2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
20 ***************************************************************************/
27 #include <helper/time_support.h>
28 #include "target_type.h"
30 #include "arm_opcodes.h"
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
53 #define _DEBUG_INSTRUCTION_EXECUTION_
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
83 static int arm920t_read_cp15_physical(struct target
*target
,
84 int reg_addr
, uint32_t *value
)
86 struct arm920t_common
*arm920t
= target_to_arm920(target
);
87 struct arm_jtag
*jtag_info
;
88 struct scan_field fields
[4];
89 uint8_t access_type_buf
= 1;
90 uint8_t reg_addr_buf
= reg_addr
& 0x3f;
94 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
96 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
97 if (retval
!= ERROR_OK
)
99 retval
= arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
100 if (retval
!= ERROR_OK
)
103 fields
[0].num_bits
= 1;
104 fields
[0].out_value
= &access_type_buf
;
105 fields
[0].in_value
= NULL
;
107 fields
[1].num_bits
= 32;
108 fields
[1].out_value
= NULL
;
109 fields
[1].in_value
= NULL
;
111 fields
[2].num_bits
= 6;
112 fields
[2].out_value
= ®_addr_buf
;
113 fields
[2].in_value
= NULL
;
115 fields
[3].num_bits
= 1;
116 fields
[3].out_value
= &nr_w_buf
;
117 fields
[3].in_value
= NULL
;
119 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
121 fields
[1].in_value
= (uint8_t *)value
;
123 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
125 jtag_add_callback(arm_le_to_h_u32
, (jtag_callback_data_t
)value
);
127 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
128 jtag_execute_queue();
129 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr
, *value
);
135 static int arm920t_write_cp15_physical(struct target
*target
,
136 int reg_addr
, uint32_t value
)
138 struct arm920t_common
*arm920t
= target_to_arm920(target
);
139 struct arm_jtag
*jtag_info
;
140 struct scan_field fields
[4];
141 uint8_t access_type_buf
= 1;
142 uint8_t reg_addr_buf
= reg_addr
& 0x3f;
143 uint8_t nr_w_buf
= 1;
144 uint8_t value_buf
[4];
147 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
149 buf_set_u32(value_buf
, 0, 32, value
);
151 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
152 if (retval
!= ERROR_OK
)
154 retval
= arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
155 if (retval
!= ERROR_OK
)
158 fields
[0].num_bits
= 1;
159 fields
[0].out_value
= &access_type_buf
;
160 fields
[0].in_value
= NULL
;
162 fields
[1].num_bits
= 32;
163 fields
[1].out_value
= value_buf
;
164 fields
[1].in_value
= NULL
;
166 fields
[2].num_bits
= 6;
167 fields
[2].out_value
= ®_addr_buf
;
168 fields
[2].in_value
= NULL
;
170 fields
[3].num_bits
= 1;
171 fields
[3].out_value
= &nr_w_buf
;
172 fields
[3].in_value
= NULL
;
174 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
176 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
177 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr
, value
);
183 /* See table 9-10 for scan chain 15 format during interpreted access mode.
184 * If the TESTSTATE register is set for interpreted access, certain CP15
185 * MRC and MCR instructions may be executed through scan chain 15.
187 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
188 * executed using scan chain 15 interpreted mode.
190 static int arm920t_execute_cp15(struct target
*target
, uint32_t cp15_opcode
,
194 struct arm920t_common
*arm920t
= target_to_arm920(target
);
195 struct arm_jtag
*jtag_info
;
196 struct scan_field fields
[4];
197 uint8_t access_type_buf
= 0; /* interpreted access */
198 uint8_t reg_addr_buf
= 0x0;
199 uint8_t nr_w_buf
= 0;
200 uint8_t cp15_opcode_buf
[4];
202 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
204 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
205 if (retval
!= ERROR_OK
)
207 retval
= arm_jtag_set_instr(jtag_info
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
208 if (retval
!= ERROR_OK
)
211 buf_set_u32(cp15_opcode_buf
, 0, 32, cp15_opcode
);
213 fields
[0].num_bits
= 1;
214 fields
[0].out_value
= &access_type_buf
;
215 fields
[0].in_value
= NULL
;
217 fields
[1].num_bits
= 32;
218 fields
[1].out_value
= cp15_opcode_buf
;
219 fields
[1].in_value
= NULL
;
221 fields
[2].num_bits
= 6;
222 fields
[2].out_value
= ®_addr_buf
;
223 fields
[2].in_value
= NULL
;
225 fields
[3].num_bits
= 1;
226 fields
[3].out_value
= &nr_w_buf
;
227 fields
[3].in_value
= NULL
;
229 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
231 arm9tdmi_clock_out(jtag_info
, arm_opcode
, 0, NULL
, 0);
232 arm9tdmi_clock_out(jtag_info
, ARMV4_5_NOP
, 0, NULL
, 1);
233 retval
= arm7_9_execute_sys_speed(target
);
234 if (retval
!= ERROR_OK
)
237 retval
= jtag_execute_queue();
238 if (retval
!= ERROR_OK
) {
239 LOG_ERROR("failed executing JTAG queue");
246 static int arm920t_read_cp15_interpreted(struct target
*target
,
247 uint32_t cp15_opcode
, uint32_t address
, uint32_t *value
)
249 struct arm
*arm
= target_to_arm(target
);
252 uint32_t cp15c15
= 0x0;
253 struct reg
*r
= arm
->core_cache
->reg_list
;
255 /* load address into R1 */
257 arm9tdmi_write_core_regs(target
, 0x2, regs
);
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
262 jtag_execute_queue();
263 cp15c15
|= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target
, cp15_opcode
, ARMV4_5_LDR(0, 1));
269 /* disable interpreted access mode */
270 cp15c15
&= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
273 /* retrieve value from R0 */
275 arm9tdmi_read_core_regs(target
, 0x1, regs_p
);
276 jtag_execute_queue();
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode
, address
, *value
);
283 if (!is_arm_mode(arm
->core_mode
)) {
284 LOG_ERROR("not a valid arm core mode - communication failure?");
295 int arm920t_write_cp15_interpreted(struct target
*target
,
296 uint32_t cp15_opcode
, uint32_t value
, uint32_t address
)
298 uint32_t cp15c15
= 0x0;
299 struct arm
*arm
= target_to_arm(target
);
301 struct reg
*r
= arm
->core_cache
->reg_list
;
303 /* load value, address into R0, R1 */
306 arm9tdmi_write_core_regs(target
, 0x3, regs
);
308 /* read-modify-write CP15 test state register
309 * to enable interpreted access mode */
310 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
311 jtag_execute_queue();
312 cp15c15
|= 1; /* set interpret mode */
313 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
315 /* execute CP15 instruction and ARM store (writing to coprocessor) */
316 arm920t_execute_cp15(target
, cp15_opcode
, ARMV4_5_STR(0, 1));
318 /* disable interpreted access mode */
319 cp15c15
&= ~1U; /* set interpret mode */
320 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
322 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
323 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
324 cp15_opcode
, value
, address
);
327 if (!is_arm_mode(arm
->core_mode
)) {
328 LOG_ERROR("not a valid arm core mode - communication failure?");
338 /* EXPORTED to FA256 */
339 int arm920t_get_ttb(struct target
*target
, uint32_t *result
)
344 retval
= arm920t_read_cp15_interpreted(target
,
345 /* FIXME use opcode macro */
346 0xeebf0f51, 0x0, &ttb
);
347 if (retval
!= ERROR_OK
)
354 /* EXPORTED to FA256 */
355 int arm920t_disable_mmu_caches(struct target
*target
, int mmu
,
356 int d_u_cache
, int i_cache
)
358 uint32_t cp15_control
;
361 /* read cp15 control register */
362 retval
= arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_control
);
363 if (retval
!= ERROR_OK
)
365 retval
= jtag_execute_queue();
366 if (retval
!= ERROR_OK
)
370 cp15_control
&= ~0x1U
;
373 cp15_control
&= ~0x4U
;
376 cp15_control
&= ~0x1000U
;
378 retval
= arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_control
);
382 /* EXPORTED to FA256 */
383 int arm920t_enable_mmu_caches(struct target
*target
, int mmu
,
384 int d_u_cache
, int i_cache
)
386 uint32_t cp15_control
;
389 /* read cp15 control register */
390 retval
= arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_control
);
391 if (retval
!= ERROR_OK
)
393 retval
= jtag_execute_queue();
394 if (retval
!= ERROR_OK
)
398 cp15_control
|= 0x1U
;
401 cp15_control
|= 0x4U
;
404 cp15_control
|= 0x1000U
;
406 retval
= arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_control
);
410 /* EXPORTED to FA256 */
411 int arm920t_post_debug_entry(struct target
*target
)
414 struct arm920t_common
*arm920t
= target_to_arm920(target
);
417 /* examine cp15 control reg */
418 retval
= arm920t_read_cp15_physical(target
,
419 CP15PHYS_CTRL
, &arm920t
->cp15_control_reg
);
420 if (retval
!= ERROR_OK
)
422 retval
= jtag_execute_queue();
423 if (retval
!= ERROR_OK
)
425 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32
, arm920t
->cp15_control_reg
);
427 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.ctype
== -1) {
428 uint32_t cache_type_reg
;
429 /* identify caches */
430 retval
= arm920t_read_cp15_physical(target
,
431 CP15PHYS_CACHETYPE
, &cache_type_reg
);
432 if (retval
!= ERROR_OK
)
434 retval
= jtag_execute_queue();
435 if (retval
!= ERROR_OK
)
437 armv4_5_identify_cache(cache_type_reg
,
438 &arm920t
->armv4_5_mmu
.armv4_5_cache
);
441 arm920t
->armv4_5_mmu
.mmu_enabled
=
442 (arm920t
->cp15_control_reg
& 0x1U
) ? 1 : 0;
443 arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
=
444 (arm920t
->cp15_control_reg
& 0x4U
) ? 1 : 0;
445 arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
=
446 (arm920t
->cp15_control_reg
& 0x1000U
) ? 1 : 0;
448 /* save i/d fault status and address register
449 * FIXME use opcode macros */
450 retval
= arm920t_read_cp15_interpreted(target
, 0xee150f10, 0x0, &arm920t
->d_fsr
);
451 if (retval
!= ERROR_OK
)
453 retval
= arm920t_read_cp15_interpreted(target
, 0xee150f30, 0x0, &arm920t
->i_fsr
);
454 if (retval
!= ERROR_OK
)
456 retval
= arm920t_read_cp15_interpreted(target
, 0xee160f10, 0x0, &arm920t
->d_far
);
457 if (retval
!= ERROR_OK
)
459 retval
= arm920t_read_cp15_interpreted(target
, 0xee160f30, 0x0, &arm920t
->i_far
);
460 if (retval
!= ERROR_OK
)
463 LOG_DEBUG("D FSR: 0x%8.8" PRIx32
", D FAR: 0x%8.8" PRIx32
464 ", I FSR: 0x%8.8" PRIx32
", I FAR: 0x%8.8" PRIx32
,
465 arm920t
->d_fsr
, arm920t
->d_far
, arm920t
->i_fsr
, arm920t
->i_far
);
467 if (arm920t
->preserve_cache
) {
468 /* read-modify-write CP15 test state register
469 * to disable I/D-cache linefills */
470 retval
= arm920t_read_cp15_physical(target
,
471 CP15PHYS_TESTSTATE
, &cp15c15
);
472 if (retval
!= ERROR_OK
)
474 retval
= jtag_execute_queue();
475 if (retval
!= ERROR_OK
)
478 retval
= arm920t_write_cp15_physical(target
,
479 CP15PHYS_TESTSTATE
, cp15c15
);
480 if (retval
!= ERROR_OK
)
486 /* EXPORTED to FA256 */
487 void arm920t_pre_restore_context(struct target
*target
)
490 struct arm920t_common
*arm920t
= target_to_arm920(target
);
