Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
jtag: retire tap field
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 jtag_set_end_state(TAP_IDLE);
95 arm_jtag_scann(jtag_info, 0xf);
96 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
97
98 fields[0].num_bits = 1;
99 fields[0].out_value = &access_type_buf;
100 fields[0].in_value = NULL;
101
102 fields[1].num_bits = 32;
103 fields[1].out_value = NULL;
104 fields[1].in_value = NULL;
105
106 fields[2].num_bits = 6;
107 fields[2].out_value = &reg_addr_buf;
108 fields[2].in_value = NULL;
109
110 fields[3].num_bits = 1;
111 fields[3].out_value = &nr_w_buf;
112 fields[3].in_value = NULL;
113
114 jtag_add_dr_scan(jtag_info->tap, 4, fields, jtag_get_end_state());
115
116 fields[1].in_value = (uint8_t *)value;
117
118 jtag_add_dr_scan(jtag_info->tap, 4, fields, jtag_get_end_state());
119
120 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
121
122 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
123 jtag_execute_queue();
124 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
125 #endif
126
127 return ERROR_OK;
128 }
129
130 static int arm920t_write_cp15_physical(struct target *target,
131 int reg_addr, uint32_t value)
132 {
133 struct arm920t_common *arm920t = target_to_arm920(target);
134 struct arm_jtag *jtag_info;
135 struct scan_field fields[4];
136 uint8_t access_type_buf = 1;
137 uint8_t reg_addr_buf = reg_addr & 0x3f;
138 uint8_t nr_w_buf = 1;
139 uint8_t value_buf[4];
140
141 jtag_info = &arm920t->arm7_9_common.jtag_info;
142
143 buf_set_u32(value_buf, 0, 32, value);
144
145 jtag_set_end_state(TAP_IDLE);
146 arm_jtag_scann(jtag_info, 0xf);
147 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
148
149 fields[0].num_bits = 1;
150 fields[0].out_value = &access_type_buf;
151 fields[0].in_value = NULL;
152
153 fields[1].num_bits = 32;
154 fields[1].out_value = value_buf;
155 fields[1].in_value = NULL;
156
157 fields[2].num_bits = 6;
158 fields[2].out_value = &reg_addr_buf;
159 fields[2].in_value = NULL;
160
161 fields[3].num_bits = 1;
162 fields[3].out_value = &nr_w_buf;
163 fields[3].in_value = NULL;
164
165 jtag_add_dr_scan(jtag_info->tap, 4, fields, jtag_get_end_state());
166
167 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
168 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
169 #endif
170
171 return ERROR_OK;
172 }
173
174 /* See table 9-10 for scan chain 15 format during interpreted access mode.
175 * If the TESTSTATE register is set for interpreted access, certain CP15
176 * MRC and MCR instructions may be executed through scan chain 15.
177 *
178 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
179 * executed using scan chain 15 interpreted mode.
180 */
181 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
182 uint32_t arm_opcode)
183 {
184 int retval;
185 struct arm920t_common *arm920t = target_to_arm920(target);
186 struct arm_jtag *jtag_info;
187 struct scan_field fields[4];
188 uint8_t access_type_buf = 0; /* interpreted access */
189 uint8_t reg_addr_buf = 0x0;
190 uint8_t nr_w_buf = 0;
191 uint8_t cp15_opcode_buf[4];
192
193 jtag_info = &arm920t->arm7_9_common.jtag_info;
194
195 jtag_set_end_state(TAP_IDLE);
196 arm_jtag_scann(jtag_info, 0xf);
197 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
198
199 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
200
201 fields[0].num_bits = 1;
202 fields[0].out_value = &access_type_buf;
203 fields[0].in_value = NULL;
204
205 fields[1].num_bits = 32;
206 fields[1].out_value = cp15_opcode_buf;
207 fields[1].in_value = NULL;
208
209 fields[2].num_bits = 6;
210 fields[2].out_value = &reg_addr_buf;
211 fields[2].in_value = NULL;
212
213 fields[3].num_bits = 1;
214 fields[3].out_value = &nr_w_buf;
215 fields[3].in_value = NULL;
216
217 jtag_add_dr_scan(jtag_info->tap, 4, fields, jtag_get_end_state());
218
219 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
220 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
221 retval = arm7_9_execute_sys_speed(target);
222 if (retval != ERROR_OK)
223 return retval;
224
225 if ((retval = jtag_execute_queue()) != ERROR_OK)
226 {
227 LOG_ERROR("failed executing JTAG queue");
228 return retval;
229 }
230
231 return ERROR_OK;
232 }
233
234 static int arm920t_read_cp15_interpreted(struct target *target,
235 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
236 {
237 struct arm *armv4_5 = target_to_arm(target);
238 uint32_t* regs_p[1];
239 uint32_t regs[2];
240 uint32_t cp15c15 = 0x0;
241 struct reg *r = armv4_5->core_cache->reg_list;
242
243 /* load address into R1 */
244 regs[1] = address;
245 arm9tdmi_write_core_regs(target, 0x2, regs);
246
247 /* read-modify-write CP15 test state register
248 * to enable interpreted access mode */
249 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
250 jtag_execute_queue();
251 cp15c15 |= 1; /* set interpret mode */
252 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
253
254 /* execute CP15 instruction and ARM load (reading from coprocessor) */
255 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
256
257 /* disable interpreted access mode */
258 cp15c15 &= ~1U; /* clear interpret mode */
259 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
260
261 /* retrieve value from R0 */
262 regs_p[0] = value;
263 arm9tdmi_read_core_regs(target, 0x1, regs_p);
264 jtag_execute_queue();
265
266 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
267 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
268 cp15_opcode, address, *value);
269 #endif
270
271 if (!is_arm_mode(armv4_5->core_mode))
272 return ERROR_FAIL;
273
274 r[0].dirty = 1;
275 r[1].dirty = 1;
276
277 return ERROR_OK;
278 }
279
280 static
281 int arm920t_write_cp15_interpreted(struct target *target,
282 uint32_t cp15_opcode, uint32_t value, uint32_t address)
283 {
284 uint32_t cp15c15 = 0x0;
285 struct arm *armv4_5 = target_to_arm(target);
286 uint32_t regs[2];
287 struct reg *r = armv4_5->core_cache->reg_list;
288
