Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
TARGET: fix handling return code of MMU translation
[openocd.git] / src / target / arm920t.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * This program is free software; you can redistribute it and/or modify *
6 * it under the terms of the GNU General Public License as published by *
7 * the Free Software Foundation; either version 2 of the License, or *
8 * (at your option) any later version. *
9 * *
10 * This program is distributed in the hope that it will be useful, *
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
13 * GNU General Public License for more details. *
14 * *
15 * You should have received a copy of the GNU General Public License *
16 * along with this program; if not, write to the *
17 * Free Software Foundation, Inc., *
18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
19 ***************************************************************************/
20 #ifdef HAVE_CONFIG_H
21 #include "config.h"
22 #endif
23
24 #include "arm920t.h"
25 #include <helper/time_support.h>
26 #include "target_type.h"
27 #include "register.h"
28 #include "arm_opcodes.h"
29
30
31 /*
32 * For information about the ARM920T, see ARM DDI 0151C especially
33 * Chapter 9 about debug support, which shows how to manipulate each
34 * of the different scan chains:
35 *
36 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
37 * 1 ... debugging; watchpoint and breakpoint status, etc; also
38 * MMU and cache access in conjunction with scan chain 15
39 * 2 ... EmbeddedICE
40 * 3 ... external boundary scan (SoC-specific, unused here)
41 * 4 ... access to cache tag RAM
42 * 6 ... ETM9
43 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
44 * "interpreted" works with a few actual MRC/MCR instructions
45 * "physical" provides register-like behaviors. Section 9.6.7
46 * covers these details.
47 *
48 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
49 */
50
51 #if 0
52 #define _DEBUG_INSTRUCTION_EXECUTION_
53 #endif
54
55 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
56 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
57 * JTAG scan, while reads use two.
58 *
59 * Table 9-9 lists the thirteen registers which support physical access.
60 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
61 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
62 *
63 * x == bit[38]
64 * y == bits[37:34]
65 * z == bit[33]
66 */
67 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
68
69 /* Registers supporting physical Read access (from table 9-9) */
70 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
71 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
72 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
73 /* NOTE: several more registers support only physical read access */
74
75 /* Registers supporting physical Read/Write access (from table 9-9) */
76 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
77 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
78 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
79 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
80 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
81
82 static int arm920t_read_cp15_physical(struct target *target,
83 int reg_addr, uint32_t *value)
84 {
85 struct arm920t_common *arm920t = target_to_arm920(target);
86 struct arm_jtag *jtag_info;
87 struct scan_field fields[4];
88 uint8_t access_type_buf = 1;
89 uint8_t reg_addr_buf = reg_addr & 0x3f;
90 uint8_t nr_w_buf = 0;
91
92 jtag_info = &arm920t->arm7_9_common.jtag_info;
93
94 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
95 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
96
97 fields[0].num_bits = 1;
98 fields[0].out_value = &access_type_buf;
99 fields[0].in_value = NULL;
100
101 fields[1].num_bits = 32;
102 fields[1].out_value = NULL;
103 fields[1].in_value = NULL;
104
105 fields[2].num_bits = 6;
106 fields[2].out_value = &reg_addr_buf;
107 fields[2].in_value = NULL;
108
109 fields[3].num_bits = 1;
110 fields[3].out_value = &nr_w_buf;
111 fields[3].in_value = NULL;
112
113 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
114
115 fields[1].in_value = (uint8_t *)value;
116
117 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
118
119 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
120
121 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
122 jtag_execute_queue();
123 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
124 #endif
125
126 return ERROR_OK;
127 }
128
129 static int arm920t_write_cp15_physical(struct target *target,
130 int reg_addr, uint32_t value)
131 {
132 struct arm920t_common *arm920t = target_to_arm920(target);
133 struct arm_jtag *jtag_info;
134 struct scan_field fields[4];
135 uint8_t access_type_buf = 1;
136 uint8_t reg_addr_buf = reg_addr & 0x3f;
137 uint8_t nr_w_buf = 1;
138 uint8_t value_buf[4];
139
140 jtag_info = &arm920t->arm7_9_common.jtag_info;
141
142 buf_set_u32(value_buf, 0, 32, value);
143
144 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
145 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
146
147 fields[0].num_bits = 1;
148 fields[0].out_value = &access_type_buf;
149 fields[0].in_value = NULL;
150
151 fields[1].num_bits = 32;
152 fields[1].out_value = value_buf;
153 fields[1].in_value = NULL;
154
155 fields[2].num_bits = 6;
156 fields[2].out_value = &reg_addr_buf;
157 fields[2].in_value = NULL;
158
159 fields[3].num_bits = 1;
160 fields[3].out_value = &nr_w_buf;
161 fields[3].in_value = NULL;
162
163 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
164
165 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
166 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
167 #endif
168
169 return ERROR_OK;
170 }
171
172 /* See table 9-10 for scan chain 15 format during interpreted access mode.
173 * If the TESTSTATE register is set for interpreted access, certain CP15
174 * MRC and MCR instructions may be executed through scan chain 15.
175 *
176 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
177 * executed using scan chain 15 interpreted mode.
