2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
18 ***************************************************************************/
25 #include <helper/time_support.h>
26 #include "target_type.h"
28 #include "arm_opcodes.h"
31 * For information about the ARM920T, see ARM DDI 0151C especially
32 * Chapter 9 about debug support, which shows how to manipulate each
33 * of the different scan chains:
35 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
36 * 1 ... debugging; watchpoint and breakpoint status, etc; also
37 * MMU and cache access in conjunction with scan chain 15
39 * 3 ... external boundary scan (SoC-specific, unused here)
40 * 4 ... access to cache tag RAM
42 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
43 * "interpreted" works with a few actual MRC/MCR instructions
44 * "physical" provides register-like behaviors. Section 9.6.7
45 * covers these details.
47 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
51 #define _DEBUG_INSTRUCTION_EXECUTION_
54 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
55 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
56 * JTAG scan, while reads use two.
58 * Table 9-9 lists the thirteen registers which support physical access.
59 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
60 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
66 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68 /* Registers supporting physical Read access (from table 9-9) */
69 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
70 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
71 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
72 /* NOTE: several more registers support only physical read access */
74 /* Registers supporting physical Read/Write access (from table 9-9) */
75 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
76 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
77 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
78 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
79 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81 static int arm920t_read_cp15_physical(struct target
*target
,
82 int reg_addr
, uint32_t *value
)
84 struct arm920t_common
*arm920t
= target_to_arm920(target
);
85 struct arm_jtag
*jtag_info
;
86 struct scan_field fields
[4];
87 uint8_t access_type_buf
= 1;
88 uint8_t reg_addr_buf
= reg_addr
& 0x3f;
92 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
94 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
95 if (retval
!= ERROR_OK
)
97 retval
= arm_jtag_set_instr(jtag_info
->tap
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
98 if (retval
!= ERROR_OK
)
101 fields
[0].num_bits
= 1;
102 fields
[0].out_value
= &access_type_buf
;
103 fields
[0].in_value
= NULL
;
105 fields
[1].num_bits
= 32;
106 fields
[1].out_value
= NULL
;
107 fields
[1].in_value
= NULL
;
109 fields
[2].num_bits
= 6;
110 fields
[2].out_value
= ®_addr_buf
;
111 fields
[2].in_value
= NULL
;
113 fields
[3].num_bits
= 1;
114 fields
[3].out_value
= &nr_w_buf
;
115 fields
[3].in_value
= NULL
;
117 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
119 fields
[1].in_value
= (uint8_t *)value
;
121 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
123 jtag_add_callback(arm_le_to_h_u32
, (jtag_callback_data_t
)value
);
125 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
126 jtag_execute_queue();
127 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr
, *value
);
133 static int arm920t_write_cp15_physical(struct target
*target
,
134 int reg_addr
, uint32_t value
)
136 struct arm920t_common
*arm920t
= target_to_arm920(target
);
137 struct arm_jtag
*jtag_info
;
138 struct scan_field fields
[4];
139 uint8_t access_type_buf
= 1;
140 uint8_t reg_addr_buf
= reg_addr
& 0x3f;
141 uint8_t nr_w_buf
= 1;
142 uint8_t value_buf
[4];
145 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
147 buf_set_u32(value_buf
, 0, 32, value
);
149 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
150 if (retval
!= ERROR_OK
)
152 retval
= arm_jtag_set_instr(jtag_info
->tap
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
153 if (retval
!= ERROR_OK
)
156 fields
[0].num_bits
= 1;
157 fields
[0].out_value
= &access_type_buf
;
158 fields
[0].in_value
= NULL
;
160 fields
[1].num_bits
= 32;
161 fields
[1].out_value
= value_buf
;
162 fields
[1].in_value
= NULL
;
164 fields
[2].num_bits
= 6;
165 fields
[2].out_value
= ®_addr_buf
;
166 fields
[2].in_value
= NULL
;
168 fields
[3].num_bits
= 1;
169 fields
[3].out_value
= &nr_w_buf
;
170 fields
[3].in_value
= NULL
;
172 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
174 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
175 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr
, value
);
181 /* See table 9-10 for scan chain 15 format during interpreted access mode.
182 * If the TESTSTATE register is set for interpreted access, certain CP15
183 * MRC and MCR instructions may be executed through scan chain 15.
185 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
186 * executed using scan chain 15 interpreted mode.
188 static int arm920t_execute_cp15(struct target
*target
, uint32_t cp15_opcode
,
192 struct arm920t_common
*arm920t
= target_to_arm920(target
);
193 struct arm_jtag
*jtag_info
;
194 struct scan_field fields
[4];
195 uint8_t access_type_buf
= 0; /* interpreted access */
196 uint8_t reg_addr_buf
= 0x0;
197 uint8_t nr_w_buf
= 0;
198 uint8_t cp15_opcode_buf
[4];
200 jtag_info
= &arm920t
->arm7_9_common
.jtag_info
;
202 retval
= arm_jtag_scann(jtag_info
, 0xf, TAP_IDLE
);
203 if (retval
!= ERROR_OK
)
205 retval
= arm_jtag_set_instr(jtag_info
->tap
, jtag_info
->intest_instr
, NULL
, TAP_IDLE
);
206 if (retval
!= ERROR_OK
)
209 buf_set_u32(cp15_opcode_buf
, 0, 32, cp15_opcode
);
211 fields
[0].num_bits
= 1;
212 fields
[0].out_value
= &access_type_buf
;
213 fields
[0].in_value
= NULL
;
215 fields
[1].num_bits
= 32;
216 fields
[1].out_value
= cp15_opcode_buf
;
217 fields
[1].in_value
= NULL
;
219 fields
[2].num_bits
= 6;
220 fields
[2].out_value
= ®_addr_buf
;
221 fields
[2].in_value
= NULL
;
223 fields
[3].num_bits
