Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Revert "cortex_m3: add auto maskisr"
[openocd.git] / src / target / arm920t.c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "arm920t.h"
26 #include <helper/time_support.h>
27 #include "target_type.h"
28 #include "register.h"
29 #include "arm_opcodes.h"
30
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92 int retval;
93
94 jtag_info = &arm920t->arm7_9_common.jtag_info;
95
96 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
97 if (retval != ERROR_OK)
98 return retval;
99 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
100 if (retval != ERROR_OK)
101 return retval;
102
103 fields[0].num_bits = 1;
104 fields[0].out_value = &access_type_buf;
105 fields[0].in_value = NULL;
106
107 fields[1].num_bits = 32;
108 fields[1].out_value = NULL;
109 fields[1].in_value = NULL;
110
111 fields[2].num_bits = 6;
112 fields[2].out_value = &reg_addr_buf;
113 fields[2].in_value = NULL;
114
115 fields[3].num_bits = 1;
116 fields[3].out_value = &nr_w_buf;
117 fields[3].in_value = NULL;
118
119 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
120
121 fields[1].in_value = (uint8_t *)value;
122
123 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
124
125 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
126
127 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
128 jtag_execute_queue();
129 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
130 #endif
131
132 return ERROR_OK;
133 }
134
135 static int arm920t_write_cp15_physical(struct target *target,
136 int reg_addr, uint32_t value)
137 {
138 struct arm920t_common *arm920t = target_to_arm920(target);
139 struct arm_jtag *jtag_info;
140 struct scan_field fields[4];
141 uint8_t access_type_buf = 1;
142 uint8_t reg_addr_buf = reg_addr & 0x3f;
143 uint8_t nr_w_buf = 1;
144 uint8_t value_buf[4];
145 int retval;
146
147 jtag_info = &arm920t->arm7_9_common.jtag_info;
148
149 buf_set_u32(value_buf, 0, 32, value);
150
151 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
152 if (retval != ERROR_OK)
153 return retval;
154 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
155 if (retval != ERROR_OK)
156 return retval;
157
158 fields[0].num_bits = 1;
159 fields[0].out_value = &access_type_buf;
160 fields[0].in_value = NULL;
161
162 fields[1].num_bits = 32;
163 fields[1].out_value = value_buf;
164 fields[1].in_value = NULL;
165
166 fields[2].num_bits = 6;
167 fields[2].out_value = &reg_addr_buf;
168 fields[2].in_value = NULL;
169
170 fields[3].num_bits = 1;
171 fields[3].out_value = &nr_w_buf;
172 fields[3].in_value = NULL;
173
174 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
175
176 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
177 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
178 #endif
179
180 return ERROR_OK;
181 }
182
183 /* See table 9-10 for scan chain 15 format during interpreted access mode.
184 * If the TESTSTATE register is set for interpreted access, certain CP15
185 * MRC and MCR instructions may be executed through scan chain 15.
186 *
187 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
188 * executed using scan chain 15 interpreted mode.
189 */
190 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
191 uint32_t arm_opcode)
192 {
193 int retval;
194 struct arm920t_common *arm920t = target_to_arm920(target);
195 struct arm_jtag *jtag_info;
196 struct scan_field fields[4];
197 uint8_t access_type_buf = 0; /* interpreted access */
198 uint8_t reg_addr_buf = 0x0;
199 uint8_t nr_w_buf = 0;
200 uint8_t cp15_opcode_buf[4];
201
202 jtag_info = &arm920t->arm7_9_common.jtag_info;
203
204 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
205 if (retval != ERROR_OK)
206 return retval;
207 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
208 if (retval != ERROR_OK)
209 return retval;
210
211 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
212
213 fields[0].num_bits = 1;
214 fields[0].out_value = &access_type_buf;
215 fields[0].in_value = NULL;
216
217 fields[1].num_bits = 32;
218 fields[1].out_value = cp15_opcode_buf;
219 fields[1].in_value = NULL;
220
221 fields[2].num_bits = 6;
222 fields[2].out_value = &reg_addr_buf;
223 fields[2].in_value = NULL;
224
225 fields[3].num_bits = 1;
226 fields[3].out_value = &nr_w_buf;
227 fields[3].in_value = NULL;
228
229 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
230
231 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
232 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
233 retval = arm7_9_execute_sys_speed(target);
234 if (retval != ERROR_OK)
235 return retval;
236
237 if ((retval = jtag_execute_queue()) != ERROR_OK)
238 {
239 LOG_ERROR("failed executing JTAG queue");
240 return retval;
241 }
242
243 return ERROR_OK;
244 }
245
246 static int arm920t_read_cp15_interpreted(struct target *target,
247 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
248 {
249 struct arm *armv4_5 = target_to_arm(target);
250 uint32_t* regs_p[1];
251 uint32_t regs[2];
252 uint32_t cp15c15 = 0x0;
253 struct reg *r = armv4_5->core_cache->reg_list;
254
255 /* load address into R1 */
256 regs[1] = address;
257 arm9tdmi_write_core_regs(target, 0x2, regs);
258
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
262 jtag_execute_queue();
263 cp15c15 |= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
265
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
268
269 /* disable interpreted access mode */
270 cp15c15 &= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
272
273 /* retrieve value from R0 */
274 regs_p[0] = value;
275 arm9tdmi_read_core_regs(target, 0x1, regs_p);
276 jtag_execute_queue();
277
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode, address, *value);
281 #endif
282
283 if (!is_arm_mode(armv4_5->core_mode))
284 {
285 LOG_ERROR("not a valid arm core mode - communication failure?");
286 return ERROR_FAIL;
287 }
288
289 r[0].dirty = 1;
290 r[1].dirty = 1;
291
292 return ERROR_OK;
293 }
294
295 static
296 int arm920t_write_cp15_interpreted(struct target *target,
297 uint32_t cp15_opcode, uint32_t value, uint32_t address)
298 {
299 uint32_t cp15c15 = 0x0;
