Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
cmd: add missing usage vars
[openocd.git] / src / target / arm920t.c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "arm920t.h"
26 #include <helper/time_support.h>
27 #include "target_type.h"
28 #include "register.h"
29 #include "arm_opcodes.h"
30
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92 int retval;
93
94 jtag_info = &arm920t->arm7_9_common.jtag_info;
95
96 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
97 if (retval != ERROR_OK)
98 return retval;
99 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
100 if (retval != ERROR_OK)
101 return retval;
102
103 fields[0].num_bits = 1;
104 fields[0].out_value = &access_type_buf;
105 fields[0].in_value = NULL;
106
107 fields[1].num_bits = 32;
108 fields[1].out_value = NULL;
109 fields[1].in_value = NULL;
110
111 fields[2].num_bits = 6;
112 fields[2].out_value = &reg_addr_buf;
113 fields[2].in_value = NULL;
114
115 fields[3].num_bits = 1;
116 fields[3].out_value = &nr_w_buf;
117 fields[3].in_value = NULL;
118
119 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
120
121 fields[1].in_value = (uint8_t *)value;
122
123 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
124
125 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
126
127 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
128 jtag_execute_queue();
129 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
130 #endif
131
132 return ERROR_OK;
133 }
134
135 static int arm920t_write_cp15_physical(struct target *target,
136 int reg_addr, uint32_t value)
137 {
138 struct arm920t_common *arm920t = target_to_arm920(target);
139 struct arm_jtag *jtag_info;
140 struct scan_field fields[4];
141 uint8_t access_type_buf = 1;
142 uint8_t reg_addr_buf = reg_addr & 0x3f;
143 uint8_t nr_w_buf = 1;
144 uint8_t value_buf[4];
145 int retval;
146
147 jtag_info = &arm920t->arm7_9_common.jtag_info;
148
149 buf_set_u32(value_buf, 0, 32, value);
150
151 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
152 if (retval != ERROR_OK)
153 return retval;
154 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
155 if (retval != ERROR_OK)
156 return retval;
157
158 fields[0].num_bits = 1;
159 fields[0].out_value = &access_type_buf;
160 fields[0].in_value = NULL;
161
162 fields[1].num_bits = 32;
163 fields[1].out_value = value_buf;
164 fields[1].in_value = NULL;
165
166 fields[2].num_bits = 6;
167 fields[2].out_value = &reg_addr_buf;
168 fields[2].in_value = NULL;
169
170 fields[3].num_bits = 1;
171 fields[3].out_value = &nr_w_buf;
172 fields[3].in_value = NULL;
173
174 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
175
176 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
177 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
178 #endif
179
180 return ERROR_OK;
181 }
182
183 /* See table 9-10 for scan chain 15 format during interpreted access mode.
184 * If the TESTSTATE register is set for interpreted access, certain CP15
185 * MRC and MCR instructions may be executed through scan chain 15.
186 *
187 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
188 * executed using scan chain 15 interpreted mode.
189 */
190 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
191 uint32_t arm_opcode)
192 {
193 int retval;
194 struct arm920t_common *arm920t = target_to_arm920(target);
195 struct arm_jtag *jtag_info;
196 struct scan_field fields[4];
197 uint8_t access_type_buf = 0; /* interpreted access */
198 uint8_t reg_addr_buf = 0x0;
199 uint8_t nr_w_buf = 0;
200 uint8_t cp15_opcode_buf[4];
201
202 jtag_info = &arm920t->arm7_9_common.jtag_info;
203
204 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
205 if (retval != ERROR_OK)
206 return retval;
207 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
208 if (retval != ERROR_OK)
209 return retval;
210
211 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
212
213 fields[0].num_bits = 1;
214 fields[0].out_value = &access_type_buf;
215 fields[0].in_value = NULL;
216
217 fields[1].num_bits = 32;
218 fields[1].out_value = cp15_opcode_buf;
219 fields[1].in_value = NULL;
220
221 fields[2].num_bits = 6;
222 fields[2].out_value = &reg_addr_buf;
223 fields[2].in_value = NULL;
224
225 fields[3].num_bits = 1;
226 fields[3].out_value = &nr_w_buf;
227 fields[3].in_value = NULL;
228
229 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
230
231 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
232 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
233 retval = arm7_9_execute_sys_speed(target);
234 if (retval != ERROR_OK)
235 return retval;
236
237 if ((retval = jtag_execute_queue()) != ERROR_OK)
238 {
239 LOG_ERROR("failed executing JTAG queue");
240 return retval;
241 }
242
243 return ERROR_OK;
244 }
245
246 static int arm920t_read_cp15_interpreted(struct target *target,
247 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
248 {
249 struct arm *armv4_5 = target_to_arm(target);
250 uint32_t* regs_p[1];
251 uint32_t regs[2];
252 uint32_t cp15c15 = 0x0;
253 struct reg *r = armv4_5->core_cache->reg_list;
254
255 /* load address into R1 */
256 regs[1] = address;
257 arm9tdmi_write_core_regs(target, 0x2, regs);
258
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
262 jtag_execute_queue();
263 cp15c15 |= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
265
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
268
269 /* disable interpreted access mode */
270 cp15c15 &= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
272
273 /* retrieve value from R0 */
274 regs_p[0] = value;
275 arm9tdmi_read_core_regs(target, 0x1, regs_p);
276 jtag_execute_queue();
277
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode, address, *value);
281 #endif
282
283 if (!is_arm_mode(armv4_5->core_mode))
284 {
285 LOG_ERROR("not a valid arm core mode - communication failure?");
286 return ERROR_FAIL;
287 }
288
289 r[0].dirty = 1;
290 r[1].dirty = 1;
291
292 return ERROR_OK;
293 }
294
295 static
296 int arm920t_write_cp15_interpreted(struct target *target,
297 uint32_t cp15_opcode, uint32_t value, uint32_t address)
298 {
299 uint32_t cp15c15 = 0x0;
