Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ARM: keep a handle to the PC
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 jtag_set_end_state(TAP_IDLE);
95 arm_jtag_scann(jtag_info, 0xf);
96 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
97
98 fields[0].tap = jtag_info->tap;
99 fields[0].num_bits = 1;
100 fields[0].out_value = &access_type_buf;
101 fields[0].in_value = NULL;
102
103 fields[1].tap = jtag_info->tap;
104 fields[1].num_bits = 32;
105 fields[1].out_value = NULL;
106 fields[1].in_value = NULL;
107
108 fields[2].tap = jtag_info->tap;
109 fields[2].num_bits = 6;
110 fields[2].out_value = &reg_addr_buf;
111 fields[2].in_value = NULL;
112
113 fields[3].tap = jtag_info->tap;
114 fields[3].num_bits = 1;
115 fields[3].out_value = &nr_w_buf;
116 fields[3].in_value = NULL;
117
118 jtag_add_dr_scan(4, fields, jtag_get_end_state());
119
120 fields[1].in_value = (uint8_t *)value;
121
122 jtag_add_dr_scan(4, fields, jtag_get_end_state());
123
124 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
125
126 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
127 jtag_execute_queue();
128 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
129 #endif
130
131 return ERROR_OK;
132 }
133
134 static int arm920t_write_cp15_physical(struct target *target,
135 int reg_addr, uint32_t value)
136 {
137 struct arm920t_common *arm920t = target_to_arm920(target);
138 struct arm_jtag *jtag_info;
139 struct scan_field fields[4];
140 uint8_t access_type_buf = 1;
141 uint8_t reg_addr_buf = reg_addr & 0x3f;
142 uint8_t nr_w_buf = 1;
143 uint8_t value_buf[4];
144
145 jtag_info = &arm920t->arm7_9_common.jtag_info;
146
147 buf_set_u32(value_buf, 0, 32, value);
148
149 jtag_set_end_state(TAP_IDLE);
150 arm_jtag_scann(jtag_info, 0xf);
151 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
152
153 fields[0].tap = jtag_info->tap;
154 fields[0].num_bits = 1;
155 fields[0].out_value = &access_type_buf;
156 fields[0].in_value = NULL;
157
158 fields[1].tap = jtag_info->tap;
159 fields[1].num_bits = 32;
160 fields[1].out_value = value_buf;
161 fields[1].in_value = NULL;
162
163 fields[2].tap = jtag_info->tap;
164 fields[2].num_bits = 6;
165 fields[2].out_value = &reg_addr_buf;
166 fields[2].in_value = NULL;
167
168 fields[3].tap = jtag_info->tap;
169 fields[3].num_bits = 1;
170 fields[3].out_value = &nr_w_buf;
171 fields[3].in_value = NULL;
172
173 jtag_add_dr_scan(4, fields, jtag_get_end_state());
174
175 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
176 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
177 #endif
178
179 return ERROR_OK;
180 }
181
182 /* See table 9-10 for scan chain 15 format during interpreted access mode.
183 * If the TESTSTATE register is set for interpreted access, certain CP15
184 * MRC and MCR instructions may be executed through scan chain 15.
185 *
186 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
187 * executed using scan chain 15 interpreted mode.
188 */
189 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
190 uint32_t arm_opcode)
191 {
192 int retval;
193 struct arm920t_common *arm920t = target_to_arm920(target);
194 struct arm_jtag *jtag_info;
195 struct scan_field fields[4];
196 uint8_t access_type_buf = 0; /* interpreted access */
197 uint8_t reg_addr_buf = 0x0;
198 uint8_t nr_w_buf = 0;
199 uint8_t cp15_opcode_buf[4];
200
201 jtag_info = &arm920t->arm7_9_common.jtag_info;
202
203 jtag_set_end_state(TAP_IDLE);
204 arm_jtag_scann(jtag_info, 0xf);
205 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
206
207 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
208
209 fields[0].tap = jtag_info->tap;
210 fields[0].num_bits = 1;
211 fields[0].out_value = &access_type_buf;
212 fields[0].in_value = NULL;
213
214 fields[1].tap = jtag_info->tap;
215 fields[1].num_bits = 32;
216 fields[1].out_value = cp15_opcode_buf;
217 fields[1].in_value = NULL;
218
219 fields[2].tap = jtag_info->tap;
220 fields[2].num_bits = 6;
221 fields[2].out_value = &reg_addr_buf;
222 fields[2].in_value = NULL;
223
224 fields[3].tap = jtag_info->tap;
225 fields[3].num_bits = 1;
226 fields[3].out_value = &nr_w_buf;
227 fields[3].in_value = NULL;
228
229 jtag_add_dr_scan(4, fields, jtag_get_end_state());
230
231 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
232 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
233 retval = arm7_9_execute_sys_speed(target);
234 if (retval != ERROR_OK)
235 return retval;
236
237 if ((retval = jtag_execute_queue()) != ERROR_OK)
238 {
239 LOG_ERROR("failed executing JTAG queue");
240 return retval;
241 }
242
243 return ERROR_OK;
244 }
245
246 static int arm920t_read_cp15_interpreted(struct target *target,
247 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
248 {
249 struct arm *armv4_5 = target_to_arm(target);
250 uint32_t* regs_p[1];
251 uint32_t regs[2];
252 uint32_t cp15c15 = 0x0;
253 struct reg *r = armv4_5->core_cache->reg_list;
254
255 /* load address into R1 */
256 regs[1] = address;
257 arm9tdmi_write_core_regs(target, 0x2, regs);
258
259 /* read-modify-write CP15 test state register
260 * to enable interpreted access mode */
261 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
262 jtag_execute_queue();
263 cp15c15 |= 1; /* set interpret mode */
264 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
265
266 /* execute CP15 instruction and ARM load (reading from coprocessor) */
267 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
268
269 /* disable interpreted access mode */
270 cp15c15 &= ~1U; /* clear interpret mode */
271 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
272
273 /* retrieve value from R0 */
274 regs_p[0] = value;
275 arm9tdmi_read_core_regs(target, 0x1, regs_p);
276 jtag_execute_queue();
277
278 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
279 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
280 cp15_opcode, address, *value);
281 #endif
282
283 if (!is_arm_mode(armv4_5->core_mode))
284 return ERROR_FAIL;
285
286 r[0].dirty = 1;
287 r[1].dirty = 1;
288
289 return ERROR_OK;
