Fix spelling of ARM Cortex
[openocd.git] / src / target / cortex_a.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2006 by Magnus Lundin *
6 * lundin@mlu.mine.nu *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
13 * *
14 * Copyright (C) 2010 √ėyvind Harboe *
15 * oyvind.harboe@zylin.com *
16 * *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
19 * *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex-R4 support *
22 * *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
25 * *
26 * This program is free software; you can redistribute it and/or modify *
27 * it under the terms of the GNU General Public License as published by *
28 * the Free Software Foundation; either version 2 of the License, or *
29 * (at your option) any later version. *
30 * *
31 * This program is distributed in the hope that it will be useful, *
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
34 * GNU General Public License for more details. *
35 * *
36 * You should have received a copy of the GNU General Public License *
37 * along with this program; if not, write to the *
38 * Free Software Foundation, Inc., *
39 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
40 * *
41 * Cortex-A8(tm) TRM, ARM DDI 0344H *
42 * Cortex-A9(tm) TRM, ARM DDI 0407F *
43 * Cortex-A4(tm) TRM, ARM DDI 0363E *
44 * Cortex-A15(tm)TRM, ARM DDI 0438C *
45 * *
46 ***************************************************************************/
47
48 #ifdef HAVE_CONFIG_H
49 #include "config.h"
50 #endif
51
52 #include "breakpoints.h"
53 #include "cortex_a.h"
54 #include "register.h"
55 #include "target_request.h"
56 #include "target_type.h"
57 #include "arm_opcodes.h"
58 #include <helper/time_support.h>
59
60 static int cortex_a_poll(struct target *target);
61 static int cortex_a_debug_entry(struct target *target);
62 static int cortex_a_restore_context(struct target *target, bool bpwp);
63 static int cortex_a_set_breakpoint(struct target *target,
64 struct breakpoint *breakpoint, uint8_t matchmode);
65 static int cortex_a_set_context_breakpoint(struct target *target,
66 struct breakpoint *breakpoint, uint8_t matchmode);
67 static int cortex_a_set_hybrid_breakpoint(struct target *target,
68 struct breakpoint *breakpoint);
69 static int cortex_a_unset_breakpoint(struct target *target,
70 struct breakpoint *breakpoint);
71 static int cortex_a_dap_read_coreregister_u32(struct target *target,
72 uint32_t *value, int regnum);
73 static int cortex_a_dap_write_coreregister_u32(struct target *target,
74 uint32_t value, int regnum);
75 static int cortex_a_mmu(struct target *target, int *enabled);
76 static int cortex_a_mmu_modify(struct target *target, int enable);
77 static int cortex_a_virt2phys(struct target *target,
78 uint32_t virt, uint32_t *phys);
79 static int cortex_a_read_cpu_memory(struct target *target,
80 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
81
82
83 /* restore cp15_control_reg at resume */
84 static int cortex_a_restore_cp15_control_reg(struct target *target)
85 {
86 int retval = ERROR_OK;
87 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
88 struct armv7a_common *armv7a = target_to_armv7a(target);
89
90 if (cortex_a->cp15_control_reg != cortex_a->cp15_control_reg_curr) {
91 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
92 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
93 retval = armv7a->arm.mcr(target, 15,
94 0, 0, /* op1, op2 */
95 1, 0, /* CRn, CRm */
96 cortex_a->cp15_control_reg);
97 }
98 return retval;
99 }
100
101 /*
102 * Set up ARM core for memory access.
103 * If !phys_access, switch to SVC mode and make sure MMU is on
104 * If phys_access, switch off mmu
105 */
106 static int cortex_a_prep_memaccess(struct target *target, int phys_access)
107 {
108 struct armv7a_common *armv7a = target_to_armv7a(target);
109 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
110 int mmu_enabled = 0;
111
112 if (phys_access == 0) {
113 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
114 cortex_a_mmu(target, &mmu_enabled);
115 if (mmu_enabled)
116 cortex_a_mmu_modify(target, 1);
117 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
118 /* overwrite DACR to all-manager */
119 armv7a->arm.mcr(target, 15,
120 0, 0, 3, 0,
121 0xFFFFFFFF);
122 }
123 } else {
124 cortex_a_mmu(target, &mmu_enabled);
125 if (mmu_enabled)
126 cortex_a_mmu_modify(target, 0);
127 }
128 return ERROR_OK;
129 }
130
131 /*
132 * Restore ARM core after memory access.
133 * If !phys_access, switch to previous mode
134 * If phys_access, restore MMU setting
135 */
136 static int cortex_a_post_memaccess(struct target *target, int phys_access)
137 {
138 struct armv7a_common *armv7a = target_to_armv7a(target);
139 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
140
141 if (phys_access == 0) {
142 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
143 /* restore */
144 armv7a->arm.mcr(target, 15,
145 0, 0, 3, 0,
146 cortex_a->cp15_dacr_reg);
147 }
148 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
149 } else {
150 int mmu_enabled = 0;
151 cortex_a_mmu(target, &mmu_enabled);
152 if (mmu_enabled)
153 cortex_a_mmu_modify(target, 1);
154 }
155 return ERROR_OK;
156 }
157
158
159 /* modify cp15_control_reg in order to enable or disable mmu for :
160 * - virt2phys address conversion
161 * - read or write memory in phys or virt address */
162 static int cortex_a_mmu_modify(struct target *target, int enable)
163 {
164 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
165 struct armv7a_common *armv7a = target_to_armv7a(target);
166 int retval = ERROR_OK;
167 int need_write = 0;
168
169 if (enable) {
170 /* if mmu enabled at target stop and mmu not enable */
171 if (!(cortex_a->cp15_control_reg & 0x1U)) {
172 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
173 return ERROR_FAIL;
174 }
175 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0) {
176 cortex_a->cp15_control_reg_curr |= 0x1U;
177 need_write = 1;
178 }
179 } else {
180 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0x1U) {
181 cortex_a->cp15_control_reg_curr &= ~0x1U;
182 need_write = 1;
183 }
184 }
185
186 if (need_write) {
187 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32,
188 enable ? "enable mmu" : "disable mmu",
189 cortex_a->cp15_control_reg_curr);
190
191 retval = armv7a->arm.mcr(target, 15,
192 0, 0, /* op1, op2 */
193 1, 0, /* CRn, CRm */
194 cortex_a->cp15_control_reg_curr);
195 }
196 return retval;
197 }
198
199 /*
200 * Cortex-A Basic debug access, very low level assumes state is saved
201 */
202 static int cortex_a8_init_debug_access(struct target *target)
203 {
204 struct armv7a_common *armv7a = target_to_armv7a(target);
205 int retval;
206
207 LOG_DEBUG(" ");
208
209 /* Unlocking the debug registers for modification
210 * The debugport might be uninitialised so try twice */
211 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
212 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
213 if (retval != ERROR_OK) {
214 /* try again */
215 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
216 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
217 if (retval == ERROR_OK)
218 LOG_USER(
219 "Locking debug access failed on first, but succeeded on second try.");
220 }
221
222 return retval;
223 }
224
225 /*
226 * Cortex-A Basic debug access, very low level assumes state is saved
227 */
228 static int cortex_a_init_debug_access(struct target *target)
229 {
230 struct armv7a_common *armv7a = target_to_armv7a(target);
231 int retval;
232 uint32_t dbg_osreg;
233 uint32_t cortex_part_num;
234 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
235
236 LOG_DEBUG(" ");
237 cortex_part_num = (cortex_a->cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >>
238 CORTEX_A_MIDR_PARTNUM_SHIFT;
239
240 switch (cortex_part_num) {
241 case CORTEX_A7_PARTNUM:
242 case CORTEX_A15_PARTNUM:
243 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
244 armv7a->debug_base + CPUDBG_OSLSR,
245 &dbg_osreg);
246 if (retval != ERROR_OK)
247 return retval;
248
249 LOG_DEBUG("DBGOSLSR 0x%" PRIx32, dbg_osreg);
250
251 if (dbg_osreg & CPUDBG_OSLAR_LK_MASK)
252 /* Unlocking the DEBUG OS registers for modification */
253 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
254 armv7a->debug_base + CPUDBG_OSLAR,
255 0);
256 break;
257
258 case CORTEX_A5_PARTNUM:
259 case CORTEX_A8_PARTNUM:
260 case CORTEX_A9_PARTNUM:
261 default:
262 retval = cortex_a8_init_debug_access(target);
263 }
264
265 if (retval != ERROR_OK)
266 return retval;
267 /* Clear Sticky Power Down status Bit in PRSR to enable access to
268 the registers in the Core Power Domain */
269 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
270 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
271 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
272
273 if (retval != ERROR_OK)
274 return retval;
275
276 /* Disable cacheline fills and force cache write-through in debug state */
277 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
278 armv7a->debug_base + CPUDBG_DSCCR, 0);
279 if (retval != ERROR_OK)
280 return retval;
281
282 /* Disable TLB lookup and refill/eviction in debug state */
283 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
284 armv7a->debug_base + CPUDBG_DSMCR, 0);
285 if (retval != ERROR_OK)
286 return retval;
287
288 /* Enabling of instruction execution in debug mode is done in debug_entry code */
289
290 /* Resync breakpoint registers */
291
292 /* Since this is likely called from init or reset, update target state information*/
293 return cortex_a_poll(target);
294 }
295
296 static int cortex_a_wait_instrcmpl(struct target *target, uint32_t *dscr, bool force)
297 {
298 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
299 * Writes final value of DSCR into *dscr. Pass force to force always
300 * reading DSCR at least once. */
301 struct armv7a_common *armv7a = target_to_armv7a(target);
302 int64_t then = timeval_ms();
303 while ((*dscr & DSCR_INSTR_COMP) == 0 || force) {
304 force = false;
305 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
306 armv7a->debug_base + CPUDBG_DSCR, dscr);
307 if (retval != ERROR_OK) {
308 LOG_ERROR("Could not read DSCR register");
309 return retval;
310 }
311 if (timeval_ms() > then + 1000) {
312 LOG_ERROR("Timeout waiting for InstrCompl=1");
313 return ERROR_FAIL;
314 }
315 }
316 return ERROR_OK;
317 }
318
319 /* To reduce needless round-trips, pass in a pointer to the current
320 * DSCR value. Initialize it to zero if you just need to know the
321 * value on return from this function; or DSCR_INSTR_COMP if you
322 * happen to know that no instruction is pending.
323 */
324 static int cortex_a_exec_opcode(struct target *target,
325 uint32_t opcode, uint32_t *dscr_p)
326 {
327 uint32_t dscr;
328 int retval;
329 struct armv7a_common *armv7a = target_to_armv7a(target);
330
331 dscr = dscr_p ? *dscr_p : 0;
332
333 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
334
335 /* Wait for InstrCompl bit to be set */
336 retval = cortex_a_wait_instrcmpl(target, dscr_p, false);
337 if (retval != ERROR_OK)
338 return retval;
339
340 retval = mem_ap_write_u32(armv7a->debug_ap,
341 armv7a->debug_base + CPUDBG_ITR, opcode);
342 if (retval != ERROR_OK)
343 return retval;
344
345 int64_t then = timeval_ms();
346 do {
347 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
348 armv7a->debug_base + CPUDBG_DSCR, &dscr);
349 if (retval != ERROR_OK) {
350 LOG_ERROR("Could not read DSCR register");
351 return retval;
352 }
353 if (timeval_ms() > then + 1000) {
354 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
355 return ERROR_FAIL;
356 }
357 } while ((dscr & DSCR_INSTR_COMP) == 0); /* Wait for InstrCompl bit to be set */
358
359 if (dscr_p)
360 *dscr_p = dscr;
361
362 return retval;
