Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
jtag: retire jtag_get/set_end_state()
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
95 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
96
97 fields[0].num_bits = 1;
98 fields[0].out_value = &access_type_buf;
99 fields[0].in_value = NULL;
100
101 fields[1].num_bits = 32;
102 fields[1].out_value = NULL;
103 fields[1].in_value = NULL;
104
105 fields[2].num_bits = 6;
106 fields[2].out_value = &reg_addr_buf;
107 fields[2].in_value = NULL;
108
109 fields[3].num_bits = 1;
110 fields[3].out_value = &nr_w_buf;
111 fields[3].in_value = NULL;
112
113 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
114
115 fields[1].in_value = (uint8_t *)value;
116
117 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
118
119 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
120
121 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
122 jtag_execute_queue();
123 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
124 #endif
125
126 return ERROR_OK;
127 }
128
129 static int arm920t_write_cp15_physical(struct target *target,
130 int reg_addr, uint32_t value)
131 {
132 struct arm920t_common *arm920t = target_to_arm920(target);
133 struct arm_jtag *jtag_info;
134 struct scan_field fields[4];
135 uint8_t access_type_buf = 1;
136 uint8_t reg_addr_buf = reg_addr & 0x3f;
137 uint8_t nr_w_buf = 1;
138 uint8_t value_buf[4];
139
140 jtag_info = &arm920t->arm7_9_common.jtag_info;
141
142 buf_set_u32(value_buf, 0, 32, value);
143
144 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
145 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
146
147 fields[0].num_bits = 1;
148 fields[0].out_value = &access_type_buf;
149 fields[0].in_value = NULL;
150
151 fields[1].num_bits = 32;
152 fields[1].out_value = value_buf;
153 fields[1].in_value = NULL;
154
155 fields[2].num_bits = 6;
156 fields[2].out_value = &reg_addr_buf;
157 fields[2].in_value = NULL;
158
159 fields[3].num_bits = 1;
160 fields[3].out_value = &nr_w_buf;
161 fields[3].in_value = NULL;
162
163 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
164
165 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
166 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
167 #endif
168
169 return ERROR_OK;
170 }
171
172 /* See table 9-10 for scan chain 15 format during interpreted access mode.
173 * If the TESTSTATE register is set for interpreted access, certain CP15
174 * MRC and MCR instructions may be executed through scan chain 15.
175 *
176 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
177 * executed using scan chain 15 interpreted mode.
178 */
179 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
180 uint32_t arm_opcode)
181 {
182 int retval;
183 struct arm920t_common *arm920t = target_to_arm920(target);
184 struct arm_jtag *jtag_info;
185 struct scan_field fields[4];
186 uint8_t access_type_buf = 0; /* interpreted access */
187 uint8_t reg_addr_buf = 0x0;
188 uint8_t nr_w_buf = 0;
189 uint8_t cp15_opcode_buf[4];
190
191 jtag_info = &arm920t->arm7_9_common.jtag_info;
192
193 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
194 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
195
196 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
197
198 fields[0].num_bits = 1;
199 fields[0].out_value = &access_type_buf;
200 fields[0].in_value = NULL;
201
202 fields[1].num_bits = 32;
203 fields[1].out_value = cp15_opcode_buf;
204 fields[1].in_value = NULL;
205
206 fields[2].num_bits = 6;
207 fields[2].out_value = &reg_addr_buf;
208 fields[2].in_value = NULL;
209
210 fields[3].num_bits = 1;
211 fields[3].out_value = &nr_w_buf;
212 fields[3].in_value = NULL;
213
214 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
215
216 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
217 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
218 retval = arm7_9_execute_sys_speed(target);
219 if (retval != ERROR_OK)
220 return retval;
221
222 if ((retval = jtag_execute_queue()) != ERROR_OK)
223 {
224 LOG_ERROR("failed executing JTAG queue");
225 return retval;
226 }
227
228 return ERROR_OK;
229 }
230
231 static int arm920t_read_cp15_interpreted(struct target *target,
232 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
233 {
234 struct arm *armv4_5 = target_to_arm(target);
235 uint32_t* regs_p[1];
236 uint32_t regs[2];
237 uint32_t cp15c15 = 0x0;
238 struct reg *r = armv4_5->core_cache->reg_list;
239
240 /* load address into R1 */
241 regs[1] = address;
242 arm9tdmi_write_core_regs(target, 0x2, regs);
243
244 /* read-modify-write CP15 test state register
245 * to enable interpreted access mode */
246 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
247 jtag_execute_queue();
248 cp15c15 |= 1; /* set interpret mode */
249 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
250
251 /* execute CP15 instruction and ARM load (reading from coprocessor) */
252 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
253
254 /* disable interpreted access mode */
255 cp15c15 &= ~1U; /* clear interpret mode */
256 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
257
258 /* retrieve value from R0 */
259 regs_p[0] = value;
260 arm9tdmi_read_core_regs(target, 0x1, regs_p);
261 jtag_execute_queue();
262
263 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
264 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
265 cp15_opcode, address, *value);
266 #endif
267
268 if (!is_arm_mode(armv4_5->core_mode))
269 return ERROR_FAIL;
270
271 r[0].dirty = 1;
272 r[1].dirty = 1;
273
274 return ERROR_OK;
275 }
276
277 static
278 int arm920t_write_cp15_interpreted(struct target *target,
279 uint32_t cp15_opcode, uint32_t value, uint32_t address)
280 {
281 uint32_t cp15c15 = 0x0;
282 struct arm *armv4_5 = target_to_arm(target);
283 uint32_t regs[2];
284 struct reg *r = armv4_5->core_cache->reg_list;
285
286 /* load value, address into R0, R1 */
287 regs[0] = value;
288 regs[1] = address;
289 arm9tdmi_write_core_regs(target, 0x3, regs);
290
291 /* read-modify-write CP15 test state register
292 * to enable interpreted access mode */
293 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
294 jtag_execute_queue();
295 cp15c15 |= 1; /* set interpret mode */
296 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
297
298 /* execute CP15 instruction and ARM store (writing to coprocessor) */
299 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
300
301 /* disable interpreted access mode */
302 cp15c15 &= ~1U; /* set interpret mode */
303 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
304
305 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
306 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
307 cp15_opcode, value, address);
308 #endif
309
310 if (!is_arm_mode(armv4_5->core_mode))
311 return ERROR_FAIL;
312
313 r[0].dirty = 1;
314 r[1].dirty = 1;
315
316 return ERROR_OK;
317 }
318
319 // EXPORTED to FA256
320 uint32_t arm920t_get_ttb(struct target *target)
321 {
322 int retval;
323 uint32_t ttb = 0x0;
324
325 if ((retval = arm920t_read_cp15_interpreted(target,
326 /* FIXME use opcode macro */
327 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
328 return retval;
329
330 return ttb;
331 }
332
333 // EXPORTED to FA256
334 void arm920t_disable_mmu_caches(struct target *target, int mmu,
335 int d_u_cache, int i_cache)
336 {
337 uint32_t cp15_control;
338
339 /* read cp15 control register */
340 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
341 jtag_execute_queue();