290 }
291
292 static
293 int arm920t_write_cp15_interpreted(struct target *target,
294 uint32_t cp15_opcode, uint32_t value, uint32_t address)
295 {
296 uint32_t cp15c15 = 0x0;
297 struct arm *armv4_5 = target_to_arm(target);
298 uint32_t regs[2];
299 struct reg *r = armv4_5->core_cache->reg_list;
300
301 /* load value, address into R0, R1 */
302 regs[0] = value;
303 regs[1] = address;
304 arm9tdmi_write_core_regs(target, 0x3, regs);
305
306 /* read-modify-write CP15 test state register
307 * to enable interpreted access mode */
308 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
309 jtag_execute_queue();
310 cp15c15 |= 1; /* set interpret mode */
311 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
312
313 /* execute CP15 instruction and ARM store (writing to coprocessor) */
314 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
315
316 /* disable interpreted access mode */
317 cp15c15 &= ~1U; /* set interpret mode */
318 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
319
320 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
321 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
322 cp15_opcode, value, address);
323 #endif
324
325 if (!is_arm_mode(armv4_5->core_mode))
326 return ERROR_FAIL;
327
328 r[0].dirty = 1;
329 r[1].dirty = 1;
330
331 return ERROR_OK;
332 }
333
334 // EXPORTED to FA256
335 uint32_t arm920t_get_ttb(struct target *target)
336 {
337 int retval;
338 uint32_t ttb = 0x0;
339
340 if ((retval = arm920t_read_cp15_interpreted(target,
341 /* FIXME use opcode macro */
342 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
343 return retval;
344
345 return ttb;
346 }
347
348 // EXPORTED to FA256
349 void arm920t_disable_mmu_caches(struct target *target, int mmu,
350 int d_u_cache, int i_cache)
351 {
352 uint32_t cp15_control;
353
354 /* read cp15 control register */
355 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
356 jtag_execute_queue();
357
358 if (mmu)
359 cp15_control &= ~0x1U;
360
361 if (d_u_cache)
362 cp15_control &= ~0x4U;
363
364 if (i_cache)
365 cp15_control &= ~0x1000U;
366
367 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
368 }
369
370 // EXPORTED to FA256
371 void arm920t_enable_mmu_caches(struct target *target, int mmu,
372 int d_u_cache, int i_cache)
373 {
374 uint32_t cp15_control;
375
376 /* read cp15 control register */
377 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
378 jtag_execute_queue();
379
380 if (mmu)
381 cp15_control |= 0x1U;
382
383 if (d_u_cache)
384 cp15_control |= 0x4U;
385
386 if (i_cache)
387 cp15_control |= 0x1000U;
388
389 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
390 }
391
392 // EXPORTED to FA256
393 void arm920t_post_debug_entry(struct target *target)
394 {
395 uint32_t cp15c15;
396 struct arm920t_common *arm920t = target_to_arm920(target);
397
398 /* examine cp15 control reg */
399 arm920t_read_cp15_physical(target,
400 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
401 jtag_execute_queue();
402 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
403
404 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
405 {
406 uint32_t cache_type_reg;
407 /* identify caches */
408 arm920t_read_cp15_physical(target,
409 CP15PHYS_CACHETYPE, &cache_type_reg);
410 jtag_execute_queue();
411 armv4_5_identify_cache(cache_type_reg,
412 &arm920t->armv4_5_mmu.armv4_5_cache);
413 }
414
415 arm920t->armv4_5_mmu.mmu_enabled =
416 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
417 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
418 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
419 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
420 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
421
422 /* save i/d fault status and address register */
423 /* FIXME use opcode macros */
424 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
425 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
426 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
427 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
428
429 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
430 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
431 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
432
433 if (arm920t->preserve_cache)
434 {
435 /* read-modify-write CP15 test state register
436 * to disable I/D-cache linefills */
437 arm920t_read_cp15_physical(target,
438 CP15PHYS_TESTSTATE, &cp15c15);
439 jtag_execute_queue();
440 cp15c15 |= 0x600;
441 arm920t_write_cp15_physical(target,
442 CP15PHYS_TESTSTATE, cp15c15);
443 }
444 }
445
446 // EXPORTED to FA256
447 void arm920t_pre_restore_context(struct target *target)
448 {
449 uint32_t cp15c15;
450 struct arm920t_common *arm920t = target_to_arm920(target);
451
452 /* restore i/d fault status and address register */
453 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
454 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
455 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
456 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
457
458 /* read-modify-write CP15 test state register
459 * to reenable I/D-cache linefills */
460 if (arm920t->preserve_cache)
461 {
462 arm920t_read_cp15_physical(target,
463 CP15PHYS_TESTSTATE, &cp15c15);
464 jtag_execute_queue();
465 cp15c15 &= ~0x600U;
466 arm920t_write_cp15_physical(target,
467 CP15PHYS_TESTSTATE, cp15c15);
468 }
469 }
470
471 static const char arm920_not[] = "target is not an ARM920";
472
473 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
474 struct arm920t_common *arm920t)
475 {
476 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
477 command_print(cmd_ctx, arm920_not);
478 return ERROR_TARGET_INVALID;
479 }
480
481 return ERROR_OK;
482 }
483
484 /** Logs summary of ARM920 state for a halted target. */
485 int arm920t_arch_state(struct target *target)
486 {
487 static const char *state[] =
488 {
489 "disabled", "enabled"
490 };
491
492 struct arm920t_common *arm920t = target_to_arm920(target);
493 struct arm *armv4_5;
494
