Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
arm: add error propagation to generic get_ttb fn
[openocd.git] / src / target / arm920t.c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "arm920t.h"
26 #include <helper/time_support.h>
27 #include "target_type.h"
28 #include "register.h"
29 #include "arm_opcodes.h"
30
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92
93 jtag_info = &arm920t->arm7_9_common.jtag_info;
94
95 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
96 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
97
98 fields[0].num_bits = 1;
99 fields[0].out_value = &access_type_buf;
100 fields[0].in_value = NULL;
101
102 fields[1].num_bits = 32;
103 fields[1].out_value = NULL;
104 fields[1].in_value = NULL;
105
106 fields[2].num_bits = 6;
107 fields[2].out_value = &reg_addr_buf;
108 fields[2].in_value = NULL;
109
110 fields[3].num_bits = 1;
111 fields[3].out_value = &nr_w_buf;
112 fields[3].in_value = NULL;
113
114 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
115
116 fields[1].in_value = (uint8_t *)value;
117
118 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
119
120 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
121
122 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
123 jtag_execute_queue();
124 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
125 #endif
126
127 return ERROR_OK;
128 }
129
130 static int arm920t_write_cp15_physical(struct target *target,
131 int reg_addr, uint32_t value)
132 {
133 struct arm920t_common *arm920t = target_to_arm920(target);
134 struct arm_jtag *jtag_info;
135 struct scan_field fields[4];
136 uint8_t access_type_buf = 1;
137 uint8_t reg_addr_buf = reg_addr & 0x3f;
138 uint8_t nr_w_buf = 1;
139 uint8_t value_buf[4];
140
141 jtag_info = &arm920t->arm7_9_common.jtag_info;
142
143 buf_set_u32(value_buf, 0, 32, value);
144
145 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
146 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
147
148 fields[0].num_bits = 1;
149 fields[0].out_value = &access_type_buf;
150 fields[0].in_value = NULL;
151
152 fields[1].num_bits = 32;
153 fields[1].out_value = value_buf;
154 fields[1].in_value = NULL;
155
156 fields[2].num_bits = 6;
157 fields[2].out_value = &reg_addr_buf;
158 fields[2].in_value = NULL;
159
160 fields[3].num_bits = 1;
161 fields[3].out_value = &nr_w_buf;
162 fields[3].in_value = NULL;
163
164 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
165
166 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
167 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
168 #endif
169
170 return ERROR_OK;
171 }
172
173 /* See table 9-10 for scan chain 15 format during interpreted access mode.
174 * If the TESTSTATE register is set for interpreted access, certain CP15
175 * MRC and MCR instructions may be executed through scan chain 15.
176 *
177 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
178 * executed using scan chain 15 interpreted mode.
179 */
180 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
181 uint32_t arm_opcode)
182 {
183 int retval;
184 struct arm920t_common *arm920t = target_to_arm920(target);
185 struct arm_jtag *jtag_info;
186 struct scan_field fields[4];
187 uint8_t access_type_buf = 0; /* interpreted access */
188 uint8_t reg_addr_buf = 0x0;
189 uint8_t nr_w_buf = 0;
190 uint8_t cp15_opcode_buf[4];
191
192 jtag_info = &arm920t->arm7_9_common.jtag_info;
193
194 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
195 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
196
197 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
198
199 fields[0].num_bits = 1;
200 fields[0].out_value = &access_type_buf;
201 fields[0].in_value = NULL;
202
203 fields[1].num_bits = 32;
204 fields[1].out_value = cp15_opcode_buf;
205 fields[1].in_value = NULL;
206
207 fields[2].num_bits = 6;
208 fields[2].out_value = &reg_addr_buf;
209 fields[2].in_value = NULL;
210
211 fields[3].num_bits = 1;
212 fields[3].out_value = &nr_w_buf;
213 fields[3].in_value = NULL;
214
215 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
216
217 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
218 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
219 retval = arm7_9_execute_sys_speed(target);
220 if (retval != ERROR_OK)
221 return retval;
222
223 if ((retval = jtag_execute_queue()) != ERROR_OK)
224 {
225 LOG_ERROR("failed executing JTAG queue");
226 return retval;
227 }
228
229 return ERROR_OK;
230 }
231
232 static int arm920t_read_cp15_interpreted(struct target *target,
233 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
234 {
235 struct arm *armv4_5 = target_to_arm(target);
236 uint32_t* regs_p[1];
237 uint32_t regs[2];
238 uint32_t cp15c15 = 0x0;
239 struct reg *r = armv4_5->core_cache->reg_list;
240
241 /* load address into R1 */
242 regs[1] = address;
243 arm9tdmi_write_core_regs(target, 0x2, regs);
244
245 /* read-modify-write CP15 test state register
246 * to enable interpreted access mode */
247 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
248 jtag_execute_queue();
249 cp15c15 |= 1; /* set interpret mode */
250 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
251
252 /* execute CP15 instruction and ARM load (reading from coprocessor) */
253 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
254
255 /* disable interpreted access mode */
256 cp15c15 &= ~1U; /* clear interpret mode */
257 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
258
259 /* retrieve value from R0 */
260 regs_p[0] = value;
261 arm9tdmi_read_core_regs(target, 0x1, regs_p);
262 jtag_execute_queue();
263
264 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
265 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
266 cp15_opcode, address, *value);
267 #endif
268
269 if (!is_arm_mode(armv4_5->core_mode))
270 return ERROR_FAIL;
271
272 r[0].dirty = 1;
273 r[1].dirty = 1;
274
275 return ERROR_OK;
276 }
277
278 static
279 int arm920t_write_cp15_interpreted(struct target *target,
280 uint32_t cp15_opcode, uint32_t value, uint32_t address)
281 {
282 uint32_t cp15c15 = 0x0;
283 struct arm *armv4_5 = target_to_arm(target);
284 uint32_t regs[2];
285 struct reg *r = armv4_5->core_cache->reg_list;
286
287 /* load value, address into R0, R1 */
288 regs[0] = value;
289 regs[1] = address;
290 arm9tdmi_write_core_regs(target, 0x3, regs);
291
292 /* read-modify-write CP15 test state register
293 * to enable interpreted access mode */
294 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
295 jtag_execute_queue();
296 cp15c15 |= 1; /* set interpret mode */
297 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
298
299 /* execute CP15 instruction and ARM store (writing to coprocessor) */
300 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
301
302 /* disable interpreted access mode */
303 cp15c15 &= ~1U; /* set interpret mode */
304 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
305
306 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
307 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
308 cp15_opcode, value, address);
309 #endif
310
311 if (!is_arm_mode(armv4_5->core_mode))
312 return ERROR_FAIL;
313
314 r[0].dirty = 1;
315 r[1].dirty = 1;
316
317 return ERROR_OK;
318 }
319
320 // EXPORTED to FA256
321 int arm920t_get_ttb(struct target *target, uint32_t *result)
322 {