342
343 if (mmu)
344 cp15_control &= ~0x1U;
345
346 if (d_u_cache)
347 cp15_control &= ~0x4U;
348
349 if (i_cache)
350 cp15_control &= ~0x1000U;
351
352 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
353 }
354
355 // EXPORTED to FA256
356 void arm920t_enable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360
361 /* read cp15 control register */
362 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
363 jtag_execute_queue();
364
365 if (mmu)
366 cp15_control |= 0x1U;
367
368 if (d_u_cache)
369 cp15_control |= 0x4U;
370
371 if (i_cache)
372 cp15_control |= 0x1000U;
373
374 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
375 }
376
377 // EXPORTED to FA256
378 void arm920t_post_debug_entry(struct target *target)
379 {
380 uint32_t cp15c15;
381 struct arm920t_common *arm920t = target_to_arm920(target);
382
383 /* examine cp15 control reg */
384 arm920t_read_cp15_physical(target,
385 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
386 jtag_execute_queue();
387 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
388
389 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
390 {
391 uint32_t cache_type_reg;
392 /* identify caches */
393 arm920t_read_cp15_physical(target,
394 CP15PHYS_CACHETYPE, &cache_type_reg);
395 jtag_execute_queue();
396 armv4_5_identify_cache(cache_type_reg,
397 &arm920t->armv4_5_mmu.armv4_5_cache);
398 }
399
400 arm920t->armv4_5_mmu.mmu_enabled =
401 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
402 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
403 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
404 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
405 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
406
407 /* save i/d fault status and address register */
408 /* FIXME use opcode macros */
409 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
410 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
411 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
412 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
413
414 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
415 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
416 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
417
418 if (arm920t->preserve_cache)
419 {
420 /* read-modify-write CP15 test state register
421 * to disable I/D-cache linefills */
422 arm920t_read_cp15_physical(target,
423 CP15PHYS_TESTSTATE, &cp15c15);
424 jtag_execute_queue();
425 cp15c15 |= 0x600;
426 arm920t_write_cp15_physical(target,
427 CP15PHYS_TESTSTATE, cp15c15);
428 }
429 }
430
431 // EXPORTED to FA256
432 void arm920t_pre_restore_context(struct target *target)
433 {
434 uint32_t cp15c15;
435 struct arm920t_common *arm920t = target_to_arm920(target);
436
437 /* restore i/d fault status and address register */
438 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
439 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
440 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
441 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
442
443 /* read-modify-write CP15 test state register
444 * to reenable I/D-cache linefills */
445 if (arm920t->preserve_cache)
446 {
447 arm920t_read_cp15_physical(target,
448 CP15PHYS_TESTSTATE, &cp15c15);
449 jtag_execute_queue();
450 cp15c15 &= ~0x600U;
451 arm920t_write_cp15_physical(target,
452 CP15PHYS_TESTSTATE, cp15c15);
453 }
454 }
455
456 static const char arm920_not[] = "target is not an ARM920";
457
458 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
459 struct arm920t_common *arm920t)
460 {
461 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
462 command_print(cmd_ctx, arm920_not);
463 return ERROR_TARGET_INVALID;
464 }
465
466 return ERROR_OK;
467 }
468
469 /** Logs summary of ARM920 state for a halted target. */
470 int arm920t_arch_state(struct target *target)
471 {
472 static const char *state[] =
473 {
474 "disabled", "enabled"
475 };
476
477 struct arm920t_common *arm920t = target_to_arm920(target);
478 struct arm *armv4_5;
479
480 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
481 {
482 LOG_ERROR("BUG: %s", arm920_not);
483 return ERROR_TARGET_INVALID;
484 }
485
486 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
487
488 arm_arch_state(target);
489 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
490 state[arm920t->armv4_5_mmu.mmu_enabled],
491 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
492 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
493
494 return ERROR_OK;
495 }
496
497 static int arm920_mmu(struct target *target, int *enabled)
498 {
499 if (target->state != TARGET_HALTED) {
500 LOG_ERROR("%s: target not halted", __func__);
501 return ERROR_TARGET_INVALID;
502 }
503
504 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
505 return ERROR_OK;
506 }
507
508 static int arm920_virt2phys(struct target *target,
509 uint32_t virt, uint32_t *phys)
510 {
511 int type;
512 uint32_t cb;
513 int domain;
514 uint32_t ap;
515 struct arm920t_common *arm920t = target_to_arm920(target);
516
517 uint32_t ret = armv4_5_mmu_translate_va(target,
518 &arm920t->armv4_5_mmu, virt, &type, &cb, &domain, &ap);
519 if (type == -1)
520 {
521 return ret;
522 }
523 *phys = ret;
524 return ERROR_OK;
525 }
526
527 /** Reads a buffer, in the specified word size, with current MMU settings. */
528 int arm920t_read_memory(struct target *target, uint32_t address,
529 uint32_t size, uint32_t count, uint8_t *buffer)
530 {
531 int retval;
532
533 retval = arm7_9_read_memory(target, address, size, count, buffer);
534
535 return retval;
536 }
537
538
539 static int arm920t_read_phys_memory(struct target *target,
540 uint32_t address, uint32_t size,
541 uint32_t count, uint8_t *buffer)
542 {
543 struct arm920t_common *arm920t = target_to_arm920(target);
544
545 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
546 address, size, count, buffer);
547 }
548
549 static int arm920t_write_phys_memory(struct target *target,
550 uint32_t address, uint32_t size,
551 uint32_t count, uint8_t *buffer)
552 {
553 struct arm920t_common *arm920t = target_to_arm920(target);
554
555 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
556 address, size, count, buffer);
557 }
558
559
560 /** Writes a buffer, in the specified word size, with current MMU settings. */
561 int arm920t_write_memory(struct target *target, uint32_t address,
562 uint32_t size, uint32_t count, uint8_t *buffer)
563 {
564 int retval;
565 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
566 struct arm920t_common *arm920t = target_to_arm920(target);
567
568 /* FIX!!!! this should be cleaned up and made much more general. The
569 * plan is to write up and test on arm920t specifically and
570 * then generalize and clean up afterwards. */
571 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
572 ((size==2) || (size==4)))
573 {
574 /* special case the handling of single word writes to
575 * bypass MMU, to allow implementation of breakpoints
576 * in memory marked read only
577 * by MMU
578 */
579 int type;
580 uint32_t cb;
581 int domain;
582 uint32_t ap;
583 uint32_t pa;
584
585 /*
586 * We need physical address and cb
587 */
588 pa = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
589 address, &type, &cb, &domain, &ap);
590 if (type == -1)
591 return pa;
592
593 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
594 {
595 if (cb & 0x1)
596 {
597 LOG_DEBUG("D-Cache buffered, "
598 "drain write buffer");
599 /*
600 * Buffered ?
