 return ERROR_OK;
317 }
318
319 // EXPORTED to FA256
320 uint32_t arm920t_get_ttb(struct target *target)
321 {
322 int retval;
323 uint32_t ttb = 0x0;
324
325 if ((retval = arm920t_read_cp15_interpreted(target,
326 /* FIXME use opcode macro */
327 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
328 return retval;
329
330 return ttb;
331 }
332
333 // EXPORTED to FA256
334 void arm920t_disable_mmu_caches(struct target *target, int mmu,
335 int d_u_cache, int i_cache)
336 {
337 uint32_t cp15_control;
338
339 /* read cp15 control register */
340 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
341 jtag_execute_queue();
342
343 if (mmu)
344 cp15_control &= ~0x1U;
345
346 if (d_u_cache)
347 cp15_control &= ~0x4U;
348
349 if (i_cache)
350 cp15_control &= ~0x1000U;
351
352 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
353 }
354
355 // EXPORTED to FA256
356 void arm920t_enable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360
361 /* read cp15 control register */
362 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
363 jtag_execute_queue();
364
365 if (mmu)
366 cp15_control |= 0x1U;
367
368 if (d_u_cache)
369 cp15_control |= 0x4U;
370
371 if (i_cache)
372 cp15_control |= 0x1000U;
373
374 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
375 }
376
377 // EXPORTED to FA256
378 void arm920t_post_debug_entry(struct target *target)
379 {
380 uint32_t cp15c15;
381 struct arm920t_common *arm920t = target_to_arm920(target);
382
383 /* examine cp15 control reg */
384 arm920t_read_cp15_physical(target,
385 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
386 jtag_execute_queue();
387 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
388
389 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
390 {
391 uint32_t cache_type_reg;
392 /* identify caches */
393 arm920t_read_cp15_physical(target,
394 CP15PHYS_CACHETYPE, &cache_type_reg);
395 jtag_execute_queue();
396 armv4_5_identify_cache(cache_type_reg,
397 &arm920t->armv4_5_mmu.armv4_5_cache);
398 }
399
400 arm920t->armv4_5_mmu.mmu_enabled =
401 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
402 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
403 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
404 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
405 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
406
407 /* save i/d fault status and address register */
408 /* FIXME use opcode macros */
409 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
410 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
411 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
412 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
413
414 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
415 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
416 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
417
418 if (arm920t->preserve_cache)
419 {
420 /* read-modify-write CP15 test state register
421 * to disable I/D-cache linefills */
422 arm920t_read_cp15_physical(target,
423 CP15PHYS_TESTSTATE, &cp15c15);
424 jtag_execute_queue();
425 cp15c15 |= 0x600;
426 arm920t_write_cp15_physical(target,
427 CP15PHYS_TESTSTATE, cp15c15);
428 }
429 }
430
431 // EXPORTED to FA256
432 void arm920t_pre_restore_context(struct target *target)
433 {
434 uint32_t cp15c15;
435 struct arm920t_common *arm920t = target_to_arm920(target);
436
437 /* restore i/d fault status and address register */
438 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
439 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
440 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
441 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
442
443 /* read-modify-write CP15 test state register
444 * to reenable I/D-cache linefills */
445 if (arm920t->preserve_cache)
446 {
447 arm920t_read_cp15_physical(target,
448 CP15PHYS_TESTSTATE, &cp15c15);
449 jtag_execute_queue();
450 cp15c15 &= ~0x600U;
451 arm920t_write_cp15_physical(target,
452 CP15PHYS_TESTSTATE, cp15c15);
453 }
454 }
455
456 static const char arm920_not[] = "target is not an ARM920";
457
458 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
459 struct arm920t_common *arm920t)
460 {
461 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
462 command_print(cmd_ctx, arm920_not);
463 return ERROR_TARGET_INVALID;
464 }
465
466 return ERROR_OK;
467 }
468
469 /** Logs summary of ARM920 state for a halted target. */
470 int arm920t_arch_state(struct target *target)
471 {
472 static const char *state[] =
473 {
474 "disabled", "enabled"
475 };
476
477 struct arm920t_common *arm920t = target_to_arm920(target);
478 struct arm *armv4_5;
479
480 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
481 {
482 LOG_ERROR("BUG: %s", arm920_not);
483 return ERROR_TARGET_INVALID;
484 }
485
486 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
487
488 arm_arch_state(target);
489 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
490 state[arm920t->armv4_5_mmu.mmu_enabled],
491 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
492 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
493
494 return ERROR_OK;
495 }
496
497 static int arm920_mmu(struct target *target, int *enabled)
498 {
499 if (target->state != TARGET_HALTED) {
500 LOG_ERROR("%s: target not halted", __func__);
501 return ERROR_TARGET_INVALID;
502 }
503
504 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
505 return ERROR_OK;
506 }
507
508 static int arm920_virt2phys(struct target *target,
509 uint32_t virt, uint32_t *phys)
510 {
511 int type;
512 uint32_t cb;
513 int domain;
514 uint32_t ap;
515 struct arm920t_common *arm920t = target_to_arm920(target);
516
517 uint32_t ret = armv4_5_mmu_translate_va(target,
518 &arm920t->armv4_5_mmu, virt, &type, &cb, &domain, &ap);
519 if (type == -1)
520 {
521 return ret;
522 }
523 *phys = ret;
524 return ERROR_OK;
525 }
526
527 /** Reads a buffer, in the specified word size, with current MMU settings. */
528 int arm920t_read_memory(struct target *target, uint32_t address,
529 uint32_t size, uint32_t count, uint8_t *buffer)
530 {
531 int retval;
532
533 retval = arm7_9_read_memory(target, address, size, count, buffer);
534
535 return retval;
536 }
537
538
539 static int arm920t_read_phys_memory(struct target *target,
540 uint32_t address, uint32_t size,
541 uint32_t count, uint8_t *buffer)
542 {
543 struct arm920t_common *arm920t = target_to_arm920(target);
544
545 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
546 address, size, count, buffer);
547 }
548
549 static int arm920t_write_phys_memory(struct target *target,
550 uint32_t address, uint32_t size,
551 uint32_t count, uint8_t *buffer)
552 {
553 struct arm920t_common *arm920t = target_to_arm920(target);
554
555 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
556 address, size, count, buffer);
557 }
558
559
560 /** Writes a buffer, in the specified word size, with current MMU settings. */
561 int arm920t_write_memory(struct target *target, uint32_t address,
562 uint32_t size, uint32_t count, uint8_t *buffer)
563 {
564 int retval;
565 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
566 struct arm920t_common *arm920t = target_to_arm920(target);
567
568 /* FIX!!!! this should be cleaned up and made much more general. The
569 * plan is to write up and test on arm920t specifically and
570 * then generalize and clean up afterwards.