= 1;
224 fields
[3].out_value
= &nr_w_buf
;
225 fields
[3].in_value
= NULL
;
227 jtag_add_dr_scan(jtag_info
->tap
, 4, fields
, TAP_IDLE
);
229 arm9tdmi_clock_out(jtag_info
, arm_opcode
, 0, NULL
, 0);
230 arm9tdmi_clock_out(jtag_info
, ARMV4_5_NOP
, 0, NULL
, 1);
231 retval
= arm7_9_execute_sys_speed(target
);
232 if (retval
!= ERROR_OK
)
235 retval
= jtag_execute_queue();
236 if (retval
!= ERROR_OK
) {
237 LOG_ERROR("failed executing JTAG queue");
244 static int arm920t_read_cp15_interpreted(struct target
*target
,
245 uint32_t cp15_opcode
, uint32_t address
, uint32_t *value
)
247 struct arm
*arm
= target_to_arm(target
);
250 uint32_t cp15c15
= 0x0;
251 struct reg
*r
= arm
->core_cache
->reg_list
;
253 /* load address into R1 */
255 arm9tdmi_write_core_regs(target
, 0x2, regs
);
257 /* read-modify-write CP15 test state register
258 * to enable interpreted access mode */
259 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
260 jtag_execute_queue();
261 cp15c15
|= 1; /* set interpret mode */
262 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
264 /* execute CP15 instruction and ARM load (reading from coprocessor) */
265 arm920t_execute_cp15(target
, cp15_opcode
, ARMV4_5_LDR(0, 1));
267 /* disable interpreted access mode */
268 cp15c15
&= ~1U; /* clear interpret mode */
269 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
271 /* retrieve value from R0 */
273 arm9tdmi_read_core_regs(target
, 0x1, regs_p
);
274 jtag_execute_queue();
276 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
277 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
278 cp15_opcode
, address
, *value
);
281 if (!is_arm_mode(arm
->core_mode
)) {
282 LOG_ERROR("not a valid arm core mode - communication failure?");
293 int arm920t_write_cp15_interpreted(struct target
*target
,
294 uint32_t cp15_opcode
, uint32_t value
, uint32_t address
)
296 uint32_t cp15c15
= 0x0;
297 struct arm
*arm
= target_to_arm(target
);
299 struct reg
*r
= arm
->core_cache
->reg_list
;
301 /* load value, address into R0, R1 */
304 arm9tdmi_write_core_regs(target
, 0x3, regs
);
306 /* read-modify-write CP15 test state register
307 * to enable interpreted access mode */
308 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
309 jtag_execute_queue();
310 cp15c15
|= 1; /* set interpret mode */
311 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
313 /* execute CP15 instruction and ARM store (writing to coprocessor) */
314 arm920t_execute_cp15(target
, cp15_opcode
, ARMV4_5_STR(0, 1));
316 /* disable interpreted access mode */
317 cp15c15
&= ~1U; /* set interpret mode */
318 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
320 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
321 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
322 cp15_opcode
, value
, address
);
325 if (!is_arm_mode(arm
->core_mode
)) {
326 LOG_ERROR("not a valid arm core mode - communication failure?");
336 /* EXPORTED to FA256 */
337 int arm920t_get_ttb(struct target
*target
, uint32_t *result
)
342 retval
= arm920t_read_cp15_interpreted(target
,
343 /* FIXME use opcode macro */
344 0xeebf0f51, 0x0, &ttb
);
345 if (retval
!= ERROR_OK
)
352 /* EXPORTED to FA256 */
353 int arm920t_disable_mmu_caches(struct target
*target
, int mmu
,
354 int d_u_cache
, int i_cache
)
356 uint32_t cp15_control
;
359 /* read cp15 control register */
360 retval
= arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_control
);
361 if (retval
!= ERROR_OK
)
363 retval
= jtag_execute_queue();
364 if (retval
!= ERROR_OK
)
368 cp15_control
&= ~0x1U
;
371 cp15_control
&= ~0x4U
;
374 cp15_control
&= ~0x1000U
;
376 retval
= arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_control
);
380 /* EXPORTED to FA256 */
381 int arm920t_enable_mmu_caches(struct target
*target
, int mmu
,
382 int d_u_cache
, int i_cache
)
384 uint32_t cp15_control
;
387 /* read cp15 control register */
388 retval
= arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_control
);
389 if (retval
!= ERROR_OK
)
391 retval
= jtag_execute_queue();
392 if (retval
!= ERROR_OK
)
396 cp15_control
|= 0x1U
;
399 cp15_control
|= 0x4U
;
402 cp15_control
|= 0x1000U
;
404 retval
= arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_control
);
408 /* EXPORTED to FA256 */
409 int arm920t_post_debug_entry(struct target
*target
)
412 struct arm920t_common
*arm920t
= target_to_arm920(target
);
415 /* examine cp15 control reg */
416 retval
= arm920t_read_cp15_physical(target
,
417 CP15PHYS_CTRL
, &arm920t
->cp15_control_reg
);
418 if (retval
!= ERROR_OK
)
420 retval
= jtag_execute_queue();
421 if (retval
!= ERROR_OK
)
423 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32
, arm920t
->cp15_control_reg
);
425 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.ctype
== -1) {
426 uint32_t cache_type_reg
;
427 /* identify caches */
428 retval
= arm920t_read_cp15_physical(target
,
429 CP15PHYS_CACHETYPE
, &cache_type_reg
);
430 if (retval
!= ERROR_OK
)
432 retval
= jtag_execute_queue();
433 if (retval
!= ERROR_OK
)
435 armv4_5_identify_cache(cache_type_reg
,
436 &arm920t
->armv4_5_mmu
.armv4_5_cache
);
439 arm920t
->armv4_5_mmu
.mmu_enabled
=
440 (arm920t
->cp15_control_reg
& 0x1U
) ? 1 : 0;
441 arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
=
442 (arm920t
->cp15_control_reg
& 0x4U
) ? 1 : 0;
443 arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
=
444 (arm920t
->cp15_control_reg
& 0x1000U
) ? 1 : 0;
446 /* save i/d fault status and address register
447 * FIXME use opcode macros */
448 retval
= arm920t_read_cp15_interpreted(target
, 0xee150f10, 0x0, &arm920t
->d_fsr
);
449 if (retval
!= ERROR_OK
)
451 retval
= arm920t_read_cp15_interpreted(target
, 0xee150f30, 0x0, &arm920t
->i_fsr
);
452 if (retval
!= ERROR_OK
)
454 retval
= arm920t_read_cp15_interpreted(target
, 0xee160f10, 0x0, &arm920t
->d_far
);
455 if (retval
!= ERROR_OK
)
457 retval
= arm920t_read_cp15_interpreted(target
, 0xee160f30, 0x0, &arm920t
->i_far
);
458 if (retval
!= ERROR_OK
)
461 LOG_DEBUG("D FSR: 0x%8.8" PRIx32
", D FAR: 0x%8.8" PRIx32
462 ", I FSR: 0x%8.8" PRIx32
", I FAR: 0x%8.8" PRIx32
