Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
TARGET: removed unsed parameter
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
95 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
96
97 fields[0].num_bits = 1;
98 fields[0].out_value = &access_type_buf;
99 fields[0].in_value = NULL;
100
101 fields[1].num_bits = 32;
102 fields[1].out_value = NULL;
103 fields[1].in_value = NULL;
104
105 fields[2].num_bits = 6;
106 fields[2].out_value = &reg_addr_buf;
107 fields[2].in_value = NULL;
108
109 fields[3].num_bits = 1;
110 fields[3].out_value = &nr_w_buf;
111 fields[3].in_value = NULL;
112
113 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
114
115 fields[1].in_value = (uint8_t *)value;
116
117 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
118
119 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
120
121 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
122 jtag_execute_queue();
123 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
124 #endif
125
126 return ERROR_OK;
127 }
128
129 static int arm920t_write_cp15_physical(struct target *target,
130 int reg_addr, uint32_t value)
131 {
132 struct arm920t_common *arm920t = target_to_arm920(target);
133 struct arm_jtag *jtag_info;
134 struct scan_field fields[4];
135 uint8_t access_type_buf = 1;
136 uint8_t reg_addr_buf = reg_addr & 0x3f;
137 uint8_t nr_w_buf = 1;
138 uint8_t value_buf[4];
139
140 jtag_info = &arm920t->arm7_9_common.jtag_info;
141
142 buf_set_u32(value_buf, 0, 32, value);
143
144 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
145 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
146
147 fields[0].num_bits = 1;
148 fields[0].out_value = &access_type_buf;
149 fields[0].in_value = NULL;
150
151 fields[1].num_bits = 32;
152 fields[1].out_value = value_buf;
153 fields[1].in_value = NULL;
154
155 fields[2].num_bits = 6;
156 fields[2].out_value = &reg_addr_buf;
157 fields[2].in_value = NULL;
158
159 fields[3].num_bits = 1;
160 fields[3].out_value = &nr_w_buf;
161 fields[3].in_value = NULL;
162
163 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
164
165 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
166 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
167 #endif
168
169 return ERROR_OK;
170 }
171
172 /* See table 9-10 for scan chain 15 format during interpreted access mode.
173 * If the TESTSTATE register is set for interpreted access, certain CP15
174 * MRC and MCR instructions may be executed through scan chain 15.
175 *
176 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
177 * executed using scan chain 15 interpreted mode.
178 */
179 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
180 uint32_t arm_opcode)
181 {
182 int retval;
183 struct arm920t_common *arm920t = target_to_arm920(target);
184 struct arm_jtag *jtag_info;
185 struct scan_field fields[4];
186 uint8_t access_type_buf = 0; /* interpreted access */
187 uint8_t reg_addr_buf = 0x0;
188 uint8_t nr_w_buf = 0;
189 uint8_t cp15_opcode_buf[4];
190
191 jtag_info = &arm920t->arm7_9_common.jtag_info;
192
193 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
194 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
195
196 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
197
198 fields[0].num_bits = 1;
199 fields[0].out_value = &access_type_buf;
200 fields[0].in_value = NULL;
201
202 fields[1].num_bits = 32;
203 fields[1].out_value = cp15_opcode_buf;
204 fields[1].in_value = NULL;
205
206 fields[2].num_bits = 6;
207 fields[2].out_value = &reg_addr_buf;
208 fields[2].in_value = NULL;
209
210 fields[3].num_bits = 1;
211 fields[3].out_value = &nr_w_buf;
212 fields[3].in_value = NULL;
213
214 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
215
216 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
217 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
218 retval = arm7_9_execute_sys_speed(target);
219 if (retval != ERROR_OK)
220 return retval;
221
222 if ((retval = jtag_execute_queue()) != ERROR_OK)
223 {
224 LOG_ERROR("failed executing JTAG queue");
225 return retval;
226 }
227
228 return ERROR_OK;
229 }
230
231 static int arm920t_read_cp15_interpreted(struct target *target,
232 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
233 {
234 struct arm *armv4_5 = target_to_arm(target);
235 uint32_t* regs_p[1];
236 uint32_t regs[2];
237 uint32_t cp15c15 = 0x0;
238 struct reg *r = armv4_5->core_cache->reg_list;
239
240 /* load address into R1 */
241 regs[1] = address;
242 arm9tdmi_write_core_regs(target, 0x2, regs);
243
244 /* read-modify-write CP15 test state register
245 * to enable interpreted access mode */
246 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
247 jtag_execute_queue();
248 cp15c15 |= 1; /* set interpret mode */
249 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
250
251 /* execute CP15 instruction and ARM load (reading from coprocessor) */
252 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
253
254 /* disable interpreted access mode */
255 cp15c15 &= ~1U; /* clear interpret mode */
256 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
257
258 /* retrieve value from R0 */
259 regs_p[0] = value;
260 arm9tdmi_read_core_regs(target, 0x1, regs_p);
261 jtag_execute_queue();
262
263 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
264 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
265 cp15_opcode, address, *value);
266 #endif
267
268 if (!is_arm_mode(armv4_5->core_mode))
269 return ERROR_FAIL;
270
271 r[0].dirty = 1;
272 r[1].dirty = 1;
273
274 return ERROR_OK;
275 }
276
277 static
278 int arm920t_write_cp15_interpreted(struct target *target,
279 uint32_t cp15_opcode, uint32_t value, uint32_t address)
280 {
281 uint32_t cp15c15 = 0x0;
282 struct arm *armv4_5 = target_to_arm(target);
283 uint32_t regs[2];
284 struct reg *r = armv4_5->core_cache->reg_list;
285
286 /* load value, address into R0, R1 */
287 regs[0] = value;
288 regs[1] = address;
289 arm9tdmi_write_core_regs(target, 0x3, regs);
290
291 /* read-modify-write CP15 test state register
292 * to enable interpreted access mode */
293 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
294 jtag_execute_queue();
295 cp15c15 |= 1; /* set interpret mode */
296 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
297
298 /* execute CP15 instruction and ARM store (writing to coprocessor) */
299 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
300
301 /* disable interpreted access mode */
302 cp15c15 &= ~1U; /* set interpret mode */
303 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
304
305 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
306 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
307 cp15_opcode, value, address);
308 #endif
309
310 if (!is_arm_mode(armv4_5->core_mode))
311 return ERROR_FAIL;
312
313 r[0].dirty = 1;
314 r[1].dirty = 1;
315
316 return ERROR_OK;
317 }
318
319 // EXPORTED to FA256
320 uint32_t arm920t_get_ttb(struct target *target)
321 {
322 int retval;
323 uint32_t ttb = 0x0;
324
325 if ((retval = arm920t_read_cp15_interpreted(target,
326 /* FIXME use opcode macro */
327 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
