Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
TARGET: removed unused parameters
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
95 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
96
97 fields[0].num_bits = 1;
98 fields[0].out_value = &access_type_buf;
99 fields[0].in_value = NULL;
100
101 fields[1].num_bits = 32;
102 fields[1].out_value = NULL;
103 fields[1].in_value = NULL;
104
105 fields[2].num_bits = 6;
106 fields[2].out_value = &reg_addr_buf;
107 fields[2].in_value = NULL;
108
109 fields[3].num_bits = 1;
110 fields[3].out_value = &nr_w_buf;
111 fields[3].in_value = NULL;
112
113 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
114
115 fields[1].in_value = (uint8_t *)value;
116
117 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
118
119 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
120
121 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
122 jtag_execute_queue();
123 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
124 #endif
125
126 return ERROR_OK;
127 }
128
129 static int arm920t_write_cp15_physical(struct target *target,
130 int reg_addr, uint32_t value)
131 {
132 struct arm920t_common *arm920t = target_to_arm920(target);
133 struct arm_jtag *jtag_info;
134 struct scan_field fields[4];
135 uint8_t access_type_buf = 1;
136 uint8_t reg_addr_buf = reg_addr & 0x3f;
137 uint8_t nr_w_buf = 1;
138 uint8_t value_buf[4];
139
140 jtag_info = &arm920t->arm7_9_common.jtag_info;
141
142 buf_set_u32(value_buf, 0, 32, value);
143
144 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
145 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
146
147 fields[0].num_bits = 1;
148 fields[0].out_value = &access_type_buf;
149 fields[0].in_value = NULL;
150
151 fields[1].num_bits = 32;
152 fields[1].out_value = value_buf;
153 fields[1].in_value = NULL;
154
155 fields[2].num_bits = 6;
156 fields[2].out_value = &reg_addr_buf;
157 fields[2].in_value = NULL;
158
159 fields[3].num_bits = 1;
160 fields[3].out_value = &nr_w_buf;
161 fields[3].in_value = NULL;
162
163 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
164
165 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
166 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
167 #endif
168
169 return ERROR_OK;
170 }
171
172 /* See table 9-10 for scan chain 15 format during interpreted access mode.
173 * If the TESTSTATE register is set for interpreted access, certain CP15
174 * MRC and MCR instructions may be executed through scan chain 15.
175 *
176 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
177 * executed using scan chain 15 interpreted mode.
178 */
179 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
180 uint32_t arm_opcode)
181 {
182 int retval;
183 struct arm920t_common *arm920t = target_to_arm920(target);
184 struct arm_jtag *jtag_info;
185 struct scan_field fields[4];
186 uint8_t access_type_buf = 0; /* interpreted access */
187 uint8_t reg_addr_buf = 0x0;
188 uint8_t nr_w_buf = 0;
189 uint8_t cp15_opcode_buf[4];
190
191 jtag_info = &arm920t->arm7_9_common.jtag_info;
192
193 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
194 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
195
196 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
197
198 fields[0].num_bits = 1;
199 fields[0].out_value = &access_type_buf;
200 fields[0].in_value = NULL;
201
202 fields[1].num_bits = 32;
203 fields[1].out_value = cp15_opcode_buf;
204 fields[1].in_value = NULL;
205
206 fields[2].num_bits = 6;
207 fields[2].out_value = &reg_addr_buf;
208 fields[2].in_value = NULL;
209
210 fields[3].num_bits = 1;
211 fields[3].out_value = &nr_w_buf;
212 fields[3].in_value = NULL;
213
214 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
215
216 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
217 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
218 retval = arm7_9_execute_sys_speed(target);
219 if (retval != ERROR_OK)
220 return retval;
221
222 if ((retval = jtag_execute_queue()) != ERROR_OK)
223 {
224 LOG_ERROR("failed executing JTAG queue");
225 return retval;
226 }
227
228 return ERROR_OK;
229 }
230
231 static int arm920t_read_cp15_interpreted(struct target *target,
232 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
233 {
234 struct arm *armv4_5 = target_to_arm(target);
235 uint32_t* regs_p[1];
236 uint32_t regs[2];
237 uint32_t cp15c15 = 0x0;
238 struct reg *r = armv4_5->core_cache->reg_list;
239
240 /* load address into R1 */
241 regs[1] = address;
242 arm9tdmi_write_core_regs(target, 0x2, regs);
243
244 /* read-modify-write CP15 test state register
245 * to enable interpreted access mode */
246 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
247 jtag_execute_queue();
248 cp15c15 |= 1; /* set interpret mode */
249 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
250
251 /* execute CP15 instruction and ARM load (reading from coprocessor) */
252 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
253
254 /* disable interpreted access mode */
255 cp15c15 &= ~1U; /* clear interpret mode */
256 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
257
258 /* retrieve value from R0 */
259 regs_p[0] = value;
260 arm9tdmi_read_core_regs(target, 0x1, regs_p);
261 jtag_execute_queue();
262
263 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
264 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
265 cp15_opcode, address, *value);
266 #endif
267
268 if (!is_arm_mode(armv4_5->core_mode))
269 return ERROR_FAIL;
270
271 r[0].dirty = 1;
272 r[1].dirty = 1;
273
274 return ERROR_OK;
275 }
276
277 static
278 int arm920t_write_cp15_interpreted(struct target *target,
279 uint32_t cp15_opcode, uint32_t value, uint32_t address)
280 {
281 uint32_t cp15c15 = 0x0;
282 struct arm *armv4_5 = target_to_arm(target);
283 uint32_t regs[2];
284 struct reg *r = armv4_5->core_cache->reg_list;
285
286 /* load value, address into R0, R1 */
287 regs[0] = value;
288 regs[1] = address;
289 arm9tdmi_write_core_regs(target, 0x3, regs);
290
291 /* read-modify-write CP15 test state register
292 * to enable interpreted access mode */
293 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
294 jtag_execute_queue();
295 cp15c15 |= 1; /* set interpret mode */
296 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
297
298 /* execute CP15 instruction and ARM store (writing to coprocessor) */
299 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
300
301 /* disable interpreted access mode */
302 cp15c15 &= ~1U; /* set interpret mode */
303 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
304
305 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
306 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
307 cp15_opcode, value, address);
308 #endif
309
310 if (!is_arm_mode(armv4_5->core_mode))
311 return ERROR_FAIL;
312
313 r[0].dirty = 1;
314 r[1].dirty = 1;
315
316 return ERROR_OK;
317 }
318
319 // EXPORTED to FA256
320 uint32_t arm920t_get_ttb(struct target *target)
321 {
322 int retval;
323 uint32_t ttb = 0x0;
324
325 if ((retval = arm920t_read_cp15_interpreted(target,
326 /* FIXME use opcode macro */