363 }
364
365 /**************************************************************************
366 Read core register with very few exec_opcode, fast but needs work_area.
367 This can cause problems with MMU active.
368 **************************************************************************/
369 static int cortex_a_read_regs_through_mem(struct target *target, uint32_t address,
370 uint32_t *regfile)
371 {
372 int retval = ERROR_OK;
373 struct armv7a_common *armv7a = target_to_armv7a(target);
374
375 retval = cortex_a_dap_read_coreregister_u32(target, regfile, 0);
376 if (retval != ERROR_OK)
377 return retval;
378 retval = cortex_a_dap_write_coreregister_u32(target, address, 0);
379 if (retval != ERROR_OK)
380 return retval;
381 retval = cortex_a_exec_opcode(target, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL);
382 if (retval != ERROR_OK)
383 return retval;
384
385 retval = mem_ap_read_buf(armv7a->memory_ap,
386 (uint8_t *)(&regfile[1]), 4, 15, address);
387
388 return retval;
389 }
390
391 static int cortex_a_dap_read_coreregister_u32(struct target *target,
392 uint32_t *value, int regnum)
393 {
394 int retval = ERROR_OK;
395 uint8_t reg = regnum&0xFF;
396 uint32_t dscr = 0;
397 struct armv7a_common *armv7a = target_to_armv7a(target);
398
399 if (reg > 17)
400 return retval;
401
402 if (reg < 15) {
403 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
404 retval = cortex_a_exec_opcode(target,
405 ARMV4_5_MCR(14, 0, reg, 0, 5, 0),
406 &dscr);
407 if (retval != ERROR_OK)
408 return retval;
409 } else if (reg == 15) {
410 /* "MOV r0, r15"; then move r0 to DCCTX */
411 retval = cortex_a_exec_opcode(target, 0xE1A0000F, &dscr);
412 if (retval != ERROR_OK)
413 return retval;
414 retval = cortex_a_exec_opcode(target,
415 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
416 &dscr);
417 if (retval != ERROR_OK)
418 return retval;
419 } else {
420 /* "MRS r0, CPSR" or "MRS r0, SPSR"
421 * then move r0 to DCCTX
422 */
423 retval = cortex_a_exec_opcode(target, ARMV4_5_MRS(0, reg & 1), &dscr);
424 if (retval != ERROR_OK)
425 return retval;
426 retval = cortex_a_exec_opcode(target,
427 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
428 &dscr);
429 if (retval != ERROR_OK)
430 return retval;
431 }
432
433 /* Wait for DTRRXfull then read DTRRTX */
434 int64_t then = timeval_ms();
435 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
436 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
437 armv7a->debug_base + CPUDBG_DSCR, &dscr);
438 if (retval != ERROR_OK)
439 return retval;
440 if (timeval_ms() > then + 1000) {
441 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
442 return ERROR_FAIL;
443 }
444 }
445
446 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
447 armv7a->debug_base + CPUDBG_DTRTX, value);
448 LOG_DEBUG("read DCC 0x%08" PRIx32, *value);
449
450 return retval;
451 }
452
453 static int cortex_a_dap_write_coreregister_u32(struct target *target,
454 uint32_t value, int regnum)
455 {
456 int retval = ERROR_OK;
457 uint8_t Rd = regnum&0xFF;
458 uint32_t dscr;
459 struct armv7a_common *armv7a = target_to_armv7a(target);
460
461 LOG_DEBUG("register %i, value 0x%08" PRIx32, regnum, value);
462
463 /* Check that DCCRX is not full */
464 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
465 armv7a->debug_base + CPUDBG_DSCR, &dscr);
466 if (retval != ERROR_OK)
467 return retval;
468 if (dscr & DSCR_DTR_RX_FULL) {
469 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
470 /* Clear DCCRX with MRC(p14, 0, Rd, c0, c5, 0), opcode 0xEE100E15 */
471 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
472 &dscr);
473 if (retval != ERROR_OK)
474 return retval;
475 }
476
477 if (Rd > 17)
478 return retval;
479
480 /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
481 LOG_DEBUG("write DCC 0x%08" PRIx32, value);
482 retval = mem_ap_write_u32(armv7a->debug_ap,
483 armv7a->debug_base + CPUDBG_DTRRX, value);
484 if (retval != ERROR_OK)
485 return retval;
486
487 if (Rd < 15) {
488 /* DCCRX to Rn, "MRC p14, 0, Rn, c0, c5, 0", 0xEE10nE15 */
489 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, Rd, 0, 5, 0),
490 &dscr);
491
492 if (retval != ERROR_OK)
493 return retval;
494 } else if (Rd == 15) {
495 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
496 * then "mov r15, r0"
497 */
498 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
499 &dscr);
500 if (retval != ERROR_OK)
501 return retval;
502 retval = cortex_a_exec_opcode(target, 0xE1A0F000, &dscr);
503 if (retval != ERROR_OK)
504 return retval;
505 } else {
506 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
507 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
508 */
509 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
510 &dscr);
511 if (retval != ERROR_OK)
512 return retval;
513 retval = cortex_a_exec_opcode(target, ARMV4_5_MSR_GP(0, 0xF, Rd & 1),
514 &dscr);
515 if (retval != ERROR_OK)
516 return retval;
517
518 /* "Prefetch flush" after modifying execution status in CPSR */
519 if (Rd == 16) {
520 retval = cortex_a_exec_opcode(target,
521 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
522 &dscr);
523 if (retval != ERROR_OK)
524 return retval;
525 }
526 }
527
528 return retval;
529 }
530
531 /* Write to memory mapped registers directly with no cache or mmu handling */
532 static int cortex_a_dap_write_memap_register_u32(struct target *target,
533 uint32_t address,
534 uint32_t value)
535 {
536 int retval;
537 struct armv7a_common *armv7a = target_to_armv7a(target);
538
539 retval = mem_ap_write_atomic_u32(armv7a->debug_ap, address, value);
540
541 return retval;
542 }
543
544 /*
545 * Cortex-A implementation of Debug Programmer's Model
546 *
547 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
548 * so there's no need to poll for it before executing an instruction.
549 *
550 * NOTE that in several of these cases the "stall" mode might be useful.
551 * It'd let us queue a few operations together... prepare/finish might
552 * be the places to enable/disable that mode.
553 */
554
555 static inline struct cortex_a_common *dpm_to_a(struct arm_dpm *dpm)
556 {
557 return container_of(dpm, struct cortex_a_common, armv7a_common.dpm);
558 }
559
560 static int cortex_a_write_dcc(struct cortex_a_common *a, uint32_t data)
561 {
562 LOG_DEBUG("write DCC 0x%08" PRIx32, data);
563 return mem_ap_write_u32(a->armv7a_common.debug_ap,
564 a->armv7a_common.debug_base + CPUDBG_DTRRX, data);
565 }
566
567 static int cortex_a_read_dcc(struct cortex_a_common *a, uint32_t *data,
568 uint32_t *dscr_p)
569 {
570 uint32_t dscr = DSCR_INSTR_COMP;
571 int retval;
572
573 if (dscr_p)
574 dscr = *dscr_p;
575
576 /* Wait for DTRRXfull */
577 int64_t then = timeval_ms();
578 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
579 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
580 a->armv7a_common.debug_base + CPUDBG_DSCR,
581 &dscr);
582 if (retval != ERROR_OK)
583 return retval;
584 if (timeval_ms() > then + 1000) {
585 LOG_ERROR("Timeout waiting for read dcc");
586 return ERROR_FAIL;
587 }
588 }
589
590 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
591 a->armv7a_common.debug_base + CPUDBG_DTRTX, data);
592 if (retval != ERROR_OK)
593 return retval;
594 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
595
596 if (dscr_p)
597 *dscr_p = dscr;
598
599 return retval;
600 }
601
602 static int cortex_a_dpm_prepare(struct arm_dpm *dpm)
603 {
604 struct cortex_a_common *a = dpm_to_a(dpm);
605 uint32_t dscr;
606 int retval;
607
608 /* set up invariant: INSTR_COMP is set after ever DPM operation */
609 int64_t then = timeval_ms();
610 for (;; ) {
611 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
612 a->armv7a_common.debug_base + CPUDBG_DSCR,
613 &dscr);
614 if (retval != ERROR_OK)
615 return retval;
616 if ((dscr & DSCR_INSTR_COMP) != 0)
617 break;
618 if (timeval_ms() > then + 1000) {
619 LOG_ERROR("Timeout waiting for dpm prepare");
620 return ERROR_FAIL;
621 }
622 }
623
624 /* this "should never happen" ... */
625 if (dscr & DSCR_DTR_RX_FULL) {
626 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
627 /* Clear DCCRX */
628 retval = cortex_a_exec_opcode(
629 a->armv7a_common.arm.target,
630 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
631 &dscr);
632 if (retval != ERROR_OK)
633 return retval;
634 }
635
636 return retval;
637 }
638
639 static int cortex_a_dpm_finish(struct arm_dpm *dpm)
640 {
641 /* REVISIT what could be done here? */
642 return ERROR_OK;
643 }
644
645 static int cortex_a_instr_write_data_dcc(struct arm_dpm *dpm,
646 uint32_t opcode, uint32_t data)
647 {
648 struct cortex_a_common *a = dpm_to_a(dpm);
649 int retval;
650 uint32_t dscr = DSCR_INSTR_COMP;
651
652 retval = cortex_a_write_dcc(a, data);
653 if (retval != ERROR_OK)
654 return retval;
655
656 return cortex_a_exec_opcode(
657 a->armv7a_common.arm.target,
658 opcode,
659 &dscr);
660 }
661
662 static int cortex_a_instr_write_data_r0(struct arm_dpm *dpm,
663 uint32_t opcode, uint32_t data)
664 {
665 struct cortex_a_common *a = dpm_to_a(dpm);
666 uint32_t dscr = DSCR_INSTR_COMP;
667 int retval;
668
669 retval = cortex_a_write_dcc(a, data);
670 if (retval != ERROR_OK)
671 return retval;
672
673 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
674 retval = cortex_a_exec_opcode(
675 a->armv7a_common.arm.target,
676 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
677 &dscr);
678 if (retval != ERROR_OK)
679 return retval;
680
681 /* then the opcode, taking data from R0 */
682 retval = cortex_a_exec_opcode(
683 a->armv7a_common.arm.target,
684 opcode,
685 &dscr);
686
687 return retval;
688 }
689
690 static int cortex_a_instr_cpsr_sync(struct arm_dpm *dpm)
691 {
692 struct target *target = dpm->arm->target;
693 uint32_t dscr = DSCR_INSTR_COMP;
694
695 /* "Prefetch flush" after modifying execution status in CPSR */
696 return cortex_a_exec_opcode(target,
697 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
698 &dscr);
699 }
700
701 static int cortex_a_instr_read_data_dcc(struct arm_dpm *dpm,
702 uint32_t opcode, uint32_t *data)
703 {
704 struct cortex_a_common *a = dpm_to_a(dpm);
705 int retval;
706 uint32_t dscr = DSCR_INSTR_COMP;
707
708 /* the opcode, writing data to DCC */
709 retval = cortex_a_exec_opcode(
710 a->armv7a_common.arm.target,
711 opcode,
712 &dscr);
713 if (retval != ERROR_OK)
714 return retval;
715
716 return cortex_a_read_dcc(a, data, &dscr);
717 }
718
719
720 static int cortex_a_instr_read_data_r0(struct arm_dpm *dpm,
721 uint32_t opcode, uint32_t *data)
722 {
723 struct cortex_a_common *a = dpm_to_a(dpm);
724 uint32_t dscr = DSCR_INSTR_COMP;
725 int retval;
726
727 /* the opcode, writing data to R0 */
728 retval = cortex_a_exec_opcode(
729 a->armv7a_common.arm.target,
730 opcode,
731 &dscr);
732 if (retval != ERROR_OK)
733 return retval;
734
735 /* write R0 to DCC */
736 retval = cortex_a_exec_opcode(
737 a->armv7a_common.arm.target,
738 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