328 return retval;
329
330 return ttb;
331 }
332
333 // EXPORTED to FA256
334 void arm920t_disable_mmu_caches(struct target *target, int mmu,
335 int d_u_cache, int i_cache)
336 {
337 uint32_t cp15_control;
338
339 /* read cp15 control register */
340 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
341 jtag_execute_queue();
342
343 if (mmu)
344 cp15_control &= ~0x1U;
345
346 if (d_u_cache)
347 cp15_control &= ~0x4U;
348
349 if (i_cache)
350 cp15_control &= ~0x1000U;
351
352 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
353 }
354
355 // EXPORTED to FA256
356 void arm920t_enable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360
361 /* read cp15 control register */
362 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
363 jtag_execute_queue();
364
365 if (mmu)
366 cp15_control |= 0x1U;
367
368 if (d_u_cache)
369 cp15_control |= 0x4U;
370
371 if (i_cache)
372 cp15_control |= 0x1000U;
373
374 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
375 }
376
377 // EXPORTED to FA256
378 void arm920t_post_debug_entry(struct target *target)
379 {
380 uint32_t cp15c15;
381 struct arm920t_common *arm920t = target_to_arm920(target);
382
383 /* examine cp15 control reg */
384 arm920t_read_cp15_physical(target,
385 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
386 jtag_execute_queue();
387 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
388
389 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
390 {
391 uint32_t cache_type_reg;
392 /* identify caches */
393 arm920t_read_cp15_physical(target,
394 CP15PHYS_CACHETYPE, &cache_type_reg);
395 jtag_execute_queue();
396 armv4_5_identify_cache(cache_type_reg,
397 &arm920t->armv4_5_mmu.armv4_5_cache);
398 }
399
400 arm920t->armv4_5_mmu.mmu_enabled =
401 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
402 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
403 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
404 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
405 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
406
407 /* save i/d fault status and address register */
408 /* FIXME use opcode macros */
409 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
410 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
411 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
412 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
413
414 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
415 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
416 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
417
418 if (arm920t->preserve_cache)
419 {
420 /* read-modify-write CP15 test state register
421 * to disable I/D-cache linefills */
422 arm920t_read_cp15_physical(target,
423 CP15PHYS_TESTSTATE, &cp15c15);
424 jtag_execute_queue();
425 cp15c15 |= 0x600;
426 arm920t_write_cp15_physical(target,
427 CP15PHYS_TESTSTATE, cp15c15);
428 }
429 }
430
431 // EXPORTED to FA256
432 void arm920t_pre_restore_context(struct target *target)
433 {
434 uint32_t cp15c15;
435 struct arm920t_common *arm920t = target_to_arm920(target);
436
437 /* restore i/d fault status and address register */
438 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
439 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
440 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
441 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
442
443 /* read-modify-write CP15 test state register
444 * to reenable I/D-cache linefills */
445 if (arm920t->preserve_cache)
446 {
447 arm920t_read_cp15_physical(target,
448 CP15PHYS_TESTSTATE, &cp15c15);
449 jtag_execute_queue();
450 cp15c15 &= ~0x600U;
451 arm920t_write_cp15_physical(target,
452 CP15PHYS_TESTSTATE, cp15c15);
453 }
454 }
455
456 static const char arm920_not[] = "target is not an ARM920";
457
458 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
459 struct arm920t_common *arm920t)
460 {
461 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
462 command_print(cmd_ctx, arm920_not);
463 return ERROR_TARGET_INVALID;
464 }
465
466 return ERROR_OK;
467 }
468
469 /** Logs summary of ARM920 state for a halted target. */
470 int arm920t_arch_state(struct target *target)
471 {
472 static const char *state[] =
473 {
474 "disabled", "enabled"
475 };
476
477 struct arm920t_common *arm920t = target_to_arm920(target);
478 struct arm *armv4_5;
479
480 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
481 {
482 LOG_ERROR("BUG: %s", arm920_not);
483 return ERROR_TARGET_INVALID;
484 }
485
486 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
487
488 arm_arch_state(target);
489 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
490 state[arm920t->armv4_5_mmu.mmu_enabled],
491 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
492 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
493
494 return ERROR_OK;
495 }
496
497 static int arm920_mmu(struct target *target, int *enabled)
498 {
499 if (target->state != TARGET_HALTED) {
500 LOG_ERROR("%s: target not halted", __func__);
501 return ERROR_TARGET_INVALID;
502 }
503
504 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
505 return ERROR_OK;
506 }
507
508 static int arm920_virt2phys(struct target *target,
509 uint32_t virt, uint32_t *phys)
510 {
511 uint32_t cb;
512 int domain;
513 uint32_t ap;
514 struct arm920t_common *arm920t = target_to_arm920(target);
515
516 uint32_t ret;
517 int retval = armv4_5_mmu_translate_va(target,
518 &arm920t->armv4_5_mmu, virt, &cb, &domain, &ap, &ret);
519 if (retval != ERROR_OK)
520 return retval;
521 *phys = ret;
522 return ERROR_OK;
523 }
524
525 /** Reads a buffer, in the specified word size, with current MMU settings. */
526 int arm920t_read_memory(struct target *target, uint32_t address,
527 uint32_t size, uint32_t count, uint8_t *buffer)
528 {
529 int retval;
530
531 retval = arm7_9_read_memory(target, address, size, count, buffer);
532
533 return retval;
534 }
535
536
537 static int arm920t_read_phys_memory(struct target *target,
538 uint32_t address, uint32_t size,
539 uint32_t count, uint8_t *buffer)
540 {
541 struct arm920t_common *arm920t = target_to_arm920(target);
542
543 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
544 address, size, count, buffer);
545 }
546
547 static int arm920t_write_phys_memory(struct target *target,
548 uint32_t address, uint32_t size,
549 uint32_t count, uint8_t *buffer)
550 {
551 struct arm920t_common *arm920t = target_to_arm920(target);
552
553 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
554 address, size, count, buffer);
555 }
556
557
558 /** Writes a buffer, in the specified word size, with current MMU settings. */
559 int arm920t_write_memory(struct target *target, uint32_t address,
560 uint32_t size, uint32_t count, uint8_t *buffer)
561 {
562 int retval;
563 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
564 struct arm920t_common *arm920t = target_to_arm920(target);
565
566 /* FIX!!!! this should be cleaned up and made much more general. The
567 * plan is to write up and test on arm920t specifically and
568 * then generalize and clean up afterwards.
