Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
adi_v5: Remove unused features of the DAP and SWD interfaces
[openocd.git] / src / target / arm920t.c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
20 ***************************************************************************/
21
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25
26 #include "arm920t.h"
27 #include <helper/time_support.h>
28 #include "target_type.h"
29 #include "register.h"
30 #include "arm_opcodes.h"
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92 int retval;
93
94 jtag_info = &arm920t->arm7_9_common.jtag_info;
95
96 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
97 if (retval != ERROR_OK)
98 return retval;
99 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
100 if (retval != ERROR_OK)
101 return retval;
102
103 fields[0].num_bits = 1;
104 fields[0].out_value = &access_type_buf;
105 fields[0].in_value = NULL;
106
107 fields[1].num_bits = 32;
108 fields[1].out_value = NULL;
109 fields[1].in_value = NULL;
110
111 fields[2].num_bits = 6;
112 fields[2].out_value = &reg_addr_buf;
113 fields[2].in_value = NULL;
114
115 fields[3].num_bits = 1;
116 fields[3].out_value = &nr_w_buf;
117 fields[3].in_value = NULL;
118
119 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
120
121 fields[1].in_value = (uint8_t *)value;
122
123 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
124
125 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
126
127 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
128 jtag_execute_queue();
129 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
130 #endif
131
132 return ERROR_OK;
133 }
134
135 static int arm920t_write_cp15_physical(struct target *target,
136 int reg_addr, uint32_t value)
137 {
138 struct arm920t_common *arm920t = target_to_arm920(target);
139 struct arm_jtag *jtag_info;
140 struct scan_field fields[4];
141 uint8_t access_type_buf = 1;
142 uint8_t reg_addr_buf = reg_addr & 0x3f;
143 uint8_t nr_w_buf = 1;
144 uint8_t value_buf[4];
145 int retval;
146
147 jtag_info = &arm920t->arm7_9_common.jtag_info;
148
149 buf_set_u32(value_buf, 0, 32, value);
150
151 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
152 if (retval != ERROR_OK)
153 return retval;
154 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
155 if (retval != ERROR_OK)
156 return retval;
157
158 fields[0].num_bits = 1;
159 fields[0].out_value = &access_type_buf;
160 fields[0].in_value = NULL;
161
162 fields[1].num_bits = 32;
163 fields[1].out_value = value_buf;
164 fields[1].in_value = NULL;
165
166 fields[2].num_bits = 6;
167 fields[2].out_value = &reg_addr_buf;
168 fields[2].in_value = NULL;
169
170 fields[3].num_bits = 1;
171 fields[3].out_value = &nr_w_buf;
172 fields[3].in_value = NULL;
173
174 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
175
176 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
177 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
178 #endif
179
180 return ERROR_OK;
181 }
182
183 /* See table 9-10 for scan chain 15 format during interpreted access mode.
184 * If the TESTSTATE register is set for interpreted access, certain CP15
185 * MRC and MCR instructions may be executed through scan chain 15.
186 *
187 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
188 * executed using scan chain 15 interpreted mode.
189 */
190 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
191 uint32_t arm_opcode)
192 {
193 int retval;
194 struct arm920t_common *arm920t = target_to_arm920(target);
195 struct arm_jtag *jtag_info;
196 struct scan_field fields[4];
197 uint8_t access_type_buf = 0; /* interpreted access */
198 uint8_t reg_addr_buf = 0x0;
199 uint8_t nr_w_buf = 0;
200 uint8_t cp15_opcode_buf[4];
201
202 jtag_info = &arm920t->arm7_9_common.jtag_info;
203
204 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
205 if (retval != ERROR_OK)
206 return retval;
207 retval = arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
208 if (retval != ERROR_OK)
209 return retval;
210
211 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
212
213 fields[0].num_bits = 1;
214 fields[0].out_value = &access_type_buf;
215 fields[0].in_value = NULL;
216
217 fields[1].num_bits = 32;
218 fields[1].out_value = cp15_opcode_buf;
219 fields[1].in_value = NULL;
220
221 fields[2].num_bits = 6;
222 fields[2].out_value = &reg_addr_buf;
223 fields[2].in_value = NULL;
224
225 fields[3].num_bits = 1;
226 fields[3].out_value = &nr_w_buf;
227 fields[3].in_value = NULL;
228
229 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
230
231 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
232 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
233 retval = arm7_9_execute_sys_speed(target);
234 if (retval != ERROR_OK)
235 return retval;
236
237 retval = jtag_execute_queue();
238 if (retval != ERROR_OK) {
239 LOG_ERROR("failed executing JTAG queue");
240 return retval;
241 }
242
243 return ERROR_OK;
244 }
245
246 static int arm920t_read_cp15_interpreted(struct target *target,
247 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
248 {
249 struct arm *arm = target_to_arm(target);
250 uint32_t *regs_p[1];
251 uint32_t regs[2];
252 uint32_t cp15c15 = 0x0;
253 struct reg *r = arm->core_cache->reg_list;
254
255 /* load address into R1 */
256 regs[1] = address;
257 arm9tdmi_write_core_regs(target, 0x2, regs);
258
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
262 jtag_execute_queue();
263 cp15c15 |= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
265
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
268
269 /* disable interpreted access mode */
270 cp15c15 &= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
272
273 /* retrieve value from R0 */
274 regs_p[0] = value;
275 arm9tdmi_read_core_regs(target, 0x1, regs_p);
276 jtag_execute_queue();
277
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode, address, *value);
281 #endif
282
283 if (!is_arm_mode(arm->core_mode)) {
284 LOG_ERROR("not a valid arm core mode - communication failure?");
285 return ERROR_FAIL;
286 }
287
288 r[0].dirty = 1;
289 r[1].dirty = 1;
290
291 return ERROR_OK;