178 */
179 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
180 uint32_t arm_opcode)
181 {
182 int retval;
183 struct arm920t_common *arm920t = target_to_arm920(target);
184 struct arm_jtag *jtag_info;
185 struct scan_field fields[4];
186 uint8_t access_type_buf = 0; /* interpreted access */
187 uint8_t reg_addr_buf = 0x0;
188 uint8_t nr_w_buf = 0;
189 uint8_t cp15_opcode_buf[4];
190
191 jtag_info = &arm920t->arm7_9_common.jtag_info;
192
193 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
194 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
195
196 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
197
198 fields[0].num_bits = 1;
199 fields[0].out_value = &access_type_buf;
200 fields[0].in_value = NULL;
201
202 fields[1].num_bits = 32;
203 fields[1].out_value = cp15_opcode_buf;
204 fields[1].in_value = NULL;
205
206 fields[2].num_bits = 6;
207 fields[2].out_value = &reg_addr_buf;
208 fields[2].in_value = NULL;
209
210 fields[3].num_bits = 1;
211 fields[3].out_value = &nr_w_buf;
212 fields[3].in_value = NULL;
213
214 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
215
216 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
217 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
218 retval = arm7_9_execute_sys_speed(target);
219 if (retval != ERROR_OK)
220 return retval;
221
222 if ((retval = jtag_execute_queue()) != ERROR_OK)
223 {
224 LOG_ERROR("failed executing JTAG queue");
225 return retval;
226 }
227
228 return ERROR_OK;
229 }
230
231 static int arm920t_read_cp15_interpreted(struct target *target,
232 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
233 {
234 struct arm *armv4_5 = target_to_arm(target);
235 uint32_t* regs_p[1];
236 uint32_t regs[2];
237 uint32_t cp15c15 = 0x0;
238 struct reg *r = armv4_5->core_cache->reg_list;
239
240 /* load address into R1 */
241 regs[1] = address;
242 arm9tdmi_write_core_regs(target, 0x2, regs);
243
244 /* read-modify-write CP15 test state register
245 * to enable interpreted access mode */
246 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
247 jtag_execute_queue();
248 cp15c15 |= 1; /* set interpret mode */
249 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
250
251 /* execute CP15 instruction and ARM load (reading from coprocessor) */
252 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
253
254 /* disable interpreted access mode */
255 cp15c15 &= ~1U; /* clear interpret mode */
256 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
257
258 /* retrieve value from R0 */
259 regs_p[0] = value;
260 arm9tdmi_read_core_regs(target, 0x1, regs_p);
261 jtag_execute_queue();
262
263 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
264 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
265 cp15_opcode, address, *value);
266 #endif
267
268 if (!is_arm_mode(armv4_5->core_mode))
269 return ERROR_FAIL;
270
271 r[0].dirty = 1;
272 r[1].dirty = 1;
273
274 return ERROR_OK;
275 }
276
277 static
278 int arm920t_write_cp15_interpreted(struct target *target,
279 uint32_t cp15_opcode, uint32_t value, uint32_t address)
280 {
281 uint32_t cp15c15 = 0x0;
282 struct arm *armv4_5 = target_to_arm(target);
283 uint32_t regs[2];
284 struct reg *r = armv4_5->core_cache->reg_list;
285
286 /* load value, address into R0, R1 */
287 regs[0] = value;
288 regs[1] = address;
289 arm9tdmi_write_core_regs(target, 0x3, regs);
290
291 /* read-modify-write CP15 test state register
292 * to enable interpreted access mode */
293 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
294 jtag_execute_queue();
295 cp15c15 |= 1; /* set interpret mode */
296 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
297
298 /* execute CP15 instruction and ARM store (writing to coprocessor) */
299 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
300
301 /* disable interpreted access mode */
302 cp15c15 &= ~1U; /* set interpret mode */
303 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
304
305 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
306 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
307 cp15_opcode, value, address);
308 #endif
309
310 if (!is_arm_mode(armv4_5->core_mode))
311 return ERROR_FAIL;
312
313 r[0].dirty = 1;
314 r[1].dirty = 1;
315
316 return ERROR_OK;
317 }
318
319 // EXPORTED to FA256
320 uint32_t arm920t_get_ttb(struct target *target)
321 {
322 int retval;
323 uint32_t ttb = 0x0;
324
325 if ((retval = arm920t_read_cp15_interpreted(target,
326 /* FIXME use opcode macro */
327 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
328 return retval;
329
330 return ttb;
331 }
332
333 // EXPORTED to FA256
334 void arm920t_disable_mmu_caches(struct target *target, int mmu,
335 int d_u_cache, int i_cache)
336 {
337 uint32_t cp15_control;
338
339 /* read cp15 control register */
340 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
341 jtag_execute_queue();
342
343 if (mmu)
344 cp15_control &= ~0x1U;
345
346 if (d_u_cache)
347 cp15_control &= ~0x4U;
348
349 if (i_cache)
350 cp15_control &= ~0x1000U;
351
352 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
353 }
354
355 // EXPORTED to FA256
356 void arm920t_enable_mmu_caches(struct target *target, int mmu,
357 int d_u_cache, int i_cache)
358 {
359 uint32_t cp15_control;
360
361 /* read cp15 control register */
362 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
363 jtag_execute_queue();
364
365 if (mmu)
366 cp15_control |= 0x1U;
367
368 if (d_u_cache)
369 cp15_control |= 0x4U;
370
371 if (i_cache)
372 cp15_control |= 0x1000U;
373
374 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
375 }
376
377 // EXPORTED to FA256
378 void arm920t_post_debug_entry(struct target *target)
379 {
380 uint32_t cp15c15;
381 struct arm920t_common *arm920t = target_to_arm920(target);
382
383 /* examine cp15 control reg */
384 arm920t_read_cp15_physical(target,
385 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
386 jtag_execute_queue();
387 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
388
389 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
390 {
391 uint32_t cache_type_reg;
392 /* identify caches */
393 arm920t_read_cp15_physical(target,
394 CP15PHYS_CACHETYPE, &cache_type_reg);
395 jtag_execute_queue();
396 armv4_5_identify_cache(cache_type_reg,
397 &arm920t->armv4_5_mmu.armv4_5_cache);
398 }
399
400 arm920t->armv4_5_mmu.mmu_enabled =
401 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
402 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
403 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
404 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
405 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
406
407 /* save i/d fault status and address register */
408 /* FIXME use opcode macros */
409 arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
410 arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
411 arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
412 arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
413
414 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