323 int retval;
324 uint32_t ttb = 0x0;
325
326 if ((retval = arm920t_read_cp15_interpreted(target,
327 /* FIXME use opcode macro */
328 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
329 return retval;
330
331 *result = ttb;
332 return ERROR_OK;
333 }
334
335 // EXPORTED to FA256
336 void arm920t_disable_mmu_caches(struct target *target, int mmu,
337 int d_u_cache, int i_cache)
338 {
339 uint32_t cp15_control;
340
341 /* read cp15 control register */
342 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
343 jtag_execute_queue();
344
345 if (mmu)
346 cp15_control &= ~0x1U;
347
348 if (d_u_cache)
349 cp15_control &= ~0x4U;
350
351 if (i_cache)
352 cp15_control &= ~0x1000U;
353
354 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
355 }
356
357 // EXPORTED to FA256
358 void arm920t_enable_mmu_caches(struct target *target, int mmu,
359 int d_u_cache, int i_cache)
360 {
361 uint32_t cp15_control;
362
363 /* read cp15 control register */
364 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
365 jtag_execute_queue();
366
367 if (mmu)
368 cp15_control |= 0x1U;
369
370 if (d_u_cache)
371 cp15_control |= 0x4U;
372
373 if (i_cache)
374 cp15_control |= 0x1000U;
375
376 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
377 }
378
379 // EXPORTED to FA256
380 void arm920t_post_debug_entry(struct target *target)
381 {
382 uint32_t cp15c15;
383 struct arm920t_common *arm920t = target_to_arm920(target);
384
385 /* examine cp15 control reg */
386 arm920t_read_cp15_physical(target,
387 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
388 jtag_execute_queue();
389 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
390
391 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
392 {
393 uint32_t cache_type_reg;
394 /* identify caches */
395 arm920t_read_cp15_physical(target,
396 CP15PHYS_CACHETYPE, &cache_type_reg);
397 jtag_execute_queue();
398 armv4_5_identify_cache(cache_type_reg,
399 &arm920t->armv4_5_mmu.armv4_5_cache);
400 }
401
402 arm920t->armv4_5_mmu.mmu_enabled =
403 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
404 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
405 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
406 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
407 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
408
409 /* save i/d fault status and address register */
410 /* FIXME use opcode macros */
411 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
412 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
413 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
414 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
415
416 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
417 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
418 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
419
420 if (arm920t->preserve_cache)
421 {
422 /* read-modify-write CP15 test state register
423 * to disable I/D-cache linefills */
424 arm920t_read_cp15_physical(target,
425 CP15PHYS_TESTSTATE, &cp15c15);
426 jtag_execute_queue();
427 cp15c15 |= 0x600;
428 arm920t_write_cp15_physical(target,
429 CP15PHYS_TESTSTATE, cp15c15);
430 }
431 }
432
433 // EXPORTED to FA256
434 void arm920t_pre_restore_context(struct target *target)
435 {
436 uint32_t cp15c15;
437 struct arm920t_common *arm920t = target_to_arm920(target);
438
439 /* restore i/d fault status and address register */
440 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
441 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
442 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
443 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
444
445 /* read-modify-write CP15 test state register
446 * to reenable I/D-cache linefills */
447 if (arm920t->preserve_cache)
448 {
449 arm920t_read_cp15_physical(target,
450 CP15PHYS_TESTSTATE, &cp15c15);
451 jtag_execute_queue();
452 cp15c15 &= ~0x600U;
453 arm920t_write_cp15_physical(target,
454 CP15PHYS_TESTSTATE, cp15c15);
455 }
456 }
457
458 static const char arm920_not[] = "target is not an ARM920";
459
460 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
461 struct arm920t_common *arm920t)
462 {
463 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
464 command_print(cmd_ctx, arm920_not);
465 return ERROR_TARGET_INVALID;
466 }
467
468 return ERROR_OK;
469 }
470
471 /** Logs summary of ARM920 state for a halted target. */
472 int arm920t_arch_state(struct target *target)
473 {
474 static const char *state[] =
475 {
476 "disabled", "enabled"
477 };
478
479 struct arm920t_common *arm920t = target_to_arm920(target);
480 struct arm *armv4_5;
481
482 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
483 {
484 LOG_ERROR("BUG: %s", arm920_not);
485 return ERROR_TARGET_INVALID;
486 }
487
488 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
489
490 arm_arch_state(target);
491 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
492 state[arm920t->armv4_5_mmu.mmu_enabled],
493 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
494 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
495
496 return ERROR_OK;
497 }
498
499 static int arm920_mmu(struct target *target, int *enabled)
500 {
501 if (target->state != TARGET_HALTED) {
502 LOG_ERROR("%s: target not halted", __func__);
503 return ERROR_TARGET_INVALID;
504 }
505
506 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
507 return ERROR_OK;
508 }
509
510 static int arm920_virt2phys(struct target *target,
511 uint32_t virt, uint32_t *phys)
512 {
513 uint32_t cb;
514 struct arm920t_common *arm920t = target_to_arm920(target);
515
516 uint32_t ret;
517 int retval = armv4_5_mmu_translate_va(target,
518 &arm920t->armv4_5_mmu, virt, &cb, &ret);
519 if (retval != ERROR_OK)
520 return retval;
521 *phys = ret;
522 return ERROR_OK;
523 }
524
525 /** Reads a buffer, in the specified word size, with current MMU settings. */
526 int arm920t_read_memory(struct target *target, uint32_t address,
527 uint32_t size, uint32_t count, uint8_t *buffer)
528 {
529 int retval;
530
531 retval = arm7_9_read_memory(target, address, size, count, buffer);
532
533 return retval;
534 }
535
536
537 static int arm920t_read_phys_memory(struct target *target,
538 uint32_t address, uint32_t size,
539 uint32_t count, uint8_t *buffer)
540 {
541 struct arm920t_common *arm920t = target_to_arm920(target);
542
543 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
544 address, size, count, buffer);
545 }
546
547 static int arm920t_write_phys_memory(struct target *target,
548 uint32_t address, uint32_t size,
549 uint32_t count, uint8_t *buffer)
550 {
551 struct arm920t_common *arm920t = target_to_arm920(target);
552
553 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
554 address, size, count, buffer);
555 }
556
557
558 /** Writes a buffer, in the specified word size, with current MMU settings. */
559 int arm920t_write_memory(struct target *target, uint32_t address,
560 uint32_t size, uint32_t count, uint8_t *buffer)
561 {
562 int retval;
563 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
564 struct arm920t_common *arm920t = target_to_arm920(target);
565
566 /* FIX!!!! this should be cleaned up and made much more general. The
567 * plan is to write up and test on arm920t specifically and
568 * then generalize and clean up afterwards.