327 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
328 return retval;
329
330 return ttb;
331 }
332
333 // EXPORTED to FA256
334 void arm920t_disable_mmu_caches(struct target *target, int mmu,
335 int d_u_cache, int i_cache)
336 {
337 uint32_t cp15_control;
338
339 /* read cp15 control register */
340 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
341 jtag_execute_queue();
342
343 if (mmu)
344 cp15_control &= ~0x1U;
345
346 if (d_u_cache)
347 cp15_control &= ~0x4U;
348
349 if (i_cache)
350 cp15_control &= ~0x1000U;
351
352 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
353 }
354
355 // EXPORTED to FA256
356 void arm920t_enable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360
361 /* read cp15 control register */
362 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
363 jtag_execute_queue();
364
365 if (mmu)
366 cp15_control |= 0x1U;
367
368 if (d_u_cache)
369 cp15_control |= 0x4U;
370
371 if (i_cache)
372 cp15_control |= 0x1000U;
373
374 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
375 }
376
377 // EXPORTED to FA256
378 void arm920t_post_debug_entry(struct target *target)
379 {
380 uint32_t cp15c15;
381 struct arm920t_common *arm920t = target_to_arm920(target);
382
383 /* examine cp15 control reg */
384 arm920t_read_cp15_physical(target,
385 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
386 jtag_execute_queue();
387 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
388
389 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
390 {
391 uint32_t cache_type_reg;
392 /* identify caches */
393 arm920t_read_cp15_physical(target,
394 CP15PHYS_CACHETYPE, &cache_type_reg);
395 jtag_execute_queue();
396 armv4_5_identify_cache(cache_type_reg,
397 &arm920t->armv4_5_mmu.armv4_5_cache);
398 }
399
400 arm920t->armv4_5_mmu.mmu_enabled =
401 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
402 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
403 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
404 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
405 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
406
407 /* save i/d fault status and address register */
408 /* FIXME use opcode macros */
409 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
410 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
411 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
412 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
413
414 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
415 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
416 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
417
418 if (arm920t->preserve_cache)
419 {
420 /* read-modify-write CP15 test state register
421 * to disable I/D-cache linefills */
422 arm920t_read_cp15_physical(target,
423 CP15PHYS_TESTSTATE, &cp15c15);
424 jtag_execute_queue();
425 cp15c15 |= 0x600;
426 arm920t_write_cp15_physical(target,
427 CP15PHYS_TESTSTATE, cp15c15);
428 }
429 }
430
431 // EXPORTED to FA256
432 void arm920t_pre_restore_context(struct target *target)
433 {
434 uint32_t cp15c15;
435 struct arm920t_common *arm920t = target_to_arm920(target);
436
437 /* restore i/d fault status and address register */
438 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
439 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
440 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
441 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
442
443 /* read-modify-write CP15 test state register
444 * to reenable I/D-cache linefills */
445 if (arm920t->preserve_cache)
446 {
447 arm920t_read_cp15_physical(target,
448 CP15PHYS_TESTSTATE, &cp15c15);
449 jtag_execute_queue();
450 cp15c15 &= ~0x600U;
451 arm920t_write_cp15_physical(target,
452 CP15PHYS_TESTSTATE, cp15c15);
453 }
454 }
455
456 static const char arm920_not[] = "target is not an ARM920";
457
458 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
459 struct arm920t_common *arm920t)
460 {
461 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
462 command_print(cmd_ctx, arm920_not);
463 return ERROR_TARGET_INVALID;
464 }
465
466 return ERROR_OK;
467 }
468
469 /** Logs summary of ARM920 state for a halted target. */
470 int arm920t_arch_state(struct target *target)
471 {
472 static const char *state[] =
473 {
474 "disabled", "enabled"
475 };
476
477 struct arm920t_common *arm920t = target_to_arm920(target);
478 struct arm *armv4_5;
479
480 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
481 {
482 LOG_ERROR("BUG: %s", arm920_not);
483 return ERROR_TARGET_INVALID;
484 }
485
486 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
487
488 arm_arch_state(target);
489 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
490 state[arm920t->armv4_5_mmu.mmu_enabled],
491 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
492 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
493
494 return ERROR_OK;
495 }
496
497 static int arm920_mmu(struct target *target, int *enabled)
498 {
499 if (target->state != TARGET_HALTED) {
500 LOG_ERROR("%s: target not halted", __func__);
501 return ERROR_TARGET_INVALID;
502 }
503
504 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
505 return ERROR_OK;
506 }
507
508 static int arm920_virt2phys(struct target *target,
509 uint32_t virt, uint32_t *phys)
510 {
511 uint32_t cb;
512 struct arm920t_common *arm920t = target_to_arm920(target);
513
514 uint32_t ret;
515 int retval = armv4_5_mmu_translate_va(target,
516 &arm920t->armv4_5_mmu, virt, &cb, &ret);
517 if (retval != ERROR_OK)
518 return retval;
519 *phys = ret;
520 return ERROR_OK;
521 }
522
523 /** Reads a buffer, in the specified word size, with current MMU settings. */
524 int arm920t_read_memory(struct target *target, uint32_t address,
525 uint32_t size, uint32_t count, uint8_t *buffer)
526 {
527 int retval;
528
529 retval = arm7_9_read_memory(target, address, size, count, buffer);
530
531 return retval;
532 }
533
534
535 static int arm920t_read_phys_memory(struct target *target,
536 uint32_t address, uint32_t size,
537 uint32_t count, uint8_t *buffer)
538 {
539 struct arm920t_common *arm920t = target_to_arm920(target);
540
541 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
542 address, size, count, buffer);
543 }
544
545 static int arm920t_write_phys_memory(struct target *target,
546 uint32_t address, uint32_t size,
547 uint32_t count, uint8_t *buffer)
548 {
549 struct arm920t_common *arm920t = target_to_arm920(target);
550
551 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
552 address, size, count, buffer);
553 }
554
555
556 /** Writes a buffer, in the specified word size, with current MMU settings. */
557 int arm920t_write_memory(struct target *target, uint32_t address,
558 uint32_t size, uint32_t count, uint8_t *buffer)
559 {
560 int retval;
561 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
562 struct arm920t_common *arm920t = target_to_arm920(target);
563
564 /* FIX!!!! this should be cleaned up and made much more general. The
565 * plan is to write up and test on arm920t specifically and
566 * then generalize and clean up afterwards.
