Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
debug: debug entry error propagation
[openocd.git] / src / target / arm920t.c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "arm920t.h"
26 #include <helper/time_support.h>
27 #include "target_type.h"
28 #include "register.h"
29 #include "arm_opcodes.h"
30
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92
93 jtag_info = &arm920t->arm7_9_common.jtag_info;
94
95 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
96 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
97
98 fields[0].num_bits = 1;
99 fields[0].out_value = &access_type_buf;
100 fields[0].in_value = NULL;
101
102 fields[1].num_bits = 32;
103 fields[1].out_value = NULL;
104 fields[1].in_value = NULL;
105
106 fields[2].num_bits = 6;
107 fields[2].out_value = &reg_addr_buf;
108 fields[2].in_value = NULL;
109
110 fields[3].num_bits = 1;
111 fields[3].out_value = &nr_w_buf;
112 fields[3].in_value = NULL;
113
114 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
115
116 fields[1].in_value = (uint8_t *)value;
117
118 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
119
120 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
121
122 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
123 jtag_execute_queue();
124 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
125 #endif
126
127 return ERROR_OK;
128 }
129
130 static int arm920t_write_cp15_physical(struct target *target,
131 int reg_addr, uint32_t value)
132 {
133 struct arm920t_common *arm920t = target_to_arm920(target);
134 struct arm_jtag *jtag_info;
135 struct scan_field fields[4];
136 uint8_t access_type_buf = 1;
137 uint8_t reg_addr_buf = reg_addr & 0x3f;
138 uint8_t nr_w_buf = 1;
139 uint8_t value_buf[4];
140
141 jtag_info = &arm920t->arm7_9_common.jtag_info;
142
143 buf_set_u32(value_buf, 0, 32, value);
144
145 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
146 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
147
148 fields[0].num_bits = 1;
149 fields[0].out_value = &access_type_buf;
150 fields[0].in_value = NULL;
151
152 fields[1].num_bits = 32;
153 fields[1].out_value = value_buf;
154 fields[1].in_value = NULL;
155
156 fields[2].num_bits = 6;
157 fields[2].out_value = &reg_addr_buf;
158 fields[2].in_value = NULL;
159
160 fields[3].num_bits = 1;
161 fields[3].out_value = &nr_w_buf;
162 fields[3].in_value = NULL;
163
164 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
165
166 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
167 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
168 #endif
169
170 return ERROR_OK;
171 }
172
173 /* See table 9-10 for scan chain 15 format during interpreted access mode.
174 * If the TESTSTATE register is set for interpreted access, certain CP15
175 * MRC and MCR instructions may be executed through scan chain 15.
176 *
177 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
178 * executed using scan chain 15 interpreted mode.
179 */
180 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
181 uint32_t arm_opcode)
182 {
183 int retval;
184 struct arm920t_common *arm920t = target_to_arm920(target);
185 struct arm_jtag *jtag_info;
186 struct scan_field fields[4];
187 uint8_t access_type_buf = 0; /* interpreted access */
188 uint8_t reg_addr_buf = 0x0;
189 uint8_t nr_w_buf = 0;
190 uint8_t cp15_opcode_buf[4];
191
192 jtag_info = &arm920t->arm7_9_common.jtag_info;
193
194 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
195 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
196
197 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
198
199 fields[0].num_bits = 1;
200 fields[0].out_value = &access_type_buf;
201 fields[0].in_value = NULL;
202
203 fields[1].num_bits = 32;
204 fields[1].out_value = cp15_opcode_buf;
205 fields[1].in_value = NULL;
206
207 fields[2].num_bits = 6;
208 fields[2].out_value = &reg_addr_buf;
209 fields[2].in_value = NULL;
210
211 fields[3].num_bits = 1;
212 fields[3].out_value = &nr_w_buf;
213 fields[3].in_value = NULL;
214
215 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
216
217 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
218 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
219 retval = arm7_9_execute_sys_speed(target);
220 if (retval != ERROR_OK)
221 return retval;
222
223 if ((retval = jtag_execute_queue()) != ERROR_OK)
224 {
225 LOG_ERROR("failed executing JTAG queue");
226 return retval;
227 }
228
229 return ERROR_OK;
230 }
231
232 static int arm920t_read_cp15_interpreted(struct target *target,
233 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
234 {
235 struct arm *armv4_5 = target_to_arm(target);
236 uint32_t* regs_p[1];
237 uint32_t regs[2];
238 uint32_t cp15c15 = 0x0;
239 struct reg *r = armv4_5->core_cache->reg_list;
240
241 /* load address into R1 */
242 regs[1] = address;
243 arm9tdmi_write_core_regs(target, 0x2, regs);
244
245 /* read-modify-write CP15 test state register
246 * to enable interpreted access mode */
247 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
248 jtag_execute_queue();
249 cp15c15 |= 1; /* set interpret mode */
250 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
251
252 /* execute CP15 instruction and ARM load (reading from coprocessor) */
253 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
254
255 /* disable interpreted access mode */
256 cp15c15 &= ~1U; /* clear interpret mode */
257 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
258
259 /* retrieve value from R0 */
260 regs_p[0] = value;
261 arm9tdmi_read_core_regs(target, 0x1, regs_p);
262 jtag_execute_queue();
263
264 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
265 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
266 cp15_opcode, address, *value);
267 #endif
268
269 if (!is_arm_mode(armv4_5->core_mode))
270 return ERROR_FAIL;
271
272 r[0].dirty = 1;
273 r[1].dirty = 1;
274
275 return ERROR_OK;
276 }
277
278 static
279 int arm920t_write_cp15_interpreted(struct target *target,
280 uint32_t cp15_opcode, uint32_t value, uint32_t address)
281 {
282 uint32_t cp15c15 = 0x0;
283 struct arm *armv4_5 = target_to_arm(target);
284 uint32_t regs[2];
285 struct reg *r = armv4_5->core_cache->reg_list;