292 }
293
294 static
295 int arm920t_write_cp15_interpreted(struct target *target,
296 uint32_t cp15_opcode, uint32_t value, uint32_t address)
297 {
298 uint32_t cp15c15 = 0x0;
299 struct arm *arm = target_to_arm(target);
300 uint32_t regs[2];
301 struct reg *r = arm->core_cache->reg_list;
302
303 /* load value, address into R0, R1 */
304 regs[0] = value;
305 regs[1] = address;
306 arm9tdmi_write_core_regs(target, 0x3, regs);
307
308 /* read-modify-write CP15 test state register
309 * to enable interpreted access mode */
310 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
311 jtag_execute_queue();
312 cp15c15 |= 1; /* set interpret mode */
313 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
314
315 /* execute CP15 instruction and ARM store (writing to coprocessor) */
316 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
317
318 /* disable interpreted access mode */
319 cp15c15 &= ~1U; /* set interpret mode */
320 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
321
322 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
323 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
324 cp15_opcode, value, address);
325 #endif
326
327 if (!is_arm_mode(arm->core_mode)) {
328 LOG_ERROR("not a valid arm core mode - communication failure?");
329 return ERROR_FAIL;
330 }
331
332 r[0].dirty = 1;
333 r[1].dirty = 1;
334
335 return ERROR_OK;
336 }
337
338 /* EXPORTED to FA256 */
339 int arm920t_get_ttb(struct target *target, uint32_t *result)
340 {
341 int retval;
342 uint32_t ttb = 0x0;
343
344 retval = arm920t_read_cp15_interpreted(target,
345 /* FIXME use opcode macro */
346 0xeebf0f51, 0x0, &ttb);
347 if (retval != ERROR_OK)
348 return retval;
349
350 *result = ttb;
351 return ERROR_OK;
352 }
353
354 /* EXPORTED to FA256 */
355 int arm920t_disable_mmu_caches(struct target *target, int mmu,
356 int d_u_cache, int i_cache)
357 {
358 uint32_t cp15_control;
359 int retval;
360
361 /* read cp15 control register */
362 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
363 if (retval != ERROR_OK)
364 return retval;
365 retval = jtag_execute_queue();
366 if (retval != ERROR_OK)
367 return retval;
368
369 if (mmu)
370 cp15_control &= ~0x1U;
371
372 if (d_u_cache)
373 cp15_control &= ~0x4U;
374
375 if (i_cache)
376 cp15_control &= ~0x1000U;
377
378 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
379 return retval;
380 }
381
382 /* EXPORTED to FA256 */
383 int arm920t_enable_mmu_caches(struct target *target, int mmu,
384 int d_u_cache, int i_cache)
385 {
386 uint32_t cp15_control;
387 int retval;
388
389 /* read cp15 control register */
390 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
391 if (retval != ERROR_OK)
392 return retval;
393 retval = jtag_execute_queue();
394 if (retval != ERROR_OK)
395 return retval;
396
397 if (mmu)
398 cp15_control |= 0x1U;
399
400 if (d_u_cache)
401 cp15_control |= 0x4U;
402
403 if (i_cache)
404 cp15_control |= 0x1000U;
405
406 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
407 return retval;
408 }
409
410 /* EXPORTED to FA256 */
411 int arm920t_post_debug_entry(struct target *target)
412 {
413 uint32_t cp15c15;
414 struct arm920t_common *arm920t = target_to_arm920(target);
415 int retval;
416
417 /* examine cp15 control reg */
418 retval = arm920t_read_cp15_physical(target,
419 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
420 if (retval != ERROR_OK)
421 return retval;
422 retval = jtag_execute_queue();
423 if (retval != ERROR_OK)
424 return retval;
425 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
426
427 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1) {
428 uint32_t cache_type_reg;
429 /* identify caches */
430 retval = arm920t_read_cp15_physical(target,
431 CP15PHYS_CACHETYPE, &cache_type_reg);
432 if (retval != ERROR_OK)
433 return retval;
434 retval = jtag_execute_queue();
435 if (retval != ERROR_OK)
436 return retval;
437 armv4_5_identify_cache(cache_type_reg,
438 &arm920t->armv4_5_mmu.armv4_5_cache);
439 }
440
441 arm920t->armv4_5_mmu.mmu_enabled =
442 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
443 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
444 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
445 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
446 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
447
448 /* save i/d fault status and address register
449 * FIXME use opcode macros */
450 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
451 if (retval != ERROR_OK)
452 return retval;
453 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
454 if (retval != ERROR_OK)
455 return retval;
456 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
457 if (retval != ERROR_OK)
458 return retval;
459 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
460 if (retval != ERROR_OK)
461 return retval;
462
463 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
464 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
465 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
466
467 if (arm920t->preserve_cache) {
468 /* read-modify-write CP15 test state register
469 * to disable I/D-cache linefills */
470 retval = arm920t_read_cp15_physical(target,
471 CP15PHYS_TESTSTATE, &cp15c15);
472 if (retval != ERROR_OK)
473 return retval;
474 retval = jtag_execute_queue();
475 if (retval != ERROR_OK)
476 return retval;
477 cp15c15 |= 0x600;
478 retval = arm920t_write_cp15_physical(target,
479 CP15PHYS_TESTSTATE, cp15c15);
480 if (retval != ERROR_OK)
481 return retval;
482 }
483 return ERROR_OK;
484 }
485
486 /* EXPORTED to FA256 */
487 void arm920t_pre_restore_context(struct target *target)
488 {
489 uint32_t cp15c15;
490 struct arm920t_common *arm920t = target_to_arm920(target);
491
492 /* restore i/d fault status and address register */
493 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
494 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
495 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
496 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
497
498 /* read-modify-write CP15 test state register
499 * to reenable I/D-cache linefills */