569 *
570 * Also it should be moved to the callbacks that handle breakpoints
571 * specifically and not the generic memory write fn's. See XScale code.
572 */
573 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
574 ((size==2) || (size==4)))
575 {
576 /* special case the handling of single word writes to
577 * bypass MMU, to allow implementation of breakpoints
578 * in memory marked read only
579 * by MMU
580 */
581 uint32_t cb;
582 int domain;
583 uint32_t ap;
584 uint32_t pa;
585
586 /*
587 * We need physical address and cb
588 */
589 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
590 address, &cb, &domain, &ap, &pa);
591 if (retval != ERROR_OK)
592 return retval;
593
594 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
595 {
596 if (cb & 0x1)
597 {
598 LOG_DEBUG("D-Cache buffered, "
599 "drain write buffer");
600 /*
601 * Buffered ?
602 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
603 */
604
605 retval = arm920t_write_cp15_interpreted(target,
606 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
607 0x0, 0);
608 if (retval != ERROR_OK)
609 return retval;
610 }
611
612 if (cb == 0x3)
613 {
614 /*
615 * Write back memory ? -> clean cache
616 *
617 * There is no way to clean cache lines using
618 * cp15 scan chain, so copy the full cache
619 * line from cache to physical memory.
620 */
621 uint8_t data[32];
622
623 LOG_DEBUG("D-Cache in 'write back' mode, "
624 "flush cache line");
625
626 retval = target_read_memory(target,
627 address & cache_mask, 1,
628 sizeof(data), &data[0]);
629 if (retval != ERROR_OK)
630 return retval;
631
632 retval = armv4_5_mmu_write_physical(target,
633 &arm920t->armv4_5_mmu,
634 pa & cache_mask, 1,
635 sizeof(data), &data[0]);
636 if (retval != ERROR_OK)
637 return retval;
638 }
639
640 /* Cached ? */
641 if (cb & 0x2)
642 {
643 /*
644 * Cached ? -> Invalidate data cache using MVA
645 *
646 * MCR p15,0,Rd,c7,c6,1
647 */
648 LOG_DEBUG("D-Cache enabled, "
649 "invalidate cache line");
650
651 retval = arm920t_write_cp15_interpreted(target,
652 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
653 address & cache_mask);
654 if (retval != ERROR_OK)
655 return retval;
656 }
657 }
658
659 /* write directly to physical memory,
660 * bypassing any read only MMU bits, etc.
661 */
662 retval = armv4_5_mmu_write_physical(target,
663 &arm920t->armv4_5_mmu, pa, size,
664 count, buffer);
665 if (retval != ERROR_OK)
666 return retval;
667 } else
668 {
669 if ((retval = arm7_9_write_memory(target, address,
670 size, count, buffer)) != ERROR_OK)
671 return retval;
672 }
673
674 /* If ICache is enabled, we have to invalidate affected ICache lines
675 * the DCache is forced to write-through,
676 * so we don't have to clean it here
677 */
678 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
679 {
680 if (count <= 1)
681 {
682 /* invalidate ICache single entry with MVA
683 * mcr 15, 0, r0, cr7, cr5, {1}
684 */
685 LOG_DEBUG("I-Cache enabled, "
686 "invalidating affected I-Cache line");
687 retval = arm920t_write_cp15_interpreted(target,
688 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
689 0x0, address & cache_mask);
690 if (retval != ERROR_OK)
691 return retval;
692 }
693 else
694 {
695 /* invalidate ICache
696 * mcr 15, 0, r0, cr7, cr5, {0}
697 */
698 retval = arm920t_write_cp15_interpreted(target,
699 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
700 0x0, 0x0);
701 if (retval != ERROR_OK)
702 return retval;
703 }
704 }
705
706 return ERROR_OK;
707 }
708
709 // EXPORTED to FA256
710 int arm920t_soft_reset_halt(struct target *target)
711 {
712 int retval = ERROR_OK;
713 struct arm920t_common *arm920t = target_to_arm920(target);
714 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
715 struct arm *armv4_5 = &arm7_9->armv4_5_common;
716 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
717
718 if ((retval = target_halt(target)) != ERROR_OK)
719 {
720 return retval;
721 }
722
723 long long then = timeval_ms();
724 int timeout;
725 while (!(timeout = ((timeval_ms()-then) > 1000)))
726 {
727 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
728 == 0)
729 {
730 embeddedice_read_reg(dbg_stat);
731 if ((retval = jtag_execute_queue()) != ERROR_OK)
732 {
733 return retval;
734 }
735 } else
736 {
737 break;
738 }
739 if (debug_level >= 3)
740 {
741 /* do not eat all CPU, time out after 1 se*/
742 alive_sleep(100);
743 } else
744 {
745 keep_alive();
746 }
747 }
748 if (timeout)
749 {
750 LOG_ERROR("Failed to halt CPU after 1 sec");
751 return ERROR_TARGET_TIMEOUT;
752 }
753
754 target->state = TARGET_HALTED;
755
756 /* SVC, ARM state, IRQ and FIQ disabled */
757 uint32_t cpsr;
758
759 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
760 cpsr &= ~0xff;
761 cpsr |= 0xd3;
762 arm_set_cpsr(armv4_5, cpsr);
763 armv4_5->cpsr->dirty = 1;
764
765 /* start fetching from 0x0 */
766 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
767 armv4_5->pc->dirty = 1;
768 armv4_5->pc->valid = 1;
769
770 arm920t_disable_mmu_caches(target, 1, 1, 1);
771 arm920t->armv4_5_mmu.mmu_enabled = 0;
772 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
773 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
774
775 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
776 }
777
778 /* FIXME remove forward decls */
779 static int arm920t_mrc(struct target *target, int cpnum,
780 uint32_t op1, uint32_t op2,
781 uint32_t CRn, uint32_t CRm,
782 uint32_t *value);
783 static int arm920t_mcr(struct target *target, int cpnum,
784 uint32_t op1, uint32_t op2,