,
463 arm920t
->d_fsr
, arm920t
->d_far
, arm920t
->i_fsr
, arm920t
->i_far
);
465 if (arm920t
->preserve_cache
) {
466 /* read-modify-write CP15 test state register
467 * to disable I/D-cache linefills */
468 retval
= arm920t_read_cp15_physical(target
,
469 CP15PHYS_TESTSTATE
, &cp15c15
);
470 if (retval
!= ERROR_OK
)
472 retval
= jtag_execute_queue();
473 if (retval
!= ERROR_OK
)
476 retval
= arm920t_write_cp15_physical(target
,
477 CP15PHYS_TESTSTATE
, cp15c15
);
478 if (retval
!= ERROR_OK
)
484 /* EXPORTED to FA256 */
485 void arm920t_pre_restore_context(struct target
*target
)
488 struct arm920t_common
*arm920t
= target_to_arm920(target
);
490 /* restore i/d fault status and address register */
491 arm920t_write_cp15_interpreted(target
, 0xee050f10, arm920t
->d_fsr
, 0x0);
492 arm920t_write_cp15_interpreted(target
, 0xee050f30, arm920t
->i_fsr
, 0x0);
493 arm920t_write_cp15_interpreted(target
, 0xee060f10, arm920t
->d_far
, 0x0);
494 arm920t_write_cp15_interpreted(target
, 0xee060f30, arm920t
->i_far
, 0x0);
496 /* read-modify-write CP15 test state register
497 * to reenable I/D-cache linefills */
498 if (arm920t
->preserve_cache
) {
499 arm920t_read_cp15_physical(target
,
500 CP15PHYS_TESTSTATE
, &cp15c15
);
501 jtag_execute_queue();
503 arm920t_write_cp15_physical(target
,
504 CP15PHYS_TESTSTATE
, cp15c15
);
508 static const char arm920_not
[] = "target is not an ARM920";
510 static int arm920t_verify_pointer(struct command_context
*cmd_ctx
,
511 struct arm920t_common
*arm920t
)
513 if (arm920t
->common_magic
!= ARM920T_COMMON_MAGIC
) {
514 command_print(cmd_ctx
, arm920_not
);
515 return ERROR_TARGET_INVALID
;
521 /** Logs summary of ARM920 state for a halted target. */
522 int arm920t_arch_state(struct target
*target
)
524 static const char *state
[] = {
525 "disabled", "enabled"
528 struct arm920t_common
*arm920t
= target_to_arm920(target
);
530 if (arm920t
->common_magic
!= ARM920T_COMMON_MAGIC
) {
531 LOG_ERROR("BUG: %s", arm920_not
);
532 return ERROR_TARGET_INVALID
;
535 arm_arch_state(target
);
536 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
537 state
[arm920t
->armv4_5_mmu
.mmu_enabled
],
538 state
[arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
],
539 state
[arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
]);
544 static int arm920_mmu(struct target
*target
, int *enabled
)
546 if (target
->state
!= TARGET_HALTED
) {
547 LOG_ERROR("%s: target not halted", __func__
);
548 return ERROR_TARGET_INVALID
;
551 *enabled
= target_to_arm920(target
)->armv4_5_mmu
.mmu_enabled
;
555 static int arm920_virt2phys(struct target
*target
,
556 target_addr_t virt
, target_addr_t
*phys
)
559 struct arm920t_common
*arm920t
= target_to_arm920(target
);
562 int retval
= armv4_5_mmu_translate_va(target
,
563 &arm920t
->armv4_5_mmu
, virt
, &cb
, &ret
);
564 if (retval
!= ERROR_OK
)
570 /** Reads a buffer, in the specified word size, with current MMU settings. */
571 int arm920t_read_memory(struct target
*target
, target_addr_t address
,
572 uint32_t size
, uint32_t count
, uint8_t *buffer
)
576 retval
= arm7_9_read_memory(target
, address
, size
, count
, buffer
);
582 static int arm920t_read_phys_memory(struct target
*target
,
583 target_addr_t address
, uint32_t size
,
584 uint32_t count
, uint8_t *buffer
)
586 struct arm920t_common
*arm920t
= target_to_arm920(target
);
588 return armv4_5_mmu_read_physical(target
, &arm920t
->armv4_5_mmu
,
589 address
, size
, count
, buffer
);
592 static int arm920t_write_phys_memory(struct target
*target
,
593 target_addr_t address
, uint32_t size
,
594 uint32_t count
, const uint8_t *buffer
)
596 struct arm920t_common
*arm920t
= target_to_arm920(target
);
598 return armv4_5_mmu_write_physical(target
, &arm920t
->armv4_5_mmu
,
599 address
, size
, count
, buffer
);
602 /** Writes a buffer, in the specified word size, with current MMU settings. */
603 int arm920t_write_memory(struct target
*target
, target_addr_t address
,
604 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
607 const uint32_t cache_mask
= ~0x1f; /* cache line size : 32 byte */
608 struct arm920t_common
*arm920t
= target_to_arm920(target
);
610 /* FIX!!!! this should be cleaned up and made much more general. The
611 * plan is to write up and test on arm920t specifically and
612 * then generalize and clean up afterwards.
614 * Also it should be moved to the callbacks that handle breakpoints
615 * specifically and not the generic memory write fn's. See XScale code.
617 if (arm920t
->armv4_5_mmu
.mmu_enabled
&& (count
== 1) &&
618 ((size
== 2) || (size
== 4))) {
619 /* special case the handling of single word writes to
620 * bypass MMU, to allow implementation of breakpoints
621 * in memory marked read only
628 * We need physical address and cb
630 retval
= armv4_5_mmu_translate_va(target
, &arm920t
->armv4_5_mmu
,
632 if (retval
!= ERROR_OK
)
635 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
) {
637 LOG_DEBUG("D-Cache buffered, "
638 "drain write buffer");
641 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
644 retval
= arm920t_write_cp15_interpreted(target
,
645 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
647 if (retval
!= ERROR_OK
)
653 * Write back memory ? -> clean cache
655 * There is no way to clean cache lines using
656 * cp15 scan chain, so copy the full cache
657 * line from cache to physical memory.
661 LOG_DEBUG("D-Cache in 'write back' mode, "
664 retval
= target_read_memory(target
,
665 address
& cache_mask
, 1,
666 sizeof(data
), &data
[0]);
667 if (retval
!= ERROR_OK
)
670 retval
= armv4_5_mmu_write_physical(target
,
671 &arm920t
->armv4_5_mmu
,
673 sizeof(data
), &data
[0]);
674 if (retval
!= ERROR_OK
)
681 * Cached ? -> Invalidate data cache using MVA
683 * MCR p15,0,Rd,c7,c6,1
685 LOG_DEBUG("D-Cache enabled, "
686 "invalidate cache line");
688 retval
= arm920t_write_cp15_interpreted(target
,
689 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
690 address
& cache_mask
);
691 if (retval
!= ERROR_OK
)
696 /* write directly to physical memory,
697 * bypassing any read only MMU bits, etc.