415 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
416 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
417
418 if (arm920t->preserve_cache)
419 {
420 /* read-modify-write CP15 test state register
421 * to disable I/D-cache linefills */
422 arm920t_read_cp15_physical(target,
423 CP15PHYS_TESTSTATE, &cp15c15);
424 jtag_execute_queue();
425 cp15c15 |= 0x600;
426 arm920t_write_cp15_physical(target,
427 CP15PHYS_TESTSTATE, cp15c15);
428 }
429 }
430
431 // EXPORTED to FA256
432 void arm920t_pre_restore_context(struct target *target)
433 {
434 uint32_t cp15c15;
435 struct arm920t_common *arm920t = target_to_arm920(target);
436
437 /* restore i/d fault status and address register */
438 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
439 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
440 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
441 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
442
443 /* read-modify-write CP15 test state register
444 * to reenable I/D-cache linefills */
445 if (arm920t->preserve_cache)
446 {
447 arm920t_read_cp15_physical(target,
448 CP15PHYS_TESTSTATE, &cp15c15);
449 jtag_execute_queue();
450 cp15c15 &= ~0x600U;
451 arm920t_write_cp15_physical(target,
452 CP15PHYS_TESTSTATE, cp15c15);
453 }
454 }
455
456 static const char arm920_not[] = "target is not an ARM920";
457
458 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
459 struct arm920t_common *arm920t)
460 {
461 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
462 command_print(cmd_ctx, arm920_not);
463 return ERROR_TARGET_INVALID;
464 }
465
466 return ERROR_OK;
467 }
468
469 /** Logs summary of ARM920 state for a halted target. */
470 int arm920t_arch_state(struct target *target)
471 {
472 static const char *state[] =
473 {
474 "disabled", "enabled"
475 };
476
477 struct arm920t_common *arm920t = target_to_arm920(target);
478 struct arm *armv4_5;
479
480 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
481 {
482 LOG_ERROR("BUG: %s", arm920_not);
483 return ERROR_TARGET_INVALID;
484 }
485
486 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
487
488 arm_arch_state(target);
489 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
490 state[arm920t->armv4_5_mmu.mmu_enabled],
491 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
492 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
493
494 return ERROR_OK;
495 }
496
497 static int arm920_mmu(struct target *target, int *enabled)
498 {
499 if (target->state != TARGET_HALTED) {
500 LOG_ERROR("%s: target not halted", __func__);
501 return ERROR_TARGET_INVALID;
502 }
503
504 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
505 return ERROR_OK;
506 }
507
508 static int arm920_virt2phys(struct target *target,
509 uint32_t virt, uint32_t *phys)
510 {
511 int type;
512 uint32_t cb;
513 int domain;
514 uint32_t ap;
515 struct arm920t_common *arm920t = target_to_arm920(target);
516
517 uint32_t ret;
518 int retval = armv4_5_mmu_translate_va(target,
519 &arm920t->armv4_5_mmu, virt, &type, &cb, &domain, &ap, &ret);
520 if (retval != ERROR_OK)
521 return retval;
522 *phys = ret;
523 return ERROR_OK;
524 }
525
526 /** Reads a buffer, in the specified word size, with current MMU settings. */
527 int arm920t_read_memory(struct target *target, uint32_t address,
528 uint32_t size, uint32_t count, uint8_t *buffer)
529 {
530 int retval;
531
532 retval = arm7_9_read_memory(target, address, size, count, buffer);
533
534 return retval;
535 }
536
537
538 static int arm920t_read_phys_memory(struct target *target,
539 uint32_t address, uint32_t size,
540 uint32_t count, uint8_t *buffer)
541 {
542 struct arm920t_common *arm920t = target_to_arm920(target);
543
544 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
545 address, size, count, buffer);
546 }
547
548 static int arm920t_write_phys_memory(struct target *target,
549 uint32_t address, uint32_t size,
550 uint32_t count, uint8_t *buffer)
551 {
552 struct arm920t_common *arm920t = target_to_arm920(target);
553
554 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
555 address, size, count, buffer);
556 }
557
558
559 /** Writes a buffer, in the specified word size, with current MMU settings. */
560 int arm920t_write_memory(struct target *target, uint32_t address,
561 uint32_t size, uint32_t count, uint8_t *buffer)
562 {
563 int retval;
564 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
565 struct arm920t_common *arm920t = target_to_arm920(target);
566
567 /* FIX!!!! this should be cleaned up and made much more general. The
568 * plan is to write up and test on arm920t specifically and
569 * then generalize and clean up afterwards.
570 *
571 * Also it should be moved to the callbacks that handle breakpoints
572 * specifically and not the generic memory write fn's. See XScale code.
573 */
574 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
575 ((size==2) || (size==4)))
576 {
577 /* special case the handling of single word writes to
578 * bypass MMU, to allow implementation of breakpoints
579 * in memory marked read only
580 * by MMU
581 */
582 int type;
583 uint32_t cb;
584 int domain;
585 uint32_t ap;
586 uint32_t pa;
587
588 /*
589 * We need physical address and cb
590 */
591 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
592 address, &type, &cb, &domain, &ap, &pa);
593 if (retval != ERROR_OK)
594 return retval;
595
596 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
597 {
598 if (cb & 0x1)
599 {
600 LOG_DEBUG("D-Cache buffered, "
601 "drain write buffer");
602 /*
603 * Buffered ?
604 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
605 */
606
607 retval = arm920t_write_cp15_interpreted(target,
608 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
609 0x0, 0);
610 if (retval != ERROR_OK)
611 return retval;
612 }
613
614 if (cb == 0x3)
615 {
616 /*
617 * Write back memory ? -> clean cache
618 *
619 * There is no way to clean cache lines using
620 * cp15 scan chain, so copy the full cache
621 * line from cache to physical memory.
622 */
623 uint8_t data[32];
624
625 LOG_DEBUG("D-Cache in 'write back' mode, "
626 "flush cache line");
627
628 retval = target_read_memory(target,
629 address & cache_mask, 1,
630 sizeof(data), &data[0]);
631 if (retval != ERROR_OK)
632 return retval;
633
634 retval = armv4_5_mmu_write_physical(target,
635 &arm920t->armv4_5_mmu,
636 pa & cache_mask, 1,
637 sizeof(data), &data[0]);
638 if (retval != ERROR_OK)
639 return retval;
640 }
641
642 /* Cached ? */
643 if (cb & 0x2)
644 {
645 /*
646 * Cached ? -> Invalidate data cache using MVA
647 *
648 * MCR p15,0,Rd,c7,c6,1
649 */
650 LOG_DEBUG("D-Cache enabled, "
651 "invalidate cache line");
652
653 retval = arm920t_write_cp15_interpreted(target,
654 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
655 address & cache_mask);
656 if (retval != ERROR_OK)
657 return retval;
658 }
659 }
660
661 /* write directly to physical memory,
662 * bypassing any read only MMU bits, etc.