785 uint32_t CRn, uint32_t CRm,
786 uint32_t value);
787
788 static int arm920t_init_arch_info(struct target *target,
789 struct arm920t_common *arm920t, struct jtag_tap *tap)
790 {
791 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
792
793 arm7_9->armv4_5_common.mrc = arm920t_mrc;
794 arm7_9->armv4_5_common.mcr = arm920t_mcr;
795
796 /* initialize arm7/arm9 specific info (including armv4_5) */
797 arm9tdmi_init_arch_info(target, arm7_9, tap);
798
799 arm920t->common_magic = ARM920T_COMMON_MAGIC;
800
801 arm7_9->post_debug_entry = arm920t_post_debug_entry;
802 arm7_9->pre_restore_context = arm920t_pre_restore_context;
803
804 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
805 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
806 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
807 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
808 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
809 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
810 arm920t->armv4_5_mmu.has_tiny_pages = 1;
811 arm920t->armv4_5_mmu.mmu_enabled = 0;
812
813 /* disabling linefills leads to lockups, so keep them enabled for now
814 * this doesn't affect correctness, but might affect timing issues, if
815 * important data is evicted from the cache during the debug session
816 * */
817 arm920t->preserve_cache = 0;
818
819 /* override hw single-step capability from ARM9TDMI */
820 arm7_9->has_single_step = 1;
821
822 return ERROR_OK;
823 }
824
825 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
826 {
827 struct arm920t_common *arm920t;
828
829 arm920t = calloc(1,sizeof(struct arm920t_common));
830 return arm920t_init_arch_info(target, arm920t, target->tap);
831 }
832
833 COMMAND_HANDLER(arm920t_handle_read_cache_command)
834 {
835 int retval = ERROR_OK;
836 struct target *target = get_current_target(CMD_CTX);
837 struct arm920t_common *arm920t = target_to_arm920(target);
838 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
839 struct arm *armv4_5 = &arm7_9->armv4_5_common;
840 uint32_t cp15c15;
841 uint32_t cp15_ctrl, cp15_ctrl_saved;
842 uint32_t regs[16];
843 uint32_t *regs_p[16];
844 uint32_t C15_C_D_Ind, C15_C_I_Ind;
845 int i;
846 FILE *output;
847 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
848 int segment, index;
849 struct reg *r;
850
851 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
852 if (retval != ERROR_OK)
853 return retval;
854
855 if (CMD_ARGC != 1)
856 {
857 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
858 return ERROR_OK;
859 }
860
861 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
862 {
863 LOG_DEBUG("error opening cache content file");
864 return ERROR_OK;
865 }
866
867 for (i = 0; i < 16; i++)
868 regs_p[i] = &regs[i];
869
870 /* disable MMU and Caches */
871 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
872 if ((retval = jtag_execute_queue()) != ERROR_OK)
873 {
874 return retval;
875 }
876 cp15_ctrl_saved = cp15_ctrl;
877 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
878 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
879 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
880
881 /* read CP15 test state register */
882 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
883 jtag_execute_queue();
884
885 /* read DCache content */
886 fprintf(output, "DCache:\n");
887
888 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
889 for (segment = 0;
890 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
891 segment++)
892 {
893 fprintf(output, "\nsegment: %i\n----------", segment);
894
895 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
896 regs[0] = 0x0 | (segment << 5);
897 arm9tdmi_write_core_regs(target, 0x1, regs);
898
899 /* set interpret mode */
900 cp15c15 |= 0x1;
901 arm920t_write_cp15_physical(target,
902 CP15PHYS_TESTSTATE, cp15c15);
903
904 /* D CAM Read, loads current victim into C15.C.D.Ind */
905 arm920t_execute_cp15(target,
906 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
907
908 /* read current victim */
909 arm920t_read_cp15_physical(target,
910 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
911
912 /* clear interpret mode */
913 cp15c15 &= ~0x1;
914 arm920t_write_cp15_physical(target,
915 CP15PHYS_TESTSTATE, cp15c15);
916
917 for (index = 0; index < 64; index++)
918 {
919 /* Ra:
920 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
921 */
922 regs[0] = 0x0 | (segment << 5) | (index << 26);
923 arm9tdmi_write_core_regs(target, 0x1, regs);
924
925 /* set interpret mode */
926 cp15c15 |= 0x1;
927 arm920t_write_cp15_physical(target,
928 CP15PHYS_TESTSTATE, cp15c15);
929
930 /* Write DCache victim */
931 arm920t_execute_cp15(target,
932 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
933
934 /* Read D RAM */
935 arm920t_execute_cp15(target,
936 ARMV4_5_MCR(15,2,0,15,10,2),
937 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
938
939 /* Read D CAM */
940 arm920t_execute_cp15(target,
941 ARMV4_5_MCR(15,2,0,15,6,2),
942 ARMV4_5_LDR(9, 0));
943
944 /* clear interpret mode */
945 cp15c15 &= ~0x1;
946 arm920t_write_cp15_physical(target,
947 CP15PHYS_TESTSTATE, cp15c15);
948
949 /* read D RAM and CAM content */
950 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
951 if ((retval = jtag_execute_queue()) != ERROR_OK)
952 {
953 return retval;
954 }
955
956 d_cache[segment][index].cam = regs[9];
957
958 /* mask LFSR[6] */
959 regs[9] &= 0xfffffffe;
960 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
961 PRIx32 ", content (%s):\n",