601 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
602 */
603
604 retval = arm920t_write_cp15_interpreted(target,
605 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
606 0x0, 0);
607 if (retval != ERROR_OK)
608 return retval;
609 }
610
611 if (cb == 0x3)
612 {
613 /*
614 * Write back memory ? -> clean cache
615 *
616 * There is no way to clean cache lines using
617 * cp15 scan chain, so copy the full cache
618 * line from cache to physical memory.
619 */
620 uint8_t data[32];
621
622 LOG_DEBUG("D-Cache in 'write back' mode, "
623 "flush cache line");
624
625 retval = target_read_memory(target,
626 address & cache_mask, 1,
627 sizeof(data), &data[0]);
628 if (retval != ERROR_OK)
629 return retval;
630
631 retval = armv4_5_mmu_write_physical(target,
632 &arm920t->armv4_5_mmu,
633 pa & cache_mask, 1,
634 sizeof(data), &data[0]);
635 if (retval != ERROR_OK)
636 return retval;
637 }
638
639 /* Cached ? */
640 if (cb & 0x2)
641 {
642 /*
643 * Cached ? -> Invalidate data cache using MVA
644 *
645 * MCR p15,0,Rd,c7,c6,1
646 */
647 LOG_DEBUG("D-Cache enabled, "
648 "invalidate cache line");
649
650 retval = arm920t_write_cp15_interpreted(target,
651 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
652 address & cache_mask);
653 if (retval != ERROR_OK)
654 return retval;
655 }
656 }
657
658 /* write directly to physical memory,
659 * bypassing any read only MMU bits, etc.
660 */
661 retval = armv4_5_mmu_write_physical(target,
662 &arm920t->armv4_5_mmu, pa, size,
663 count, buffer);
664 if (retval != ERROR_OK)
665 return retval;
666 } else
667 {
668 if ((retval = arm7_9_write_memory(target, address,
669 size, count, buffer)) != ERROR_OK)
670 return retval;
671 }
672
673 /* If ICache is enabled, we have to invalidate affected ICache lines
674 * the DCache is forced to write-through,
675 * so we don't have to clean it here
676 */
677 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
678 {
679 if (count <= 1)
680 {
681 /* invalidate ICache single entry with MVA
682 * mcr 15, 0, r0, cr7, cr5, {1}
683 */
684 LOG_DEBUG("I-Cache enabled, "
685 "invalidating affected I-Cache line");
686 retval = arm920t_write_cp15_interpreted(target,
687 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
688 0x0, address & cache_mask);
689 if (retval != ERROR_OK)
690 return retval;
691 }
692 else
693 {
694 /* invalidate ICache
695 * mcr 15, 0, r0, cr7, cr5, {0}
696 */
697 retval = arm920t_write_cp15_interpreted(target,
698 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
699 0x0, 0x0);
700 if (retval != ERROR_OK)
701 return retval;
702 }
703 }
704
705 return retval;
706 }
707
708 // EXPORTED to FA256
709 int arm920t_soft_reset_halt(struct target *target)
710 {
711 int retval = ERROR_OK;
712 struct arm920t_common *arm920t = target_to_arm920(target);
713 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
714 struct arm *armv4_5 = &arm7_9->armv4_5_common;
715 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
716
717 if ((retval = target_halt(target)) != ERROR_OK)
718 {
719 return retval;
720 }
721
722 long long then = timeval_ms();
723 int timeout;
724 while (!(timeout = ((timeval_ms()-then) > 1000)))
725 {
726 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
727 == 0)
728 {
729 embeddedice_read_reg(dbg_stat);
730 if ((retval = jtag_execute_queue()) != ERROR_OK)
731 {
732 return retval;
733 }
734 } else
735 {
736 break;
737 }
738 if (debug_level >= 3)
739 {
740 /* do not eat all CPU, time out after 1 se*/
741 alive_sleep(100);
742 } else
743 {
744 keep_alive();
745 }
746 }
747 if (timeout)
748 {
749 LOG_ERROR("Failed to halt CPU after 1 sec");
750 return ERROR_TARGET_TIMEOUT;
751 }
752
753 target->state = TARGET_HALTED;
754
755 /* SVC, ARM state, IRQ and FIQ disabled */
756 uint32_t cpsr;
757
758 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
759 cpsr &= ~0xff;
760 cpsr |= 0xd3;
761 arm_set_cpsr(armv4_5, cpsr);
762 armv4_5->cpsr->dirty = 1;
763
764 /* start fetching from 0x0 */
765 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
766 armv4_5->pc->dirty = 1;
767 armv4_5->pc->valid = 1;
768
769 arm920t_disable_mmu_caches(target, 1, 1, 1);
770 arm920t->armv4_5_mmu.mmu_enabled = 0;
771 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
772 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
773
774 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
775 }
776
777 /* FIXME remove forward decls */
778 static int arm920t_mrc(struct target *target, int cpnum,
779 uint32_t op1, uint32_t op2,
780 uint32_t CRn, uint32_t CRm,
781 uint32_t *value);
782 static int arm920t_mcr(struct target *target, int cpnum,
783 uint32_t op1, uint32_t op2,
784 uint32_t CRn, uint32_t CRm,
785 uint32_t value);
786
787 int arm920t_init_arch_info(struct target *target,
788 struct arm920t_common *arm920t, struct jtag_tap *tap)
789 {
790 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
791
792 arm7_9->armv4_5_common.mrc = arm920t_mrc;
793 arm7_9->armv4_5_common.mcr = arm920t_mcr;
794
795 /* initialize arm7/arm9 specific info (including armv4_5) */
796 arm9tdmi_init_arch_info(target, arm7_9, tap);
797
798 arm920t->common_magic = ARM920T_COMMON_MAGIC;
799
800 arm7_9->post_debug_entry = arm920t_post_debug_entry;
801 arm7_9->pre_restore_context = arm920t_pre_restore_context;
802
803 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