569 *
570 * Also it should be moved to the callbacks that handle breakpoints
571 * specifically and not the generic memory write fn's. See XScale code.
572 */
573 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
574 ((size==2) || (size==4)))
575 {
576 /* special case the handling of single word writes to
577 * bypass MMU, to allow implementation of breakpoints
578 * in memory marked read only
579 * by MMU
580 */
581 uint32_t cb;
582 uint32_t pa;
583
584 /*
585 * We need physical address and cb
586 */
587 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
588 address, &cb, &pa);
589 if (retval != ERROR_OK)
590 return retval;
591
592 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
593 {
594 if (cb & 0x1)
595 {
596 LOG_DEBUG("D-Cache buffered, "
597 "drain write buffer");
598 /*
599 * Buffered ?
600 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
601 */
602
603 retval = arm920t_write_cp15_interpreted(target,
604 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
605 0x0, 0);
606 if (retval != ERROR_OK)
607 return retval;
608 }
609
610 if (cb == 0x3)
611 {
612 /*
613 * Write back memory ? -> clean cache
614 *
615 * There is no way to clean cache lines using
616 * cp15 scan chain, so copy the full cache
617 * line from cache to physical memory.
618 */
619 uint8_t data[32];
620
621 LOG_DEBUG("D-Cache in 'write back' mode, "
622 "flush cache line");
623
624 retval = target_read_memory(target,
625 address & cache_mask, 1,
626 sizeof(data), &data[0]);
627 if (retval != ERROR_OK)
628 return retval;
629
630 retval = armv4_5_mmu_write_physical(target,
631 &arm920t->armv4_5_mmu,
632 pa & cache_mask, 1,
633 sizeof(data), &data[0]);
634 if (retval != ERROR_OK)
635 return retval;
636 }
637
638 /* Cached ? */
639 if (cb & 0x2)
640 {
641 /*
642 * Cached ? -> Invalidate data cache using MVA
643 *
644 * MCR p15,0,Rd,c7,c6,1
645 */
646 LOG_DEBUG("D-Cache enabled, "
647 "invalidate cache line");
648
649 retval = arm920t_write_cp15_interpreted(target,
650 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
651 address & cache_mask);
652 if (retval != ERROR_OK)
653 return retval;
654 }
655 }
656
657 /* write directly to physical memory,
658 * bypassing any read only MMU bits, etc.
659 */
660 retval = armv4_5_mmu_write_physical(target,
661 &arm920t->armv4_5_mmu, pa, size,
662 count, buffer);
663 if (retval != ERROR_OK)
664 return retval;
665 } else
666 {
667 if ((retval = arm7_9_write_memory(target, address,
668 size, count, buffer)) != ERROR_OK)
669 return retval;
670 }
671
672 /* If ICache is enabled, we have to invalidate affected ICache lines
673 * the DCache is forced to write-through,
674 * so we don't have to clean it here
675 */
676 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
677 {
678 if (count <= 1)
679 {
680 /* invalidate ICache single entry with MVA
681 * mcr 15, 0, r0, cr7, cr5, {1}
682 */
683 LOG_DEBUG("I-Cache enabled, "
684 "invalidating affected I-Cache line");
685 retval = arm920t_write_cp15_interpreted(target,
686 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
687 0x0, address & cache_mask);
688 if (retval != ERROR_OK)
689 return retval;
690 }
691 else
692 {
693 /* invalidate ICache
694 * mcr 15, 0, r0, cr7, cr5, {0}
695 */
696 retval = arm920t_write_cp15_interpreted(target,
697 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
698 0x0, 0x0);
699 if (retval != ERROR_OK)
700 return retval;
701 }
702 }
703
704 return ERROR_OK;
705 }
706
707 // EXPORTED to FA256
708 int arm920t_soft_reset_halt(struct target *target)
709 {
710 int retval = ERROR_OK;
711 struct arm920t_common *arm920t = target_to_arm920(target);
712 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
713 struct arm *armv4_5 = &arm7_9->armv4_5_common;
714 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
715
716 if ((retval = target_halt(target)) != ERROR_OK)
717 {
718 return retval;
719 }
720
721 long long then = timeval_ms();
722 int timeout;
723 while (!(timeout = ((timeval_ms()-then) > 1000)))
724 {
725 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
726 == 0)
727 {
728 embeddedice_read_reg(dbg_stat);
729 if ((retval = jtag_execute_queue()) != ERROR_OK)
730 {
731 return retval;
732 }
733 } else
734 {
735 break;
736 }
737 if (debug_level >= 3)
738 {
739 /* do not eat all CPU, time out after 1 se*/
740 alive_sleep(100);
741 } else
742 {
743 keep_alive();
744 }
745 }
746 if (timeout)
747 {
748 LOG_ERROR("Failed to halt CPU after 1 sec");
749 return ERROR_TARGET_TIMEOUT;
750 }
751
752 target->state = TARGET_HALTED;
753
754 /* SVC, ARM state, IRQ and FIQ disabled */
755 uint32_t cpsr;
756
757 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
758 cpsr &= ~0xff;
759 cpsr |= 0xd3;
760 arm_set_cpsr(armv4_5, cpsr);
761 armv4_5->cpsr->dirty = 1;
762
763 /* start fetching from 0x0 */
764 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
765 armv4_5->pc->dirty = 1;
766 armv4_5->pc->valid = 1;
767
768 arm920t_disable_mmu_caches(target, 1, 1, 1);
769 arm920t->armv4_5_mmu.mmu_enabled = 0;
770 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
771 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
772
773 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
774 }
775
776 /* FIXME remove forward decls */
777 static int arm920t_mrc(struct target *target, int cpnum,
778 uint32_t op1, uint32_t op2,
779 uint32_t CRn, uint32_t CRm,
780 uint32_t *value);
781 static int arm920t_mcr(struct target *target, int cpnum,
782 uint32_t op1, uint32_t op2,
783 uint32_t CRn, uint32_t CRm,