289 /* load value, address into R0, R1 */
290 regs[0] = value;
291 regs[1] = address;
292 arm9tdmi_write_core_regs(target, 0x3, regs);
293
294 /* read-modify-write CP15 test state register
295 * to enable interpreted access mode */
296 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
297 jtag_execute_queue();
298 cp15c15 |= 1; /* set interpret mode */
299 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
300
301 /* execute CP15 instruction and ARM store (writing to coprocessor) */
302 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
303
304 /* disable interpreted access mode */
305 cp15c15 &= ~1U; /* set interpret mode */
306 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
307
308 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
309 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
310 cp15_opcode, value, address);
311 #endif
312
313 if (!is_arm_mode(armv4_5->core_mode))
314 return ERROR_FAIL;
315
316 r[0].dirty = 1;
317 r[1].dirty = 1;
318
319 return ERROR_OK;
320 }
321
322 // EXPORTED to FA256
323 uint32_t arm920t_get_ttb(struct target *target)
324 {
325 int retval;
326 uint32_t ttb = 0x0;
327
328 if ((retval = arm920t_read_cp15_interpreted(target,
329 /* FIXME use opcode macro */
330 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
331 return retval;
332
333 return ttb;
334 }
335
336 // EXPORTED to FA256
337 void arm920t_disable_mmu_caches(struct target *target, int mmu,
338 int d_u_cache, int i_cache)
339 {
340 uint32_t cp15_control;
341
342 /* read cp15 control register */
343 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
344 jtag_execute_queue();
345
346 if (mmu)
347 cp15_control &= ~0x1U;
348
349 if (d_u_cache)
350 cp15_control &= ~0x4U;
351
352 if (i_cache)
353 cp15_control &= ~0x1000U;
354
355 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
356 }
357
358 // EXPORTED to FA256
359 void arm920t_enable_mmu_caches(struct target *target, int mmu,
360 int d_u_cache, int i_cache)
361 {
362 uint32_t cp15_control;
363
364 /* read cp15 control register */
365 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
366 jtag_execute_queue();
367
368 if (mmu)
369 cp15_control |= 0x1U;
370
371 if (d_u_cache)
372 cp15_control |= 0x4U;
373
374 if (i_cache)
375 cp15_control |= 0x1000U;
376
377 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
378 }
379
380 // EXPORTED to FA256
381 void arm920t_post_debug_entry(struct target *target)
382 {
383 uint32_t cp15c15;
384 struct arm920t_common *arm920t = target_to_arm920(target);
385
386 /* examine cp15 control reg */
387 arm920t_read_cp15_physical(target,
388 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
389 jtag_execute_queue();
390 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
391
392 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
393 {
394 uint32_t cache_type_reg;
395 /* identify caches */
396 arm920t_read_cp15_physical(target,
397 CP15PHYS_CACHETYPE, &cache_type_reg);
398 jtag_execute_queue();
399 armv4_5_identify_cache(cache_type_reg,
400 &arm920t->armv4_5_mmu.armv4_5_cache);
401 }
402
403 arm920t->armv4_5_mmu.mmu_enabled =
404 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
405 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
406 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
407 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
408 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
409
410 /* save i/d fault status and address register */
411 /* FIXME use opcode macros */
412 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
413 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
414 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
415 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
416
417 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
418 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
419 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
420
421 if (arm920t->preserve_cache)
422 {
423 /* read-modify-write CP15 test state register
424 * to disable I/D-cache linefills */
425 arm920t_read_cp15_physical(target,
426 CP15PHYS_TESTSTATE, &cp15c15);
427 jtag_execute_queue();
428 cp15c15 |= 0x600;
429 arm920t_write_cp15_physical(target,
430 CP15PHYS_TESTSTATE, cp15c15);
431 }
432 }
433
434 // EXPORTED to FA256
435 void arm920t_pre_restore_context(struct target *target)
436 {
437 uint32_t cp15c15;
438 struct arm920t_common *arm920t = target_to_arm920(target);
439
440 /* restore i/d fault status and address register */
441 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
442 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
443 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
444 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
445
446 /* read-modify-write CP15 test state register
447 * to reenable I/D-cache linefills */
448 if (arm920t->preserve_cache)
449 {
450 arm920t_read_cp15_physical(target,
451 CP15PHYS_TESTSTATE, &cp15c15);
452 jtag_execute_queue();
453 cp15c15 &= ~0x600U;
454 arm920t_write_cp15_physical(target,
455 CP15PHYS_TESTSTATE, cp15c15);
456 }
457 }
458
459 static const char arm920_not[] = "target is not an ARM920";
460
461 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
462 struct arm920t_common *arm920t)
463 {
464 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
465 command_print(cmd_ctx, arm920_not);
466 return ERROR_TARGET_INVALID;
467 }
468
469 return ERROR_OK;
470 }
471
472 /** Logs summary of ARM920 state for a halted target. */
473 int arm920t_arch_state(struct target *target)
474 {
475 static const char *state[] =
476 {
477 "disabled", "enabled"
478 };
479
480 struct arm920t_common *arm920t = target_to_arm920(target);
481 struct arm *armv4_5;
482
483 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
484 {
485 LOG_ERROR("BUG: %s", arm920_not);
486 return ERROR_TARGET_INVALID;
487 }
488
489 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
490
491 arm_arch_state(target);
492 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