571 *
572 * Also it should be moved to the callbacks that handle breakpoints
573 * specifically and not the generic memory write fn's. See XScale code.
574 */
575 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
576 ((size==2) || (size==4)))
577 {
578 /* special case the handling of single word writes to
579 * bypass MMU, to allow implementation of breakpoints
580 * in memory marked read only
581 * by MMU
582 */
583 int type;
584 uint32_t cb;
585 int domain;
586 uint32_t ap;
587 uint32_t pa;
588
589 /*
590 * We need physical address and cb
591 */
592 pa = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
593 address, &type, &cb, &domain, &ap);
594 if (type == -1)
595 return pa;
596
597 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
598 {
599 if (cb & 0x1)
600 {
601 LOG_DEBUG("D-Cache buffered, "
602 "drain write buffer");
603 /*
604 * Buffered ?
605 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
606 */
607
608 retval = arm920t_write_cp15_interpreted(target,
609 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
610 0x0, 0);
611 if (retval != ERROR_OK)
612 return retval;
613 }
614
615 if (cb == 0x3)
616 {
617 /*
618 * Write back memory ? -> clean cache
619 *
620 * There is no way to clean cache lines using
621 * cp15 scan chain, so copy the full cache
622 * line from cache to physical memory.
623 */
624 uint8_t data[32];
625
626 LOG_DEBUG("D-Cache in 'write back' mode, "
627 "flush cache line");
628
629 retval = target_read_memory(target,
630 address & cache_mask, 1,
631 sizeof(data), &data[0]);
632 if (retval != ERROR_OK)
633 return retval;
634
635 retval = armv4_5_mmu_write_physical(target,
636 &arm920t->armv4_5_mmu,
637 pa & cache_mask, 1,
638 sizeof(data), &data[0]);
639 if (retval != ERROR_OK)
640 return retval;
641 }
642
643 /* Cached ? */
644 if (cb & 0x2)
645 {
646 /*
647 * Cached ? -> Invalidate data cache using MVA
648 *
649 * MCR p15,0,Rd,c7,c6,1
650 */
651 LOG_DEBUG("D-Cache enabled, "
652 "invalidate cache line");
653
654 retval = arm920t_write_cp15_interpreted(target,
655 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
656 address & cache_mask);
657 if (retval != ERROR_OK)
658 return retval;
659 }
660 }
661
662 /* write directly to physical memory,
663 * bypassing any read only MMU bits, etc.