300 struct arm *armv4_5 = target_to_arm(target);
301 uint32_t regs[2];
302 struct reg *r = armv4_5->core_cache->reg_list;
303
304 /* load value, address into R0, R1 */
305 regs[0] = value;
306 regs[1] = address;
307 arm9tdmi_write_core_regs(target, 0x3, regs);
308
309 /* read-modify-write CP15 test state register
310 * to enable interpreted access mode */
311 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
312 jtag_execute_queue();
313 cp15c15 |= 1; /* set interpret mode */
314 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
315
316 /* execute CP15 instruction and ARM store (writing to coprocessor) */
317 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
318
319 /* disable interpreted access mode */
320 cp15c15 &= ~1U; /* set interpret mode */
321 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
322
323 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
324 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
325 cp15_opcode, value, address);
326 #endif
327
328 if (!is_arm_mode(armv4_5->core_mode))
329 {
330 LOG_ERROR("not a valid arm core mode - communication failure?");
331 return ERROR_FAIL;
332 }
333
334 r[0].dirty = 1;
335 r[1].dirty = 1;
336
337 return ERROR_OK;
338 }
339
340 // EXPORTED to FA256
341 int arm920t_get_ttb(struct target *target, uint32_t *result)
342 {
343 int retval;
344 uint32_t ttb = 0x0;
345
346 if ((retval = arm920t_read_cp15_interpreted(target,
347 /* FIXME use opcode macro */
348 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
349 return retval;
350
351 *result = ttb;
352 return ERROR_OK;
353 }
354
355 // EXPORTED to FA256
356 int arm920t_disable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360 int retval;
361
362 /* read cp15 control register */
363 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
364 if (retval != ERROR_OK)
365 return retval;
366 retval = jtag_execute_queue();
367 if (retval != ERROR_OK)
368 return retval;
369
370 if (mmu)
371 cp15_control &= ~0x1U;
372
373 if (d_u_cache)
374 cp15_control &= ~0x4U;
375
376 if (i_cache)
377 cp15_control &= ~0x1000U;
378
379 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
380 return retval;
381 }
382
383 // EXPORTED to FA256
384 int arm920t_enable_mmu_caches(struct target *target, int mmu,
385 int d_u_cache, int i_cache)
386 {
387 uint32_t cp15_control;
388 int retval;
389
390 /* read cp15 control register */
391 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
392 if (retval != ERROR_OK)
393 return retval;
394 retval = jtag_execute_queue();
395 if (retval != ERROR_OK)
396 return retval;
397
398 if (mmu)
399 cp15_control |= 0x1U;
400
401 if (d_u_cache)
402 cp15_control |= 0x4U;
403
404 if (i_cache)
405 cp15_control |= 0x1000U;
406
407 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
408 return retval;
409 }
410
411 // EXPORTED to FA256
412 int arm920t_post_debug_entry(struct target *target)
413 {
414 uint32_t cp15c15;
415 struct arm920t_common *arm920t = target_to_arm920(target);
416 int retval;
417
418 /* examine cp15 control reg */
419 retval = arm920t_read_cp15_physical(target,
420 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
421 if (retval != ERROR_OK)
422 return retval;
423 retval = jtag_execute_queue();
424 if (retval != ERROR_OK)
425 return retval;
426 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
427
428 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
429 {
430 uint32_t cache_type_reg;
431 /* identify caches */
432 retval = arm920t_read_cp15_physical(target,
433 CP15PHYS_CACHETYPE, &cache_type_reg);
434 if (retval != ERROR_OK)
435 return retval;
436 retval = jtag_execute_queue();
437 if (retval != ERROR_OK)
438 return retval;
439 armv4_5_identify_cache(cache_type_reg,
440 &arm920t->armv4_5_mmu.armv4_5_cache);
441 }
442
443 arm920t->armv4_5_mmu.mmu_enabled =
444 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
445 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
446 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
447 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
448 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
449
450 /* save i/d fault status and address register */
451 /* FIXME use opcode macros */
452 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
453 if (retval != ERROR_OK)
454 return retval;
455 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
456 if (retval != ERROR_OK)
457 return retval;
458 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
459 if (retval != ERROR_OK)
460 return retval;
461 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
462 if (retval != ERROR_OK)
463 return retval;
464
465 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
466 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
467 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
468
469 if (arm920t->preserve_cache)
470 {
471 /* read-modify-write CP15 test state register
472 * to disable I/D-cache linefills */
473 retval = arm920t_read_cp15_physical(target,
474 CP15PHYS_TESTSTATE, &cp15c15);
475 if (retval != ERROR_OK)
476 return retval;
477 retval = jtag_execute_queue();
478 if (retval != ERROR_OK)
479 return retval;
480 cp15c15 |= 0x600;
481 retval = arm920t_write_cp15_physical(target,
482 CP15PHYS_TESTSTATE, cp15c15);
483 if (retval != ERROR_OK)
484 return retval;
485 }
486 return ERROR_OK;
487 }
488
489 // EXPORTED to FA256
490 void arm920t_pre_restore_context(struct target *target)
491 {
492 uint32_t cp15c15;
493 struct arm920t_common *arm920t = target_to_arm920(target);
494
495 /* restore i/d fault status and address register */
496 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
497 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
498 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
499 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
500
501 /* read-modify-write CP15 test state register
502 * to reenable I/D-cache linefills */
503 if (arm920t->preserve_cache)
504 {
505 arm920t_read_cp15_physical(target,
506 CP15PHYS_TESTSTATE, &cp15c15);
507 jtag_execute_queue();
508 cp15c15 &= ~0x600U;
509 arm920t_write_cp15_physical(target,
510 CP15PHYS_TESTSTATE, cp15c15);
511 }
512 }
513