493 state[arm920t->armv4_5_mmu.mmu_enabled],
494 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
495 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
496
497 return ERROR_OK;
498 }
499
500 static int arm920_mmu(struct target *target, int *enabled)
501 {
502 if (target->state != TARGET_HALTED) {
503 LOG_ERROR("%s: target not halted", __func__);
504 return ERROR_TARGET_INVALID;
505 }
506
507 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
508 return ERROR_OK;
509 }
510
511 static int arm920_virt2phys(struct target *target,
512 uint32_t virt, uint32_t *phys)
513 {
514 int type;
515 uint32_t cb;
516 int domain;
517 uint32_t ap;
518 struct arm920t_common *arm920t = target_to_arm920(target);
519
520 uint32_t ret = armv4_5_mmu_translate_va(target,
521 &arm920t->armv4_5_mmu, virt, &type, &cb, &domain, &ap);
522 if (type == -1)
523 {
524 return ret;
525 }
526 *phys = ret;
527 return ERROR_OK;
528 }
529
530 /** Reads a buffer, in the specified word size, with current MMU settings. */
531 int arm920t_read_memory(struct target *target, uint32_t address,
532 uint32_t size, uint32_t count, uint8_t *buffer)
533 {
534 int retval;
535
536 retval = arm7_9_read_memory(target, address, size, count, buffer);
537
538 return retval;
539 }
540
541
542 static int arm920t_read_phys_memory(struct target *target,
543 uint32_t address, uint32_t size,
544 uint32_t count, uint8_t *buffer)
545 {
546 struct arm920t_common *arm920t = target_to_arm920(target);
547
548 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
549 address, size, count, buffer);
550 }
551
552 static int arm920t_write_phys_memory(struct target *target,
553 uint32_t address, uint32_t size,
554 uint32_t count, uint8_t *buffer)
555 {
556 struct arm920t_common *arm920t = target_to_arm920(target);
557
558 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
559 address, size, count, buffer);
560 }
561
562
563 /** Writes a buffer, in the specified word size, with current MMU settings. */
564 int arm920t_write_memory(struct target *target, uint32_t address,
565 uint32_t size, uint32_t count, uint8_t *buffer)
566 {
567 int retval;
568 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
569 struct arm920t_common *arm920t = target_to_arm920(target);
570
571 /* FIX!!!! this should be cleaned up and made much more general. The
572 * plan is to write up and test on arm920t specifically and
573 * then generalize and clean up afterwards. */
574 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
575 ((size==2) || (size==4)))
576 {
577 /* special case the handling of single word writes to
578 * bypass MMU, to allow implementation of breakpoints
579 * in memory marked read only
580 * by MMU
581 */
582 int type;
583 uint32_t cb;
584 int domain;
585 uint32_t ap;
586 uint32_t pa;
587
588 /*
589 * We need physical address and cb
590 */
591 pa = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
592 address, &type, &cb, &domain, &ap);
593 if (type == -1)
594 return pa;
595
596 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
597 {
598 if (cb & 0x1)
599 {
600 LOG_DEBUG("D-Cache buffered, "
601 "drain write buffer");
602 /*
603 * Buffered ?
604 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
605 */
606
607 retval = arm920t_write_cp15_interpreted(target,
608 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
609 0x0, 0);
610 if (retval != ERROR_OK)
611 return retval;
612 }
613
614 if (cb == 0x3)
615 {
616 /*
617 * Write back memory ? -> clean cache
618 *
619 * There is no way to clean cache lines using
620 * cp15 scan chain, so copy the full cache
621 * line from cache to physical memory.
622 */
623 uint8_t data[32];
624
625 LOG_DEBUG("D-Cache in 'write back' mode, "
626 "flush cache line");
627
628 retval = target_read_memory(target,
629 address & cache_mask, 1,
630 sizeof(data), &data[0]);
631 if (retval != ERROR_OK)
632 return retval;
633
634 retval = armv4_5_mmu_write_physical(target,
635 &arm920t->armv4_5_mmu,
636 pa & cache_mask, 1,
637 sizeof(data), &data[0]);
638 if (retval != ERROR_OK)
639 return retval;
640 }
641
642 /* Cached ? */
643 if (cb & 0x2)
644 {
645 /*
646 * Cached ? -> Invalidate data cache using MVA
647 *
648 * MCR p15,0,Rd,c7,c6,1
649 */
650 LOG_DEBUG("D-Cache enabled, "
651 "invalidate cache line");
652
653 retval = arm920t_write_cp15_interpreted(target,
654 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
655 address & cache_mask);
656 if (retval != ERROR_OK)
657 return retval;
658 }
659 }
660
661 /* write directly to physical memory,
662 * bypassing any read only MMU bits, etc.
663 */
664 retval = armv4_5_mmu_write_physical(target,
665 &arm920t->armv4_5_mmu, pa, size,
666 count, buffer);
667 if (retval != ERROR_OK)
668 return retval;
669 } else
670 {
671 if ((retval = arm7_9_write_memory(target, address,
672 size, count, buffer)) != ERROR_OK)
673 return retval;
674 }
675
676 /* If ICache is enabled, we have to invalidate affected ICache lines
677 * the DCache is forced to write-through,
678 * so we don't have to clean it here
679 */
680 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
681 {
682 if (count <= 1)
683 {
684 /* invalidate ICache single entry with MVA
685 * mcr 15, 0, r0, cr7, cr5, {1}
686 */
687 LOG_DEBUG("I-Cache enabled, "
688 "invalidating affected I-Cache line");
689 retval = arm920t_write_cp15_interpreted(target,
690 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
691 0x0, address & cache_mask);
692 if (retval != ERROR_OK)
693 return retval;
694 }
695 else
696 {
697 /* invalidate ICache
698 * mcr 15, 0, r0, cr7, cr5, {0}
699 */
700 retval = arm920t_write_cp15_interpreted(target,
701 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
702 0x0, 0x0);
703 if (retval != ERROR_OK)
704 return retval;
705 }
706 }
707
708 return retval;
709 }
710
711 // EXPORTED to FA256
712 int arm920t_soft_reset_halt(struct target *target)
713 {
714 int retval = ERROR_OK;
715 struct arm920t_common *arm920t = target_to_arm920(target);