664 */
665 retval = armv4_5_mmu_write_physical(target,
666 &arm920t->armv4_5_mmu, pa, size,
667 count, buffer);
668 if (retval != ERROR_OK)
669 return retval;
670 } else
671 {
672 if ((retval = arm7_9_write_memory(target, address,
673 size, count, buffer)) != ERROR_OK)
674 return retval;
675 }
676
677 /* If ICache is enabled, we have to invalidate affected ICache lines
678 * the DCache is forced to write-through,
679 * so we don't have to clean it here
680 */
681 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
682 {
683 if (count <= 1)
684 {
685 /* invalidate ICache single entry with MVA
686 * mcr 15, 0, r0, cr7, cr5, {1}
687 */
688 LOG_DEBUG("I-Cache enabled, "
689 "invalidating affected I-Cache line");
690 retval = arm920t_write_cp15_interpreted(target,
691 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
692 0x0, address & cache_mask);
693 if (retval != ERROR_OK)
694 return retval;
695 }
696 else
697 {
698 /* invalidate ICache
699 * mcr 15, 0, r0, cr7, cr5, {0}
700 */
701 retval = arm920t_write_cp15_interpreted(target,
702 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
703 0x0, 0x0);
704 if (retval != ERROR_OK)
705 return retval;
706 }
707 }
708
709 return retval;
710 }
711
712 // EXPORTED to FA256
713 int arm920t_soft_reset_halt(struct target *target)
714 {
715 int retval = ERROR_OK;
716 struct arm920t_common *arm920t = target_to_arm920(target);
717 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
718 struct arm *armv4_5 = &arm7_9->armv4_5_common;
719 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
720
721 if ((retval = target_halt(target)) != ERROR_OK)
722 {
723 return retval;
724 }
725
726 long long then = timeval_ms();
727 int timeout;
728 while (!(timeout = ((timeval_ms()-then) > 1000)))
729 {
730 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
731 == 0)
732 {
733 embeddedice_read_reg(dbg_stat);
734 if ((retval = jtag_execute_queue()) != ERROR_OK)
735 {
736 return retval;
737 }
738 } else
739 {
740 break;
741 }
742 if (debug_level >= 3)
743 {
744 /* do not eat all CPU, time out after 1 se*/
745 alive_sleep(100);
746 } else
747 {
748 keep_alive();
749 }
750 }
751 if (timeout)
752 {
753 LOG_ERROR("Failed to halt CPU after 1 sec");
754 return ERROR_TARGET_TIMEOUT;
755 }
756
757 target->state = TARGET_HALTED;
758
759 /* SVC, ARM state, IRQ and FIQ disabled */
760 uint32_t cpsr;
761
762 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
763 cpsr &= ~0xff;
764 cpsr |= 0xd3;
765 arm_set_cpsr(armv4_5, cpsr);
766 armv4_5->cpsr->dirty = 1;
767
768 /* start fetching from 0x0 */
769 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
770 armv4_5->pc->dirty = 1;
771 armv4_5->pc->valid = 1;
772
773 arm920t_disable_mmu_caches(target, 1, 1, 1);
774 arm920t->armv4_5_mmu.mmu_enabled = 0;
775 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
776 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
777
778 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
779 }
780
781 /* FIXME remove forward decls */
782 static int arm920t_mrc(struct target *target, int cpnum,
783 uint32_t op1, uint32_t op2,
784 uint32_t CRn, uint32_t CRm,
785 uint32_t *value);
786 static int arm920t_mcr(struct target *target, int cpnum,
787 uint32_t op1, uint32_t op2,
788 uint32_t CRn, uint32_t CRm,
789 uint32_t value);
790
791 static int arm920t_init_arch_info(struct target *target,
792 struct arm920t_common *arm920t, struct jtag_tap *tap)
793 {
794 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
795
796 arm7_9->armv4_5_common.mrc = arm920t_mrc;
797 arm7_9->armv4_5_common.mcr = arm920t_mcr;
798
799 /* initialize arm7/arm9 specific info (including armv4_5) */
800 arm9tdmi_init_arch_info(target, arm7_9, tap);
801
802 arm920t->common_magic = ARM920T_COMMON_MAGIC;
803
804 arm7_9->post_debug_entry = arm920t_post_debug_entry;
805 arm7_9->pre_restore_context = arm920t_pre_restore_context;
806
807 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
808 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
809 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
810 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
811 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
812 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
813 arm920t->armv4_5_mmu.has_tiny_pages = 1;
814 arm920t->armv4_5_mmu.mmu_enabled = 0;
815
816 /* disabling linefills leads to lockups, so keep them enabled for now
817 * this doesn't affect correctness, but might affect timing issues, if
818 * important data is evicted from the cache during the debug session
819 * */
820 arm920t->preserve_cache = 0;
821
822 /* override hw single-step capability from ARM9TDMI */
823 arm7_9->has_single_step = 1;
824
825 return ERROR_OK;
826 }
827
828 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
829 {
830 struct arm920t_common *arm920t;
831
832 arm920t = calloc(1,sizeof(struct arm920t_common));
833 return arm920t_init_arch_info(target, arm920t, target->tap);
834 }
835
836 COMMAND_HANDLER(arm920t_handle_read_cache_command)
837 {
838 int retval = ERROR_OK;
839 struct target *target = get_current_target(CMD_CTX);
840 struct arm920t_common *arm920t = target_to_arm920(target);
841 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