514 static const char arm920_not[] = "target is not an ARM920";
515
516 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
517 struct arm920t_common *arm920t)
518 {
519 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
520 command_print(cmd_ctx, arm920_not);
521 return ERROR_TARGET_INVALID;
522 }
523
524 return ERROR_OK;
525 }
526
527 /** Logs summary of ARM920 state for a halted target. */
528 int arm920t_arch_state(struct target *target)
529 {
530 static const char *state[] =
531 {
532 "disabled", "enabled"
533 };
534
535 struct arm920t_common *arm920t = target_to_arm920(target);
536
537 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
538 {
539 LOG_ERROR("BUG: %s", arm920_not);
540 return ERROR_TARGET_INVALID;
541 }
542
543 arm_arch_state(target);
544 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
545 state[arm920t->armv4_5_mmu.mmu_enabled],
546 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
547 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
548
549 return ERROR_OK;
550 }
551
552 static int arm920_mmu(struct target *target, int *enabled)
553 {
554 if (target->state != TARGET_HALTED) {
555 LOG_ERROR("%s: target not halted", __func__);
556 return ERROR_TARGET_INVALID;
557 }
558
559 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
560 return ERROR_OK;
561 }
562
563 static int arm920_virt2phys(struct target *target,
564 uint32_t virt, uint32_t *phys)
565 {
566 uint32_t cb;
567 struct arm920t_common *arm920t = target_to_arm920(target);
568
569 uint32_t ret;
570 int retval = armv4_5_mmu_translate_va(target,
571 &arm920t->armv4_5_mmu, virt, &cb, &ret);
572 if (retval != ERROR_OK)
573 return retval;
574 *phys = ret;
575 return ERROR_OK;
576 }
577
578 /** Reads a buffer, in the specified word size, with current MMU settings. */
579 int arm920t_read_memory(struct target *target, uint32_t address,
580 uint32_t size, uint32_t count, uint8_t *buffer)
581 {
582 int retval;
583
584 retval = arm7_9_read_memory(target, address, size, count, buffer);
585
586 return retval;
587 }
588
589
590 static int arm920t_read_phys_memory(struct target *target,
591 uint32_t address, uint32_t size,
592 uint32_t count, uint8_t *buffer)
593 {
594 struct arm920t_common *arm920t = target_to_arm920(target);
595
596 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
597 address, size, count, buffer);
598 }
599
600 static int arm920t_write_phys_memory(struct target *target,
601 uint32_t address, uint32_t size,
602 uint32_t count, const uint8_t *buffer)
603 {
604 struct arm920t_common *arm920t = target_to_arm920(target);
605
606 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
607 address, size, count, buffer);
608 }
609
610
611 /** Writes a buffer, in the specified word size, with current MMU settings. */
612 int arm920t_write_memory(struct target *target, uint32_t address,
613 uint32_t size, uint32_t count, const uint8_t *buffer)
614 {
615 int retval;
616 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
617 struct arm920t_common *arm920t = target_to_arm920(target);
618
619 /* FIX!!!! this should be cleaned up and made much more general. The
620 * plan is to write up and test on arm920t specifically and
621 * then generalize and clean up afterwards.
622 *
623 * Also it should be moved to the callbacks that handle breakpoints
624 * specifically and not the generic memory write fn's. See XScale code.
625 */
626 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
627 ((size==2) || (size==4)))
628 {
629 /* special case the handling of single word writes to
630 * bypass MMU, to allow implementation of breakpoints
631 * in memory marked read only
632 * by MMU
633 */
634 uint32_t cb;
635 uint32_t pa;
636
637 /*
638 * We need physical address and cb
639 */
640 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
641 address, &cb, &pa);
642 if (retval != ERROR_OK)
643 return retval;
644
645 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
646 {
647 if (cb & 0x1)
648 {
649 LOG_DEBUG("D-Cache buffered, "
650 "drain write buffer");
651 /*
652 * Buffered ?
653 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
654 */
655
656 retval = arm920t_write_cp15_interpreted(target,
657 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
658 0x0, 0);
659 if (retval != ERROR_OK)
660 return retval;
661 }
662
663 if (cb == 0x3)
664 {
665 /*
666 * Write back memory ? -> clean cache
667 *
668 * There is no way to clean cache lines using
669 * cp15 scan chain, so copy the full cache
670 * line from cache to physical memory.
671 */
672 uint8_t data[32];
673
674 LOG_DEBUG("D-Cache in 'write back' mode, "
675 "flush cache line");
676
677 retval = target_read_memory(target,
678 address & cache_mask, 1,
679 sizeof(data), &data[0]);
680 if (retval != ERROR_OK)
681 return retval;
682
683 retval = armv4_5_mmu_write_physical(target,
684 &arm920t->armv4_5_mmu,
685 pa & cache_mask, 1,
686 sizeof(data), &data[0]);
687 if (retval != ERROR_OK)
688 return retval;
689 }
690
691 /* Cached ? */
692 if (cb & 0x2)
693 {
694 /*
695 * Cached ? -> Invalidate data cache using MVA
696 *
697 * MCR p15,0,Rd,c7,c6,1
698 */
699 LOG_DEBUG("D-Cache enabled, "
700 "invalidate cache line");
701
702 retval = arm920t_write_cp15_interpreted(target,
703 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
704 address & cache_mask);
705 if (retval != ERROR_OK)
706 return retval;
707 }
708 }
709
710 /* write directly to physical memory,
711 * bypassing any read only MMU bits, etc.
712 */
713 retval = armv4_5_mmu_write_physical(target,
714 &arm920t->armv4_5_mmu, pa, size,
715 count, buffer);
716 if (retval != ERROR_OK)
717 return retval;
718 } else
719 {
720 if ((retval = arm7_9_write_memory(target, address,
721 size, count, buffer)) != ERROR_OK)
722 return retval;
723 }
724
725 /* If ICache is enabled, we have to invalidate affected ICache lines
726 * the DCache is forced to write-through,
727 * so we don't have to clean it here
728 */
729 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
730 {
731 if (count <= 1)
732 {
733 /* invalidate ICache single entry with MVA
734 * mcr 15, 0, r0, cr7, cr5, {1}
735 */
736 LOG_DEBUG("I-Cache enabled, "