663 */
664 retval = armv4_5_mmu_write_physical(target,
665 &arm920t->armv4_5_mmu, pa, size,
666 count, buffer);
667 if (retval != ERROR_OK)
668 return retval;
669 } else
670 {
671 if ((retval = arm7_9_write_memory(target, address,
672 size, count, buffer)) != ERROR_OK)
673 return retval;
674 }
675
676 /* If ICache is enabled, we have to invalidate affected ICache lines
677 * the DCache is forced to write-through,
678 * so we don't have to clean it here
679 */
680 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
681 {
682 if (count <= 1)
683 {
684 /* invalidate ICache single entry with MVA
685 * mcr 15, 0, r0, cr7, cr5, {1}
686 */
687 LOG_DEBUG("I-Cache enabled, "
688 "invalidating affected I-Cache line");
689 retval = arm920t_write_cp15_interpreted(target,
690 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
691 0x0, address & cache_mask);
692 if (retval != ERROR_OK)
693 return retval;
694 }
695 else
696 {
697 /* invalidate ICache
698 * mcr 15, 0, r0, cr7, cr5, {0}
699 */
700 retval = arm920t_write_cp15_interpreted(target,
701 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
702 0x0, 0x0);
703 if (retval != ERROR_OK)
704 return retval;
705 }
706 }
707
708 return ERROR_OK;
709 }
710
711 // EXPORTED to FA256
712 int arm920t_soft_reset_halt(struct target *target)
713 {
714 int retval = ERROR_OK;
715 struct arm920t_common *arm920t = target_to_arm920(target);
716 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
717 struct arm *armv4_5 = &arm7_9->armv4_5_common;
718 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
719
720 if ((retval = target_halt(target)) != ERROR_OK)
721 {
722 return retval;
723 }
724
725 long long then = timeval_ms();
726 int timeout;
727 while (!(timeout = ((timeval_ms()-then) > 1000)))
728 {
729 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
730 == 0)
731 {
732 embeddedice_read_reg(dbg_stat);
733 if ((retval = jtag_execute_queue()) != ERROR_OK)
734 {
735 return retval;
736 }
737 } else
738 {
739 break;
740 }
741 if (debug_level >= 3)
742 {
743 /* do not eat all CPU, time out after 1 se*/
744 alive_sleep(100);
745 } else
746 {
747 keep_alive();
748 }
749 }
750 if (timeout)
751 {
752 LOG_ERROR("Failed to halt CPU after 1 sec");
753 return ERROR_TARGET_TIMEOUT;
754 }
755
756 target->state = TARGET_HALTED;
757
758 /* SVC, ARM state, IRQ and FIQ disabled */
759 uint32_t cpsr;
760
761 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
762 cpsr &= ~0xff;
763 cpsr |= 0xd3;
764 arm_set_cpsr(armv4_5, cpsr);
765 armv4_5->cpsr->dirty = 1;
766
767 /* start fetching from 0x0 */
768 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
769 armv4_5->pc->dirty = 1;
770 armv4_5->pc->valid = 1;
771
772 arm920t_disable_mmu_caches(target, 1, 1, 1);
773 arm920t->armv4_5_mmu.mmu_enabled = 0;
774 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
775 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
776
777 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
778 }
779
780 /* FIXME remove forward decls */
781 static int arm920t_mrc(struct target *target, int cpnum,
782 uint32_t op1, uint32_t op2,
783 uint32_t CRn, uint32_t CRm,
784 uint32_t *value);
785 static int arm920t_mcr(struct target *target, int cpnum,
786 uint32_t op1, uint32_t op2,
787 uint32_t CRn, uint32_t CRm,
788 uint32_t value);
789
790 static int arm920t_init_arch_info(struct target *target,
791 struct arm920t_common *arm920t, struct jtag_tap *tap)
792 {
793 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
794
795 arm7_9->armv4_5_common.mrc = arm920t_mrc;
796 arm7_9->armv4_5_common.mcr = arm920t_mcr;
797
798 /* initialize arm7/arm9 specific info (including armv4_5) */
799 arm9tdmi_init_arch_info(target, arm7_9, tap);
800
801 arm920t->common_magic = ARM920T_COMMON_MAGIC;
802
803 arm7_9->post_debug_entry = arm920t_post_debug_entry;
804 arm7_9->pre_restore_context = arm920t_pre_restore_context;
805
806 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
807 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
808 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
809 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
810 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
811 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
812 arm920t->armv4_5_mmu.has_tiny_pages = 1;
813 arm920t->armv4_5_mmu.mmu_enabled = 0;
814
815 /* disabling linefills leads to lockups, so keep them enabled for now
816 * this doesn't affect correctness, but might affect timing issues, if
817 * important data is evicted from the cache during the debug session
818 * */
819 arm920t->preserve_cache = 0;
820
821 /* override hw single-step capability from ARM9TDMI */
822 arm7_9->has_single_step = 1;
823
824 return ERROR_OK;
825 }
826
827 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
828 {
829 struct arm920t_common *arm920t;
830
831 arm920t = calloc(1,sizeof(struct arm920t_common));
832 return arm920t_init_arch_info(target, arm920t, target->tap);
833 }
834
835 COMMAND_HANDLER(arm920t_handle_read_cache_command)
836 {
837 int retval = ERROR_OK;
838 struct target *target = get_current_target(CMD_CTX);
839 struct arm920t_common *arm920t = target_to_arm920(target);
840 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
841 struct arm *armv4_5 = &arm7_9->armv4_5_common;
842 uint32_t cp15c15;
843 uint32_t cp15_ctrl, cp15_ctrl_saved;
844 uint32_t regs[16];
845 uint32_t *regs_p[16];
846 uint32_t C15_C_D_Ind, C15_C_I_Ind;
847 int i;
848 FILE *output;
849 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
850 int segment, index;
851 struct reg *r;
852
853 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
854 if (retval != ERROR_OK)
855 return retval;
856
857 if (CMD_ARGC != 1)
858 {
859 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
860 return ERROR_OK;
861 }
862
863 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
864 {
865 LOG_DEBUG("error opening cache content file");