495 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
496 {
497 LOG_ERROR("BUG: %s", arm920_not);
498 return ERROR_TARGET_INVALID;
499 }
500
501 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
502
503 arm_arch_state(target);
504 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
505 state[arm920t->armv4_5_mmu.mmu_enabled],
506 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
507 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
508
509 return ERROR_OK;
510 }
511
512 static int arm920_mmu(struct target *target, int *enabled)
513 {
514 if (target->state != TARGET_HALTED) {
515 LOG_ERROR("%s: target not halted", __func__);
516 return ERROR_TARGET_INVALID;
517 }
518
519 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
520 return ERROR_OK;
521 }
522
523 static int arm920_virt2phys(struct target *target,
524 uint32_t virt, uint32_t *phys)
525 {
526 int type;
527 uint32_t cb;
528 int domain;
529 uint32_t ap;
530 struct arm920t_common *arm920t = target_to_arm920(target);
531
532 uint32_t ret = armv4_5_mmu_translate_va(target,
533 &arm920t->armv4_5_mmu, virt, &type, &cb, &domain, &ap);
534 if (type == -1)
535 {
536 return ret;
537 }
538 *phys = ret;
539 return ERROR_OK;
540 }
541
542 /** Reads a buffer, in the specified word size, with current MMU settings. */
543 int arm920t_read_memory(struct target *target, uint32_t address,
544 uint32_t size, uint32_t count, uint8_t *buffer)
545 {
546 int retval;
547
548 retval = arm7_9_read_memory(target, address, size, count, buffer);
549
550 return retval;
551 }
552
553
554 static int arm920t_read_phys_memory(struct target *target,
555 uint32_t address, uint32_t size,
556 uint32_t count, uint8_t *buffer)
557 {
558 struct arm920t_common *arm920t = target_to_arm920(target);
559
560 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
561 address, size, count, buffer);
562 }
563
564 static int arm920t_write_phys_memory(struct target *target,
565 uint32_t address, uint32_t size,
566 uint32_t count, uint8_t *buffer)
567 {
568 struct arm920t_common *arm920t = target_to_arm920(target);
569
570 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
571 address, size, count, buffer);
572 }
573
574
575 /** Writes a buffer, in the specified word size, with current MMU settings. */
576 int arm920t_write_memory(struct target *target, uint32_t address,
577 uint32_t size, uint32_t count, uint8_t *buffer)
578 {
579 int retval;
580 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
581 struct arm920t_common *arm920t = target_to_arm920(target);
582
583 /* FIX!!!! this should be cleaned up and made much more general. The
584 * plan is to write up and test on arm920t specifically and
585 * then generalize and clean up afterwards. */
586 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
587 ((size==2) || (size==4)))
588 {
589 /* special case the handling of single word writes to
590 * bypass MMU, to allow implementation of breakpoints
591 * in memory marked read only
592 * by MMU
593 */
594 int type;
595 uint32_t cb;
596 int domain;
597 uint32_t ap;
598 uint32_t pa;
599
600 /*
601 * We need physical address and cb
602 */
603 pa = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
604 address, &type, &cb, &domain, &ap);
605 if (type == -1)
606 return pa;
607
608 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
609 {
610 if (cb & 0x1)
611 {
612 LOG_DEBUG("D-Cache buffered, "
613 "drain write buffer");
614 /*
615 * Buffered ?
616 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
617 */
618
619 retval = arm920t_write_cp15_interpreted(target,
620 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
621 0x0, 0);
622 if (retval != ERROR_OK)
623 return retval;
624 }
625
626 if (cb == 0x3)
627 {
628 /*
629 * Write back memory ? -> clean cache
630 *
631 * There is no way to clean cache lines using
632 * cp15 scan chain, so copy the full cache
633 * line from cache to physical memory.
634 */
635 uint8_t data[32];
636
637 LOG_DEBUG("D-Cache in 'write back' mode, "
638 "flush cache line");
639
640 retval = target_read_memory(target,
641 address & cache_mask, 1,
642 sizeof(data), &data[0]);
643 if (retval != ERROR_OK)
644 return retval;
645
646 retval = armv4_5_mmu_write_physical(target,
647 &arm920t->armv4_5_mmu,
648 pa & cache_mask, 1,
649 sizeof(data), &data[0]);
650 if (retval != ERROR_OK)
651 return retval;
652 }
653
654 /* Cached ? */
655 if (cb & 0x2)
656 {
657 /*
658 * Cached ? -> Invalidate data cache using MVA
659 *
660 * MCR p15,0,Rd,c7,c6,1
661 */
662 LOG_DEBUG("D-Cache enabled, "
663 "invalidate cache line");
664
665 retval = arm920t_write_cp15_interpreted(target,
666 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
667 address & cache_mask);
668 if (retval != ERROR_OK)
669 return retval;
670 }
671 }
672
673 /* write directly to physical memory,
674 * bypassing any read only MMU bits, etc.
675 */
676 retval = armv4_5_mmu_write_physical(target,
677 &arm920t->armv4_5_mmu, pa, size,
678 count, buffer);
679 if (retval != ERROR_OK)
680 return retval;
681 } else
682 {
683 if ((retval = arm7_9_write_memory(target, address,
684 size, count, buffer)) != ERROR_OK)
685 return retval;
686 }
687
688 /* If ICache is enabled, we have to invalidate affected ICache lines
689 * the DCache is forced to write-through,
690 * so we don't have to clean it here
691 */
692 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
693 {
694 if (count <= 1)
695 {
696 /* invalidate ICache single entry with MVA
697 * mcr 15, 0, r0, cr7, cr5, {1}
698 */
699 LOG_DEBUG("I-Cache enabled, "
700 "invalidating affected I-Cache line");
701 retval = arm920t_write_cp15_interpreted(target,
702 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
703 0x0, address & cache_mask);
704 if (retval != ERROR_OK)
705 return retval;
706 }
707 else
708 {
709 /* invalidate ICache
710 * mcr 15, 0, r0, cr7, cr5, {0}
711 */
712 retval = arm920t_write_cp15_interpreted(target,
713 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
714 0x0, 0x0);
715 if (retval != ERROR_OK)
716 return retval;
717 }
718 }