500 if (arm920t->preserve_cache) {
501 arm920t_read_cp15_physical(target,
502 CP15PHYS_TESTSTATE, &cp15c15);
503 jtag_execute_queue();
504 cp15c15 &= ~0x600U;
505 arm920t_write_cp15_physical(target,
506 CP15PHYS_TESTSTATE, cp15c15);
507 }
508 }
509
510 static const char arm920_not[] = "target is not an ARM920";
511
512 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
513 struct arm920t_common *arm920t)
514 {
515 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
516 command_print(cmd_ctx, arm920_not);
517 return ERROR_TARGET_INVALID;
518 }
519
520 return ERROR_OK;
521 }
522
523 /** Logs summary of ARM920 state for a halted target. */
524 int arm920t_arch_state(struct target *target)
525 {
526 static const char *state[] = {
527 "disabled", "enabled"
528 };
529
530 struct arm920t_common *arm920t = target_to_arm920(target);
531
532 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
533 LOG_ERROR("BUG: %s", arm920_not);
534 return ERROR_TARGET_INVALID;
535 }
536
537 arm_arch_state(target);
538 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
539 state[arm920t->armv4_5_mmu.mmu_enabled],
540 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
541 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
542
543 return ERROR_OK;
544 }
545
546 static int arm920_mmu(struct target *target, int *enabled)
547 {
548 if (target->state != TARGET_HALTED) {
549 LOG_ERROR("%s: target not halted", __func__);
550 return ERROR_TARGET_INVALID;
551 }
552
553 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
554 return ERROR_OK;
555 }
556
557 static int arm920_virt2phys(struct target *target,
558 uint32_t virt, uint32_t *phys)
559 {
560 uint32_t cb;
561 struct arm920t_common *arm920t = target_to_arm920(target);
562
563 uint32_t ret;
564 int retval = armv4_5_mmu_translate_va(target,
565 &arm920t->armv4_5_mmu, virt, &cb, &ret);
566 if (retval != ERROR_OK)
567 return retval;
568 *phys = ret;
569 return ERROR_OK;
570 }
571
572 /** Reads a buffer, in the specified word size, with current MMU settings. */
573 int arm920t_read_memory(struct target *target, uint32_t address,
574 uint32_t size, uint32_t count, uint8_t *buffer)
575 {
576 int retval;
577
578 retval = arm7_9_read_memory(target, address, size, count, buffer);
579
580 return retval;
581 }
582
583
584 static int arm920t_read_phys_memory(struct target *target,
585 uint32_t address, uint32_t size,
586 uint32_t count, uint8_t *buffer)
587 {
588 struct arm920t_common *arm920t = target_to_arm920(target);
589
590 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
591 address, size, count, buffer);
592 }
593
594 static int arm920t_write_phys_memory(struct target *target,
595 uint32_t address, uint32_t size,
596 uint32_t count, const uint8_t *buffer)
597 {
598 struct arm920t_common *arm920t = target_to_arm920(target);
599
600 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
601 address, size, count, buffer);
602 }
603
604 /** Writes a buffer, in the specified word size, with current MMU settings. */
605 int arm920t_write_memory(struct target *target, uint32_t address,
606 uint32_t size, uint32_t count, const uint8_t *buffer)
607 {
608 int retval;
609 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
610 struct arm920t_common *arm920t = target_to_arm920(target);
611
612 /* FIX!!!! this should be cleaned up and made much more general. The
613 * plan is to write up and test on arm920t specifically and
614 * then generalize and clean up afterwards.
615 *
616 * Also it should be moved to the callbacks that handle breakpoints
617 * specifically and not the generic memory write fn's. See XScale code.
618 */
619 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
620 ((size == 2) || (size == 4))) {
621 /* special case the handling of single word writes to
622 * bypass MMU, to allow implementation of breakpoints
623 * in memory marked read only
624 * by MMU
625 */
626 uint32_t cb;
627 uint32_t pa;
628
629 /*
630 * We need physical address and cb
631 */
632 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
633 address, &cb, &pa);
634 if (retval != ERROR_OK)
635 return retval;
636
637 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled) {
638 if (cb & 0x1) {
639 LOG_DEBUG("D-Cache buffered, "
640 "drain write buffer");
641 /*
642 * Buffered ?
643 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
644 */
645
646 retval = arm920t_write_cp15_interpreted(target,
647 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
648 0x0, 0);
649 if (retval != ERROR_OK)
650 return retval;
651 }
652
653 if (cb == 0x3) {
654 /*
655 * Write back memory ? -> clean cache
656 *
657 * There is no way to clean cache lines using
658 * cp15 scan chain, so copy the full cache
659 * line from cache to physical memory.
660 */
661 uint8_t data[32];
662
663 LOG_DEBUG("D-Cache in 'write back' mode, "
664 "flush cache line");
665
666 retval = target_read_memory(target,
667 address & cache_mask, 1,
668 sizeof(data), &data[0]);
669 if (retval != ERROR_OK)
670 return retval;
671
672 retval = armv4_5_mmu_write_physical(target,
673 &arm920t->armv4_5_mmu,
674 pa & cache_mask, 1,
675 sizeof(data), &data[0]);
676 if (retval != ERROR_OK)
677 return retval;
678 }
679
680 /* Cached ? */
681 if (cb & 0x2) {
682 /*
683 * Cached ? -> Invalidate data cache using MVA
684 *
685 * MCR p15,0,Rd,c7,c6,1
686 */
687 LOG_DEBUG("D-Cache enabled, "
688 "invalidate cache line");
689
690 retval = arm920t_write_cp15_interpreted(target,
691 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
692 address & cache_mask);
693 if (retval != ERROR_OK)
694 return retval;
695 }
696 }
697
698 /* write directly to physical memory,
699 * bypassing any read only MMU bits, etc.
700 */
701 retval = armv4_5_mmu_write_physical(target,
702 &arm920t->armv4_5_mmu, pa, size,
703 count, buffer);
704 if (retval != ERROR_OK)
705 return retval;
706 } else {
707 retval = arm7_9_write_memory(target, address, size, count, buffer);
708 if (retval != ERROR_OK)
709 return retval;
710 }
711
712 /* If ICache is enabled, we have to invalidate affected ICache lines
713 * the DCache is forced to write-through,