300 struct arm *armv4_5 = target_to_arm(target);
301 uint32_t regs[2];
302 struct reg *r = armv4_5->core_cache->reg_list;
303
304 /* load value, address into R0, R1 */
305 regs[0] = value;
306 regs[1] = address;
307 arm9tdmi_write_core_regs(target, 0x3, regs);
308
309 /* read-modify-write CP15 test state register
310 * to enable interpreted access mode */
311 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
312 jtag_execute_queue();
313 cp15c15 |= 1; /* set interpret mode */
314 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
315
316 /* execute CP15 instruction and ARM store (writing to coprocessor) */
317 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
318
319 /* disable interpreted access mode */
320 cp15c15 &= ~1U; /* set interpret mode */
321 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
322
323 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
324 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
325 cp15_opcode, value, address);
326 #endif
327
328 if (!is_arm_mode(armv4_5->core_mode))
329 {
330 LOG_ERROR("not a valid arm core mode - communication failure?");
331 return ERROR_FAIL;
332 }
333
334 r[0].dirty = 1;
335 r[1].dirty = 1;
336
337 return ERROR_OK;
338 }
339
340 // EXPORTED to FA256
341 int arm920t_get_ttb(struct target *target, uint32_t *result)
342 {
343 int retval;
344 uint32_t ttb = 0x0;
345
346 if ((retval = arm920t_read_cp15_interpreted(target,
347 /* FIXME use opcode macro */
348 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
349 return retval;
350
351 *result = ttb;
352 return ERROR_OK;
353 }
354
355 // EXPORTED to FA256
356 int arm920t_disable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360 int retval;
361
362 /* read cp15 control register */
363 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
364 if (retval != ERROR_OK)
365 return retval;
366 retval = jtag_execute_queue();
367 if (retval != ERROR_OK)
368 return retval;
369
370 if (mmu)
371 cp15_control &= ~0x1U;
372
373 if (d_u_cache)
374 cp15_control &= ~0x4U;
375
376 if (i_cache)
377 cp15_control &= ~0x1000U;
378
379 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
380 return retval;
381 }
382
383 // EXPORTED to FA256
384 int arm920t_enable_mmu_caches(struct target *target, int mmu,
385 int d_u_cache, int i_cache)
386 {
387 uint32_t cp15_control;
388 int retval;
389
390 /* read cp15 control register */
391 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
392 if (retval != ERROR_OK)
393 return retval;
394 retval = jtag_execute_queue();
395 if (retval != ERROR_OK)
396 return retval;
397
398 if (mmu)
399 cp15_control |= 0x1U;
400
401 if (d_u_cache)
402 cp15_control |= 0x4U;
403
404 if (i_cache)
405 cp15_control |= 0x1000U;
406
407 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
408 return retval;
409 }
410
411 // EXPORTED to FA256
412 int arm920t_post_debug_entry(struct target *target)
413 {
414 uint32_t cp15c15;
415 struct arm920t_common *arm920t = target_to_arm920(target);
416 int retval;
417
418 /* examine cp15 control reg */
419 retval = arm920t_read_cp15_physical(target,
420 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
421 if (retval != ERROR_OK)
422 return retval;
423 retval = jtag_execute_queue();
424 if (retval != ERROR_OK)
425 return retval;
426 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
427
428 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
429 {
430 uint32_t cache_type_reg;
431 /* identify caches */
432 retval = arm920t_read_cp15_physical(target,
433 CP15PHYS_CACHETYPE, &cache_type_reg);
434 if (retval != ERROR_OK)
435 return retval;
436 retval = jtag_execute_queue();
437 if (retval != ERROR_OK)
438 return retval;
439 armv4_5_identify_cache(cache_type_reg,
440 &arm920t->armv4_5_mmu.armv4_5_cache);
441 }
442
443 arm920t->armv4_5_mmu.mmu_enabled =
444 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
445 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
446 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
447 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
448 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
449
450 /* save i/d fault status and address register */
451 /* FIXME use opcode macros */
452 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
453 if (retval != ERROR_OK)
454 return retval;
455 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
456 if (retval != ERROR_OK)
457 return retval;
458 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
459 if (retval != ERROR_OK)
460 return retval;
461 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
462 if (retval != ERROR_OK)
463 return retval;
464
465 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
466 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
467 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
468
469 if (arm920t->preserve_cache)
470 {
471 /* read-modify-write CP15 test state register
472 * to disable I/D-cache linefills */
473 retval = arm920t_read_cp15_physical(target,
474 CP15PHYS_TESTSTATE, &cp15c15);
475 if (retval != ERROR_OK)
476 return retval;
477 retval = jtag_execute_queue();
478 if (retval != ERROR_OK)
479 return retval;
480 cp15c15 |= 0x600;
481 retval = arm920t_write_cp15_physical(target,
482 CP15PHYS_TESTSTATE, cp15c15);
483 if (retval != ERROR_OK)
484 return retval;
485 }
486 return ERROR_OK;
487 }
488
489 // EXPORTED to FA256
490 void arm920t_pre_restore_context(struct target *target)
491 {
492 uint32_t cp15c15;
493 struct arm920t_common *arm920t = target_to_arm920(target);
494
495 /* restore i/d fault status and address register */
496 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
497 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
498 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
499 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
500
501 /* read-modify-write CP15 test state register
502 * to reenable I/D-cache linefills */
503 if (arm920t->preserve_cache)
504 {
505 arm920t_read_cp15_physical(target,
506 CP15PHYS_TESTSTATE, &cp15c15);
507 jtag_execute_queue();
508 cp15c15 &= ~0x600U;
509 arm920t_write_cp15_physical(target,
510 CP15PHYS_TESTSTATE, cp15c15);
511 }
512 }
513