719
720 return retval;
721 }
722
723 // EXPORTED to FA256
724 int arm920t_soft_reset_halt(struct target *target)
725 {
726 int retval = ERROR_OK;
727 struct arm920t_common *arm920t = target_to_arm920(target);
728 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
729 struct arm *armv4_5 = &arm7_9->armv4_5_common;
730 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
731
732 if ((retval = target_halt(target)) != ERROR_OK)
733 {
734 return retval;
735 }
736
737 long long then = timeval_ms();
738 int timeout;
739 while (!(timeout = ((timeval_ms()-then) > 1000)))
740 {
741 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
742 == 0)
743 {
744 embeddedice_read_reg(dbg_stat);
745 if ((retval = jtag_execute_queue()) != ERROR_OK)
746 {
747 return retval;
748 }
749 } else
750 {
751 break;
752 }
753 if (debug_level >= 3)
754 {
755 /* do not eat all CPU, time out after 1 se*/
756 alive_sleep(100);
757 } else
758 {
759 keep_alive();
760 }
761 }
762 if (timeout)
763 {
764 LOG_ERROR("Failed to halt CPU after 1 sec");
765 return ERROR_TARGET_TIMEOUT;
766 }
767
768 target->state = TARGET_HALTED;
769
770 /* SVC, ARM state, IRQ and FIQ disabled */
771 uint32_t cpsr;
772
773 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
774 cpsr &= ~0xff;
775 cpsr |= 0xd3;
776 arm_set_cpsr(armv4_5, cpsr);
777 armv4_5->cpsr->dirty = 1;
778
779 /* start fetching from 0x0 */
780 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
781 armv4_5->pc->dirty = 1;
782 armv4_5->pc->valid = 1;
783
784 arm920t_disable_mmu_caches(target, 1, 1, 1);
785 arm920t->armv4_5_mmu.mmu_enabled = 0;
786 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
787 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
788
789 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
790 }
791
792 /* FIXME remove forward decls */
793 static int arm920t_mrc(struct target *target, int cpnum,
794 uint32_t op1, uint32_t op2,
795 uint32_t CRn, uint32_t CRm,
796 uint32_t *value);
797 static int arm920t_mcr(struct target *target, int cpnum,
798 uint32_t op1, uint32_t op2,
799 uint32_t CRn, uint32_t CRm,
800 uint32_t value);
801
802 int arm920t_init_arch_info(struct target *target,
803 struct arm920t_common *arm920t, struct jtag_tap *tap)
804 {
805 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
806
807 arm7_9->armv4_5_common.mrc = arm920t_mrc;
808 arm7_9->armv4_5_common.mcr = arm920t_mcr;
809
810 /* initialize arm7/arm9 specific info (including armv4_5) */
811 arm9tdmi_init_arch_info(target, arm7_9, tap);
812
813 arm920t->common_magic = ARM920T_COMMON_MAGIC;
814
815 arm7_9->post_debug_entry = arm920t_post_debug_entry;
816 arm7_9->pre_restore_context = arm920t_pre_restore_context;
817
818 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
819 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
820 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
821 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
822 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
823 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
824 arm920t->armv4_5_mmu.has_tiny_pages = 1;
825 arm920t->armv4_5_mmu.mmu_enabled = 0;
826
827 /* disabling linefills leads to lockups, so keep them enabled for now
828 * this doesn't affect correctness, but might affect timing issues, if
829 * important data is evicted from the cache during the debug session
830 * */
831 arm920t->preserve_cache = 0;
832
833 /* override hw single-step capability from ARM9TDMI */
834 arm7_9->has_single_step = 1;
835
836 return ERROR_OK;
837 }
838
839 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
840 {
841 struct arm920t_common *arm920t;
842
843 arm920t = calloc(1,sizeof(struct arm920t_common));
844 return arm920t_init_arch_info(target, arm920t, target->tap);
845 }
846
847 COMMAND_HANDLER(arm920t_handle_read_cache_command)
848 {
849 int retval = ERROR_OK;
850 struct target *target = get_current_target(CMD_CTX);
851 struct arm920t_common *arm920t = target_to_arm920(target);
852 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
853 struct arm *armv4_5 = &arm7_9->armv4_5_common;
854 uint32_t cp15c15;
855 uint32_t cp15_ctrl, cp15_ctrl_saved;
856 uint32_t regs[16];
857 uint32_t *regs_p[16];
858 uint32_t C15_C_D_Ind, C15_C_I_Ind;
859 int i;
860 FILE *output;
861 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
862 int segment, index;
863 struct reg *r;
864
865 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
866 if (retval != ERROR_OK)
867 return retval;
868
869 if (CMD_ARGC != 1)
870 {
871 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
872 return ERROR_OK;
873 }
874
875 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
876 {
877 LOG_DEBUG("error opening cache content file");
878 return ERROR_OK;
879 }
880
881 for (i = 0; i < 16; i++)
882 regs_p[i] = &regs[i];
883
884 /* disable MMU and Caches */
885 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
886 if ((retval = jtag_execute_queue()) != ERROR_OK)
887 {
888 return retval;
889 }
890 cp15_ctrl_saved = cp15_ctrl;
891 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
892 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
893 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
894
895 /* read CP15 test state register */
896 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
897 jtag_execute_queue();
898
899 /* read DCache content */
900 fprintf(output, "DCache:\n");
901
902 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
903 for (segment = 0;
904 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
905 segment++)
906 {
907 fprintf(output, "\nsegment: %i\n----------", segment);
908
909 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
910 regs[0] = 0x0 | (segment << 5);
911 arm9tdmi_write_core_regs(target, 0x1, regs);
912
913 /* set interpret mode */
914 cp15c15 |= 0x1;
915 arm920t_write_cp15_physical(target,
916 CP15PHYS_TESTSTATE, cp15c15);
917
918 /* D CAM Read, loads current victim into C15.C.D.Ind */
919 arm920t_execute_cp15(target,
920 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