716 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
717 struct arm *armv4_5 = &arm7_9->armv4_5_common;
718 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
719
720 if ((retval = target_halt(target)) != ERROR_OK)
721 {
722 return retval;
723 }
724
725 long long then = timeval_ms();
726 int timeout;
727 while (!(timeout = ((timeval_ms()-then) > 1000)))
728 {
729 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
730 == 0)
731 {
732 embeddedice_read_reg(dbg_stat);
733 if ((retval = jtag_execute_queue()) != ERROR_OK)
734 {
735 return retval;
736 }
737 } else
738 {
739 break;
740 }
741 if (debug_level >= 3)
742 {
743 /* do not eat all CPU, time out after 1 se*/
744 alive_sleep(100);
745 } else
746 {
747 keep_alive();
748 }
749 }
750 if (timeout)
751 {
752 LOG_ERROR("Failed to halt CPU after 1 sec");
753 return ERROR_TARGET_TIMEOUT;
754 }
755
756 target->state = TARGET_HALTED;
757
758 /* SVC, ARM state, IRQ and FIQ disabled */
759 uint32_t cpsr;
760
761 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
762 cpsr &= ~0xff;
763 cpsr |= 0xd3;
764 arm_set_cpsr(armv4_5, cpsr);
765 armv4_5->cpsr->dirty = 1;
766
767 /* start fetching from 0x0 */
768 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
769 armv4_5->pc->dirty = 1;
770 armv4_5->pc->valid = 1;
771
772 arm920t_disable_mmu_caches(target, 1, 1, 1);
773 arm920t->armv4_5_mmu.mmu_enabled = 0;
774 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
775 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
776
777 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
778 }
779
780 /* FIXME remove forward decls */
781 static int arm920t_mrc(struct target *target, int cpnum,
782 uint32_t op1, uint32_t op2,
783 uint32_t CRn, uint32_t CRm,
784 uint32_t *value);
785 static int arm920t_mcr(struct target *target, int cpnum,
786 uint32_t op1, uint32_t op2,
787 uint32_t CRn, uint32_t CRm,
788 uint32_t value);
789
790 int arm920t_init_arch_info(struct target *target,
791 struct arm920t_common *arm920t, struct jtag_tap *tap)
792 {
793 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
794
795 arm7_9->armv4_5_common.mrc = arm920t_mrc;
796 arm7_9->armv4_5_common.mcr = arm920t_mcr;
797
798 /* initialize arm7/arm9 specific info (including armv4_5) */
799 arm9tdmi_init_arch_info(target, arm7_9, tap);
800
801 arm920t->common_magic = ARM920T_COMMON_MAGIC;
802
803 arm7_9->post_debug_entry = arm920t_post_debug_entry;
804 arm7_9->pre_restore_context = arm920t_pre_restore_context;
805
806 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
807 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
808 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
809 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
810 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
811 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
812 arm920t->armv4_5_mmu.has_tiny_pages = 1;
813 arm920t->armv4_5_mmu.mmu_enabled = 0;
814
815 /* disabling linefills leads to lockups, so keep them enabled for now
816 * this doesn't affect correctness, but might affect timing issues, if
817 * important data is evicted from the cache during the debug session
818 * */
819 arm920t->preserve_cache = 0;
820
821 /* override hw single-step capability from ARM9TDMI */
822 arm7_9->has_single_step = 1;
823
824 return ERROR_OK;
825 }
826
827 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
828 {
829 struct arm920t_common *arm920t;
830
831 arm920t = calloc(1,sizeof(struct arm920t_common));
832 return arm920t_init_arch_info(target, arm920t, target->tap);
833 }
834
835 COMMAND_HANDLER(arm920t_handle_read_cache_command)
836 {
837 int retval = ERROR_OK;
838 struct target *target = get_current_target(CMD_CTX);
839 struct arm920t_common *arm920t = target_to_arm920(target);
840 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
841 struct arm *armv4_5 = &arm7_9->armv4_5_common;
842 uint32_t cp15c15;
843 uint32_t cp15_ctrl, cp15_ctrl_saved;
844 uint32_t regs[16];
845 uint32_t *regs_p[16];
846 uint32_t C15_C_D_Ind, C15_C_I_Ind;
847 int i;
848 FILE *output;
849 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
850 int segment, index;
851 struct reg *r;
852
853 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
854 if (retval != ERROR_OK)
855 return retval;
856
857 if (CMD_ARGC != 1)
858 {
859 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
860 return ERROR_OK;
861 }
862
863 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
864 {
865 LOG_DEBUG("error opening cache content file");
866 return ERROR_OK;
867 }
868
869 for (i = 0; i < 16; i++)
870 regs_p[i] = &regs[i];
871
872 /* disable MMU and Caches */
873 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
874 if ((retval = jtag_execute_queue()) != ERROR_OK)
875 {
876 return retval;
877 }
878 cp15_ctrl_saved = cp15_ctrl;
879 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
880 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
881 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
882
883 /* read CP15 test state register */
884 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
885 jtag_execute_queue();
886
887 /* read DCache content */
888 fprintf(output, "DCache:\n");
889
890 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
891 for (segment = 0;
892 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
893 segment++)
894 {
895 fprintf(output, "\nsegment: %i\n----------", segment);
896
897 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
898 regs[0] = 0x0 | (segment << 5);
899 arm9tdmi_write_core_regs(target, 0x1, regs);
900
901 /* set interpret mode */
902 cp15c15 |= 0x1;
903 arm920t_write_cp15_physical(target,
904 CP15PHYS_TESTSTATE, cp15c15);
905
906 /* D CAM Read, loads current victim into C15.C.D.Ind */
907 arm920t_execute_cp15(target,
908 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
909
910 /* read current victim */
911 arm920t_read_cp15_physical(target,
912 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
913