714 * so we don't have to clean it here
715 */
716 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled) {
717 if (count <= 1) {
718 /* invalidate ICache single entry with MVA
719 * mcr 15, 0, r0, cr7, cr5, {1}
720 */
721 LOG_DEBUG("I-Cache enabled, "
722 "invalidating affected I-Cache line");
723 retval = arm920t_write_cp15_interpreted(target,
724 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
725 0x0, address & cache_mask);
726 if (retval != ERROR_OK)
727 return retval;
728 } else {
729 /* invalidate ICache
730 * mcr 15, 0, r0, cr7, cr5, {0}
731 */
732 retval = arm920t_write_cp15_interpreted(target,
733 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
734 0x0, 0x0);
735 if (retval != ERROR_OK)
736 return retval;
737 }
738 }
739
740 return ERROR_OK;
741 }
742
743 /* EXPORTED to FA256 */
744 int arm920t_soft_reset_halt(struct target *target)
745 {
746 int retval = ERROR_OK;
747 struct arm920t_common *arm920t = target_to_arm920(target);
748 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
749 struct arm *arm = &arm7_9->arm;
750 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
751
752 retval = target_halt(target);
753 if (retval != ERROR_OK)
754 return retval;
755
756 long long then = timeval_ms();
757 int timeout;
758 while (!(timeout = ((timeval_ms()-then) > 1000))) {
759 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0) {
760 embeddedice_read_reg(dbg_stat);
761 retval = jtag_execute_queue();
762 if (retval != ERROR_OK)
763 return retval;
764 } else
765 break;
766 if (debug_level >= 3) {
767 /* do not eat all CPU, time out after 1 se*/
768 alive_sleep(100);
769 } else
770 keep_alive();
771 }
772 if (timeout) {
773 LOG_ERROR("Failed to halt CPU after 1 sec");
774 return ERROR_TARGET_TIMEOUT;
775 }
776
777 target->state = TARGET_HALTED;
778
779 /* SVC, ARM state, IRQ and FIQ disabled */
780 uint32_t cpsr;
781
782 cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
783 cpsr &= ~0xff;
784 cpsr |= 0xd3;
785 arm_set_cpsr(arm, cpsr);
786 arm->cpsr->dirty = 1;
787
788 /* start fetching from 0x0 */
789 buf_set_u32(arm->pc->value, 0, 32, 0x0);
790 arm->pc->dirty = 1;
791 arm->pc->valid = 1;
792
793 arm920t_disable_mmu_caches(target, 1, 1, 1);
794 arm920t->armv4_5_mmu.mmu_enabled = 0;
795 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
796 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
797
798 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
799 }
800
801 /* FIXME remove forward decls */
802 static int arm920t_mrc(struct target *target, int cpnum,
803 uint32_t op1, uint32_t op2,
804 uint32_t CRn, uint32_t CRm,
805 uint32_t *value);
806 static int arm920t_mcr(struct target *target, int cpnum,
807 uint32_t op1, uint32_t op2,
808 uint32_t CRn, uint32_t CRm,
809 uint32_t value);
810
811 static int arm920t_init_arch_info(struct target *target,
812 struct arm920t_common *arm920t, struct jtag_tap *tap)
813 {
814 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
815
816 arm7_9->arm.mrc = arm920t_mrc;
817 arm7_9->arm.mcr = arm920t_mcr;
818
819 /* initialize arm7/arm9 specific info (including armv4_5) */
820 arm9tdmi_init_arch_info(target, arm7_9, tap);
821
822 arm920t->common_magic = ARM920T_COMMON_MAGIC;
823
824 arm7_9->post_debug_entry = arm920t_post_debug_entry;
825 arm7_9->pre_restore_context = arm920t_pre_restore_context;
826 arm7_9->write_memory = arm920t_write_memory;
827
828 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
829 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
830 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
831 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
832 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
833 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
834 arm920t->armv4_5_mmu.has_tiny_pages = 1;
835 arm920t->armv4_5_mmu.mmu_enabled = 0;
836
837 /* disabling linefills leads to lockups, so keep them enabled for now
838 * this doesn't affect correctness, but might affect timing issues, if
839 * important data is evicted from the cache during the debug session
840 * */
841 arm920t->preserve_cache = 0;
842
843 /* override hw single-step capability from ARM9TDMI */
844 arm7_9->has_single_step = 1;
845
846 return ERROR_OK;
847 }
848
849 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
850 {
851 struct arm920t_common *arm920t;
852
853 arm920t = calloc(1, sizeof(struct arm920t_common));
854 return arm920t_init_arch_info(target, arm920t, target->tap);
855 }
856
857 COMMAND_HANDLER(arm920t_handle_read_cache_command)
858 {
859 int retval = ERROR_OK;
860 struct target *target = get_current_target(CMD_CTX);
861 struct arm920t_common *arm920t = target_to_arm920(target);
862 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
863 struct arm *arm = &arm7_9->arm;
864 uint32_t cp15c15;
865 uint32_t cp15_ctrl, cp15_ctrl_saved;
866 uint32_t regs[16];
867 uint32_t *regs_p[16];
868 uint32_t C15_C_D_Ind, C15_C_I_Ind;
869 int i;
870 FILE *output;
871 int segment, index_t;
872 struct reg *r;
873
874 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
875 if (retval != ERROR_OK)
876 return retval;
877
878 if (CMD_ARGC != 1)
879 return ERROR_COMMAND_SYNTAX_ERROR;
880
881 output = fopen(CMD_ARGV[0], "w");
882 if (output == NULL) {
883 LOG_DEBUG("error opening cache content file");
884 return ERROR_OK;
885 }
886
887 for (i = 0; i < 16; i++)
888 regs_p[i] = &regs[i];
889
890 /* disable MMU and Caches */
891 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
892 retval = jtag_execute_queue();
893 if (retval != ERROR_OK)
894 return retval;
895 cp15_ctrl_saved = cp15_ctrl;
896 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
897 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
898 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
899
900 /* read CP15 test state register */
901 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
902 jtag_execute_queue();
903
904 /* read DCache content */
905 fprintf(output, "DCache:\n");
906
907 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
908 for (segment = 0;
909 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
910 segment++) {