739 &dscr);
740 if (retval != ERROR_OK)
741 return retval;
742
743 return cortex_a_read_dcc(a, data, &dscr);
744 }
745
746 static int cortex_a_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
747 uint32_t addr, uint32_t control)
748 {
749 struct cortex_a_common *a = dpm_to_a(dpm);
750 uint32_t vr = a->armv7a_common.debug_base;
751 uint32_t cr = a->armv7a_common.debug_base;
752 int retval;
753
754 switch (index_t) {
755 case 0 ... 15: /* breakpoints */
756 vr += CPUDBG_BVR_BASE;
757 cr += CPUDBG_BCR_BASE;
758 break;
759 case 16 ... 31: /* watchpoints */
760 vr += CPUDBG_WVR_BASE;
761 cr += CPUDBG_WCR_BASE;
762 index_t -= 16;
763 break;
764 default:
765 return ERROR_FAIL;
766 }
767 vr += 4 * index_t;
768 cr += 4 * index_t;
769
770 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
771 (unsigned) vr, (unsigned) cr);
772
773 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
774 vr, addr);
775 if (retval != ERROR_OK)
776 return retval;
777 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
778 cr, control);
779 return retval;
780 }
781
782 static int cortex_a_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
783 {
784 struct cortex_a_common *a = dpm_to_a(dpm);
785 uint32_t cr;
786
787 switch (index_t) {
788 case 0 ... 15:
789 cr = a->armv7a_common.debug_base + CPUDBG_BCR_BASE;
790 break;
791 case 16 ... 31:
792 cr = a->armv7a_common.debug_base + CPUDBG_WCR_BASE;
793 index_t -= 16;
794 break;
795 default:
796 return ERROR_FAIL;
797 }
798 cr += 4 * index_t;
799
800 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr);
801
802 /* clear control register */
803 return cortex_a_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
804 }
805
806 static int cortex_a_dpm_setup(struct cortex_a_common *a, uint32_t didr)
807 {
808 struct arm_dpm *dpm = &a->armv7a_common.dpm;
809 int retval;
810
811 dpm->arm = &a->armv7a_common.arm;
812 dpm->didr = didr;
813
814 dpm->prepare = cortex_a_dpm_prepare;
815 dpm->finish = cortex_a_dpm_finish;
816
817 dpm->instr_write_data_dcc = cortex_a_instr_write_data_dcc;
818 dpm->instr_write_data_r0 = cortex_a_instr_write_data_r0;
819 dpm->instr_cpsr_sync = cortex_a_instr_cpsr_sync;
820
821 dpm->instr_read_data_dcc = cortex_a_instr_read_data_dcc;
822 dpm->instr_read_data_r0 = cortex_a_instr_read_data_r0;
823
824 dpm->bpwp_enable = cortex_a_bpwp_enable;
825 dpm->bpwp_disable = cortex_a_bpwp_disable;
826
827 retval = arm_dpm_setup(dpm);
828 if (retval == ERROR_OK)
829 retval = arm_dpm_initialize(dpm);
830
831 return retval;
832 }
833 static struct target *get_cortex_a(struct target *target, int32_t coreid)
834 {
835 struct target_list *head;
836 struct target *curr;
837
838 head = target->head;
839 while (head != (struct target_list *)NULL) {
840 curr = head->target;
841 if ((curr->coreid == coreid) && (curr->state == TARGET_HALTED))
842 return curr;
843 head = head->next;
844 }
845 return target;
846 }
847 static int cortex_a_halt(struct target *target);
848
849 static int cortex_a_halt_smp(struct target *target)
850 {
851 int retval = 0;
852 struct target_list *head;
853 struct target *curr;
854 head = target->head;
855 while (head != (struct target_list *)NULL) {
856 curr = head->target;
857 if ((curr != target) && (curr->state != TARGET_HALTED))
858 retval += cortex_a_halt(curr);
859 head = head->next;
860 }
861 return retval;
862 }
863
864 static int update_halt_gdb(struct target *target)
865 {
866 int retval = 0;
867 if (target->gdb_service && target->gdb_service->core[0] == -1) {
868 target->gdb_service->target = target;
869 target->gdb_service->core[0] = target->coreid;
870 retval += cortex_a_halt_smp(target);
871 }
872 return retval;
873 }
874
875 /*
876 * Cortex-A Run control
877 */
878
879 static int cortex_a_poll(struct target *target)
880 {
881 int retval = ERROR_OK;
882 uint32_t dscr;
883 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
884 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
885 enum target_state prev_target_state = target->state;
886 /* toggle to another core is done by gdb as follow */
887 /* maint packet J core_id */
888 /* continue */
889 /* the next polling trigger an halt event sent to gdb */
890 if ((target->state == TARGET_HALTED) && (target->smp) &&
891 (target->gdb_service) &&
892 (target->gdb_service->target == NULL)) {
893 target->gdb_service->target =
894 get_cortex_a(target, target->gdb_service->core[1]);
895 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
896 return retval;
897 }
898 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
899 armv7a->debug_base + CPUDBG_DSCR, &dscr);
900 if (retval != ERROR_OK)
901 return retval;
902 cortex_a->cpudbg_dscr = dscr;
903
904 if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED)) {
905 if (prev_target_state != TARGET_HALTED) {
906 /* We have a halting debug event */
907 LOG_DEBUG("Target halted");
908 target->state = TARGET_HALTED;
909 if ((prev_target_state == TARGET_RUNNING)
910 || (prev_target_state == TARGET_UNKNOWN)
911 || (prev_target_state == TARGET_RESET)) {
912 retval = cortex_a_debug_entry(target);
913 if (retval != ERROR_OK)
914 return retval;
915 if (target->smp) {
916 retval = update_halt_gdb(target);
917 if (retval != ERROR_OK)
918 return retval;
919 }
920 target_call_event_callbacks(target,
921 TARGET_EVENT_HALTED);
922 }
923 if (prev_target_state == TARGET_DEBUG_RUNNING) {
924 LOG_DEBUG(" ");
925
926 retval = cortex_a_debug_entry(target);
927 if (retval != ERROR_OK)
928 return retval;
929 if (target->smp) {
930 retval = update_halt_gdb(target);
931 if (retval != ERROR_OK)
932 return retval;
933 }
934
935 target_call_event_callbacks(target,
936 TARGET_EVENT_DEBUG_HALTED);
937 }
938 }
939 } else if (DSCR_RUN_MODE(dscr) == DSCR_CORE_RESTARTED)
940 target->state = TARGET_RUNNING;
941 else {
942 LOG_DEBUG("Unknown target state dscr = 0x%08" PRIx32, dscr);
943 target->state = TARGET_UNKNOWN;
944 }
945
946 return retval;
947 }
948
949 static int cortex_a_halt(struct target *target)
950 {
951 int retval = ERROR_OK;
952 uint32_t dscr;
953 struct armv7a_common *armv7a = target_to_armv7a(target);
954
955 /*
956 * Tell the core to be halted by writing DRCR with 0x1
957 * and then wait for the core to be halted.
958 */
959 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
960 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
961 if (retval != ERROR_OK)
962 return retval;
963
964 /*
965 * enter halting debug mode
966 */
967 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
968 armv7a->debug_base + CPUDBG_DSCR, &dscr);
969 if (retval != ERROR_OK)
970 return retval;
971
972 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
973 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
974 if (retval != ERROR_OK)
975 return retval;
976
977 int64_t then = timeval_ms();
978 for (;; ) {
979 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
980 armv7a->debug_base + CPUDBG_DSCR, &dscr);
981 if (retval != ERROR_OK)
982 return retval;
983 if ((dscr & DSCR_CORE_HALTED) != 0)
984 break;
985 if (timeval_ms() > then + 1000) {
986 LOG_ERROR("Timeout waiting for halt");
987 return ERROR_FAIL;
988 }
989 }
990
991 target->debug_reason = DBG_REASON_DBGRQ;
992
993 return ERROR_OK;
994 }
995
996 static int cortex_a_internal_restore(struct target *target, int current,
997 uint32_t *address, int handle_breakpoints, int debug_execution)
998 {
999 struct armv7a_common *armv7a = target_to_armv7a(target);
1000 struct arm *arm = &armv7a->arm;
1001 int retval;
1002 uint32_t resume_pc;
1003
1004 if (!debug_execution)
1005 target_free_all_working_areas(target);
1006
1007 #if 0
1008 if (debug_execution) {
1009 /* Disable interrupts */
1010 /* We disable interrupts in the PRIMASK register instead of
1011 * masking with C_MASKINTS,
1012 * This is probably the same issue as Cortex-M3 Errata 377493:
1013 * C_MASKINTS in parallel with disabled interrupts can cause
1014 * local faults to not be taken. */
1015 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
1016 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
1017 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
1018
1019 /* Make sure we are in Thumb mode */
1020 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
1021 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0,
1022 32) | (1 << 24));
1023 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
1024 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
1025 }
1026 #endif
1027
1028 /* current = 1: continue on current pc, otherwise continue at <address> */
1029 resume_pc = buf_get_u32(arm->pc->value, 0, 32);
1030 if (!current)
1031 resume_pc = *address;
1032 else
1033 *address = resume_pc;
1034
1035 /* Make sure that the Armv7 gdb thumb fixups does not
1036 * kill the return address
1037 */
1038 switch (arm->core_state) {
1039 case ARM_STATE_ARM:
1040 resume_pc &= 0xFFFFFFFC;
1041 break;
1042 case ARM_STATE_THUMB:
1043 case ARM_STATE_THUMB_EE:
1044 /* When the return address is loaded into PC
1045 * bit 0 must be 1 to stay in Thumb state
1046 */
1047 resume_pc |= 0x1;
1048 break;
1049 case ARM_STATE_JAZELLE:
1050 LOG_ERROR("How do I resume into Jazelle state??");
1051 return ERROR_FAIL;
1052 }
1053 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
1054 buf_set_u32(arm->pc->value, 0, 32, resume_pc);
1055 arm->pc->dirty = 1;
1056 arm->pc->valid = 1;
1057
1058 /* restore dpm_mode at system halt */
1059 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1060 /* called it now before restoring context because it uses cpu
1061 * register r0 for restoring cp15 control register */
1062 retval = cortex_a_restore_cp15_control_reg(target);
1063 if (retval != ERROR_OK)
1064 return retval;
1065 retval = cortex_a_restore_context(target, handle_breakpoints);
1066 if (retval != ERROR_OK)
1067 return retval;
1068 target->debug_reason = DBG_REASON_NOTHALTED;
1069 target->state = TARGET_RUNNING;
1070
1071 /* registers are now invalid */
1072 register_cache_invalidate(arm->core_cache);
1073
1074 #if 0
1075 /* the front-end may request us not to handle breakpoints */
1076 if (handle_breakpoints) {
1077 /* Single step past breakpoint at current address */
1078 breakpoint = breakpoint_find(target, resume_pc);
1079 if (breakpoint) {
1080 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1081 cortex_m3_unset_breakpoint(target, breakpoint);
1082 cortex_m3_single_step_core(target);
1083 cortex_m3_set_breakpoint(target, breakpoint);
1084 }
1085 }
1086
1087 #endif
1088 return retval;
1089 }
1090
1091 static int cortex_a_internal_restart(struct target *target)
1092 {
1093 struct armv7a_common *armv7a = target_to_armv7a(target);
1094 struct arm *arm = &armv7a->arm;
1095 int retval;
1096 uint32_t dscr;
1097 /*
1098 * * Restart core and wait for it to be started. Clear ITRen and sticky
1099 * * exception flags: see ARMv7 ARM, C5.9.
1100 *
1101 * REVISIT: for single stepping, we probably want to
1102 * disable IRQs by default, with optional override...