804 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
805 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
806 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
807 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
808 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
809 arm920t->armv4_5_mmu.has_tiny_pages = 1;
810 arm920t->armv4_5_mmu.mmu_enabled = 0;
811
812 /* disabling linefills leads to lockups, so keep them enabled for now
813 * this doesn't affect correctness, but might affect timing issues, if
814 * important data is evicted from the cache during the debug session
815 * */
816 arm920t->preserve_cache = 0;
817
818 /* override hw single-step capability from ARM9TDMI */
819 arm7_9->has_single_step = 1;
820
821 return ERROR_OK;
822 }
823
824 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
825 {
826 struct arm920t_common *arm920t;
827
828 arm920t = calloc(1,sizeof(struct arm920t_common));
829 return arm920t_init_arch_info(target, arm920t, target->tap);
830 }
831
832 COMMAND_HANDLER(arm920t_handle_read_cache_command)
833 {
834 int retval = ERROR_OK;
835 struct target *target = get_current_target(CMD_CTX);
836 struct arm920t_common *arm920t = target_to_arm920(target);
837 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
838 struct arm *armv4_5 = &arm7_9->armv4_5_common;
839 uint32_t cp15c15;
840 uint32_t cp15_ctrl, cp15_ctrl_saved;
841 uint32_t regs[16];
842 uint32_t *regs_p[16];
843 uint32_t C15_C_D_Ind, C15_C_I_Ind;
844 int i;
845 FILE *output;
846 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
847 int segment, index;
848 struct reg *r;
849
850 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
851 if (retval != ERROR_OK)
852 return retval;
853
854 if (CMD_ARGC != 1)
855 {
856 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
857 return ERROR_OK;
858 }
859
860 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
861 {
862 LOG_DEBUG("error opening cache content file");
863 return ERROR_OK;
864 }
865
866 for (i = 0; i < 16; i++)
867 regs_p[i] = &regs[i];
868
869 /* disable MMU and Caches */
870 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
871 if ((retval = jtag_execute_queue()) != ERROR_OK)
872 {
873 return retval;
874 }
875 cp15_ctrl_saved = cp15_ctrl;
876 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
877 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
878 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
879
880 /* read CP15 test state register */
881 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
882 jtag_execute_queue();
883
884 /* read DCache content */
885 fprintf(output, "DCache:\n");
886
887 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
888 for (segment = 0;
889 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
890 segment++)
891 {
892 fprintf(output, "\nsegment: %i\n----------", segment);
893
894 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
895 regs[0] = 0x0 | (segment << 5);
896 arm9tdmi_write_core_regs(target, 0x1, regs);
897
898 /* set interpret mode */
899 cp15c15 |= 0x1;
900 arm920t_write_cp15_physical(target,
901 CP15PHYS_TESTSTATE, cp15c15);
902
903 /* D CAM Read, loads current victim into C15.C.D.Ind */
904 arm920t_execute_cp15(target,
905 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
906
907 /* read current victim */
908 arm920t_read_cp15_physical(target,
909 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
910
911 /* clear interpret mode */
912 cp15c15 &= ~0x1;
913 arm920t_write_cp15_physical(target,
914 CP15PHYS_TESTSTATE, cp15c15);
915
916 for (index = 0; index < 64; index++)
917 {
918 /* Ra:
919 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
920 */
921 regs[0] = 0x0 | (segment << 5) | (index << 26);
922 arm9tdmi_write_core_regs(target, 0x1, regs);
923
924 /* set interpret mode */
925 cp15c15 |= 0x1;
926 arm920t_write_cp15_physical(target,
927 CP15PHYS_TESTSTATE, cp15c15);
928
929 /* Write DCache victim */
930 arm920t_execute_cp15(target,
931 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
932
933 /* Read D RAM */
934 arm920t_execute_cp15(target,
935 ARMV4_5_MCR(15,2,0,15,10,2),
936 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
937
938 /* Read D CAM */
939 arm920t_execute_cp15(target,
940 ARMV4_5_MCR(15,2,0,15,6,2),
941 ARMV4_5_LDR(9, 0));
942
943 /* clear interpret mode */
944 cp15c15 &= ~0x1;
945 arm920t_write_cp15_physical(target,
946 CP15PHYS_TESTSTATE, cp15c15);
947
948 /* read D RAM and CAM content */
949 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
950 if ((retval = jtag_execute_queue()) != ERROR_OK)
951 {
952 return retval;
953 }
954
955 d_cache[segment][index].cam = regs[9];
956
957 /* mask LFSR[6] */
958 regs[9] &= 0xfffffffe;
959 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
960 PRIx32 ", content (%s):\n",
961 segment, index, regs[9],
962 (regs[9] & 0x10) ? "valid" : "invalid");
963
964 for (i = 1; i < 9; i++)
965 {
966 d_cache[segment][index].data[i] = regs[i];
967 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
968 i-1, regs[i]);
969 }
970
971 }
972
973 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
974 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
975 arm9tdmi_write_core_regs(target, 0x1, regs);
976
977 /* set interpret mode */
978 cp15c15 |= 0x1;
979 arm920t_write_cp15_physical(target,