866 return ERROR_OK;
867 }
868
869 for (i = 0; i < 16; i++)
870 regs_p[i] = &regs[i];
871
872 /* disable MMU and Caches */
873 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
874 if ((retval = jtag_execute_queue()) != ERROR_OK)
875 {
876 return retval;
877 }
878 cp15_ctrl_saved = cp15_ctrl;
879 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
880 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
881 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
882
883 /* read CP15 test state register */
884 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
885 jtag_execute_queue();
886
887 /* read DCache content */
888 fprintf(output, "DCache:\n");
889
890 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
891 for (segment = 0;
892 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
893 segment++)
894 {
895 fprintf(output, "\nsegment: %i\n----------", segment);
896
897 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
898 regs[0] = 0x0 | (segment << 5);
899 arm9tdmi_write_core_regs(target, 0x1, regs);
900
901 /* set interpret mode */
902 cp15c15 |= 0x1;
903 arm920t_write_cp15_physical(target,
904 CP15PHYS_TESTSTATE, cp15c15);
905
906 /* D CAM Read, loads current victim into C15.C.D.Ind */
907 arm920t_execute_cp15(target,
908 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
909
910 /* read current victim */
911 arm920t_read_cp15_physical(target,
912 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
913
914 /* clear interpret mode */
915 cp15c15 &= ~0x1;
916 arm920t_write_cp15_physical(target,
917 CP15PHYS_TESTSTATE, cp15c15);
918
919 for (index = 0; index < 64; index++)
920 {
921 /* Ra:
922 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
923 */
924 regs[0] = 0x0 | (segment << 5) | (index << 26);
925 arm9tdmi_write_core_regs(target, 0x1, regs);
926
927 /* set interpret mode */
928 cp15c15 |= 0x1;
929 arm920t_write_cp15_physical(target,
930 CP15PHYS_TESTSTATE, cp15c15);
931
932 /* Write DCache victim */
933 arm920t_execute_cp15(target,
934 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
935
936 /* Read D RAM */
937 arm920t_execute_cp15(target,
938 ARMV4_5_MCR(15,2,0,15,10,2),
939 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
940
941 /* Read D CAM */
942 arm920t_execute_cp15(target,
943 ARMV4_5_MCR(15,2,0,15,6,2),
944 ARMV4_5_LDR(9, 0));
945
946 /* clear interpret mode */
947 cp15c15 &= ~0x1;
948 arm920t_write_cp15_physical(target,
949 CP15PHYS_TESTSTATE, cp15c15);
950
951 /* read D RAM and CAM content */
952 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
953 if ((retval = jtag_execute_queue()) != ERROR_OK)
954 {
955 return retval;
956 }
957
958 d_cache[segment][index].cam = regs[9];
959
960 /* mask LFSR[6] */
961 regs[9] &= 0xfffffffe;
962 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
963 PRIx32 ", content (%s):\n",
964 segment, index, regs[9],
965 (regs[9] & 0x10) ? "valid" : "invalid");
966
967 for (i = 1; i < 9; i++)
968 {
969 d_cache[segment][index].data[i] = regs[i];
970 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
971 i-1, regs[i]);
972 }
973
974 }
975
976 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
977 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
978 arm9tdmi_write_core_regs(target, 0x1, regs);
979
980 /* set interpret mode */
981 cp15c15 |= 0x1;
982 arm920t_write_cp15_physical(target,
983 CP15PHYS_TESTSTATE, cp15c15);
984
985 /* Write DCache victim */
986 arm920t_execute_cp15(target,
987 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
988
989 /* clear interpret mode */
990 cp15c15 &= ~0x1;
991 arm920t_write_cp15_physical(target,
992 CP15PHYS_TESTSTATE, cp15c15);
993 }
994
995 /* read ICache content */
996 fprintf(output, "ICache:\n");
997
998 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
999 for (segment = 0;
1000 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1001 segment++)
1002 {
1003 fprintf(output, "segment: %i\n----------", segment);
1004
1005 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1006 regs[0] = 0x0 | (segment << 5);
1007 arm9tdmi_write_core_regs(target, 0x1, regs);
1008
1009 /* set interpret mode */
1010 cp15c15 |= 0x1;
1011 arm920t_write_cp15_physical(target,
1012 CP15PHYS_TESTSTATE, cp15c15);
1013
1014 /* I CAM Read, loads current victim into C15.C.I.Ind */
1015 arm920t_execute_cp15(target,
1016 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1017
1018 /* read current victim */
1019 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1020 &C15_C_I_Ind);
1021
1022 /* clear interpret mode */
1023 cp15c15 &= ~0x1;
1024 arm920t_write_cp15_physical(target,
1025 CP15PHYS_TESTSTATE, cp15c15);
1026
1027 for (index = 0; index < 64; index++)
1028 {
1029 /* Ra:
1030 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1031 */
1032 regs[0] = 0x0 | (segment << 5) | (index << 26);
1033 arm9tdmi_write_core_regs(target, 0x1, regs);
1034
1035 /* set interpret mode */
1036 cp15c15 |= 0x1;
1037 arm920t_write_cp15_physical(target,
1038 CP15PHYS_TESTSTATE, cp15c15);
1039
1040 /* Write ICache victim */
1041 arm920t_execute_cp15(target,
1042 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1043
1044 /* Read I RAM */
1045 arm920t_execute_cp15(target,
1046 ARMV4_5_MCR(15,2,0,15,9,2),
1047 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1048
1049 /* Read I CAM */
1050 arm920t_execute_cp15(target,
1051 ARMV4_5_MCR(15,2,0,15,5,2),
1052 ARMV4_5_LDR(9, 0));
1053
1054 /* clear interpret mode */
1055 cp15c15 &= ~0x1;
1056 arm920t_write_cp15_physical(target,
1057 CP15PHYS_TESTSTATE, cp15c15);
1058
1059 /* read I RAM and CAM content */
1060 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1061 if ((retval = jtag_execute_queue()) != ERROR_OK)
1062 {
1063 return retval;
1064 }
1065
1066 i_cache[segment][index].cam = regs[9];
1067
1068 /* mask LFSR[6] */
1069 regs[9] &= 0xfffffffe;
1070 fprintf(output, "\nsegment: %i, index: %i, "