784 uint32_t value);
785
786 static int arm920t_init_arch_info(struct target *target,
787 struct arm920t_common *arm920t, struct jtag_tap *tap)
788 {
789 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
790
791 arm7_9->armv4_5_common.mrc = arm920t_mrc;
792 arm7_9->armv4_5_common.mcr = arm920t_mcr;
793
794 /* initialize arm7/arm9 specific info (including armv4_5) */
795 arm9tdmi_init_arch_info(target, arm7_9, tap);
796
797 arm920t->common_magic = ARM920T_COMMON_MAGIC;
798
799 arm7_9->post_debug_entry = arm920t_post_debug_entry;
800 arm7_9->pre_restore_context = arm920t_pre_restore_context;
801
802 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
803 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
804 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
805 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
806 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
807 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
808 arm920t->armv4_5_mmu.has_tiny_pages = 1;
809 arm920t->armv4_5_mmu.mmu_enabled = 0;
810
811 /* disabling linefills leads to lockups, so keep them enabled for now
812 * this doesn't affect correctness, but might affect timing issues, if
813 * important data is evicted from the cache during the debug session
814 * */
815 arm920t->preserve_cache = 0;
816
817 /* override hw single-step capability from ARM9TDMI */
818 arm7_9->has_single_step = 1;
819
820 return ERROR_OK;
821 }
822
823 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
824 {
825 struct arm920t_common *arm920t;
826
827 arm920t = calloc(1,sizeof(struct arm920t_common));
828 return arm920t_init_arch_info(target, arm920t, target->tap);
829 }
830
831 COMMAND_HANDLER(arm920t_handle_read_cache_command)
832 {
833 int retval = ERROR_OK;
834 struct target *target = get_current_target(CMD_CTX);
835 struct arm920t_common *arm920t = target_to_arm920(target);
836 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
837 struct arm *armv4_5 = &arm7_9->armv4_5_common;
838 uint32_t cp15c15;
839 uint32_t cp15_ctrl, cp15_ctrl_saved;
840 uint32_t regs[16];
841 uint32_t *regs_p[16];
842 uint32_t C15_C_D_Ind, C15_C_I_Ind;
843 int i;
844 FILE *output;
845 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
846 int segment, index_t;
847 struct reg *r;
848
849 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
850 if (retval != ERROR_OK)
851 return retval;
852
853 if (CMD_ARGC != 1)
854 {
855 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
856 return ERROR_OK;
857 }
858
859 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
860 {
861 LOG_DEBUG("error opening cache content file");
862 return ERROR_OK;
863 }
864
865 for (i = 0; i < 16; i++)
866 regs_p[i] = &regs[i];
867
868 /* disable MMU and Caches */
869 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
870 if ((retval = jtag_execute_queue()) != ERROR_OK)
871 {
872 return retval;
873 }
874 cp15_ctrl_saved = cp15_ctrl;
875 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
876 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
877 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
878
879 /* read CP15 test state register */
880 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
881 jtag_execute_queue();
882
883 /* read DCache content */
884 fprintf(output, "DCache:\n");
885
886 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
887 for (segment = 0;
888 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
889 segment++)
890 {
891 fprintf(output, "\nsegment: %i\n----------", segment);
892
893 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
894 regs[0] = 0x0 | (segment << 5);
895 arm9tdmi_write_core_regs(target, 0x1, regs);
896
897 /* set interpret mode */
898 cp15c15 |= 0x1;
899 arm920t_write_cp15_physical(target,
900 CP15PHYS_TESTSTATE, cp15c15);
901
902 /* D CAM Read, loads current victim into C15.C.D.Ind */
903 arm920t_execute_cp15(target,
904 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
905
906 /* read current victim */
907 arm920t_read_cp15_physical(target,
908 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
909
910 /* clear interpret mode */
911 cp15c15 &= ~0x1;
912 arm920t_write_cp15_physical(target,
913 CP15PHYS_TESTSTATE, cp15c15);
914
915 for (index_t = 0; index_t < 64; index_t++)
916 {
917 /* Ra:
918 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
919 */
920 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
921 arm9tdmi_write_core_regs(target, 0x1, regs);
922
923 /* set interpret mode */
924 cp15c15 |= 0x1;
925 arm920t_write_cp15_physical(target,
926 CP15PHYS_TESTSTATE, cp15c15);
927
928 /* Write DCache victim */
929 arm920t_execute_cp15(target,
930 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
931
932 /* Read D RAM */
933 arm920t_execute_cp15(target,
934 ARMV4_5_MCR(15,2,0,15,10,2),
935 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
936
937 /* Read D CAM */
938 arm920t_execute_cp15(target,
939 ARMV4_5_MCR(15,2,0,15,6,2),
940 ARMV4_5_LDR(9, 0));
941
942 /* clear interpret mode */
943 cp15c15 &= ~0x1;
944 arm920t_write_cp15_physical(target,
945 CP15PHYS_TESTSTATE, cp15c15);
946
947 /* read D RAM and CAM content */
948 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
949 if ((retval = jtag_execute_queue()) != ERROR_OK)
950 {
951 return retval;
952 }
953
954 d_cache[segment][index_t].cam = regs[9];
955
956 /* mask LFSR[6] */
957 regs[9] &= 0xfffffffe;
958 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
959 PRIx32 ", content (%s):\n",
960 segment, index_t, regs[9],