567 *
568 * Also it should be moved to the callbacks that handle breakpoints
569 * specifically and not the generic memory write fn's. See XScale code.
570 */
571 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
572 ((size==2) || (size==4)))
573 {
574 /* special case the handling of single word writes to
575 * bypass MMU, to allow implementation of breakpoints
576 * in memory marked read only
577 * by MMU
578 */
579 uint32_t cb;
580 uint32_t pa;
581
582 /*
583 * We need physical address and cb
584 */
585 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
586 address, &cb, &pa);
587 if (retval != ERROR_OK)
588 return retval;
589
590 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
591 {
592 if (cb & 0x1)
593 {
594 LOG_DEBUG("D-Cache buffered, "
595 "drain write buffer");
596 /*
597 * Buffered ?
598 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
599 */
600
601 retval = arm920t_write_cp15_interpreted(target,
602 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
603 0x0, 0);
604 if (retval != ERROR_OK)
605 return retval;
606 }
607
608 if (cb == 0x3)
609 {
610 /*
611 * Write back memory ? -> clean cache
612 *
613 * There is no way to clean cache lines using
614 * cp15 scan chain, so copy the full cache
615 * line from cache to physical memory.
616 */
617 uint8_t data[32];
618
619 LOG_DEBUG("D-Cache in 'write back' mode, "
620 "flush cache line");
621
622 retval = target_read_memory(target,
623 address & cache_mask, 1,
624 sizeof(data), &data[0]);
625 if (retval != ERROR_OK)
626 return retval;
627
628 retval = armv4_5_mmu_write_physical(target,
629 &arm920t->armv4_5_mmu,
630 pa & cache_mask, 1,
631 sizeof(data), &data[0]);
632 if (retval != ERROR_OK)
633 return retval;
634 }
635
636 /* Cached ? */
637 if (cb & 0x2)
638 {
639 /*
640 * Cached ? -> Invalidate data cache using MVA
641 *
642 * MCR p15,0,Rd,c7,c6,1
643 */
644 LOG_DEBUG("D-Cache enabled, "
645 "invalidate cache line");
646
647 retval = arm920t_write_cp15_interpreted(target,
648 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
649 address & cache_mask);
650 if (retval != ERROR_OK)
651 return retval;
652 }
653 }
654
655 /* write directly to physical memory,
656 * bypassing any read only MMU bits, etc.
657 */
658 retval = armv4_5_mmu_write_physical(target,
659 &arm920t->armv4_5_mmu, pa, size,
660 count, buffer);
661 if (retval != ERROR_OK)
662 return retval;
663 } else
664 {
665 if ((retval = arm7_9_write_memory(target, address,
666 size, count, buffer)) != ERROR_OK)
667 return retval;
668 }
669
670 /* If ICache is enabled, we have to invalidate affected ICache lines
671 * the DCache is forced to write-through,
672 * so we don't have to clean it here
673 */
674 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
675 {
676 if (count <= 1)
677 {
678 /* invalidate ICache single entry with MVA
679 * mcr 15, 0, r0, cr7, cr5, {1}
680 */
681 LOG_DEBUG("I-Cache enabled, "
682 "invalidating affected I-Cache line");
683 retval = arm920t_write_cp15_interpreted(target,
684 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
685 0x0, address & cache_mask);
686 if (retval != ERROR_OK)
687 return retval;
688 }
689 else
690 {
691 /* invalidate ICache
692 * mcr 15, 0, r0, cr7, cr5, {0}
693 */
694 retval = arm920t_write_cp15_interpreted(target,
695 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
696 0x0, 0x0);
697 if (retval != ERROR_OK)
698 return retval;
699 }
700 }
701
702 return ERROR_OK;
703 }
704
705 // EXPORTED to FA256
706 int arm920t_soft_reset_halt(struct target *target)
707 {
708 int retval = ERROR_OK;
709 struct arm920t_common *arm920t = target_to_arm920(target);
710 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
711 struct arm *armv4_5 = &arm7_9->armv4_5_common;
712 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
713
714 if ((retval = target_halt(target)) != ERROR_OK)
715 {
716 return retval;
717 }
718
719 long long then = timeval_ms();
720 int timeout;
721 while (!(timeout = ((timeval_ms()-then) > 1000)))
722 {
723 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
724 == 0)
725 {
726 embeddedice_read_reg(dbg_stat);
727 if ((retval = jtag_execute_queue()) != ERROR_OK)
728 {
729 return retval;
730 }
731 } else
732 {
733 break;
734 }
735 if (debug_level >= 3)
736 {
737 /* do not eat all CPU, time out after 1 se*/
738 alive_sleep(100);
739 } else
740 {
741 keep_alive();
742 }
743 }
744 if (timeout)
745 {
746 LOG_ERROR("Failed to halt CPU after 1 sec");
747 return ERROR_TARGET_TIMEOUT;
748 }
749
750 target->state = TARGET_HALTED;
751
752 /* SVC, ARM state, IRQ and FIQ disabled */
753 uint32_t cpsr;
754
755 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
756 cpsr &= ~0xff;
757 cpsr |= 0xd3;
758 arm_set_cpsr(armv4_5, cpsr);
759 armv4_5->cpsr->dirty = 1;
760
761 /* start fetching from 0x0 */
762 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
763 armv4_5->pc->dirty = 1;
764 armv4_5->pc->valid = 1;
765
766 arm920t_disable_mmu_caches(target, 1, 1, 1);
767 arm920t->armv4_5_mmu.mmu_enabled = 0;
768 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
769 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
770
771 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
772 }
773
774 /* FIXME remove forward decls */
775 static int arm920t_mrc(struct target *target, int cpnum,
776 uint32_t op1, uint32_t op2,
777 uint32_t CRn, uint32_t CRm,
778 uint32_t *value);
779 static int arm920t_mcr(struct target *target, int cpnum,
780 uint32_t op1, uint32_t op2,
781 uint32_t CRn, uint32_t CRm,