286
287 /* load value, address into R0, R1 */
288 regs[0] = value;
289 regs[1] = address;
290 arm9tdmi_write_core_regs(target, 0x3, regs);
291
292 /* read-modify-write CP15 test state register
293 * to enable interpreted access mode */
294 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
295 jtag_execute_queue();
296 cp15c15 |= 1; /* set interpret mode */
297 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
298
299 /* execute CP15 instruction and ARM store (writing to coprocessor) */
300 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
301
302 /* disable interpreted access mode */
303 cp15c15 &= ~1U; /* set interpret mode */
304 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
305
306 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
307 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
308 cp15_opcode, value, address);
309 #endif
310
311 if (!is_arm_mode(armv4_5->core_mode))
312 return ERROR_FAIL;
313
314 r[0].dirty = 1;
315 r[1].dirty = 1;
316
317 return ERROR_OK;
318 }
319
320 // EXPORTED to FA256
321 int arm920t_get_ttb(struct target *target, uint32_t *result)
322 {
323 int retval;
324 uint32_t ttb = 0x0;
325
326 if ((retval = arm920t_read_cp15_interpreted(target,
327 /* FIXME use opcode macro */
328 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
329 return retval;
330
331 *result = ttb;
332 return ERROR_OK;
333 }
334
335 // EXPORTED to FA256
336 int arm920t_disable_mmu_caches(struct target *target, int mmu,
337 int d_u_cache, int i_cache)
338 {
339 uint32_t cp15_control;
340 int retval;
341
342 /* read cp15 control register */
343 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
344 if (retval != ERROR_OK)
345 return retval;
346 retval = jtag_execute_queue();
347 if (retval != ERROR_OK)
348 return retval;
349
350 if (mmu)
351 cp15_control &= ~0x1U;
352
353 if (d_u_cache)
354 cp15_control &= ~0x4U;
355
356 if (i_cache)
357 cp15_control &= ~0x1000U;
358
359 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
360 return retval;
361 }
362
363 // EXPORTED to FA256
364 int arm920t_enable_mmu_caches(struct target *target, int mmu,
365 int d_u_cache, int i_cache)
366 {
367 uint32_t cp15_control;
368 int retval;
369
370 /* read cp15 control register */
371 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
372 if (retval != ERROR_OK)
373 return retval;
374 retval = jtag_execute_queue();
375 if (retval != ERROR_OK)
376 return retval;
377
378 if (mmu)
379 cp15_control |= 0x1U;
380
381 if (d_u_cache)
382 cp15_control |= 0x4U;
383
384 if (i_cache)
385 cp15_control |= 0x1000U;
386
387 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
388 return retval;
389 }
390
391 // EXPORTED to FA256
392 int arm920t_post_debug_entry(struct target *target)
393 {
394 uint32_t cp15c15;
395 struct arm920t_common *arm920t = target_to_arm920(target);
396 int retval;
397
398 /* examine cp15 control reg */
399 retval = arm920t_read_cp15_physical(target,
400 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
401 if (retval != ERROR_OK)
402 return retval;
403 retval = jtag_execute_queue();
404 if (retval != ERROR_OK)
405 return retval;
406 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
407
408 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
409 {
410 uint32_t cache_type_reg;
411 /* identify caches */
412 retval = arm920t_read_cp15_physical(target,
413 CP15PHYS_CACHETYPE, &cache_type_reg);
414 if (retval != ERROR_OK)
415 return retval;
416 retval = jtag_execute_queue();
417 if (retval != ERROR_OK)
418 return retval;
419 armv4_5_identify_cache(cache_type_reg,
420 &arm920t->armv4_5_mmu.armv4_5_cache);
421 }
422
423 arm920t->armv4_5_mmu.mmu_enabled =
424 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
425 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
426 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
427 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
428 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
429
430 /* save i/d fault status and address register */
431 /* FIXME use opcode macros */
432 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
433 if (retval != ERROR_OK)
434 return retval;
435 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
436 if (retval != ERROR_OK)
437 return retval;
438 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
439 if (retval != ERROR_OK)
440 return retval;
441 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
442 if (retval != ERROR_OK)
443 return retval;
444
445 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
446 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
447 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
448
449 if (arm920t->preserve_cache)
450 {
451 /* read-modify-write CP15 test state register
452 * to disable I/D-cache linefills */
453 retval = arm920t_read_cp15_physical(target,
454 CP15PHYS_TESTSTATE, &cp15c15);
455 if (retval != ERROR_OK)
456 return retval;
457 retval = jtag_execute_queue();
458 if (retval != ERROR_OK)
459 return retval;
460 cp15c15 |= 0x600;
461 retval = arm920t_write_cp15_physical(target,
462 CP15PHYS_TESTSTATE, cp15c15);
463 if (retval != ERROR_OK)
464 return retval;
465 }
466 return ERROR_OK;
467 }
468
469 // EXPORTED to FA256
470 void arm920t_pre_restore_context(struct target *target)
471 {
472 uint32_t cp15c15;
473 struct arm920t_common *arm920t = target_to_arm920(target);
474
475 /* restore i/d fault status and address register */
476 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
477 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
478 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
479 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
480
481 /* read-modify-write CP15 test state register
482 * to reenable I/D-cache linefills */
483 if (arm920t->preserve_cache)
484 {
485 arm920t_read_cp15_physical(target,
486 CP15PHYS_TESTSTATE, &cp15c15);
487 jtag_execute_queue();
488 cp15c15 &= ~0x600U;
489 arm920t_write_cp15_physical(target,
490 CP15PHYS_TESTSTATE, cp15c15);
491 }
492 }
493
494 static const char arm920_not[] = "target is not an ARM920";
495
496 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