961 (regs[9] & 0x10) ? "valid" : "invalid");
962
963 for (i = 1; i < 9; i++)
964 {
965 d_cache[segment][index_t].data[i] = regs[i];
966 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
967 i-1, regs[i]);
968 }
969
970 }
971
972 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
973 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
974 arm9tdmi_write_core_regs(target, 0x1, regs);
975
976 /* set interpret mode */
977 cp15c15 |= 0x1;
978 arm920t_write_cp15_physical(target,
979 CP15PHYS_TESTSTATE, cp15c15);
980
981 /* Write DCache victim */
982 arm920t_execute_cp15(target,
983 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
984
985 /* clear interpret mode */
986 cp15c15 &= ~0x1;
987 arm920t_write_cp15_physical(target,
988 CP15PHYS_TESTSTATE, cp15c15);
989 }
990
991 /* read ICache content */
992 fprintf(output, "ICache:\n");
993
994 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
995 for (segment = 0;
996 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
997 segment++)
998 {
999 fprintf(output, "segment: %i\n----------", segment);
1000
1001 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1002 regs[0] = 0x0 | (segment << 5);
1003 arm9tdmi_write_core_regs(target, 0x1, regs);
1004
1005 /* set interpret mode */
1006 cp15c15 |= 0x1;
1007 arm920t_write_cp15_physical(target,
1008 CP15PHYS_TESTSTATE, cp15c15);
1009
1010 /* I CAM Read, loads current victim into C15.C.I.Ind */
1011 arm920t_execute_cp15(target,
1012 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1013
1014 /* read current victim */
1015 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1016 &C15_C_I_Ind);
1017
1018 /* clear interpret mode */
1019 cp15c15 &= ~0x1;
1020 arm920t_write_cp15_physical(target,
1021 CP15PHYS_TESTSTATE, cp15c15);
1022
1023 for (index_t = 0; index_t < 64; index_t++)
1024 {
1025 /* Ra:
1026 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1027 */
1028 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1029 arm9tdmi_write_core_regs(target, 0x1, regs);
1030
1031 /* set interpret mode */
1032 cp15c15 |= 0x1;
1033 arm920t_write_cp15_physical(target,
1034 CP15PHYS_TESTSTATE, cp15c15);
1035
1036 /* Write ICache victim */
1037 arm920t_execute_cp15(target,
1038 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1039
1040 /* Read I RAM */
1041 arm920t_execute_cp15(target,
1042 ARMV4_5_MCR(15,2,0,15,9,2),
1043 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1044
1045 /* Read I CAM */
1046 arm920t_execute_cp15(target,
1047 ARMV4_5_MCR(15,2,0,15,5,2),
1048 ARMV4_5_LDR(9, 0));
1049
1050 /* clear interpret mode */
1051 cp15c15 &= ~0x1;
1052 arm920t_write_cp15_physical(target,
1053 CP15PHYS_TESTSTATE, cp15c15);
1054
1055 /* read I RAM and CAM content */
1056 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1057 if ((retval = jtag_execute_queue()) != ERROR_OK)
1058 {
1059 return retval;
1060 }
1061
1062 i_cache[segment][index_t].cam = regs[9];
1063
1064 /* mask LFSR[6] */
1065 regs[9] &= 0xfffffffe;
1066 fprintf(output, "\nsegment: %i, index: %i, "
1067 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1068 segment, index_t, regs[9],
1069 (regs[9] & 0x10) ? "valid" : "invalid");
1070
1071 for (i = 1; i < 9; i++)
1072 {
1073 i_cache[segment][index_t].data[i] = regs[i];
1074 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1075 i-1, regs[i]);
1076 }
1077 }
1078
1079 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1080 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1081 arm9tdmi_write_core_regs(target, 0x1, regs);
1082
1083 /* set interpret mode */
1084 cp15c15 |= 0x1;
1085 arm920t_write_cp15_physical(target,
1086 CP15PHYS_TESTSTATE, cp15c15);
1087
1088 /* Write ICache victim */
1089 arm920t_execute_cp15(target,
1090 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1091
1092 /* clear interpret mode */
1093 cp15c15 &= ~0x1;
1094 arm920t_write_cp15_physical(target,
1095 CP15PHYS_TESTSTATE, cp15c15);
1096 }
1097
1098 /* restore CP15 MMU and Cache settings */
1099 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1100
1101 command_print(CMD_CTX, "cache content successfully output to %s",
1102 CMD_ARGV[0]);
1103
1104 fclose(output);
1105
1106 if (!is_arm_mode(armv4_5->core_mode))
1107 return ERROR_FAIL;
1108
1109 /* force writeback of the valid data */
1110 r = armv4_5->core_cache->reg_list;
1111 r[0].dirty = r[0].valid;
1112 r[1].dirty = r[1].valid;
1113 r[2].dirty = r[2].valid;
1114 r[3].dirty = r[3].valid;
1115 r[4].dirty = r[4].valid;
1116 r[5].dirty = r[5].valid;
1117 r[6].dirty = r[6].valid;
1118 r[7].dirty = r[7].valid;
1119
1120 r = arm_reg_current(armv4_5, 8);
1121 r->dirty = r->valid;
1122
1123 r = arm_reg_current(armv4_5, 9);
1124 r->dirty = r->valid;
1125
1126 return ERROR_OK;
1127 }
1128
1129 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1130 {
1131 int retval = ERROR_OK;
1132 struct target *target = get_current_target(CMD_CTX);
1133 struct arm920t_common *arm920t = target_to_arm920(target);
1134 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1135 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1136 uint32_t cp15c15;
1137 uint32_t cp15_ctrl, cp15_ctrl_saved;
1138 uint32_t regs[16];
1139 uint32_t *regs_p[16];
1140 int i;
1141 FILE *output;
1142 uint32_t Dlockdown, Ilockdown;
1143 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1144 int victim;
1145 struct reg *r;
1146
1147 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1148 if (retval != ERROR_OK)
1149 return retval;
1150
1151 if (CMD_ARGC != 1)
1152 {