514 static const char arm920_not[] = "target is not an ARM920";
515
516 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
517 struct arm920t_common *arm920t)
518 {
519 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
520 command_print(cmd_ctx, arm920_not);
521 return ERROR_TARGET_INVALID;
522 }
523
524 return ERROR_OK;
525 }
526
527 /** Logs summary of ARM920 state for a halted target. */
528 int arm920t_arch_state(struct target *target)
529 {
530 static const char *state[] =
531 {
532 "disabled", "enabled"
533 };
534
535 struct arm920t_common *arm920t = target_to_arm920(target);
536
537 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
538 {
539 LOG_ERROR("BUG: %s", arm920_not);
540 return ERROR_TARGET_INVALID;
541 }
542
543 arm_arch_state(target);
544 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
545 state[arm920t->armv4_5_mmu.mmu_enabled],
546 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
547 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
548
549 return ERROR_OK;
550 }
551
552 static int arm920_mmu(struct target *target, int *enabled)
553 {
554 if (target->state != TARGET_HALTED) {
555 LOG_ERROR("%s: target not halted", __func__);
556 return ERROR_TARGET_INVALID;
557 }
558
559 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
560 return ERROR_OK;
561 }
562
563 static int arm920_virt2phys(struct target *target,
564 uint32_t virt, uint32_t *phys)
565 {
566 uint32_t cb;
567 struct arm920t_common *arm920t = target_to_arm920(target);
568
569 uint32_t ret;
570 int retval = armv4_5_mmu_translate_va(target,
571 &arm920t->armv4_5_mmu, virt, &cb, &ret);
572 if (retval != ERROR_OK)
573 return retval;
574 *phys = ret;
575 return ERROR_OK;
576 }
577
578 /** Reads a buffer, in the specified word size, with current MMU settings. */
579 int arm920t_read_memory(struct target *target, uint32_t address,
580 uint32_t size, uint32_t count, uint8_t *buffer)
581 {
582 int retval;
583
584 retval = arm7_9_read_memory(target, address, size, count, buffer);
585
586 return retval;
587 }
588
589
590 static int arm920t_read_phys_memory(struct target *target,
591 uint32_t address, uint32_t size,
592 uint32_t count, uint8_t *buffer)
593 {
594 struct arm920t_common *arm920t = target_to_arm920(target);
595
596 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
597 address, size, count, buffer);
598 }
599
600 static int arm920t_write_phys_memory(struct target *target,
601 uint32_t address, uint32_t size,
602 uint32_t count, const uint8_t *buffer)
603 {
604 struct arm920t_common *arm920t = target_to_arm920(target);
605
606 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
607 address, size, count, buffer);
608 }
609
610
611 /** Writes a buffer, in the specified word size, with current MMU settings. */
612 int arm920t_write_memory(struct target *target, uint32_t address,
613 uint32_t size, uint32_t count, const uint8_t *buffer)
614 {
615 int retval;
616 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
617 struct arm920t_common *arm920t = target_to_arm920(target);
618
619 /* FIX!!!! this should be cleaned up and made much more general. The
620 * plan is to write up and test on arm920t specifically and
621 * then generalize and clean up afterwards.
622 *
623 * Also it should be moved to the callbacks that handle breakpoints
624 * specifically and not the generic memory write fn's. See XScale code.
625 */
626 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
627 ((size==2) || (size==4)))
628 {
629 /* special case the handling of single word writes to
630 * bypass MMU, to allow implementation of breakpoints
631 * in memory marked read only
632 * by MMU
633 */
634 uint32_t cb;
635 uint32_t pa;
636
637 /*
638 * We need physical address and cb
639 */
640 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
641 address, &cb, &pa);
642 if (retval != ERROR_OK)
643 return retval;
644
645 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
646 {
647 if (cb & 0x1)
648 {
649 LOG_DEBUG("D-Cache buffered, "
650 "drain write buffer");
651 /*
652 * Buffered ?
653 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
654 */
655
656 retval = arm920t_write_cp15_interpreted(target,
657 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
658 0x0, 0);
659 if (retval != ERROR_OK)
660 return retval;
661 }
662
663 if (cb == 0x3)
664 {
665 /*
666 * Write back memory ? -> clean cache
667 *
668 * There is no way to clean cache lines using
669 * cp15 scan chain, so copy the full cache
670 * line from cache to physical memory.
671 */
672 uint8_t data[32];
673
674 LOG_DEBUG("D-Cache in 'write back' mode, "
675 "flush cache line");
676
677 retval = target_read_memory(target,
678 address & cache_mask, 1,
679 sizeof(data), &data[0]);
680 if (retval != ERROR_OK)
681 return retval;
682
683 retval = armv4_5_mmu_write_physical(target,
684 &arm920t->armv4_5_mmu,
685 pa & cache_mask, 1,
686 sizeof(data), &data[0]);
687 if (retval != ERROR_OK)
688 return retval;
689 }
690
691 /* Cached ? */
692 if (cb & 0x2)
693 {
694 /*
695 * Cached ? -> Invalidate data cache using MVA
696 *
697 * MCR p15,0,Rd,c7,c6,1
698 */
699 LOG_DEBUG("D-Cache enabled, "
700 "invalidate cache line");
701
702 retval = arm920t_write_cp15_interpreted(target,
703 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
704 address & cache_mask);
705 if (retval != ERROR_OK)
706 return retval;
707 }
708 }
709
710 /* write directly to physical memory,
711 * bypassing any read only MMU bits, etc.
712 */
713 retval = armv4_5_mmu_write_physical(target,
714 &arm920t->armv4_5_mmu, pa, size,
715 count, buffer);
716 if (retval != ERROR_OK)
717 return retval;
718 } else
719 {
720 if ((retval = arm7_9_write_memory(target, address,
721 size, count, buffer)) != ERROR_OK)
722 return retval;
723 }
724
725 /* If ICache is enabled, we have to invalidate affected ICache lines
726 * the DCache is forced to write-through,
727 * so we don't have to clean it here
728 */
729 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
730 {
731 if (count <= 1)
732 {
733 /* invalidate ICache single entry with MVA
734 * mcr 15, 0, r0, cr7, cr5, {1}
735 */
736 LOG_DEBUG("I-Cache enabled, "