497 struct arm920t_common *arm920t)
498 {
499 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
500 command_print(cmd_ctx, arm920_not);
501 return ERROR_TARGET_INVALID;
502 }
503
504 return ERROR_OK;
505 }
506
507 /** Logs summary of ARM920 state for a halted target. */
508 int arm920t_arch_state(struct target *target)
509 {
510 static const char *state[] =
511 {
512 "disabled", "enabled"
513 };
514
515 struct arm920t_common *arm920t = target_to_arm920(target);
516 struct arm *armv4_5;
517
518 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
519 {
520 LOG_ERROR("BUG: %s", arm920_not);
521 return ERROR_TARGET_INVALID;
522 }
523
524 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
525
526 arm_arch_state(target);
527 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
528 state[arm920t->armv4_5_mmu.mmu_enabled],
529 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
530 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
531
532 return ERROR_OK;
533 }
534
535 static int arm920_mmu(struct target *target, int *enabled)
536 {
537 if (target->state != TARGET_HALTED) {
538 LOG_ERROR("%s: target not halted", __func__);
539 return ERROR_TARGET_INVALID;
540 }
541
542 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
543 return ERROR_OK;
544 }
545
546 static int arm920_virt2phys(struct target *target,
547 uint32_t virt, uint32_t *phys)
548 {
549 uint32_t cb;
550 struct arm920t_common *arm920t = target_to_arm920(target);
551
552 uint32_t ret;
553 int retval = armv4_5_mmu_translate_va(target,
554 &arm920t->armv4_5_mmu, virt, &cb, &ret);
555 if (retval != ERROR_OK)
556 return retval;
557 *phys = ret;
558 return ERROR_OK;
559 }
560
561 /** Reads a buffer, in the specified word size, with current MMU settings. */
562 int arm920t_read_memory(struct target *target, uint32_t address,
563 uint32_t size, uint32_t count, uint8_t *buffer)
564 {
565 int retval;
566
567 retval = arm7_9_read_memory(target, address, size, count, buffer);
568
569 return retval;
570 }
571
572
573 static int arm920t_read_phys_memory(struct target *target,
574 uint32_t address, uint32_t size,
575 uint32_t count, uint8_t *buffer)
576 {
577 struct arm920t_common *arm920t = target_to_arm920(target);
578
579 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
580 address, size, count, buffer);
581 }
582
583 static int arm920t_write_phys_memory(struct target *target,
584 uint32_t address, uint32_t size,
585 uint32_t count, uint8_t *buffer)
586 {
587 struct arm920t_common *arm920t = target_to_arm920(target);
588
589 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
590 address, size, count, buffer);
591 }
592
593
594 /** Writes a buffer, in the specified word size, with current MMU settings. */
595 int arm920t_write_memory(struct target *target, uint32_t address,
596 uint32_t size, uint32_t count, uint8_t *buffer)
597 {
598 int retval;
599 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
600 struct arm920t_common *arm920t = target_to_arm920(target);
601
602 /* FIX!!!! this should be cleaned up and made much more general. The
603 * plan is to write up and test on arm920t specifically and
604 * then generalize and clean up afterwards.
605 *
606 * Also it should be moved to the callbacks that handle breakpoints
607 * specifically and not the generic memory write fn's. See XScale code.
608 */
609 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
610 ((size==2) || (size==4)))
611 {
612 /* special case the handling of single word writes to
613 * bypass MMU, to allow implementation of breakpoints
614 * in memory marked read only
615 * by MMU
616 */
617 uint32_t cb;
618 uint32_t pa;
619
620 /*
621 * We need physical address and cb
622 */
623 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
624 address, &cb, &pa);
625 if (retval != ERROR_OK)
626 return retval;
627
628 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
629 {
630 if (cb & 0x1)
631 {
632 LOG_DEBUG("D-Cache buffered, "
633 "drain write buffer");
634 /*
635 * Buffered ?
636 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
637 */
638
639 retval = arm920t_write_cp15_interpreted(target,
640 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
641 0x0, 0);
642 if (retval != ERROR_OK)
643 return retval;
644 }
645
646 if (cb == 0x3)
647 {
648 /*
649 * Write back memory ? -> clean cache
650 *
651 * There is no way to clean cache lines using
652 * cp15 scan chain, so copy the full cache
653 * line from cache to physical memory.
654 */
655 uint8_t data[32];
656
657 LOG_DEBUG("D-Cache in 'write back' mode, "
658 "flush cache line");
659
660 retval = target_read_memory(target,
661 address & cache_mask, 1,
662 sizeof(data), &data[0]);
663 if (retval != ERROR_OK)
664 return retval;
665
666 retval = armv4_5_mmu_write_physical(target,
667 &arm920t->armv4_5_mmu,
668 pa & cache_mask, 1,
669 sizeof(data), &data[0]);
670 if (retval != ERROR_OK)
671 return retval;
672 }
673
674 /* Cached ? */
675 if (cb & 0x2)
676 {
677 /*
678 * Cached ? -> Invalidate data cache using MVA
679 *
680 * MCR p15,0,Rd,c7,c6,1
681 */
682 LOG_DEBUG("D-Cache enabled, "
683 "invalidate cache line");
684
685 retval = arm920t_write_cp15_interpreted(target,
686 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
687 address & cache_mask);
688 if (retval != ERROR_OK)
689 return retval;
690 }
691 }
692
693 /* write directly to physical memory,
694 * bypassing any read only MMU bits, etc.
695 */
696 retval = armv4_5_mmu_write_physical(target,
697 &arm920t->armv4_5_mmu, pa, size,
698 count, buffer);
699 if (retval != ERROR_OK)
700 return retval;
701 } else
702 {
703 if ((retval = arm7_9_write_memory(target, address,
704 size, count, buffer)) != ERROR_OK)
705 return retval;
706 }
707
708 /* If ICache is enabled, we have to invalidate affected ICache lines
709 * the DCache is forced to write-through,
710 * so we don't have to clean it here
711 */
712 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
713 {
714 if (count <= 1)
715 {
716 /* invalidate ICache single entry with MVA
717 * mcr 15, 0, r0, cr7, cr5, {1}
718 */
719 LOG_DEBUG("I-Cache enabled, "
720 "invalidating affected I-Cache line");