492 /* restore i/d fault status and address register */
493 arm920t_write_cp15_interpreted(target
, 0xee050f10, arm920t
->d_fsr
, 0x0);
494 arm920t_write_cp15_interpreted(target
, 0xee050f30, arm920t
->i_fsr
, 0x0);
495 arm920t_write_cp15_interpreted(target
, 0xee060f10, arm920t
->d_far
, 0x0);
496 arm920t_write_cp15_interpreted(target
, 0xee060f30, arm920t
->i_far
, 0x0);
498 /* read-modify-write CP15 test state register
499 * to reenable I/D-cache linefills */
500 if (arm920t
->preserve_cache
) {
501 arm920t_read_cp15_physical(target
,
502 CP15PHYS_TESTSTATE
, &cp15c15
);
503 jtag_execute_queue();
505 arm920t_write_cp15_physical(target
,
506 CP15PHYS_TESTSTATE
, cp15c15
);
510 static const char arm920_not
[] = "target is not an ARM920";
512 static int arm920t_verify_pointer(struct command_context
*cmd_ctx
,
513 struct arm920t_common
*arm920t
)
515 if (arm920t
->common_magic
!= ARM920T_COMMON_MAGIC
) {
516 command_print(cmd_ctx
, arm920_not
);
517 return ERROR_TARGET_INVALID
;
523 /** Logs summary of ARM920 state for a halted target. */
524 int arm920t_arch_state(struct target
*target
)
526 static const char *state
[] = {
527 "disabled", "enabled"
530 struct arm920t_common
*arm920t
= target_to_arm920(target
);
532 if (arm920t
->common_magic
!= ARM920T_COMMON_MAGIC
) {
533 LOG_ERROR("BUG: %s", arm920_not
);
534 return ERROR_TARGET_INVALID
;
537 arm_arch_state(target
);
538 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
539 state
[arm920t
->armv4_5_mmu
.mmu_enabled
],
540 state
[arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
],
541 state
[arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
]);
546 static int arm920_mmu(struct target
*target
, int *enabled
)
548 if (target
->state
!= TARGET_HALTED
) {
549 LOG_ERROR("%s: target not halted", __func__
);
550 return ERROR_TARGET_INVALID
;
553 *enabled
= target_to_arm920(target
)->armv4_5_mmu
.mmu_enabled
;
557 static int arm920_virt2phys(struct target
*target
,
558 uint32_t virt
, uint32_t *phys
)
561 struct arm920t_common
*arm920t
= target_to_arm920(target
);
564 int retval
= armv4_5_mmu_translate_va(target
,
565 &arm920t
->armv4_5_mmu
, virt
, &cb
, &ret
);
566 if (retval
!= ERROR_OK
)
572 /** Reads a buffer, in the specified word size, with current MMU settings. */
573 int arm920t_read_memory(struct target
*target
, uint32_t address
,
574 uint32_t size
, uint32_t count
, uint8_t *buffer
)
578 retval
= arm7_9_read_memory(target
, address
, size
, count
, buffer
);
584 static int arm920t_read_phys_memory(struct target
*target
,
585 uint32_t address
, uint32_t size
,
586 uint32_t count
, uint8_t *buffer
)
588 struct arm920t_common
*arm920t
= target_to_arm920(target
);
590 return armv4_5_mmu_read_physical(target
, &arm920t
->armv4_5_mmu
,
591 address
, size
, count
, buffer
);
594 static int arm920t_write_phys_memory(struct target
*target
,
595 uint32_t address
, uint32_t size
,
596 uint32_t count
, const uint8_t *buffer
)
598 struct arm920t_common
*arm920t
= target_to_arm920(target
);
600 return armv4_5_mmu_write_physical(target
, &arm920t
->armv4_5_mmu
,
601 address
, size
, count
, buffer
);
604 /** Writes a buffer, in the specified word size, with current MMU settings. */
605 int arm920t_write_memory(struct target
*target
, uint32_t address
,
606 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
609 const uint32_t cache_mask
= ~0x1f; /* cache line size : 32 byte */
610 struct arm920t_common
*arm920t
= target_to_arm920(target
);
612 /* FIX!!!! this should be cleaned up and made much more general. The
613 * plan is to write up and test on arm920t specifically and
614 * then generalize and clean up afterwards.
616 * Also it should be moved to the callbacks that handle breakpoints
617 * specifically and not the generic memory write fn's. See XScale code.
619 if (arm920t
->armv4_5_mmu
.mmu_enabled
&& (count
== 1) &&
620 ((size
== 2) || (size
== 4))) {
621 /* special case the handling of single word writes to
622 * bypass MMU, to allow implementation of breakpoints
623 * in memory marked read only
630 * We need physical address and cb
632 retval
= armv4_5_mmu_translate_va(target
, &arm920t
->armv4_5_mmu
,
634 if (retval
!= ERROR_OK
)
637 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
) {
639 LOG_DEBUG("D-Cache buffered, "
640 "drain write buffer");
643 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
646 retval
= arm920t_write_cp15_interpreted(target
,
647 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
649 if (retval
!= ERROR_OK
)
655 * Write back memory ? -> clean cache
657 * There is no way to clean cache lines using
658 * cp15 scan chain, so copy the full cache
659 * line from cache to physical memory.
663 LOG_DEBUG("D-Cache in 'write back' mode, "
666 retval
= target_read_memory(target
,
667 address
& cache_mask
, 1,
668 sizeof(data
), &data
[0]);
669 if (retval
!= ERROR_OK
)
672 retval
= armv4_5_mmu_write_physical(target
,
673 &arm920t
->armv4_5_mmu
,
675 sizeof(data
), &data
[0]);
676 if (retval
!= ERROR_OK
)
683 * Cached ? -> Invalidate data cache using MVA
685 * MCR p15,0,Rd,c7,c6,1
687 LOG_DEBUG("D-Cache enabled, "
688 "invalidate cache line");
690 retval
= arm920t_write_cp15_interpreted(target
,
691 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
692 address
& cache_mask
);
693 if (retval
!= ERROR_OK
)
698 /* write directly to physical memory,
699 * bypassing any read only MMU bits, etc.