737 "invalidating affected I-Cache line");
738 retval = arm920t_write_cp15_interpreted(target,
739 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
740 0x0, address & cache_mask);
741 if (retval != ERROR_OK)
742 return retval;
743 }
744 else
745 {
746 /* invalidate ICache
747 * mcr 15, 0, r0, cr7, cr5, {0}
748 */
749 retval = arm920t_write_cp15_interpreted(target,
750 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
751 0x0, 0x0);
752 if (retval != ERROR_OK)
753 return retval;
754 }
755 }
756
757 return ERROR_OK;
758 }
759
760 // EXPORTED to FA256
761 int arm920t_soft_reset_halt(struct target *target)
762 {
763 int retval = ERROR_OK;
764 struct arm920t_common *arm920t = target_to_arm920(target);
765 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
766 struct arm *armv4_5 = &arm7_9->armv4_5_common;
767 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
768
769 if ((retval = target_halt(target)) != ERROR_OK)
770 {
771 return retval;
772 }
773
774 long long then = timeval_ms();
775 int timeout;
776 while (!(timeout = ((timeval_ms()-then) > 1000)))
777 {
778 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
779 == 0)
780 {
781 embeddedice_read_reg(dbg_stat);
782 if ((retval = jtag_execute_queue()) != ERROR_OK)
783 {
784 return retval;
785 }
786 } else
787 {
788 break;
789 }
790 if (debug_level >= 3)
791 {
792 /* do not eat all CPU, time out after 1 se*/
793 alive_sleep(100);
794 } else
795 {
796 keep_alive();
797 }
798 }
799 if (timeout)
800 {
801 LOG_ERROR("Failed to halt CPU after 1 sec");
802 return ERROR_TARGET_TIMEOUT;
803 }
804
805 target->state = TARGET_HALTED;
806
807 /* SVC, ARM state, IRQ and FIQ disabled */
808 uint32_t cpsr;
809
810 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
811 cpsr &= ~0xff;
812 cpsr |= 0xd3;
813 arm_set_cpsr(armv4_5, cpsr);
814 armv4_5->cpsr->dirty = 1;
815
816 /* start fetching from 0x0 */
817 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
818 armv4_5->pc->dirty = 1;
819 armv4_5->pc->valid = 1;
820
821 arm920t_disable_mmu_caches(target, 1, 1, 1);
822 arm920t->armv4_5_mmu.mmu_enabled = 0;
823 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
824 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
825
826 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
827 }
828
829 /* FIXME remove forward decls */
830 static int arm920t_mrc(struct target *target, int cpnum,
831 uint32_t op1, uint32_t op2,
832 uint32_t CRn, uint32_t CRm,
833 uint32_t *value);
834 static int arm920t_mcr(struct target *target, int cpnum,
835 uint32_t op1, uint32_t op2,
836 uint32_t CRn, uint32_t CRm,
837 uint32_t value);
838
839 static int arm920t_init_arch_info(struct target *target,
840 struct arm920t_common *arm920t, struct jtag_tap *tap)
841 {
842 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
843
844 arm7_9->armv4_5_common.mrc = arm920t_mrc;
845 arm7_9->armv4_5_common.mcr = arm920t_mcr;
846
847 /* initialize arm7/arm9 specific info (including armv4_5) */
848 arm9tdmi_init_arch_info(target, arm7_9, tap);
849
850 arm920t->common_magic = ARM920T_COMMON_MAGIC;
851
852 arm7_9->post_debug_entry = arm920t_post_debug_entry;
853 arm7_9->pre_restore_context = arm920t_pre_restore_context;
854
855 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
856 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
857 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
858 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
859 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
860 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
861 arm920t->armv4_5_mmu.has_tiny_pages = 1;
862 arm920t->armv4_5_mmu.mmu_enabled = 0;
863
864 /* disabling linefills leads to lockups, so keep them enabled for now
865 * this doesn't affect correctness, but might affect timing issues, if
866 * important data is evicted from the cache during the debug session
867 * */
868 arm920t->preserve_cache = 0;
869
870 /* override hw single-step capability from ARM9TDMI */
871 arm7_9->has_single_step = 1;
872
873 return ERROR_OK;
874 }
875
876 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
877 {
878 struct arm920t_common *arm920t;
879
880 arm920t = calloc(1,sizeof(struct arm920t_common));
881 return arm920t_init_arch_info(target, arm920t, target->tap);
882 }
883
884 COMMAND_HANDLER(arm920t_handle_read_cache_command)
885 {
886 int retval = ERROR_OK;
887 struct target *target = get_current_target(CMD_CTX);
888 struct arm920t_common *arm920t = target_to_arm920(target);
889 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
890 struct arm *armv4_5 = &arm7_9->armv4_5_common;
891 uint32_t cp15c15;
892 uint32_t cp15_ctrl, cp15_ctrl_saved;
893 uint32_t regs[16];
894 uint32_t *regs_p[16];
895 uint32_t C15_C_D_Ind, C15_C_I_Ind;
896 int i;
897 FILE *output;
898 int segment, index_t;
899 struct reg *r;
900
901 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
902 if (retval != ERROR_OK)
903 return retval;
904
905 if (CMD_ARGC != 1)
906 {
907 return ERROR_COMMAND_SYNTAX_ERROR;
908 }
909
910 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
911 {
912 LOG_DEBUG("error opening cache content file");
913 return ERROR_OK;
914 }
915
916 for (i = 0; i < 16; i++)
917 regs_p[i] = &regs[i];
918
919 /* disable MMU and Caches */
920 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
921 if ((retval = jtag_execute_queue()) != ERROR_OK)
922 {
923 return retval;
924 }
925 cp15_ctrl_saved = cp15_ctrl;
926 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
927 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
928 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
929
930 /* read CP15 test state register */
931 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
932 jtag_execute_queue();
933
934 /* read DCache content */
935 fprintf(output, "DCache:\n");
936
937 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
938 for (segment = 0;
939 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
940 segment++)
941 {
942 fprintf(output, "\nsegment: %i\n----------", segment);
943
944 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
945 regs[0] = 0x0 | (segment << 5);