1153 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1154 return ERROR_OK;
1155 }
1156
1157 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1158 {
1159 LOG_DEBUG("error opening mmu content file");
1160 return ERROR_OK;
1161 }
1162
1163 for (i = 0; i < 16; i++)
1164 regs_p[i] = &regs[i];
1165
1166 /* disable MMU and Caches */
1167 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1168 if ((retval = jtag_execute_queue()) != ERROR_OK)
1169 {
1170 return retval;
1171 }
1172 cp15_ctrl_saved = cp15_ctrl;
1173 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1174 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1175 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1176
1177 /* read CP15 test state register */
1178 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1179 if ((retval = jtag_execute_queue()) != ERROR_OK)
1180 {
1181 return retval;
1182 }
1183
1184 /* prepare reading D TLB content
1185 * */
1186
1187 /* set interpret mode */
1188 cp15c15 |= 0x1;
1189 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1190
1191 /* Read D TLB lockdown */
1192 arm920t_execute_cp15(target,
1193 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1194
1195 /* clear interpret mode */
1196 cp15c15 &= ~0x1;
1197 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1198
1199 /* read D TLB lockdown stored to r1 */
1200 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1201 if ((retval = jtag_execute_queue()) != ERROR_OK)
1202 {
1203 return retval;
1204 }
1205 Dlockdown = regs[1];
1206
1207 for (victim = 0; victim < 64; victim += 8)
1208 {
1209 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1210 * base remains unchanged, victim goes through entries 0 to 63
1211 */
1212 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1213 arm9tdmi_write_core_regs(target, 0x2, regs);
1214
1215 /* set interpret mode */
1216 cp15c15 |= 0x1;
1217 arm920t_write_cp15_physical(target,
1218 CP15PHYS_TESTSTATE, cp15c15);
1219
1220 /* Write D TLB lockdown */
1221 arm920t_execute_cp15(target,
1222 ARMV4_5_MCR(15,0,0,10,0,0),
1223 ARMV4_5_STR(1, 0));
1224
1225 /* Read D TLB CAM */
1226 arm920t_execute_cp15(target,
1227 ARMV4_5_MCR(15,4,0,15,6,4),
1228 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1229
1230 /* clear interpret mode */
1231 cp15c15 &= ~0x1;
1232 arm920t_write_cp15_physical(target,
1233 CP15PHYS_TESTSTATE, cp15c15);
1234
1235 /* read D TLB CAM content stored to r2-r9 */
1236 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1237 if ((retval = jtag_execute_queue()) != ERROR_OK)
1238 {
1239 return retval;
1240 }
1241
1242 for (i = 0; i < 8; i++)
1243 d_tlb[victim + i].cam = regs[i + 2];
1244 }
1245
1246 for (victim = 0; victim < 64; victim++)
1247 {
1248 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1249 * base remains unchanged, victim goes through entries 0 to 63
1250 */
1251 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1252 arm9tdmi_write_core_regs(target, 0x2, regs);
1253
1254 /* set interpret mode */
1255 cp15c15 |= 0x1;
1256 arm920t_write_cp15_physical(target,
1257 CP15PHYS_TESTSTATE, cp15c15);
1258
1259 /* Write D TLB lockdown */
1260 arm920t_execute_cp15(target,
1261 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1262
1263 /* Read D TLB RAM1 */
1264 arm920t_execute_cp15(target,
1265 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1266
1267 /* Read D TLB RAM2 */
1268 arm920t_execute_cp15(target,
1269 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1270
1271 /* clear interpret mode */
1272 cp15c15 &= ~0x1;
1273 arm920t_write_cp15_physical(target,
1274 CP15PHYS_TESTSTATE, cp15c15);
1275
1276 /* read D TLB RAM content stored to r2 and r3 */
1277 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1278 if ((retval = jtag_execute_queue()) != ERROR_OK)
1279 {
1280 return retval;
1281 }
1282
1283 d_tlb[victim].ram1 = regs[2];
1284 d_tlb[victim].ram2 = regs[3];
1285 }
1286
1287 /* restore D TLB lockdown */
1288 regs[1] = Dlockdown;
1289 arm9tdmi_write_core_regs(target, 0x2, regs);
1290
1291 /* Write D TLB lockdown */
1292 arm920t_execute_cp15(target,
1293 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1294
1295 /* prepare reading I TLB content
1296 * */
1297
1298 /* set interpret mode */
1299 cp15c15 |= 0x1;
1300 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1301
1302 /* Read I TLB lockdown */
1303 arm920t_execute_cp15(target,
1304 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1305
1306 /* clear interpret mode */
1307 cp15c15 &= ~0x1;
1308 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1309
1310 /* read I TLB lockdown stored to r1 */
1311 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1312 if ((retval = jtag_execute_queue()) != ERROR_OK)
1313 {
1314 return retval;
1315 }
1316 Ilockdown = regs[1];
1317
1318 for (victim = 0; victim < 64; victim += 8)
1319 {
1320 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1321 * base remains unchanged, victim goes through entries 0 to 63
1322 */
1323 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1324 arm9tdmi_write_core_regs(target, 0x2, regs);
1325
1326 /* set interpret mode */
1327 cp15c15 |= 0x1;
1328 arm920t_write_cp15_physical(target,
1329 CP15PHYS_TESTSTATE, cp15c15);
1330
1331 /* Write I TLB lockdown */
1332 arm920t_execute_cp15(target,
1333 ARMV4_5_MCR(15,0,0,10,0,1),
1334 ARMV4_5_STR(1, 0));
1335
1336 /* Read I TLB CAM */
1337 arm920t_execute_cp15(target,
1338 ARMV4_5_MCR(15,4,0,15,5,4),
1339 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1340