1103 */
1104
1105 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1106 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1107 if (retval != ERROR_OK)
1108 return retval;
1109
1110 if ((dscr & DSCR_INSTR_COMP) == 0)
1111 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
1112
1113 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1114 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
1115 if (retval != ERROR_OK)
1116 return retval;
1117
1118 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1119 armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART |
1120 DRCR_CLEAR_EXCEPTIONS);
1121 if (retval != ERROR_OK)
1122 return retval;
1123
1124 int64_t then = timeval_ms();
1125 for (;; ) {
1126 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1127 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1128 if (retval != ERROR_OK)
1129 return retval;
1130 if ((dscr & DSCR_CORE_RESTARTED) != 0)
1131 break;
1132 if (timeval_ms() > then + 1000) {
1133 LOG_ERROR("Timeout waiting for resume");
1134 return ERROR_FAIL;
1135 }
1136 }
1137
1138 target->debug_reason = DBG_REASON_NOTHALTED;
1139 target->state = TARGET_RUNNING;
1140
1141 /* registers are now invalid */
1142 register_cache_invalidate(arm->core_cache);
1143
1144 return ERROR_OK;
1145 }
1146
1147 static int cortex_a_restore_smp(struct target *target, int handle_breakpoints)
1148 {
1149 int retval = 0;
1150 struct target_list *head;
1151 struct target *curr;
1152 uint32_t address;
1153 head = target->head;
1154 while (head != (struct target_list *)NULL) {
1155 curr = head->target;
1156 if ((curr != target) && (curr->state != TARGET_RUNNING)) {
1157 /* resume current address , not in step mode */
1158 retval += cortex_a_internal_restore(curr, 1, &address,
1159 handle_breakpoints, 0);
1160 retval += cortex_a_internal_restart(curr);
1161 }
1162 head = head->next;
1163
1164 }
1165 return retval;
1166 }
1167
1168 static int cortex_a_resume(struct target *target, int current,
1169 uint32_t address, int handle_breakpoints, int debug_execution)
1170 {
1171 int retval = 0;
1172 /* dummy resume for smp toggle in order to reduce gdb impact */
1173 if ((target->smp) && (target->gdb_service->core[1] != -1)) {
1174 /* simulate a start and halt of target */
1175 target->gdb_service->target = NULL;
1176 target->gdb_service->core[0] = target->gdb_service->core[1];
1177 /* fake resume at next poll we play the target core[1], see poll*/
1178 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1179 return 0;
1180 }
1181 cortex_a_internal_restore(target, current, &address, handle_breakpoints, debug_execution);
1182 if (target->smp) {
1183 target->gdb_service->core[0] = -1;
1184 retval = cortex_a_restore_smp(target, handle_breakpoints);
1185 if (retval != ERROR_OK)
1186 return retval;
1187 }
1188 cortex_a_internal_restart(target);
1189
1190 if (!debug_execution) {
1191 target->state = TARGET_RUNNING;
1192 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1193 LOG_DEBUG("target resumed at 0x%" PRIx32, address);
1194 } else {
1195 target->state = TARGET_DEBUG_RUNNING;
1196 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1197 LOG_DEBUG("target debug resumed at 0x%" PRIx32, address);
1198 }
1199
1200 return ERROR_OK;
1201 }
1202
1203 static int cortex_a_debug_entry(struct target *target)
1204 {
1205 int i;
1206 uint32_t regfile[16], cpsr, dscr;
1207 int retval = ERROR_OK;
1208 struct working_area *regfile_working_area = NULL;
1209 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1210 struct armv7a_common *armv7a = target_to_armv7a(target);
1211 struct arm *arm = &armv7a->arm;
1212 struct reg *reg;
1213
1214 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a->cpudbg_dscr);
1215
1216 /* REVISIT surely we should not re-read DSCR !! */
1217 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1218 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1219 if (retval != ERROR_OK)
1220 return retval;
1221
1222 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1223 * imprecise data aborts get discarded by issuing a Data
1224 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1225 */
1226
1227 /* Enable the ITR execution once we are in debug mode */
1228 dscr |= DSCR_ITR_EN;
1229 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1230 armv7a->debug_base + CPUDBG_DSCR, dscr);
1231 if (retval != ERROR_OK)
1232 return retval;
1233
1234 /* Examine debug reason */
1235 arm_dpm_report_dscr(&armv7a->dpm, cortex_a->cpudbg_dscr);
1236
1237 /* save address of instruction that triggered the watchpoint? */
1238 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
1239 uint32_t wfar;
1240
1241 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1242 armv7a->debug_base + CPUDBG_WFAR,
1243 &wfar);
1244 if (retval != ERROR_OK)
1245 return retval;
1246 arm_dpm_report_wfar(&armv7a->dpm, wfar);
1247 }
1248
1249 /* REVISIT fast_reg_read is never set ... */
1250
1251 /* Examine target state and mode */
1252 if (cortex_a->fast_reg_read)
1253 target_alloc_working_area(target, 64, &regfile_working_area);
1254
1255 /* First load register acessible through core debug port*/
1256 if (!regfile_working_area)
1257 retval = arm_dpm_read_current_registers(&armv7a->dpm);
1258 else {
1259 retval = cortex_a_read_regs_through_mem(target,
1260 regfile_working_area->address, regfile);
1261
1262 target_free_working_area(target, regfile_working_area);
1263 if (retval != ERROR_OK)
1264 return retval;
1265
1266 /* read Current PSR */
1267 retval = cortex_a_dap_read_coreregister_u32(target, &cpsr, 16);
1268 /* store current cpsr */
1269 if (retval != ERROR_OK)
1270 return retval;
1271
1272 LOG_DEBUG("cpsr: %8.8" PRIx32, cpsr);
1273
1274 arm_set_cpsr(arm, cpsr);
1275
1276 /* update cache */
1277 for (i = 0; i <= ARM_PC; i++) {
1278 reg = arm_reg_current(arm, i);
1279
1280 buf_set_u32(reg->value, 0, 32, regfile[i]);
1281 reg->valid = 1;
1282 reg->dirty = 0;
1283 }
1284
1285 /* Fixup PC Resume Address */
1286 if (cpsr & (1 << 5)) {
1287 /* T bit set for Thumb or ThumbEE state */
1288 regfile[ARM_PC] -= 4;
1289 } else {
1290 /* ARM state */
1291 regfile[ARM_PC] -= 8;
1292 }
1293
1294 reg = arm->pc;
1295 buf_set_u32(reg->value, 0, 32, regfile[ARM_PC]);
1296 reg->dirty = reg->valid;
1297 }
1298
1299 #if 0
1300 /* TODO, Move this */
1301 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1302 cortex_a_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1303 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1304
1305 cortex_a_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1306 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1307
1308 cortex_a_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1309 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1310 #endif
1311
1312 /* Are we in an exception handler */
1313 /* armv4_5->exception_number = 0; */
1314 if (armv7a->post_debug_entry) {
1315 retval = armv7a->post_debug_entry(target);
1316 if (retval != ERROR_OK)
1317 return retval;
1318 }
1319
1320 return retval;
1321 }
1322
1323 static int cortex_a_post_debug_entry(struct target *target)
1324 {
1325 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1326 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1327 int retval;
1328
1329 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1330 retval = armv7a->arm.mrc(target, 15,
1331 0, 0, /* op1, op2 */
1332 1, 0, /* CRn, CRm */
1333 &cortex_a->cp15_control_reg);
1334 if (retval != ERROR_OK)
1335 return retval;
1336 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg);
1337 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
1338
1339 if (armv7a->armv7a_mmu.armv7a_cache.info == -1)
1340 armv7a_identify_cache(target);
1341
1342 if (armv7a->is_armv7r) {
1343 armv7a->armv7a_mmu.mmu_enabled = 0;
1344 } else {
1345 armv7a->armv7a_mmu.mmu_enabled =
1346 (cortex_a->cp15_control_reg & 0x1U) ? 1 : 0;
1347 }
1348 armv7a->armv7a_mmu.armv7a_cache.d_u_cache_enabled =
1349 (cortex_a->cp15_control_reg & 0x4U) ? 1 : 0;
1350 armv7a->armv7a_mmu.armv7a_cache.i_cache_enabled =
1351 (cortex_a->cp15_control_reg & 0x1000U) ? 1 : 0;
1352 cortex_a->curr_mode = armv7a->arm.core_mode;
1353
1354 /* switch to SVC mode to read DACR */
1355 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
1356 armv7a->arm.mrc(target, 15,
1357 0, 0, 3, 0,
1358 &cortex_a->cp15_dacr_reg);
1359
1360 LOG_DEBUG("cp15_dacr_reg: %8.8" PRIx32,
1361 cortex_a->cp15_dacr_reg);
1362
1363 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1364 return ERROR_OK;
1365 }
1366
1367 int cortex_a_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
1368 {
1369 struct armv7a_common *armv7a = target_to_armv7a(target);
1370 uint32_t dscr;
1371
1372 /* Read DSCR */
1373 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1374 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1375 if (ERROR_OK != retval)
1376 return retval;
1377
1378 /* clear bitfield */
1379 dscr &= ~bit_mask;
1380 /* put new value */
1381 dscr |= value & bit_mask;
1382
1383 /* write new DSCR */
1384 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1385 armv7a->debug_base + CPUDBG_DSCR, dscr);
1386 return retval;
1387 }
1388
1389 static int cortex_a_step(struct target *target, int current, uint32_t address,
1390 int handle_breakpoints)
1391 {
1392 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1393 struct armv7a_common *armv7a = target_to_armv7a(target);
1394 struct arm *arm = &armv7a->arm;
1395 struct breakpoint *breakpoint = NULL;
1396 struct breakpoint stepbreakpoint;
1397 struct reg *r;
1398 int retval;
1399
1400 if (target->state != TARGET_HALTED) {
1401 LOG_WARNING("target not halted");
1402 return ERROR_TARGET_NOT_HALTED;
1403 }
1404
1405 /* current = 1: continue on current pc, otherwise continue at <address> */
1406 r = arm->pc;
1407 if (!current)
1408 buf_set_u32(r->value, 0, 32, address);
1409 else
1410 address = buf_get_u32(r->value, 0, 32);
1411
1412 /* The front-end may request us not to handle breakpoints.
1413 * But since Cortex-A uses breakpoint for single step,
1414 * we MUST handle breakpoints.
1415 */
1416 handle_breakpoints = 1;
1417 if (handle_breakpoints) {
1418 breakpoint = breakpoint_find(target, address);
1419 if (breakpoint)
1420 cortex_a_unset_breakpoint(target, breakpoint);
1421 }
1422
1423 /* Setup single step breakpoint */
1424 stepbreakpoint.address = address;
1425 stepbreakpoint.length = (arm->core_state == ARM_STATE_THUMB)
1426 ? 2 : 4;
1427 stepbreakpoint.type = BKPT_HARD;
1428 stepbreakpoint.set = 0;
1429
1430 /* Disable interrupts during single step if requested */
1431 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1432 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, DSCR_INT_DIS);
1433 if (ERROR_OK != retval)
1434 return retval;
1435 }
1436
1437 /* Break on IVA mismatch */
1438 cortex_a_set_breakpoint(target, &stepbreakpoint, 0x04);
1439
1440 target->debug_reason = DBG_REASON_SINGLESTEP;
1441
1442 retval = cortex_a_resume(target, 1, address, 0, 0);
1443 if (retval != ERROR_OK)
1444 return retval;
1445
1446 int64_t then = timeval_ms();
1447 while (target->state != TARGET_HALTED) {
1448 retval = cortex_a_poll(target);
1449 if (retval != ERROR_OK)
1450 return retval;
1451 if (timeval_ms() > then + 1000) {
1452 LOG_ERROR("timeout waiting for target halt");
1453 return ERROR_FAIL;
1454 }
1455 }
1456
1457 cortex_a_unset_breakpoint(target, &stepbreakpoint);
1458
1459 /* Re-enable interrupts if they were disabled */
1460 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1461 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, 0);
1462 if (ERROR_OK != retval)
1463 return retval;
1464 }
1465
1466
1467 target->debug_reason = DBG_REASON_BREAKPOINT;
1468
1469 if (breakpoint)
1470 cortex_a_set_breakpoint(target, breakpoint, 0);
1471
1472 if (target->state != TARGET_HALTED)
1473 LOG_DEBUG("target stepped");
1474
1475 return ERROR_OK;
1476 }
1477
1478 static int cortex_a_restore_context(struct target *target, bool bpwp)
1479 {
1480 struct armv7a_common *armv7a = target_to_armv7a(target);
1481
1482 LOG_DEBUG(" ");
1483
1484 if (armv7a->pre_restore_context)
1485 armv7a->pre_restore_context(target);
1486
1487 return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1488 }
1489
1490 /*
1491 * Cortex-A Breakpoint and watchpoint functions
1492 */
1493
1494 /* Setup hardware Breakpoint Register Pair */
1495 static int cortex_a_set_breakpoint(struct target *target,
1496 struct breakpoint *breakpoint, uint8_t matchmode)
1497 {
1498 int retval;
1499 int brp_i = 0;
1500 uint32_t control;
1501 uint8_t byte_addr_select = 0x0F;
1502 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1503 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1504 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1505
1506 if (breakpoint->set) {
1507 LOG_WARNING("breakpoint already set");
1508 return ERROR_OK;
1509 }
1510
1511 if (breakpoint->type == BKPT_HARD) {
1512 while (brp_list[brp_i].used && (brp_i < cortex_a->brp_num))
1513 brp_i++;
1514 if (brp_i >= cortex_a->brp_num) {
1515 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1516 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1517 }
1518 breakpoint->set = brp_i + 1;