842 struct arm *armv4_5 = &arm7_9->armv4_5_common;
843 uint32_t cp15c15;
844 uint32_t cp15_ctrl, cp15_ctrl_saved;
845 uint32_t regs[16];
846 uint32_t *regs_p[16];
847 uint32_t C15_C_D_Ind, C15_C_I_Ind;
848 int i;
849 FILE *output;
850 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
851 int segment, index;
852 struct reg *r;
853
854 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
855 if (retval != ERROR_OK)
856 return retval;
857
858 if (CMD_ARGC != 1)
859 {
860 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
861 return ERROR_OK;
862 }
863
864 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
865 {
866 LOG_DEBUG("error opening cache content file");
867 return ERROR_OK;
868 }
869
870 for (i = 0; i < 16; i++)
871 regs_p[i] = &regs[i];
872
873 /* disable MMU and Caches */
874 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
875 if ((retval = jtag_execute_queue()) != ERROR_OK)
876 {
877 return retval;
878 }
879 cp15_ctrl_saved = cp15_ctrl;
880 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
881 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
882 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
883
884 /* read CP15 test state register */
885 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
886 jtag_execute_queue();
887
888 /* read DCache content */
889 fprintf(output, "DCache:\n");
890
891 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
892 for (segment = 0;
893 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
894 segment++)
895 {
896 fprintf(output, "\nsegment: %i\n----------", segment);
897
898 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
899 regs[0] = 0x0 | (segment << 5);
900 arm9tdmi_write_core_regs(target, 0x1, regs);
901
902 /* set interpret mode */
903 cp15c15 |= 0x1;
904 arm920t_write_cp15_physical(target,
905 CP15PHYS_TESTSTATE, cp15c15);
906
907 /* D CAM Read, loads current victim into C15.C.D.Ind */
908 arm920t_execute_cp15(target,
909 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
910
911 /* read current victim */
912 arm920t_read_cp15_physical(target,
913 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
914
915 /* clear interpret mode */
916 cp15c15 &= ~0x1;
917 arm920t_write_cp15_physical(target,
918 CP15PHYS_TESTSTATE, cp15c15);
919
920 for (index = 0; index < 64; index++)
921 {
922 /* Ra:
923 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
924 */
925 regs[0] = 0x0 | (segment << 5) | (index << 26);
926 arm9tdmi_write_core_regs(target, 0x1, regs);
927
928 /* set interpret mode */
929 cp15c15 |= 0x1;
930 arm920t_write_cp15_physical(target,
931 CP15PHYS_TESTSTATE, cp15c15);
932
933 /* Write DCache victim */
934 arm920t_execute_cp15(target,
935 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
936
937 /* Read D RAM */
938 arm920t_execute_cp15(target,
939 ARMV4_5_MCR(15,2,0,15,10,2),
940 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
941
942 /* Read D CAM */
943 arm920t_execute_cp15(target,
944 ARMV4_5_MCR(15,2,0,15,6,2),
945 ARMV4_5_LDR(9, 0));
946
947 /* clear interpret mode */
948 cp15c15 &= ~0x1;
949 arm920t_write_cp15_physical(target,
950 CP15PHYS_TESTSTATE, cp15c15);
951
952 /* read D RAM and CAM content */
953 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
954 if ((retval = jtag_execute_queue()) != ERROR_OK)
955 {
956 return retval;
957 }
958
959 d_cache[segment][index].cam = regs[9];
960
961 /* mask LFSR[6] */
962 regs[9] &= 0xfffffffe;
963 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
964 PRIx32 ", content (%s):\n",
965 segment, index, regs[9],
966 (regs[9] & 0x10) ? "valid" : "invalid");
967
968 for (i = 1; i < 9; i++)
969 {
970 d_cache[segment][index].data[i] = regs[i];
971 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
972 i-1, regs[i]);
973 }
974
975 }
976
977 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
978 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
979 arm9tdmi_write_core_regs(target, 0x1, regs);
980
981 /* set interpret mode */
982 cp15c15 |= 0x1;
983 arm920t_write_cp15_physical(target,
984 CP15PHYS_TESTSTATE, cp15c15);
985
986 /* Write DCache victim */
987 arm920t_execute_cp15(target,
988 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
989
990 /* clear interpret mode */
991 cp15c15 &= ~0x1;
992 arm920t_write_cp15_physical(target,
993 CP15PHYS_TESTSTATE, cp15c15);
994 }
995
996 /* read ICache content */
997 fprintf(output, "ICache:\n");
998
999 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1000 for (segment = 0;
1001 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1002 segment++)
1003 {
1004 fprintf(output, "segment: %i\n----------", segment);
1005
1006 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1007 regs[0] = 0x0 | (segment << 5);
1008 arm9tdmi_write_core_regs(target, 0x1, regs);
1009
1010 /* set interpret mode */
1011 cp15c15 |= 0x1;
1012 arm920t_write_cp15_physical(target,
1013 CP15PHYS_TESTSTATE, cp15c15);
1014
1015 /* I CAM Read, loads current victim into C15.C.I.Ind */
1016 arm920t_execute_cp15(target,
1017 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1018
1019 /* read current victim */
1020 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1021 &C15_C_I_Ind);
1022