782 uint32_t value);
783
784 static int arm920t_init_arch_info(struct target *target,
785 struct arm920t_common *arm920t, struct jtag_tap *tap)
786 {
787 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
788
789 arm7_9->armv4_5_common.mrc = arm920t_mrc;
790 arm7_9->armv4_5_common.mcr = arm920t_mcr;
791
792 /* initialize arm7/arm9 specific info (including armv4_5) */
793 arm9tdmi_init_arch_info(target, arm7_9, tap);
794
795 arm920t->common_magic = ARM920T_COMMON_MAGIC;
796
797 arm7_9->post_debug_entry = arm920t_post_debug_entry;
798 arm7_9->pre_restore_context = arm920t_pre_restore_context;
799
800 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
801 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
802 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
803 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
804 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
805 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
806 arm920t->armv4_5_mmu.has_tiny_pages = 1;
807 arm920t->armv4_5_mmu.mmu_enabled = 0;
808
809 /* disabling linefills leads to lockups, so keep them enabled for now
810 * this doesn't affect correctness, but might affect timing issues, if
811 * important data is evicted from the cache during the debug session
812 * */
813 arm920t->preserve_cache = 0;
814
815 /* override hw single-step capability from ARM9TDMI */
816 arm7_9->has_single_step = 1;
817
818 return ERROR_OK;
819 }
820
821 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
822 {
823 struct arm920t_common *arm920t;
824
825 arm920t = calloc(1,sizeof(struct arm920t_common));
826 return arm920t_init_arch_info(target, arm920t, target->tap);
827 }
828
829 COMMAND_HANDLER(arm920t_handle_read_cache_command)
830 {
831 int retval = ERROR_OK;
832 struct target *target = get_current_target(CMD_CTX);
833 struct arm920t_common *arm920t = target_to_arm920(target);
834 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
835 struct arm *armv4_5 = &arm7_9->armv4_5_common;
836 uint32_t cp15c15;
837 uint32_t cp15_ctrl, cp15_ctrl_saved;
838 uint32_t regs[16];
839 uint32_t *regs_p[16];
840 uint32_t C15_C_D_Ind, C15_C_I_Ind;
841 int i;
842 FILE *output;
843 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
844 int segment, index;
845 struct reg *r;
846
847 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
848 if (retval != ERROR_OK)
849 return retval;
850
851 if (CMD_ARGC != 1)
852 {
853 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
854 return ERROR_OK;
855 }
856
857 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
858 {
859 LOG_DEBUG("error opening cache content file");
860 return ERROR_OK;
861 }
862
863 for (i = 0; i < 16; i++)
864 regs_p[i] = &regs[i];
865
866 /* disable MMU and Caches */
867 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
868 if ((retval = jtag_execute_queue()) != ERROR_OK)
869 {
870 return retval;
871 }
872 cp15_ctrl_saved = cp15_ctrl;
873 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
874 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
875 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
876
877 /* read CP15 test state register */
878 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
879 jtag_execute_queue();
880
881 /* read DCache content */
882 fprintf(output, "DCache:\n");
883
884 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
885 for (segment = 0;
886 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
887 segment++)
888 {
889 fprintf(output, "\nsegment: %i\n----------", segment);
890
891 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
892 regs[0] = 0x0 | (segment << 5);
893 arm9tdmi_write_core_regs(target, 0x1, regs);
894
895 /* set interpret mode */
896 cp15c15 |= 0x1;
897 arm920t_write_cp15_physical(target,
898 CP15PHYS_TESTSTATE, cp15c15);
899
900 /* D CAM Read, loads current victim into C15.C.D.Ind */
901 arm920t_execute_cp15(target,
902 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
903
904 /* read current victim */
905 arm920t_read_cp15_physical(target,
906 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
907
908 /* clear interpret mode */
909 cp15c15 &= ~0x1;
910 arm920t_write_cp15_physical(target,
911 CP15PHYS_TESTSTATE, cp15c15);
912
913 for (index = 0; index < 64; index++)
914 {
915 /* Ra:
916 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
917 */
918 regs[0] = 0x0 | (segment << 5) | (index << 26);
919 arm9tdmi_write_core_regs(target, 0x1, regs);
920
921 /* set interpret mode */
922 cp15c15 |= 0x1;
923 arm920t_write_cp15_physical(target,
924 CP15PHYS_TESTSTATE, cp15c15);
925
926 /* Write DCache victim */
927 arm920t_execute_cp15(target,
928 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
929
930 /* Read D RAM */
931 arm920t_execute_cp15(target,
932 ARMV4_5_MCR(15,2,0,15,10,2),
933 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
934
935 /* Read D CAM */
936 arm920t_execute_cp15(target,
937 ARMV4_5_MCR(15,2,0,15,6,2),
938 ARMV4_5_LDR(9, 0));
939
940 /* clear interpret mode */
941 cp15c15 &= ~0x1;
942 arm920t_write_cp15_physical(target,
943 CP15PHYS_TESTSTATE, cp15c15);
944
945 /* read D RAM and CAM content */
946 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
947 if ((retval = jtag_execute_queue()) != ERROR_OK)
948 {
949 return retval;
950 }
951
952 d_cache[segment][index].cam = regs[9];
953
954 /* mask LFSR[6] */
955 regs[9] &= 0xfffffffe;
956 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
957 PRIx32 ", content (%s):\n",
958 segment, index, regs[9],