701 retval
= armv4_5_mmu_write_physical(target
,
702 &arm920t
->armv4_5_mmu
, pa
, size
,
704 if (retval
!= ERROR_OK
)
707 retval
= arm7_9_write_memory(target
, address
, size
, count
, buffer
);
708 if (retval
!= ERROR_OK
)
712 /* If ICache is enabled, we have to invalidate affected ICache lines
713 * the DCache is forced to write-through,
714 * so we don't have to clean it here
716 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
) {
718 /* invalidate ICache single entry with MVA
719 * mcr 15, 0, r0, cr7, cr5, {1}
721 LOG_DEBUG("I-Cache enabled, "
722 "invalidating affected I-Cache line");
723 retval
= arm920t_write_cp15_interpreted(target
,
724 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
725 0x0, address
& cache_mask
);
726 if (retval
!= ERROR_OK
)
730 * mcr 15, 0, r0, cr7, cr5, {0}
732 retval
= arm920t_write_cp15_interpreted(target
,
733 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
735 if (retval
!= ERROR_OK
)
743 int arm920t_write_memory_opt(struct target
*target
, uint32_t address
,
744 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
746 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
748 if (size
== 4 && count
> 32 && arm7_9
->bulk_write_memory
)
749 return arm7_9
->bulk_write_memory(target
, address
, count
, buffer
);
751 return arm920t_write_memory(target
, address
, size
, count
, buffer
);
754 /* EXPORTED to FA256 */
755 int arm920t_soft_reset_halt(struct target
*target
)
757 int retval
= ERROR_OK
;
758 struct arm920t_common
*arm920t
= target_to_arm920(target
);
759 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
760 struct arm
*arm
= &arm7_9
->arm
;
761 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
763 retval
= target_halt(target
);
764 if (retval
!= ERROR_OK
)
767 long long then
= timeval_ms();
769 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
770 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) == 0) {
771 embeddedice_read_reg(dbg_stat
);
772 retval
= jtag_execute_queue();
773 if (retval
!= ERROR_OK
)
777 if (debug_level
>= 3) {
778 /* do not eat all CPU, time out after 1 se*/
784 LOG_ERROR("Failed to halt CPU after 1 sec");
785 return ERROR_TARGET_TIMEOUT
;
788 target
->state
= TARGET_HALTED
;
790 /* SVC, ARM state, IRQ and FIQ disabled */
793 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
796 arm_set_cpsr(arm
, cpsr
);
797 arm
->cpsr
->dirty
= 1;
799 /* start fetching from 0x0 */
800 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
804 arm920t_disable_mmu_caches(target
, 1, 1, 1);
805 arm920t
->armv4_5_mmu
.mmu_enabled
= 0;
806 arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
= 0;
807 arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
= 0;
809 return target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
812 /* FIXME remove forward decls */
813 static int arm920t_mrc(struct target
*target
, int cpnum
,
814 uint32_t op1
, uint32_t op2
,
815 uint32_t CRn
, uint32_t CRm
,
817 static int arm920t_mcr(struct target
*target
, int cpnum
,
818 uint32_t op1
, uint32_t op2
,
819 uint32_t CRn
, uint32_t CRm
,
822 static int arm920t_init_arch_info(struct target
*target
,
823 struct arm920t_common
*arm920t
, struct jtag_tap
*tap
)
825 struct arm7_9_common
*arm7_9
= &arm920t
->arm7_9_common
;
827 arm7_9
->arm
.mrc
= arm920t_mrc
;
828 arm7_9
->arm
.mcr
= arm920t_mcr
;
830 /* initialize arm7/arm9 specific info (including armv4_5) */
831 arm9tdmi_init_arch_info(target
, arm7_9
, tap
);
833 arm920t
->common_magic
= ARM920T_COMMON_MAGIC
;
835 arm7_9
->post_debug_entry
= arm920t_post_debug_entry
;
836 arm7_9
->pre_restore_context
= arm920t_pre_restore_context
;
838 arm920t
->armv4_5_mmu
.armv4_5_cache
.ctype
= -1;
839 arm920t
->armv4_5_mmu
.get_ttb
= arm920t_get_ttb
;
840 arm920t
->armv4_5_mmu
.read_memory
= arm7_9_read_memory
;
841 arm920t
->armv4_5_mmu
.write_memory
= arm7_9_write_memory
;
842 arm920t
->armv4_5_mmu
.disable_mmu_caches
= arm920t_disable_mmu_caches
;
843 arm920t
->armv4_5_mmu
.enable_mmu_caches
= arm920t_enable_mmu_caches
;
844 arm920t
->armv4_5_mmu
.has_tiny_pages
= 1;
845 arm920t
->armv4_5_mmu
.mmu_enabled
= 0;
847 /* disabling linefills leads to lockups, so keep them enabled for now
848 * this doesn't affect correctness, but might affect timing issues, if
849 * important data is evicted from the cache during the debug session
851 arm920t
->preserve_cache
= 0;
853 /* override hw single-step capability from ARM9TDMI */
854 arm7_9
->has_single_step
= 1;
859 static int arm920t_target_create(struct target
*target
, Jim_Interp
*interp
)
861 struct arm920t_common
*arm920t
;
863 arm920t
= calloc(1, sizeof(struct arm920t_common
));
864 return arm920t_init_arch_info(target
, arm920t
, target
->tap
);
867 COMMAND_HANDLER(arm920t_handle_read_cache_command
)
869 int retval
= ERROR_OK
;
870 struct target
*target
= get_current_target(CMD_CTX
);
871 struct arm920t_common
*arm920t
= target_to_arm920(target
);
872 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
873 struct arm
*arm
= &arm7_9
->arm
;
875 uint32_t cp15_ctrl
, cp15_ctrl_saved
;
877 uint32_t *regs_p
[16];
878 uint32_t C15_C_D_Ind
, C15_C_I_Ind
;
881 int segment
, index_t
;
884 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
885 if (retval
!= ERROR_OK
)
889 return ERROR_COMMAND_SYNTAX_ERROR
;
891 output
= fopen(CMD_ARGV
[0], "w");
892 if (output
== NULL
) {
893 LOG_DEBUG("error opening cache content file");
897 for (i
= 0; i
< 16; i
++)
898 regs_p
[i
] = ®s
[i
];
900 /* disable MMU and Caches */
901 arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_ctrl