1519 if (breakpoint->length == 2)
1520 byte_addr_select = (3 << (breakpoint->address & 0x02));
1521 control = ((matchmode & 0x7) << 20)
1522 | (byte_addr_select << 5)
1523 | (3 << 1) | 1;
1524 brp_list[brp_i].used = 1;
1525 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1526 brp_list[brp_i].control = control;
1527 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1528 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1529 brp_list[brp_i].value);
1530 if (retval != ERROR_OK)
1531 return retval;
1532 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1533 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1534 brp_list[brp_i].control);
1535 if (retval != ERROR_OK)
1536 return retval;
1537 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1538 brp_list[brp_i].control,
1539 brp_list[brp_i].value);
1540 } else if (breakpoint->type == BKPT_SOFT) {
1541 uint8_t code[4];
1542 if (breakpoint->length == 2)
1543 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1544 else
1545 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1546 retval = target_read_memory(target,
1547 breakpoint->address & 0xFFFFFFFE,
1548 breakpoint->length, 1,
1549 breakpoint->orig_instr);
1550 if (retval != ERROR_OK)
1551 return retval;
1552
1553 /* make sure data cache is cleaned & invalidated down to PoC */
1554 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1555 armv7a_cache_flush_virt(target, breakpoint->address,
1556 breakpoint->length);
1557 }
1558
1559 retval = target_write_memory(target,
1560 breakpoint->address & 0xFFFFFFFE,
1561 breakpoint->length, 1, code);
1562 if (retval != ERROR_OK)
1563 return retval;
1564
1565 /* update i-cache at breakpoint location */
1566 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1567 breakpoint->length);
1568 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1569 breakpoint->length);
1570
1571 breakpoint->set = 0x11; /* Any nice value but 0 */
1572 }
1573
1574 return ERROR_OK;
1575 }
1576
1577 static int cortex_a_set_context_breakpoint(struct target *target,
1578 struct breakpoint *breakpoint, uint8_t matchmode)
1579 {
1580 int retval = ERROR_FAIL;
1581 int brp_i = 0;
1582 uint32_t control;
1583 uint8_t byte_addr_select = 0x0F;
1584 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1585 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1586 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1587
1588 if (breakpoint->set) {
1589 LOG_WARNING("breakpoint already set");
1590 return retval;
1591 }
1592 /*check available context BRPs*/
1593 while ((brp_list[brp_i].used ||
1594 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < cortex_a->brp_num))
1595 brp_i++;
1596
1597 if (brp_i >= cortex_a->brp_num) {
1598 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1599 return ERROR_FAIL;
1600 }
1601
1602 breakpoint->set = brp_i + 1;
1603 control = ((matchmode & 0x7) << 20)
1604 | (byte_addr_select << 5)
1605 | (3 << 1) | 1;
1606 brp_list[brp_i].used = 1;
1607 brp_list[brp_i].value = (breakpoint->asid);
1608 brp_list[brp_i].control = control;
1609 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1610 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1611 brp_list[brp_i].value);
1612 if (retval != ERROR_OK)
1613 return retval;
1614 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1615 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1616 brp_list[brp_i].control);
1617 if (retval != ERROR_OK)
1618 return retval;
1619 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1620 brp_list[brp_i].control,
1621 brp_list[brp_i].value);
1622 return ERROR_OK;
1623
1624 }
1625
1626 static int cortex_a_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1627 {
1628 int retval = ERROR_FAIL;
1629 int brp_1 = 0; /* holds the contextID pair */
1630 int brp_2 = 0; /* holds the IVA pair */
1631 uint32_t control_CTX, control_IVA;
1632 uint8_t CTX_byte_addr_select = 0x0F;
1633 uint8_t IVA_byte_addr_select = 0x0F;
1634 uint8_t CTX_machmode = 0x03;
1635 uint8_t IVA_machmode = 0x01;
1636 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1637 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1638 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1639
1640 if (breakpoint->set) {
1641 LOG_WARNING("breakpoint already set");
1642 return retval;
1643 }
1644 /*check available context BRPs*/
1645 while ((brp_list[brp_1].used ||
1646 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < cortex_a->brp_num))
1647 brp_1++;
1648
1649 printf("brp(CTX) found num: %d\n", brp_1);
1650 if (brp_1 >= cortex_a->brp_num) {
1651 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1652 return ERROR_FAIL;
1653 }
1654
1655 while ((brp_list[brp_2].used ||
1656 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < cortex_a->brp_num))
1657 brp_2++;
1658
1659 printf("brp(IVA) found num: %d\n", brp_2);
1660 if (brp_2 >= cortex_a->brp_num) {
1661 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1662 return ERROR_FAIL;
1663 }
1664
1665 breakpoint->set = brp_1 + 1;
1666 breakpoint->linked_BRP = brp_2;
1667 control_CTX = ((CTX_machmode & 0x7) << 20)
1668 | (brp_2 << 16)
1669 | (0 << 14)
1670 | (CTX_byte_addr_select << 5)
1671 | (3 << 1) | 1;
1672 brp_list[brp_1].used = 1;
1673 brp_list[brp_1].value = (breakpoint->asid);
1674 brp_list[brp_1].control = control_CTX;
1675 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1676 + CPUDBG_BVR_BASE + 4 * brp_list[brp_1].BRPn,
1677 brp_list[brp_1].value);
1678 if (retval != ERROR_OK)
1679 return retval;
1680 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1681 + CPUDBG_BCR_BASE + 4 * brp_list[brp_1].BRPn,
1682 brp_list[brp_1].control);
1683 if (retval != ERROR_OK)
1684 return retval;
1685
1686 control_IVA = ((IVA_machmode & 0x7) << 20)
1687 | (brp_1 << 16)
1688 | (IVA_byte_addr_select << 5)
1689 | (3 << 1) | 1;
1690 brp_list[brp_2].used = 1;
1691 brp_list[brp_2].value = (breakpoint->address & 0xFFFFFFFC);
1692 brp_list[brp_2].control = control_IVA;
1693 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1694 + CPUDBG_BVR_BASE + 4 * brp_list[brp_2].BRPn,
1695 brp_list[brp_2].value);
1696 if (retval != ERROR_OK)
1697 return retval;
1698 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1699 + CPUDBG_BCR_BASE + 4 * brp_list[brp_2].BRPn,
1700 brp_list[brp_2].control);
1701 if (retval != ERROR_OK)
1702 return retval;
1703
1704 return ERROR_OK;
1705 }
1706
1707 static int cortex_a_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1708 {
1709 int retval;
1710 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1711 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1712 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1713
1714 if (!breakpoint->set) {
1715 LOG_WARNING("breakpoint not set");
1716 return ERROR_OK;
1717 }
1718
1719 if (breakpoint->type == BKPT_HARD) {
1720 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1721 int brp_i = breakpoint->set - 1;
1722 int brp_j = breakpoint->linked_BRP;
1723 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1724 LOG_DEBUG("Invalid BRP number in breakpoint");
1725 return ERROR_OK;
1726 }
1727 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1728 brp_list[brp_i].control, brp_list[brp_i].value);
1729 brp_list[brp_i].used = 0;
1730 brp_list[brp_i].value = 0;
1731 brp_list[brp_i].control = 0;
1732 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1733 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1734 brp_list[brp_i].control);
1735 if (retval != ERROR_OK)
1736 return retval;
1737 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1738 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1739 brp_list[brp_i].value);
1740 if (retval != ERROR_OK)
1741 return retval;
1742 if ((brp_j < 0) || (brp_j >= cortex_a->brp_num)) {
1743 LOG_DEBUG("Invalid BRP number in breakpoint");
1744 return ERROR_OK;
1745 }
1746 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_j,
1747 brp_list[brp_j].control, brp_list[brp_j].value);
1748 brp_list[brp_j].used = 0;
1749 brp_list[brp_j].value = 0;
1750 brp_list[brp_j].control = 0;
1751 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1752 + CPUDBG_BCR_BASE + 4 * brp_list[brp_j].BRPn,
1753 brp_list[brp_j].control);
1754 if (retval != ERROR_OK)
1755 return retval;
1756 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1757 + CPUDBG_BVR_BASE + 4 * brp_list[brp_j].BRPn,
1758 brp_list[brp_j].value);
1759 if (retval != ERROR_OK)
1760 return retval;
1761 breakpoint->linked_BRP = 0;
1762 breakpoint->set = 0;
1763 return ERROR_OK;
1764
1765 } else {
1766 int brp_i = breakpoint->set - 1;
1767 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1768 LOG_DEBUG("Invalid BRP number in breakpoint");
1769 return ERROR_OK;
1770 }
1771 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1772 brp_list[brp_i].control, brp_list[brp_i].value);
1773 brp_list[brp_i].used = 0;
1774 brp_list[brp_i].value = 0;
1775 brp_list[brp_i].control = 0;
1776 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1777 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1778 brp_list[brp_i].control);
1779 if (retval != ERROR_OK)
1780 return retval;
1781 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1782 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1783 brp_list[brp_i].value);
1784 if (retval != ERROR_OK)
1785 return retval;
1786 breakpoint->set = 0;
1787 return ERROR_OK;
1788 }
1789 } else {
1790
1791 /* make sure data cache is cleaned & invalidated down to PoC */
1792 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1793 armv7a_cache_flush_virt(target, breakpoint->address,
1794 breakpoint->length);
1795 }
1796
1797 /* restore original instruction (kept in target endianness) */
1798 if (breakpoint->length == 4) {
1799 retval = target_write_memory(target,
1800 breakpoint->address & 0xFFFFFFFE,
1801 4, 1, breakpoint->orig_instr);
1802 if (retval != ERROR_OK)
1803 return retval;
1804 } else {
1805 retval = target_write_memory(target,
1806 breakpoint->address & 0xFFFFFFFE,
1807 2, 1, breakpoint->orig_instr);
1808 if (retval != ERROR_OK)
1809 return retval;
1810 }
1811
1812 /* update i-cache at breakpoint location */
1813 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1814 breakpoint->length);
1815 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1816 breakpoint->length);
1817 }
1818 breakpoint->set = 0;
1819
1820 return ERROR_OK;
1821 }
1822
1823 static int cortex_a_add_breakpoint(struct target *target,
1824 struct breakpoint *breakpoint)
1825 {
1826 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1827
1828 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1829 LOG_INFO("no hardware breakpoint available");
1830 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1831 }
1832
1833 if (breakpoint->type == BKPT_HARD)
1834 cortex_a->brp_num_available--;
1835
1836 return cortex_a_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1837 }
1838
1839 static int cortex_a_add_context_breakpoint(struct target *target,
1840 struct breakpoint *breakpoint)
1841 {
1842 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1843
1844 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1845 LOG_INFO("no hardware breakpoint available");
1846 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1847 }
1848
1849 if (breakpoint->type == BKPT_HARD)
1850 cortex_a->brp_num_available--;
1851
1852 return cortex_a_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1853 }
1854
1855 static int cortex_a_add_hybrid_breakpoint(struct target *target,
1856 struct breakpoint *breakpoint)
1857 {
1858 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1859
1860 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1861 LOG_INFO("no hardware breakpoint available");
1862 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1863 }
1864
1865 if (breakpoint->type == BKPT_HARD)
1866 cortex_a->brp_num_available--;
1867
1868 return cortex_a_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1869 }
1870
1871
1872 static int cortex_a_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1873 {
1874 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1875
1876 #if 0
1877 /* It is perfectly possible to remove breakpoints while the target is running */
1878 if (target->state != TARGET_HALTED) {
1879 LOG_WARNING("target not halted");
1880 return ERROR_TARGET_NOT_HALTED;
1881 }
1882 #endif
1883
1884 if (breakpoint->set) {
1885 cortex_a_unset_breakpoint(target, breakpoint);
1886 if (breakpoint->type == BKPT_HARD)
1887 cortex_a->brp_num_available++;
1888 }
1889
1890
1891 return ERROR_OK;
1892 }
1893
1894 /*
1895 * Cortex-A Reset functions
1896 */
1897
1898 static int cortex_a_assert_reset(struct target *target)
1899 {
1900 struct armv7a_common *armv7a = target_to_armv7a(target);
1901
1902 LOG_DEBUG(" ");
1903
1904 /* FIXME when halt is requested, make it work somehow... */
1905
1906 /* This function can be called in "target not examined" state */
1907
1908 /* Issue some kind of warm reset. */
1909 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1910 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1911 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1912 /* REVISIT handle "pulls" cases, if there's
1913 * hardware that needs them to work.