962 segment, index, regs[9],
963 (regs[9] & 0x10) ? "valid" : "invalid");
964
965 for (i = 1; i < 9; i++)
966 {
967 d_cache[segment][index].data[i] = regs[i];
968 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
969 i-1, regs[i]);
970 }
971
972 }
973
974 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
975 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
976 arm9tdmi_write_core_regs(target, 0x1, regs);
977
978 /* set interpret mode */
979 cp15c15 |= 0x1;
980 arm920t_write_cp15_physical(target,
981 CP15PHYS_TESTSTATE, cp15c15);
982
983 /* Write DCache victim */
984 arm920t_execute_cp15(target,
985 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
986
987 /* clear interpret mode */
988 cp15c15 &= ~0x1;
989 arm920t_write_cp15_physical(target,
990 CP15PHYS_TESTSTATE, cp15c15);
991 }
992
993 /* read ICache content */
994 fprintf(output, "ICache:\n");
995
996 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
997 for (segment = 0;
998 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
999 segment++)
1000 {
1001 fprintf(output, "segment: %i\n----------", segment);
1002
1003 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1004 regs[0] = 0x0 | (segment << 5);
1005 arm9tdmi_write_core_regs(target, 0x1, regs);
1006
1007 /* set interpret mode */
1008 cp15c15 |= 0x1;
1009 arm920t_write_cp15_physical(target,
1010 CP15PHYS_TESTSTATE, cp15c15);
1011
1012 /* I CAM Read, loads current victim into C15.C.I.Ind */
1013 arm920t_execute_cp15(target,
1014 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1015
1016 /* read current victim */
1017 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1018 &C15_C_I_Ind);
1019
1020 /* clear interpret mode */
1021 cp15c15 &= ~0x1;
1022 arm920t_write_cp15_physical(target,
1023 CP15PHYS_TESTSTATE, cp15c15);
1024
1025 for (index = 0; index < 64; index++)
1026 {
1027 /* Ra:
1028 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1029 */
1030 regs[0] = 0x0 | (segment << 5) | (index << 26);
1031 arm9tdmi_write_core_regs(target, 0x1, regs);
1032
1033 /* set interpret mode */
1034 cp15c15 |= 0x1;
1035 arm920t_write_cp15_physical(target,
1036 CP15PHYS_TESTSTATE, cp15c15);
1037
1038 /* Write ICache victim */
1039 arm920t_execute_cp15(target,
1040 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1041
1042 /* Read I RAM */
1043 arm920t_execute_cp15(target,
1044 ARMV4_5_MCR(15,2,0,15,9,2),
1045 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1046
1047 /* Read I CAM */
1048 arm920t_execute_cp15(target,
1049 ARMV4_5_MCR(15,2,0,15,5,2),
1050 ARMV4_5_LDR(9, 0));
1051
1052 /* clear interpret mode */
1053 cp15c15 &= ~0x1;
1054 arm920t_write_cp15_physical(target,
1055 CP15PHYS_TESTSTATE, cp15c15);
1056
1057 /* read I RAM and CAM content */
1058 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1059 if ((retval = jtag_execute_queue()) != ERROR_OK)
1060 {
1061 return retval;
1062 }
1063
1064 i_cache[segment][index].cam = regs[9];
1065
1066 /* mask LFSR[6] */
1067 regs[9] &= 0xfffffffe;
1068 fprintf(output, "\nsegment: %i, index: %i, "
1069 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1070 segment, index, regs[9],
1071 (regs[9] & 0x10) ? "valid" : "invalid");
1072
1073 for (i = 1; i < 9; i++)
1074 {
1075 i_cache[segment][index].data[i] = regs[i];
1076 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1077 i-1, regs[i]);
1078 }
1079 }
1080
1081 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1082 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1083 arm9tdmi_write_core_regs(target, 0x1, regs);
1084
1085 /* set interpret mode */
1086 cp15c15 |= 0x1;
1087 arm920t_write_cp15_physical(target,
1088 CP15PHYS_TESTSTATE, cp15c15);
1089
1090 /* Write ICache victim */
1091 arm920t_execute_cp15(target,
1092 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1093
1094 /* clear interpret mode */
1095 cp15c15 &= ~0x1;
1096 arm920t_write_cp15_physical(target,
1097 CP15PHYS_TESTSTATE, cp15c15);
1098 }
1099
1100 /* restore CP15 MMU and Cache settings */
1101 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1102
1103 command_print(CMD_CTX, "cache content successfully output to %s",
1104 CMD_ARGV[0]);
1105
1106 fclose(output);
1107
1108 if (!is_arm_mode(armv4_5->core_mode))
1109 return ERROR_FAIL;
1110
1111 /* force writeback of the valid data */
1112 r = armv4_5->core_cache->reg_list;
1113 r[0].dirty = r[0].valid;
1114 r[1].dirty = r[1].valid;
1115 r[2].dirty = r[2].valid;
1116 r[3].dirty = r[3].valid;
1117 r[4].dirty = r[4].valid;
1118 r[5].dirty = r[5].valid;
1119 r[6].dirty = r[6].valid;
1120 r[7].dirty = r[7].valid;
1121
1122 r = arm_reg_current(armv4_5, 8);
1123 r->dirty = r->valid;
1124
1125 r = arm_reg_current(armv4_5, 9);
1126 r->dirty = r->valid;
1127
1128 return ERROR_OK;
1129 }
1130
1131 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1132 {
1133 int retval = ERROR_OK;
1134 struct target *target = get_current_target(CMD_CTX);
1135 struct arm920t_common *arm920t = target_to_arm920(target);
1136 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1137 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1138 uint32_t cp15c15;
1139 uint32_t cp15_ctrl, cp15_ctrl_saved;
1140 uint32_t regs[16];
1141 uint32_t *regs_p[16];
1142 int i;
1143 FILE *output;
1144 uint32_t Dlockdown, Ilockdown;
1145 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1146 int victim;
1147 struct reg *r;
1148
1149 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1150 if (retval != ERROR_OK)
1151 return retval;
1152
1153 if (CMD_ARGC != 1)
1154 {