914 /* clear interpret mode */
915 cp15c15 &= ~0x1;
916 arm920t_write_cp15_physical(target,
917 CP15PHYS_TESTSTATE, cp15c15);
918
919 for (index = 0; index < 64; index++)
920 {
921 /* Ra:
922 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
923 */
924 regs[0] = 0x0 | (segment << 5) | (index << 26);
925 arm9tdmi_write_core_regs(target, 0x1, regs);
926
927 /* set interpret mode */
928 cp15c15 |= 0x1;
929 arm920t_write_cp15_physical(target,
930 CP15PHYS_TESTSTATE, cp15c15);
931
932 /* Write DCache victim */
933 arm920t_execute_cp15(target,
934 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
935
936 /* Read D RAM */
937 arm920t_execute_cp15(target,
938 ARMV4_5_MCR(15,2,0,15,10,2),
939 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
940
941 /* Read D CAM */
942 arm920t_execute_cp15(target,
943 ARMV4_5_MCR(15,2,0,15,6,2),
944 ARMV4_5_LDR(9, 0));
945
946 /* clear interpret mode */
947 cp15c15 &= ~0x1;
948 arm920t_write_cp15_physical(target,
949 CP15PHYS_TESTSTATE, cp15c15);
950
951 /* read D RAM and CAM content */
952 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
953 if ((retval = jtag_execute_queue()) != ERROR_OK)
954 {
955 return retval;
956 }
957
958 d_cache[segment][index].cam = regs[9];
959
960 /* mask LFSR[6] */
961 regs[9] &= 0xfffffffe;
962 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
963 PRIx32 ", content (%s):\n",
964 segment, index, regs[9],
965 (regs[9] & 0x10) ? "valid" : "invalid");
966
967 for (i = 1; i < 9; i++)
968 {
969 d_cache[segment][index].data[i] = regs[i];
970 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
971 i-1, regs[i]);
972 }
973
974 }
975
976 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
977 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
978 arm9tdmi_write_core_regs(target, 0x1, regs);
979
980 /* set interpret mode */
981 cp15c15 |= 0x1;
982 arm920t_write_cp15_physical(target,
983 CP15PHYS_TESTSTATE, cp15c15);
984
985 /* Write DCache victim */
986 arm920t_execute_cp15(target,
987 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
988
989 /* clear interpret mode */
990 cp15c15 &= ~0x1;
991 arm920t_write_cp15_physical(target,
992 CP15PHYS_TESTSTATE, cp15c15);
993 }
994
995 /* read ICache content */
996 fprintf(output, "ICache:\n");
997
998 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
999 for (segment = 0;
1000 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1001 segment++)
1002 {
1003 fprintf(output, "segment: %i\n----------", segment);
1004
1005 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1006 regs[0] = 0x0 | (segment << 5);
1007 arm9tdmi_write_core_regs(target, 0x1, regs);
1008
1009 /* set interpret mode */
1010 cp15c15 |= 0x1;
1011 arm920t_write_cp15_physical(target,
1012 CP15PHYS_TESTSTATE, cp15c15);
1013
1014 /* I CAM Read, loads current victim into C15.C.I.Ind */
1015 arm920t_execute_cp15(target,
1016 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1017
1018 /* read current victim */
1019 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1020 &C15_C_I_Ind);
1021
1022 /* clear interpret mode */
1023 cp15c15 &= ~0x1;
1024 arm920t_write_cp15_physical(target,
1025 CP15PHYS_TESTSTATE, cp15c15);
1026
1027 for (index = 0; index < 64; index++)
1028 {
1029 /* Ra:
1030 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1031 */
1032 regs[0] = 0x0 | (segment << 5) | (index << 26);
1033 arm9tdmi_write_core_regs(target, 0x1, regs);
1034
1035 /* set interpret mode */
1036 cp15c15 |= 0x1;
1037 arm920t_write_cp15_physical(target,
1038 CP15PHYS_TESTSTATE, cp15c15);
1039
1040 /* Write ICache victim */
1041 arm920t_execute_cp15(target,
1042 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1043
1044 /* Read I RAM */
1045 arm920t_execute_cp15(target,
1046 ARMV4_5_MCR(15,2,0,15,9,2),
1047 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1048
1049 /* Read I CAM */
1050 arm920t_execute_cp15(target,
1051 ARMV4_5_MCR(15,2,0,15,5,2),
1052 ARMV4_5_LDR(9, 0));
1053
1054 /* clear interpret mode */
1055 cp15c15 &= ~0x1;
1056 arm920t_write_cp15_physical(target,
1057 CP15PHYS_TESTSTATE, cp15c15);
1058
1059 /* read I RAM and CAM content */
1060 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1061 if ((retval = jtag_execute_queue()) != ERROR_OK)
1062 {
1063 return retval;
1064 }
1065
1066 i_cache[segment][index].cam = regs[9];
1067
1068 /* mask LFSR[6] */
1069 regs[9] &= 0xfffffffe;
1070 fprintf(output, "\nsegment: %i, index: %i, "
1071 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1072 segment, index, regs[9],
1073 (regs[9] & 0x10) ? "valid" : "invalid");
1074
1075 for (i = 1; i < 9; i++)
1076 {
1077 i_cache[segment][index].data[i] = regs[i];
1078 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1079 i-1, regs[i]);
1080 }
1081 }
1082
1083 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1084 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1085 arm9tdmi_write_core_regs(target, 0x1, regs);
1086
1087 /* set interpret mode */
1088 cp15c15 |= 0x1;
1089 arm920t_write_cp15_physical(target,
1090 CP15PHYS_TESTSTATE, cp15c15);
1091
1092 /* Write ICache victim */
1093 arm920t_execute_cp15(target,
1094 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1095
1096 /* clear interpret mode */
1097 cp15c15 &= ~0x1;
1098 arm920t_write_cp15_physical(target,
1099 CP15PHYS_TESTSTATE, cp15c15);
1100 }
1101
1102 /* restore CP15 MMU and Cache settings */
1103 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1104
1105 command_print(CMD_CTX, "cache content successfully output to %s",
1106 CMD_ARGV[0]);
1107
1108 fclose(output);
1109
1110 if (!is_arm_mode(armv4_5->core_mode))
1111 return ERROR_FAIL;
1112
1113 /* force writeback of the valid data */
1114 r = armv4_5->core_cache->reg_list;
1115 r[0].dirty = r[0].valid;
1116 r[1].dirty = r[1].valid;
1117 r[2].dirty = r[2].valid;
1118 r[3].dirty = r[3].valid;
1119 r[4].dirty = r[4].valid;
1120 r[5].dirty = r[5].valid;
1121 r[6].dirty = r[6].valid;
1122 r[7].dirty = r[7].valid;
1123