699 retval
= armv4_5_mmu_write_physical(target
,
700 &arm920t
->armv4_5_mmu
, pa
, size
,
702 if (retval
!= ERROR_OK
)
705 retval
= arm7_9_write_memory(target
, address
, size
, count
, buffer
);
706 if (retval
!= ERROR_OK
)
710 /* If ICache is enabled, we have to invalidate affected ICache lines
711 * the DCache is forced to write-through,
712 * so we don't have to clean it here
714 if (arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
) {
716 /* invalidate ICache single entry with MVA
717 * mcr 15, 0, r0, cr7, cr5, {1}
719 LOG_DEBUG("I-Cache enabled, "
720 "invalidating affected I-Cache line");
721 retval
= arm920t_write_cp15_interpreted(target
,
722 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
723 0x0, address
& cache_mask
);
724 if (retval
!= ERROR_OK
)
728 * mcr 15, 0, r0, cr7, cr5, {0}
730 retval
= arm920t_write_cp15_interpreted(target
,
731 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
733 if (retval
!= ERROR_OK
)
741 /* EXPORTED to FA256 */
742 int arm920t_soft_reset_halt(struct target
*target
)
744 int retval
= ERROR_OK
;
745 struct arm920t_common
*arm920t
= target_to_arm920(target
);
746 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
747 struct arm
*arm
= &arm7_9
->arm
;
748 struct reg
*dbg_stat
= &arm7_9
->eice_cache
->reg_list
[EICE_DBG_STAT
];
750 retval
= target_halt(target
);
751 if (retval
!= ERROR_OK
)
754 int64_t then
= timeval_ms();
756 while (!(timeout
= ((timeval_ms()-then
) > 1000))) {
757 if (buf_get_u32(dbg_stat
->value
, EICE_DBG_STATUS_DBGACK
, 1) == 0) {
758 embeddedice_read_reg(dbg_stat
);
759 retval
= jtag_execute_queue();
760 if (retval
!= ERROR_OK
)
764 if (debug_level
>= 3) {
765 /* do not eat all CPU, time out after 1 se*/
771 LOG_ERROR("Failed to halt CPU after 1 sec");
772 return ERROR_TARGET_TIMEOUT
;
775 target
->state
= TARGET_HALTED
;
777 /* SVC, ARM state, IRQ and FIQ disabled */
780 cpsr
= buf_get_u32(arm
->cpsr
->value
, 0, 32);
783 arm_set_cpsr(arm
, cpsr
);
784 arm
->cpsr
->dirty
= 1;
786 /* start fetching from 0x0 */
787 buf_set_u32(arm
->pc
->value
, 0, 32, 0x0);
791 arm920t_disable_mmu_caches(target
, 1, 1, 1);
792 arm920t
->armv4_5_mmu
.mmu_enabled
= 0;
793 arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_cache_enabled
= 0;
794 arm920t
->armv4_5_mmu
.armv4_5_cache
.i_cache_enabled
= 0;
796 return target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
799 /* FIXME remove forward decls */
800 static int arm920t_mrc(struct target
*target
, int cpnum
,
801 uint32_t op1
, uint32_t op2
,
802 uint32_t CRn
, uint32_t CRm
,
804 static int arm920t_mcr(struct target
*target
, int cpnum
,
805 uint32_t op1
, uint32_t op2
,
806 uint32_t CRn
, uint32_t CRm
,
809 static int arm920t_init_arch_info(struct target
*target
,
810 struct arm920t_common
*arm920t
, struct jtag_tap
*tap
)
812 struct arm7_9_common
*arm7_9
= &arm920t
->arm7_9_common
;
814 arm7_9
->arm
.mrc
= arm920t_mrc
;
815 arm7_9
->arm
.mcr
= arm920t_mcr
;
817 /* initialize arm7/arm9 specific info (including armv4_5) */
818 arm9tdmi_init_arch_info(target
, arm7_9
, tap
);
820 arm920t
->common_magic
= ARM920T_COMMON_MAGIC
;
822 arm7_9
->post_debug_entry
= arm920t_post_debug_entry
;
823 arm7_9
->pre_restore_context
= arm920t_pre_restore_context
;
824 arm7_9
->write_memory
= arm920t_write_memory
;
826 arm920t
->armv4_5_mmu
.armv4_5_cache
.ctype
= -1;
827 arm920t
->armv4_5_mmu
.get_ttb
= arm920t_get_ttb
;
828 arm920t
->armv4_5_mmu
.read_memory
= arm7_9_read_memory
;
829 arm920t
->armv4_5_mmu
.write_memory
= arm7_9_write_memory
;
830 arm920t
->armv4_5_mmu
.disable_mmu_caches
= arm920t_disable_mmu_caches
;
831 arm920t
->armv4_5_mmu
.enable_mmu_caches
= arm920t_enable_mmu_caches
;
832 arm920t
->armv4_5_mmu
.has_tiny_pages
= 1;
833 arm920t
->armv4_5_mmu
.mmu_enabled
= 0;
835 /* disabling linefills leads to lockups, so keep them enabled for now
836 * this doesn't affect correctness, but might affect timing issues, if
837 * important data is evicted from the cache during the debug session
839 arm920t
->preserve_cache
= 0;
841 /* override hw single-step capability from ARM9TDMI */
842 arm7_9
->has_single_step
= 1;
847 static int arm920t_target_create(struct target
*target
, Jim_Interp
*interp
)
849 struct arm920t_common
*arm920t
;
851 arm920t
= calloc(1, sizeof(struct arm920t_common
));
852 return arm920t_init_arch_info(target
, arm920t
, target
->tap
);
855 COMMAND_HANDLER(arm920t_handle_read_cache_command
)
857 int retval
= ERROR_OK
;
858 struct target
*target
= get_current_target(CMD_CTX
);
859 struct arm920t_common
*arm920t
= target_to_arm920(target
);
860 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
861 struct arm
*arm
= &arm7_9
->arm
;
863 uint32_t cp15_ctrl
, cp15_ctrl_saved
;
865 uint32_t *regs_p
[16];
866 uint32_t C15_C_D_Ind
, C15_C_I_Ind
;
869 int segment
, index_t
;
872 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
873 if (retval
!= ERROR_OK
)
877 return ERROR_COMMAND_SYNTAX_ERROR
;
879 output
= fopen(CMD_ARGV
[0], "w");
880 if (output
== NULL
) {
881 LOG_DEBUG("error opening cache content file");
885 for (i
= 0; i
< 16; i
++)
886 regs_p
[i
] = ®s
[i
];
888 /* disable MMU and Caches */
889 arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_ctrl
);
890 retval
= jtag_execute_queue();
891 if (retval
!= ERROR_OK
)
893 cp15_ctrl_saved
= cp15_ctrl
;
894 cp15_ctrl
&= ~(ARMV4_5_MMU_ENABLED
895 | ARMV4_5_D_U_CACHE_ENABLED
| ARMV4_5_I_CACHE_ENABLED
);
896 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl
);
898 /* read CP15 test state register */
899 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
900 jtag_execute_queue();
902 /* read DCache content */
903 fprintf(output
, "DCache:\n");
905 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
907 segment
< arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_size
.nsets
;
909 fprintf(output
, "\nsegment: %i\n----------", segment
);
911 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
912 regs
[0] = 0x0 | (segment
<< 5);
913 arm9tdmi_write_core_regs(target
, 0x1, regs
);
915 /* set interpret mode */
917 arm920t_write_cp15_physical(target
,
918 CP15PHYS_TESTSTATE
, cp15c15
);
920 /* D CAM Read, loads current victim into C15.C.D.Ind */
921 arm920t_execute_cp15(target
,
922 ARMV4_5_MCR(15, 2, 0, 15, 6, 2), ARMV4_5_LDR(1, 0));
924 /* read current victim */
925 arm920t_read_cp15_physical(target
,
926 CP15PHYS_DCACHE_IDX
, &C15_C_D_Ind
);
928 /* clear interpret mode */
930 arm920t_write_cp15_physical(target
,
931 CP15PHYS_TESTSTATE
, cp15c15
);
933 for (index_t
= 0; index_t
< 64; index_t
++) {
935 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
937 regs
[0] = 0x0 | (segment
<< 5) | (index_t
<< 26);
938 arm9tdmi_write_core_regs(target
, 0x1, regs
);
940 /* set interpret mode */
942 arm920t_write_cp15_physical(target
,
943 CP15PHYS_TESTSTATE
, cp15c15
);
945 /* Write DCache victim */
946 arm920t_execute_cp15(target
,
947 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
950 arm920t_execute_cp15(target
,
951 ARMV4_5_MCR(15, 2, 0, 15, 10, 2),
952 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
955 arm920t_execute_cp15(target
,
956 ARMV4_5_MCR(15, 2, 0, 15, 6, 2),
959 /* clear interpret mode */
961 arm920t_write_cp15_physical(target
,
962 CP15PHYS_TESTSTATE
, cp15c15
);
964 /* read D RAM and CAM content */
965 arm9tdmi_read_core_regs(target
, 0x3fe, regs_p
);
966 retval
= jtag_execute_queue();
967 if (retval
!= ERROR_OK
)
971 regs
[9] &= 0xfffffffe;
972 fprintf(output
, "\nsegment: %i, index: %i, CAM: 0x%8.8"
973 PRIx32
", content (%s):\n",
974 segment
, index_t
, regs
[9],
975 (regs
[9] & 0x10) ? "valid" : "invalid");
977 for (i
= 1; i
< 9; i
++) {
978 fprintf(output
, "%i: 0x%8.8" PRIx32
"\n",
984 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
985 regs
[0] = 0x0 | (segment
<< 5) | (C15_C_D_Ind
<< 26);
986 arm9tdmi_write_core_regs(target
, 0x1, regs
);
988 /* set interpret mode */
990 arm920t_write_cp15_physical(target
,
991 CP15PHYS_TESTSTATE
, cp15c15
);
993 /* Write DCache victim */
994 arm920t_execute_cp15(target
,
995 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
997 /* clear interpret mode */
999 arm920t_write_cp15_physical(target
,
1000 CP15PHYS_TESTSTATE
, cp15c15
);
1003 /* read ICache content */
1004 fprintf(output
, "ICache:\n");
1006 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1008 segment
< arm920t
->armv4_5_mmu
.armv4_5_cache
.d_u_size
.nsets
;
1010 fprintf(output
, "segment: %i\n----------", segment
);
1012 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1013 regs
[0] = 0x0 | (segment
<< 5);
1014 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1016 /* set interpret mode */
1018 arm920t_write_cp15_physical(target
,
1019 CP15PHYS_TESTSTATE
, cp15c15
);
1021 /* I CAM Read, loads current victim into C15.C.I.Ind */
1022 arm920t_execute_cp15(target
,
1023 ARMV4_5_MCR(15, 2, 0, 15, 5, 2), ARMV4_5_LDR(1, 0));
1025 /* read current victim */
1026 arm920t_read_cp15_physical(target
, CP15PHYS_ICACHE_IDX
,
1029 /* clear interpret mode */
1031 arm920t_write_cp15_physical(target
,
1032 CP15PHYS_TESTSTATE
, cp15c15
);
1034 for (index_t
= 0; index_t
< 64; index_t
++) {
1036 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1038 regs
[0] = 0x0 | (segment
<< 5) | (index_t
<< 26);
1039 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1041 /* set interpret mode */
1043 arm920t_write_cp15_physical(target
,
1044 CP15PHYS_TESTSTATE
, cp15c15
);
1046 /* Write ICache victim */
1047 arm920t_execute_cp15(target
,
1048 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1051 arm920t_execute_cp15(target
,
1052 ARMV4_5_MCR(15, 2, 0, 15, 9, 2),
1053 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1056 arm920t_execute_cp15(target
,
1057 ARMV4_5_MCR(15, 2, 0, 15, 5, 2),
1060 /* clear interpret mode */
1062 arm920t_write_cp15_physical(target
,
1063 CP15PHYS_TESTSTATE
, cp15c15
);
1065 /* read I RAM and CAM content */
1066 arm9tdmi_read_core_regs(target
, 0x3fe, regs_p
);
1067 retval
= jtag_execute_queue();
1068 if (retval
!= ERROR_OK
)
1072 regs
[9] &= 0xfffffffe;
1073 fprintf(output
, "\nsegment: %i, index: %i, "
1074 "CAM: 0x%8.8" PRIx32
", content (%s):\n",
1075 segment
, index_t
, regs
[9],
1076 (regs
[9] & 0x10) ? "valid" : "invalid");
1078 for (i
= 1; i
< 9; i
++) {
1079 fprintf(output
, "%i: 0x%8.8" PRIx32
"\n",
1084 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1085 regs
[0] = 0x0 | (segment
<< 5) | (C15_C_D_Ind
<< 26);
1086 arm9tdmi_write_core_regs(target
, 0x1, regs
);
1088 /* set interpret mode */
1090 arm920t_write_cp15_physical(target
,
1091 CP15PHYS_TESTSTATE
, cp15c15
);
1093 /* Write ICache victim */
1094 arm920t_execute_cp15(target
,
1095 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1097 /* clear interpret mode */
1099 arm920t_write_cp15_physical(target
,
1100 CP15PHYS_TESTSTATE
, cp15c15
);
1103 /* restore CP15 MMU and Cache settings */
1104 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl_saved