721 retval = arm920t_write_cp15_interpreted(target,
722 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
723 0x0, address & cache_mask);
724 if (retval != ERROR_OK)
725 return retval;
726 }
727 else
728 {
729 /* invalidate ICache
730 * mcr 15, 0, r0, cr7, cr5, {0}
731 */
732 retval = arm920t_write_cp15_interpreted(target,
733 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
734 0x0, 0x0);
735 if (retval != ERROR_OK)
736 return retval;
737 }
738 }
739
740 return ERROR_OK;
741 }
742
743 // EXPORTED to FA256
744 int arm920t_soft_reset_halt(struct target *target)
745 {
746 int retval = ERROR_OK;
747 struct arm920t_common *arm920t = target_to_arm920(target);
748 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
749 struct arm *armv4_5 = &arm7_9->armv4_5_common;
750 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
751
752 if ((retval = target_halt(target)) != ERROR_OK)
753 {
754 return retval;
755 }
756
757 long long then = timeval_ms();
758 int timeout;
759 while (!(timeout = ((timeval_ms()-then) > 1000)))
760 {
761 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
762 == 0)
763 {
764 embeddedice_read_reg(dbg_stat);
765 if ((retval = jtag_execute_queue()) != ERROR_OK)
766 {
767 return retval;
768 }
769 } else
770 {
771 break;
772 }
773 if (debug_level >= 3)
774 {
775 /* do not eat all CPU, time out after 1 se*/
776 alive_sleep(100);
777 } else
778 {
779 keep_alive();
780 }
781 }
782 if (timeout)
783 {
784 LOG_ERROR("Failed to halt CPU after 1 sec");
785 return ERROR_TARGET_TIMEOUT;
786 }
787
788 target->state = TARGET_HALTED;
789
790 /* SVC, ARM state, IRQ and FIQ disabled */
791 uint32_t cpsr;
792
793 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
794 cpsr &= ~0xff;
795 cpsr |= 0xd3;
796 arm_set_cpsr(armv4_5, cpsr);
797 armv4_5->cpsr->dirty = 1;
798
799 /* start fetching from 0x0 */
800 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
801 armv4_5->pc->dirty = 1;
802 armv4_5->pc->valid = 1;
803
804 arm920t_disable_mmu_caches(target, 1, 1, 1);
805 arm920t->armv4_5_mmu.mmu_enabled = 0;
806 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
807 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
808
809 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
810 }
811
812 /* FIXME remove forward decls */
813 static int arm920t_mrc(struct target *target, int cpnum,
814 uint32_t op1, uint32_t op2,
815 uint32_t CRn, uint32_t CRm,
816 uint32_t *value);
817 static int arm920t_mcr(struct target *target, int cpnum,
818 uint32_t op1, uint32_t op2,
819 uint32_t CRn, uint32_t CRm,
820 uint32_t value);
821
822 static int arm920t_init_arch_info(struct target *target,
823 struct arm920t_common *arm920t, struct jtag_tap *tap)
824 {
825 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
826
827 arm7_9->armv4_5_common.mrc = arm920t_mrc;
828 arm7_9->armv4_5_common.mcr = arm920t_mcr;
829
830 /* initialize arm7/arm9 specific info (including armv4_5) */
831 arm9tdmi_init_arch_info(target, arm7_9, tap);
832
833 arm920t->common_magic = ARM920T_COMMON_MAGIC;
834
835 arm7_9->post_debug_entry = arm920t_post_debug_entry;
836 arm7_9->pre_restore_context = arm920t_pre_restore_context;
837
838 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
839 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
840 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
841 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
842 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
843 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
844 arm920t->armv4_5_mmu.has_tiny_pages = 1;
845 arm920t->armv4_5_mmu.mmu_enabled = 0;
846
847 /* disabling linefills leads to lockups, so keep them enabled for now
848 * this doesn't affect correctness, but might affect timing issues, if
849 * important data is evicted from the cache during the debug session
850 * */
851 arm920t->preserve_cache = 0;
852
853 /* override hw single-step capability from ARM9TDMI */
854 arm7_9->has_single_step = 1;
855
856 return ERROR_OK;
857 }
858
859 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
860 {
861 struct arm920t_common *arm920t;
862
863 arm920t = calloc(1,sizeof(struct arm920t_common));
864 return arm920t_init_arch_info(target, arm920t, target->tap);
865 }
866
867 COMMAND_HANDLER(arm920t_handle_read_cache_command)
868 {
869 int retval = ERROR_OK;
870 struct target *target = get_current_target(CMD_CTX);
871 struct arm920t_common *arm920t = target_to_arm920(target);
872 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
873 struct arm *armv4_5 = &arm7_9->armv4_5_common;
874 uint32_t cp15c15;
875 uint32_t cp15_ctrl, cp15_ctrl_saved;
876 uint32_t regs[16];
877 uint32_t *regs_p[16];
878 uint32_t C15_C_D_Ind, C15_C_I_Ind;
879 int i;
880 FILE *output;
881 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
882 int segment, index_t;
883 struct reg *r;
884
885 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
886 if (retval != ERROR_OK)
887 return retval;
888
889 if (CMD_ARGC != 1)
890 {
891 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
892 return ERROR_OK;
893 }
894
895 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
896 {
897 LOG_DEBUG("error opening cache content file");
898 return ERROR_OK;
899 }
900
901 for (i = 0; i < 16; i++)
902 regs_p[i] = &regs[i];
903
904 /* disable MMU and Caches */
905 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
906 if ((retval = jtag_execute_queue()) != ERROR_OK)
907 {
908 return retval;
909 }
910 cp15_ctrl_saved = cp15_ctrl;
911 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
912 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
913 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
914
915 /* read CP15 test state register */
916 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
917 jtag_execute_queue();
918
919 /* read DCache content */
920 fprintf(output, "DCache:\n");
921
922 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
923 for (segment = 0;
924 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
925 segment++)
926 {
927 fprintf(output, "\nsegment: %i\n----------", segment);
928
929 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
930 regs[0] = 0x0 | (segment << 5);