1914 */
1915 if (target->reset_halt)
1916 if (jtag_get_reset_config() & RESET_SRST_NO_GATING)
1917 jtag_add_reset(0, 1);
1918 } else {
1919 LOG_ERROR("%s: how to reset?", target_name(target));
1920 return ERROR_FAIL;
1921 }
1922
1923 /* registers are now invalid */
1924 register_cache_invalidate(armv7a->arm.core_cache);
1925
1926 target->state = TARGET_RESET;
1927
1928 return ERROR_OK;
1929 }
1930
1931 static int cortex_a_deassert_reset(struct target *target)
1932 {
1933 int retval;
1934
1935 LOG_DEBUG(" ");
1936
1937 /* be certain SRST is off */
1938 jtag_add_reset(0, 0);
1939
1940 retval = cortex_a_poll(target);
1941 if (retval != ERROR_OK)
1942 return retval;
1943
1944 if (target->reset_halt) {
1945 if (target->state != TARGET_HALTED) {
1946 LOG_WARNING("%s: ran after reset and before halt ...",
1947 target_name(target));
1948 retval = target_halt(target);
1949 if (retval != ERROR_OK)
1950 return retval;
1951 }
1952 }
1953
1954 return ERROR_OK;
1955 }
1956
1957 static int cortex_a_set_dcc_mode(struct target *target, uint32_t mode, uint32_t *dscr)
1958 {
1959 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1960 * New desired mode must be in mode. Current value of DSCR must be in
1961 * *dscr, which is updated with new value.
1962 *
1963 * This function elides actually sending the mode-change over the debug
1964 * interface if the mode is already set as desired.
1965 */
1966 uint32_t new_dscr = (*dscr & ~DSCR_EXT_DCC_MASK) | mode;
1967 if (new_dscr != *dscr) {
1968 struct armv7a_common *armv7a = target_to_armv7a(target);
1969 int retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1970 armv7a->debug_base + CPUDBG_DSCR, new_dscr);
1971 if (retval == ERROR_OK)
1972 *dscr = new_dscr;
1973 return retval;
1974 } else {
1975 return ERROR_OK;
1976 }
1977 }
1978
1979 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
1980 uint32_t value, uint32_t *dscr)
1981 {
1982 /* Waits until the specified bit(s) of DSCR take on a specified value. */
1983 struct armv7a_common *armv7a = target_to_armv7a(target);
1984 int64_t then = timeval_ms();
1985 int retval;
1986
1987 while ((*dscr & mask) != value) {
1988 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1989 armv7a->debug_base + CPUDBG_DSCR, dscr);
1990 if (retval != ERROR_OK)
1991 return retval;
1992 if (timeval_ms() > then + 1000) {
1993 LOG_ERROR("timeout waiting for DSCR bit change");
1994 return ERROR_FAIL;
1995 }
1996 }
1997 return ERROR_OK;
1998 }
1999
2000 static int cortex_a_read_copro(struct target *target, uint32_t opcode,
2001 uint32_t *data, uint32_t *dscr)
2002 {
2003 int retval;
2004 struct armv7a_common *armv7a = target_to_armv7a(target);
2005
2006 /* Move from coprocessor to R0. */
2007 retval = cortex_a_exec_opcode(target, opcode, dscr);
2008 if (retval != ERROR_OK)
2009 return retval;
2010
2011 /* Move from R0 to DTRTX. */
2012 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr);
2013 if (retval != ERROR_OK)
2014 return retval;
2015
2016 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2017 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2018 * must also check TXfull_l). Most of the time this will be free
2019 * because TXfull_l will be set immediately and cached in dscr. */
2020 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2021 DSCR_DTRTX_FULL_LATCHED, dscr);
2022 if (retval != ERROR_OK)
2023 return retval;
2024
2025 /* Read the value transferred to DTRTX. */
2026 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2027 armv7a->debug_base + CPUDBG_DTRTX, data);
2028 if (retval != ERROR_OK)
2029 return retval;
2030
2031 return ERROR_OK;
2032 }
2033
2034 static int cortex_a_read_dfar_dfsr(struct target *target, uint32_t *dfar,
2035 uint32_t *dfsr, uint32_t *dscr)
2036 {
2037 int retval;
2038
2039 if (dfar) {
2040 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar, dscr);
2041 if (retval != ERROR_OK)
2042 return retval;
2043 }
2044
2045 if (dfsr) {
2046 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr, dscr);
2047 if (retval != ERROR_OK)
2048 return retval;
2049 }
2050
2051 return ERROR_OK;
2052 }
2053
2054 static int cortex_a_write_copro(struct target *target, uint32_t opcode,
2055 uint32_t data, uint32_t *dscr)
2056 {
2057 int retval;
2058 struct armv7a_common *armv7a = target_to_armv7a(target);
2059
2060 /* Write the value into DTRRX. */
2061 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2062 armv7a->debug_base + CPUDBG_DTRRX, data);
2063 if (retval != ERROR_OK)
2064 return retval;
2065
2066 /* Move from DTRRX to R0. */
2067 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr);
2068 if (retval != ERROR_OK)
2069 return retval;
2070
2071 /* Move from R0 to coprocessor. */
2072 retval = cortex_a_exec_opcode(target, opcode, dscr);
2073 if (retval != ERROR_OK)
2074 return retval;
2075
2076 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2077 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2078 * check RXfull_l). Most of the time this will be free because RXfull_l
2079 * will be cleared immediately and cached in dscr. */
2080 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2081 if (retval != ERROR_OK)
2082 return retval;
2083
2084 return ERROR_OK;
2085 }
2086
2087 static int cortex_a_write_dfar_dfsr(struct target *target, uint32_t dfar,
2088 uint32_t dfsr, uint32_t *dscr)
2089 {
2090 int retval;
2091
2092 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar, dscr);
2093 if (retval != ERROR_OK)
2094 return retval;
2095
2096 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr, dscr);
2097 if (retval != ERROR_OK)
2098 return retval;
2099
2100 return ERROR_OK;
2101 }
2102
2103 static int cortex_a_dfsr_to_error_code(uint32_t dfsr)
2104 {
2105 uint32_t status, upper4;
2106
2107 if (dfsr & (1 << 9)) {
2108 /* LPAE format. */
2109 status = dfsr & 0x3f;
2110 upper4 = status >> 2;
2111 if (upper4 == 1 || upper4 == 2 || upper4 == 3 || upper4 == 15)
2112 return ERROR_TARGET_TRANSLATION_FAULT;
2113 else if (status == 33)
2114 return ERROR_TARGET_UNALIGNED_ACCESS;
2115 else
2116 return ERROR_TARGET_DATA_ABORT;
2117 } else {
2118 /* Normal format. */
2119 status = ((dfsr >> 6) & 0x10) | (dfsr & 0xf);
2120 if (status == 1)
2121 return ERROR_TARGET_UNALIGNED_ACCESS;
2122 else if (status == 5 || status == 7 || status == 3 || status == 6 ||
2123 status == 9 || status == 11 || status == 13 || status == 15)
2124 return ERROR_TARGET_TRANSLATION_FAULT;
2125 else
2126 return ERROR_TARGET_DATA_ABORT;
2127 }
2128 }
2129
2130 static int cortex_a_write_cpu_memory_slow(struct target *target,
2131 uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2132 {
2133 /* Writes count objects of size size from *buffer. Old value of DSCR must
2134 * be in *dscr; updated to new value. This is slow because it works for
2135 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2136 * the address is aligned, cortex_a_write_cpu_memory_fast should be
2137 * preferred.
2138 * Preconditions:
2139 * - Address is in R0.
2140 * - R0 is marked dirty.
2141 */
2142 struct armv7a_common *armv7a = target_to_armv7a(target);
2143 struct arm *arm = &armv7a->arm;
2144 int retval;
2145
2146 /* Mark register R1 as dirty, to use for transferring data. */
2147 arm_reg_current(arm, 1)->dirty = true;
2148
2149 /* Switch to non-blocking mode if not already in that mode. */
2150 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2151 if (retval != ERROR_OK)
2152 return retval;
2153
2154 /* Go through the objects. */
2155 while (count) {
2156 /* Write the value to store into DTRRX. */
2157 uint32_t data, opcode;
2158 if (size == 1)
2159 data = *buffer;
2160 else if (size == 2)
2161 data = target_buffer_get_u16(target, buffer);
2162 else
2163 data = target_buffer_get_u32(target, buffer);
2164 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2165 armv7a->debug_base + CPUDBG_DTRRX, data);
2166 if (retval != ERROR_OK)
2167 return retval;
2168
2169 /* Transfer the value from DTRRX to R1. */
2170 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr);
2171 if (retval != ERROR_OK)
2172 return retval;
2173
2174 /* Write the value transferred to R1 into memory. */
2175 if (size == 1)
2176 opcode = ARMV4_5_STRB_IP(1, 0);
2177 else if (size == 2)
2178 opcode = ARMV4_5_STRH_IP(1, 0);
2179 else
2180 opcode = ARMV4_5_STRW_IP(1, 0);
2181 retval = cortex_a_exec_opcode(target, opcode, dscr);
2182 if (retval != ERROR_OK)
2183 return retval;
2184
2185 /* Check for faults and return early. */
2186 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2187 return ERROR_OK; /* A data fault is not considered a system failure. */
2188
2189 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
2190 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2191 * must also check RXfull_l). Most of the time this will be free
2192 * because RXfull_l will be cleared immediately and cached in dscr. */
2193 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2194 if (retval != ERROR_OK)
2195 return retval;
2196
2197 /* Advance. */
2198 buffer += size;
2199 --count;
2200 }
2201
2202 return ERROR_OK;
2203 }
2204
2205 static int cortex_a_write_cpu_memory_fast(struct target *target,
2206 uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2207 {
2208 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2209 * in *dscr; updated to new value. This is fast but only works for
2210 * word-sized objects at aligned addresses.
2211 * Preconditions:
2212 * - Address is in R0 and must be a multiple of 4.
2213 * - R0 is marked dirty.
2214 */
2215 struct armv7a_common *armv7a = target_to_armv7a(target);
2216 int retval;
2217
2218 /* Switch to fast mode if not already in that mode. */
2219 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2220 if (retval != ERROR_OK)
2221 return retval;
2222
2223 /* Latch STC instruction. */
2224 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2225 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2226 if (retval != ERROR_OK)
2227 return retval;
2228
2229 /* Transfer all the data and issue all the instructions. */
2230 return mem_ap_write_buf_noincr(armv7a->debug_ap, buffer,
2231 4, count, armv7a->debug_base + CPUDBG_DTRRX);
2232 }
2233
2234 static int cortex_a_write_cpu_memory(struct target *target,
2235 uint32_t address, uint32_t size,
2236 uint32_t count, const uint8_t *buffer)
2237 {
2238 /* Write memory through the CPU. */
2239 int retval, final_retval;
2240 struct armv7a_common *armv7a = target_to_armv7a(target);
2241 struct arm *arm = &armv7a->arm;
2242 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2243
2244 LOG_DEBUG("Writing CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2245 address, size, count);
2246 if (target->state != TARGET_HALTED) {
2247 LOG_WARNING("target not halted");
2248 return ERROR_TARGET_NOT_HALTED;
2249 }
2250
2251 if (!count)
2252 return ERROR_OK;
2253
2254 /* Clear any abort. */
2255 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2256 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2257 if (retval != ERROR_OK)
2258 return retval;
2259
2260 /* Read DSCR. */
2261 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2262 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2263 if (retval != ERROR_OK)
2264 return retval;
2265
2266 /* Switch to non-blocking mode if not already in that mode. */
2267 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2268 if (retval != ERROR_OK)
2269 goto out;
2270
2271 /* Mark R0 as dirty. */
2272 arm_reg_current(arm, 0)->dirty = true;
2273
2274 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2275 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2276 if (retval != ERROR_OK)
2277 goto out;
2278
2279 /* Get the memory address into R0. */
2280 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2281 armv7a->debug_base + CPUDBG_DTRRX, address);
2282 if (retval != ERROR_OK)
2283 goto out;
2284 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2285 if (retval != ERROR_OK)
2286 goto out;
2287
2288 if (size == 4 && (address % 4) == 0) {
2289 /* We are doing a word-aligned transfer, so use fast mode. */
2290 retval = cortex_a_write_cpu_memory_fast(target, count, buffer, &dscr);
2291 } else {
2292 /* Use slow path. */
2293 retval = cortex_a_write_cpu_memory_slow(target, size, count, buffer, &dscr);
2294 }
2295
2296 out:
2297 final_retval = retval;
2298
2299 /* Switch to non-blocking mode if not already in that mode. */
2300 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2301 if (final_retval == ERROR_OK)
2302 final_retval = retval;
2303
2304 /* Wait for last issued instruction to complete. */
2305 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2306 if (final_retval == ERROR_OK)
2307 final_retval = retval;
2308
2309 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2310 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2311 * check RXfull_l). Most of the time this will be free because RXfull_l
2312 * will be cleared immediately and cached in dscr. However, don't do this
2313 * if there is fault, because then the instruction might not have completed
2314 * successfully. */
2315 if (!(dscr & DSCR_STICKY_ABORT_PRECISE)) {
2316 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, &dscr);
2317 if (retval != ERROR_OK)
2318 return retval;
2319 }
2320
2321 /* If there were any sticky abort flags, clear them. */
2322 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2323 fault_dscr = dscr;
2324 mem_ap_write_atomic_u32(armv7a->debug_ap,
2325 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2326 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2327 } else {
2328 fault_dscr = 0;
2329 }
2330
2331 /* Handle synchronous data faults. */
2332 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2333 if (final_retval == ERROR_OK) {
2334 /* Final return value will reflect cause of fault. */
2335 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2336 if (retval == ERROR_OK) {
2337 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2338 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2339 } else
2340 final_retval = retval;
2341 }
2342 /* Fault destroyed DFAR/DFSR; restore them. */
2343 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2344 if (retval != ERROR_OK)
2345 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2346 }
2347
2348 /* Handle asynchronous data faults. */
2349 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2350 if (final_retval == ERROR_OK)
2351 /* No other error has been recorded so far, so keep this one. */
2352 final_retval = ERROR_TARGET_DATA_ABORT;
2353 }
2354
2355 /* If the DCC is nonempty, clear it. */
2356 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2357 uint32_t dummy;
2358 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2359 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2360 if (final_retval == ERROR_OK)
2361 final_retval = retval;
2362 }
2363 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2364 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2365 if (final_retval == ERROR_OK)
2366 final_retval = retval;
2367 }
2368
2369 /* Done. */
2370 return final_retval;
2371 }
2372
2373 static int cortex_a_read_cpu_memory_slow(struct target *target,
2374 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
2375 {
2376 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2377 * in *dscr; updated to new value. This is slow because it works for
2378 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2379 * the address is aligned, cortex_a_read_cpu_memory_fast should be
2380 * preferred.