);
902 retval
= jtag_execute_queue();
903 if (retval
!= ERROR_OK
)
905 cp15_ctrl_saved
= cp15_ctrl
;
906 cp15_ctrl
&= ~(ARMV4_5_MMU_ENABLED
907 | ARMV4_5_D_U_CACHE_ENABLED
| ARMV4_5_I_CACHE_ENABLED
);
908 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl
);
910 /* read CP15 test state register */
911 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
912 jtag_execute_queue();
914 /* read DCache content */
915 fprintf(output
, "DCache:\n");
917 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
919 segment
< arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_size
.nsets
;
921 fprintf(output
, "\nsegment: %i\n----------", segment
);
923 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
924 regs
[0] = 0x0 | (segment
<< 5);
925 arm9tdmi_write_core_regs(target
, 0x1, regs
);
927 /* set interpret mode */
929 arm920t_write_cp15_physical(target
,
930 CP15PHYS_TESTSTATE
, cp15c15
);
932 /* D CAM Read, loads current victim into C15.C.D.Ind */
933 arm920t_execute_cp15(target
,
934 ARMV4_5_MCR(15, 2, 0, 15, 6, 2), ARMV4_5_LDR(1, 0));
936 /* read current victim */
937 arm920t_read_cp15_physical(target
,
938 CP15PHYS_DCACHE_IDX
, &C15_C_D_Ind
);
940 /* clear interpret mode */
942 arm920t_write_cp15_physical(target
,
943 CP15PHYS_TESTSTATE
, cp15c15
);
945 for (index_t
= 0; index_t
< 64; index_t
++) {
947 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
949 regs
[0] = 0x0 | (segment
<< 5) | (index_t
<< 26);
950 arm9tdmi_write_core_regs(target
, 0x1, regs
);
952 /* set interpret mode */
954 arm920t_write_cp15_physical(target
,
955 CP15PHYS_TESTSTATE
, cp15c15
);
957 /* Write DCache victim */
958 arm920t_execute_cp15(target
,
959 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
962 arm920t_execute_cp15(target
,
963 ARMV4_5_MCR(15, 2, 0, 15, 10, 2),
964 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
967 arm920t_execute_cp15(target
,
968 ARMV4_5_MCR(15, 2, 0, 15, 6, 2),
971 /* clear interpret mode */
973 arm920t_write_cp15_physical(target
,
974 CP15PHYS_TESTSTATE
, cp15c15
);
976 /* read D RAM and CAM content */
977 arm9tdmi_read_core_regs(target
, 0x3fe, regs_p
);
978 retval
= jtag_execute_queue();
979 if (retval
!= ERROR_OK
)
983 regs
[9] &= 0xfffffffe;
984 fprintf(output
, "\nsegment: %i, index: %i, CAM: 0x%8.8"
985 PRIx32
", content (%s):\n",
986 segment
, index_t
, regs
[9],
987 (regs
[9] & 0x10) ? "valid" : "invalid");
989 for (i
= 1; i
< 9; i
++) {
990 fprintf(output
, "%i: 0x%8.8" PRIx32
"\n",
996 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
997 regs
[0] = 0x0 | (segment
<< 5) | (C15_C_D_Ind
<< 26);
998 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1000 /* set interpret mode */
1002 arm920t_write_cp15_physical(target
,
1003 CP15PHYS_TESTSTATE
, cp15c15
);
1005 /* Write DCache victim */
1006 arm920t_execute_cp15(target
,
1007 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
1009 /* clear interpret mode */
1011 arm920t_write_cp15_physical(target
,
1012 CP15PHYS_TESTSTATE
, cp15c15
);
1015 /* read ICache content */
1016 fprintf(output
, "ICache:\n");
1018 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1020 segment
< arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_size
.nsets
;
1022 fprintf(output
, "segment: %i\n----------", segment
);
1024 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1025 regs
[0] = 0x0 | (segment
<< 5);
1026 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1028 /* set interpret mode */
1030 arm920t_write_cp15_physical(target
,
1031 CP15PHYS_TESTSTATE
, cp15c15
);
1033 /* I CAM Read, loads current victim into C15.C.I.Ind */
1034 arm920t_execute_cp15(target
,
1035 ARMV4_5_MCR(15, 2, 0, 15, 5, 2), ARMV4_5_LDR(1, 0));
1037 /* read current victim */
1038 arm920t_read_cp15_physical(target
, CP15PHYS_ICACHE_IDX
,
1041 /* clear interpret mode */
1043 arm920t_write_cp15_physical(target
,
1044 CP15PHYS_TESTSTATE
, cp15c15
);
1046 for (index_t
= 0; index_t
< 64; index_t
++) {
1048 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1050 regs
[0] = 0x0 | (segment
<< 5) | (index_t
<< 26);
1051 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1053 /* set interpret mode */
1055 arm920t_write_cp15_physical(target
,
1056 CP15PHYS_TESTSTATE
, cp15c15
);
1058 /* Write ICache victim */
1059 arm920t_execute_cp15(target
,
1060 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1063 arm920t_execute_cp15(target
,
1064 ARMV4_5_MCR(15, 2, 0, 15, 9, 2),
1065 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1068 arm920t_execute_cp15(target
,
1069 ARMV4_5_MCR(15, 2, 0, 15, 5, 2),
1072 /* clear interpret mode */
1074 arm920t_write_cp15_physical(target
,
1075 CP15PHYS_TESTSTATE
, cp15c15
);
1077 /* read I RAM and CAM content */
1078 arm9tdmi_read_core_regs(target
, 0x3fe, regs_p
);
1079 retval
= jtag_execute_queue();
1080 if (retval
!= ERROR_OK
)
1084 regs
[9] &= 0xfffffffe;
1085 fprintf(output
, "\nsegment: %i, index: %i, "
1086 "CAM: 0x%8.8" PRIx32
", content (%s):\n",
1087 segment
, index_t
, regs
[9],
1088 (regs
[9] & 0x10) ? "valid" : "invalid");
1090 for (i
= 1; i
< 9; i
++) {
1091 fprintf(output
, "%i: 0x%8.8" PRIx32
"\n",
1096 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1097 regs
[0] = 0x0 | (segment
<< 5) | (C15_C_D_Ind
<< 26);
1098 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1100 /* set interpret mode */
1102 arm920t_write_cp15_physical(target
,
1103 CP15PHYS_TESTSTATE
, cp15c15
);
1105 /* Write ICache victim */
1106 arm920t_execute_cp15(target
,
1107 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1109 /* clear interpret mode */