980 CP15PHYS_TESTSTATE, cp15c15);
981
982 /* Write DCache victim */
983 arm920t_execute_cp15(target,
984 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
985
986 /* clear interpret mode */
987 cp15c15 &= ~0x1;
988 arm920t_write_cp15_physical(target,
989 CP15PHYS_TESTSTATE, cp15c15);
990 }
991
992 /* read ICache content */
993 fprintf(output, "ICache:\n");
994
995 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
996 for (segment = 0;
997 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
998 segment++)
999 {
1000 fprintf(output, "segment: %i\n----------", segment);
1001
1002 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1003 regs[0] = 0x0 | (segment << 5);
1004 arm9tdmi_write_core_regs(target, 0x1, regs);
1005
1006 /* set interpret mode */
1007 cp15c15 |= 0x1;
1008 arm920t_write_cp15_physical(target,
1009 CP15PHYS_TESTSTATE, cp15c15);
1010
1011 /* I CAM Read, loads current victim into C15.C.I.Ind */
1012 arm920t_execute_cp15(target,
1013 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1014
1015 /* read current victim */
1016 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1017 &C15_C_I_Ind);
1018
1019 /* clear interpret mode */
1020 cp15c15 &= ~0x1;
1021 arm920t_write_cp15_physical(target,
1022 CP15PHYS_TESTSTATE, cp15c15);
1023
1024 for (index = 0; index < 64; index++)
1025 {
1026 /* Ra:
1027 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1028 */
1029 regs[0] = 0x0 | (segment << 5) | (index << 26);
1030 arm9tdmi_write_core_regs(target, 0x1, regs);
1031
1032 /* set interpret mode */
1033 cp15c15 |= 0x1;
1034 arm920t_write_cp15_physical(target,
1035 CP15PHYS_TESTSTATE, cp15c15);
1036
1037 /* Write ICache victim */
1038 arm920t_execute_cp15(target,
1039 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1040
1041 /* Read I RAM */
1042 arm920t_execute_cp15(target,
1043 ARMV4_5_MCR(15,2,0,15,9,2),
1044 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1045
1046 /* Read I CAM */
1047 arm920t_execute_cp15(target,
1048 ARMV4_5_MCR(15,2,0,15,5,2),
1049 ARMV4_5_LDR(9, 0));
1050
1051 /* clear interpret mode */
1052 cp15c15 &= ~0x1;
1053 arm920t_write_cp15_physical(target,
1054 CP15PHYS_TESTSTATE, cp15c15);
1055
1056 /* read I RAM and CAM content */
1057 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1058 if ((retval = jtag_execute_queue()) != ERROR_OK)
1059 {
1060 return retval;
1061 }
1062
1063 i_cache[segment][index].cam = regs[9];
1064
1065 /* mask LFSR[6] */
1066 regs[9] &= 0xfffffffe;
1067 fprintf(output, "\nsegment: %i, index: %i, "
1068 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1069 segment, index, regs[9],
1070 (regs[9] & 0x10) ? "valid" : "invalid");
1071
1072 for (i = 1; i < 9; i++)
1073 {
1074 i_cache[segment][index].data[i] = regs[i];
1075 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1076 i-1, regs[i]);
1077 }
1078 }
1079
1080 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1081 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1082 arm9tdmi_write_core_regs(target, 0x1, regs);
1083
1084 /* set interpret mode */
1085 cp15c15 |= 0x1;
1086 arm920t_write_cp15_physical(target,
1087 CP15PHYS_TESTSTATE, cp15c15);
1088
1089 /* Write ICache victim */
1090 arm920t_execute_cp15(target,
1091 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1092
1093 /* clear interpret mode */
1094 cp15c15 &= ~0x1;
1095 arm920t_write_cp15_physical(target,
1096 CP15PHYS_TESTSTATE, cp15c15);
1097 }
1098
1099 /* restore CP15 MMU and Cache settings */
1100 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1101
1102 command_print(CMD_CTX, "cache content successfully output to %s",
1103 CMD_ARGV[0]);
1104
1105 fclose(output);
1106
1107 if (!is_arm_mode(armv4_5->core_mode))
1108 return ERROR_FAIL;
1109
1110 /* force writeback of the valid data */
1111 r = armv4_5->core_cache->reg_list;
1112 r[0].dirty = r[0].valid;
1113 r[1].dirty = r[1].valid;
1114 r[2].dirty = r[2].valid;
1115 r[3].dirty = r[3].valid;
1116 r[4].dirty = r[4].valid;
1117 r[5].dirty = r[5].valid;
1118 r[6].dirty = r[6].valid;
1119 r[7].dirty = r[7].valid;
1120
1121 r = arm_reg_current(armv4_5, 8);
1122 r->dirty = r->valid;
1123
1124 r = arm_reg_current(armv4_5, 9);
1125 r->dirty = r->valid;
1126
1127 return ERROR_OK;
1128 }
1129
1130 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1131 {
1132 int retval = ERROR_OK;
1133 struct target *target = get_current_target(CMD_CTX);
1134 struct arm920t_common *arm920t = target_to_arm920(target);
1135 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1136 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1137 uint32_t cp15c15;
1138 uint32_t cp15_ctrl, cp15_ctrl_saved;
1139 uint32_t regs[16];
1140 uint32_t *regs_p[16];
1141 int i;
1142 FILE *output;
1143 uint32_t Dlockdown, Ilockdown;
1144 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1145 int victim;
1146 struct reg *r;
1147
1148 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1149 if (retval != ERROR_OK)
1150 return retval;
1151
1152 if (CMD_ARGC != 1)
1153 {
1154 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1155 return ERROR_OK;
1156 }
1157
1158 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1159 {
1160 LOG_DEBUG("error opening mmu content file");
1161 return ERROR_OK;
1162 }
1163
1164 for (i = 0; i < 16; i++)
1165 regs_p[i] = &regs[i];
1166
1167 /* disable MMU and Caches */