921
922 /* read current victim */
923 arm920t_read_cp15_physical(target,
924 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
925
926 /* clear interpret mode */
927 cp15c15 &= ~0x1;
928 arm920t_write_cp15_physical(target,
929 CP15PHYS_TESTSTATE, cp15c15);
930
931 for (index = 0; index < 64; index++)
932 {
933 /* Ra:
934 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
935 */
936 regs[0] = 0x0 | (segment << 5) | (index << 26);
937 arm9tdmi_write_core_regs(target, 0x1, regs);
938
939 /* set interpret mode */
940 cp15c15 |= 0x1;
941 arm920t_write_cp15_physical(target,
942 CP15PHYS_TESTSTATE, cp15c15);
943
944 /* Write DCache victim */
945 arm920t_execute_cp15(target,
946 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
947
948 /* Read D RAM */
949 arm920t_execute_cp15(target,
950 ARMV4_5_MCR(15,2,0,15,10,2),
951 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
952
953 /* Read D CAM */
954 arm920t_execute_cp15(target,
955 ARMV4_5_MCR(15,2,0,15,6,2),
956 ARMV4_5_LDR(9, 0));
957
958 /* clear interpret mode */
959 cp15c15 &= ~0x1;
960 arm920t_write_cp15_physical(target,
961 CP15PHYS_TESTSTATE, cp15c15);
962
963 /* read D RAM and CAM content */
964 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
965 if ((retval = jtag_execute_queue()) != ERROR_OK)
966 {
967 return retval;
968 }
969
970 d_cache[segment][index].cam = regs[9];
971
972 /* mask LFSR[6] */
973 regs[9] &= 0xfffffffe;
974 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
975 PRIx32 ", content (%s):\n",
976 segment, index, regs[9],
977 (regs[9] & 0x10) ? "valid" : "invalid");
978
979 for (i = 1; i < 9; i++)
980 {
981 d_cache[segment][index].data[i] = regs[i];
982 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
983 i-1, regs[i]);
984 }
985
986 }
987
988 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
989 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
990 arm9tdmi_write_core_regs(target, 0x1, regs);
991
992 /* set interpret mode */
993 cp15c15 |= 0x1;
994 arm920t_write_cp15_physical(target,
995 CP15PHYS_TESTSTATE, cp15c15);
996
997 /* Write DCache victim */
998 arm920t_execute_cp15(target,
999 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1000
1001 /* clear interpret mode */
1002 cp15c15 &= ~0x1;
1003 arm920t_write_cp15_physical(target,
1004 CP15PHYS_TESTSTATE, cp15c15);
1005 }
1006
1007 /* read ICache content */
1008 fprintf(output, "ICache:\n");
1009
1010 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1011 for (segment = 0;
1012 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1013 segment++)
1014 {
1015 fprintf(output, "segment: %i\n----------", segment);
1016
1017 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1018 regs[0] = 0x0 | (segment << 5);
1019 arm9tdmi_write_core_regs(target, 0x1, regs);
1020
1021 /* set interpret mode */
1022 cp15c15 |= 0x1;
1023 arm920t_write_cp15_physical(target,
1024 CP15PHYS_TESTSTATE, cp15c15);
1025
1026 /* I CAM Read, loads current victim into C15.C.I.Ind */
1027 arm920t_execute_cp15(target,
1028 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1029
1030 /* read current victim */
1031 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1032 &C15_C_I_Ind);
1033
1034 /* clear interpret mode */
1035 cp15c15 &= ~0x1;
1036 arm920t_write_cp15_physical(target,
1037 CP15PHYS_TESTSTATE, cp15c15);
1038
1039 for (index = 0; index < 64; index++)
1040 {
1041 /* Ra:
1042 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1043 */
1044 regs[0] = 0x0 | (segment << 5) | (index << 26);
1045 arm9tdmi_write_core_regs(target, 0x1, regs);
1046
1047 /* set interpret mode */
1048 cp15c15 |= 0x1;
1049 arm920t_write_cp15_physical(target,
1050 CP15PHYS_TESTSTATE, cp15c15);
1051
1052 /* Write ICache victim */
1053 arm920t_execute_cp15(target,
1054 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1055
1056 /* Read I RAM */
1057 arm920t_execute_cp15(target,
1058 ARMV4_5_MCR(15,2,0,15,9,2),
1059 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1060
1061 /* Read I CAM */
1062 arm920t_execute_cp15(target,
1063 ARMV4_5_MCR(15,2,0,15,5,2),
1064 ARMV4_5_LDR(9, 0));
1065
1066 /* clear interpret mode */
1067 cp15c15 &= ~0x1;
1068 arm920t_write_cp15_physical(target,
1069 CP15PHYS_TESTSTATE, cp15c15);
1070
1071 /* read I RAM and CAM content */
1072 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1073 if ((retval = jtag_execute_queue()) != ERROR_OK)
1074 {
1075 return retval;
1076 }
1077
1078 i_cache[segment][index].cam = regs[9];
1079
1080 /* mask LFSR[6] */
1081 regs[9] &= 0xfffffffe;
1082 fprintf(output, "\nsegment: %i, index: %i, "
1083 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1084 segment, index, regs[9],
1085 (regs[9] & 0x10) ? "valid" : "invalid");
1086
1087 for (i = 1; i < 9; i++)
1088 {
1089 i_cache[segment][index].data[i] = regs[i];
1090 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1091 i-1, regs[i]);
1092 }
1093 }
1094
1095 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1096 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1097 arm9tdmi_write_core_regs(target, 0x1, regs);
1098
1099 /* set interpret mode */
1100 cp15c15 |= 0x1;
1101 arm920t_write_cp15_physical(target,
1102 CP15PHYS_TESTSTATE, cp15c15);
1103
1104 /* Write ICache victim */
1105 arm920t_execute_cp15(target,
1106 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1107
1108 /* clear interpret mode */
1109 cp15c15 &= ~0x1;
1110 arm920t_write_cp15_physical(target,
1111 CP15PHYS_TESTSTATE, cp15c15);
1112 }
1113
1114 /* restore CP15 MMU and Cache settings */
1115 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1116
1117 command_print(CMD_CTX, "cache content successfully output to %s",
1118 CMD_ARGV[0]);
1119
1120 fclose(output);
1121
1122 if (!is_arm_mode(armv4_5->core_mode))
1123 return ERROR_FAIL;
1124
1125 /* force writeback of the valid data */
1126 r = armv4_5->core_cache->reg_list;
1127 r[0].dirty = r[0].valid;
1128 r[1].dirty = r[1].valid;
1129 r[2].dirty = r[2].valid;
1130 r[3].dirty = r[3].valid;
1131 r[4].dirty = r[4].valid;