1023 /* clear interpret mode */
1024 cp15c15 &= ~0x1;
1025 arm920t_write_cp15_physical(target,
1026 CP15PHYS_TESTSTATE, cp15c15);
1027
1028 for (index = 0; index < 64; index++)
1029 {
1030 /* Ra:
1031 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1032 */
1033 regs[0] = 0x0 | (segment << 5) | (index << 26);
1034 arm9tdmi_write_core_regs(target, 0x1, regs);
1035
1036 /* set interpret mode */
1037 cp15c15 |= 0x1;
1038 arm920t_write_cp15_physical(target,
1039 CP15PHYS_TESTSTATE, cp15c15);
1040
1041 /* Write ICache victim */
1042 arm920t_execute_cp15(target,
1043 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1044
1045 /* Read I RAM */
1046 arm920t_execute_cp15(target,
1047 ARMV4_5_MCR(15,2,0,15,9,2),
1048 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1049
1050 /* Read I CAM */
1051 arm920t_execute_cp15(target,
1052 ARMV4_5_MCR(15,2,0,15,5,2),
1053 ARMV4_5_LDR(9, 0));
1054
1055 /* clear interpret mode */
1056 cp15c15 &= ~0x1;
1057 arm920t_write_cp15_physical(target,
1058 CP15PHYS_TESTSTATE, cp15c15);
1059
1060 /* read I RAM and CAM content */
1061 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1062 if ((retval = jtag_execute_queue()) != ERROR_OK)
1063 {
1064 return retval;
1065 }
1066
1067 i_cache[segment][index].cam = regs[9];
1068
1069 /* mask LFSR[6] */
1070 regs[9] &= 0xfffffffe;
1071 fprintf(output, "\nsegment: %i, index: %i, "
1072 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1073 segment, index, regs[9],
1074 (regs[9] & 0x10) ? "valid" : "invalid");
1075
1076 for (i = 1; i < 9; i++)
1077 {
1078 i_cache[segment][index].data[i] = regs[i];
1079 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1080 i-1, regs[i]);
1081 }
1082 }
1083
1084 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1085 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1086 arm9tdmi_write_core_regs(target, 0x1, regs);
1087
1088 /* set interpret mode */
1089 cp15c15 |= 0x1;
1090 arm920t_write_cp15_physical(target,
1091 CP15PHYS_TESTSTATE, cp15c15);
1092
1093 /* Write ICache victim */
1094 arm920t_execute_cp15(target,
1095 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1096
1097 /* clear interpret mode */
1098 cp15c15 &= ~0x1;
1099 arm920t_write_cp15_physical(target,
1100 CP15PHYS_TESTSTATE, cp15c15);
1101 }
1102
1103 /* restore CP15 MMU and Cache settings */
1104 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1105
1106 command_print(CMD_CTX, "cache content successfully output to %s",
1107 CMD_ARGV[0]);
1108
1109 fclose(output);
1110
1111 if (!is_arm_mode(armv4_5->core_mode))
1112 return ERROR_FAIL;
1113
1114 /* force writeback of the valid data */
1115 r = armv4_5->core_cache->reg_list;
1116 r[0].dirty = r[0].valid;
1117 r[1].dirty = r[1].valid;
1118 r[2].dirty = r[2].valid;
1119 r[3].dirty = r[3].valid;
1120 r[4].dirty = r[4].valid;
1121 r[5].dirty = r[5].valid;
1122 r[6].dirty = r[6].valid;
1123 r[7].dirty = r[7].valid;
1124
1125 r = arm_reg_current(armv4_5, 8);
1126 r->dirty = r->valid;
1127
1128 r = arm_reg_current(armv4_5, 9);
1129 r->dirty = r->valid;
1130
1131 return ERROR_OK;
1132 }
1133
1134 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1135 {
1136 int retval = ERROR_OK;
1137 struct target *target = get_current_target(CMD_CTX);
1138 struct arm920t_common *arm920t = target_to_arm920(target);
1139 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1140 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1141 uint32_t cp15c15;
1142 uint32_t cp15_ctrl, cp15_ctrl_saved;
1143 uint32_t regs[16];
1144 uint32_t *regs_p[16];
1145 int i;
1146 FILE *output;
1147 uint32_t Dlockdown, Ilockdown;
1148 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1149 int victim;
1150 struct reg *r;
1151
1152 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1153 if (retval != ERROR_OK)
1154 return retval;
1155
1156 if (CMD_ARGC != 1)
1157 {
1158 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1159 return ERROR_OK;
1160 }
1161
1162 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1163 {
1164 LOG_DEBUG("error opening mmu content file");
1165 return ERROR_OK;
1166 }
1167
1168 for (i = 0; i < 16; i++)
1169 regs_p[i] = &regs[i];
1170
1171 /* disable MMU and Caches */
1172 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1173 if ((retval = jtag_execute_queue()) != ERROR_OK)
1174 {
1175 return retval;
1176 }
1177 cp15_ctrl_saved = cp15_ctrl;
1178 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1179 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1180 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1181
1182 /* read CP15 test state register */
1183 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1184 if ((retval = jtag_execute_queue()) != ERROR_OK)
1185 {
1186 return retval;
1187 }
1188
1189 /* prepare reading D TLB content
1190 * */
1191
1192 /* set interpret mode */
1193 cp15c15 |= 0x1;
1194 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1195
1196 /* Read D TLB lockdown */
1197 arm920t_execute_cp15(target,
1198 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1199
1200 /* clear interpret mode */
1201 cp15c15 &= ~0x1;
1202 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1203
1204 /* read D TLB lockdown stored to r1 */