911 fprintf(output, "\nsegment: %i\n----------", segment);
912
913 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
914 regs[0] = 0x0 | (segment << 5);
915 arm9tdmi_write_core_regs(target, 0x1, regs);
916
917 /* set interpret mode */
918 cp15c15 |= 0x1;
919 arm920t_write_cp15_physical(target,
920 CP15PHYS_TESTSTATE, cp15c15);
921
922 /* D CAM Read, loads current victim into C15.C.D.Ind */
923 arm920t_execute_cp15(target,
924 ARMV4_5_MCR(15, 2, 0, 15, 6, 2), ARMV4_5_LDR(1, 0));
925
926 /* read current victim */
927 arm920t_read_cp15_physical(target,
928 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
929
930 /* clear interpret mode */
931 cp15c15 &= ~0x1;
932 arm920t_write_cp15_physical(target,
933 CP15PHYS_TESTSTATE, cp15c15);
934
935 for (index_t = 0; index_t < 64; index_t++) {
936 /* Ra:
937 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
938 */
939 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
940 arm9tdmi_write_core_regs(target, 0x1, regs);
941
942 /* set interpret mode */
943 cp15c15 |= 0x1;
944 arm920t_write_cp15_physical(target,
945 CP15PHYS_TESTSTATE, cp15c15);
946
947 /* Write DCache victim */
948 arm920t_execute_cp15(target,
949 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
950
951 /* Read D RAM */
952 arm920t_execute_cp15(target,
953 ARMV4_5_MCR(15, 2, 0, 15, 10, 2),
954 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
955
956 /* Read D CAM */
957 arm920t_execute_cp15(target,
958 ARMV4_5_MCR(15, 2, 0, 15, 6, 2),
959 ARMV4_5_LDR(9, 0));
960
961 /* clear interpret mode */
962 cp15c15 &= ~0x1;
963 arm920t_write_cp15_physical(target,
964 CP15PHYS_TESTSTATE, cp15c15);
965
966 /* read D RAM and CAM content */
967 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
968 retval = jtag_execute_queue();
969 if (retval != ERROR_OK)
970 return retval;
971
972 /* mask LFSR[6] */
973 regs[9] &= 0xfffffffe;
974 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
975 PRIx32 ", content (%s):\n",
976 segment, index_t, regs[9],
977 (regs[9] & 0x10) ? "valid" : "invalid");
978
979 for (i = 1; i < 9; i++) {
980 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
981 i-1, regs[i]);
982 }
983
984 }
985
986 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
987 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
988 arm9tdmi_write_core_regs(target, 0x1, regs);
989
990 /* set interpret mode */
991 cp15c15 |= 0x1;
992 arm920t_write_cp15_physical(target,
993 CP15PHYS_TESTSTATE, cp15c15);
994
995 /* Write DCache victim */
996 arm920t_execute_cp15(target,
997 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
998
999 /* clear interpret mode */
1000 cp15c15 &= ~0x1;
1001 arm920t_write_cp15_physical(target,
1002 CP15PHYS_TESTSTATE, cp15c15);
1003 }
1004
1005 /* read ICache content */
1006 fprintf(output, "ICache:\n");
1007
1008 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1009 for (segment = 0;
1010 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1011 segment++) {
1012 fprintf(output, "segment: %i\n----------", segment);
1013
1014 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1015 regs[0] = 0x0 | (segment << 5);
1016 arm9tdmi_write_core_regs(target, 0x1, regs);
1017
1018 /* set interpret mode */
1019 cp15c15 |= 0x1;
1020 arm920t_write_cp15_physical(target,
1021 CP15PHYS_TESTSTATE, cp15c15);
1022
1023 /* I CAM Read, loads current victim into C15.C.I.Ind */
1024 arm920t_execute_cp15(target,
1025 ARMV4_5_MCR(15, 2, 0, 15, 5, 2), ARMV4_5_LDR(1, 0));
1026
1027 /* read current victim */
1028 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1029 &C15_C_I_Ind);
1030
1031 /* clear interpret mode */
1032 cp15c15 &= ~0x1;
1033 arm920t_write_cp15_physical(target,
1034 CP15PHYS_TESTSTATE, cp15c15);
1035
1036 for (index_t = 0; index_t < 64; index_t++) {
1037 /* Ra:
1038 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1039 */
1040 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1041 arm9tdmi_write_core_regs(target, 0x1, regs);
1042
1043 /* set interpret mode */
1044 cp15c15 |= 0x1;
1045 arm920t_write_cp15_physical(target,
1046 CP15PHYS_TESTSTATE, cp15c15);
1047
1048 /* Write ICache victim */
1049 arm920t_execute_cp15(target,
1050 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1051
1052 /* Read I RAM */
1053 arm920t_execute_cp15(target,
1054 ARMV4_5_MCR(15, 2, 0, 15, 9, 2),
1055 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1056
1057 /* Read I CAM */
1058 arm920t_execute_cp15(target,
1059 ARMV4_5_MCR(15, 2, 0, 15, 5, 2),
1060 ARMV4_5_LDR(9, 0));
1061
1062 /* clear interpret mode */
1063 cp15c15 &= ~0x1;
1064 arm920t_write_cp15_physical(target,
1065 CP15PHYS_TESTSTATE, cp15c15);
1066
1067 /* read I RAM and CAM content */
1068 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1069 retval = jtag_execute_queue();
1070 if (retval != ERROR_OK)
1071 return retval;
1072
1073 /* mask LFSR[6] */
1074 regs[9] &= 0xfffffffe;
1075 fprintf(output, "\nsegment: %i, index: %i, "
1076 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1077 segment, index_t, regs[9],
1078 (regs[9] & 0x10) ? "valid" : "invalid");
1079
1080 for (i = 1; i < 9; i++) {
1081 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1082 i-1, regs[i]);
1083 }
1084 }
1085
1086 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1087 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1088 arm9tdmi_write_core_regs(target, 0x1, regs);
1089
1090 /* set interpret mode */
1091 cp15c15 |= 0x1;
1092 arm920t_write_cp15_physical(target,
1093 CP15PHYS_TESTSTATE, cp15c15);
1094
1095 /* Write ICache victim */
1096 arm920t_execute_cp15(target,
1097 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1098
1099 /* clear interpret mode */
1100 cp15c15 &= ~0x1;
1101 arm920t_write_cp15_physical(target,
1102 CP15PHYS_TESTSTATE, cp15c15);
1103 }
1104
1105 /* restore CP15 MMU and Cache settings */
1106 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1107
1108 command_print(CMD_CTX, "cache content successfully output to %s",
1109 CMD_ARGV[0]);
1110
1111 fclose(output);
1112
1113 if (!is_arm_mode(arm->core_mode)) {
1114 LOG_ERROR("not a valid arm core mode - communication failure?");