1132 r[5].dirty = r[5].valid;
1133 r[6].dirty = r[6].valid;
1134 r[7].dirty = r[7].valid;
1135
1136 r = arm_reg_current(armv4_5, 8);
1137 r->dirty = r->valid;
1138
1139 r = arm_reg_current(armv4_5, 9);
1140 r->dirty = r->valid;
1141
1142 return ERROR_OK;
1143 }
1144
1145 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1146 {
1147 int retval = ERROR_OK;
1148 struct target *target = get_current_target(CMD_CTX);
1149 struct arm920t_common *arm920t = target_to_arm920(target);
1150 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1151 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1152 uint32_t cp15c15;
1153 uint32_t cp15_ctrl, cp15_ctrl_saved;
1154 uint32_t regs[16];
1155 uint32_t *regs_p[16];
1156 int i;
1157 FILE *output;
1158 uint32_t Dlockdown, Ilockdown;
1159 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1160 int victim;
1161 struct reg *r;
1162
1163 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1164 if (retval != ERROR_OK)
1165 return retval;
1166
1167 if (CMD_ARGC != 1)
1168 {
1169 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1170 return ERROR_OK;
1171 }
1172
1173 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1174 {
1175 LOG_DEBUG("error opening mmu content file");
1176 return ERROR_OK;
1177 }
1178
1179 for (i = 0; i < 16; i++)
1180 regs_p[i] = &regs[i];
1181
1182 /* disable MMU and Caches */
1183 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1184 if ((retval = jtag_execute_queue()) != ERROR_OK)
1185 {
1186 return retval;
1187 }
1188 cp15_ctrl_saved = cp15_ctrl;
1189 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1190 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1191 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1192
1193 /* read CP15 test state register */
1194 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1195 if ((retval = jtag_execute_queue()) != ERROR_OK)
1196 {
1197 return retval;
1198 }
1199
1200 /* prepare reading D TLB content
1201 * */
1202
1203 /* set interpret mode */
1204 cp15c15 |= 0x1;
1205 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1206
1207 /* Read D TLB lockdown */
1208 arm920t_execute_cp15(target,
1209 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1210
1211 /* clear interpret mode */
1212 cp15c15 &= ~0x1;
1213 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1214
1215 /* read D TLB lockdown stored to r1 */
1216 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1217 if ((retval = jtag_execute_queue()) != ERROR_OK)
1218 {
1219 return retval;
1220 }
1221 Dlockdown = regs[1];
1222
1223 for (victim = 0; victim < 64; victim += 8)
1224 {
1225 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1226 * base remains unchanged, victim goes through entries 0 to 63
1227 */
1228 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1229 arm9tdmi_write_core_regs(target, 0x2, regs);
1230
1231 /* set interpret mode */
1232 cp15c15 |= 0x1;
1233 arm920t_write_cp15_physical(target,
1234 CP15PHYS_TESTSTATE, cp15c15);
1235
1236 /* Write D TLB lockdown */
1237 arm920t_execute_cp15(target,
1238 ARMV4_5_MCR(15,0,0,10,0,0),
1239 ARMV4_5_STR(1, 0));
1240
1241 /* Read D TLB CAM */
1242 arm920t_execute_cp15(target,
1243 ARMV4_5_MCR(15,4,0,15,6,4),
1244 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1245
1246 /* clear interpret mode */
1247 cp15c15 &= ~0x1;
1248 arm920t_write_cp15_physical(target,
1249 CP15PHYS_TESTSTATE, cp15c15);
1250
1251 /* read D TLB CAM content stored to r2-r9 */
1252 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1253 if ((retval = jtag_execute_queue()) != ERROR_OK)
1254 {
1255 return retval;
1256 }
1257
1258 for (i = 0; i < 8; i++)
1259 d_tlb[victim + i].cam = regs[i + 2];
1260 }
1261
1262 for (victim = 0; victim < 64; victim++)
1263 {
1264 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1265 * base remains unchanged, victim goes through entries 0 to 63
1266 */
1267 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1268 arm9tdmi_write_core_regs(target, 0x2, regs);
1269
1270 /* set interpret mode */
1271 cp15c15 |= 0x1;
1272 arm920t_write_cp15_physical(target,
1273 CP15PHYS_TESTSTATE, cp15c15);
1274
1275 /* Write D TLB lockdown */
1276 arm920t_execute_cp15(target,
1277 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1278
1279 /* Read D TLB RAM1 */
1280 arm920t_execute_cp15(target,
1281 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1282
1283 /* Read D TLB RAM2 */
1284 arm920t_execute_cp15(target,
1285 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1286
1287 /* clear interpret mode */
1288 cp15c15 &= ~0x1;
1289 arm920t_write_cp15_physical(target,
1290 CP15PHYS_TESTSTATE, cp15c15);
1291
1292 /* read D TLB RAM content stored to r2 and r3 */
1293 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1294 if ((retval = jtag_execute_queue()) != ERROR_OK)
1295 {
1296 return retval;
1297 }
1298
1299 d_tlb[victim].ram1 = regs[2];
1300 d_tlb[victim].ram2 = regs[3];
1301 }
1302
1303 /* restore D TLB lockdown */
1304 regs[1] = Dlockdown;
1305 arm9tdmi_write_core_regs(target, 0x2, regs);
1306
1307 /* Write D TLB lockdown */
1308 arm920t_execute_cp15(target,
1309 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1310
1311 /* prepare reading I TLB content
1312 * */
1313
1314 /* set interpret mode */
1315 cp15c15 |= 0x1;
1316 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1317
1318 /* Read I TLB lockdown */
1319 arm920t_execute_cp15(target,
1320 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1321
1322 /* clear interpret mode */
1323 cp15c15 &= ~0x1;
1324 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1325
1326 /* read I TLB lockdown stored to r1 */
1327 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1328 if ((retval = jtag_execute_queue()) != ERROR_OK)
1329 {
1330 return retval;
1331 }
1332 Ilockdown = regs[1];
1333
1334 for (victim = 0; victim < 64; victim += 8)
1335 {
1336 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1337 * base remains unchanged, victim goes through entries 0 to 63
1338 */