1205 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1206 if ((retval = jtag_execute_queue()) != ERROR_OK)
1207 {
1208 return retval;
1209 }
1210 Dlockdown = regs[1];
1211
1212 for (victim = 0; victim < 64; victim += 8)
1213 {
1214 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1215 * base remains unchanged, victim goes through entries 0 to 63
1216 */
1217 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1218 arm9tdmi_write_core_regs(target, 0x2, regs);
1219
1220 /* set interpret mode */
1221 cp15c15 |= 0x1;
1222 arm920t_write_cp15_physical(target,
1223 CP15PHYS_TESTSTATE, cp15c15);
1224
1225 /* Write D TLB lockdown */
1226 arm920t_execute_cp15(target,
1227 ARMV4_5_MCR(15,0,0,10,0,0),
1228 ARMV4_5_STR(1, 0));
1229
1230 /* Read D TLB CAM */
1231 arm920t_execute_cp15(target,
1232 ARMV4_5_MCR(15,4,0,15,6,4),
1233 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1234
1235 /* clear interpret mode */
1236 cp15c15 &= ~0x1;
1237 arm920t_write_cp15_physical(target,
1238 CP15PHYS_TESTSTATE, cp15c15);
1239
1240 /* read D TLB CAM content stored to r2-r9 */
1241 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1242 if ((retval = jtag_execute_queue()) != ERROR_OK)
1243 {
1244 return retval;
1245 }
1246
1247 for (i = 0; i < 8; i++)
1248 d_tlb[victim + i].cam = regs[i + 2];
1249 }
1250
1251 for (victim = 0; victim < 64; victim++)
1252 {
1253 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1254 * base remains unchanged, victim goes through entries 0 to 63
1255 */
1256 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1257 arm9tdmi_write_core_regs(target, 0x2, regs);
1258
1259 /* set interpret mode */
1260 cp15c15 |= 0x1;
1261 arm920t_write_cp15_physical(target,
1262 CP15PHYS_TESTSTATE, cp15c15);
1263
1264 /* Write D TLB lockdown */
1265 arm920t_execute_cp15(target,
1266 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1267
1268 /* Read D TLB RAM1 */
1269 arm920t_execute_cp15(target,
1270 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1271
1272 /* Read D TLB RAM2 */
1273 arm920t_execute_cp15(target,
1274 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1275
1276 /* clear interpret mode */
1277 cp15c15 &= ~0x1;
1278 arm920t_write_cp15_physical(target,
1279 CP15PHYS_TESTSTATE, cp15c15);
1280
1281 /* read D TLB RAM content stored to r2 and r3 */
1282 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1283 if ((retval = jtag_execute_queue()) != ERROR_OK)
1284 {
1285 return retval;
1286 }
1287
1288 d_tlb[victim].ram1 = regs[2];
1289 d_tlb[victim].ram2 = regs[3];
1290 }
1291
1292 /* restore D TLB lockdown */
1293 regs[1] = Dlockdown;
1294 arm9tdmi_write_core_regs(target, 0x2, regs);
1295
1296 /* Write D TLB lockdown */
1297 arm920t_execute_cp15(target,
1298 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1299
1300 /* prepare reading I TLB content
1301 * */
1302
1303 /* set interpret mode */
1304 cp15c15 |= 0x1;
1305 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1306
1307 /* Read I TLB lockdown */
1308 arm920t_execute_cp15(target,
1309 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1310
1311 /* clear interpret mode */
1312 cp15c15 &= ~0x1;
1313 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1314
1315 /* read I TLB lockdown stored to r1 */
1316 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1317 if ((retval = jtag_execute_queue()) != ERROR_OK)
1318 {
1319 return retval;
1320 }
1321 Ilockdown = regs[1];
1322
1323 for (victim = 0; victim < 64; victim += 8)
1324 {
1325 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1326 * base remains unchanged, victim goes through entries 0 to 63
1327 */
1328 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1329 arm9tdmi_write_core_regs(target, 0x2, regs);
1330
1331 /* set interpret mode */
1332 cp15c15 |= 0x1;
1333 arm920t_write_cp15_physical(target,
1334 CP15PHYS_TESTSTATE, cp15c15);
1335
1336 /* Write I TLB lockdown */
1337 arm920t_execute_cp15(target,
1338 ARMV4_5_MCR(15,0,0,10,0,1),
1339 ARMV4_5_STR(1, 0));
1340
1341 /* Read I TLB CAM */
1342 arm920t_execute_cp15(target,
1343 ARMV4_5_MCR(15,4,0,15,5,4),
1344 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1345
1346 /* clear interpret mode */
1347 cp15c15 &= ~0x1;
1348 arm920t_write_cp15_physical(target,
1349 CP15PHYS_TESTSTATE, cp15c15);
1350
1351 /* read I TLB CAM content stored to r2-r9 */
1352 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1353 if ((retval = jtag_execute_queue()) != ERROR_OK)
1354 {
1355 return retval;
1356 }
1357
1358 for (i = 0; i < 8; i++)
1359 i_tlb[i + victim].cam = regs[i + 2];
1360 }
1361
1362 for (victim = 0; victim < 64; victim++)
1363 {
1364 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1365 * base remains unchanged, victim goes through entries 0 to 63
1366 */
1367 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1368 arm9tdmi_write_core_regs(target, 0x2, regs);
1369
1370 /* set interpret mode */
1371 cp15c15 |= 0x1;
1372 arm920t_write_cp15_physical(target,
1373 CP15PHYS_TESTSTATE, cp15c15);
1374
1375 /* Write I TLB lockdown */
1376 arm920t_execute_cp15(target,
1377 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1378
1379 /* Read I TLB RAM1 */
1380 arm920t_execute_cp15(target,
1381 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1382