737 "invalidating affected I-Cache line");
738 retval = arm920t_write_cp15_interpreted(target,
739 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
740 0x0, address & cache_mask);
741 if (retval != ERROR_OK)
742 return retval;
743 }
744 else
745 {
746 /* invalidate ICache
747 * mcr 15, 0, r0, cr7, cr5, {0}
748 */
749 retval = arm920t_write_cp15_interpreted(target,
750 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
751 0x0, 0x0);
752 if (retval != ERROR_OK)
753 return retval;
754 }
755 }
756
757 return ERROR_OK;
758 }
759
760 // EXPORTED to FA256
761 int arm920t_soft_reset_halt(struct target *target)
762 {
763 int retval = ERROR_OK;
764 struct arm920t_common *arm920t = target_to_arm920(target);
765 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
766 struct arm *armv4_5 = &arm7_9->armv4_5_common;
767 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
768
769 if ((retval = target_halt(target)) != ERROR_OK)
770 {
771 return retval;
772 }
773
774 long long then = timeval_ms();
775 int timeout;
776 while (!(timeout = ((timeval_ms()-then) > 1000)))
777 {
778 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
779 == 0)
780 {
781 embeddedice_read_reg(dbg_stat);
782 if ((retval = jtag_execute_queue()) != ERROR_OK)
783 {
784 return retval;
785 }
786 } else
787 {
788 break;
789 }
790 if (debug_level >= 3)
791 {
792 /* do not eat all CPU, time out after 1 se*/
793 alive_sleep(100);
794 } else
795 {
796 keep_alive();
797 }
798 }
799 if (timeout)
800 {
801 LOG_ERROR("Failed to halt CPU after 1 sec");
802 return ERROR_TARGET_TIMEOUT;
803 }
804
805 target->state = TARGET_HALTED;
806
807 /* SVC, ARM state, IRQ and FIQ disabled */
808 uint32_t cpsr;
809
810 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
811 cpsr &= ~0xff;
812 cpsr |= 0xd3;
813 arm_set_cpsr(armv4_5, cpsr);
814 armv4_5->cpsr->dirty = 1;
815
816 /* start fetching from 0x0 */
817 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
818 armv4_5->pc->dirty = 1;
819 armv4_5->pc->valid = 1;
820
821 arm920t_disable_mmu_caches(target, 1, 1, 1);
822 arm920t->armv4_5_mmu.mmu_enabled = 0;
823 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
824 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
825
826 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
827 }
828
829 /* FIXME remove forward decls */
830 static int arm920t_mrc(struct target *target, int cpnum,
831 uint32_t op1, uint32_t op2,
832 uint32_t CRn, uint32_t CRm,
833 uint32_t *value);
834 static int arm920t_mcr(struct target *target, int cpnum,
835 uint32_t op1, uint32_t op2,
836 uint32_t CRn, uint32_t CRm,
837 uint32_t value);
838
839 static int arm920t_init_arch_info(struct target *target,
840 struct arm920t_common *arm920t, struct jtag_tap *tap)
841 {
842 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
843
844 arm7_9->armv4_5_common.mrc = arm920t_mrc;
845 arm7_9->armv4_5_common.mcr = arm920t_mcr;
846
847 /* initialize arm7/arm9 specific info (including armv4_5) */
848 arm9tdmi_init_arch_info(target, arm7_9, tap);
849
850 arm920t->common_magic = ARM920T_COMMON_MAGIC;
851
852 arm7_9->post_debug_entry = arm920t_post_debug_entry;
853 arm7_9->pre_restore_context = arm920t_pre_restore_context;
854
855 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
856 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
857 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
858 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
859 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
860 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
861 arm920t->armv4_5_mmu.has_tiny_pages = 1;
862 arm920t->armv4_5_mmu.mmu_enabled = 0;
863
864 /* disabling linefills leads to lockups, so keep them enabled for now
865 * this doesn't affect correctness, but might affect timing issues, if
866 * important data is evicted from the cache during the debug session
867 * */
868 arm920t->preserve_cache = 0;
869
870 /* override hw single-step capability from ARM9TDMI */
871 arm7_9->has_single_step = 1;
872
873 return ERROR_OK;
874 }
875
876 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
877 {
878 struct arm920t_common *arm920t;
879
880 arm920t = calloc(1,sizeof(struct arm920t_common));
881 return arm920t_init_arch_info(target, arm920t, target->tap);
882 }
883
884 COMMAND_HANDLER(arm920t_handle_read_cache_command)
885 {
886 int retval = ERROR_OK;
887 struct target *target = get_current_target(CMD_CTX);
888 struct arm920t_common *arm920t = target_to_arm920(target);
889 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
890 struct arm *armv4_5 = &arm7_9->armv4_5_common;
891 uint32_t cp15c15;
892 uint32_t cp15_ctrl, cp15_ctrl_saved;
893 uint32_t regs[16];
894 uint32_t *regs_p[16];
895 uint32_t C15_C_D_Ind, C15_C_I_Ind;
896 int i;
897 FILE *output;
898 int segment, index_t;
899 struct reg *r;
900
901 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
902 if (retval != ERROR_OK)
903 return retval;
904
905 if (CMD_ARGC != 1)
906 {
907 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
908 return ERROR_OK;
909 }
910
911 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
912 {
913 LOG_DEBUG("error opening cache content file");
914 return ERROR_OK;
915 }
916
917 for (i = 0; i < 16; i++)
918 regs_p[i] = &regs[i];
919
920 /* disable MMU and Caches */
921 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
922 if ((retval = jtag_execute_queue()) != ERROR_OK)
923 {
924 return retval;
925 }
926 cp15_ctrl_saved = cp15_ctrl;
927 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
928 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
929 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
930
931 /* read CP15 test state register */
932 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
933 jtag_execute_queue();
934
935 /* read DCache content */
936 fprintf(output, "DCache:\n");
937
938 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
939 for (segment = 0;
940 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
941 segment++)
942 {
943 fprintf(output, "\nsegment: %i\n----------", segment);
944
945 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
946 regs[0] = 0x0 | (segment << 5);