1339 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1340 arm9tdmi_write_core_regs(target, 0x2, regs);
1341
1342 /* set interpret mode */
1343 cp15c15 |= 0x1;
1344 arm920t_write_cp15_physical(target,
1345 CP15PHYS_TESTSTATE, cp15c15);
1346
1347 /* Write I TLB lockdown */
1348 arm920t_execute_cp15(target,
1349 ARMV4_5_MCR(15,0,0,10,0,1),
1350 ARMV4_5_STR(1, 0));
1351
1352 /* Read I TLB CAM */
1353 arm920t_execute_cp15(target,
1354 ARMV4_5_MCR(15,4,0,15,5,4),
1355 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1356
1357 /* clear interpret mode */
1358 cp15c15 &= ~0x1;
1359 arm920t_write_cp15_physical(target,
1360 CP15PHYS_TESTSTATE, cp15c15);
1361
1362 /* read I TLB CAM content stored to r2-r9 */
1363 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1364 if ((retval = jtag_execute_queue()) != ERROR_OK)
1365 {
1366 return retval;
1367 }
1368
1369 for (i = 0; i < 8; i++)
1370 i_tlb[i + victim].cam = regs[i + 2];
1371 }
1372
1373 for (victim = 0; victim < 64; victim++)
1374 {
1375 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1376 * base remains unchanged, victim goes through entries 0 to 63
1377 */
1378 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1379 arm9tdmi_write_core_regs(target, 0x2, regs);
1380
1381 /* set interpret mode */
1382 cp15c15 |= 0x1;
1383 arm920t_write_cp15_physical(target,
1384 CP15PHYS_TESTSTATE, cp15c15);
1385
1386 /* Write I TLB lockdown */
1387 arm920t_execute_cp15(target,
1388 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1389
1390 /* Read I TLB RAM1 */
1391 arm920t_execute_cp15(target,
1392 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1393
1394 /* Read I TLB RAM2 */
1395 arm920t_execute_cp15(target,
1396 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1397
1398 /* clear interpret mode */
1399 cp15c15 &= ~0x1;
1400 arm920t_write_cp15_physical(target,
1401 CP15PHYS_TESTSTATE, cp15c15);
1402
1403 /* read I TLB RAM content stored to r2 and r3 */
1404 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1405 if ((retval = jtag_execute_queue()) != ERROR_OK)
1406 {
1407 return retval;
1408 }
1409
1410 i_tlb[victim].ram1 = regs[2];
1411 i_tlb[victim].ram2 = regs[3];
1412 }
1413
1414 /* restore I TLB lockdown */
1415 regs[1] = Ilockdown;
1416 arm9tdmi_write_core_regs(target, 0x2, regs);
1417
1418 /* Write I TLB lockdown */
1419 arm920t_execute_cp15(target,
1420 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1421
1422 /* restore CP15 MMU and Cache settings */
1423 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1424
1425 /* output data to file */
1426 fprintf(output, "D TLB content:\n");
1427 for (i = 0; i < 64; i++)
1428 {
1429 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1430 " 0x%8.8" PRIx32 " %s\n",
1431 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1432 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1433 }
1434
1435 fprintf(output, "\n\nI TLB content:\n");
1436 for (i = 0; i < 64; i++)
1437 {
1438 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1439 " 0x%8.8" PRIx32 " %s\n",
1440 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1441 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1442 }
1443
1444 command_print(CMD_CTX, "mmu content successfully output to %s",
1445 CMD_ARGV[0]);
1446
1447 fclose(output);
1448
1449 if (!is_arm_mode(armv4_5->core_mode))
1450 return ERROR_FAIL;
1451
1452 /* force writeback of the valid data */
1453 r = armv4_5->core_cache->reg_list;
1454 r[0].dirty = r[0].valid;
1455 r[1].dirty = r[1].valid;
1456 r[2].dirty = r[2].valid;
1457 r[3].dirty = r[3].valid;
1458 r[4].dirty = r[4].valid;
1459 r[5].dirty = r[5].valid;
1460 r[6].dirty = r[6].valid;
1461 r[7].dirty = r[7].valid;
1462
1463 r = arm_reg_current(armv4_5, 8);
1464 r->dirty = r->valid;
1465
1466 r = arm_reg_current(armv4_5, 9);
1467 r->dirty = r->valid;
1468
1469 return ERROR_OK;
1470 }
1471
1472 COMMAND_HANDLER(arm920t_handle_cp15_command)
1473 {
1474 int retval;
1475 struct target *target = get_current_target(CMD_CTX);
1476 struct arm920t_common *arm920t = target_to_arm920(target);
1477
1478 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1479 if (retval != ERROR_OK)
1480 return retval;
1481
1482 if (target->state != TARGET_HALTED)
1483 {
1484 command_print(CMD_CTX, "target must be stopped for "
1485 "\"%s\" command", CMD_NAME);
1486 return ERROR_OK;
1487 }
1488
1489 /* one argument, read a register.
1490 * two arguments, write it.
1491 */
1492 if (CMD_ARGC >= 1)
1493 {
1494 int address;
1495 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1496
1497 if (CMD_ARGC == 1)
1498 {
1499 uint32_t value;
1500 if ((retval = arm920t_read_cp15_physical(target,
1501 address, &value)) != ERROR_OK)
1502 {
1503 command_print(CMD_CTX,
1504 "couldn't access reg %i", address);
1505 return ERROR_OK;
1506 }
1507 if ((retval = jtag_execute_queue()) != ERROR_OK)
1508 {
1509 return retval;
1510 }
1511
1512 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1513 address, value);
1514 }
1515 else if (CMD_ARGC == 2)
1516 {
1517 uint32_t value;
1518 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1519 retval = arm920t_write_cp15_physical(target,
1520 address, value);
1521 if (retval != ERROR_OK)
1522 {
1523 command_print(CMD_CTX,
1524 "couldn't access reg %i", address);
1525 /* REVISIT why lie? "return retval"? */
1526 return ERROR_OK;
1527 }
1528 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1529 address, value);
1530 }
1531 }
1532
1533 return ERROR_OK;
1534 }
1535
1536 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1537 {
1538 int retval;
1539 struct target *target = get_current_target(CMD_CTX);
1540 struct arm920t_common *arm920t = target_to_arm920(target);
1541
1542 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1543 if (retval != ERROR_OK)
1544 return retval;
1545
1546
1547 if (target->state != TARGET_HALTED)
1548 {
1549 command_print(CMD_CTX, "target must be stopped for "
1550 "\"%s\" command", CMD_NAME);
1551 return ERROR_OK;
1552 }
1553
1554 /* one argument, read a register.
1555 * two arguments, write it.