);
1106 command_print(CMD_CTX
, "cache content successfully output to %s",
1111 if (!is_arm_mode(arm
->core_mode
)) {
1112 LOG_ERROR("not a valid arm core mode - communication failure?");
1116 /* force writeback of the valid data */
1117 r
= arm
->core_cache
->reg_list
;
1118 r
[0].dirty
= r
[0].valid
;
1119 r
[1].dirty
= r
[1].valid
;
1120 r
[2].dirty
= r
[2].valid
;
1121 r
[3].dirty
= r
[3].valid
;
1122 r
[4].dirty
= r
[4].valid
;
1123 r
[5].dirty
= r
[5].valid
;
1124 r
[6].dirty
= r
[6].valid
;
1125 r
[7].dirty
= r
[7].valid
;
1127 r
= arm_reg_current(arm
, 8);
1128 r
->dirty
= r
->valid
;
1130 r
= arm_reg_current(arm
, 9);
1131 r
->dirty
= r
->valid
;
1136 COMMAND_HANDLER(arm920t_handle_read_mmu_command
)
1138 int retval
= ERROR_OK
;
1139 struct target
*target
= get_current_target(CMD_CTX
);
1140 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1141 struct arm7_9_common
*arm7_9
= target_to_arm7_9(target
);
1142 struct arm
*arm
= &arm7_9
->arm
;
1144 uint32_t cp15_ctrl
, cp15_ctrl_saved
;
1146 uint32_t *regs_p
[16];
1149 uint32_t Dlockdown
, Ilockdown
;
1150 struct arm920t_tlb_entry d_tlb
[64], i_tlb
[64];
1154 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1155 if (retval
!= ERROR_OK
)
1159 return ERROR_COMMAND_SYNTAX_ERROR
;
1161 output
= fopen(CMD_ARGV
[0], "w");
1162 if (output
== NULL
) {
1163 LOG_DEBUG("error opening mmu content file");
1167 for (i
= 0; i
< 16; i
++)
1168 regs_p
[i
] = ®s
[i
];
1170 /* disable MMU and Caches */
1171 arm920t_read_cp15_physical(target
, CP15PHYS_CTRL
, &cp15_ctrl
);
1172 retval
= jtag_execute_queue();
1173 if (retval
!= ERROR_OK
)
1175 cp15_ctrl_saved
= cp15_ctrl
;
1176 cp15_ctrl
&= ~(ARMV4_5_MMU_ENABLED
1177 | ARMV4_5_D_U_CACHE_ENABLED
| ARMV4_5_I_CACHE_ENABLED
);
1178 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl
);
1180 /* read CP15 test state register */
1181 arm920t_read_cp15_physical(target
, CP15PHYS_TESTSTATE
, &cp15c15
);
1182 retval
= jtag_execute_queue();
1183 if (retval
!= ERROR_OK
)
1186 /* prepare reading D TLB content
1189 /* set interpret mode */
1191 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1193 /* Read D TLB lockdown */
1194 arm920t_execute_cp15(target
,
1195 ARMV4_5_MRC(15, 0, 0, 10, 0, 0), ARMV4_5_LDR(1, 0));
1197 /* clear interpret mode */
1199 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1201 /* read D TLB lockdown stored to r1 */
1202 arm9tdmi_read_core_regs(target
, 0x2, regs_p
);
1203 retval
= jtag_execute_queue();
1204 if (retval
!= ERROR_OK
)
1206 Dlockdown
= regs
[1];
1208 for (victim
= 0; victim
< 64; victim
+= 8) {
1209 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1210 * base remains unchanged, victim goes through entries 0 to 63
1212 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1213 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1215 /* set interpret mode */
1217 arm920t_write_cp15_physical(target
,
1218 CP15PHYS_TESTSTATE
, cp15c15
);
1220 /* Write D TLB lockdown */
1221 arm920t_execute_cp15(target
,
1222 ARMV4_5_MCR(15, 0, 0, 10, 0, 0),
1225 /* Read D TLB CAM */
1226 arm920t_execute_cp15(target
,
1227 ARMV4_5_MCR(15, 4, 0, 15, 6, 4),
1228 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1230 /* clear interpret mode */
1232 arm920t_write_cp15_physical(target
,
1233 CP15PHYS_TESTSTATE
, cp15c15
);
1235 /* read D TLB CAM content stored to r2-r9 */
1236 arm9tdmi_read_core_regs(target
, 0x3fc, regs_p
);
1237 retval
= jtag_execute_queue();
1238 if (retval
!= ERROR_OK
)
1241 for (i
= 0; i
< 8; i
++)
1242 d_tlb
[victim
+ i
].cam
= regs
[i
+ 2];
1245 for (victim
= 0; victim
< 64; victim
++) {
1246 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1247 * base remains unchanged, victim goes through entries 0 to 63
1249 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1250 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1252 /* set interpret mode */
1254 arm920t_write_cp15_physical(target
,
1255 CP15PHYS_TESTSTATE
, cp15c15
);
1257 /* Write D TLB lockdown */
1258 arm920t_execute_cp15(target
,
1259 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1261 /* Read D TLB RAM1 */
1262 arm920t_execute_cp15(target
,
1263 ARMV4_5_MCR(15, 4, 0, 15, 10, 4), ARMV4_5_LDR(2, 0));
1265 /* Read D TLB RAM2 */
1266 arm920t_execute_cp15(target
,
1267 ARMV4_5_MCR(15, 4, 0, 15, 2, 5), ARMV4_5_LDR(3, 0));
1269 /* clear interpret mode */
1271 arm920t_write_cp15_physical(target
,
1272 CP15PHYS_TESTSTATE
, cp15c15
);
1274 /* read D TLB RAM content stored to r2 and r3 */
1275 arm9tdmi_read_core_regs(target
, 0xc, regs_p
);
1276 retval
= jtag_execute_queue();
1277 if (retval
!= ERROR_OK
)
1280 d_tlb
[victim
].ram1
= regs
[2];
1281 d_tlb
[victim
].ram2
= regs
[3];
1284 /* restore D TLB lockdown */
1285 regs
[1] = Dlockdown
;
1286 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1288 /* Write D TLB lockdown */
1289 arm920t_execute_cp15(target
,
1290 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1292 /* prepare reading I TLB content
1295 /* set interpret mode */
1297 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1299 /* Read I TLB lockdown */
1300 arm920t_execute_cp15(target
,
1301 ARMV4_5_MRC(15, 0, 0, 10, 0, 1), ARMV4_5_LDR(1, 0));
1303 /* clear interpret mode */
1305 arm920t_write_cp15_physical(target
, CP15PHYS_TESTSTATE
, cp15c15
);
1307 /* read I TLB lockdown stored to r1 */
1308 arm9tdmi_read_core_regs(target
, 0x2, regs_p
);
1309 retval
= jtag_execute_queue();
1310 if (retval
!= ERROR_OK
)
1312 Ilockdown