1341 /* clear interpret mode */
1342 cp15c15 &= ~0x1;
1343 arm920t_write_cp15_physical(target,
1344 CP15PHYS_TESTSTATE, cp15c15);
1345
1346 /* read I TLB CAM content stored to r2-r9 */
1347 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1348 if ((retval = jtag_execute_queue()) != ERROR_OK)
1349 {
1350 return retval;
1351 }
1352
1353 for (i = 0; i < 8; i++)
1354 i_tlb[i + victim].cam = regs[i + 2];
1355 }
1356
1357 for (victim = 0; victim < 64; victim++)
1358 {
1359 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1360 * base remains unchanged, victim goes through entries 0 to 63
1361 */
1362 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1363 arm9tdmi_write_core_regs(target, 0x2, regs);
1364
1365 /* set interpret mode */
1366 cp15c15 |= 0x1;
1367 arm920t_write_cp15_physical(target,
1368 CP15PHYS_TESTSTATE, cp15c15);
1369
1370 /* Write I TLB lockdown */
1371 arm920t_execute_cp15(target,
1372 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1373
1374 /* Read I TLB RAM1 */
1375 arm920t_execute_cp15(target,
1376 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1377
1378 /* Read I TLB RAM2 */
1379 arm920t_execute_cp15(target,
1380 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1381
1382 /* clear interpret mode */
1383 cp15c15 &= ~0x1;
1384 arm920t_write_cp15_physical(target,
1385 CP15PHYS_TESTSTATE, cp15c15);
1386
1387 /* read I TLB RAM content stored to r2 and r3 */
1388 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1389 if ((retval = jtag_execute_queue()) != ERROR_OK)
1390 {
1391 return retval;
1392 }
1393
1394 i_tlb[victim].ram1 = regs[2];
1395 i_tlb[victim].ram2 = regs[3];
1396 }
1397
1398 /* restore I TLB lockdown */
1399 regs[1] = Ilockdown;
1400 arm9tdmi_write_core_regs(target, 0x2, regs);
1401
1402 /* Write I TLB lockdown */
1403 arm920t_execute_cp15(target,
1404 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1405
1406 /* restore CP15 MMU and Cache settings */
1407 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1408
1409 /* output data to file */
1410 fprintf(output, "D TLB content:\n");
1411 for (i = 0; i < 64; i++)
1412 {
1413 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1414 " 0x%8.8" PRIx32 " %s\n",
1415 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1416 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1417 }
1418
1419 fprintf(output, "\n\nI TLB content:\n");
1420 for (i = 0; i < 64; i++)
1421 {
1422 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1423 " 0x%8.8" PRIx32 " %s\n",
1424 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1425 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1426 }
1427
1428 command_print(CMD_CTX, "mmu content successfully output to %s",
1429 CMD_ARGV[0]);
1430
1431 fclose(output);
1432
1433 if (!is_arm_mode(armv4_5->core_mode))
1434 return ERROR_FAIL;
1435
1436 /* force writeback of the valid data */
1437 r = armv4_5->core_cache->reg_list;
1438 r[0].dirty = r[0].valid;
1439 r[1].dirty = r[1].valid;
1440 r[2].dirty = r[2].valid;
1441 r[3].dirty = r[3].valid;
1442 r[4].dirty = r[4].valid;
1443 r[5].dirty = r[5].valid;
1444 r[6].dirty = r[6].valid;
1445 r[7].dirty = r[7].valid;
1446
1447 r = arm_reg_current(armv4_5, 8);
1448 r->dirty = r->valid;
1449
1450 r = arm_reg_current(armv4_5, 9);
1451 r->dirty = r->valid;
1452
1453 return ERROR_OK;
1454 }
1455
1456 COMMAND_HANDLER(arm920t_handle_cp15_command)
1457 {
1458 int retval;
1459 struct target *target = get_current_target(CMD_CTX);
1460 struct arm920t_common *arm920t = target_to_arm920(target);
1461
1462 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1463 if (retval != ERROR_OK)
1464 return retval;
1465
1466 if (target->state != TARGET_HALTED)
1467 {
1468 command_print(CMD_CTX, "target must be stopped for "
1469 "\"%s\" command", CMD_NAME);
1470 return ERROR_OK;
1471 }
1472
1473 /* one argument, read a register.
1474 * two arguments, write it.
1475 */
1476 if (CMD_ARGC >= 1)
1477 {
1478 int address;
1479 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1480
1481 if (CMD_ARGC == 1)
1482 {
1483 uint32_t value;
1484 if ((retval = arm920t_read_cp15_physical(target,
1485 address, &value)) != ERROR_OK)
1486 {
1487 command_print(CMD_CTX,
1488 "couldn't access reg %i", address);
1489 return ERROR_OK;
1490 }
1491 if ((retval = jtag_execute_queue()) != ERROR_OK)
1492 {
1493 return retval;
1494 }
1495
1496 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1497 address, value);
1498 }
1499 else if (CMD_ARGC == 2)
1500 {
1501 uint32_t value;
1502 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1503 retval = arm920t_write_cp15_physical(target,
1504 address, value);
1505 if (retval != ERROR_OK)
1506 {
1507 command_print(CMD_CTX,
1508 "couldn't access reg %i", address);
1509 /* REVISIT why lie? "return retval"? */
1510 return ERROR_OK;
1511 }
1512 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1513 address, value);
1514 }
1515 }
1516
1517 return ERROR_OK;
1518 }
1519
1520 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1521 {
1522 int retval;
1523 struct target *target = get_current_target(CMD_CTX);
1524 struct arm920t_common *arm920t = target_to_arm920(target);
1525
1526 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1527 if (retval != ERROR_OK)
1528 return retval;
1529
1530
1531 if (target->state != TARGET_HALTED)
1532 {
1533 command_print(CMD_CTX, "target must be stopped for "
1534 "\"%s\" command", CMD_NAME);
1535 return ERROR_OK;
1536 }
1537
1538 /* one argument, read a register.
1539 * two arguments, write it.