1556 */
1557 if (CMD_ARGC >= 1)
1558 {
1559 uint32_t opcode;
1560 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1561
1562 if (CMD_ARGC == 1)
1563 {
1564 uint32_t value;
1565 retval = arm920t_read_cp15_interpreted(target,
1566 opcode, 0x0, &value);
1567 if (retval != ERROR_OK)
1568 {
1569 command_print(CMD_CTX,
1570 "couldn't execute %8.8" PRIx32,
1571 opcode);
1572 /* REVISIT why lie? "return retval"? */
1573 return ERROR_OK;
1574 }
1575
1576 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1577 opcode, value);
1578 }
1579 else if (CMD_ARGC == 2)
1580 {
1581 uint32_t value;
1582 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1583 retval = arm920t_write_cp15_interpreted(target,
1584 opcode, value, 0);
1585 if (retval != ERROR_OK)
1586 {
1587 command_print(CMD_CTX,
1588 "couldn't execute %8.8" PRIx32,
1589 opcode);
1590 /* REVISIT why lie? "return retval"? */
1591 return ERROR_OK;
1592 }
1593 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1594 opcode, value);
1595 }
1596 else if (CMD_ARGC == 3)
1597 {
1598 uint32_t value;
1599 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1600 uint32_t address;
1601 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1602 retval = arm920t_write_cp15_interpreted(target,
1603 opcode, value, address);
1604 if (retval != ERROR_OK)
1605 {
1606 command_print(CMD_CTX,
1607 "couldn't execute %8.8" PRIx32, opcode);
1608 /* REVISIT why lie? "return retval"? */
1609 return ERROR_OK;
1610 }
1611 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1612 " %8.8" PRIx32, opcode, value, address);
1613 }
1614 }
1615 else
1616 {
1617 command_print(CMD_CTX,
1618 "usage: arm920t cp15i <opcode> [value] [address]");
1619 }
1620
1621 return ERROR_OK;
1622 }
1623
1624 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1625 {
1626 int retval;
1627 struct target *target = get_current_target(CMD_CTX);
1628 struct arm920t_common *arm920t = target_to_arm920(target);
1629
1630 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1631 if (retval != ERROR_OK)
1632 return retval;
1633
1634 return armv4_5_handle_cache_info_command(CMD_CTX,
1635 &arm920t->armv4_5_mmu.armv4_5_cache);
1636 }
1637
1638
1639 static int arm920t_mrc(struct target *target, int cpnum,
1640 uint32_t op1, uint32_t op2,
1641 uint32_t CRn, uint32_t CRm,
1642 uint32_t *value)
1643 {
1644 if (cpnum!=15)
1645 {
1646 LOG_ERROR("Only cp15 is supported");
1647 return ERROR_FAIL;
1648 }
1649
1650 /* read "to" r0 */
1651 return arm920t_read_cp15_interpreted(target,
1652 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1653 0, value);
1654 }
1655
1656 static int arm920t_mcr(struct target *target, int cpnum,
1657 uint32_t op1, uint32_t op2,
1658 uint32_t CRn, uint32_t CRm,
1659 uint32_t value)
1660 {
1661 if (cpnum!=15)
1662 {
1663 LOG_ERROR("Only cp15 is supported");
1664 return ERROR_FAIL;
1665 }
1666
1667 /* write "from" r0 */
1668 return arm920t_write_cp15_interpreted(target,
1669 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1670 0, value);
1671 }
1672
1673 static const struct command_registration arm920t_exec_command_handlers[] = {
1674 {
1675 .name = "cp15",
1676 .handler = arm920t_handle_cp15_command,
1677 .mode = COMMAND_EXEC,
1678 .help = "display/modify cp15 register",
1679 .usage = "regnum [value]",
1680 },
1681 {
1682 .name = "cp15i",
1683 .handler = arm920t_handle_cp15i_command,
1684 .mode = COMMAND_EXEC,
1685 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1686 .help = "display/modify cp15 register using ARM opcode"
1687 " (DEPRECATED)",
1688 .usage = "instruction [value [address]]",
1689 },
1690 {
1691 .name = "cache_info",
1692 .handler = arm920t_handle_cache_info_command,
1693 .mode = COMMAND_EXEC,
1694 .help = "display information about target caches",
1695 },
1696 {
1697 .name = "read_cache",
1698 .handler = arm920t_handle_read_cache_command,
1699 .mode = COMMAND_EXEC,
1700 .help = "dump I/D cache content to file",
1701 .usage = "filename",
1702 },
1703 {
1704 .name = "read_mmu",
1705 .handler = arm920t_handle_read_mmu_command,
1706 .mode = COMMAND_EXEC,
1707 .help = "dump I/D mmu content to file",
1708 .usage = "filename",
1709 },
1710 COMMAND_REGISTRATION_DONE
1711 };
1712 const struct command_registration arm920t_command_handlers[] = {
1713 {
1714 .chain = arm9tdmi_command_handlers,
1715 },
1716 {
1717 .name = "arm920t",
1718 .mode = COMMAND_ANY,
1719 .help = "arm920t command group",
1720 .chain = arm920t_exec_command_handlers,
1721 },
1722 COMMAND_REGISTRATION_DONE
1723 };
1724
1725 /** Holds methods for ARM920 targets. */
1726 struct target_type arm920t_target =
1727 {
1728 .name = "arm920t",
1729
1730 .poll = arm7_9_poll,
1731 .arch_state = arm920t_arch_state,
1732
1733 .target_request_data = arm7_9_target_request_data,
1734
1735 .halt = arm7_9_halt,
1736 .resume = arm7_9_resume,
1737 .step = arm7_9_step,
1738
1739 .assert_reset = arm7_9_assert_reset,
1740 .deassert_reset = arm7_9_deassert_reset,
1741 .soft_reset_halt = arm920t_soft_reset_halt,
1742
1743 .get_gdb_reg_list = arm_get_gdb_reg_list,
1744
1745 .read_memory = arm920t_read_memory,
1746 .write_memory = arm920t_write_memory,
1747 .read_phys_memory = arm920t_read_phys_memory,
1748 .write_phys_memory = arm920t_write_phys_memory,
1749 .mmu = arm920_mmu,
1750 .virt2phys = arm920_virt2phys,
1751
1752 .bulk_write_memory = arm7_9_bulk_write_memory,
1753
1754 .checksum_memory = arm_checksum_memory,
1755 .blank_check_memory = arm_blank_check_memory,
1756
1757 .run_algorithm = armv4_5_run_algorithm,
1758
1759 .add_breakpoint = arm7_9_add_breakpoint,
1760 .remove_breakpoint = arm7_9_remove_breakpoint,
1761 .add_watchpoint = arm7_9_add_watchpoint,
1762 .remove_watchpoint = arm7_9_remove_watchpoint,
1763
1764 .commands = arm920t_command_handlers,
1765 .target_create = arm920t_target_create,
1766 .init_target = arm9tdmi_init_target,
1767 .examine = arm7_9_examine,
1768 .check_reset = arm7_9_check_reset,
1769 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)