1124 r = arm_reg_current(armv4_5, 8);
1125 r->dirty = r->valid;
1126
1127 r = arm_reg_current(armv4_5, 9);
1128 r->dirty = r->valid;
1129
1130 return ERROR_OK;
1131 }
1132
1133 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1134 {
1135 int retval = ERROR_OK;
1136 struct target *target = get_current_target(CMD_CTX);
1137 struct arm920t_common *arm920t = target_to_arm920(target);
1138 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1139 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1140 uint32_t cp15c15;
1141 uint32_t cp15_ctrl, cp15_ctrl_saved;
1142 uint32_t regs[16];
1143 uint32_t *regs_p[16];
1144 int i;
1145 FILE *output;
1146 uint32_t Dlockdown, Ilockdown;
1147 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1148 int victim;
1149 struct reg *r;
1150
1151 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1152 if (retval != ERROR_OK)
1153 return retval;
1154
1155 if (CMD_ARGC != 1)
1156 {
1157 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1158 return ERROR_OK;
1159 }
1160
1161 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1162 {
1163 LOG_DEBUG("error opening mmu content file");
1164 return ERROR_OK;
1165 }
1166
1167 for (i = 0; i < 16; i++)
1168 regs_p[i] = &regs[i];
1169
1170 /* disable MMU and Caches */
1171 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1172 if ((retval = jtag_execute_queue()) != ERROR_OK)
1173 {
1174 return retval;
1175 }
1176 cp15_ctrl_saved = cp15_ctrl;
1177 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1178 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1179 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1180
1181 /* read CP15 test state register */
1182 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1183 if ((retval = jtag_execute_queue()) != ERROR_OK)
1184 {
1185 return retval;
1186 }
1187
1188 /* prepare reading D TLB content
1189 * */
1190
1191 /* set interpret mode */
1192 cp15c15 |= 0x1;
1193 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1194
1195 /* Read D TLB lockdown */
1196 arm920t_execute_cp15(target,
1197 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1198
1199 /* clear interpret mode */
1200 cp15c15 &= ~0x1;
1201 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1202
1203 /* read D TLB lockdown stored to r1 */
1204 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1205 if ((retval = jtag_execute_queue()) != ERROR_OK)
1206 {
1207 return retval;
1208 }
1209 Dlockdown = regs[1];
1210
1211 for (victim = 0; victim < 64; victim += 8)
1212 {
1213 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1214 * base remains unchanged, victim goes through entries 0 to 63
1215 */
1216 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1217 arm9tdmi_write_core_regs(target, 0x2, regs);
1218
1219 /* set interpret mode */
1220 cp15c15 |= 0x1;
1221 arm920t_write_cp15_physical(target,
1222 CP15PHYS_TESTSTATE, cp15c15);
1223
1224 /* Write D TLB lockdown */
1225 arm920t_execute_cp15(target,
1226 ARMV4_5_MCR(15,0,0,10,0,0),
1227 ARMV4_5_STR(1, 0));
1228
1229 /* Read D TLB CAM */
1230 arm920t_execute_cp15(target,
1231 ARMV4_5_MCR(15,4,0,15,6,4),
1232 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1233
1234 /* clear interpret mode */
1235 cp15c15 &= ~0x1;
1236 arm920t_write_cp15_physical(target,
1237 CP15PHYS_TESTSTATE, cp15c15);
1238
1239 /* read D TLB CAM content stored to r2-r9 */
1240 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1241 if ((retval = jtag_execute_queue()) != ERROR_OK)
1242 {
1243 return retval;
1244 }
1245
1246 for (i = 0; i < 8; i++)
1247 d_tlb[victim + i].cam = regs[i + 2];
1248 }
1249
1250 for (victim = 0; victim < 64; victim++)
1251 {
1252 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1253 * base remains unchanged, victim goes through entries 0 to 63
1254 */
1255 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1256 arm9tdmi_write_core_regs(target, 0x2, regs);
1257
1258 /* set interpret mode */
1259 cp15c15 |= 0x1;
1260 arm920t_write_cp15_physical(target,
1261 CP15PHYS_TESTSTATE, cp15c15);
1262
1263 /* Write D TLB lockdown */
1264 arm920t_execute_cp15(target,
1265 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1266
1267 /* Read D TLB RAM1 */
1268 arm920t_execute_cp15(target,
1269 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1270
1271 /* Read D TLB RAM2 */
1272 arm920t_execute_cp15(target,
1273 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1274
1275 /* clear interpret mode */
1276 cp15c15 &= ~0x1;
1277 arm920t_write_cp15_physical(target,
1278 CP15PHYS_TESTSTATE, cp15c15);
1279
1280 /* read D TLB RAM content stored to r2 and r3 */
1281 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1282 if ((retval = jtag_execute_queue()) != ERROR_OK)
1283 {
1284 return retval;
1285 }
1286
1287 d_tlb[victim].ram1 = regs[2];
1288 d_tlb[victim].ram2 = regs[3];
1289 }
1290
1291 /* restore D TLB lockdown */
1292 regs[1] = Dlockdown;
1293 arm9tdmi_write_core_regs(target, 0x2, regs);
1294
1295 /* Write D TLB lockdown */
1296 arm920t_execute_cp15(target,
1297 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1298
1299 /* prepare reading I TLB content
1300 * */
1301
1302 /* set interpret mode */
1303 cp15c15 |= 0x1;
1304 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1305
1306 /* Read I TLB lockdown */
1307 arm920t_execute_cp15(target,
1308 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1309
1310 /* clear interpret mode */
1311 cp15c15 &= ~0x1;
1312 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1313
1314 /* read I TLB lockdown stored to r1 */
1315 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1316 if ((retval = jtag_execute_queue()) != ERROR_OK)
1317 {
1318 return retval;
1319 }
1320 Ilockdown = regs[1];
1321
1322 for (victim = 0; victim < 64; victim += 8)
1323 {
1324 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1325 * base remains unchanged, victim goes through entries 0 to 63
1326 */
1327 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1328 arm9tdmi_write_core_regs(target, 0x2, regs);