947 arm9tdmi_write_core_regs(target, 0x1, regs);
948
949 /* set interpret mode */
950 cp15c15 |= 0x1;
951 arm920t_write_cp15_physical(target,
952 CP15PHYS_TESTSTATE, cp15c15);
953
954 /* D CAM Read, loads current victim into C15.C.D.Ind */
955 arm920t_execute_cp15(target,
956 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
957
958 /* read current victim */
959 arm920t_read_cp15_physical(target,
960 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
961
962 /* clear interpret mode */
963 cp15c15 &= ~0x1;
964 arm920t_write_cp15_physical(target,
965 CP15PHYS_TESTSTATE, cp15c15);
966
967 for (index_t = 0; index_t < 64; index_t++)
968 {
969 /* Ra:
970 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
971 */
972 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
973 arm9tdmi_write_core_regs(target, 0x1, regs);
974
975 /* set interpret mode */
976 cp15c15 |= 0x1;
977 arm920t_write_cp15_physical(target,
978 CP15PHYS_TESTSTATE, cp15c15);
979
980 /* Write DCache victim */
981 arm920t_execute_cp15(target,
982 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
983
984 /* Read D RAM */
985 arm920t_execute_cp15(target,
986 ARMV4_5_MCR(15,2,0,15,10,2),
987 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
988
989 /* Read D CAM */
990 arm920t_execute_cp15(target,
991 ARMV4_5_MCR(15,2,0,15,6,2),
992 ARMV4_5_LDR(9, 0));
993
994 /* clear interpret mode */
995 cp15c15 &= ~0x1;
996 arm920t_write_cp15_physical(target,
997 CP15PHYS_TESTSTATE, cp15c15);
998
999 /* read D RAM and CAM content */
1000 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1001 if ((retval = jtag_execute_queue()) != ERROR_OK)
1002 {
1003 return retval;
1004 }
1005
1006 /* mask LFSR[6] */
1007 regs[9] &= 0xfffffffe;
1008 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
1009 PRIx32 ", content (%s):\n",
1010 segment, index_t, regs[9],
1011 (regs[9] & 0x10) ? "valid" : "invalid");
1012
1013 for (i = 1; i < 9; i++)
1014 {
1015 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1016 i-1, regs[i]);
1017 }
1018
1019 }
1020
1021 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1022 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1023 arm9tdmi_write_core_regs(target, 0x1, regs);
1024
1025 /* set interpret mode */
1026 cp15c15 |= 0x1;
1027 arm920t_write_cp15_physical(target,
1028 CP15PHYS_TESTSTATE, cp15c15);
1029
1030 /* Write DCache victim */
1031 arm920t_execute_cp15(target,
1032 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1033
1034 /* clear interpret mode */
1035 cp15c15 &= ~0x1;
1036 arm920t_write_cp15_physical(target,
1037 CP15PHYS_TESTSTATE, cp15c15);
1038 }
1039
1040 /* read ICache content */
1041 fprintf(output, "ICache:\n");
1042
1043 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1044 for (segment = 0;
1045 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1046 segment++)
1047 {
1048 fprintf(output, "segment: %i\n----------", segment);
1049
1050 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1051 regs[0] = 0x0 | (segment << 5);
1052 arm9tdmi_write_core_regs(target, 0x1, regs);
1053
1054 /* set interpret mode */
1055 cp15c15 |= 0x1;
1056 arm920t_write_cp15_physical(target,
1057 CP15PHYS_TESTSTATE, cp15c15);
1058
1059 /* I CAM Read, loads current victim into C15.C.I.Ind */
1060 arm920t_execute_cp15(target,
1061 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1062
1063 /* read current victim */
1064 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1065 &C15_C_I_Ind);
1066
1067 /* clear interpret mode */
1068 cp15c15 &= ~0x1;
1069 arm920t_write_cp15_physical(target,
1070 CP15PHYS_TESTSTATE, cp15c15);
1071
1072 for (index_t = 0; index_t < 64; index_t++)
1073 {
1074 /* Ra:
1075 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1076 */
1077 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1078 arm9tdmi_write_core_regs(target, 0x1, regs);
1079
1080 /* set interpret mode */
1081 cp15c15 |= 0x1;
1082 arm920t_write_cp15_physical(target,
1083 CP15PHYS_TESTSTATE, cp15c15);
1084
1085 /* Write ICache victim */
1086 arm920t_execute_cp15(target,
1087 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1088
1089 /* Read I RAM */
1090 arm920t_execute_cp15(target,
1091 ARMV4_5_MCR(15,2,0,15,9,2),
1092 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1093
1094 /* Read I CAM */
1095 arm920t_execute_cp15(target,
1096 ARMV4_5_MCR(15,2,0,15,5,2),
1097 ARMV4_5_LDR(9, 0));
1098
1099 /* clear interpret mode */
1100 cp15c15 &= ~0x1;
1101 arm920t_write_cp15_physical(target,
1102 CP15PHYS_TESTSTATE, cp15c15);
1103
1104 /* read I RAM and CAM content */
1105 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1106 if ((retval = jtag_execute_queue()) != ERROR_OK)
1107 {
1108 return retval;
1109 }
1110
1111 /* mask LFSR[6] */
1112 regs[9] &= 0xfffffffe;
1113 fprintf(output, "\nsegment: %i, index: %i, "
1114 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1115 segment, index_t, regs[9],
1116 (regs[9] & 0x10) ? "valid" : "invalid");
1117
1118 for (i = 1; i < 9; i++)
1119 {
1120 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1121 i-1, regs[i]);
1122 }
1123 }
1124
1125 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1126 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1127 arm9tdmi_write_core_regs(target, 0x1, regs);
1128
1129 /* set interpret mode */
1130 cp15c15 |= 0x1;
1131 arm920t_write_cp15_physical(target,
1132 CP15PHYS_TESTSTATE, cp15c15);
1133
1134 /* Write ICache victim */
1135 arm920t_execute_cp15(target,
1136 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1137
1138 /* clear interpret mode */
1139 cp15c15 &= ~0x1;
1140 arm920t_write_cp15_physical(target,
1141 CP15PHYS_TESTSTATE, cp15c15);
1142 }
1143
1144 /* restore CP15 MMU and Cache settings */
1145 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1146
1147 command_print(CMD_CTX, "cache content successfully output to %s",
1148 CMD_ARGV[0]);
1149
1150 fclose(output);
1151
1152 if (!is_arm_mode(armv4_5->core_mode))
1153 {
1154 LOG_ERROR("not a valid arm core mode - communication failure?");
1155 return ERROR_FAIL;
1156 }
1157
1158 /* force writeback of the valid data */
1159 r = armv4_5->core_cache->reg_list;