931 arm9tdmi_write_core_regs(target, 0x1, regs);
932
933 /* set interpret mode */
934 cp15c15 |= 0x1;
935 arm920t_write_cp15_physical(target,
936 CP15PHYS_TESTSTATE, cp15c15);
937
938 /* D CAM Read, loads current victim into C15.C.D.Ind */
939 arm920t_execute_cp15(target,
940 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
941
942 /* read current victim */
943 arm920t_read_cp15_physical(target,
944 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
945
946 /* clear interpret mode */
947 cp15c15 &= ~0x1;
948 arm920t_write_cp15_physical(target,
949 CP15PHYS_TESTSTATE, cp15c15);
950
951 for (index_t = 0; index_t < 64; index_t++)
952 {
953 /* Ra:
954 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
955 */
956 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
957 arm9tdmi_write_core_regs(target, 0x1, regs);
958
959 /* set interpret mode */
960 cp15c15 |= 0x1;
961 arm920t_write_cp15_physical(target,
962 CP15PHYS_TESTSTATE, cp15c15);
963
964 /* Write DCache victim */
965 arm920t_execute_cp15(target,
966 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
967
968 /* Read D RAM */
969 arm920t_execute_cp15(target,
970 ARMV4_5_MCR(15,2,0,15,10,2),
971 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
972
973 /* Read D CAM */
974 arm920t_execute_cp15(target,
975 ARMV4_5_MCR(15,2,0,15,6,2),
976 ARMV4_5_LDR(9, 0));
977
978 /* clear interpret mode */
979 cp15c15 &= ~0x1;
980 arm920t_write_cp15_physical(target,
981 CP15PHYS_TESTSTATE, cp15c15);
982
983 /* read D RAM and CAM content */
984 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
985 if ((retval = jtag_execute_queue()) != ERROR_OK)
986 {
987 return retval;
988 }
989
990 d_cache[segment][index_t].cam = regs[9];
991
992 /* mask LFSR[6] */
993 regs[9] &= 0xfffffffe;
994 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
995 PRIx32 ", content (%s):\n",
996 segment, index_t, regs[9],
997 (regs[9] & 0x10) ? "valid" : "invalid");
998
999 for (i = 1; i < 9; i++)
1000 {
1001 d_cache[segment][index_t].data[i] = regs[i];
1002 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1003 i-1, regs[i]);
1004 }
1005
1006 }
1007
1008 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1009 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1010 arm9tdmi_write_core_regs(target, 0x1, regs);
1011
1012 /* set interpret mode */
1013 cp15c15 |= 0x1;
1014 arm920t_write_cp15_physical(target,
1015 CP15PHYS_TESTSTATE, cp15c15);
1016
1017 /* Write DCache victim */
1018 arm920t_execute_cp15(target,
1019 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1020
1021 /* clear interpret mode */
1022 cp15c15 &= ~0x1;
1023 arm920t_write_cp15_physical(target,
1024 CP15PHYS_TESTSTATE, cp15c15);
1025 }
1026
1027 /* read ICache content */
1028 fprintf(output, "ICache:\n");
1029
1030 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1031 for (segment = 0;
1032 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1033 segment++)
1034 {
1035 fprintf(output, "segment: %i\n----------", segment);
1036
1037 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1038 regs[0] = 0x0 | (segment << 5);
1039 arm9tdmi_write_core_regs(target, 0x1, regs);
1040
1041 /* set interpret mode */
1042 cp15c15 |= 0x1;
1043 arm920t_write_cp15_physical(target,
1044 CP15PHYS_TESTSTATE, cp15c15);
1045
1046 /* I CAM Read, loads current victim into C15.C.I.Ind */
1047 arm920t_execute_cp15(target,
1048 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1049
1050 /* read current victim */
1051 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1052 &C15_C_I_Ind);
1053
1054 /* clear interpret mode */
1055 cp15c15 &= ~0x1;
1056 arm920t_write_cp15_physical(target,
1057 CP15PHYS_TESTSTATE, cp15c15);
1058
1059 for (index_t = 0; index_t < 64; index_t++)
1060 {
1061 /* Ra:
1062 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1063 */
1064 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1065 arm9tdmi_write_core_regs(target, 0x1, regs);
1066
1067 /* set interpret mode */
1068 cp15c15 |= 0x1;
1069 arm920t_write_cp15_physical(target,
1070 CP15PHYS_TESTSTATE, cp15c15);
1071
1072 /* Write ICache victim */
1073 arm920t_execute_cp15(target,
1074 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1075
1076 /* Read I RAM */
1077 arm920t_execute_cp15(target,
1078 ARMV4_5_MCR(15,2,0,15,9,2),
1079 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1080
1081 /* Read I CAM */
1082 arm920t_execute_cp15(target,
1083 ARMV4_5_MCR(15,2,0,15,5,2),
1084 ARMV4_5_LDR(9, 0));
1085
1086 /* clear interpret mode */
1087 cp15c15 &= ~0x1;
1088 arm920t_write_cp15_physical(target,
1089 CP15PHYS_TESTSTATE, cp15c15);
1090
1091 /* read I RAM and CAM content */
1092 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1093 if ((retval = jtag_execute_queue()) != ERROR_OK)
1094 {
1095 return retval;
1096 }
1097
1098 i_cache[segment][index_t].cam = regs[9];
1099
1100 /* mask LFSR[6] */
1101 regs[9] &= 0xfffffffe;
1102 fprintf(output, "\nsegment: %i, index: %i, "
1103 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1104 segment, index_t, regs[9],
1105 (regs[9] & 0x10) ? "valid" : "invalid");
1106
1107 for (i = 1; i < 9; i++)
1108 {
1109 i_cache[segment][index_t].data[i] = regs[i];
1110 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1111 i-1, regs[i]);
1112 }
1113 }
1114
1115 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1116 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1117 arm9tdmi_write_core_regs(target, 0x1, regs);
1118
1119 /* set interpret mode */
1120 cp15c15 |= 0x1;
1121 arm920t_write_cp15_physical(target,
1122 CP15PHYS_TESTSTATE, cp15c15);
1123
1124 /* Write ICache victim */
1125 arm920t_execute_cp15(target,
1126 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1127
1128 /* clear interpret mode */
1129 cp15c15 &= ~0x1;
1130 arm920t_write_cp15_physical(target,
1131 CP15PHYS_TESTSTATE, cp15c15);
1132 }
1133
1134 /* restore CP15 MMU and Cache settings */
1135 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1136
1137 command_print(CMD_CTX, "cache content successfully output to %s",
1138 CMD_ARGV[0]);
1139
1140 fclose(output);
1141
1142 if (!is_arm_mode(armv4_5->core_mode))
1143 return ERROR_FAIL;