959 (regs[9] & 0x10) ? "valid" : "invalid");
960
961 for (i = 1; i < 9; i++)
962 {
963 d_cache[segment][index].data[i] = regs[i];
964 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
965 i-1, regs[i]);
966 }
967
968 }
969
970 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
971 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
972 arm9tdmi_write_core_regs(target, 0x1, regs);
973
974 /* set interpret mode */
975 cp15c15 |= 0x1;
976 arm920t_write_cp15_physical(target,
977 CP15PHYS_TESTSTATE, cp15c15);
978
979 /* Write DCache victim */
980 arm920t_execute_cp15(target,
981 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
982
983 /* clear interpret mode */
984 cp15c15 &= ~0x1;
985 arm920t_write_cp15_physical(target,
986 CP15PHYS_TESTSTATE, cp15c15);
987 }
988
989 /* read ICache content */
990 fprintf(output, "ICache:\n");
991
992 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
993 for (segment = 0;
994 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
995 segment++)
996 {
997 fprintf(output, "segment: %i\n----------", segment);
998
999 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1000 regs[0] = 0x0 | (segment << 5);
1001 arm9tdmi_write_core_regs(target, 0x1, regs);
1002
1003 /* set interpret mode */
1004 cp15c15 |= 0x1;
1005 arm920t_write_cp15_physical(target,
1006 CP15PHYS_TESTSTATE, cp15c15);
1007
1008 /* I CAM Read, loads current victim into C15.C.I.Ind */
1009 arm920t_execute_cp15(target,
1010 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1011
1012 /* read current victim */
1013 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1014 &C15_C_I_Ind);
1015
1016 /* clear interpret mode */
1017 cp15c15 &= ~0x1;
1018 arm920t_write_cp15_physical(target,
1019 CP15PHYS_TESTSTATE, cp15c15);
1020
1021 for (index = 0; index < 64; index++)
1022 {
1023 /* Ra:
1024 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1025 */
1026 regs[0] = 0x0 | (segment << 5) | (index << 26);
1027 arm9tdmi_write_core_regs(target, 0x1, regs);
1028
1029 /* set interpret mode */
1030 cp15c15 |= 0x1;
1031 arm920t_write_cp15_physical(target,
1032 CP15PHYS_TESTSTATE, cp15c15);
1033
1034 /* Write ICache victim */
1035 arm920t_execute_cp15(target,
1036 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1037
1038 /* Read I RAM */
1039 arm920t_execute_cp15(target,
1040 ARMV4_5_MCR(15,2,0,15,9,2),
1041 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1042
1043 /* Read I CAM */
1044 arm920t_execute_cp15(target,
1045 ARMV4_5_MCR(15,2,0,15,5,2),
1046 ARMV4_5_LDR(9, 0));
1047
1048 /* clear interpret mode */
1049 cp15c15 &= ~0x1;
1050 arm920t_write_cp15_physical(target,
1051 CP15PHYS_TESTSTATE, cp15c15);
1052
1053 /* read I RAM and CAM content */
1054 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1055 if ((retval = jtag_execute_queue()) != ERROR_OK)
1056 {
1057 return retval;
1058 }
1059
1060 i_cache[segment][index].cam = regs[9];
1061
1062 /* mask LFSR[6] */
1063 regs[9] &= 0xfffffffe;
1064 fprintf(output, "\nsegment: %i, index: %i, "
1065 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1066 segment, index, regs[9],
1067 (regs[9] & 0x10) ? "valid" : "invalid");
1068
1069 for (i = 1; i < 9; i++)
1070 {
1071 i_cache[segment][index].data[i] = regs[i];
1072 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1073 i-1, regs[i]);
1074 }
1075 }
1076
1077 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1078 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1079 arm9tdmi_write_core_regs(target, 0x1, regs);
1080
1081 /* set interpret mode */
1082 cp15c15 |= 0x1;
1083 arm920t_write_cp15_physical(target,
1084 CP15PHYS_TESTSTATE, cp15c15);
1085
1086 /* Write ICache victim */
1087 arm920t_execute_cp15(target,
1088 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1089
1090 /* clear interpret mode */
1091 cp15c15 &= ~0x1;
1092 arm920t_write_cp15_physical(target,
1093 CP15PHYS_TESTSTATE, cp15c15);
1094 }
1095
1096 /* restore CP15 MMU and Cache settings */
1097 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1098
1099 command_print(CMD_CTX, "cache content successfully output to %s",
1100 CMD_ARGV[0]);
1101
1102 fclose(output);
1103
1104 if (!is_arm_mode(armv4_5->core_mode))
1105 return ERROR_FAIL;
1106
1107 /* force writeback of the valid data */
1108 r = armv4_5->core_cache->reg_list;
1109 r[0].dirty = r[0].valid;
1110 r[1].dirty = r[1].valid;
1111 r[2].dirty = r[2].valid;
1112 r[3].dirty = r[3].valid;
1113 r[4].dirty = r[4].valid;
1114 r[5].dirty = r[5].valid;
1115 r[6].dirty = r[6].valid;
1116 r[7].dirty = r[7].valid;
1117
1118 r = arm_reg_current(armv4_5, 8);
1119 r->dirty = r->valid;
1120
1121 r = arm_reg_current(armv4_5, 9);
1122 r->dirty = r->valid;
1123
1124 return ERROR_OK;
1125 }
1126
1127 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1128 {
1129 int retval = ERROR_OK;
1130 struct target *target = get_current_target(CMD_CTX);
1131 struct arm920t_common *arm920t = target_to_arm920(target);
1132 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1133 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1134 uint32_t cp15c15;
1135 uint32_t cp15_ctrl, cp15_ctrl_saved;
1136 uint32_t regs[16];
1137 uint32_t *regs_p[16];
1138 int i;
1139 FILE *output;
1140 uint32_t Dlockdown, Ilockdown;
1141 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1142 int victim;
1143 struct reg *r;
1144
1145 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1146 if (retval != ERROR_OK)
1147 return retval;
1148
1149 if (CMD_ARGC != 1)
1150 {