= regs
[1];
1314 for (victim
= 0; victim
< 64; victim
+= 8) {
1315 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1316 * base remains unchanged, victim goes through entries 0 to 63
1318 regs
[1] = (Ilockdown
& 0xfc000000) | (victim
<< 20);
1319 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1321 /* set interpret mode */
1323 arm920t_write_cp15_physical(target
,
1324 CP15PHYS_TESTSTATE
, cp15c15
);
1326 /* Write I TLB lockdown */
1327 arm920t_execute_cp15(target
,
1328 ARMV4_5_MCR(15, 0, 0, 10, 0, 1),
1331 /* Read I TLB CAM */
1332 arm920t_execute_cp15(target
,
1333 ARMV4_5_MCR(15, 4, 0, 15, 5, 4),
1334 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1336 /* clear interpret mode */
1338 arm920t_write_cp15_physical(target
,
1339 CP15PHYS_TESTSTATE
, cp15c15
);
1341 /* read I TLB CAM content stored to r2-r9 */
1342 arm9tdmi_read_core_regs(target
, 0x3fc, regs_p
);
1343 retval
= jtag_execute_queue();
1344 if (retval
!= ERROR_OK
)
1347 for (i
= 0; i
< 8; i
++)
1348 i_tlb
[i
+ victim
].cam
= regs
[i
+ 2];
1351 for (victim
= 0; victim
< 64; victim
++) {
1352 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1353 * base remains unchanged, victim goes through entries 0 to 63
1355 regs
[1] = (Dlockdown
& 0xfc000000) | (victim
<< 20);
1356 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1358 /* set interpret mode */
1360 arm920t_write_cp15_physical(target
,
1361 CP15PHYS_TESTSTATE
, cp15c15
);
1363 /* Write I TLB lockdown */
1364 arm920t_execute_cp15(target
,
1365 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1367 /* Read I TLB RAM1 */
1368 arm920t_execute_cp15(target
,
1369 ARMV4_5_MCR(15, 4, 0, 15, 9, 4), ARMV4_5_LDR(2, 0));
1371 /* Read I TLB RAM2 */
1372 arm920t_execute_cp15(target
,
1373 ARMV4_5_MCR(15, 4, 0, 15, 1, 5), ARMV4_5_LDR(3, 0));
1375 /* clear interpret mode */
1377 arm920t_write_cp15_physical(target
,
1378 CP15PHYS_TESTSTATE
, cp15c15
);
1380 /* read I TLB RAM content stored to r2 and r3 */
1381 arm9tdmi_read_core_regs(target
, 0xc, regs_p
);
1382 retval
= jtag_execute_queue();
1383 if (retval
!= ERROR_OK
)
1386 i_tlb
[victim
].ram1
= regs
[2];
1387 i_tlb
[victim
].ram2
= regs
[3];
1390 /* restore I TLB lockdown */
1391 regs
[1] = Ilockdown
;
1392 arm9tdmi_write_core_regs(target
, 0x2, regs
);
1394 /* Write I TLB lockdown */
1395 arm920t_execute_cp15(target
,
1396 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1398 /* restore CP15 MMU and Cache settings */
1399 arm920t_write_cp15_physical(target
, CP15PHYS_CTRL
, cp15_ctrl_saved
);
1401 /* output data to file */
1402 fprintf(output
, "D TLB content:\n");
1403 for (i
= 0; i
< 64; i
++) {
1404 fprintf(output
, "%i: 0x%8.8" PRIx32
" 0x%8.8" PRIx32
1405 " 0x%8.8" PRIx32
" %s\n",
1406 i
, d_tlb
[i
].cam
, d_tlb
[i
].ram1
, d_tlb
[i
].ram2
,
1407 (d_tlb
[i
].cam
& 0x20) ? "(valid)" : "(invalid)");
1410 fprintf(output
, "\n\nI TLB content:\n");
1411 for (i
= 0; i
< 64; i
++) {
1412 fprintf(output
, "%i: 0x%8.8" PRIx32
" 0x%8.8" PRIx32
1413 " 0x%8.8" PRIx32
" %s\n",
1414 i
, i_tlb
[i
].cam
, i_tlb
[i
].ram1
, i_tlb
[i
].ram2
,
1415 (i_tlb
[i
].cam
& 0x20) ? "(valid)" : "(invalid)");
1418 command_print(CMD_CTX
, "mmu content successfully output to %s",
1423 if (!is_arm_mode(arm
->core_mode
)) {
1424 LOG_ERROR("not a valid arm core mode - communication failure?");
1428 /* force writeback of the valid data */
1429 r
= arm
->core_cache
->reg_list
;
1430 r
[0].dirty
= r
[0].valid
;
1431 r
[1].dirty
= r
[1].valid
;
1432 r
[2].dirty
= r
[2].valid
;
1433 r
[3].dirty
= r
[3].valid
;
1434 r
[4].dirty
= r
[4].valid
;
1435 r
[5].dirty
= r
[5].valid
;
1436 r
[6].dirty
= r
[6].valid
;
1437 r
[7].dirty
= r
[7].valid
;
1439 r
= arm_reg_current(arm
, 8);
1440 r
->dirty
= r
->valid
;
1442 r
= arm_reg_current(arm
, 9);
1443 r
->dirty
= r
->valid
;
1448 COMMAND_HANDLER(arm920t_handle_cp15_command
)
1451 struct target
*target
= get_current_target(CMD_CTX
);
1452 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1454 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1455 if (retval
!= ERROR_OK
)
1458 if (target
->state
!= TARGET_HALTED
) {
1459 command_print(CMD_CTX
, "target must be stopped for "
1460 "\"%s\" command", CMD_NAME
);
1464 /* one argument, read a register.
1465 * two arguments, write it.
1467 if (CMD_ARGC
>= 1) {
1469 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[0], address
);
1471 if (CMD_ARGC
== 1) {
1473 retval
= arm920t_read_cp15_physical(target
, address
, &value
);
1474 if (retval
!= ERROR_OK
) {
1475 command_print(CMD_CTX
,
1476 "couldn't access reg %i", address
);
1479 retval
= jtag_execute_queue();
1480 if (retval
!= ERROR_OK
)
1483 command_print(CMD_CTX
, "%i: %8.8" PRIx32
,
1485 } else if (CMD_ARGC
== 2) {
1487 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1488 retval
= arm920t_write_cp15_physical(target
,
1490 if (retval
!= ERROR_OK
) {
1491 command_print(CMD_CTX
,
1492 "couldn't access reg %i", address
);
1493 /* REVISIT why lie? "return retval"? */
1496 command_print(CMD_CTX
, "%i: %8.8" PRIx32
,
1504 COMMAND_HANDLER(arm920t_handle_cp15i_command
)
1507 struct target
*target
= get_current_target(CMD_CTX
);
1508 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1510 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1511 if (retval
!= ERROR_OK
)
1515 if (target
->state
!= TARGET_HALTED
) {
1516 command_print(CMD_CTX
, "target must be stopped for "
1517 "\"%s\" command", CMD_NAME
);
1521 /* one argument, read a register.