2381 * Preconditions:
2382 * - Address is in R0.
2383 * - R0 is marked dirty.
2384 */
2385 struct armv7a_common *armv7a = target_to_armv7a(target);
2386 struct arm *arm = &armv7a->arm;
2387 int retval;
2388
2389 /* Mark register R1 as dirty, to use for transferring data. */
2390 arm_reg_current(arm, 1)->dirty = true;
2391
2392 /* Switch to non-blocking mode if not already in that mode. */
2393 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2394 if (retval != ERROR_OK)
2395 return retval;
2396
2397 /* Go through the objects. */
2398 while (count) {
2399 /* Issue a load of the appropriate size to R1. */
2400 uint32_t opcode, data;
2401 if (size == 1)
2402 opcode = ARMV4_5_LDRB_IP(1, 0);
2403 else if (size == 2)
2404 opcode = ARMV4_5_LDRH_IP(1, 0);
2405 else
2406 opcode = ARMV4_5_LDRW_IP(1, 0);
2407 retval = cortex_a_exec_opcode(target, opcode, dscr);
2408 if (retval != ERROR_OK)
2409 return retval;
2410
2411 /* Issue a write of R1 to DTRTX. */
2412 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr);
2413 if (retval != ERROR_OK)
2414 return retval;
2415
2416 /* Check for faults and return early. */
2417 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2418 return ERROR_OK; /* A data fault is not considered a system failure. */
2419
2420 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2421 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2422 * must also check TXfull_l). Most of the time this will be free
2423 * because TXfull_l will be set immediately and cached in dscr. */
2424 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2425 DSCR_DTRTX_FULL_LATCHED, dscr);
2426 if (retval != ERROR_OK)
2427 return retval;
2428
2429 /* Read the value transferred to DTRTX into the buffer. */
2430 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2431 armv7a->debug_base + CPUDBG_DTRTX, &data);
2432 if (retval != ERROR_OK)
2433 return retval;
2434 if (size == 1)
2435 *buffer = (uint8_t) data;
2436 else if (size == 2)
2437 target_buffer_set_u16(target, buffer, (uint16_t) data);
2438 else
2439 target_buffer_set_u32(target, buffer, data);
2440
2441 /* Advance. */
2442 buffer += size;
2443 --count;
2444 }
2445
2446 return ERROR_OK;
2447 }
2448
2449 static int cortex_a_read_cpu_memory_fast(struct target *target,
2450 uint32_t count, uint8_t *buffer, uint32_t *dscr)
2451 {
2452 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2453 * *dscr; updated to new value. This is fast but only works for word-sized
2454 * objects at aligned addresses.
2455 * Preconditions:
2456 * - Address is in R0 and must be a multiple of 4.
2457 * - R0 is marked dirty.
2458 */
2459 struct armv7a_common *armv7a = target_to_armv7a(target);
2460 uint32_t u32;
2461 int retval;
2462
2463 /* Switch to non-blocking mode if not already in that mode. */
2464 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2465 if (retval != ERROR_OK)
2466 return retval;
2467
2468 /* Issue the LDC instruction via a write to ITR. */
2469 retval = cortex_a_exec_opcode(target, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr);
2470 if (retval != ERROR_OK)
2471 return retval;
2472
2473 count--;
2474
2475 if (count > 0) {
2476 /* Switch to fast mode if not already in that mode. */
2477 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2478 if (retval != ERROR_OK)
2479 return retval;
2480
2481 /* Latch LDC instruction. */
2482 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2483 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2484 if (retval != ERROR_OK)
2485 return retval;
2486
2487 /* Read the value transferred to DTRTX into the buffer. Due to fast
2488 * mode rules, this blocks until the instruction finishes executing and
2489 * then reissues the read instruction to read the next word from
2490 * memory. The last read of DTRTX in this call reads the second-to-last
2491 * word from memory and issues the read instruction for the last word.
2492 */
2493 retval = mem_ap_read_buf_noincr(armv7a->debug_ap, buffer,
2494 4, count, armv7a->debug_base + CPUDBG_DTRTX);
2495 if (retval != ERROR_OK)
2496 return retval;
2497
2498 /* Advance. */
2499 buffer += count * 4;
2500 }
2501
2502 /* Wait for last issued instruction to complete. */
2503 retval = cortex_a_wait_instrcmpl(target, dscr, false);
2504 if (retval != ERROR_OK)
2505 return retval;
2506
2507 /* Switch to non-blocking mode if not already in that mode. */
2508 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2509 if (retval != ERROR_OK)
2510 return retval;
2511
2512 /* Check for faults and return early. */
2513 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2514 return ERROR_OK; /* A data fault is not considered a system failure. */
2515
2516 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2517 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2518 * check TXfull_l). Most of the time this will be free because TXfull_l
2519 * will be set immediately and cached in dscr. */
2520 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2521 DSCR_DTRTX_FULL_LATCHED, dscr);
2522 if (retval != ERROR_OK)
2523 return retval;
2524
2525 /* Read the value transferred to DTRTX into the buffer. This is the last
2526 * word. */
2527 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2528 armv7a->debug_base + CPUDBG_DTRTX, &u32);
2529 if (retval != ERROR_OK)
2530 return retval;
2531 target_buffer_set_u32(target, buffer, u32);
2532
2533 return ERROR_OK;
2534 }
2535
2536 static int cortex_a_read_cpu_memory(struct target *target,
2537 uint32_t address, uint32_t size,
2538 uint32_t count, uint8_t *buffer)
2539 {
2540 /* Read memory through the CPU. */
2541 int retval, final_retval;
2542 struct armv7a_common *armv7a = target_to_armv7a(target);
2543 struct arm *arm = &armv7a->arm;
2544 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2545
2546 LOG_DEBUG("Reading CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2547 address, size, count);
2548 if (target->state != TARGET_HALTED) {
2549 LOG_WARNING("target not halted");
2550 return ERROR_TARGET_NOT_HALTED;
2551 }
2552
2553 if (!count)
2554 return ERROR_OK;
2555
2556 /* Clear any abort. */
2557 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2558 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2559 if (retval != ERROR_OK)
2560 return retval;
2561
2562 /* Read DSCR */
2563 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2564 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2565 if (retval != ERROR_OK)
2566 return retval;
2567
2568 /* Switch to non-blocking mode if not already in that mode. */
2569 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2570 if (retval != ERROR_OK)
2571 goto out;
2572
2573 /* Mark R0 as dirty. */
2574 arm_reg_current(arm, 0)->dirty = true;
2575
2576 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2577 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2578 if (retval != ERROR_OK)
2579 goto out;
2580
2581 /* Get the memory address into R0. */
2582 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2583 armv7a->debug_base + CPUDBG_DTRRX, address);
2584 if (retval != ERROR_OK)
2585 goto out;
2586 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2587 if (retval != ERROR_OK)
2588 goto out;
2589
2590 if (size == 4 && (address % 4) == 0) {
2591 /* We are doing a word-aligned transfer, so use fast mode. */
2592 retval = cortex_a_read_cpu_memory_fast(target, count, buffer, &dscr);
2593 } else {
2594 /* Use slow path. */
2595 retval = cortex_a_read_cpu_memory_slow(target, size, count, buffer, &dscr);
2596 }
2597
2598 out:
2599 final_retval = retval;
2600
2601 /* Switch to non-blocking mode if not already in that mode. */
2602 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2603 if (final_retval == ERROR_OK)
2604 final_retval = retval;
2605
2606 /* Wait for last issued instruction to complete. */
2607 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2608 if (final_retval == ERROR_OK)
2609 final_retval = retval;
2610
2611 /* If there were any sticky abort flags, clear them. */
2612 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2613 fault_dscr = dscr;
2614 mem_ap_write_atomic_u32(armv7a->debug_ap,
2615 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2616 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2617 } else {
2618 fault_dscr = 0;
2619 }
2620
2621 /* Handle synchronous data faults. */
2622 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2623 if (final_retval == ERROR_OK) {
2624 /* Final return value will reflect cause of fault. */
2625 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2626 if (retval == ERROR_OK) {
2627 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2628 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2629 } else
2630 final_retval = retval;
2631 }
2632 /* Fault destroyed DFAR/DFSR; restore them. */
2633 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2634 if (retval != ERROR_OK)
2635 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2636 }
2637
2638 /* Handle asynchronous data faults. */
2639 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2640 if (final_retval == ERROR_OK)
2641 /* No other error has been recorded so far, so keep this one. */
2642 final_retval = ERROR_TARGET_DATA_ABORT;
2643 }
2644
2645 /* If the DCC is nonempty, clear it. */
2646 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2647 uint32_t dummy;
2648 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2649 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2650 if (final_retval == ERROR_OK)
2651 final_retval = retval;
2652 }
2653 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2654 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2655 if (final_retval == ERROR_OK)
2656 final_retval = retval;
2657 }
2658
2659 /* Done. */
2660 return final_retval;
2661 }
2662
2663
2664 /*
2665 * Cortex-A Memory access
2666 *
2667 * This is same Cortex-M3 but we must also use the correct
2668 * ap number for every access.