946 arm9tdmi_write_core_regs(target, 0x1, regs);
947
948 /* set interpret mode */
949 cp15c15 |= 0x1;
950 arm920t_write_cp15_physical(target,
951 CP15PHYS_TESTSTATE, cp15c15);
952
953 /* D CAM Read, loads current victim into C15.C.D.Ind */
954 arm920t_execute_cp15(target,
955 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
956
957 /* read current victim */
958 arm920t_read_cp15_physical(target,
959 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
960
961 /* clear interpret mode */
962 cp15c15 &= ~0x1;
963 arm920t_write_cp15_physical(target,
964 CP15PHYS_TESTSTATE, cp15c15);
965
966 for (index_t = 0; index_t < 64; index_t++)
967 {
968 /* Ra:
969 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
970 */
971 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
972 arm9tdmi_write_core_regs(target, 0x1, regs);
973
974 /* set interpret mode */
975 cp15c15 |= 0x1;
976 arm920t_write_cp15_physical(target,
977 CP15PHYS_TESTSTATE, cp15c15);
978
979 /* Write DCache victim */
980 arm920t_execute_cp15(target,
981 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
982
983 /* Read D RAM */
984 arm920t_execute_cp15(target,
985 ARMV4_5_MCR(15,2,0,15,10,2),
986 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
987
988 /* Read D CAM */
989 arm920t_execute_cp15(target,
990 ARMV4_5_MCR(15,2,0,15,6,2),
991 ARMV4_5_LDR(9, 0));
992
993 /* clear interpret mode */
994 cp15c15 &= ~0x1;
995 arm920t_write_cp15_physical(target,
996 CP15PHYS_TESTSTATE, cp15c15);
997
998 /* read D RAM and CAM content */
999 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1000 if ((retval = jtag_execute_queue()) != ERROR_OK)
1001 {
1002 return retval;
1003 }
1004
1005 /* mask LFSR[6] */
1006 regs[9] &= 0xfffffffe;
1007 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
1008 PRIx32 ", content (%s):\n",
1009 segment, index_t, regs[9],
1010 (regs[9] & 0x10) ? "valid" : "invalid");
1011
1012 for (i = 1; i < 9; i++)
1013 {
1014 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1015 i-1, regs[i]);
1016 }
1017
1018 }
1019
1020 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1021 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1022 arm9tdmi_write_core_regs(target, 0x1, regs);
1023
1024 /* set interpret mode */
1025 cp15c15 |= 0x1;
1026 arm920t_write_cp15_physical(target,
1027 CP15PHYS_TESTSTATE, cp15c15);
1028
1029 /* Write DCache victim */
1030 arm920t_execute_cp15(target,
1031 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1032
1033 /* clear interpret mode */
1034 cp15c15 &= ~0x1;
1035 arm920t_write_cp15_physical(target,
1036 CP15PHYS_TESTSTATE, cp15c15);
1037 }
1038
1039 /* read ICache content */
1040 fprintf(output, "ICache:\n");
1041
1042 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1043 for (segment = 0;
1044 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1045 segment++)
1046 {
1047 fprintf(output, "segment: %i\n----------", segment);
1048
1049 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1050 regs[0] = 0x0 | (segment << 5);
1051 arm9tdmi_write_core_regs(target, 0x1, regs);
1052
1053 /* set interpret mode */
1054 cp15c15 |= 0x1;
1055 arm920t_write_cp15_physical(target,
1056 CP15PHYS_TESTSTATE, cp15c15);
1057
1058 /* I CAM Read, loads current victim into C15.C.I.Ind */
1059 arm920t_execute_cp15(target,
1060 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1061
1062 /* read current victim */
1063 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1064 &C15_C_I_Ind);
1065
1066 /* clear interpret mode */
1067 cp15c15 &= ~0x1;
1068 arm920t_write_cp15_physical(target,
1069 CP15PHYS_TESTSTATE, cp15c15);
1070
1071 for (index_t = 0; index_t < 64; index_t++)
1072 {
1073 /* Ra:
1074 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1075 */
1076 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1077 arm9tdmi_write_core_regs(target, 0x1, regs);
1078
1079 /* set interpret mode */
1080 cp15c15 |= 0x1;
1081 arm920t_write_cp15_physical(target,
1082 CP15PHYS_TESTSTATE, cp15c15);
1083
1084 /* Write ICache victim */
1085 arm920t_execute_cp15(target,
1086 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1087
1088 /* Read I RAM */
1089 arm920t_execute_cp15(target,
1090 ARMV4_5_MCR(15,2,0,15,9,2),
1091 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1092
1093 /* Read I CAM */
1094 arm920t_execute_cp15(target,
1095 ARMV4_5_MCR(15,2,0,15,5,2),
1096 ARMV4_5_LDR(9, 0));
1097
1098 /* clear interpret mode */
1099 cp15c15 &= ~0x1;
1100 arm920t_write_cp15_physical(target,
1101 CP15PHYS_TESTSTATE, cp15c15);
1102
1103 /* read I RAM and CAM content */
1104 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1105 if ((retval = jtag_execute_queue()) != ERROR_OK)
1106 {
1107 return retval;
1108 }
1109
1110 /* mask LFSR[6] */
1111 regs[9] &= 0xfffffffe;
1112 fprintf(output, "\nsegment: %i, index: %i, "
1113 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1114 segment, index_t, regs[9],
1115 (regs[9] & 0x10) ? "valid" : "invalid");
1116
1117 for (i = 1; i < 9; i++)
1118 {
1119 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1120 i-1, regs[i]);
1121 }
1122 }
1123
1124 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1125 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1126 arm9tdmi_write_core_regs(target, 0x1, regs);
1127
1128 /* set interpret mode */
1129 cp15c15 |= 0x1;
1130 arm920t_write_cp15_physical(target,
1131 CP15PHYS_TESTSTATE, cp15c15);
1132
1133 /* Write ICache victim */
1134 arm920t_execute_cp15(target,
1135 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1136
1137 /* clear interpret mode */
1138 cp15c15 &= ~0x1;
1139 arm920t_write_cp15_physical(target,
1140 CP15PHYS_TESTSTATE, cp15c15);
1141 }
1142
1143 /* restore CP15 MMU and Cache settings */
1144 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1145
1146 command_print(CMD_CTX, "cache content successfully output to %s",
1147 CMD_ARGV[0]);
1148
1149 fclose(output);
1150
1151 if (!is_arm_mode(armv4_5->core_mode))
1152 {
1153 LOG_ERROR("not a valid arm core mode - communication failure?");
1154 return ERROR_FAIL;
1155 }
1156
1157 /* force writeback of the valid data */
1158 r = armv4_5->core_cache->reg_list;