1160 r[0].dirty = r[0].valid;
1161 r[1].dirty = r[1].valid;
1162 r[2].dirty = r[2].valid;
1163 r[3].dirty = r[3].valid;
1164 r[4].dirty = r[4].valid;
1165 r[5].dirty = r[5].valid;
1166 r[6].dirty = r[6].valid;
1167 r[7].dirty = r[7].valid;
1168
1169 r = arm_reg_current(armv4_5, 8);
1170 r->dirty = r->valid;
1171
1172 r = arm_reg_current(armv4_5, 9);
1173 r->dirty = r->valid;
1174
1175 return ERROR_OK;
1176 }
1177
1178 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1179 {
1180 int retval = ERROR_OK;
1181 struct target *target = get_current_target(CMD_CTX);
1182 struct arm920t_common *arm920t = target_to_arm920(target);
1183 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1184 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1185 uint32_t cp15c15;
1186 uint32_t cp15_ctrl, cp15_ctrl_saved;
1187 uint32_t regs[16];
1188 uint32_t *regs_p[16];
1189 int i;
1190 FILE *output;
1191 uint32_t Dlockdown, Ilockdown;
1192 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1193 int victim;
1194 struct reg *r;
1195
1196 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1197 if (retval != ERROR_OK)
1198 return retval;
1199
1200 if (CMD_ARGC != 1)
1201 {
1202 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1203 return ERROR_OK;
1204 }
1205
1206 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1207 {
1208 LOG_DEBUG("error opening mmu content file");
1209 return ERROR_OK;
1210 }
1211
1212 for (i = 0; i < 16; i++)
1213 regs_p[i] = &regs[i];
1214
1215 /* disable MMU and Caches */
1216 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1217 if ((retval = jtag_execute_queue()) != ERROR_OK)
1218 {
1219 return retval;
1220 }
1221 cp15_ctrl_saved = cp15_ctrl;
1222 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1223 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1224 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1225
1226 /* read CP15 test state register */
1227 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1228 if ((retval = jtag_execute_queue()) != ERROR_OK)
1229 {
1230 return retval;
1231 }
1232
1233 /* prepare reading D TLB content
1234 * */
1235
1236 /* set interpret mode */
1237 cp15c15 |= 0x1;
1238 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1239
1240 /* Read D TLB lockdown */
1241 arm920t_execute_cp15(target,
1242 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1243
1244 /* clear interpret mode */
1245 cp15c15 &= ~0x1;
1246 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1247
1248 /* read D TLB lockdown stored to r1 */
1249 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1250 if ((retval = jtag_execute_queue()) != ERROR_OK)
1251 {
1252 return retval;
1253 }
1254 Dlockdown = regs[1];
1255
1256 for (victim = 0; victim < 64; victim += 8)
1257 {
1258 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1259 * base remains unchanged, victim goes through entries 0 to 63
1260 */
1261 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1262 arm9tdmi_write_core_regs(target, 0x2, regs);
1263
1264 /* set interpret mode */
1265 cp15c15 |= 0x1;
1266 arm920t_write_cp15_physical(target,
1267 CP15PHYS_TESTSTATE, cp15c15);
1268
1269 /* Write D TLB lockdown */
1270 arm920t_execute_cp15(target,
1271 ARMV4_5_MCR(15,0,0,10,0,0),
1272 ARMV4_5_STR(1, 0));
1273
1274 /* Read D TLB CAM */
1275 arm920t_execute_cp15(target,
1276 ARMV4_5_MCR(15,4,0,15,6,4),
1277 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1278
1279 /* clear interpret mode */
1280 cp15c15 &= ~0x1;
1281 arm920t_write_cp15_physical(target,
1282 CP15PHYS_TESTSTATE, cp15c15);
1283
1284 /* read D TLB CAM content stored to r2-r9 */
1285 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1286 if ((retval = jtag_execute_queue()) != ERROR_OK)
1287 {
1288 return retval;
1289 }
1290
1291 for (i = 0; i < 8; i++)
1292 d_tlb[victim + i].cam = regs[i + 2];
1293 }
1294
1295 for (victim = 0; victim < 64; victim++)
1296 {
1297 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1298 * base remains unchanged, victim goes through entries 0 to 63
1299 */
1300 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1301 arm9tdmi_write_core_regs(target, 0x2, regs);
1302
1303 /* set interpret mode */
1304 cp15c15 |= 0x1;
1305 arm920t_write_cp15_physical(target,
1306 CP15PHYS_TESTSTATE, cp15c15);
1307
1308 /* Write D TLB lockdown */
1309 arm920t_execute_cp15(target,
1310 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1311
1312 /* Read D TLB RAM1 */
1313 arm920t_execute_cp15(target,
1314 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1315
1316 /* Read D TLB RAM2 */
1317 arm920t_execute_cp15(target,
1318 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1319
1320 /* clear interpret mode */
1321 cp15c15 &= ~0x1;
1322 arm920t_write_cp15_physical(target,
1323 CP15PHYS_TESTSTATE, cp15c15);
1324
1325 /* read D TLB RAM content stored to r2 and r3 */
1326 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1327 if ((retval = jtag_execute_queue()) != ERROR_OK)
1328 {
1329 return retval;
1330 }
1331
1332 d_tlb[victim].ram1 = regs[2];
1333 d_tlb[victim].ram2 = regs[3];
1334 }
1335
1336 /* restore D TLB lockdown */
1337 regs[1] = Dlockdown;
1338 arm9tdmi_write_core_regs(target, 0x2, regs);
1339
1340 /* Write D TLB lockdown */
1341 arm920t_execute_cp15(target,
1342 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1343
1344 /* prepare reading I TLB content
1345 * */
1346
1347 /* set interpret mode */
1348 cp15c15 |= 0x1;
1349 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1350
1351 /* Read I TLB lockdown */
1352 arm920t_execute_cp15(target,
1353 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1354
1355 /* clear interpret mode */
1356 cp15c15 &= ~0x1;
1357 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1358
1359 /* read I TLB lockdown stored to r1 */
1360 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1361 if ((retval = jtag_execute_queue()) != ERROR_OK)
1362 {
1363 return retval;
1364 }
1365 Ilockdown = regs[1];
1366
1367 for (victim = 0; victim < 64; victim += 8)
1368 {
1369 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1370 * base remains unchanged, victim goes through entries 0 to 63