1329
1330 /* set interpret mode */
1331 cp15c15 |= 0x1;
1332 arm920t_write_cp15_physical(target,
1333 CP15PHYS_TESTSTATE, cp15c15);
1334
1335 /* Write I TLB lockdown */
1336 arm920t_execute_cp15(target,
1337 ARMV4_5_MCR(15,0,0,10,0,1),
1338 ARMV4_5_STR(1, 0));
1339
1340 /* Read I TLB CAM */
1341 arm920t_execute_cp15(target,
1342 ARMV4_5_MCR(15,4,0,15,5,4),
1343 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1344
1345 /* clear interpret mode */
1346 cp15c15 &= ~0x1;
1347 arm920t_write_cp15_physical(target,
1348 CP15PHYS_TESTSTATE, cp15c15);
1349
1350 /* read I TLB CAM content stored to r2-r9 */
1351 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1352 if ((retval = jtag_execute_queue()) != ERROR_OK)
1353 {
1354 return retval;
1355 }
1356
1357 for (i = 0; i < 8; i++)
1358 i_tlb[i + victim].cam = regs[i + 2];
1359 }
1360
1361 for (victim = 0; victim < 64; victim++)
1362 {
1363 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1364 * base remains unchanged, victim goes through entries 0 to 63
1365 */
1366 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1367 arm9tdmi_write_core_regs(target, 0x2, regs);
1368
1369 /* set interpret mode */
1370 cp15c15 |= 0x1;
1371 arm920t_write_cp15_physical(target,
1372 CP15PHYS_TESTSTATE, cp15c15);
1373
1374 /* Write I TLB lockdown */
1375 arm920t_execute_cp15(target,
1376 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1377
1378 /* Read I TLB RAM1 */
1379 arm920t_execute_cp15(target,
1380 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1381
1382 /* Read I TLB RAM2 */
1383 arm920t_execute_cp15(target,
1384 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1385
1386 /* clear interpret mode */
1387 cp15c15 &= ~0x1;
1388 arm920t_write_cp15_physical(target,
1389 CP15PHYS_TESTSTATE, cp15c15);
1390
1391 /* read I TLB RAM content stored to r2 and r3 */
1392 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1393 if ((retval = jtag_execute_queue()) != ERROR_OK)
1394 {
1395 return retval;
1396 }
1397
1398 i_tlb[victim].ram1 = regs[2];
1399 i_tlb[victim].ram2 = regs[3];
1400 }
1401
1402 /* restore I TLB lockdown */
1403 regs[1] = Ilockdown;
1404 arm9tdmi_write_core_regs(target, 0x2, regs);
1405
1406 /* Write I TLB lockdown */
1407 arm920t_execute_cp15(target,
1408 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1409
1410 /* restore CP15 MMU and Cache settings */
1411 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1412
1413 /* output data to file */
1414 fprintf(output, "D TLB content:\n");
1415 for (i = 0; i < 64; i++)
1416 {
1417 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1418 " 0x%8.8" PRIx32 " %s\n",
1419 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1420 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1421 }
1422
1423 fprintf(output, "\n\nI TLB content:\n");
1424 for (i = 0; i < 64; i++)
1425 {
1426 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1427 " 0x%8.8" PRIx32 " %s\n",
1428 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1429 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1430 }
1431
1432 command_print(CMD_CTX, "mmu content successfully output to %s",
1433 CMD_ARGV[0]);
1434
1435 fclose(output);
1436
1437 if (!is_arm_mode(armv4_5->core_mode))
1438 return ERROR_FAIL;
1439
1440 /* force writeback of the valid data */
1441 r = armv4_5->core_cache->reg_list;
1442 r[0].dirty = r[0].valid;
1443 r[1].dirty = r[1].valid;
1444 r[2].dirty = r[2].valid;
1445 r[3].dirty = r[3].valid;
1446 r[4].dirty = r[4].valid;
1447 r[5].dirty = r[5].valid;
1448 r[6].dirty = r[6].valid;
1449 r[7].dirty = r[7].valid;
1450
1451 r = arm_reg_current(armv4_5, 8);
1452 r->dirty = r->valid;
1453
1454 r = arm_reg_current(armv4_5, 9);
1455 r->dirty = r->valid;
1456
1457 return ERROR_OK;
1458 }
1459
1460 COMMAND_HANDLER(arm920t_handle_cp15_command)
1461 {
1462 int retval;
1463 struct target *target = get_current_target(CMD_CTX);
1464 struct arm920t_common *arm920t = target_to_arm920(target);
1465
1466 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1467 if (retval != ERROR_OK)
1468 return retval;
1469
1470 if (target->state != TARGET_HALTED)
1471 {
1472 command_print(CMD_CTX, "target must be stopped for "
1473 "\"%s\" command", CMD_NAME);
1474 return ERROR_OK;
1475 }
1476
1477 /* one argument, read a register.
1478 * two arguments, write it.
1479 */
1480 if (CMD_ARGC >= 1)
1481 {
1482 int address;
1483 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1484
1485 if (CMD_ARGC == 1)
1486 {
1487 uint32_t value;
1488 if ((retval = arm920t_read_cp15_physical(target,
1489 address, &value)) != ERROR_OK)
1490 {
1491 command_print(CMD_CTX,
1492 "couldn't access reg %i", address);
1493 return ERROR_OK;
1494 }
1495 if ((retval = jtag_execute_queue()) != ERROR_OK)
1496 {
1497 return retval;
1498 }
1499
1500 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1501 address, value);
1502 }
1503 else if (CMD_ARGC == 2)
1504 {
1505 uint32_t value;
1506 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1507 retval = arm920t_write_cp15_physical(target,
1508 address, value);
1509 if (retval != ERROR_OK)
1510 {
1511 command_print(CMD_CTX,
1512 "couldn't access reg %i", address);
1513 /* REVISIT why lie? "return retval"? */
1514 return ERROR_OK;
1515 }
1516 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1517 address, value);
1518 }
1519 }
1520
1521 return ERROR_OK;
1522 }
1523
1524 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1525 {
1526 int retval;
1527 struct target *target = get_current_target(CMD_CTX);
1528 struct arm920t_common *arm920t = target_to_arm920(target);
1529
1530 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1531 if (retval != ERROR_OK)
1532 return retval;
1533
1534
1535 if (target->state != TARGET_HALTED)
1536 {
1537 command_print(CMD_CTX, "target must be stopped for "
1538 "\"%s\" command", CMD_NAME);
1539 return ERROR_OK;
1540 }
1541
1542 /* one argument, read a register.
1543 * two arguments, write it.