1159 r[0].dirty = r[0].valid;
1160 r[1].dirty = r[1].valid;
1161 r[2].dirty = r[2].valid;
1162 r[3].dirty = r[3].valid;
1163 r[4].dirty = r[4].valid;
1164 r[5].dirty = r[5].valid;
1165 r[6].dirty = r[6].valid;
1166 r[7].dirty = r[7].valid;
1167
1168 r = arm_reg_current(armv4_5, 8);
1169 r->dirty = r->valid;
1170
1171 r = arm_reg_current(armv4_5, 9);
1172 r->dirty = r->valid;
1173
1174 return ERROR_OK;
1175 }
1176
1177 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1178 {
1179 int retval = ERROR_OK;
1180 struct target *target = get_current_target(CMD_CTX);
1181 struct arm920t_common *arm920t = target_to_arm920(target);
1182 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1183 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1184 uint32_t cp15c15;
1185 uint32_t cp15_ctrl, cp15_ctrl_saved;
1186 uint32_t regs[16];
1187 uint32_t *regs_p[16];
1188 int i;
1189 FILE *output;
1190 uint32_t Dlockdown, Ilockdown;
1191 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1192 int victim;
1193 struct reg *r;
1194
1195 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1196 if (retval != ERROR_OK)
1197 return retval;
1198
1199 if (CMD_ARGC != 1)
1200 {
1201 return ERROR_COMMAND_SYNTAX_ERROR;
1202 }
1203
1204 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1205 {
1206 LOG_DEBUG("error opening mmu content file");
1207 return ERROR_OK;
1208 }
1209
1210 for (i = 0; i < 16; i++)
1211 regs_p[i] = &regs[i];
1212
1213 /* disable MMU and Caches */
1214 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1215 if ((retval = jtag_execute_queue()) != ERROR_OK)
1216 {
1217 return retval;
1218 }
1219 cp15_ctrl_saved = cp15_ctrl;
1220 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1221 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1222 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1223
1224 /* read CP15 test state register */
1225 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1226 if ((retval = jtag_execute_queue()) != ERROR_OK)
1227 {
1228 return retval;
1229 }
1230
1231 /* prepare reading D TLB content
1232 * */
1233
1234 /* set interpret mode */
1235 cp15c15 |= 0x1;
1236 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1237
1238 /* Read D TLB lockdown */
1239 arm920t_execute_cp15(target,
1240 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1241
1242 /* clear interpret mode */
1243 cp15c15 &= ~0x1;
1244 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1245
1246 /* read D TLB lockdown stored to r1 */
1247 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1248 if ((retval = jtag_execute_queue()) != ERROR_OK)
1249 {
1250 return retval;
1251 }
1252 Dlockdown = regs[1];
1253
1254 for (victim = 0; victim < 64; victim += 8)
1255 {
1256 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1257 * base remains unchanged, victim goes through entries 0 to 63
1258 */
1259 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1260 arm9tdmi_write_core_regs(target, 0x2, regs);
1261
1262 /* set interpret mode */
1263 cp15c15 |= 0x1;
1264 arm920t_write_cp15_physical(target,
1265 CP15PHYS_TESTSTATE, cp15c15);
1266
1267 /* Write D TLB lockdown */
1268 arm920t_execute_cp15(target,
1269 ARMV4_5_MCR(15,0,0,10,0,0),
1270 ARMV4_5_STR(1, 0));
1271
1272 /* Read D TLB CAM */
1273 arm920t_execute_cp15(target,
1274 ARMV4_5_MCR(15,4,0,15,6,4),
1275 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1276
1277 /* clear interpret mode */
1278 cp15c15 &= ~0x1;
1279 arm920t_write_cp15_physical(target,
1280 CP15PHYS_TESTSTATE, cp15c15);
1281
1282 /* read D TLB CAM content stored to r2-r9 */
1283 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1284 if ((retval = jtag_execute_queue()) != ERROR_OK)
1285 {
1286 return retval;
1287 }
1288
1289 for (i = 0; i < 8; i++)
1290 d_tlb[victim + i].cam = regs[i + 2];
1291 }
1292
1293 for (victim = 0; victim < 64; victim++)
1294 {
1295 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1296 * base remains unchanged, victim goes through entries 0 to 63
1297 */
1298 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1299 arm9tdmi_write_core_regs(target, 0x2, regs);
1300
1301 /* set interpret mode */
1302 cp15c15 |= 0x1;
1303 arm920t_write_cp15_physical(target,
1304 CP15PHYS_TESTSTATE, cp15c15);
1305
1306 /* Write D TLB lockdown */
1307 arm920t_execute_cp15(target,
1308 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1309
1310 /* Read D TLB RAM1 */
1311 arm920t_execute_cp15(target,
1312 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1313
1314 /* Read D TLB RAM2 */
1315 arm920t_execute_cp15(target,
1316 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1317
1318 /* clear interpret mode */
1319 cp15c15 &= ~0x1;
1320 arm920t_write_cp15_physical(target,
1321 CP15PHYS_TESTSTATE, cp15c15);
1322
1323 /* read D TLB RAM content stored to r2 and r3 */
1324 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1325 if ((retval = jtag_execute_queue()) != ERROR_OK)
1326 {
1327 return retval;
1328 }
1329
1330 d_tlb[victim].ram1 = regs[2];
1331 d_tlb[victim].ram2 = regs[3];
1332 }
1333
1334 /* restore D TLB lockdown */
1335 regs[1] = Dlockdown;
1336 arm9tdmi_write_core_regs(target, 0x2, regs);
1337
1338 /* Write D TLB lockdown */
1339 arm920t_execute_cp15(target,
1340 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1341
1342 /* prepare reading I TLB content
1343 * */
1344
1345 /* set interpret mode */
1346 cp15c15 |= 0x1;
1347 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1348
1349 /* Read I TLB lockdown */
1350 arm920t_execute_cp15(target,
1351 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1352
1353 /* clear interpret mode */
1354 cp15c15 &= ~0x1;
1355 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1356
1357 /* read I TLB lockdown stored to r1 */
1358 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1359 if ((retval = jtag_execute_queue()) != ERROR_OK)
1360 {
1361 return retval;
1362 }
1363 Ilockdown = regs[1];
1364
1365 for (victim = 0; victim < 64; victim += 8)
1366 {
1367 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1368 * base remains unchanged, victim goes through entries 0 to 63
1369 */