1144
1145 /* force writeback of the valid data */
1146 r = armv4_5->core_cache->reg_list;
1147 r[0].dirty = r[0].valid;
1148 r[1].dirty = r[1].valid;
1149 r[2].dirty = r[2].valid;
1150 r[3].dirty = r[3].valid;
1151 r[4].dirty = r[4].valid;
1152 r[5].dirty = r[5].valid;
1153 r[6].dirty = r[6].valid;
1154 r[7].dirty = r[7].valid;
1155
1156 r = arm_reg_current(armv4_5, 8);
1157 r->dirty = r->valid;
1158
1159 r = arm_reg_current(armv4_5, 9);
1160 r->dirty = r->valid;
1161
1162 return ERROR_OK;
1163 }
1164
1165 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1166 {
1167 int retval = ERROR_OK;
1168 struct target *target = get_current_target(CMD_CTX);
1169 struct arm920t_common *arm920t = target_to_arm920(target);
1170 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1171 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1172 uint32_t cp15c15;
1173 uint32_t cp15_ctrl, cp15_ctrl_saved;
1174 uint32_t regs[16];
1175 uint32_t *regs_p[16];
1176 int i;
1177 FILE *output;
1178 uint32_t Dlockdown, Ilockdown;
1179 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1180 int victim;
1181 struct reg *r;
1182
1183 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1184 if (retval != ERROR_OK)
1185 return retval;
1186
1187 if (CMD_ARGC != 1)
1188 {
1189 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1190 return ERROR_OK;
1191 }
1192
1193 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1194 {
1195 LOG_DEBUG("error opening mmu content file");
1196 return ERROR_OK;
1197 }
1198
1199 for (i = 0; i < 16; i++)
1200 regs_p[i] = &regs[i];
1201
1202 /* disable MMU and Caches */
1203 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1204 if ((retval = jtag_execute_queue()) != ERROR_OK)
1205 {
1206 return retval;
1207 }
1208 cp15_ctrl_saved = cp15_ctrl;
1209 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1210 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1211 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1212
1213 /* read CP15 test state register */
1214 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1215 if ((retval = jtag_execute_queue()) != ERROR_OK)
1216 {
1217 return retval;
1218 }
1219
1220 /* prepare reading D TLB content
1221 * */
1222
1223 /* set interpret mode */
1224 cp15c15 |= 0x1;
1225 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1226
1227 /* Read D TLB lockdown */
1228 arm920t_execute_cp15(target,
1229 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1230
1231 /* clear interpret mode */
1232 cp15c15 &= ~0x1;
1233 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1234
1235 /* read D TLB lockdown stored to r1 */
1236 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1237 if ((retval = jtag_execute_queue()) != ERROR_OK)
1238 {
1239 return retval;
1240 }
1241 Dlockdown = regs[1];
1242
1243 for (victim = 0; victim < 64; victim += 8)
1244 {
1245 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1246 * base remains unchanged, victim goes through entries 0 to 63
1247 */
1248 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1249 arm9tdmi_write_core_regs(target, 0x2, regs);
1250
1251 /* set interpret mode */
1252 cp15c15 |= 0x1;
1253 arm920t_write_cp15_physical(target,
1254 CP15PHYS_TESTSTATE, cp15c15);
1255
1256 /* Write D TLB lockdown */
1257 arm920t_execute_cp15(target,
1258 ARMV4_5_MCR(15,0,0,10,0,0),
1259 ARMV4_5_STR(1, 0));
1260
1261 /* Read D TLB CAM */
1262 arm920t_execute_cp15(target,
1263 ARMV4_5_MCR(15,4,0,15,6,4),
1264 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1265
1266 /* clear interpret mode */
1267 cp15c15 &= ~0x1;
1268 arm920t_write_cp15_physical(target,
1269 CP15PHYS_TESTSTATE, cp15c15);
1270
1271 /* read D TLB CAM content stored to r2-r9 */
1272 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1273 if ((retval = jtag_execute_queue()) != ERROR_OK)
1274 {
1275 return retval;
1276 }
1277
1278 for (i = 0; i < 8; i++)
1279 d_tlb[victim + i].cam = regs[i + 2];
1280 }
1281
1282 for (victim = 0; victim < 64; victim++)
1283 {
1284 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1285 * base remains unchanged, victim goes through entries 0 to 63
1286 */
1287 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1288 arm9tdmi_write_core_regs(target, 0x2, regs);
1289
1290 /* set interpret mode */
1291 cp15c15 |= 0x1;
1292 arm920t_write_cp15_physical(target,
1293 CP15PHYS_TESTSTATE, cp15c15);
1294
1295 /* Write D TLB lockdown */
1296 arm920t_execute_cp15(target,
1297 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1298
1299 /* Read D TLB RAM1 */
1300 arm920t_execute_cp15(target,
1301 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1302
1303 /* Read D TLB RAM2 */
1304 arm920t_execute_cp15(target,
1305 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1306
1307 /* clear interpret mode */
1308 cp15c15 &= ~0x1;
1309 arm920t_write_cp15_physical(target,
1310 CP15PHYS_TESTSTATE, cp15c15);
1311
1312 /* read D TLB RAM content stored to r2 and r3 */
1313 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1314 if ((retval = jtag_execute_queue()) != ERROR_OK)
1315 {
1316 return retval;
1317 }
1318
1319 d_tlb[victim].ram1 = regs[2];
1320 d_tlb[victim].ram2 = regs[3];
1321 }
1322
1323 /* restore D TLB lockdown */
1324 regs[1] = Dlockdown;
1325 arm9tdmi_write_core_regs(target, 0x2, regs);
1326
1327 /* Write D TLB lockdown */
1328 arm920t_execute_cp15(target,
1329 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1330
1331 /* prepare reading I TLB content
1332 * */
1333
1334 /* set interpret mode */
1335 cp15c15 |= 0x1;
1336 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1337
1338 /* Read I TLB lockdown */
1339 arm920t_execute_cp15(target,
1340 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1341
1342 /* clear interpret mode */
1343 cp15c15 &= ~0x1;
1344 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1345
1346 /* read I TLB lockdown stored to r1 */
1347 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1348 if ((retval = jtag_execute_queue()) != ERROR_OK)
1349 {
1350 return retval;
1351 }
1352 Ilockdown = regs[1];
1353
1354 for (victim = 0; victim < 64; victim += 8)
1355 {