1544 */
1545 if (CMD_ARGC >= 1)
1546 {
1547 uint32_t opcode;
1548 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1549
1550 if (CMD_ARGC == 1)
1551 {
1552 uint32_t value;
1553 retval = arm920t_read_cp15_interpreted(target,
1554 opcode, 0x0, &value);
1555 if (retval != ERROR_OK)
1556 {
1557 command_print(CMD_CTX,
1558 "couldn't execute %8.8" PRIx32,
1559 opcode);
1560 /* REVISIT why lie? "return retval"? */
1561 return ERROR_OK;
1562 }
1563
1564 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1565 opcode, value);
1566 }
1567 else if (CMD_ARGC == 2)
1568 {
1569 uint32_t value;
1570 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1571 retval = arm920t_write_cp15_interpreted(target,
1572 opcode, value, 0);
1573 if (retval != ERROR_OK)
1574 {
1575 command_print(CMD_CTX,
1576 "couldn't execute %8.8" PRIx32,
1577 opcode);
1578 /* REVISIT why lie? "return retval"? */
1579 return ERROR_OK;
1580 }
1581 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1582 opcode, value);
1583 }
1584 else if (CMD_ARGC == 3)
1585 {
1586 uint32_t value;
1587 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1588 uint32_t address;
1589 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1590 retval = arm920t_write_cp15_interpreted(target,
1591 opcode, value, address);
1592 if (retval != ERROR_OK)
1593 {
1594 command_print(CMD_CTX,
1595 "couldn't execute %8.8" PRIx32, opcode);
1596 /* REVISIT why lie? "return retval"? */
1597 return ERROR_OK;
1598 }
1599 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1600 " %8.8" PRIx32, opcode, value, address);
1601 }
1602 }
1603 else
1604 {
1605 command_print(CMD_CTX,
1606 "usage: arm920t cp15i <opcode> [value] [address]");
1607 }
1608
1609 return ERROR_OK;
1610 }
1611
1612 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1613 {
1614 int retval;
1615 struct target *target = get_current_target(CMD_CTX);
1616 struct arm920t_common *arm920t = target_to_arm920(target);
1617
1618 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1619 if (retval != ERROR_OK)
1620 return retval;
1621
1622 return armv4_5_handle_cache_info_command(CMD_CTX,
1623 &arm920t->armv4_5_mmu.armv4_5_cache);
1624 }
1625
1626
1627 static int arm920t_mrc(struct target *target, int cpnum,
1628 uint32_t op1, uint32_t op2,
1629 uint32_t CRn, uint32_t CRm,
1630 uint32_t *value)
1631 {
1632 if (cpnum!=15)
1633 {
1634 LOG_ERROR("Only cp15 is supported");
1635 return ERROR_FAIL;
1636 }
1637
1638 /* read "to" r0 */
1639 return arm920t_read_cp15_interpreted(target,
1640 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1641 0, value);
1642 }
1643
1644 static int arm920t_mcr(struct target *target, int cpnum,
1645 uint32_t op1, uint32_t op2,
1646 uint32_t CRn, uint32_t CRm,
1647 uint32_t value)
1648 {
1649 if (cpnum!=15)
1650 {
1651 LOG_ERROR("Only cp15 is supported");
1652 return ERROR_FAIL;
1653 }
1654
1655 /* write "from" r0 */
1656 return arm920t_write_cp15_interpreted(target,
1657 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1658 0, value);
1659 }
1660
1661 static const struct command_registration arm920t_exec_command_handlers[] = {
1662 {
1663 .name = "cp15",
1664 .handler = arm920t_handle_cp15_command,
1665 .mode = COMMAND_EXEC,
1666 .help = "display/modify cp15 register",
1667 .usage = "regnum [value]",
1668 },
1669 {
1670 .name = "cp15i",
1671 .handler = arm920t_handle_cp15i_command,
1672 .mode = COMMAND_EXEC,
1673 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1674 .help = "display/modify cp15 register using ARM opcode"
1675 " (DEPRECATED)",
1676 .usage = "instruction [value [address]]",
1677 },
1678 {
1679 .name = "cache_info",
1680 .handler = arm920t_handle_cache_info_command,
1681 .mode = COMMAND_EXEC,
1682 .help = "display information about target caches",
1683 },
1684 {
1685 .name = "read_cache",
1686 .handler = arm920t_handle_read_cache_command,
1687 .mode = COMMAND_EXEC,
1688 .help = "dump I/D cache content to file",
1689 .usage = "filename",
1690 },
1691 {
1692 .name = "read_mmu",
1693 .handler = arm920t_handle_read_mmu_command,
1694 .mode = COMMAND_EXEC,
1695 .help = "dump I/D mmu content to file",
1696 .usage = "filename",
1697 },
1698 COMMAND_REGISTRATION_DONE
1699 };
1700 const struct command_registration arm920t_command_handlers[] = {
1701 {
1702 .chain = arm9tdmi_command_handlers,
1703 },
1704 {
1705 .name = "arm920t",
1706 .mode = COMMAND_ANY,
1707 .help = "arm920t command group",
1708 .chain = arm920t_exec_command_handlers,
1709 },
1710 COMMAND_REGISTRATION_DONE
1711 };
1712
1713 /** Holds methods for ARM920 targets. */
1714 struct target_type arm920t_target =
1715 {
1716 .name = "arm920t",
1717
1718 .poll = arm7_9_poll,
1719 .arch_state = arm920t_arch_state,
1720
1721 .target_request_data = arm7_9_target_request_data,
1722
1723 .halt = arm7_9_halt,
1724 .resume = arm7_9_resume,
1725 .step = arm7_9_step,
1726
1727 .assert_reset = arm7_9_assert_reset,
1728 .deassert_reset = arm7_9_deassert_reset,
1729 .soft_reset_halt = arm920t_soft_reset_halt,
1730
1731 .get_gdb_reg_list = arm_get_gdb_reg_list,
1732
1733 .read_memory = arm920t_read_memory,
1734 .write_memory = arm920t_write_memory,
1735 .read_phys_memory = arm920t_read_phys_memory,
1736 .write_phys_memory = arm920t_write_phys_memory,
1737 .mmu = arm920_mmu,
1738 .virt2phys = arm920_virt2phys,
1739
1740 .bulk_write_memory = arm7_9_bulk_write_memory,
1741
1742 .checksum_memory = arm_checksum_memory,
1743 .blank_check_memory = arm_blank_check_memory,
1744
1745 .run_algorithm = armv4_5_run_algorithm,
1746
1747 .add_breakpoint = arm7_9_add_breakpoint,
1748 .remove_breakpoint = arm7_9_remove_breakpoint,
1749 .add_watchpoint = arm7_9_add_watchpoint,
1750 .remove_watchpoint = arm7_9_remove_watchpoint,
1751
1752 .commands = arm920t_command_handlers,
1753 .target_create = arm920t_target_create,
1754 .init_target = arm9tdmi_init_target,
1755 .examine = arm7_9_examine,
1756 .check_reset = arm7_9_check_reset,
1757 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)