1155 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1156 return ERROR_OK;
1157 }
1158
1159 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1160 {
1161 LOG_DEBUG("error opening mmu content file");
1162 return ERROR_OK;
1163 }
1164
1165 for (i = 0; i < 16; i++)
1166 regs_p[i] = &regs[i];
1167
1168 /* disable MMU and Caches */
1169 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1170 if ((retval = jtag_execute_queue()) != ERROR_OK)
1171 {
1172 return retval;
1173 }
1174 cp15_ctrl_saved = cp15_ctrl;
1175 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1176 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1177 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1178
1179 /* read CP15 test state register */
1180 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1181 if ((retval = jtag_execute_queue()) != ERROR_OK)
1182 {
1183 return retval;
1184 }
1185
1186 /* prepare reading D TLB content
1187 * */
1188
1189 /* set interpret mode */
1190 cp15c15 |= 0x1;
1191 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1192
1193 /* Read D TLB lockdown */
1194 arm920t_execute_cp15(target,
1195 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1196
1197 /* clear interpret mode */
1198 cp15c15 &= ~0x1;
1199 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1200
1201 /* read D TLB lockdown stored to r1 */
1202 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1203 if ((retval = jtag_execute_queue()) != ERROR_OK)
1204 {
1205 return retval;
1206 }
1207 Dlockdown = regs[1];
1208
1209 for (victim = 0; victim < 64; victim += 8)
1210 {
1211 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1212 * base remains unchanged, victim goes through entries 0 to 63
1213 */
1214 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1215 arm9tdmi_write_core_regs(target, 0x2, regs);
1216
1217 /* set interpret mode */
1218 cp15c15 |= 0x1;
1219 arm920t_write_cp15_physical(target,
1220 CP15PHYS_TESTSTATE, cp15c15);
1221
1222 /* Write D TLB lockdown */
1223 arm920t_execute_cp15(target,
1224 ARMV4_5_MCR(15,0,0,10,0,0),
1225 ARMV4_5_STR(1, 0));
1226
1227 /* Read D TLB CAM */
1228 arm920t_execute_cp15(target,
1229 ARMV4_5_MCR(15,4,0,15,6,4),
1230 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1231
1232 /* clear interpret mode */
1233 cp15c15 &= ~0x1;
1234 arm920t_write_cp15_physical(target,
1235 CP15PHYS_TESTSTATE, cp15c15);
1236
1237 /* read D TLB CAM content stored to r2-r9 */
1238 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1239 if ((retval = jtag_execute_queue()) != ERROR_OK)
1240 {
1241 return retval;
1242 }
1243
1244 for (i = 0; i < 8; i++)
1245 d_tlb[victim + i].cam = regs[i + 2];
1246 }
1247
1248 for (victim = 0; victim < 64; victim++)
1249 {
1250 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1251 * base remains unchanged, victim goes through entries 0 to 63
1252 */
1253 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1254 arm9tdmi_write_core_regs(target, 0x2, regs);
1255
1256 /* set interpret mode */
1257 cp15c15 |= 0x1;
1258 arm920t_write_cp15_physical(target,
1259 CP15PHYS_TESTSTATE, cp15c15);
1260
1261 /* Write D TLB lockdown */
1262 arm920t_execute_cp15(target,
1263 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1264
1265 /* Read D TLB RAM1 */
1266 arm920t_execute_cp15(target,
1267 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1268
1269 /* Read D TLB RAM2 */
1270 arm920t_execute_cp15(target,
1271 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1272
1273 /* clear interpret mode */
1274 cp15c15 &= ~0x1;
1275 arm920t_write_cp15_physical(target,
1276 CP15PHYS_TESTSTATE, cp15c15);
1277
1278 /* read D TLB RAM content stored to r2 and r3 */
1279 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1280 if ((retval = jtag_execute_queue()) != ERROR_OK)
1281 {
1282 return retval;
1283 }
1284
1285 d_tlb[victim].ram1 = regs[2];
1286 d_tlb[victim].ram2 = regs[3];
1287 }
1288
1289 /* restore D TLB lockdown */
1290 regs[1] = Dlockdown;
1291 arm9tdmi_write_core_regs(target, 0x2, regs);
1292
1293 /* Write D TLB lockdown */
1294 arm920t_execute_cp15(target,
1295 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1296
1297 /* prepare reading I TLB content
1298 * */
1299
1300 /* set interpret mode */
1301 cp15c15 |= 0x1;
1302 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1303
1304 /* Read I TLB lockdown */
1305 arm920t_execute_cp15(target,
1306 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1307
1308 /* clear interpret mode */
1309 cp15c15 &= ~0x1;
1310 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1311
1312 /* read I TLB lockdown stored to r1 */
1313 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1314 if ((retval = jtag_execute_queue()) != ERROR_OK)
1315 {
1316 return retval;
1317 }
1318 Ilockdown = regs[1];
1319
1320 for (victim = 0; victim < 64; victim += 8)
1321 {
1322 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1323 * base remains unchanged, victim goes through entries 0 to 63
1324 */
1325 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1326 arm9tdmi_write_core_regs(target, 0x2, regs);
1327
1328 /* set interpret mode */
1329 cp15c15 |= 0x1;
1330 arm920t_write_cp15_physical(target,
1331 CP15PHYS_TESTSTATE, cp15c15);
1332
1333 /* Write I TLB lockdown */
1334 arm920t_execute_cp15(target,
1335 ARMV4_5_MCR(15,0,0,10,0,1),
1336 ARMV4_5_STR(1, 0));
1337
1338 /* Read I TLB CAM */
1339 arm920t_execute_cp15(target,
1340 ARMV4_5_MCR(15,4,0,15,5,4),
1341 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1342