1111 arm920t_write_cp15_physical(target
,
1112 CP15PHYS_TESTSTATE
, cp15c15
);
1115 /* restore CP15 MMU and Cache settings */
1116 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl_saved
);
1118 command_print(CMD_CTX
, "cache content successfully output to %s",
1123 if (!is_arm_mode(arm
->core_mode
)) {
1124 LOG_ERROR("not a valid arm core mode - communication failure?");
1128 /* force writeback of the valid data */
1129 r
= arm
->core_cache
->reg_list
;
1130 r
[0].dirty
= r
[0].valid
;
1131 r
[1].dirty
= r
[1].valid
;
1132 r
[2].dirty
= r
[2].valid
;
1133 r
[3].dirty
= r
[3].valid
;
1134 r
[4].dirty
= r
[4].valid
;
1135 r
[5].dirty
= r
[5].valid
;
1136 r
[6].dirty
= r
[6].valid
;
1137 r
[7].dirty
= r
[7].valid
;
1139 r
= arm_reg_current(arm
, 8);
1140 r
->dirty
= r
->valid
;
1142 r
= arm_reg_current(arm
, 9);
1143 r
->dirty
= r
->valid
;
1148 COMMAND_HANDLER(arm920t_handle_read_mmu_command
)
1150 int retval
= ERROR_OK
;
1151 struct target
*target
= get_current_target(CMD_CTX
);
1152 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1153 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1154 struct arm
*arm
= &arm7_9
->arm
;
1156 uint32_t cp15_ctrl
, cp15_ctrl_saved
;
1158 uint32_t *regs_p
[16];
1161 uint32_t Dlockdown
, Ilockdown
;
1162 struct arm920t_tlb_entry d_tlb
[64], i_tlb
[64];
1166 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1167 if (retval
!= ERROR_OK
)
1171 return ERROR_COMMAND_SYNTAX_ERROR
;
1173 output
= fopen(CMD_ARGV
[0], "w");
1174 if (output
== NULL
) {
1175 LOG_DEBUG("error opening mmu content file");
1179 for (i
= 0; i
< 16; i
++)
1180 regs_p
[i
] = ®s
[i
];
1182 /* disable MMU and Caches */
1183 arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_ctrl
);
1184 retval
= jtag_execute_queue();
1185 if (retval
!= ERROR_OK
)
1187 cp15_ctrl_saved
= cp15_ctrl
;
1188 cp15_ctrl
&= ~(ARMV4_5_MMU_ENABLED
1189 | ARMV4_5_D_U_CACHE_ENABLED
| ARMV4_5_I_CACHE_ENABLED
);
1190 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl
);
1192 /* read CP15 test state register */
1193 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
1194 retval
= jtag_execute_queue();
1195 if (retval
!= ERROR_OK
)
1198 /* prepare reading D TLB content
1201 /* set interpret mode */
1203 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1205 /* Read D TLB lockdown */
1206 arm920t_execute_cp15(target
,
1207 ARMV4_5_MRC(15, 0, 0, 10, 0, 0), ARMV4_5_LDR(1, 0));
1209 /* clear interpret mode */
1211 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1213 /* read D TLB lockdown stored to r1 */
1214 arm9tdmi_read_core_regs(target
, 0x2, regs_p
);
1215 retval
= jtag_execute_queue();
1216 if (retval
!= ERROR_OK
)
1218 Dlockdown
= regs
[1];
1220 for (victim
= 0; victim
< 64; victim
+= 8) {
1221 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1222 * base remains unchanged, victim goes through entries 0 to 63
1224 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1225 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1227 /* set interpret mode */
1229 arm920t_write_cp15_physical(target
,
1230 CP15PHYS_TESTSTATE
, cp15c15
);
1232 /* Write D TLB lockdown */
1233 arm920t_execute_cp15(target
,
1234 ARMV4_5_MCR(15, 0, 0, 10, 0, 0),
1237 /* Read D TLB CAM */
1238 arm920t_execute_cp15(target
,
1239 ARMV4_5_MCR(15, 4, 0, 15, 6, 4),
1240 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1242 /* clear interpret mode */
1244 arm920t_write_cp15_physical(target
,
1245 CP15PHYS_TESTSTATE
, cp15c15
);
1247 /* read D TLB CAM content stored to r2-r9 */
1248 arm9tdmi_read_core_regs(target
, 0x3fc, regs_p
);
1249 retval
= jtag_execute_queue();
1250 if (retval
!= ERROR_OK
)
1253 for (i
= 0; i
< 8; i
++)
1254 d_tlb
[victim
+ i
].cam
= regs
[i
+ 2];
1257 for (victim
= 0; victim
< 64; victim
++) {
1258 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1259 * base remains unchanged, victim goes through entries 0 to 63
1261 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1262 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1264 /* set interpret mode */
1266 arm920t_write_cp15_physical(target
,
1267 CP15PHYS_TESTSTATE
, cp15c15
);
1269 /* Write D TLB lockdown */
1270 arm920t_execute_cp15(target
,
1271 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1273 /* Read D TLB RAM1 */
1274 arm920t_execute_cp15(target
,
1275 ARMV4_5_MCR(15, 4, 0, 15, 10, 4), ARMV4_5_LDR(2, 0));
1277 /* Read D TLB RAM2 */
1278 arm920t_execute_cp15(target
,
1279 ARMV4_5_MCR(15, 4, 0, 15, 2, 5), ARMV4_5_LDR(3, 0));
1281 /* clear interpret mode */
1283 arm920t_write_cp15_physical(target
,
1284 CP15PHYS_TESTSTATE
, cp15c15
);
1286 /* read D TLB RAM content stored to r2 and r3 */
1287 arm9tdmi_read_core_regs(target
, 0xc, regs_p
);
1288 retval
= jtag_execute_queue();
1289 if (retval
!= ERROR_OK
)
1292 d_tlb
[victim
].ram1
= regs
[2];
1293 d_tlb
[victim
].ram2
= regs
[3];
1296 /* restore D TLB lockdown */
1297 regs
[1] = Dlockdown
;
1298 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1300 /* Write D TLB lockdown */
1301 arm920t_execute_cp15(target
,
1302 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1304 /* prepare reading I TLB content
1307 /* set interpret mode */
1309 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1311 /* Read I TLB lockdown */
1312 arm920t_execute_cp15(target
,
1313 ARMV4_5_MRC(15, 0, 0, 10, 0, 1), ARMV4_5_LDR(1, 0));
1315 /* clear interpret mode */
1317 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1319 /* read I TLB lockdown stored to r1 */
1320 arm9tdmi_read_core_regs(target
, 0x2, regs_p