1540 */
1541 if (CMD_ARGC >= 1)
1542 {
1543 uint32_t opcode;
1544 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1545
1546 if (CMD_ARGC == 1)
1547 {
1548 uint32_t value;
1549 retval = arm920t_read_cp15_interpreted(target,
1550 opcode, 0x0, &value);
1551 if (retval != ERROR_OK)
1552 {
1553 command_print(CMD_CTX,
1554 "couldn't execute %8.8" PRIx32,
1555 opcode);
1556 /* REVISIT why lie? "return retval"? */
1557 return ERROR_OK;
1558 }
1559
1560 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1561 opcode, value);
1562 }
1563 else if (CMD_ARGC == 2)
1564 {
1565 uint32_t value;
1566 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1567 retval = arm920t_write_cp15_interpreted(target,
1568 opcode, value, 0);
1569 if (retval != ERROR_OK)
1570 {
1571 command_print(CMD_CTX,
1572 "couldn't execute %8.8" PRIx32,
1573 opcode);
1574 /* REVISIT why lie? "return retval"? */
1575 return ERROR_OK;
1576 }
1577 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1578 opcode, value);
1579 }
1580 else if (CMD_ARGC == 3)
1581 {
1582 uint32_t value;
1583 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1584 uint32_t address;
1585 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1586 retval = arm920t_write_cp15_interpreted(target,
1587 opcode, value, address);
1588 if (retval != ERROR_OK)
1589 {
1590 command_print(CMD_CTX,
1591 "couldn't execute %8.8" PRIx32, opcode);
1592 /* REVISIT why lie? "return retval"? */
1593 return ERROR_OK;
1594 }
1595 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1596 " %8.8" PRIx32, opcode, value, address);
1597 }
1598 }
1599 else
1600 {
1601 command_print(CMD_CTX,
1602 "usage: arm920t cp15i <opcode> [value] [address]");
1603 }
1604
1605 return ERROR_OK;
1606 }
1607
1608 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1609 {
1610 int retval;
1611 struct target *target = get_current_target(CMD_CTX);
1612 struct arm920t_common *arm920t = target_to_arm920(target);
1613
1614 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1615 if (retval != ERROR_OK)
1616 return retval;
1617
1618 return armv4_5_handle_cache_info_command(CMD_CTX,
1619 &arm920t->armv4_5_mmu.armv4_5_cache);
1620 }
1621
1622
1623 static int arm920t_mrc(struct target *target, int cpnum,
1624 uint32_t op1, uint32_t op2,
1625 uint32_t CRn, uint32_t CRm,
1626 uint32_t *value)
1627 {
1628 if (cpnum!=15)
1629 {
1630 LOG_ERROR("Only cp15 is supported");
1631 return ERROR_FAIL;
1632 }
1633
1634 /* read "to" r0 */
1635 return arm920t_read_cp15_interpreted(target,
1636 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1637 0, value);
1638 }
1639
1640 static int arm920t_mcr(struct target *target, int cpnum,
1641 uint32_t op1, uint32_t op2,
1642 uint32_t CRn, uint32_t CRm,
1643 uint32_t value)
1644 {
1645 if (cpnum!=15)
1646 {
1647 LOG_ERROR("Only cp15 is supported");
1648 return ERROR_FAIL;
1649 }
1650
1651 /* write "from" r0 */
1652 return arm920t_write_cp15_interpreted(target,
1653 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1654 0, value);
1655 }
1656
1657 static const struct command_registration arm920t_exec_command_handlers[] = {
1658 {
1659 .name = "cp15",
1660 .handler = arm920t_handle_cp15_command,
1661 .mode = COMMAND_EXEC,
1662 .help = "display/modify cp15 register",
1663 .usage = "regnum [value]",
1664 },
1665 {
1666 .name = "cp15i",
1667 .handler = arm920t_handle_cp15i_command,
1668 .mode = COMMAND_EXEC,
1669 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1670 .help = "display/modify cp15 register using ARM opcode"
1671 " (DEPRECATED)",
1672 .usage = "instruction [value [address]]",
1673 },
1674 {
1675 .name = "cache_info",
1676 .handler = arm920t_handle_cache_info_command,
1677 .mode = COMMAND_EXEC,
1678 .help = "display information about target caches",
1679 },
1680 {
1681 .name = "read_cache",
1682 .handler = arm920t_handle_read_cache_command,
1683 .mode = COMMAND_EXEC,
1684 .help = "dump I/D cache content to file",
1685 .usage = "filename",
1686 },
1687 {
1688 .name = "read_mmu",
1689 .handler = arm920t_handle_read_mmu_command,
1690 .mode = COMMAND_EXEC,
1691 .help = "dump I/D mmu content to file",
1692 .usage = "filename",
1693 },
1694 COMMAND_REGISTRATION_DONE
1695 };
1696 const struct command_registration arm920t_command_handlers[] = {
1697 {
1698 .chain = arm9tdmi_command_handlers,
1699 },
1700 {
1701 .name = "arm920t",
1702 .mode = COMMAND_ANY,
1703 .help = "arm920t command group",
1704 .chain = arm920t_exec_command_handlers,
1705 },
1706 COMMAND_REGISTRATION_DONE
1707 };
1708
1709 /** Holds methods for ARM920 targets. */
1710 struct target_type arm920t_target =
1711 {
1712 .name = "arm920t",
1713
1714 .poll = arm7_9_poll,
1715 .arch_state = arm920t_arch_state,
1716
1717 .target_request_data = arm7_9_target_request_data,
1718
1719 .halt = arm7_9_halt,
1720 .resume = arm7_9_resume,
1721 .step = arm7_9_step,
1722
1723 .assert_reset = arm7_9_assert_reset,
1724 .deassert_reset = arm7_9_deassert_reset,
1725 .soft_reset_halt = arm920t_soft_reset_halt,
1726
1727 .get_gdb_reg_list = arm_get_gdb_reg_list,
1728
1729 .read_memory = arm920t_read_memory,
1730 .write_memory = arm920t_write_memory,
1731 .read_phys_memory = arm920t_read_phys_memory,
1732 .write_phys_memory = arm920t_write_phys_memory,
1733 .mmu = arm920_mmu,
1734 .virt2phys = arm920_virt2phys,
1735
1736 .bulk_write_memory = arm7_9_bulk_write_memory,
1737
1738 .checksum_memory = arm_checksum_memory,
1739 .blank_check_memory = arm_blank_check_memory,
1740
1741 .run_algorithm = armv4_5_run_algorithm,
1742
1743 .add_breakpoint = arm7_9_add_breakpoint,
1744 .remove_breakpoint = arm7_9_remove_breakpoint,
1745 .add_watchpoint = arm7_9_add_watchpoint,
1746 .remove_watchpoint = arm7_9_remove_watchpoint,
1747
1748 .commands = arm920t_command_handlers,
1749 .target_create = arm920t_target_create,
1750 .init_target = arm9tdmi_init_target,
1751 .examine = arm7_9_examine,
1752 .check_reset = arm7_9_check_reset,
1753 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)