1071 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1072 segment, index, regs[9],
1073 (regs[9] & 0x10) ? "valid" : "invalid");
1074
1075 for (i = 1; i < 9; i++)
1076 {
1077 i_cache[segment][index].data[i] = regs[i];
1078 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1079 i-1, regs[i]);
1080 }
1081 }
1082
1083 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1084 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1085 arm9tdmi_write_core_regs(target, 0x1, regs);
1086
1087 /* set interpret mode */
1088 cp15c15 |= 0x1;
1089 arm920t_write_cp15_physical(target,
1090 CP15PHYS_TESTSTATE, cp15c15);
1091
1092 /* Write ICache victim */
1093 arm920t_execute_cp15(target,
1094 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1095
1096 /* clear interpret mode */
1097 cp15c15 &= ~0x1;
1098 arm920t_write_cp15_physical(target,
1099 CP15PHYS_TESTSTATE, cp15c15);
1100 }
1101
1102 /* restore CP15 MMU and Cache settings */
1103 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1104
1105 command_print(CMD_CTX, "cache content successfully output to %s",
1106 CMD_ARGV[0]);
1107
1108 fclose(output);
1109
1110 if (!is_arm_mode(armv4_5->core_mode))
1111 return ERROR_FAIL;
1112
1113 /* force writeback of the valid data */
1114 r = armv4_5->core_cache->reg_list;
1115 r[0].dirty = r[0].valid;
1116 r[1].dirty = r[1].valid;
1117 r[2].dirty = r[2].valid;
1118 r[3].dirty = r[3].valid;
1119 r[4].dirty = r[4].valid;
1120 r[5].dirty = r[5].valid;
1121 r[6].dirty = r[6].valid;
1122 r[7].dirty = r[7].valid;
1123
1124 r = arm_reg_current(armv4_5, 8);
1125 r->dirty = r->valid;
1126
1127 r = arm_reg_current(armv4_5, 9);
1128 r->dirty = r->valid;
1129
1130 return ERROR_OK;
1131 }
1132
1133 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1134 {
1135 int retval = ERROR_OK;
1136 struct target *target = get_current_target(CMD_CTX);
1137 struct arm920t_common *arm920t = target_to_arm920(target);
1138 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1139 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1140 uint32_t cp15c15;
1141 uint32_t cp15_ctrl, cp15_ctrl_saved;
1142 uint32_t regs[16];
1143 uint32_t *regs_p[16];
1144 int i;
1145 FILE *output;
1146 uint32_t Dlockdown, Ilockdown;
1147 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1148 int victim;
1149 struct reg *r;
1150
1151 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1152 if (retval != ERROR_OK)
1153 return retval;
1154
1155 if (CMD_ARGC != 1)
1156 {
1157 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1158 return ERROR_OK;
1159 }
1160
1161 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1162 {
1163 LOG_DEBUG("error opening mmu content file");
1164 return ERROR_OK;
1165 }
1166
1167 for (i = 0; i < 16; i++)
1168 regs_p[i] = &regs[i];
1169
1170 /* disable MMU and Caches */
1171 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1172 if ((retval = jtag_execute_queue()) != ERROR_OK)
1173 {
1174 return retval;
1175 }
1176 cp15_ctrl_saved = cp15_ctrl;
1177 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1178 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1179 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1180
1181 /* read CP15 test state register */
1182 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1183 if ((retval = jtag_execute_queue()) != ERROR_OK)
1184 {
1185 return retval;
1186 }
1187
1188 /* prepare reading D TLB content
1189 * */
1190
1191 /* set interpret mode */
1192 cp15c15 |= 0x1;
1193 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1194
1195 /* Read D TLB lockdown */
1196 arm920t_execute_cp15(target,
1197 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1198
1199 /* clear interpret mode */
1200 cp15c15 &= ~0x1;
1201 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1202
1203 /* read D TLB lockdown stored to r1 */
1204 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1205 if ((retval = jtag_execute_queue()) != ERROR_OK)
1206 {
1207 return retval;
1208 }
1209 Dlockdown = regs[1];
1210
1211 for (victim = 0; victim < 64; victim += 8)
1212 {
1213 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1214 * base remains unchanged, victim goes through entries 0 to 63
1215 */
1216 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1217 arm9tdmi_write_core_regs(target, 0x2, regs);
1218
1219 /* set interpret mode */
1220 cp15c15 |= 0x1;
1221 arm920t_write_cp15_physical(target,
1222 CP15PHYS_TESTSTATE, cp15c15);
1223
1224 /* Write D TLB lockdown */
1225 arm920t_execute_cp15(target,
1226 ARMV4_5_MCR(15,0,0,10,0,0),
1227 ARMV4_5_STR(1, 0));
1228
1229 /* Read D TLB CAM */
1230 arm920t_execute_cp15(target,
1231 ARMV4_5_MCR(15,4,0,15,6,4),
1232 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1233
1234 /* clear interpret mode */
1235 cp15c15 &= ~0x1;
1236 arm920t_write_cp15_physical(target,
1237 CP15PHYS_TESTSTATE, cp15c15);
1238
1239 /* read D TLB CAM content stored to r2-r9 */
1240 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1241 if ((retval = jtag_execute_queue()) != ERROR_OK)
1242 {
1243 return retval;
1244 }
1245
1246 for (i = 0; i < 8; i++)
1247 d_tlb[victim + i].cam = regs[i + 2];
1248 }
1249
1250 for (victim = 0; victim < 64; victim++)
1251 {
1252 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1253 * base remains unchanged, victim goes through entries 0 to 63
1254 */
1255 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1256 arm9tdmi_write_core_regs(target, 0x2, regs);
1257
1258 /* set interpret mode */
1259 cp15c15 |= 0x1;
1260 arm920t_write_cp15_physical(target,
1261 CP15PHYS_TESTSTATE, cp15c15);
1262
1263 /* Write D TLB lockdown */
1264 arm920t_execute_cp15(target,
1265 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1266
1267 /* Read D TLB RAM1 */
1268 arm920t_execute_cp15(target,
1269 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1270
1271 /* Read D TLB RAM2 */
1272 arm920t_execute_cp15(target,
1273 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1274