1370 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1371 arm9tdmi_write_core_regs(target, 0x2, regs);
1372
1373 /* set interpret mode */
1374 cp15c15 |= 0x1;
1375 arm920t_write_cp15_physical(target,
1376 CP15PHYS_TESTSTATE, cp15c15);
1377
1378 /* Write I TLB lockdown */
1379 arm920t_execute_cp15(target,
1380 ARMV4_5_MCR(15,0,0,10,0,1),
1381 ARMV4_5_STR(1, 0));
1382
1383 /* Read I TLB CAM */
1384 arm920t_execute_cp15(target,
1385 ARMV4_5_MCR(15,4,0,15,5,4),
1386 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1387
1388 /* clear interpret mode */
1389 cp15c15 &= ~0x1;
1390 arm920t_write_cp15_physical(target,
1391 CP15PHYS_TESTSTATE, cp15c15);
1392
1393 /* read I TLB CAM content stored to r2-r9 */
1394 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1395 if ((retval = jtag_execute_queue()) != ERROR_OK)
1396 {
1397 return retval;
1398 }
1399
1400 for (i = 0; i < 8; i++)
1401 i_tlb[i + victim].cam = regs[i + 2];
1402 }
1403
1404 for (victim = 0; victim < 64; victim++)
1405 {
1406 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1407 * base remains unchanged, victim goes through entries 0 to 63
1408 */
1409 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1410 arm9tdmi_write_core_regs(target, 0x2, regs);
1411
1412 /* set interpret mode */
1413 cp15c15 |= 0x1;
1414 arm920t_write_cp15_physical(target,
1415 CP15PHYS_TESTSTATE, cp15c15);
1416
1417 /* Write I TLB lockdown */
1418 arm920t_execute_cp15(target,
1419 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1420
1421 /* Read I TLB RAM1 */
1422 arm920t_execute_cp15(target,
1423 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1424
1425 /* Read I TLB RAM2 */
1426 arm920t_execute_cp15(target,
1427 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1428
1429 /* clear interpret mode */
1430 cp15c15 &= ~0x1;
1431 arm920t_write_cp15_physical(target,
1432 CP15PHYS_TESTSTATE, cp15c15);
1433
1434 /* read I TLB RAM content stored to r2 and r3 */
1435 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1436 if ((retval = jtag_execute_queue()) != ERROR_OK)
1437 {
1438 return retval;
1439 }
1440
1441 i_tlb[victim].ram1 = regs[2];
1442 i_tlb[victim].ram2 = regs[3];
1443 }
1444
1445 /* restore I TLB lockdown */
1446 regs[1] = Ilockdown;
1447 arm9tdmi_write_core_regs(target, 0x2, regs);
1448
1449 /* Write I TLB lockdown */
1450 arm920t_execute_cp15(target,
1451 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1452
1453 /* restore CP15 MMU and Cache settings */
1454 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1455
1456 /* output data to file */
1457 fprintf(output, "D TLB content:\n");
1458 for (i = 0; i < 64; i++)
1459 {
1460 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1461 " 0x%8.8" PRIx32 " %s\n",
1462 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1463 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1464 }
1465
1466 fprintf(output, "\n\nI TLB content:\n");
1467 for (i = 0; i < 64; i++)
1468 {
1469 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1470 " 0x%8.8" PRIx32 " %s\n",
1471 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1472 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1473 }
1474
1475 command_print(CMD_CTX, "mmu content successfully output to %s",
1476 CMD_ARGV[0]);
1477
1478 fclose(output);
1479
1480 if (!is_arm_mode(armv4_5->core_mode))
1481 {
1482 LOG_ERROR("not a valid arm core mode - communication failure?");
1483 return ERROR_FAIL;
1484 }
1485
1486 /* force writeback of the valid data */
1487 r = armv4_5->core_cache->reg_list;
1488 r[0].dirty = r[0].valid;
1489 r[1].dirty = r[1].valid;
1490 r[2].dirty = r[2].valid;
1491 r[3].dirty = r[3].valid;
1492 r[4].dirty = r[4].valid;
1493 r[5].dirty = r[5].valid;
1494 r[6].dirty = r[6].valid;
1495 r[7].dirty = r[7].valid;
1496
1497 r = arm_reg_current(armv4_5, 8);
1498 r->dirty = r->valid;
1499
1500 r = arm_reg_current(armv4_5, 9);
1501 r->dirty = r->valid;
1502
1503 return ERROR_OK;
1504 }
1505
1506 COMMAND_HANDLER(arm920t_handle_cp15_command)
1507 {
1508 int retval;
1509 struct target *target = get_current_target(CMD_CTX);
1510 struct arm920t_common *arm920t = target_to_arm920(target);
1511
1512 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1513 if (retval != ERROR_OK)
1514 return retval;
1515
1516 if (target->state != TARGET_HALTED)
1517 {
1518 command_print(CMD_CTX, "target must be stopped for "
1519 "\"%s\" command", CMD_NAME);
1520 return ERROR_OK;
1521 }
1522
1523 /* one argument, read a register.
1524 * two arguments, write it.
1525 */
1526 if (CMD_ARGC >= 1)
1527 {
1528 int address;
1529 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1530
1531 if (CMD_ARGC == 1)
1532 {
1533 uint32_t value;
1534 if ((retval = arm920t_read_cp15_physical(target,
1535 address, &value)) != ERROR_OK)
1536 {
1537 command_print(CMD_CTX,
1538 "couldn't access reg %i", address);
1539 return ERROR_OK;
1540 }
1541 if ((retval = jtag_execute_queue()) != ERROR_OK)
1542 {
1543 return retval;
1544 }
1545
1546 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1547 address, value);
1548 }
1549 else if (CMD_ARGC == 2)
1550 {
1551 uint32_t value;
1552 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1553 retval = arm920t_write_cp15_physical(target,
1554 address, value);
1555 if (retval != ERROR_OK)
1556 {
1557 command_print(CMD_CTX,
1558 "couldn't access reg %i", address);
1559 /* REVISIT why lie? "return retval"? */
1560 return ERROR_OK;
1561 }
1562 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1563 address, value);
1564 }
1565 }
1566
1567 return ERROR_OK;
1568 }
1569
1570 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1571 {
1572 int retval;
1573 struct target *target = get_current_target(CMD_CTX);
1574 struct arm920t_common *arm920t = target_to_arm920(target);
1575
1576 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1577 if (retval != ERROR_OK)
1578 return retval;
1579
1580
1581 if (target->state != TARGET_HALTED)
1582 {
1583 command_print(CMD_CTX, "target must be stopped for "
1584 "\"%s\" command", CMD_NAME);
1585 return ERROR_OK;
1586 }
1587
1588 /* one argument, read a register.
1589 * two arguments, write it.