1168 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1169 if ((retval = jtag_execute_queue()) != ERROR_OK)
1170 {
1171 return retval;
1172 }
1173 cp15_ctrl_saved = cp15_ctrl;
1174 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1175 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1176 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1177
1178 /* read CP15 test state register */
1179 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1180 if ((retval = jtag_execute_queue()) != ERROR_OK)
1181 {
1182 return retval;
1183 }
1184
1185 /* prepare reading D TLB content
1186 * */
1187
1188 /* set interpret mode */
1189 cp15c15 |= 0x1;
1190 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1191
1192 /* Read D TLB lockdown */
1193 arm920t_execute_cp15(target,
1194 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1195
1196 /* clear interpret mode */
1197 cp15c15 &= ~0x1;
1198 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1199
1200 /* read D TLB lockdown stored to r1 */
1201 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1202 if ((retval = jtag_execute_queue()) != ERROR_OK)
1203 {
1204 return retval;
1205 }
1206 Dlockdown = regs[1];
1207
1208 for (victim = 0; victim < 64; victim += 8)
1209 {
1210 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1211 * base remains unchanged, victim goes through entries 0 to 63
1212 */
1213 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1214 arm9tdmi_write_core_regs(target, 0x2, regs);
1215
1216 /* set interpret mode */
1217 cp15c15 |= 0x1;
1218 arm920t_write_cp15_physical(target,
1219 CP15PHYS_TESTSTATE, cp15c15);
1220
1221 /* Write D TLB lockdown */
1222 arm920t_execute_cp15(target,
1223 ARMV4_5_MCR(15,0,0,10,0,0),
1224 ARMV4_5_STR(1, 0));
1225
1226 /* Read D TLB CAM */
1227 arm920t_execute_cp15(target,
1228 ARMV4_5_MCR(15,4,0,15,6,4),
1229 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1230
1231 /* clear interpret mode */
1232 cp15c15 &= ~0x1;
1233 arm920t_write_cp15_physical(target,
1234 CP15PHYS_TESTSTATE, cp15c15);
1235
1236 /* read D TLB CAM content stored to r2-r9 */
1237 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1238 if ((retval = jtag_execute_queue()) != ERROR_OK)
1239 {
1240 return retval;
1241 }
1242
1243 for (i = 0; i < 8; i++)
1244 d_tlb[victim + i].cam = regs[i + 2];
1245 }
1246
1247 for (victim = 0; victim < 64; victim++)
1248 {
1249 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1250 * base remains unchanged, victim goes through entries 0 to 63
1251 */
1252 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1253 arm9tdmi_write_core_regs(target, 0x2, regs);
1254
1255 /* set interpret mode */
1256 cp15c15 |= 0x1;
1257 arm920t_write_cp15_physical(target,
1258 CP15PHYS_TESTSTATE, cp15c15);
1259
1260 /* Write D TLB lockdown */
1261 arm920t_execute_cp15(target,
1262 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1263
1264 /* Read D TLB RAM1 */
1265 arm920t_execute_cp15(target,
1266 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1267
1268 /* Read D TLB RAM2 */
1269 arm920t_execute_cp15(target,
1270 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1271
1272 /* clear interpret mode */
1273 cp15c15 &= ~0x1;
1274 arm920t_write_cp15_physical(target,
1275 CP15PHYS_TESTSTATE, cp15c15);
1276
1277 /* read D TLB RAM content stored to r2 and r3 */
1278 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1279 if ((retval = jtag_execute_queue()) != ERROR_OK)
1280 {
1281 return retval;
1282 }
1283
1284 d_tlb[victim].ram1 = regs[2];
1285 d_tlb[victim].ram2 = regs[3];
1286 }
1287
1288 /* restore D TLB lockdown */
1289 regs[1] = Dlockdown;
1290 arm9tdmi_write_core_regs(target, 0x2, regs);
1291
1292 /* Write D TLB lockdown */
1293 arm920t_execute_cp15(target,
1294 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1295
1296 /* prepare reading I TLB content
1297 * */
1298
1299 /* set interpret mode */
1300 cp15c15 |= 0x1;
1301 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1302
1303 /* Read I TLB lockdown */
1304 arm920t_execute_cp15(target,
1305 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1306
1307 /* clear interpret mode */
1308 cp15c15 &= ~0x1;
1309 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1310
1311 /* read I TLB lockdown stored to r1 */
1312 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1313 if ((retval = jtag_execute_queue()) != ERROR_OK)
1314 {
1315 return retval;
1316 }
1317 Ilockdown = regs[1];
1318
1319 for (victim = 0; victim < 64; victim += 8)
1320 {
1321 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1322 * base remains unchanged, victim goes through entries 0 to 63
1323 */
1324 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1325 arm9tdmi_write_core_regs(target, 0x2, regs);
1326
1327 /* set interpret mode */
1328 cp15c15 |= 0x1;
1329 arm920t_write_cp15_physical(target,
1330 CP15PHYS_TESTSTATE, cp15c15);
1331
1332 /* Write I TLB lockdown */
1333 arm920t_execute_cp15(target,
1334 ARMV4_5_MCR(15,0,0,10,0,1),
1335 ARMV4_5_STR(1, 0));
1336
1337 /* Read I TLB CAM */
1338 arm920t_execute_cp15(target,
1339 ARMV4_5_MCR(15,4,0,15,5,4),
1340 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1341
1342 /* clear interpret mode */
1343 cp15c15 &= ~0x1;
1344 arm920t_write_cp15_physical(target,
1345 CP15PHYS_TESTSTATE, cp15c15);
1346
1347 /* read I TLB CAM content stored to r2-r9 */