1343 /* clear interpret mode */
1344 cp15c15 &= ~0x1;
1345 arm920t_write_cp15_physical(target,
1346 CP15PHYS_TESTSTATE, cp15c15);
1347
1348 /* read I TLB CAM content stored to r2-r9 */
1349 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1350 if ((retval = jtag_execute_queue()) != ERROR_OK)
1351 {
1352 return retval;
1353 }
1354
1355 for (i = 0; i < 8; i++)
1356 i_tlb[i + victim].cam = regs[i + 2];
1357 }
1358
1359 for (victim = 0; victim < 64; victim++)
1360 {
1361 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1362 * base remains unchanged, victim goes through entries 0 to 63
1363 */
1364 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1365 arm9tdmi_write_core_regs(target, 0x2, regs);
1366
1367 /* set interpret mode */
1368 cp15c15 |= 0x1;
1369 arm920t_write_cp15_physical(target,
1370 CP15PHYS_TESTSTATE, cp15c15);
1371
1372 /* Write I TLB lockdown */
1373 arm920t_execute_cp15(target,
1374 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1375
1376 /* Read I TLB RAM1 */
1377 arm920t_execute_cp15(target,
1378 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1379
1380 /* Read I TLB RAM2 */
1381 arm920t_execute_cp15(target,
1382 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1383
1384 /* clear interpret mode */
1385 cp15c15 &= ~0x1;
1386 arm920t_write_cp15_physical(target,
1387 CP15PHYS_TESTSTATE, cp15c15);
1388
1389 /* read I TLB RAM content stored to r2 and r3 */
1390 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1391 if ((retval = jtag_execute_queue()) != ERROR_OK)
1392 {
1393 return retval;
1394 }
1395
1396 i_tlb[victim].ram1 = regs[2];
1397 i_tlb[victim].ram2 = regs[3];
1398 }
1399
1400 /* restore I TLB lockdown */
1401 regs[1] = Ilockdown;
1402 arm9tdmi_write_core_regs(target, 0x2, regs);
1403
1404 /* Write I TLB lockdown */
1405 arm920t_execute_cp15(target,
1406 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1407
1408 /* restore CP15 MMU and Cache settings */
1409 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1410
1411 /* output data to file */
1412 fprintf(output, "D TLB content:\n");
1413 for (i = 0; i < 64; i++)
1414 {
1415 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1416 " 0x%8.8" PRIx32 " %s\n",
1417 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1418 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1419 }
1420
1421 fprintf(output, "\n\nI TLB content:\n");
1422 for (i = 0; i < 64; i++)
1423 {
1424 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1425 " 0x%8.8" PRIx32 " %s\n",
1426 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1427 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1428 }
1429
1430 command_print(CMD_CTX, "mmu content successfully output to %s",
1431 CMD_ARGV[0]);
1432
1433 fclose(output);
1434
1435 if (!is_arm_mode(armv4_5->core_mode))
1436 return ERROR_FAIL;
1437
1438 /* force writeback of the valid data */
1439 r = armv4_5->core_cache->reg_list;
1440 r[0].dirty = r[0].valid;
1441 r[1].dirty = r[1].valid;
1442 r[2].dirty = r[2].valid;
1443 r[3].dirty = r[3].valid;
1444 r[4].dirty = r[4].valid;
1445 r[5].dirty = r[5].valid;
1446 r[6].dirty = r[6].valid;
1447 r[7].dirty = r[7].valid;
1448
1449 r = arm_reg_current(armv4_5, 8);
1450 r->dirty = r->valid;
1451
1452 r = arm_reg_current(armv4_5, 9);
1453 r->dirty = r->valid;
1454
1455 return ERROR_OK;
1456 }
1457
1458 COMMAND_HANDLER(arm920t_handle_cp15_command)
1459 {
1460 int retval;
1461 struct target *target = get_current_target(CMD_CTX);
1462 struct arm920t_common *arm920t = target_to_arm920(target);
1463
1464 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1465 if (retval != ERROR_OK)
1466 return retval;
1467
1468 if (target->state != TARGET_HALTED)
1469 {
1470 command_print(CMD_CTX, "target must be stopped for "
1471 "\"%s\" command", CMD_NAME);
1472 return ERROR_OK;
1473 }
1474
1475 /* one argument, read a register.
1476 * two arguments, write it.
1477 */
1478 if (CMD_ARGC >= 1)
1479 {
1480 int address;
1481 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1482
1483 if (CMD_ARGC == 1)
1484 {
1485 uint32_t value;
1486 if ((retval = arm920t_read_cp15_physical(target,
1487 address, &value)) != ERROR_OK)
1488 {
1489 command_print(CMD_CTX,
1490 "couldn't access reg %i", address);
1491 return ERROR_OK;
1492 }
1493 if ((retval = jtag_execute_queue()) != ERROR_OK)
1494 {
1495 return retval;
1496 }
1497
1498 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1499 address, value);
1500 }
1501 else if (CMD_ARGC == 2)
1502 {
1503 uint32_t value;
1504 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1505 retval = arm920t_write_cp15_physical(target,
1506 address, value);
1507 if (retval != ERROR_OK)
1508 {
1509 command_print(CMD_CTX,
1510 "couldn't access reg %i", address);
1511 /* REVISIT why lie? "return retval"? */
1512 return ERROR_OK;
1513 }
1514 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1515 address, value);
1516 }
1517 }
1518
1519 return ERROR_OK;
1520 }
1521
1522 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1523 {
1524 int retval;
1525 struct target *target = get_current_target(CMD_CTX);
1526 struct arm920t_common *arm920t = target_to_arm920(target);
1527
1528 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1529 if (retval != ERROR_OK)
1530 return retval;
1531
1532
1533 if (target->state != TARGET_HALTED)
1534 {
1535 command_print(CMD_CTX, "target must be stopped for "
1536 "\"%s\" command", CMD_NAME);
1537 return ERROR_OK;
1538 }
1539
1540 /* one argument, read a register.
1541 * two arguments, write it.