1356 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1357 * base remains unchanged, victim goes through entries 0 to 63
1358 */
1359 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1360 arm9tdmi_write_core_regs(target, 0x2, regs);
1361
1362 /* set interpret mode */
1363 cp15c15 |= 0x1;
1364 arm920t_write_cp15_physical(target,
1365 CP15PHYS_TESTSTATE, cp15c15);
1366
1367 /* Write I TLB lockdown */
1368 arm920t_execute_cp15(target,
1369 ARMV4_5_MCR(15,0,0,10,0,1),
1370 ARMV4_5_STR(1, 0));
1371
1372 /* Read I TLB CAM */
1373 arm920t_execute_cp15(target,
1374 ARMV4_5_MCR(15,4,0,15,5,4),
1375 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1376
1377 /* clear interpret mode */
1378 cp15c15 &= ~0x1;
1379 arm920t_write_cp15_physical(target,
1380 CP15PHYS_TESTSTATE, cp15c15);
1381
1382 /* read I TLB CAM content stored to r2-r9 */
1383 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1384 if ((retval = jtag_execute_queue()) != ERROR_OK)
1385 {
1386 return retval;
1387 }
1388
1389 for (i = 0; i < 8; i++)
1390 i_tlb[i + victim].cam = regs[i + 2];
1391 }
1392
1393 for (victim = 0; victim < 64; victim++)
1394 {
1395 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1396 * base remains unchanged, victim goes through entries 0 to 63
1397 */
1398 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1399 arm9tdmi_write_core_regs(target, 0x2, regs);
1400
1401 /* set interpret mode */
1402 cp15c15 |= 0x1;
1403 arm920t_write_cp15_physical(target,
1404 CP15PHYS_TESTSTATE, cp15c15);
1405
1406 /* Write I TLB lockdown */
1407 arm920t_execute_cp15(target,
1408 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1409
1410 /* Read I TLB RAM1 */
1411 arm920t_execute_cp15(target,
1412 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1413
1414 /* Read I TLB RAM2 */
1415 arm920t_execute_cp15(target,
1416 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1417
1418 /* clear interpret mode */
1419 cp15c15 &= ~0x1;
1420 arm920t_write_cp15_physical(target,
1421 CP15PHYS_TESTSTATE, cp15c15);
1422
1423 /* read I TLB RAM content stored to r2 and r3 */
1424 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1425 if ((retval = jtag_execute_queue()) != ERROR_OK)
1426 {
1427 return retval;
1428 }
1429
1430 i_tlb[victim].ram1 = regs[2];
1431 i_tlb[victim].ram2 = regs[3];
1432 }
1433
1434 /* restore I TLB lockdown */
1435 regs[1] = Ilockdown;
1436 arm9tdmi_write_core_regs(target, 0x2, regs);
1437
1438 /* Write I TLB lockdown */
1439 arm920t_execute_cp15(target,
1440 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1441
1442 /* restore CP15 MMU and Cache settings */
1443 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1444
1445 /* output data to file */
1446 fprintf(output, "D TLB content:\n");
1447 for (i = 0; i < 64; i++)
1448 {
1449 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1450 " 0x%8.8" PRIx32 " %s\n",
1451 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1452 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1453 }
1454
1455 fprintf(output, "\n\nI TLB content:\n");
1456 for (i = 0; i < 64; i++)
1457 {
1458 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1459 " 0x%8.8" PRIx32 " %s\n",
1460 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1461 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1462 }
1463
1464 command_print(CMD_CTX, "mmu content successfully output to %s",
1465 CMD_ARGV[0]);
1466
1467 fclose(output);
1468
1469 if (!is_arm_mode(armv4_5->core_mode))
1470 return ERROR_FAIL;
1471
1472 /* force writeback of the valid data */
1473 r = armv4_5->core_cache->reg_list;
1474 r[0].dirty = r[0].valid;
1475 r[1].dirty = r[1].valid;
1476 r[2].dirty = r[2].valid;
1477 r[3].dirty = r[3].valid;
1478 r[4].dirty = r[4].valid;
1479 r[5].dirty = r[5].valid;
1480 r[6].dirty = r[6].valid;
1481 r[7].dirty = r[7].valid;
1482
1483 r = arm_reg_current(armv4_5, 8);
1484 r->dirty = r->valid;
1485
1486 r = arm_reg_current(armv4_5, 9);
1487 r->dirty = r->valid;
1488
1489 return ERROR_OK;
1490 }
1491
1492 COMMAND_HANDLER(arm920t_handle_cp15_command)
1493 {
1494 int retval;
1495 struct target *target = get_current_target(CMD_CTX);
1496 struct arm920t_common *arm920t = target_to_arm920(target);
1497
1498 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1499 if (retval != ERROR_OK)
1500 return retval;
1501
1502 if (target->state != TARGET_HALTED)
1503 {
1504 command_print(CMD_CTX, "target must be stopped for "
1505 "\"%s\" command", CMD_NAME);
1506 return ERROR_OK;
1507 }
1508
1509 /* one argument, read a register.
1510 * two arguments, write it.
1511 */
1512 if (CMD_ARGC >= 1)
1513 {
1514 int address;
1515 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1516
1517 if (CMD_ARGC == 1)
1518 {
1519 uint32_t value;
1520 if ((retval = arm920t_read_cp15_physical(target,
1521 address, &value)) != ERROR_OK)
1522 {
1523 command_print(CMD_CTX,
1524 "couldn't access reg %i", address);
1525 return ERROR_OK;
1526 }
1527 if ((retval = jtag_execute_queue()) != ERROR_OK)
1528 {
1529 return retval;
1530 }
1531
1532 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1533 address, value);
1534 }
1535 else if (CMD_ARGC == 2)
1536 {
1537 uint32_t value;
1538 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1539 retval = arm920t_write_cp15_physical(target,
1540 address, value);
1541 if (retval != ERROR_OK)
1542 {
1543 command_print(CMD_CTX,
1544 "couldn't access reg %i", address);
1545 /* REVISIT why lie? "return retval"? */
1546 return ERROR_OK;
1547 }
1548 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1549 address, value);
1550 }
1551 }
1552
1553 return ERROR_OK;
1554 }
1555
1556 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1557 {
1558 int retval;
1559 struct target *target = get_current_target(CMD_CTX);
1560 struct arm920t_common *arm920t = target_to_arm920(target);
1561
1562 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1563 if (retval != ERROR_OK)
1564 return retval;
1565
1566
1567 if (target->state != TARGET_HALTED)
1568 {
1569 command_print(CMD_CTX, "target must be stopped for "
1570 "\"%s\" command", CMD_NAME);
1571 return ERROR_OK;
1572 }
1573
1574 /* one argument, read a register.
1575 * two arguments, write it.