1275 /* clear interpret mode */
1276 cp15c15 &= ~0x1;
1277 arm920t_write_cp15_physical(target,
1278 CP15PHYS_TESTSTATE, cp15c15);
1279
1280 /* read D TLB RAM content stored to r2 and r3 */
1281 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1282 if ((retval = jtag_execute_queue()) != ERROR_OK)
1283 {
1284 return retval;
1285 }
1286
1287 d_tlb[victim].ram1 = regs[2];
1288 d_tlb[victim].ram2 = regs[3];
1289 }
1290
1291 /* restore D TLB lockdown */
1292 regs[1] = Dlockdown;
1293 arm9tdmi_write_core_regs(target, 0x2, regs);
1294
1295 /* Write D TLB lockdown */
1296 arm920t_execute_cp15(target,
1297 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1298
1299 /* prepare reading I TLB content
1300 * */
1301
1302 /* set interpret mode */
1303 cp15c15 |= 0x1;
1304 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1305
1306 /* Read I TLB lockdown */
1307 arm920t_execute_cp15(target,
1308 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1309
1310 /* clear interpret mode */
1311 cp15c15 &= ~0x1;
1312 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1313
1314 /* read I TLB lockdown stored to r1 */
1315 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1316 if ((retval = jtag_execute_queue()) != ERROR_OK)
1317 {
1318 return retval;
1319 }
1320 Ilockdown = regs[1];
1321
1322 for (victim = 0; victim < 64; victim += 8)
1323 {
1324 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1325 * base remains unchanged, victim goes through entries 0 to 63
1326 */
1327 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1328 arm9tdmi_write_core_regs(target, 0x2, regs);
1329
1330 /* set interpret mode */
1331 cp15c15 |= 0x1;
1332 arm920t_write_cp15_physical(target,
1333 CP15PHYS_TESTSTATE, cp15c15);
1334
1335 /* Write I TLB lockdown */
1336 arm920t_execute_cp15(target,
1337 ARMV4_5_MCR(15,0,0,10,0,1),
1338 ARMV4_5_STR(1, 0));
1339
1340 /* Read I TLB CAM */
1341 arm920t_execute_cp15(target,
1342 ARMV4_5_MCR(15,4,0,15,5,4),
1343 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1344
1345 /* clear interpret mode */
1346 cp15c15 &= ~0x1;
1347 arm920t_write_cp15_physical(target,
1348 CP15PHYS_TESTSTATE, cp15c15);
1349
1350 /* read I TLB CAM content stored to r2-r9 */
1351 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1352 if ((retval = jtag_execute_queue()) != ERROR_OK)
1353 {
1354 return retval;
1355 }
1356
1357 for (i = 0; i < 8; i++)
1358 i_tlb[i + victim].cam = regs[i + 2];
1359 }
1360
1361 for (victim = 0; victim < 64; victim++)
1362 {
1363 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1364 * base remains unchanged, victim goes through entries 0 to 63
1365 */
1366 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1367 arm9tdmi_write_core_regs(target, 0x2, regs);
1368
1369 /* set interpret mode */
1370 cp15c15 |= 0x1;
1371 arm920t_write_cp15_physical(target,
1372 CP15PHYS_TESTSTATE, cp15c15);
1373
1374 /* Write I TLB lockdown */
1375 arm920t_execute_cp15(target,
1376 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1377
1378 /* Read I TLB RAM1 */
1379 arm920t_execute_cp15(target,
1380 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1381
1382 /* Read I TLB RAM2 */
1383 arm920t_execute_cp15(target,
1384 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1385
1386 /* clear interpret mode */
1387 cp15c15 &= ~0x1;
1388 arm920t_write_cp15_physical(target,
1389 CP15PHYS_TESTSTATE, cp15c15);
1390
1391 /* read I TLB RAM content stored to r2 and r3 */
1392 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1393 if ((retval = jtag_execute_queue()) != ERROR_OK)
1394 {
1395 return retval;
1396 }
1397
1398 i_tlb[victim].ram1 = regs[2];
1399 i_tlb[victim].ram2 = regs[3];
1400 }
1401
1402 /* restore I TLB lockdown */
1403 regs[1] = Ilockdown;
1404 arm9tdmi_write_core_regs(target, 0x2, regs);
1405
1406 /* Write I TLB lockdown */
1407 arm920t_execute_cp15(target,
1408 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1409
1410 /* restore CP15 MMU and Cache settings */
1411 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1412
1413 /* output data to file */
1414 fprintf(output, "D TLB content:\n");
1415 for (i = 0; i < 64; i++)
1416 {
1417 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1418 " 0x%8.8" PRIx32 " %s\n",
1419 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1420 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1421 }
1422
1423 fprintf(output, "\n\nI TLB content:\n");
1424 for (i = 0; i < 64; i++)
1425 {
1426 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1427 " 0x%8.8" PRIx32 " %s\n",
1428 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1429 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1430 }
1431
1432 command_print(CMD_CTX, "mmu content successfully output to %s",
1433 CMD_ARGV[0]);
1434
1435 fclose(output);
1436
1437 if (!is_arm_mode(armv4_5->core_mode))
1438 return ERROR_FAIL;
1439
1440 /* force writeback of the valid data */
1441 r = armv4_5->core_cache->reg_list;
1442 r[0].dirty = r[0].valid;
1443 r[1].dirty = r[1].valid;
1444 r[2].dirty = r[2].valid;
1445 r[3].dirty = r[3].valid;
1446 r[4].dirty = r[4].valid;
1447 r[5].dirty = r[5].valid;
1448 r[6].dirty = r[6].valid;
1449 r[7].dirty = r[7].valid;
1450
1451 r = arm_reg_current(armv4_5, 8);
1452 r->dirty = r->valid;
1453
1454 r = arm_reg_current(armv4_5, 9);
1455 r->dirty = r->valid;
1456
1457 return ERROR_OK;
1458 }
1459
1460 COMMAND_HANDLER(arm920t_handle_cp15_command)
1461 {
1462 int retval;
1463 struct target *target = get_current_target(CMD_CTX);
1464 struct arm920t_common *arm920t = target_to_arm920(target);
1465
1466 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1467 if (retval != ERROR_OK)
1468 return retval;
1469
1470 if (target->state != TARGET_HALTED)
1471 {
1472 command_print(CMD_CTX, "target must be stopped for "
1473 "\"%s\" command", CMD_NAME);
1474 return ERROR_OK;
1475 }
1476
1477 /* one argument, read a register.
1478 * two arguments, write it.