1115 return ERROR_FAIL;
1116 }
1117
1118 /* force writeback of the valid data */
1119 r = arm->core_cache->reg_list;
1120 r[0].dirty = r[0].valid;
1121 r[1].dirty = r[1].valid;
1122 r[2].dirty = r[2].valid;
1123 r[3].dirty = r[3].valid;
1124 r[4].dirty = r[4].valid;
1125 r[5].dirty = r[5].valid;
1126 r[6].dirty = r[6].valid;
1127 r[7].dirty = r[7].valid;
1128
1129 r = arm_reg_current(arm, 8);
1130 r->dirty = r->valid;
1131
1132 r = arm_reg_current(arm, 9);
1133 r->dirty = r->valid;
1134
1135 return ERROR_OK;
1136 }
1137
1138 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1139 {
1140 int retval = ERROR_OK;
1141 struct target *target = get_current_target(CMD_CTX);
1142 struct arm920t_common *arm920t = target_to_arm920(target);
1143 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1144 struct arm *arm = &arm7_9->arm;
1145 uint32_t cp15c15;
1146 uint32_t cp15_ctrl, cp15_ctrl_saved;
1147 uint32_t regs[16];
1148 uint32_t *regs_p[16];
1149 int i;
1150 FILE *output;
1151 uint32_t Dlockdown, Ilockdown;
1152 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1153 int victim;
1154 struct reg *r;
1155
1156 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1157 if (retval != ERROR_OK)
1158 return retval;
1159
1160 if (CMD_ARGC != 1)
1161 return ERROR_COMMAND_SYNTAX_ERROR;
1162
1163 output = fopen(CMD_ARGV[0], "w");
1164 if (output == NULL) {
1165 LOG_DEBUG("error opening mmu content file");
1166 return ERROR_OK;
1167 }
1168
1169 for (i = 0; i < 16; i++)
1170 regs_p[i] = &regs[i];
1171
1172 /* disable MMU and Caches */
1173 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1174 retval = jtag_execute_queue();
1175 if (retval != ERROR_OK)
1176 return retval;
1177 cp15_ctrl_saved = cp15_ctrl;
1178 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1179 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1180 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1181
1182 /* read CP15 test state register */
1183 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1184 retval = jtag_execute_queue();
1185 if (retval != ERROR_OK)
1186 return retval;
1187
1188 /* prepare reading D TLB content
1189 * */
1190
1191 /* set interpret mode */
1192 cp15c15 |= 0x1;
1193 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1194
1195 /* Read D TLB lockdown */
1196 arm920t_execute_cp15(target,
1197 ARMV4_5_MRC(15, 0, 0, 10, 0, 0), ARMV4_5_LDR(1, 0));
1198
1199 /* clear interpret mode */
1200 cp15c15 &= ~0x1;
1201 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1202
1203 /* read D TLB lockdown stored to r1 */
1204 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1205 retval = jtag_execute_queue();
1206 if (retval != ERROR_OK)
1207 return retval;
1208 Dlockdown = regs[1];
1209
1210 for (victim = 0; victim < 64; victim += 8) {
1211 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1212 * base remains unchanged, victim goes through entries 0 to 63
1213 */
1214 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1215 arm9tdmi_write_core_regs(target, 0x2, regs);
1216
1217 /* set interpret mode */
1218 cp15c15 |= 0x1;
1219 arm920t_write_cp15_physical(target,
1220 CP15PHYS_TESTSTATE, cp15c15);
1221
1222 /* Write D TLB lockdown */
1223 arm920t_execute_cp15(target,
1224 ARMV4_5_MCR(15, 0, 0, 10, 0, 0),
1225 ARMV4_5_STR(1, 0));
1226
1227 /* Read D TLB CAM */
1228 arm920t_execute_cp15(target,
1229 ARMV4_5_MCR(15, 4, 0, 15, 6, 4),
1230 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1231
1232 /* clear interpret mode */
1233 cp15c15 &= ~0x1;
1234 arm920t_write_cp15_physical(target,
1235 CP15PHYS_TESTSTATE, cp15c15);
1236
1237 /* read D TLB CAM content stored to r2-r9 */
1238 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1239 retval = jtag_execute_queue();
1240 if (retval != ERROR_OK)
1241 return retval;
1242
1243 for (i = 0; i < 8; i++)
1244 d_tlb[victim + i].cam = regs[i + 2];
1245 }
1246
1247 for (victim = 0; victim < 64; victim++) {
1248 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1249 * base remains unchanged, victim goes through entries 0 to 63
1250 */
1251 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1252 arm9tdmi_write_core_regs(target, 0x2, regs);
1253
1254 /* set interpret mode */
1255 cp15c15 |= 0x1;
1256 arm920t_write_cp15_physical(target,
1257 CP15PHYS_TESTSTATE, cp15c15);
1258
1259 /* Write D TLB lockdown */
1260 arm920t_execute_cp15(target,
1261 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1262
1263 /* Read D TLB RAM1 */
1264 arm920t_execute_cp15(target,
1265 ARMV4_5_MCR(15, 4, 0, 15, 10, 4), ARMV4_5_LDR(2, 0));
1266
1267 /* Read D TLB RAM2 */
1268 arm920t_execute_cp15(target,
1269 ARMV4_5_MCR(15, 4, 0, 15, 2, 5), ARMV4_5_LDR(3, 0));
1270
1271 /* clear interpret mode */
1272 cp15c15 &= ~0x1;
1273 arm920t_write_cp15_physical(target,
1274 CP15PHYS_TESTSTATE, cp15c15);
1275
1276 /* read D TLB RAM content stored to r2 and r3 */
1277 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1278 retval = jtag_execute_queue();
1279 if (retval != ERROR_OK)
1280 return retval;
1281
1282 d_tlb[victim].ram1 = regs[2];
1283 d_tlb[victim].ram2 = regs[3];
1284 }
1285
1286 /* restore D TLB lockdown */
1287 regs[1] = Dlockdown;
1288 arm9tdmi_write_core_regs(target, 0x2, regs);
1289
1290 /* Write D TLB lockdown */
1291 arm920t_execute_cp15(target,
1292 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1293
1294 /* prepare reading I TLB content
1295 * */
1296
1297 /* set interpret mode */
1298 cp15c15 |= 0x1;
1299 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1300
1301 /* Read I TLB lockdown */
1302 arm920t_execute_cp15(target,
1303 ARMV4_5_MRC(15, 0, 0, 10, 0, 1), ARMV4_5_LDR(1, 0));
1304
1305 /* clear interpret mode */
1306 cp15c15 &= ~0x1;
1307 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1308
1309 /* read I TLB lockdown stored to r1 */
1310 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1311 retval = jtag_execute_queue();
1312 if (retval != ERROR_OK)
1313 return retval;
1314 Ilockdown = regs[1];
1315
1316 for (victim = 0; victim < 64; victim += 8) {
1317 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1318 * base remains unchanged, victim goes through entries 0 to 63