1348 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1349 if ((retval = jtag_execute_queue()) != ERROR_OK)
1350 {
1351 return retval;
1352 }
1353
1354 for (i = 0; i < 8; i++)
1355 i_tlb[i + victim].cam = regs[i + 2];
1356 }
1357
1358 for (victim = 0; victim < 64; victim++)
1359 {
1360 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1361 * base remains unchanged, victim goes through entries 0 to 63
1362 */
1363 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1364 arm9tdmi_write_core_regs(target, 0x2, regs);
1365
1366 /* set interpret mode */
1367 cp15c15 |= 0x1;
1368 arm920t_write_cp15_physical(target,
1369 CP15PHYS_TESTSTATE, cp15c15);
1370
1371 /* Write I TLB lockdown */
1372 arm920t_execute_cp15(target,
1373 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1374
1375 /* Read I TLB RAM1 */
1376 arm920t_execute_cp15(target,
1377 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1378
1379 /* Read I TLB RAM2 */
1380 arm920t_execute_cp15(target,
1381 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1382
1383 /* clear interpret mode */
1384 cp15c15 &= ~0x1;
1385 arm920t_write_cp15_physical(target,
1386 CP15PHYS_TESTSTATE, cp15c15);
1387
1388 /* read I TLB RAM content stored to r2 and r3 */
1389 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1390 if ((retval = jtag_execute_queue()) != ERROR_OK)
1391 {
1392 return retval;
1393 }
1394
1395 i_tlb[victim].ram1 = regs[2];
1396 i_tlb[victim].ram2 = regs[3];
1397 }
1398
1399 /* restore I TLB lockdown */
1400 regs[1] = Ilockdown;
1401 arm9tdmi_write_core_regs(target, 0x2, regs);
1402
1403 /* Write I TLB lockdown */
1404 arm920t_execute_cp15(target,
1405 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1406
1407 /* restore CP15 MMU and Cache settings */
1408 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1409
1410 /* output data to file */
1411 fprintf(output, "D TLB content:\n");
1412 for (i = 0; i < 64; i++)
1413 {
1414 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1415 " 0x%8.8" PRIx32 " %s\n",
1416 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1417 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1418 }
1419
1420 fprintf(output, "\n\nI TLB content:\n");
1421 for (i = 0; i < 64; i++)
1422 {
1423 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1424 " 0x%8.8" PRIx32 " %s\n",
1425 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1426 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1427 }
1428
1429 command_print(CMD_CTX, "mmu content successfully output to %s",
1430 CMD_ARGV[0]);
1431
1432 fclose(output);
1433
1434 if (!is_arm_mode(armv4_5->core_mode))
1435 return ERROR_FAIL;
1436
1437 /* force writeback of the valid data */
1438 r = armv4_5->core_cache->reg_list;
1439 r[0].dirty = r[0].valid;
1440 r[1].dirty = r[1].valid;
1441 r[2].dirty = r[2].valid;
1442 r[3].dirty = r[3].valid;
1443 r[4].dirty = r[4].valid;
1444 r[5].dirty = r[5].valid;
1445 r[6].dirty = r[6].valid;
1446 r[7].dirty = r[7].valid;
1447
1448 r = arm_reg_current(armv4_5, 8);
1449 r->dirty = r->valid;
1450
1451 r = arm_reg_current(armv4_5, 9);
1452 r->dirty = r->valid;
1453
1454 return ERROR_OK;
1455 }
1456
1457 COMMAND_HANDLER(arm920t_handle_cp15_command)
1458 {
1459 int retval;
1460 struct target *target = get_current_target(CMD_CTX);
1461 struct arm920t_common *arm920t = target_to_arm920(target);
1462
1463 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1464 if (retval != ERROR_OK)
1465 return retval;
1466
1467 if (target->state != TARGET_HALTED)
1468 {
1469 command_print(CMD_CTX, "target must be stopped for "
1470 "\"%s\" command", CMD_NAME);
1471 return ERROR_OK;
1472 }
1473
1474 /* one argument, read a register.
1475 * two arguments, write it.
1476 */
1477 if (CMD_ARGC >= 1)
1478 {
1479 int address;
1480 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1481
1482 if (CMD_ARGC == 1)
1483 {
1484 uint32_t value;
1485 if ((retval = arm920t_read_cp15_physical(target,
1486 address, &value)) != ERROR_OK)
1487 {
1488 command_print(CMD_CTX,
1489 "couldn't access reg %i", address);
1490 return ERROR_OK;
1491 }
1492 if ((retval = jtag_execute_queue()) != ERROR_OK)
1493 {
1494 return retval;
1495 }
1496
1497 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1498 address, value);
1499 }
1500 else if (CMD_ARGC == 2)
1501 {
1502 uint32_t value;
1503 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1504 retval = arm920t_write_cp15_physical(target,
1505 address, value);
1506 if (retval != ERROR_OK)
1507 {
1508 command_print(CMD_CTX,
1509 "couldn't access reg %i", address);
1510 /* REVISIT why lie? "return retval"? */
1511 return ERROR_OK;
1512 }
1513 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1514 address, value);
1515 }
1516 }
1517
1518 return ERROR_OK;
1519 }
1520
1521 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1522 {
1523 int retval;
1524 struct target *target = get_current_target(CMD_CTX);
1525 struct arm920t_common *arm920t = target_to_arm920(target);
1526
1527 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1528 if (retval != ERROR_OK)
1529 return retval;
1530
1531
1532 if (target->state != TARGET_HALTED)
1533 {
1534 command_print(CMD_CTX, "target must be stopped for "
1535 "\"%s\" command", CMD_NAME);
1536 return ERROR_OK;
1537 }
1538
1539 /* one argument, read a register.
1540 * two arguments, write it.