2669 */
2670
2671 static int cortex_a_read_phys_memory(struct target *target,
2672 uint32_t address, uint32_t size,
2673 uint32_t count, uint8_t *buffer)
2674 {
2675 struct armv7a_common *armv7a = target_to_armv7a(target);
2676 struct adiv5_dap *swjdp = armv7a->arm.dap;
2677 uint8_t apsel = swjdp->apsel;
2678 int retval;
2679
2680 if (!count || !buffer)
2681 return ERROR_COMMAND_SYNTAX_ERROR;
2682
2683 LOG_DEBUG("Reading memory at real address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32,
2684 address, size, count);
2685
2686 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num))
2687 return mem_ap_read_buf(armv7a->memory_ap, buffer, size, count, address);
2688
2689 /* read memory through the CPU */
2690 cortex_a_prep_memaccess(target, 1);
2691 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2692 cortex_a_post_memaccess(target, 1);
2693
2694 return retval;
2695 }
2696
2697 static int cortex_a_read_memory(struct target *target, uint32_t address,
2698 uint32_t size, uint32_t count, uint8_t *buffer)
2699 {
2700 int retval;
2701
2702 /* cortex_a handles unaligned memory access */
2703 LOG_DEBUG("Reading memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2704 size, count);
2705
2706 cortex_a_prep_memaccess(target, 0);
2707 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2708 cortex_a_post_memaccess(target, 0);
2709
2710 return retval;
2711 }
2712
2713 static int cortex_a_read_memory_ahb(struct target *target, uint32_t address,
2714 uint32_t size, uint32_t count, uint8_t *buffer)
2715 {
2716 int mmu_enabled = 0;
2717 uint32_t virt, phys;
2718 int retval;
2719 struct armv7a_common *armv7a = target_to_armv7a(target);
2720 struct adiv5_dap *swjdp = armv7a->arm.dap;
2721 uint8_t apsel = swjdp->apsel;
2722
2723 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2724 return target_read_memory(target, address, size, count, buffer);
2725
2726 /* cortex_a handles unaligned memory access */
2727 LOG_DEBUG("Reading memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2728 size, count);
2729
2730 /* determine if MMU was enabled on target stop */
2731 if (!armv7a->is_armv7r) {
2732 retval = cortex_a_mmu(target, &mmu_enabled);
2733 if (retval != ERROR_OK)
2734 return retval;
2735 }
2736
2737 if (mmu_enabled) {
2738 virt = address;
2739 retval = cortex_a_virt2phys(target, virt, &phys);
2740 if (retval != ERROR_OK)
2741 return retval;
2742
2743 LOG_DEBUG("Reading at virtual address. Translating v:0x%" PRIx32 " to r:0x%" PRIx32,
2744 virt, phys);
2745 address = phys;
2746 }
2747
2748 if (!count || !buffer)
2749 return ERROR_COMMAND_SYNTAX_ERROR;
2750
2751 retval = mem_ap_read_buf(armv7a->memory_ap, buffer, size, count, address);
2752
2753 return retval;
2754 }
2755
2756 static int cortex_a_write_phys_memory(struct target *target,
2757 uint32_t address, uint32_t size,
2758 uint32_t count, const uint8_t *buffer)
2759 {
2760 struct armv7a_common *armv7a = target_to_armv7a(target);
2761 struct adiv5_dap *swjdp = armv7a->arm.dap;
2762 uint8_t apsel = swjdp->apsel;
2763 int retval;
2764
2765 if (!count || !buffer)
2766 return ERROR_COMMAND_SYNTAX_ERROR;
2767
2768 LOG_DEBUG("Writing memory to real address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2769 size, count);
2770
2771 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num))
2772 return mem_ap_write_buf(armv7a->memory_ap, buffer, size, count, address);
2773
2774 /* write memory through the CPU */
2775 cortex_a_prep_memaccess(target, 1);
2776 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2777 cortex_a_post_memaccess(target, 1);
2778
2779 return retval;
2780 }
2781
2782 static int cortex_a_write_memory(struct target *target, uint32_t address,
2783 uint32_t size, uint32_t count, const uint8_t *buffer)
2784 {
2785 int retval;
2786
2787 /* cortex_a handles unaligned memory access */
2788 LOG_DEBUG("Writing memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2789 size, count);
2790
2791 /* memory writes bypass the caches, must flush before writing */
2792 armv7a_cache_auto_flush_on_write(target, address, size * count);
2793
2794 cortex_a_prep_memaccess(target, 0);
2795 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2796 cortex_a_post_memaccess(target, 0);
2797 return retval;
2798 }
2799
2800 static int cortex_a_write_memory_ahb(struct target *target, uint32_t address,
2801 uint32_t size, uint32_t count, const uint8_t *buffer)
2802 {
2803 int mmu_enabled = 0;
2804 uint32_t virt, phys;
2805 int retval;
2806 struct armv7a_common *armv7a = target_to_armv7a(target);
2807 struct adiv5_dap *swjdp = armv7a->arm.dap;
2808 uint8_t apsel = swjdp->apsel;
2809
2810 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2811 return target_write_memory(target, address, size, count, buffer);
2812
2813 /* cortex_a handles unaligned memory access */
2814 LOG_DEBUG("Writing memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2815 size, count);
2816
2817 /* determine if MMU was enabled on target stop */
2818 if (!armv7a->is_armv7r) {
2819 retval = cortex_a_mmu(target, &mmu_enabled);
2820 if (retval != ERROR_OK)
2821 return retval;
2822 }
2823
2824 if (mmu_enabled) {
2825 virt = address;
2826 retval = cortex_a_virt2phys(target, virt, &phys);
2827 if (retval != ERROR_OK)
2828 return retval;
2829
2830 LOG_DEBUG("Writing to virtual address. Translating v:0x%" PRIx32 " to r:0x%" PRIx32,
2831 virt,
2832 phys);
2833 address = phys;
2834 }
2835
2836 if (!count || !buffer)
2837 return ERROR_COMMAND_SYNTAX_ERROR;
2838
2839 retval = mem_ap_write_buf(armv7a->memory_ap, buffer, size, count, address);
2840
2841 return retval;
2842 }
2843
2844 static int cortex_a_read_buffer(struct target *target, uint32_t address,
2845 uint32_t count, uint8_t *buffer)
2846 {
2847 uint32_t size;
2848
2849 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2850 * will have something to do with the size we leave to it. */
2851 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2852 if (address & size) {
2853 int retval = cortex_a_read_memory_ahb(target, address, size, 1, buffer);
2854 if (retval != ERROR_OK)
2855 return retval;
2856 address += size;
2857 count -= size;
2858 buffer += size;
2859 }
2860 }
2861
2862 /* Read the data with as large access size as possible. */
2863 for (; size > 0; size /= 2) {
2864 uint32_t aligned = count - count % size;
2865 if (aligned > 0) {
2866 int retval = cortex_a_read_memory_ahb(target, address, size, aligned / size, buffer);
2867 if (retval != ERROR_OK)
2868 return retval;
2869 address += aligned;
2870 count -= aligned;
2871 buffer += aligned;
2872 }
2873 }
2874
2875 return ERROR_OK;
2876 }
2877
2878 static int cortex_a_write_buffer(struct target *target, uint32_t address,
2879 uint32_t count, const uint8_t *buffer)
2880 {
2881 uint32_t size;
2882
2883 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2884 * will have something to do with the size we leave to it. */
2885 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2886 if (address & size) {
2887 int retval = cortex_a_write_memory_ahb(target, address, size, 1, buffer);
2888 if (retval != ERROR_OK)
2889 return retval;
2890 address += size;
2891 count -= size;
2892 buffer += size;
2893 }
2894 }
2895
2896 /* Write the data with as large access size as possible. */
2897 for (; size > 0; size /= 2) {
2898 uint32_t aligned = count - count % size;
2899 if (aligned > 0) {
2900 int retval = cortex_a_write_memory_ahb(target, address, size, aligned / size, buffer);
2901 if (retval != ERROR_OK)
2902 return retval;
2903 address += aligned;
2904 count -= aligned;
2905 buffer += aligned;
2906 }
2907 }
2908
2909 return ERROR_OK;
2910 }
2911
2912 static int cortex_a_handle_target_request(void *priv)
2913 {
2914 struct target *target = priv;
2915 struct armv7a_common *armv7a = target_to_armv7a(target);
2916 int retval;
2917
2918 if (!target_was_examined(target))
2919 return ERROR_OK;
2920 if (!target->dbg_msg_enabled)
2921 return ERROR_OK;
2922
2923 if (target->state == TARGET_RUNNING) {
2924 uint32_t request;
2925 uint32_t dscr;
2926 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2927 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2928
2929 /* check if we have data */
2930 int64_t then = timeval_ms();
2931 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2932 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2933 armv7a->debug_base + CPUDBG_DTRTX, &request);
2934 if (retval == ERROR_OK) {
2935 target_request(target, request);
2936 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2937 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2938 }
2939 if (timeval_ms() > then + 1000) {
2940 LOG_ERROR("Timeout waiting for dtr tx full");
2941 return ERROR_FAIL;
2942 }
2943 }
2944 }
2945
2946 return ERROR_OK;
2947 }
2948
2949 /*
2950 * Cortex-A target information and configuration
2951 */
2952
2953 static int cortex_a_examine_first(struct target *target)
2954 {
2955 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2956 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2957 struct adiv5_dap *swjdp = armv7a->arm.dap;
2958 int i;
2959 int retval = ERROR_OK;
2960 uint32_t didr, ctypr, ttypr, cpuid, dbg_osreg;
2961
2962 retval = dap_dp_init(swjdp);
2963 if (retval != ERROR_OK) {
2964 LOG_ERROR("Could not initialize the debug port");
2965 return retval;
2966 }
2967
2968 /* Search for the APB-AP - it is needed for access to debug registers */
2969 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
2970 if (retval != ERROR_OK) {
2971 LOG_ERROR("Could not find APB-AP for debug access");
2972 return retval;
2973 }
2974
2975 retval = mem_ap_init(armv7a->debug_ap);
2976 if (retval != ERROR_OK) {
2977 LOG_ERROR("Could not initialize the APB-AP");
2978 return retval;
2979 }
2980
2981 armv7a->debug_ap->memaccess_tck = 80;
2982
2983 /* Search for the AHB-AB.
2984 * REVISIT: We should search for AXI-AP as well and make sure the AP's MEMTYPE says it
2985 * can access system memory. */
2986 armv7a->memory_ap_available = false;
2987 retval = dap_find_ap(swjdp, AP_TYPE_AHB_AP, &armv7a->memory_ap);
2988 if (retval == ERROR_OK) {
2989 retval = mem_ap_init(armv7a->memory_ap);
2990 if (retval == ERROR_OK)
2991 armv7a->memory_ap_available = true;
2992 }
2993 if (retval != ERROR_OK) {
2994 /* AHB-AP not found or unavailable - use the CPU */
2995 LOG_DEBUG("No AHB-AP available for memory access");
2996 }
2997
2998 if (!target->dbgbase_set) {
2999 uint32_t dbgbase;
3000 /* Get ROM Table base */
3001 uint32_t apid;
3002 int32_t coreidx = target->coreid;
3003 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
3004 target->cmd_name);
3005 retval = dap_get_debugbase(armv7a->debug_ap, &dbgbase, &apid);
3006 if (retval != ERROR_OK)
3007 return retval;
3008 /* Lookup 0x15 -- Processor DAP */
3009 retval = dap_lookup_cs_component(armv7a->debug_ap, dbgbase, 0x15,
3010 &armv7a->debug_base, &coreidx);
3011 if (retval != ERROR_OK) {
3012 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
3013 target->cmd_name);
3014 return retval;
3015 }
3016 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32,
3017 target->coreid, armv7a->debug_base);
3018 } else
3019 armv7a->debug_base = target->dbgbase;
3020
3021 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3022 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
3023 if (retval != ERROR_OK)
3024 return retval;
3025
3026 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3027 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
3028 if (retval != ERROR_OK) {
3029 LOG_DEBUG("Examine %s failed", "CPUID");
3030 return retval;
3031 }
3032
3033 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3034 armv7a->debug_base + CPUDBG_CTYPR, &ctypr);
3035 if (retval != ERROR_OK) {
3036 LOG_DEBUG("Examine %s failed", "CTYPR");
3037 return retval;
3038 }
3039
3040 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3041 armv7a->debug_base + CPUDBG_TTYPR, &ttypr);
3042 if (retval != ERROR_OK) {
3043 LOG_DEBUG("Examine %s failed", "TTYPR");
3044 return retval;
3045 }
3046
3047 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3048 armv7a->debug_base + CPUDBG_DIDR, &didr);
3049 if (retval != ERROR_OK) {
3050 LOG_DEBUG("Examine %s failed", "DIDR");
3051 return retval;
3052 }
3053
3054 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
3055 LOG_DEBUG("ctypr = 0x%08" PRIx32, ctypr);
3056 LOG_DEBUG("ttypr = 0x%08" PRIx32, ttypr);
3057 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
3058
3059 cortex_a->cpuid = cpuid;
3060 cortex_a->ctypr = ctypr;
3061 cortex_a->ttypr = ttypr;
3062 cortex_a->didr = didr;
3063
3064 /* Unlocking the debug registers */
3065 if ((cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >> CORTEX_A_MIDR_PARTNUM_SHIFT ==
3066 CORTEX_A15_PARTNUM) {
3067
3068 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3069 armv7a->debug_base + CPUDBG_OSLAR,
3070 0);
3071
3072 if (retval != ERROR_OK)
3073 return retval;
3074
3075 }
3076 /* Unlocking the debug registers */
3077 if ((cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >> CORTEX_A_MIDR_PARTNUM_SHIFT ==
3078 CORTEX_A7_PARTNUM) {
3079
3080 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3081 armv7a->debug_base + CPUDBG_OSLAR,
3082 0);
3083
3084 if (retval != ERROR_OK)