1319 */
1320 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1321 arm9tdmi_write_core_regs(target, 0x2, regs);
1322
1323 /* set interpret mode */
1324 cp15c15 |= 0x1;
1325 arm920t_write_cp15_physical(target,
1326 CP15PHYS_TESTSTATE, cp15c15);
1327
1328 /* Write I TLB lockdown */
1329 arm920t_execute_cp15(target,
1330 ARMV4_5_MCR(15, 0, 0, 10, 0, 1),
1331 ARMV4_5_STR(1, 0));
1332
1333 /* Read I TLB CAM */
1334 arm920t_execute_cp15(target,
1335 ARMV4_5_MCR(15, 4, 0, 15, 5, 4),
1336 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1337
1338 /* clear interpret mode */
1339 cp15c15 &= ~0x1;
1340 arm920t_write_cp15_physical(target,
1341 CP15PHYS_TESTSTATE, cp15c15);
1342
1343 /* read I TLB CAM content stored to r2-r9 */
1344 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1345 retval = jtag_execute_queue();
1346 if (retval != ERROR_OK)
1347 return retval;
1348
1349 for (i = 0; i < 8; i++)
1350 i_tlb[i + victim].cam = regs[i + 2];
1351 }
1352
1353 for (victim = 0; victim < 64; victim++) {
1354 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1355 * base remains unchanged, victim goes through entries 0 to 63
1356 */
1357 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1358 arm9tdmi_write_core_regs(target, 0x2, regs);
1359
1360 /* set interpret mode */
1361 cp15c15 |= 0x1;
1362 arm920t_write_cp15_physical(target,
1363 CP15PHYS_TESTSTATE, cp15c15);
1364
1365 /* Write I TLB lockdown */
1366 arm920t_execute_cp15(target,
1367 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1368
1369 /* Read I TLB RAM1 */
1370 arm920t_execute_cp15(target,
1371 ARMV4_5_MCR(15, 4, 0, 15, 9, 4), ARMV4_5_LDR(2, 0));
1372
1373 /* Read I TLB RAM2 */
1374 arm920t_execute_cp15(target,
1375 ARMV4_5_MCR(15, 4, 0, 15, 1, 5), ARMV4_5_LDR(3, 0));
1376
1377 /* clear interpret mode */
1378 cp15c15 &= ~0x1;
1379 arm920t_write_cp15_physical(target,
1380 CP15PHYS_TESTSTATE, cp15c15);
1381
1382 /* read I TLB RAM content stored to r2 and r3 */
1383 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1384 retval = jtag_execute_queue();
1385 if (retval != ERROR_OK)
1386 return retval;
1387
1388 i_tlb[victim].ram1 = regs[2];
1389 i_tlb[victim].ram2 = regs[3];
1390 }
1391
1392 /* restore I TLB lockdown */
1393 regs[1] = Ilockdown;
1394 arm9tdmi_write_core_regs(target, 0x2, regs);
1395
1396 /* Write I TLB lockdown */
1397 arm920t_execute_cp15(target,
1398 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1399
1400 /* restore CP15 MMU and Cache settings */
1401 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1402
1403 /* output data to file */
1404 fprintf(output, "D TLB content:\n");
1405 for (i = 0; i < 64; i++) {
1406 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1407 " 0x%8.8" PRIx32 " %s\n",
1408 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1409 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1410 }
1411
1412 fprintf(output, "\n\nI TLB content:\n");
1413 for (i = 0; i < 64; i++) {
1414 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1415 " 0x%8.8" PRIx32 " %s\n",
1416 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1417 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1418 }
1419
1420 command_print(CMD_CTX, "mmu content successfully output to %s",
1421 CMD_ARGV[0]);
1422
1423 fclose(output);
1424
1425 if (!is_arm_mode(arm->core_mode)) {
1426 LOG_ERROR("not a valid arm core mode - communication failure?");
1427 return ERROR_FAIL;
1428 }
1429
1430 /* force writeback of the valid data */
1431 r = arm->core_cache->reg_list;
1432 r[0].dirty = r[0].valid;
1433 r[1].dirty = r[1].valid;
1434 r[2].dirty = r[2].valid;
1435 r[3].dirty = r[3].valid;
1436 r[4].dirty = r[4].valid;
1437 r[5].dirty = r[5].valid;
1438 r[6].dirty = r[6].valid;
1439 r[7].dirty = r[7].valid;
1440
1441 r = arm_reg_current(arm, 8);
1442 r->dirty = r->valid;
1443
1444 r = arm_reg_current(arm, 9);
1445 r->dirty = r->valid;
1446
1447 return ERROR_OK;
1448 }
1449
1450 COMMAND_HANDLER(arm920t_handle_cp15_command)
1451 {
1452 int retval;
1453 struct target *target = get_current_target(CMD_CTX);
1454 struct arm920t_common *arm920t = target_to_arm920(target);
1455
1456 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1457 if (retval != ERROR_OK)
1458 return retval;
1459
1460 if (target->state != TARGET_HALTED) {
1461 command_print(CMD_CTX, "target must be stopped for "
1462 "\"%s\" command", CMD_NAME);
1463 return ERROR_OK;
1464 }
1465
1466 /* one argument, read a register.
1467 * two arguments, write it.
1468 */
1469 if (CMD_ARGC >= 1) {
1470 int address;
1471 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1472
1473 if (CMD_ARGC == 1) {
1474 uint32_t value;
1475 retval = arm920t_read_cp15_physical(target, address, &value);
1476 if (retval != ERROR_OK) {
1477 command_print(CMD_CTX,
1478 "couldn't access reg %i", address);
1479 return ERROR_OK;
1480 }
1481 retval = jtag_execute_queue();
1482 if (retval != ERROR_OK)
1483 return retval;
1484
1485 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1486 address, value);
1487 } else if (CMD_ARGC == 2) {
1488 uint32_t value;
1489 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1490 retval = arm920t_write_cp15_physical(target,
1491 address, value);
1492 if (retval != ERROR_OK) {
1493 command_print(CMD_CTX,
1494 "couldn't access reg %i", address);
1495 /* REVISIT why lie? "return retval"? */
1496 return ERROR_OK;
1497 }
1498 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1499 address, value);
1500 }
1501 }
1502
1503 return ERROR_OK;
1504 }
1505
1506 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1507 {
1508 int retval;
1509 struct target *target = get_current_target(CMD_CTX);
1510 struct arm920t_common *arm920t = target_to_arm920(target);
1511
1512 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1513 if (retval != ERROR_OK)
1514 return retval;
1515
1516
1517 if (target->state != TARGET_HALTED) {
1518 command_print(CMD_CTX, "target must be stopped for "
1519 "\"%s\" command", CMD_NAME);
1520 return ERROR_OK;
1521 }
1522
1523 /* one argument, read a register.
1524 * two arguments, write it.