);
1321 retval
= jtag_execute_queue();
1322 if (retval
!= ERROR_OK
)
1324 Ilockdown
= regs
[1];
1326 for (victim
= 0; victim
< 64; victim
+= 8) {
1327 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1328 * base remains unchanged, victim goes through entries 0 to 63
1330 regs
[1] = (Ilockdown
& 0xfc000000) | (victim
<< 20);
1331 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1333 /* set interpret mode */
1335 arm920t_write_cp15_physical(target
,
1336 CP15PHYS_TESTSTATE
, cp15c15
);
1338 /* Write I TLB lockdown */
1339 arm920t_execute_cp15(target
,
1340 ARMV4_5_MCR(15, 0, 0, 10, 0, 1),
1343 /* Read I TLB CAM */
1344 arm920t_execute_cp15(target
,
1345 ARMV4_5_MCR(15, 4, 0, 15, 5, 4),
1346 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1348 /* clear interpret mode */
1350 arm920t_write_cp15_physical(target
,
1351 CP15PHYS_TESTSTATE
, cp15c15
);
1353 /* read I TLB CAM content stored to r2-r9 */
1354 arm9tdmi_read_core_regs(target
, 0x3fc, regs_p
);
1355 retval
= jtag_execute_queue();
1356 if (retval
!= ERROR_OK
)
1359 for (i
= 0; i
< 8; i
++)
1360 i_tlb
[i
+ victim
].cam
= regs
[i
+ 2];
1363 for (victim
= 0; victim
< 64; victim
++) {
1364 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1365 * base remains unchanged, victim goes through entries 0 to 63
1367 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1368 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1370 /* set interpret mode */
1372 arm920t_write_cp15_physical(target
,
1373 CP15PHYS_TESTSTATE
, cp15c15
);
1375 /* Write I TLB lockdown */
1376 arm920t_execute_cp15(target
,
1377 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1379 /* Read I TLB RAM1 */
1380 arm920t_execute_cp15(target
,
1381 ARMV4_5_MCR(15, 4, 0, 15, 9, 4), ARMV4_5_LDR(2, 0));
1383 /* Read I TLB RAM2 */
1384 arm920t_execute_cp15(target
,
1385 ARMV4_5_MCR(15, 4, 0, 15, 1, 5), ARMV4_5_LDR(3, 0));
1387 /* clear interpret mode */
1389 arm920t_write_cp15_physical(target
,
1390 CP15PHYS_TESTSTATE
, cp15c15
);
1392 /* read I TLB RAM content stored to r2 and r3 */
1393 arm9tdmi_read_core_regs(target
, 0xc, regs_p
);
1394 retval
= jtag_execute_queue();
1395 if (retval
!= ERROR_OK
)
1398 i_tlb
[victim
].ram1
= regs
[2];
1399 i_tlb
[victim
].ram2
= regs
[3];
1402 /* restore I TLB lockdown */
1403 regs
[1] = Ilockdown
;
1404 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1406 /* Write I TLB lockdown */
1407 arm920t_execute_cp15(target
,
1408 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1410 /* restore CP15 MMU and Cache settings */
1411 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl_saved
);
1413 /* output data to file */
1414 fprintf(output
, "D TLB content:\n");
1415 for (i
= 0; i
< 64; i
++) {
1416 fprintf(output
, "%i: 0x%8.8" PRIx32
" 0x%8.8" PRIx32
1417 " 0x%8.8" PRIx32
" %s\n",
1418 i
, d_tlb
[i
].cam
, d_tlb
[i
].ram1
, d_tlb
[i
].ram2
,
1419 (d_tlb
[i
].cam
& 0x20) ? "(valid)" : "(invalid)");
1422 fprintf(output
, "\n\nI TLB content:\n");
1423 for (i
= 0; i
< 64; i
++) {
1424 fprintf(output
, "%i: 0x%8.8" PRIx32
" 0x%8.8" PRIx32
1425 " 0x%8.8" PRIx32
" %s\n",
1426 i
, i_tlb
[i
].cam
, i_tlb
[i
].ram1
, i_tlb
[i
].ram2
,
1427 (i_tlb
[i
].cam
& 0x20) ? "(valid)" : "(invalid)");
1430 command_print(CMD_CTX
, "mmu content successfully output to %s",
1435 if (!is_arm_mode(arm
->core_mode
)) {
1436 LOG_ERROR("not a valid arm core mode - communication failure?");
1440 /* force writeback of the valid data */
1441 r
= arm
->core_cache
->reg_list
;
1442 r
[0].dirty
= r
[0].valid
;
1443 r
[1].dirty
= r
[1].valid
;
1444 r
[2].dirty
= r
[2].valid
;
1445 r
[3].dirty
= r
[3].valid
;
1446 r
[4].dirty
= r
[4].valid
;
1447 r
[5].dirty
= r
[5].valid
;
1448 r
[6].dirty
= r
[6].valid
;
1449 r
[7].dirty
= r
[7].valid
;
1451 r
= arm_reg_current(arm
, 8);
1452 r
->dirty
= r
->valid
;
1454 r
= arm_reg_current(arm
, 9);
1455 r
->dirty
= r
->valid
;
1460 COMMAND_HANDLER(arm920t_handle_cp15_command
)
1463 struct target
*target
= get_current_target(CMD_CTX
);
1464 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1466 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1467 if (retval
!= ERROR_OK
)
1470 if (target
->state
!= TARGET_HALTED
) {
1471 command_print(CMD_CTX
, "target must be stopped for "
1472 "\"%s\" command", CMD_NAME
);
1476 /* one argument, read a register.
1477 * two arguments, write it.
1479 if (CMD_ARGC
>= 1) {
1481 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[0], address
);
1483 if (CMD_ARGC
== 1) {
1485 retval
= arm920t_read_cp15_physical(target
, address
, &value
);
1486 if (retval
!= ERROR_OK
) {
1487 command_print(CMD_CTX
,
1488 "couldn't access reg %i", address
);
1491 retval
= jtag_execute_queue();
1492 if (retval
!= ERROR_OK
)
1495 command_print(CMD_CTX
, "%i: %8.8" PRIx32
,
1497 } else if (CMD_ARGC
== 2) {
1499 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1500 retval
= arm920t_write_cp15_physical(target
,
1502 if (retval
!= ERROR_OK
) {
1503 command_print(CMD_CTX
,
1504 "couldn't access reg %i", address
);
1505 /* REVISIT why lie? "return retval"? */
1508 command_print(CMD_CTX
, "%i: %8.8" PRIx32
,
1516 COMMAND_HANDLER(arm920t_handle_cp15i_command
)
1519 struct target
*target
= get_current_target(CMD_CTX
);
1520 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1522 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1523 if (retval
!= ERROR_OK
)
1527 if (target
->state
!= TARGET_HALTED
) {
1528 command_print(CMD_CTX
, "target must be stopped for "
1529 "\"%s\" command", CMD_NAME
);
1533 /* one argument, read a register.