1541 */
1542 if (CMD_ARGC >= 1)
1543 {
1544 uint32_t opcode;
1545 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1546
1547 if (CMD_ARGC == 1)
1548 {
1549 uint32_t value;
1550 retval = arm920t_read_cp15_interpreted(target,
1551 opcode, 0x0, &value);
1552 if (retval != ERROR_OK)
1553 {
1554 command_print(CMD_CTX,
1555 "couldn't execute %8.8" PRIx32,
1556 opcode);
1557 /* REVISIT why lie? "return retval"? */
1558 return ERROR_OK;
1559 }
1560
1561 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1562 opcode, value);
1563 }
1564 else if (CMD_ARGC == 2)
1565 {
1566 uint32_t value;
1567 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1568 retval = arm920t_write_cp15_interpreted(target,
1569 opcode, value, 0);
1570 if (retval != ERROR_OK)
1571 {
1572 command_print(CMD_CTX,
1573 "couldn't execute %8.8" PRIx32,
1574 opcode);
1575 /* REVISIT why lie? "return retval"? */
1576 return ERROR_OK;
1577 }
1578 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1579 opcode, value);
1580 }
1581 else if (CMD_ARGC == 3)
1582 {
1583 uint32_t value;
1584 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1585 uint32_t address;
1586 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1587 retval = arm920t_write_cp15_interpreted(target,
1588 opcode, value, address);
1589 if (retval != ERROR_OK)
1590 {
1591 command_print(CMD_CTX,
1592 "couldn't execute %8.8" PRIx32, opcode);
1593 /* REVISIT why lie? "return retval"? */
1594 return ERROR_OK;
1595 }
1596 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1597 " %8.8" PRIx32, opcode, value, address);
1598 }
1599 }
1600 else
1601 {
1602 command_print(CMD_CTX,
1603 "usage: arm920t cp15i <opcode> [value] [address]");
1604 }
1605
1606 return ERROR_OK;
1607 }
1608
1609 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1610 {
1611 int retval;
1612 struct target *target = get_current_target(CMD_CTX);
1613 struct arm920t_common *arm920t = target_to_arm920(target);
1614
1615 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1616 if (retval != ERROR_OK)
1617 return retval;
1618
1619 return armv4_5_handle_cache_info_command(CMD_CTX,
1620 &arm920t->armv4_5_mmu.armv4_5_cache);
1621 }
1622
1623
1624 static int arm920t_mrc(struct target *target, int cpnum,
1625 uint32_t op1, uint32_t op2,
1626 uint32_t CRn, uint32_t CRm,
1627 uint32_t *value)
1628 {
1629 if (cpnum!=15)
1630 {
1631 LOG_ERROR("Only cp15 is supported");
1632 return ERROR_FAIL;
1633 }
1634
1635 /* read "to" r0 */
1636 return arm920t_read_cp15_interpreted(target,
1637 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1638 0, value);
1639 }
1640
1641 static int arm920t_mcr(struct target *target, int cpnum,
1642 uint32_t op1, uint32_t op2,
1643 uint32_t CRn, uint32_t CRm,
1644 uint32_t value)
1645 {
1646 if (cpnum!=15)
1647 {
1648 LOG_ERROR("Only cp15 is supported");
1649 return ERROR_FAIL;
1650 }
1651
1652 /* write "from" r0 */
1653 return arm920t_write_cp15_interpreted(target,
1654 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1655 0, value);
1656 }
1657
1658 static const struct command_registration arm920t_exec_command_handlers[] = {
1659 {
1660 .name = "cp15",
1661 .handler = arm920t_handle_cp15_command,
1662 .mode = COMMAND_EXEC,
1663 .help = "display/modify cp15 register",
1664 .usage = "regnum [value]",
1665 },
1666 {
1667 .name = "cp15i",
1668 .handler = arm920t_handle_cp15i_command,
1669 .mode = COMMAND_EXEC,
1670 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1671 .help = "display/modify cp15 register using ARM opcode"
1672 " (DEPRECATED)",
1673 .usage = "instruction [value [address]]",
1674 },
1675 {
1676 .name = "cache_info",
1677 .handler = arm920t_handle_cache_info_command,
1678 .mode = COMMAND_EXEC,
1679 .help = "display information about target caches",
1680 },
1681 {
1682 .name = "read_cache",
1683 .handler = arm920t_handle_read_cache_command,
1684 .mode = COMMAND_EXEC,
1685 .help = "dump I/D cache content to file",
1686 .usage = "filename",
1687 },
1688 {
1689 .name = "read_mmu",
1690 .handler = arm920t_handle_read_mmu_command,
1691 .mode = COMMAND_EXEC,
1692 .help = "dump I/D mmu content to file",
1693 .usage = "filename",
1694 },
1695 COMMAND_REGISTRATION_DONE
1696 };
1697 const struct command_registration arm920t_command_handlers[] = {
1698 {
1699 .chain = arm9tdmi_command_handlers,
1700 },
1701 {
1702 .name = "arm920t",
1703 .mode = COMMAND_ANY,
1704 .help = "arm920t command group",
1705 .chain = arm920t_exec_command_handlers,
1706 },
1707 COMMAND_REGISTRATION_DONE
1708 };
1709
1710 /** Holds methods for ARM920 targets. */
1711 struct target_type arm920t_target =
1712 {
1713 .name = "arm920t",
1714
1715 .poll = arm7_9_poll,
1716 .arch_state = arm920t_arch_state,
1717
1718 .target_request_data = arm7_9_target_request_data,
1719
1720 .halt = arm7_9_halt,
1721 .resume = arm7_9_resume,
1722 .step = arm7_9_step,
1723
1724 .assert_reset = arm7_9_assert_reset,
1725 .deassert_reset = arm7_9_deassert_reset,
1726 .soft_reset_halt = arm920t_soft_reset_halt,
1727
1728 .get_gdb_reg_list = arm_get_gdb_reg_list,
1729
1730 .read_memory = arm920t_read_memory,
1731 .write_memory = arm920t_write_memory,
1732 .read_phys_memory = arm920t_read_phys_memory,
1733 .write_phys_memory = arm920t_write_phys_memory,
1734 .mmu = arm920_mmu,
1735 .virt2phys = arm920_virt2phys,
1736
1737 .bulk_write_memory = arm7_9_bulk_write_memory,
1738
1739 .checksum_memory = arm_checksum_memory,
1740 .blank_check_memory = arm_blank_check_memory,
1741
1742 .run_algorithm = armv4_5_run_algorithm,
1743
1744 .add_breakpoint = arm7_9_add_breakpoint,
1745 .remove_breakpoint = arm7_9_remove_breakpoint,
1746 .add_watchpoint = arm7_9_add_watchpoint,
1747 .remove_watchpoint = arm7_9_remove_watchpoint,
1748
1749 .commands = arm920t_command_handlers,
1750 .target_create = arm920t_target_create,
1751 .init_target = arm9tdmi_init_target,
1752 .examine = arm7_9_examine,
1753 .check_reset = arm7_9_check_reset,
1754 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)