1151 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1152 return ERROR_OK;
1153 }
1154
1155 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1156 {
1157 LOG_DEBUG("error opening mmu content file");
1158 return ERROR_OK;
1159 }
1160
1161 for (i = 0; i < 16; i++)
1162 regs_p[i] = &regs[i];
1163
1164 /* disable MMU and Caches */
1165 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1166 if ((retval = jtag_execute_queue()) != ERROR_OK)
1167 {
1168 return retval;
1169 }
1170 cp15_ctrl_saved = cp15_ctrl;
1171 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1172 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1173 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1174
1175 /* read CP15 test state register */
1176 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1177 if ((retval = jtag_execute_queue()) != ERROR_OK)
1178 {
1179 return retval;
1180 }
1181
1182 /* prepare reading D TLB content
1183 * */
1184
1185 /* set interpret mode */
1186 cp15c15 |= 0x1;
1187 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1188
1189 /* Read D TLB lockdown */
1190 arm920t_execute_cp15(target,
1191 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1192
1193 /* clear interpret mode */
1194 cp15c15 &= ~0x1;
1195 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1196
1197 /* read D TLB lockdown stored to r1 */
1198 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1199 if ((retval = jtag_execute_queue()) != ERROR_OK)
1200 {
1201 return retval;
1202 }
1203 Dlockdown = regs[1];
1204
1205 for (victim = 0; victim < 64; victim += 8)
1206 {
1207 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1208 * base remains unchanged, victim goes through entries 0 to 63
1209 */
1210 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1211 arm9tdmi_write_core_regs(target, 0x2, regs);
1212
1213 /* set interpret mode */
1214 cp15c15 |= 0x1;
1215 arm920t_write_cp15_physical(target,
1216 CP15PHYS_TESTSTATE, cp15c15);
1217
1218 /* Write D TLB lockdown */
1219 arm920t_execute_cp15(target,
1220 ARMV4_5_MCR(15,0,0,10,0,0),
1221 ARMV4_5_STR(1, 0));
1222
1223 /* Read D TLB CAM */
1224 arm920t_execute_cp15(target,
1225 ARMV4_5_MCR(15,4,0,15,6,4),
1226 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1227
1228 /* clear interpret mode */
1229 cp15c15 &= ~0x1;
1230 arm920t_write_cp15_physical(target,
1231 CP15PHYS_TESTSTATE, cp15c15);
1232
1233 /* read D TLB CAM content stored to r2-r9 */
1234 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1235 if ((retval = jtag_execute_queue()) != ERROR_OK)
1236 {
1237 return retval;
1238 }
1239
1240 for (i = 0; i < 8; i++)
1241 d_tlb[victim + i].cam = regs[i + 2];
1242 }
1243
1244 for (victim = 0; victim < 64; victim++)
1245 {
1246 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1247 * base remains unchanged, victim goes through entries 0 to 63
1248 */
1249 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1250 arm9tdmi_write_core_regs(target, 0x2, regs);
1251
1252 /* set interpret mode */
1253 cp15c15 |= 0x1;
1254 arm920t_write_cp15_physical(target,
1255 CP15PHYS_TESTSTATE, cp15c15);
1256
1257 /* Write D TLB lockdown */
1258 arm920t_execute_cp15(target,
1259 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1260
1261 /* Read D TLB RAM1 */
1262 arm920t_execute_cp15(target,
1263 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1264
1265 /* Read D TLB RAM2 */
1266 arm920t_execute_cp15(target,
1267 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1268
1269 /* clear interpret mode */
1270 cp15c15 &= ~0x1;
1271 arm920t_write_cp15_physical(target,
1272 CP15PHYS_TESTSTATE, cp15c15);
1273
1274 /* read D TLB RAM content stored to r2 and r3 */
1275 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1276 if ((retval = jtag_execute_queue()) != ERROR_OK)
1277 {
1278 return retval;
1279 }
1280
1281 d_tlb[victim].ram1 = regs[2];
1282 d_tlb[victim].ram2 = regs[3];
1283 }
1284
1285 /* restore D TLB lockdown */
1286 regs[1] = Dlockdown;
1287 arm9tdmi_write_core_regs(target, 0x2, regs);
1288
1289 /* Write D TLB lockdown */
1290 arm920t_execute_cp15(target,
1291 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1292
1293 /* prepare reading I TLB content
1294 * */
1295
1296 /* set interpret mode */
1297 cp15c15 |= 0x1;
1298 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1299
1300 /* Read I TLB lockdown */
1301 arm920t_execute_cp15(target,
1302 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1303
1304 /* clear interpret mode */
1305 cp15c15 &= ~0x1;
1306 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1307
1308 /* read I TLB lockdown stored to r1 */
1309 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1310 if ((retval = jtag_execute_queue()) != ERROR_OK)
1311 {
1312 return retval;
1313 }
1314 Ilockdown = regs[1];
1315
1316 for (victim = 0; victim < 64; victim += 8)
1317 {
1318 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1319 * base remains unchanged, victim goes through entries 0 to 63
1320 */
1321 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1322 arm9tdmi_write_core_regs(target, 0x2, regs);
1323
1324 /* set interpret mode */
1325 cp15c15 |= 0x1;
1326 arm920t_write_cp15_physical(target,
1327 CP15PHYS_TESTSTATE, cp15c15);
1328
1329 /* Write I TLB lockdown */
1330 arm920t_execute_cp15(target,
1331 ARMV4_5_MCR(15,0,0,10,0,1),
1332 ARMV4_5_STR(1, 0));
1333
1334 /* Read I TLB CAM */
1335 arm920t_execute_cp15(target,
1336 ARMV4_5_MCR(15,4,0,15,5,4),
1337 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1338
1339 /* clear interpret mode */