1525 */
1526 if (CMD_ARGC >= 1) {
1527 uint32_t opcode;
1528 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1529
1530 if (CMD_ARGC == 1) {
1531 uint32_t value;
1532 retval = arm920t_read_cp15_interpreted(target,
1533 opcode, 0x0, &value);
1534 if (retval != ERROR_OK) {
1535 command_print(CMD_CTX,
1536 "couldn't execute %8.8" PRIx32,
1537 opcode);
1538 /* REVISIT why lie? "return retval"? */
1539 return ERROR_OK;
1540 }
1541
1542 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1543 opcode, value);
1544 } else if (CMD_ARGC == 2) {
1545 uint32_t value;
1546 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1547 retval = arm920t_write_cp15_interpreted(target,
1548 opcode, value, 0);
1549 if (retval != ERROR_OK) {
1550 command_print(CMD_CTX,
1551 "couldn't execute %8.8" PRIx32,
1552 opcode);
1553 /* REVISIT why lie? "return retval"? */
1554 return ERROR_OK;
1555 }
1556 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1557 opcode, value);
1558 } else if (CMD_ARGC == 3) {
1559 uint32_t value;
1560 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1561 uint32_t address;
1562 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1563 retval = arm920t_write_cp15_interpreted(target,
1564 opcode, value, address);
1565 if (retval != ERROR_OK) {
1566 command_print(CMD_CTX,
1567 "couldn't execute %8.8" PRIx32, opcode);
1568 /* REVISIT why lie? "return retval"? */
1569 return ERROR_OK;
1570 }
1571 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1572 " %8.8" PRIx32, opcode, value, address);
1573 }
1574 } else
1575 return ERROR_COMMAND_SYNTAX_ERROR;
1576
1577 return ERROR_OK;
1578 }
1579
1580 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1581 {
1582 int retval;
1583 struct target *target = get_current_target(CMD_CTX);
1584 struct arm920t_common *arm920t = target_to_arm920(target);
1585
1586 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1587 if (retval != ERROR_OK)
1588 return retval;
1589
1590 return armv4_5_handle_cache_info_command(CMD_CTX,
1591 &arm920t->armv4_5_mmu.armv4_5_cache);
1592 }
1593
1594
1595 static int arm920t_mrc(struct target *target, int cpnum,
1596 uint32_t op1, uint32_t op2,
1597 uint32_t CRn, uint32_t CRm,
1598 uint32_t *value)
1599 {
1600 if (cpnum != 15) {
1601 LOG_ERROR("Only cp15 is supported");
1602 return ERROR_FAIL;
1603 }
1604
1605 /* read "to" r0 */
1606 return arm920t_read_cp15_interpreted(target,
1607 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1608 0, value);
1609 }
1610
1611 static int arm920t_mcr(struct target *target, int cpnum,
1612 uint32_t op1, uint32_t op2,
1613 uint32_t CRn, uint32_t CRm,
1614 uint32_t value)
1615 {
1616 if (cpnum != 15) {
1617 LOG_ERROR("Only cp15 is supported");
1618 return ERROR_FAIL;
1619 }
1620
1621 /* write "from" r0 */
1622 return arm920t_write_cp15_interpreted(target,
1623 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1624 0, value);
1625 }
1626
1627 static const struct command_registration arm920t_exec_command_handlers[] = {
1628 {
1629 .name = "cp15",
1630 .handler = arm920t_handle_cp15_command,
1631 .mode = COMMAND_EXEC,
1632 .help = "display/modify cp15 register",
1633 .usage = "regnum [value]",
1634 },
1635 {
1636 .name = "cp15i",
1637 .handler = arm920t_handle_cp15i_command,
1638 .mode = COMMAND_EXEC,
1639 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1640 .help = "display/modify cp15 register using ARM opcode"
1641 " (DEPRECATED)",
1642 .usage = "instruction [value [address]]",
1643 },
1644 {
1645 .name = "cache_info",
1646 .handler = arm920t_handle_cache_info_command,
1647 .mode = COMMAND_EXEC,
1648 .usage = "",
1649 .help = "display information about target caches",
1650 },
1651 {
1652 .name = "read_cache",
1653 .handler = arm920t_handle_read_cache_command,
1654 .mode = COMMAND_EXEC,
1655 .help = "dump I/D cache content to file",
1656 .usage = "filename",
1657 },
1658 {
1659 .name = "read_mmu",
1660 .handler = arm920t_handle_read_mmu_command,
1661 .mode = COMMAND_EXEC,
1662 .help = "dump I/D mmu content to file",
1663 .usage = "filename",
1664 },
1665 COMMAND_REGISTRATION_DONE
1666 };
1667 const struct command_registration arm920t_command_handlers[] = {
1668 {
1669 .chain = arm9tdmi_command_handlers,
1670 },
1671 {
1672 .name = "arm920t",
1673 .mode = COMMAND_ANY,
1674 .help = "arm920t command group",
1675 .usage = "",
1676 .chain = arm920t_exec_command_handlers,
1677 },
1678 COMMAND_REGISTRATION_DONE
1679 };
1680
1681 /** Holds methods for ARM920 targets. */
1682 struct target_type arm920t_target = {
1683 .name = "arm920t",
1684
1685 .poll = arm7_9_poll,
1686 .arch_state = arm920t_arch_state,
1687
1688 .target_request_data = arm7_9_target_request_data,
1689
1690 .halt = arm7_9_halt,
1691 .resume = arm7_9_resume,
1692 .step = arm7_9_step,
1693
1694 .assert_reset = arm7_9_assert_reset,
1695 .deassert_reset = arm7_9_deassert_reset,
1696 .soft_reset_halt = arm920t_soft_reset_halt,
1697
1698 .get_gdb_reg_list = arm_get_gdb_reg_list,
1699
1700 .read_memory = arm920t_read_memory,
1701 .write_memory = arm7_9_write_memory_opt,
1702 .read_phys_memory = arm920t_read_phys_memory,
1703 .write_phys_memory = arm920t_write_phys_memory,
1704 .mmu = arm920_mmu,
1705 .virt2phys = arm920_virt2phys,
1706
1707 .checksum_memory = arm_checksum_memory,
1708 .blank_check_memory = arm_blank_check_memory,
1709
1710 .run_algorithm = armv4_5_run_algorithm,
1711
1712 .add_breakpoint = arm7_9_add_breakpoint,
1713 .remove_breakpoint = arm7_9_remove_breakpoint,
1714 .add_watchpoint = arm7_9_add_watchpoint,
1715 .remove_watchpoint = arm7_9_remove_watchpoint,
1716
1717 .commands = arm920t_command_handlers,
1718 .target_create = arm920t_target_create,
1719 .init_target = arm9tdmi_init_target,
1720 .examine = arm7_9_examine,
1721 .check_reset = arm7_9_check_reset,
1722 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)