1383 /* Read I TLB RAM2 */
1384 arm920t_execute_cp15(target,
1385 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1386
1387 /* clear interpret mode */
1388 cp15c15 &= ~0x1;
1389 arm920t_write_cp15_physical(target,
1390 CP15PHYS_TESTSTATE, cp15c15);
1391
1392 /* read I TLB RAM content stored to r2 and r3 */
1393 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1394 if ((retval = jtag_execute_queue()) != ERROR_OK)
1395 {
1396 return retval;
1397 }
1398
1399 i_tlb[victim].ram1 = regs[2];
1400 i_tlb[victim].ram2 = regs[3];
1401 }
1402
1403 /* restore I TLB lockdown */
1404 regs[1] = Ilockdown;
1405 arm9tdmi_write_core_regs(target, 0x2, regs);
1406
1407 /* Write I TLB lockdown */
1408 arm920t_execute_cp15(target,
1409 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1410
1411 /* restore CP15 MMU and Cache settings */
1412 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1413
1414 /* output data to file */
1415 fprintf(output, "D TLB content:\n");
1416 for (i = 0; i < 64; i++)
1417 {
1418 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1419 " 0x%8.8" PRIx32 " %s\n",
1420 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1421 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1422 }
1423
1424 fprintf(output, "\n\nI TLB content:\n");
1425 for (i = 0; i < 64; i++)
1426 {
1427 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1428 " 0x%8.8" PRIx32 " %s\n",
1429 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1430 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1431 }
1432
1433 command_print(CMD_CTX, "mmu content successfully output to %s",
1434 CMD_ARGV[0]);
1435
1436 fclose(output);
1437
1438 if (!is_arm_mode(armv4_5->core_mode))
1439 return ERROR_FAIL;
1440
1441 /* force writeback of the valid data */
1442 r = armv4_5->core_cache->reg_list;
1443 r[0].dirty = r[0].valid;
1444 r[1].dirty = r[1].valid;
1445 r[2].dirty = r[2].valid;
1446 r[3].dirty = r[3].valid;
1447 r[4].dirty = r[4].valid;
1448 r[5].dirty = r[5].valid;
1449 r[6].dirty = r[6].valid;
1450 r[7].dirty = r[7].valid;
1451
1452 r = arm_reg_current(armv4_5, 8);
1453 r->dirty = r->valid;
1454
1455 r = arm_reg_current(armv4_5, 9);
1456 r->dirty = r->valid;
1457
1458 return ERROR_OK;
1459 }
1460
1461 COMMAND_HANDLER(arm920t_handle_cp15_command)
1462 {
1463 int retval;
1464 struct target *target = get_current_target(CMD_CTX);
1465 struct arm920t_common *arm920t = target_to_arm920(target);
1466
1467 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1468 if (retval != ERROR_OK)
1469 return retval;
1470
1471 if (target->state != TARGET_HALTED)
1472 {
1473 command_print(CMD_CTX, "target must be stopped for "
1474 "\"%s\" command", CMD_NAME);
1475 return ERROR_OK;
1476 }
1477
1478 /* one argument, read a register.
1479 * two arguments, write it.
1480 */
1481 if (CMD_ARGC >= 1)
1482 {
1483 int address;
1484 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1485
1486 if (CMD_ARGC == 1)
1487 {
1488 uint32_t value;
1489 if ((retval = arm920t_read_cp15_physical(target,
1490 address, &value)) != ERROR_OK)
1491 {
1492 command_print(CMD_CTX,
1493 "couldn't access reg %i", address);
1494 return ERROR_OK;
1495 }
1496 if ((retval = jtag_execute_queue()) != ERROR_OK)
1497 {
1498 return retval;
1499 }
1500
1501 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1502 address, value);
1503 }
1504 else if (CMD_ARGC == 2)
1505 {
1506 uint32_t value;
1507 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1508 retval = arm920t_write_cp15_physical(target,
1509 address, value);
1510 if (retval != ERROR_OK)
1511 {
1512 command_print(CMD_CTX,
1513 "couldn't access reg %i", address);
1514 /* REVISIT why lie? "return retval"? */
1515 return ERROR_OK;
1516 }
1517 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1518 address, value);
1519 }
1520 }
1521
1522 return ERROR_OK;
1523 }
1524
1525 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1526 {
1527 int retval;
1528 struct target *target = get_current_target(CMD_CTX);
1529 struct arm920t_common *arm920t = target_to_arm920(target);
1530
1531 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1532 if (retval != ERROR_OK)
1533 return retval;
1534
1535
1536 if (target->state != TARGET_HALTED)
1537 {
1538 command_print(CMD_CTX, "target must be stopped for "
1539 "\"%s\" command", CMD_NAME);
1540 return ERROR_OK;
1541 }
1542
1543 /* one argument, read a register.
1544 * two arguments, write it.
1545 */
1546 if (CMD_ARGC >= 1)
1547 {
1548 uint32_t opcode;
1549 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1550
1551 if (CMD_ARGC == 1)
1552 {
1553 uint32_t value;
1554 retval = arm920t_read_cp15_interpreted(target,
1555 opcode, 0x0, &value);
1556 if (retval != ERROR_OK)
1557 {
1558 command_print(CMD_CTX,
1559 "couldn't execute %8.8" PRIx32,
1560 opcode);
1561 /* REVISIT why lie? "return retval"? */
1562 return ERROR_OK;
1563 }
1564
1565 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1566 opcode, value);
1567 }
1568 else if (CMD_ARGC == 2)
1569 {
1570 uint32_t value;
1571 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1572 retval = arm920t_write_cp15_interpreted(target,
1573 opcode, value, 0);
1574 if (retval != ERROR_OK)
1575 {