1576 */
1577 if (CMD_ARGC >= 1)
1578 {
1579 uint32_t opcode;
1580 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1581
1582 if (CMD_ARGC == 1)
1583 {
1584 uint32_t value;
1585 retval = arm920t_read_cp15_interpreted(target,
1586 opcode, 0x0, &value);
1587 if (retval != ERROR_OK)
1588 {
1589 command_print(CMD_CTX,
1590 "couldn't execute %8.8" PRIx32,
1591 opcode);
1592 /* REVISIT why lie? "return retval"? */
1593 return ERROR_OK;
1594 }
1595
1596 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1597 opcode, value);
1598 }
1599 else if (CMD_ARGC == 2)
1600 {
1601 uint32_t value;
1602 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1603 retval = arm920t_write_cp15_interpreted(target,
1604 opcode, value, 0);
1605 if (retval != ERROR_OK)
1606 {
1607 command_print(CMD_CTX,
1608 "couldn't execute %8.8" PRIx32,
1609 opcode);
1610 /* REVISIT why lie? "return retval"? */
1611 return ERROR_OK;
1612 }
1613 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1614 opcode, value);
1615 }
1616 else if (CMD_ARGC == 3)
1617 {
1618 uint32_t value;
1619 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1620 uint32_t address;
1621 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1622 retval = arm920t_write_cp15_interpreted(target,
1623 opcode, value, address);
1624 if (retval != ERROR_OK)
1625 {
1626 command_print(CMD_CTX,
1627 "couldn't execute %8.8" PRIx32, opcode);
1628 /* REVISIT why lie? "return retval"? */
1629 return ERROR_OK;
1630 }
1631 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1632 " %8.8" PRIx32, opcode, value, address);
1633 }
1634 }
1635 else
1636 {
1637 command_print(CMD_CTX,
1638 "usage: arm920t cp15i <opcode> [value] [address]");
1639 }
1640
1641 return ERROR_OK;
1642 }
1643
1644 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1645 {
1646 int retval;
1647 struct target *target = get_current_target(CMD_CTX);
1648 struct arm920t_common *arm920t = target_to_arm920(target);
1649
1650 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1651 if (retval != ERROR_OK)
1652 return retval;
1653
1654 return armv4_5_handle_cache_info_command(CMD_CTX,
1655 &arm920t->armv4_5_mmu.armv4_5_cache);
1656 }
1657
1658
1659 static int arm920t_mrc(struct target *target, int cpnum,
1660 uint32_t op1, uint32_t op2,
1661 uint32_t CRn, uint32_t CRm,
1662 uint32_t *value)
1663 {
1664 if (cpnum!=15)
1665 {
1666 LOG_ERROR("Only cp15 is supported");
1667 return ERROR_FAIL;
1668 }
1669
1670 /* read "to" r0 */
1671 return arm920t_read_cp15_interpreted(target,
1672 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1673 0, value);
1674 }
1675
1676 static int arm920t_mcr(struct target *target, int cpnum,
1677 uint32_t op1, uint32_t op2,
1678 uint32_t CRn, uint32_t CRm,
1679 uint32_t value)
1680 {
1681 if (cpnum!=15)
1682 {
1683 LOG_ERROR("Only cp15 is supported");
1684 return ERROR_FAIL;
1685 }
1686
1687 /* write "from" r0 */
1688 return arm920t_write_cp15_interpreted(target,
1689 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1690 0, value);
1691 }
1692
1693 static const struct command_registration arm920t_exec_command_handlers[] = {
1694 {
1695 .name = "cp15",
1696 .handler = arm920t_handle_cp15_command,
1697 .mode = COMMAND_EXEC,
1698 .help = "display/modify cp15 register",
1699 .usage = "regnum [value]",
1700 },
1701 {
1702 .name = "cp15i",
1703 .handler = arm920t_handle_cp15i_command,
1704 .mode = COMMAND_EXEC,
1705 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1706 .help = "display/modify cp15 register using ARM opcode"
1707 " (DEPRECATED)",
1708 .usage = "instruction [value [address]]",
1709 },
1710 {
1711 .name = "cache_info",
1712 .handler = arm920t_handle_cache_info_command,
1713 .mode = COMMAND_EXEC,
1714 .help = "display information about target caches",
1715 },
1716 {
1717 .name = "read_cache",
1718 .handler = arm920t_handle_read_cache_command,
1719 .mode = COMMAND_EXEC,
1720 .help = "dump I/D cache content to file",
1721 .usage = "filename",
1722 },
1723 {
1724 .name = "read_mmu",
1725 .handler = arm920t_handle_read_mmu_command,
1726 .mode = COMMAND_EXEC,
1727 .help = "dump I/D mmu content to file",
1728 .usage = "filename",
1729 },
1730 COMMAND_REGISTRATION_DONE
1731 };
1732 const struct command_registration arm920t_command_handlers[] = {
1733 {
1734 .chain = arm9tdmi_command_handlers,
1735 },
1736 {
1737 .name = "arm920t",
1738 .mode = COMMAND_ANY,
1739 .help = "arm920t command group",
1740 .chain = arm920t_exec_command_handlers,
1741 },
1742 COMMAND_REGISTRATION_DONE
1743 };
1744
1745 /** Holds methods for ARM920 targets. */
1746 struct target_type arm920t_target =
1747 {
1748 .name = "arm920t",
1749
1750 .poll = arm7_9_poll,
1751 .arch_state = arm920t_arch_state,
1752
1753 .target_request_data = arm7_9_target_request_data,
1754
1755 .halt = arm7_9_halt,
1756 .resume = arm7_9_resume,
1757 .step = arm7_9_step,
1758
1759 .assert_reset = arm7_9_assert_reset,
1760 .deassert_reset = arm7_9_deassert_reset,
1761 .soft_reset_halt = arm920t_soft_reset_halt,
1762
1763 .get_gdb_reg_list = arm_get_gdb_reg_list,
1764
1765 .read_memory = arm920t_read_memory,
1766 .write_memory = arm920t_write_memory,
1767 .read_phys_memory = arm920t_read_phys_memory,
1768 .write_phys_memory = arm920t_write_phys_memory,
1769 .mmu = arm920_mmu,
1770 .virt2phys = arm920_virt2phys,
1771
1772 .bulk_write_memory = arm7_9_bulk_write_memory,
1773
1774 .checksum_memory = arm_checksum_memory,
1775 .blank_check_memory = arm_blank_check_memory,
1776
1777 .run_algorithm = armv4_5_run_algorithm,
1778
1779 .add_breakpoint = arm7_9_add_breakpoint,
1780 .remove_breakpoint = arm7_9_remove_breakpoint,
1781 .add_watchpoint = arm7_9_add_watchpoint,
1782 .remove_watchpoint = arm7_9_remove_watchpoint,
1783
1784 .commands = arm920t_command_handlers,
1785 .target_create = arm920t_target_create,
1786 .init_target = arm9tdmi_init_target,
1787 .examine = arm7_9_examine,
1788 .check_reset = arm7_9_check_reset,
1789 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)