1590 */
1591 if (CMD_ARGC >= 1)
1592 {
1593 uint32_t opcode;
1594 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1595
1596 if (CMD_ARGC == 1)
1597 {
1598 uint32_t value;
1599 retval = arm920t_read_cp15_interpreted(target,
1600 opcode, 0x0, &value);
1601 if (retval != ERROR_OK)
1602 {
1603 command_print(CMD_CTX,
1604 "couldn't execute %8.8" PRIx32,
1605 opcode);
1606 /* REVISIT why lie? "return retval"? */
1607 return ERROR_OK;
1608 }
1609
1610 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1611 opcode, value);
1612 }
1613 else if (CMD_ARGC == 2)
1614 {
1615 uint32_t value;
1616 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1617 retval = arm920t_write_cp15_interpreted(target,
1618 opcode, value, 0);
1619 if (retval != ERROR_OK)
1620 {
1621 command_print(CMD_CTX,
1622 "couldn't execute %8.8" PRIx32,
1623 opcode);
1624 /* REVISIT why lie? "return retval"? */
1625 return ERROR_OK;
1626 }
1627 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1628 opcode, value);
1629 }
1630 else if (CMD_ARGC == 3)
1631 {
1632 uint32_t value;
1633 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1634 uint32_t address;
1635 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1636 retval = arm920t_write_cp15_interpreted(target,
1637 opcode, value, address);
1638 if (retval != ERROR_OK)
1639 {
1640 command_print(CMD_CTX,
1641 "couldn't execute %8.8" PRIx32, opcode);
1642 /* REVISIT why lie? "return retval"? */
1643 return ERROR_OK;
1644 }
1645 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1646 " %8.8" PRIx32, opcode, value, address);
1647 }
1648 }
1649 else
1650 {
1651 return ERROR_COMMAND_SYNTAX_ERROR;
1652 }
1653
1654 return ERROR_OK;
1655 }
1656
1657 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1658 {
1659 int retval;
1660 struct target *target = get_current_target(CMD_CTX);
1661 struct arm920t_common *arm920t = target_to_arm920(target);
1662
1663 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1664 if (retval != ERROR_OK)
1665 return retval;
1666
1667 return armv4_5_handle_cache_info_command(CMD_CTX,
1668 &arm920t->armv4_5_mmu.armv4_5_cache);
1669 }
1670
1671
1672 static int arm920t_mrc(struct target *target, int cpnum,
1673 uint32_t op1, uint32_t op2,
1674 uint32_t CRn, uint32_t CRm,
1675 uint32_t *value)
1676 {
1677 if (cpnum!=15)
1678 {
1679 LOG_ERROR("Only cp15 is supported");
1680 return ERROR_FAIL;
1681 }
1682
1683 /* read "to" r0 */
1684 return arm920t_read_cp15_interpreted(target,
1685 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1686 0, value);
1687 }
1688
1689 static int arm920t_mcr(struct target *target, int cpnum,
1690 uint32_t op1, uint32_t op2,
1691 uint32_t CRn, uint32_t CRm,
1692 uint32_t value)
1693 {
1694 if (cpnum!=15)
1695 {
1696 LOG_ERROR("Only cp15 is supported");
1697 return ERROR_FAIL;
1698 }
1699
1700 /* write "from" r0 */
1701 return arm920t_write_cp15_interpreted(target,
1702 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1703 0, value);
1704 }
1705
1706 static const struct command_registration arm920t_exec_command_handlers[] = {
1707 {
1708 .name = "cp15",
1709 .handler = arm920t_handle_cp15_command,
1710 .mode = COMMAND_EXEC,
1711 .help = "display/modify cp15 register",
1712 .usage = "regnum [value]",
1713 },
1714 {
1715 .name = "cp15i",
1716 .handler = arm920t_handle_cp15i_command,
1717 .mode = COMMAND_EXEC,
1718 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1719 .help = "display/modify cp15 register using ARM opcode"
1720 " (DEPRECATED)",
1721 .usage = "instruction [value [address]]",
1722 },
1723 {
1724 .name = "cache_info",
1725 .handler = arm920t_handle_cache_info_command,
1726 .mode = COMMAND_EXEC,
1727 .usage = "",
1728 .help = "display information about target caches",
1729 },
1730 {
1731 .name = "read_cache",
1732 .handler = arm920t_handle_read_cache_command,
1733 .mode = COMMAND_EXEC,
1734 .help = "dump I/D cache content to file",
1735 .usage = "filename",
1736 },
1737 {
1738 .name = "read_mmu",
1739 .handler = arm920t_handle_read_mmu_command,
1740 .mode = COMMAND_EXEC,
1741 .help = "dump I/D mmu content to file",
1742 .usage = "filename",
1743 },
1744 COMMAND_REGISTRATION_DONE
1745 };
1746 const struct command_registration arm920t_command_handlers[] = {
1747 {
1748 .chain = arm9tdmi_command_handlers,
1749 },
1750 {
1751 .name = "arm920t",
1752 .mode = COMMAND_ANY,
1753 .help = "arm920t command group",
1754 .usage = "",
1755 .chain = arm920t_exec_command_handlers,
1756 },
1757 COMMAND_REGISTRATION_DONE
1758 };
1759
1760 /** Holds methods for ARM920 targets. */
1761 struct target_type arm920t_target =
1762 {
1763 .name = "arm920t",
1764
1765 .poll = arm7_9_poll,
1766 .arch_state = arm920t_arch_state,
1767
1768 .target_request_data = arm7_9_target_request_data,
1769
1770 .halt = arm7_9_halt,
1771 .resume = arm7_9_resume,
1772 .step = arm7_9_step,
1773
1774 .assert_reset = arm7_9_assert_reset,
1775 .deassert_reset = arm7_9_deassert_reset,
1776 .soft_reset_halt = arm920t_soft_reset_halt,
1777
1778 .get_gdb_reg_list = arm_get_gdb_reg_list,
1779
1780 .read_memory = arm920t_read_memory,
1781 .write_memory = arm920t_write_memory,
1782 .read_phys_memory = arm920t_read_phys_memory,
1783 .write_phys_memory = arm920t_write_phys_memory,
1784 .mmu = arm920_mmu,
1785 .virt2phys = arm920_virt2phys,
1786
1787 .bulk_write_memory = arm7_9_bulk_write_memory,
1788
1789 .checksum_memory = arm_checksum_memory,
1790 .blank_check_memory = arm_blank_check_memory,
1791
1792 .run_algorithm = armv4_5_run_algorithm,
1793
1794 .add_breakpoint = arm7_9_add_breakpoint,
1795 .remove_breakpoint = arm7_9_remove_breakpoint,
1796 .add_watchpoint = arm7_9_add_watchpoint,
1797 .remove_watchpoint = arm7_9_remove_watchpoint,
1798
1799 .commands = arm920t_command_handlers,
1800 .target_create = arm920t_target_create,
1801 .init_target = arm9tdmi_init_target,
1802 .examine = arm7_9_examine,
1803 .check_reset = arm7_9_check_reset,
1804 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)