1371 */
1372 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1373 arm9tdmi_write_core_regs(target, 0x2, regs);
1374
1375 /* set interpret mode */
1376 cp15c15 |= 0x1;
1377 arm920t_write_cp15_physical(target,
1378 CP15PHYS_TESTSTATE, cp15c15);
1379
1380 /* Write I TLB lockdown */
1381 arm920t_execute_cp15(target,
1382 ARMV4_5_MCR(15,0,0,10,0,1),
1383 ARMV4_5_STR(1, 0));
1384
1385 /* Read I TLB CAM */
1386 arm920t_execute_cp15(target,
1387 ARMV4_5_MCR(15,4,0,15,5,4),
1388 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1389
1390 /* clear interpret mode */
1391 cp15c15 &= ~0x1;
1392 arm920t_write_cp15_physical(target,
1393 CP15PHYS_TESTSTATE, cp15c15);
1394
1395 /* read I TLB CAM content stored to r2-r9 */
1396 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1397 if ((retval = jtag_execute_queue()) != ERROR_OK)
1398 {
1399 return retval;
1400 }
1401
1402 for (i = 0; i < 8; i++)
1403 i_tlb[i + victim].cam = regs[i + 2];
1404 }
1405
1406 for (victim = 0; victim < 64; victim++)
1407 {
1408 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1409 * base remains unchanged, victim goes through entries 0 to 63
1410 */
1411 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1412 arm9tdmi_write_core_regs(target, 0x2, regs);
1413
1414 /* set interpret mode */
1415 cp15c15 |= 0x1;
1416 arm920t_write_cp15_physical(target,
1417 CP15PHYS_TESTSTATE, cp15c15);
1418
1419 /* Write I TLB lockdown */
1420 arm920t_execute_cp15(target,
1421 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1422
1423 /* Read I TLB RAM1 */
1424 arm920t_execute_cp15(target,
1425 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1426
1427 /* Read I TLB RAM2 */
1428 arm920t_execute_cp15(target,
1429 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1430
1431 /* clear interpret mode */
1432 cp15c15 &= ~0x1;
1433 arm920t_write_cp15_physical(target,
1434 CP15PHYS_TESTSTATE, cp15c15);
1435
1436 /* read I TLB RAM content stored to r2 and r3 */
1437 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1438 if ((retval = jtag_execute_queue()) != ERROR_OK)
1439 {
1440 return retval;
1441 }
1442
1443 i_tlb[victim].ram1 = regs[2];
1444 i_tlb[victim].ram2 = regs[3];
1445 }
1446
1447 /* restore I TLB lockdown */
1448 regs[1] = Ilockdown;
1449 arm9tdmi_write_core_regs(target, 0x2, regs);
1450
1451 /* Write I TLB lockdown */
1452 arm920t_execute_cp15(target,
1453 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1454
1455 /* restore CP15 MMU and Cache settings */
1456 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1457
1458 /* output data to file */
1459 fprintf(output, "D TLB content:\n");
1460 for (i = 0; i < 64; i++)
1461 {
1462 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1463 " 0x%8.8" PRIx32 " %s\n",
1464 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1465 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1466 }
1467
1468 fprintf(output, "\n\nI TLB content:\n");
1469 for (i = 0; i < 64; i++)
1470 {
1471 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1472 " 0x%8.8" PRIx32 " %s\n",
1473 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1474 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1475 }
1476
1477 command_print(CMD_CTX, "mmu content successfully output to %s",
1478 CMD_ARGV[0]);
1479
1480 fclose(output);
1481
1482 if (!is_arm_mode(armv4_5->core_mode))
1483 {
1484 LOG_ERROR("not a valid arm core mode - communication failure?");
1485 return ERROR_FAIL;
1486 }
1487
1488 /* force writeback of the valid data */
1489 r = armv4_5->core_cache->reg_list;
1490 r[0].dirty = r[0].valid;
1491 r[1].dirty = r[1].valid;
1492 r[2].dirty = r[2].valid;
1493 r[3].dirty = r[3].valid;
1494 r[4].dirty = r[4].valid;
1495 r[5].dirty = r[5].valid;
1496 r[6].dirty = r[6].valid;
1497 r[7].dirty = r[7].valid;
1498
1499 r = arm_reg_current(armv4_5, 8);
1500 r->dirty = r->valid;
1501
1502 r = arm_reg_current(armv4_5, 9);
1503 r->dirty = r->valid;
1504
1505 return ERROR_OK;
1506 }
1507
1508 COMMAND_HANDLER(arm920t_handle_cp15_command)
1509 {
1510 int retval;
1511 struct target *target = get_current_target(CMD_CTX);
1512 struct arm920t_common *arm920t = target_to_arm920(target);
1513
1514 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1515 if (retval != ERROR_OK)
1516 return retval;
1517
1518 if (target->state != TARGET_HALTED)
1519 {
1520 command_print(CMD_CTX, "target must be stopped for "
1521 "\"%s\" command", CMD_NAME);
1522 return ERROR_OK;
1523 }
1524
1525 /* one argument, read a register.
1526 * two arguments, write it.
1527 */
1528 if (CMD_ARGC >= 1)
1529 {
1530 int address;
1531 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1532
1533 if (CMD_ARGC == 1)
1534 {
1535 uint32_t value;
1536 if ((retval = arm920t_read_cp15_physical(target,
1537 address, &value)) != ERROR_OK)
1538 {
1539 command_print(CMD_CTX,
1540 "couldn't access reg %i", address);
1541 return ERROR_OK;
1542 }
1543 if ((retval = jtag_execute_queue()) != ERROR_OK)
1544 {
1545 return retval;
1546 }
1547
1548 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1549 address, value);
1550 }
1551 else if (CMD_ARGC == 2)
1552 {
1553 uint32_t value;
1554 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1555 retval = arm920t_write_cp15_physical(target,
1556 address, value);
1557 if (retval != ERROR_OK)
1558 {
1559 command_print(CMD_CTX,
1560 "couldn't access reg %i", address);
1561 /* REVISIT why lie? "return retval"? */
1562 return ERROR_OK;
1563 }
1564 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1565 address, value);
1566 }
1567 }
1568
1569 return ERROR_OK;
1570 }
1571
1572 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1573 {
1574 int retval;
1575 struct target *target = get_current_target(CMD_CTX);
1576 struct arm920t_common *arm920t = target_to_arm920(target);
1577
1578 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1579 if (retval != ERROR_OK)
1580 return retval;
1581
1582
1583 if (target->state != TARGET_HALTED)
1584 {
1585 command_print(CMD_CTX, "target must be stopped for "
1586 "\"%s\" command", CMD_NAME);
1587 return ERROR_OK;
1588 }
1589
1590 /* one argument, read a register.
1591 * two arguments, write it.