1340 cp15c15 &= ~0x1;
1341 arm920t_write_cp15_physical(target,
1342 CP15PHYS_TESTSTATE, cp15c15);
1343
1344 /* read I TLB CAM content stored to r2-r9 */
1345 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1346 if ((retval = jtag_execute_queue()) != ERROR_OK)
1347 {
1348 return retval;
1349 }
1350
1351 for (i = 0; i < 8; i++)
1352 i_tlb[i + victim].cam = regs[i + 2];
1353 }
1354
1355 for (victim = 0; victim < 64; victim++)
1356 {
1357 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1358 * base remains unchanged, victim goes through entries 0 to 63
1359 */
1360 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1361 arm9tdmi_write_core_regs(target, 0x2, regs);
1362
1363 /* set interpret mode */
1364 cp15c15 |= 0x1;
1365 arm920t_write_cp15_physical(target,
1366 CP15PHYS_TESTSTATE, cp15c15);
1367
1368 /* Write I TLB lockdown */
1369 arm920t_execute_cp15(target,
1370 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1371
1372 /* Read I TLB RAM1 */
1373 arm920t_execute_cp15(target,
1374 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1375
1376 /* Read I TLB RAM2 */
1377 arm920t_execute_cp15(target,
1378 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1379
1380 /* clear interpret mode */
1381 cp15c15 &= ~0x1;
1382 arm920t_write_cp15_physical(target,
1383 CP15PHYS_TESTSTATE, cp15c15);
1384
1385 /* read I TLB RAM content stored to r2 and r3 */
1386 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1387 if ((retval = jtag_execute_queue()) != ERROR_OK)
1388 {
1389 return retval;
1390 }
1391
1392 i_tlb[victim].ram1 = regs[2];
1393 i_tlb[victim].ram2 = regs[3];
1394 }
1395
1396 /* restore I TLB lockdown */
1397 regs[1] = Ilockdown;
1398 arm9tdmi_write_core_regs(target, 0x2, regs);
1399
1400 /* Write I TLB lockdown */
1401 arm920t_execute_cp15(target,
1402 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1403
1404 /* restore CP15 MMU and Cache settings */
1405 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1406
1407 /* output data to file */
1408 fprintf(output, "D TLB content:\n");
1409 for (i = 0; i < 64; i++)
1410 {
1411 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1412 " 0x%8.8" PRIx32 " %s\n",
1413 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1414 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1415 }
1416
1417 fprintf(output, "\n\nI TLB content:\n");
1418 for (i = 0; i < 64; i++)
1419 {
1420 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1421 " 0x%8.8" PRIx32 " %s\n",
1422 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1423 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1424 }
1425
1426 command_print(CMD_CTX, "mmu content successfully output to %s",
1427 CMD_ARGV[0]);
1428
1429 fclose(output);
1430
1431 if (!is_arm_mode(armv4_5->core_mode))
1432 return ERROR_FAIL;
1433
1434 /* force writeback of the valid data */
1435 r = armv4_5->core_cache->reg_list;
1436 r[0].dirty = r[0].valid;
1437 r[1].dirty = r[1].valid;
1438 r[2].dirty = r[2].valid;
1439 r[3].dirty = r[3].valid;
1440 r[4].dirty = r[4].valid;
1441 r[5].dirty = r[5].valid;
1442 r[6].dirty = r[6].valid;
1443 r[7].dirty = r[7].valid;
1444
1445 r = arm_reg_current(armv4_5, 8);
1446 r->dirty = r->valid;
1447
1448 r = arm_reg_current(armv4_5, 9);
1449 r->dirty = r->valid;
1450
1451 return ERROR_OK;
1452 }
1453
1454 COMMAND_HANDLER(arm920t_handle_cp15_command)
1455 {
1456 int retval;
1457 struct target *target = get_current_target(CMD_CTX);
1458 struct arm920t_common *arm920t = target_to_arm920(target);
1459
1460 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1461 if (retval != ERROR_OK)
1462 return retval;
1463
1464 if (target->state != TARGET_HALTED)
1465 {
1466 command_print(CMD_CTX, "target must be stopped for "
1467 "\"%s\" command", CMD_NAME);
1468 return ERROR_OK;
1469 }
1470
1471 /* one argument, read a register.
1472 * two arguments, write it.
1473 */
1474 if (CMD_ARGC >= 1)
1475 {
1476 int address;
1477 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1478
1479 if (CMD_ARGC == 1)
1480 {
1481 uint32_t value;
1482 if ((retval = arm920t_read_cp15_physical(target,
1483 address, &value)) != ERROR_OK)
1484 {
1485 command_print(CMD_CTX,
1486 "couldn't access reg %i", address);
1487 return ERROR_OK;
1488 }
1489 if ((retval = jtag_execute_queue()) != ERROR_OK)
1490 {
1491 return retval;
1492 }
1493
1494 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1495 address, value);
1496 }
1497 else if (CMD_ARGC == 2)
1498 {
1499 uint32_t value;
1500 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1501 retval = arm920t_write_cp15_physical(target,
1502 address, value);
1503 if (retval != ERROR_OK)
1504 {
1505 command_print(CMD_CTX,
1506 "couldn't access reg %i", address);
1507 /* REVISIT why lie? "return retval"? */
1508 return ERROR_OK;
1509 }
1510 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1511 address, value);
1512 }
1513 }
1514
1515 return ERROR_OK;
1516 }
1517
1518 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1519 {
1520 int retval;
1521 struct target *target = get_current_target(CMD_CTX);
1522 struct arm920t_common *arm920t = target_to_arm920(target);
1523
1524 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1525 if (retval != ERROR_OK)
1526 return retval;
1527
1528
1529 if (target->state != TARGET_HALTED)
1530 {
1531 command_print(CMD_CTX, "target must be stopped for "
1532 "\"%s\" command", CMD_NAME);
1533 return ERROR_OK;
1534 }
1535
1536 /* one argument, read a register.
1537 * two arguments, write it.