1534 * two arguments, write it.
1536 if (CMD_ARGC
>= 1) {
1538 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], opcode
);
1540 if (CMD_ARGC
== 1) {
1542 retval
= arm920t_read_cp15_interpreted(target
,
1543 opcode
, 0x0, &value
);
1544 if (retval
!= ERROR_OK
) {
1545 command_print(CMD_CTX
,
1546 "couldn't execute %8.8" PRIx32
,
1548 /* REVISIT why lie? "return retval"? */
1552 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
,
1554 } else if (CMD_ARGC
== 2) {
1556 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1557 retval
= arm920t_write_cp15_interpreted(target
,
1559 if (retval
!= ERROR_OK
) {
1560 command_print(CMD_CTX
,
1561 "couldn't execute %8.8" PRIx32
,
1563 /* REVISIT why lie? "return retval"? */
1566 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
,
1568 } else if (CMD_ARGC
== 3) {
1570 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1572 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[2], address
);
1573 retval
= arm920t_write_cp15_interpreted(target
,
1574 opcode
, value
, address
);
1575 if (retval
!= ERROR_OK
) {
1576 command_print(CMD_CTX
,
1577 "couldn't execute %8.8" PRIx32
, opcode
);
1578 /* REVISIT why lie? "return retval"? */
1581 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
1582 " %8.8" PRIx32
, opcode
, value
, address
);
1585 return ERROR_COMMAND_SYNTAX_ERROR
;
1590 COMMAND_HANDLER(arm920t_handle_cache_info_command
)
1593 struct target
*target
= get_current_target(CMD_CTX
);
1594 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1596 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1597 if (retval
!= ERROR_OK
)
1600 return armv4_5_handle_cache_info_command(CMD_CTX
,
1601 &arm920t
->armv4_5_mmu
.armv4_5_cache
);
1605 static int arm920t_mrc(struct target
*target
, int cpnum
,
1606 uint32_t op1
, uint32_t op2
,
1607 uint32_t CRn
, uint32_t CRm
,
1611 LOG_ERROR("Only cp15 is supported");
1616 return arm920t_read_cp15_interpreted(target
,
1617 ARMV4_5_MRC(cpnum
, op1
, 0, CRn
, CRm
, op2
),
1621 static int arm920t_mcr(struct target
*target
, int cpnum
,
1622 uint32_t op1
, uint32_t op2
,
1623 uint32_t CRn
, uint32_t CRm
,
1627 LOG_ERROR("Only cp15 is supported");
1631 /* write "from" r0 */
1632 return arm920t_write_cp15_interpreted(target
,
1633 ARMV4_5_MCR(cpnum
, op1
, 0, CRn
, CRm
, op2
),
1637 static const struct command_registration arm920t_exec_command_handlers
[] = {
1640 .handler
= arm920t_handle_cp15_command
,
1641 .mode
= COMMAND_EXEC
,
1642 .help
= "display/modify cp15 register",
1643 .usage
= "regnum [value]",
1647 .handler
= arm920t_handle_cp15i_command
,
1648 .mode
= COMMAND_EXEC
,
1649 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1650 .help
= "display/modify cp15 register using ARM opcode"
1652 .usage
= "instruction [value [address]]",
1655 .name
= "cache_info",
1656 .handler
= arm920t_handle_cache_info_command
,
1657 .mode
= COMMAND_EXEC
,
1659 .help
= "display information about target caches",
1662 .name
= "read_cache",
1663 .handler
= arm920t_handle_read_cache_command
,
1664 .mode
= COMMAND_EXEC
,
1665 .help
= "dump I/D cache content to file",
1666 .usage
= "filename",
1670 .handler
= arm920t_handle_read_mmu_command
,
1671 .mode
= COMMAND_EXEC
,
1672 .help
= "dump I/D mmu content to file",
1673 .usage
= "filename",
1675 COMMAND_REGISTRATION_DONE
1677 const struct command_registration arm920t_command_handlers
[] = {
1679 .chain
= arm9tdmi_command_handlers
,
1683 .mode
= COMMAND_ANY
,
1684 .help
= "arm920t command group",
1686 .chain
= arm920t_exec_command_handlers
,
1688 COMMAND_REGISTRATION_DONE
1691 /** Holds methods for ARM920 targets. */
1692 struct target_type arm920t_target
= {
1695 .poll
= arm7_9_poll
,
1696 .arch_state
= arm920t_arch_state
,
1698 .target_request_data
= arm7_9_target_request_data
,
1700 .halt
= arm7_9_halt
,
1701 .resume
= arm7_9_resume
,
1702 .step
= arm7_9_step
,
1704 .assert_reset
= arm7_9_assert_reset
,
1705 .deassert_reset
= arm7_9_deassert_reset
,
1706 .soft_reset_halt
= arm920t_soft_reset_halt
,
1708 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1710 .read_memory
= arm920t_read_memory
,
1711 .write_memory
= arm920t_write_memory_opt
,
1712 .read_phys_memory
= arm920t_read_phys_memory
,
1713 .write_phys_memory
= arm920t_write_phys_memory
,
1715 .virt2phys
= arm920_virt2phys
,
1717 .checksum_memory
= arm_checksum_memory
,
1718 .blank_check_memory
= arm_blank_check_memory
,
1720 .run_algorithm
= armv4_5_run_algorithm
,
1722 .add_breakpoint
= arm7_9_add_breakpoint
,
1723 .remove_breakpoint
= arm7_9_remove_breakpoint
,
1724 .add_watchpoint
= arm7_9_add_watchpoint
,
1725 .remove_watchpoint
= arm7_9_remove_watchpoint
,
1727 .commands
= arm920t_command_handlers
,
1728 .target_create
= arm920t_target_create
,
1729 .init_target
= arm9tdmi_init_target
,
1730 .examine
= arm7_9_examine
,
1731 .check_reset
= arm7_9_check_reset
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)