1592 */
1593 if (CMD_ARGC >= 1)
1594 {
1595 uint32_t opcode;
1596 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1597
1598 if (CMD_ARGC == 1)
1599 {
1600 uint32_t value;
1601 retval = arm920t_read_cp15_interpreted(target,
1602 opcode, 0x0, &value);
1603 if (retval != ERROR_OK)
1604 {
1605 command_print(CMD_CTX,
1606 "couldn't execute %8.8" PRIx32,
1607 opcode);
1608 /* REVISIT why lie? "return retval"? */
1609 return ERROR_OK;
1610 }
1611
1612 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1613 opcode, value);
1614 }
1615 else if (CMD_ARGC == 2)
1616 {
1617 uint32_t value;
1618 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1619 retval = arm920t_write_cp15_interpreted(target,
1620 opcode, value, 0);
1621 if (retval != ERROR_OK)
1622 {
1623 command_print(CMD_CTX,
1624 "couldn't execute %8.8" PRIx32,
1625 opcode);
1626 /* REVISIT why lie? "return retval"? */
1627 return ERROR_OK;
1628 }
1629 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1630 opcode, value);
1631 }
1632 else if (CMD_ARGC == 3)
1633 {
1634 uint32_t value;
1635 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1636 uint32_t address;
1637 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1638 retval = arm920t_write_cp15_interpreted(target,
1639 opcode, value, address);
1640 if (retval != ERROR_OK)
1641 {
1642 command_print(CMD_CTX,
1643 "couldn't execute %8.8" PRIx32, opcode);
1644 /* REVISIT why lie? "return retval"? */
1645 return ERROR_OK;
1646 }
1647 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1648 " %8.8" PRIx32, opcode, value, address);
1649 }
1650 }
1651 else
1652 {
1653 command_print(CMD_CTX,
1654 "usage: arm920t cp15i <opcode> [value] [address]");
1655 }
1656
1657 return ERROR_OK;
1658 }
1659
1660 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1661 {
1662 int retval;
1663 struct target *target = get_current_target(CMD_CTX);
1664 struct arm920t_common *arm920t = target_to_arm920(target);
1665
1666 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1667 if (retval != ERROR_OK)
1668 return retval;
1669
1670 return armv4_5_handle_cache_info_command(CMD_CTX,
1671 &arm920t->armv4_5_mmu.armv4_5_cache);
1672 }
1673
1674
1675 static int arm920t_mrc(struct target *target, int cpnum,
1676 uint32_t op1, uint32_t op2,
1677 uint32_t CRn, uint32_t CRm,
1678 uint32_t *value)
1679 {
1680 if (cpnum!=15)
1681 {
1682 LOG_ERROR("Only cp15 is supported");
1683 return ERROR_FAIL;
1684 }
1685
1686 /* read "to" r0 */
1687 return arm920t_read_cp15_interpreted(target,
1688 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1689 0, value);
1690 }
1691
1692 static int arm920t_mcr(struct target *target, int cpnum,
1693 uint32_t op1, uint32_t op2,
1694 uint32_t CRn, uint32_t CRm,
1695 uint32_t value)
1696 {
1697 if (cpnum!=15)
1698 {
1699 LOG_ERROR("Only cp15 is supported");
1700 return ERROR_FAIL;
1701 }
1702
1703 /* write "from" r0 */
1704 return arm920t_write_cp15_interpreted(target,
1705 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1706 0, value);
1707 }
1708
1709 static const struct command_registration arm920t_exec_command_handlers[] = {
1710 {
1711 .name = "cp15",
1712 .handler = arm920t_handle_cp15_command,
1713 .mode = COMMAND_EXEC,
1714 .help = "display/modify cp15 register",
1715 .usage = "regnum [value]",
1716 },
1717 {
1718 .name = "cp15i",
1719 .handler = arm920t_handle_cp15i_command,
1720 .mode = COMMAND_EXEC,
1721 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1722 .help = "display/modify cp15 register using ARM opcode"
1723 " (DEPRECATED)",
1724 .usage = "instruction [value [address]]",
1725 },
1726 {
1727 .name = "cache_info",
1728 .handler = arm920t_handle_cache_info_command,
1729 .mode = COMMAND_EXEC,
1730 .help = "display information about target caches",
1731 },
1732 {
1733 .name = "read_cache",
1734 .handler = arm920t_handle_read_cache_command,
1735 .mode = COMMAND_EXEC,
1736 .help = "dump I/D cache content to file",
1737 .usage = "filename",
1738 },
1739 {
1740 .name = "read_mmu",
1741 .handler = arm920t_handle_read_mmu_command,
1742 .mode = COMMAND_EXEC,
1743 .help = "dump I/D mmu content to file",
1744 .usage = "filename",
1745 },
1746 COMMAND_REGISTRATION_DONE
1747 };
1748 const struct command_registration arm920t_command_handlers[] = {
1749 {
1750 .chain = arm9tdmi_command_handlers,
1751 },
1752 {
1753 .name = "arm920t",
1754 .mode = COMMAND_ANY,
1755 .help = "arm920t command group",
1756 .chain = arm920t_exec_command_handlers,
1757 },
1758 COMMAND_REGISTRATION_DONE
1759 };
1760
1761 /** Holds methods for ARM920 targets. */
1762 struct target_type arm920t_target =
1763 {
1764 .name = "arm920t",
1765
1766 .poll = arm7_9_poll,
1767 .arch_state = arm920t_arch_state,
1768
1769 .target_request_data = arm7_9_target_request_data,
1770
1771 .halt = arm7_9_halt,
1772 .resume = arm7_9_resume,
1773 .step = arm7_9_step,
1774
1775 .assert_reset = arm7_9_assert_reset,
1776 .deassert_reset = arm7_9_deassert_reset,
1777 .soft_reset_halt = arm920t_soft_reset_halt,
1778
1779 .get_gdb_reg_list = arm_get_gdb_reg_list,
1780
1781 .read_memory = arm920t_read_memory,
1782 .write_memory = arm920t_write_memory,
1783 .read_phys_memory = arm920t_read_phys_memory,
1784 .write_phys_memory = arm920t_write_phys_memory,
1785 .mmu = arm920_mmu,
1786 .virt2phys = arm920_virt2phys,
1787
1788 .bulk_write_memory = arm7_9_bulk_write_memory,
1789
1790 .checksum_memory = arm_checksum_memory,
1791 .blank_check_memory = arm_blank_check_memory,
1792
1793 .run_algorithm = armv4_5_run_algorithm,
1794
1795 .add_breakpoint = arm7_9_add_breakpoint,
1796 .remove_breakpoint = arm7_9_remove_breakpoint,
1797 .add_watchpoint = arm7_9_add_watchpoint,
1798 .remove_watchpoint = arm7_9_remove_watchpoint,
1799
1800 .commands = arm920t_command_handlers,
1801 .target_create = arm920t_target_create,
1802 .init_target = arm9tdmi_init_target,
1803 .examine = arm7_9_examine,
1804 .check_reset = arm7_9_check_reset,
1805 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)