1522 * two arguments, write it.
1524 if (CMD_ARGC
>= 1) {
1526 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[0], opcode
);
1528 if (CMD_ARGC
== 1) {
1530 retval
= arm920t_read_cp15_interpreted(target
,
1531 opcode
, 0x0, &value
);
1532 if (retval
!= ERROR_OK
) {
1533 command_print(CMD_CTX
,
1534 "couldn't execute %8.8" PRIx32
,
1536 /* REVISIT why lie? "return retval"? */
1540 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
,
1542 } else if (CMD_ARGC
== 2) {
1544 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1545 retval
= arm920t_write_cp15_interpreted(target
,
1547 if (retval
!= ERROR_OK
) {
1548 command_print(CMD_CTX
,
1549 "couldn't execute %8.8" PRIx32
,
1551 /* REVISIT why lie? "return retval"? */
1554 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
,
1556 } else if (CMD_ARGC
== 3) {
1558 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[1], value
);
1560 COMMAND_PARSE_NUMBER(u32
, CMD_ARGV
[2], address
);
1561 retval
= arm920t_write_cp15_interpreted(target
,
1562 opcode
, value
, address
);
1563 if (retval
!= ERROR_OK
) {
1564 command_print(CMD_CTX
,
1565 "couldn't execute %8.8" PRIx32
, opcode
);
1566 /* REVISIT why lie? "return retval"? */
1569 command_print(CMD_CTX
, "%8.8" PRIx32
": %8.8" PRIx32
1570 " %8.8" PRIx32
, opcode
, value
, address
);
1573 return ERROR_COMMAND_SYNTAX_ERROR
;
1578 COMMAND_HANDLER(arm920t_handle_cache_info_command
)
1581 struct target
*target
= get_current_target(CMD_CTX
);
1582 struct arm920t_common
*arm920t
= target_to_arm920(target
);
1584 retval
= arm920t_verify_pointer(CMD_CTX
, arm920t
);
1585 if (retval
!= ERROR_OK
)
1588 return armv4_5_handle_cache_info_command(CMD_CTX
,
1589 &arm920t
->armv4_5_mmu
.armv4_5_cache
);
1593 static int arm920t_mrc(struct target
*target
, int cpnum
,
1594 uint32_t op1
, uint32_t op2
,
1595 uint32_t CRn
, uint32_t CRm
,
1599 LOG_ERROR("Only cp15 is supported");
1604 return arm920t_read_cp15_interpreted(target
,
1605 ARMV4_5_MRC(cpnum
, op1
, 0, CRn
, CRm
, op2
),
1609 static int arm920t_mcr(struct target
*target
, int cpnum
,
1610 uint32_t op1
, uint32_t op2
,
1611 uint32_t CRn
, uint32_t CRm
,
1615 LOG_ERROR("Only cp15 is supported");
1619 /* write "from" r0 */
1620 return arm920t_write_cp15_interpreted(target
,
1621 ARMV4_5_MCR(cpnum
, op1
, 0, CRn
, CRm
, op2
),
1625 static const struct command_registration arm920t_exec_command_handlers
[] = {
1628 .handler
= arm920t_handle_cp15_command
,
1629 .mode
= COMMAND_EXEC
,
1630 .help
= "display/modify cp15 register",
1631 .usage
= "regnum [value]",
1635 .handler
= arm920t_handle_cp15i_command
,
1636 .mode
= COMMAND_EXEC
,
1637 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1638 .help
= "display/modify cp15 register using ARM opcode"
1640 .usage
= "instruction [value [address]]",
1643 .name
= "cache_info",
1644 .handler
= arm920t_handle_cache_info_command
,
1645 .mode
= COMMAND_EXEC
,
1647 .help
= "display information about target caches",
1650 .name
= "read_cache",
1651 .handler
= arm920t_handle_read_cache_command
,
1652 .mode
= COMMAND_EXEC
,
1653 .help
= "dump I/D cache content to file",
1654 .usage
= "filename",
1658 .handler
= arm920t_handle_read_mmu_command
,
1659 .mode
= COMMAND_EXEC
,
1660 .help
= "dump I/D mmu content to file",
1661 .usage
= "filename",
1663 COMMAND_REGISTRATION_DONE
1665 const struct command_registration arm920t_command_handlers
[] = {
1667 .chain
= arm9tdmi_command_handlers
,
1671 .mode
= COMMAND_ANY
,
1672 .help
= "arm920t command group",
1674 .chain
= arm920t_exec_command_handlers
,
1676 COMMAND_REGISTRATION_DONE
1679 /** Holds methods for ARM920 targets. */
1680 struct target_type arm920t_target
= {
1683 .poll
= arm7_9_poll
,
1684 .arch_state
= arm920t_arch_state
,
1686 .target_request_data
= arm7_9_target_request_data
,
1688 .halt
= arm7_9_halt
,
1689 .resume
= arm7_9_resume
,
1690 .step
= arm7_9_step
,
1692 .assert_reset
= arm7_9_assert_reset
,
1693 .deassert_reset
= arm7_9_deassert_reset
,
1694 .soft_reset_halt
= arm920t_soft_reset_halt
,
1696 .get_gdb_arch
= arm_get_gdb_arch
,
1697 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
1699 .read_memory
= arm920t_read_memory
,
1700 .write_memory
= arm7_9_write_memory_opt
,
1701 .read_phys_memory
= arm920t_read_phys_memory
,
1702 .write_phys_memory
= arm920t_write_phys_memory
,
1704 .virt2phys
= arm920_virt2phys
,
1706 .checksum_memory
= arm_checksum_memory
,
1707 .blank_check_memory
= arm_blank_check_memory
,
1709 .run_algorithm
= armv4_5_run_algorithm
,
1711 .add_breakpoint
= arm7_9_add_breakpoint
,
1712 .remove_breakpoint
= arm7_9_remove_breakpoint
,
1713 .add_watchpoint
= arm7_9_add_watchpoint
,
1714 .remove_watchpoint
= arm7_9_remove_watchpoint
,
1716 .commands
= arm920t_command_handlers
,
1717 .target_create
= arm920t_target_create
,
1718 .init_target
= arm9tdmi_init_target
,
1719 .examine
= arm7_9_examine
,
1720 .check_reset
= arm7_9_check_reset
,
Linking to existing account procedure
If you already have an account and want to add another login method
you
MUST first sign in with your existing account and
then change URL to read
https://review.openocd.org/login/?link
to get to this page again but this time it'll work for linking. Thank you.
SSH host keys fingerprints
1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=.. |
|+o.. . |
|*.o . . |
|+B . . . |
|Bo. = o S |
|Oo.+ + = |
|oB=.* = . o |
| =+=.+ + E |
|. .=o . o |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)