1576 command_print(CMD_CTX,
1577 "couldn't execute %8.8" PRIx32,
1578 opcode);
1579 /* REVISIT why lie? "return retval"? */
1580 return ERROR_OK;
1581 }
1582 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1583 opcode, value);
1584 }
1585 else if (CMD_ARGC == 3)
1586 {
1587 uint32_t value;
1588 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1589 uint32_t address;
1590 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1591 retval = arm920t_write_cp15_interpreted(target,
1592 opcode, value, address);
1593 if (retval != ERROR_OK)
1594 {
1595 command_print(CMD_CTX,
1596 "couldn't execute %8.8" PRIx32, opcode);
1597 /* REVISIT why lie? "return retval"? */
1598 return ERROR_OK;
1599 }
1600 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1601 " %8.8" PRIx32, opcode, value, address);
1602 }
1603 }
1604 else
1605 {
1606 command_print(CMD_CTX,
1607 "usage: arm920t cp15i <opcode> [value] [address]");
1608 }
1609
1610 return ERROR_OK;
1611 }
1612
1613 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1614 {
1615 int retval;
1616 struct target *target = get_current_target(CMD_CTX);
1617 struct arm920t_common *arm920t = target_to_arm920(target);
1618
1619 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1620 if (retval != ERROR_OK)
1621 return retval;
1622
1623 return armv4_5_handle_cache_info_command(CMD_CTX,
1624 &arm920t->armv4_5_mmu.armv4_5_cache);
1625 }
1626
1627
1628 static int arm920t_mrc(struct target *target, int cpnum,
1629 uint32_t op1, uint32_t op2,
1630 uint32_t CRn, uint32_t CRm,
1631 uint32_t *value)
1632 {
1633 if (cpnum!=15)
1634 {
1635 LOG_ERROR("Only cp15 is supported");
1636 return ERROR_FAIL;
1637 }
1638
1639 /* read "to" r0 */
1640 return arm920t_read_cp15_interpreted(target,
1641 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1642 0, value);
1643 }
1644
1645 static int arm920t_mcr(struct target *target, int cpnum,
1646 uint32_t op1, uint32_t op2,
1647 uint32_t CRn, uint32_t CRm,
1648 uint32_t value)
1649 {
1650 if (cpnum!=15)
1651 {
1652 LOG_ERROR("Only cp15 is supported");
1653 return ERROR_FAIL;
1654 }
1655
1656 /* write "from" r0 */
1657 return arm920t_write_cp15_interpreted(target,
1658 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1659 0, value);
1660 }
1661
1662 static const struct command_registration arm920t_exec_command_handlers[] = {
1663 {
1664 .name = "cp15",
1665 .handler = arm920t_handle_cp15_command,
1666 .mode = COMMAND_EXEC,
1667 .help = "display/modify cp15 register",
1668 .usage = "regnum [value]",
1669 },
1670 {
1671 .name = "cp15i",
1672 .handler = arm920t_handle_cp15i_command,
1673 .mode = COMMAND_EXEC,
1674 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1675 .help = "display/modify cp15 register using ARM opcode"
1676 " (DEPRECATED)",
1677 .usage = "instruction [value [address]]",
1678 },
1679 {
1680 .name = "cache_info",
1681 .handler = arm920t_handle_cache_info_command,
1682 .mode = COMMAND_EXEC,
1683 .help = "display information about target caches",
1684 },
1685 {
1686 .name = "read_cache",
1687 .handler = arm920t_handle_read_cache_command,
1688 .mode = COMMAND_EXEC,
1689 .help = "dump I/D cache content to file",
1690 .usage = "filename",
1691 },
1692 {
1693 .name = "read_mmu",
1694 .handler = arm920t_handle_read_mmu_command,
1695 .mode = COMMAND_EXEC,
1696 .help = "dump I/D mmu content to file",
1697 .usage = "filename",
1698 },
1699 COMMAND_REGISTRATION_DONE
1700 };
1701 const struct command_registration arm920t_command_handlers[] = {
1702 {
1703 .chain = arm9tdmi_command_handlers,
1704 },
1705 {
1706 .name = "arm920t",
1707 .mode = COMMAND_ANY,
1708 .help = "arm920t command group",
1709 .chain = arm920t_exec_command_handlers,
1710 },
1711 COMMAND_REGISTRATION_DONE
1712 };
1713
1714 /** Holds methods for ARM920 targets. */
1715 struct target_type arm920t_target =
1716 {
1717 .name = "arm920t",
1718
1719 .poll = arm7_9_poll,
1720 .arch_state = arm920t_arch_state,
1721
1722 .target_request_data = arm7_9_target_request_data,
1723
1724 .halt = arm7_9_halt,
1725 .resume = arm7_9_resume,
1726 .step = arm7_9_step,
1727
1728 .assert_reset = arm7_9_assert_reset,
1729 .deassert_reset = arm7_9_deassert_reset,
1730 .soft_reset_halt = arm920t_soft_reset_halt,
1731
1732 .get_gdb_reg_list = arm_get_gdb_reg_list,
1733
1734 .read_memory = arm920t_read_memory,
1735 .write_memory = arm920t_write_memory,
1736 .read_phys_memory = arm920t_read_phys_memory,
1737 .write_phys_memory = arm920t_write_phys_memory,
1738 .mmu = arm920_mmu,
1739 .virt2phys = arm920_virt2phys,
1740
1741 .bulk_write_memory = arm7_9_bulk_write_memory,
1742
1743 .checksum_memory = arm_checksum_memory,
1744 .blank_check_memory = arm_blank_check_memory,
1745
1746 .run_algorithm = armv4_5_run_algorithm,
1747
1748 .add_breakpoint = arm7_9_add_breakpoint,
1749 .remove_breakpoint = arm7_9_remove_breakpoint,
1750 .add_watchpoint = arm7_9_add_watchpoint,
1751 .remove_watchpoint = arm7_9_remove_watchpoint,
1752
1753 .commands = arm920t_command_handlers,
1754 .target_create = arm920t_target_create,
1755 .init_target = arm9tdmi_init_target,
1756 .examine = arm7_9_examine,
1757 .check_reset = arm7_9_check_reset,
1758 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)