1542 */
1543 if (CMD_ARGC >= 1)
1544 {
1545 uint32_t opcode;
1546 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1547
1548 if (CMD_ARGC == 1)
1549 {
1550 uint32_t value;
1551 retval = arm920t_read_cp15_interpreted(target,
1552 opcode, 0x0, &value);
1553 if (retval != ERROR_OK)
1554 {
1555 command_print(CMD_CTX,
1556 "couldn't execute %8.8" PRIx32,
1557 opcode);
1558 /* REVISIT why lie? "return retval"? */
1559 return ERROR_OK;
1560 }
1561
1562 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1563 opcode, value);
1564 }
1565 else if (CMD_ARGC == 2)
1566 {
1567 uint32_t value;
1568 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1569 retval = arm920t_write_cp15_interpreted(target,
1570 opcode, value, 0);
1571 if (retval != ERROR_OK)
1572 {
1573 command_print(CMD_CTX,
1574 "couldn't execute %8.8" PRIx32,
1575 opcode);
1576 /* REVISIT why lie? "return retval"? */
1577 return ERROR_OK;
1578 }
1579 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1580 opcode, value);
1581 }
1582 else if (CMD_ARGC == 3)
1583 {
1584 uint32_t value;
1585 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1586 uint32_t address;
1587 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1588 retval = arm920t_write_cp15_interpreted(target,
1589 opcode, value, address);
1590 if (retval != ERROR_OK)
1591 {
1592 command_print(CMD_CTX,
1593 "couldn't execute %8.8" PRIx32, opcode);
1594 /* REVISIT why lie? "return retval"? */
1595 return ERROR_OK;
1596 }
1597 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1598 " %8.8" PRIx32, opcode, value, address);
1599 }
1600 }
1601 else
1602 {
1603 command_print(CMD_CTX,
1604 "usage: arm920t cp15i <opcode> [value] [address]");
1605 }
1606
1607 return ERROR_OK;
1608 }
1609
1610 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1611 {
1612 int retval;
1613 struct target *target = get_current_target(CMD_CTX);
1614 struct arm920t_common *arm920t = target_to_arm920(target);
1615
1616 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1617 if (retval != ERROR_OK)
1618 return retval;
1619
1620 return armv4_5_handle_cache_info_command(CMD_CTX,
1621 &arm920t->armv4_5_mmu.armv4_5_cache);
1622 }
1623
1624
1625 static int arm920t_mrc(struct target *target, int cpnum,
1626 uint32_t op1, uint32_t op2,
1627 uint32_t CRn, uint32_t CRm,
1628 uint32_t *value)
1629 {
1630 if (cpnum!=15)
1631 {
1632 LOG_ERROR("Only cp15 is supported");
1633 return ERROR_FAIL;
1634 }
1635
1636 /* read "to" r0 */
1637 return arm920t_read_cp15_interpreted(target,
1638 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1639 0, value);
1640 }
1641
1642 static int arm920t_mcr(struct target *target, int cpnum,
1643 uint32_t op1, uint32_t op2,
1644 uint32_t CRn, uint32_t CRm,
1645 uint32_t value)
1646 {
1647 if (cpnum!=15)
1648 {
1649 LOG_ERROR("Only cp15 is supported");
1650 return ERROR_FAIL;
1651 }
1652
1653 /* write "from" r0 */
1654 return arm920t_write_cp15_interpreted(target,
1655 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1656 0, value);
1657 }
1658
1659 static const struct command_registration arm920t_exec_command_handlers[] = {
1660 {
1661 .name = "cp15",
1662 .handler = arm920t_handle_cp15_command,
1663 .mode = COMMAND_EXEC,
1664 .help = "display/modify cp15 register",
1665 .usage = "regnum [value]",
1666 },
1667 {
1668 .name = "cp15i",
1669 .handler = arm920t_handle_cp15i_command,
1670 .mode = COMMAND_EXEC,
1671 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1672 .help = "display/modify cp15 register using ARM opcode"
1673 " (DEPRECATED)",
1674 .usage = "instruction [value [address]]",
1675 },
1676 {
1677 .name = "cache_info",
1678 .handler = arm920t_handle_cache_info_command,
1679 .mode = COMMAND_EXEC,
1680 .help = "display information about target caches",
1681 },
1682 {
1683 .name = "read_cache",
1684 .handler = arm920t_handle_read_cache_command,
1685 .mode = COMMAND_EXEC,
1686 .help = "dump I/D cache content to file",
1687 .usage = "filename",
1688 },
1689 {
1690 .name = "read_mmu",
1691 .handler = arm920t_handle_read_mmu_command,
1692 .mode = COMMAND_EXEC,
1693 .help = "dump I/D mmu content to file",
1694 .usage = "filename",
1695 },
1696 COMMAND_REGISTRATION_DONE
1697 };
1698 const struct command_registration arm920t_command_handlers[] = {
1699 {
1700 .chain = arm9tdmi_command_handlers,
1701 },
1702 {
1703 .name = "arm920t",
1704 .mode = COMMAND_ANY,
1705 .help = "arm920t command group",
1706 .chain = arm920t_exec_command_handlers,
1707 },
1708 COMMAND_REGISTRATION_DONE
1709 };
1710
1711 /** Holds methods for ARM920 targets. */
1712 struct target_type arm920t_target =
1713 {
1714 .name = "arm920t",
1715
1716 .poll = arm7_9_poll,
1717 .arch_state = arm920t_arch_state,
1718
1719 .target_request_data = arm7_9_target_request_data,
1720
1721 .halt = arm7_9_halt,
1722 .resume = arm7_9_resume,
1723 .step = arm7_9_step,
1724
1725 .assert_reset = arm7_9_assert_reset,
1726 .deassert_reset = arm7_9_deassert_reset,
1727 .soft_reset_halt = arm920t_soft_reset_halt,
1728
1729 .get_gdb_reg_list = arm_get_gdb_reg_list,
1730
1731 .read_memory = arm920t_read_memory,
1732 .write_memory = arm920t_write_memory,
1733 .read_phys_memory = arm920t_read_phys_memory,
1734 .write_phys_memory = arm920t_write_phys_memory,
1735 .mmu = arm920_mmu,
1736 .virt2phys = arm920_virt2phys,
1737
1738 .bulk_write_memory = arm7_9_bulk_write_memory,
1739
1740 .checksum_memory = arm_checksum_memory,
1741 .blank_check_memory = arm_blank_check_memory,
1742
1743 .run_algorithm = armv4_5_run_algorithm,
1744
1745 .add_breakpoint = arm7_9_add_breakpoint,
1746 .remove_breakpoint = arm7_9_remove_breakpoint,
1747 .add_watchpoint = arm7_9_add_watchpoint,
1748 .remove_watchpoint = arm7_9_remove_watchpoint,
1749
1750 .commands = arm920t_command_handlers,
1751 .target_create = arm920t_target_create,
1752 .init_target = arm9tdmi_init_target,
1753 .examine = arm7_9_examine,
1754 .check_reset = arm7_9_check_reset,
1755 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)