1538 */
1539 if (CMD_ARGC >= 1)
1540 {
1541 uint32_t opcode;
1542 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1543
1544 if (CMD_ARGC == 1)
1545 {
1546 uint32_t value;
1547 retval = arm920t_read_cp15_interpreted(target,
1548 opcode, 0x0, &value);
1549 if (retval != ERROR_OK)
1550 {
1551 command_print(CMD_CTX,
1552 "couldn't execute %8.8" PRIx32,
1553 opcode);
1554 /* REVISIT why lie? "return retval"? */
1555 return ERROR_OK;
1556 }
1557
1558 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1559 opcode, value);
1560 }
1561 else if (CMD_ARGC == 2)
1562 {
1563 uint32_t value;
1564 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1565 retval = arm920t_write_cp15_interpreted(target,
1566 opcode, value, 0);
1567 if (retval != ERROR_OK)
1568 {
1569 command_print(CMD_CTX,
1570 "couldn't execute %8.8" PRIx32,
1571 opcode);
1572 /* REVISIT why lie? "return retval"? */
1573 return ERROR_OK;
1574 }
1575 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1576 opcode, value);
1577 }
1578 else if (CMD_ARGC == 3)
1579 {
1580 uint32_t value;
1581 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1582 uint32_t address;
1583 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1584 retval = arm920t_write_cp15_interpreted(target,
1585 opcode, value, address);
1586 if (retval != ERROR_OK)
1587 {
1588 command_print(CMD_CTX,
1589 "couldn't execute %8.8" PRIx32, opcode);
1590 /* REVISIT why lie? "return retval"? */
1591 return ERROR_OK;
1592 }
1593 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1594 " %8.8" PRIx32, opcode, value, address);
1595 }
1596 }
1597 else
1598 {
1599 command_print(CMD_CTX,
1600 "usage: arm920t cp15i <opcode> [value] [address]");
1601 }
1602
1603 return ERROR_OK;
1604 }
1605
1606 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1607 {
1608 int retval;
1609 struct target *target = get_current_target(CMD_CTX);
1610 struct arm920t_common *arm920t = target_to_arm920(target);
1611
1612 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1613 if (retval != ERROR_OK)
1614 return retval;
1615
1616 return armv4_5_handle_cache_info_command(CMD_CTX,
1617 &arm920t->armv4_5_mmu.armv4_5_cache);
1618 }
1619
1620
1621 static int arm920t_mrc(struct target *target, int cpnum,
1622 uint32_t op1, uint32_t op2,
1623 uint32_t CRn, uint32_t CRm,
1624 uint32_t *value)
1625 {
1626 if (cpnum!=15)
1627 {
1628 LOG_ERROR("Only cp15 is supported");
1629 return ERROR_FAIL;
1630 }
1631
1632 /* read "to" r0 */
1633 return arm920t_read_cp15_interpreted(target,
1634 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1635 0, value);
1636 }
1637
1638 static int arm920t_mcr(struct target *target, int cpnum,
1639 uint32_t op1, uint32_t op2,
1640 uint32_t CRn, uint32_t CRm,
1641 uint32_t value)
1642 {
1643 if (cpnum!=15)
1644 {
1645 LOG_ERROR("Only cp15 is supported");
1646 return ERROR_FAIL;
1647 }
1648
1649 /* write "from" r0 */
1650 return arm920t_write_cp15_interpreted(target,
1651 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1652 0, value);
1653 }
1654
1655 static const struct command_registration arm920t_exec_command_handlers[] = {
1656 {
1657 .name = "cp15",
1658 .handler = arm920t_handle_cp15_command,
1659 .mode = COMMAND_EXEC,
1660 .help = "display/modify cp15 register",
1661 .usage = "regnum [value]",
1662 },
1663 {
1664 .name = "cp15i",
1665 .handler = arm920t_handle_cp15i_command,
1666 .mode = COMMAND_EXEC,
1667 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1668 .help = "display/modify cp15 register using ARM opcode"
1669 " (DEPRECATED)",
1670 .usage = "instruction [value [address]]",
1671 },
1672 {
1673 .name = "cache_info",
1674 .handler = arm920t_handle_cache_info_command,
1675 .mode = COMMAND_EXEC,
1676 .help = "display information about target caches",
1677 },
1678 {
1679 .name = "read_cache",
1680 .handler = arm920t_handle_read_cache_command,
1681 .mode = COMMAND_EXEC,
1682 .help = "dump I/D cache content to file",
1683 .usage = "filename",
1684 },
1685 {
1686 .name = "read_mmu",
1687 .handler = arm920t_handle_read_mmu_command,
1688 .mode = COMMAND_EXEC,
1689 .help = "dump I/D mmu content to file",
1690 .usage = "filename",
1691 },
1692 COMMAND_REGISTRATION_DONE
1693 };
1694 const struct command_registration arm920t_command_handlers[] = {
1695 {
1696 .chain = arm9tdmi_command_handlers,
1697 },
1698 {
1699 .name = "arm920t",
1700 .mode = COMMAND_ANY,
1701 .help = "arm920t command group",
1702 .chain = arm920t_exec_command_handlers,
1703 },
1704 COMMAND_REGISTRATION_DONE
1705 };
1706
1707 /** Holds methods for ARM920 targets. */
1708 struct target_type arm920t_target =
1709 {
1710 .name = "arm920t",
1711
1712 .poll = arm7_9_poll,
1713 .arch_state = arm920t_arch_state,
1714
1715 .target_request_data = arm7_9_target_request_data,
1716
1717 .halt = arm7_9_halt,
1718 .resume = arm7_9_resume,
1719 .step = arm7_9_step,
1720
1721 .assert_reset = arm7_9_assert_reset,
1722 .deassert_reset = arm7_9_deassert_reset,
1723 .soft_reset_halt = arm920t_soft_reset_halt,
1724
1725 .get_gdb_reg_list = arm_get_gdb_reg_list,
1726
1727 .read_memory = arm920t_read_memory,
1728 .write_memory = arm920t_write_memory,
1729 .read_phys_memory = arm920t_read_phys_memory,
1730 .write_phys_memory = arm920t_write_phys_memory,
1731 .mmu = arm920_mmu,
1732 .virt2phys = arm920_virt2phys,
1733
1734 .bulk_write_memory = arm7_9_bulk_write_memory,
1735
1736 .checksum_memory = arm_checksum_memory,
1737 .blank_check_memory = arm_blank_check_memory,
1738
1739 .run_algorithm = armv4_5_run_algorithm,
1740
1741 .add_breakpoint = arm7_9_add_breakpoint,
1742 .remove_breakpoint = arm7_9_remove_breakpoint,
1743 .add_watchpoint = arm7_9_add_watchpoint,
1744 .remove_watchpoint = arm7_9_remove_watchpoint,
1745
1746 .commands = arm920t_command_handlers,
1747 .target_create = arm920t_target_create,
1748 .init_target = arm9tdmi_init_target,
1749 .examine = arm7_9_examine,
1750 .check_reset = arm7_9_check_reset,
1751 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)