1479 */
1480 if (CMD_ARGC >= 1)
1481 {
1482 int address;
1483 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1484
1485 if (CMD_ARGC == 1)
1486 {
1487 uint32_t value;
1488 if ((retval = arm920t_read_cp15_physical(target,
1489 address, &value)) != ERROR_OK)
1490 {
1491 command_print(CMD_CTX,
1492 "couldn't access reg %i", address);
1493 return ERROR_OK;
1494 }
1495 if ((retval = jtag_execute_queue()) != ERROR_OK)
1496 {
1497 return retval;
1498 }
1499
1500 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1501 address, value);
1502 }
1503 else if (CMD_ARGC == 2)
1504 {
1505 uint32_t value;
1506 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1507 retval = arm920t_write_cp15_physical(target,
1508 address, value);
1509 if (retval != ERROR_OK)
1510 {
1511 command_print(CMD_CTX,
1512 "couldn't access reg %i", address);
1513 /* REVISIT why lie? "return retval"? */
1514 return ERROR_OK;
1515 }
1516 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1517 address, value);
1518 }
1519 }
1520
1521 return ERROR_OK;
1522 }
1523
1524 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1525 {
1526 int retval;
1527 struct target *target = get_current_target(CMD_CTX);
1528 struct arm920t_common *arm920t = target_to_arm920(target);
1529
1530 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1531 if (retval != ERROR_OK)
1532 return retval;
1533
1534
1535 if (target->state != TARGET_HALTED)
1536 {
1537 command_print(CMD_CTX, "target must be stopped for "
1538 "\"%s\" command", CMD_NAME);
1539 return ERROR_OK;
1540 }
1541
1542 /* one argument, read a register.
1543 * two arguments, write it.
1544 */
1545 if (CMD_ARGC >= 1)
1546 {
1547 uint32_t opcode;
1548 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1549
1550 if (CMD_ARGC == 1)
1551 {
1552 uint32_t value;
1553 retval = arm920t_read_cp15_interpreted(target,
1554 opcode, 0x0, &value);
1555 if (retval != ERROR_OK)
1556 {
1557 command_print(CMD_CTX,
1558 "couldn't execute %8.8" PRIx32,
1559 opcode);
1560 /* REVISIT why lie? "return retval"? */
1561 return ERROR_OK;
1562 }
1563
1564 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1565 opcode, value);
1566 }
1567 else if (CMD_ARGC == 2)
1568 {
1569 uint32_t value;
1570 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1571 retval = arm920t_write_cp15_interpreted(target,
1572 opcode, value, 0);
1573 if (retval != ERROR_OK)
1574 {
1575 command_print(CMD_CTX,
1576 "couldn't execute %8.8" PRIx32,
1577 opcode);
1578 /* REVISIT why lie? "return retval"? */
1579 return ERROR_OK;
1580 }
1581 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1582 opcode, value);
1583 }
1584 else if (CMD_ARGC == 3)
1585 {
1586 uint32_t value;
1587 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1588 uint32_t address;
1589 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1590 retval = arm920t_write_cp15_interpreted(target,
1591 opcode, value, address);
1592 if (retval != ERROR_OK)
1593 {
1594 command_print(CMD_CTX,
1595 "couldn't execute %8.8" PRIx32, opcode);
1596 /* REVISIT why lie? "return retval"? */
1597 return ERROR_OK;
1598 }
1599 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1600 " %8.8" PRIx32, opcode, value, address);
1601 }
1602 }
1603 else
1604 {
1605 command_print(CMD_CTX,
1606 "usage: arm920t cp15i <opcode> [value] [address]");
1607 }
1608
1609 return ERROR_OK;
1610 }
1611
1612 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1613 {
1614 int retval;
1615 struct target *target = get_current_target(CMD_CTX);
1616 struct arm920t_common *arm920t = target_to_arm920(target);
1617
1618 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1619 if (retval != ERROR_OK)
1620 return retval;
1621
1622 return armv4_5_handle_cache_info_command(CMD_CTX,
1623 &arm920t->armv4_5_mmu.armv4_5_cache);
1624 }
1625
1626
1627 static int arm920t_mrc(struct target *target, int cpnum,
1628 uint32_t op1, uint32_t op2,
1629 uint32_t CRn, uint32_t CRm,
1630 uint32_t *value)
1631 {
1632 if (cpnum!=15)
1633 {
1634 LOG_ERROR("Only cp15 is supported");
1635 return ERROR_FAIL;
1636 }
1637
1638 /* read "to" r0 */
1639 return arm920t_read_cp15_interpreted(target,
1640 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1641 0, value);
1642 }
1643
1644 static int arm920t_mcr(struct target *target, int cpnum,
1645 uint32_t op1, uint32_t op2,
1646 uint32_t CRn, uint32_t CRm,
1647 uint32_t value)
1648 {
1649 if (cpnum!=15)
1650 {
1651 LOG_ERROR("Only cp15 is supported");
1652 return ERROR_FAIL;
1653 }
1654
1655 /* write "from" r0 */
1656 return arm920t_write_cp15_interpreted(target,
1657 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1658 0, value);
1659 }
1660
1661 static const struct command_registration arm920t_exec_command_handlers[] = {
1662 {
1663 .name = "cp15",
1664 .handler = arm920t_handle_cp15_command,
1665 .mode = COMMAND_EXEC,
1666 .help = "display/modify cp15 register",
1667 .usage = "regnum [value]",
1668 },
1669 {
1670 .name = "cp15i",
1671 .handler = arm920t_handle_cp15i_command,
1672 .mode = COMMAND_EXEC,
1673 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1674 .help = "display/modify cp15 register using ARM opcode"
1675 " (DEPRECATED)",
1676 .usage = "instruction [value [address]]",
1677 },
1678 {
1679 .name = "cache_info",
1680 .handler = arm920t_handle_cache_info_command,
1681 .mode = COMMAND_EXEC,
1682 .help = "display information about target caches",
1683 },
1684 {
1685 .name = "read_cache",
1686 .handler = arm920t_handle_read_cache_command,
1687 .mode = COMMAND_EXEC,
1688 .help = "dump I/D cache content to file",
1689 .usage = "filename",
1690 },
1691 {
1692 .name = "read_mmu",
1693 .handler = arm920t_handle_read_mmu_command,
1694 .mode = COMMAND_EXEC,
1695 .help = "dump I/D mmu content to file",
1696 .usage = "filename",
1697 },
1698 COMMAND_REGISTRATION_DONE
1699 };
1700 const struct command_registration arm920t_command_handlers[] = {
1701 {
1702 .chain = arm9tdmi_command_handlers,
1703 },
1704 {
1705 .name = "arm920t",
1706 .mode = COMMAND_ANY,
1707 .help = "arm920t command group",
1708 .chain = arm920t_exec_command_handlers,
1709 },
1710 COMMAND_REGISTRATION_DONE
1711 };
1712
1713 /** Holds methods for ARM920 targets. */
1714 struct target_type arm920t_target =
1715 {
1716 .name = "arm920t",
1717
1718 .poll = arm7_9_poll,
1719 .arch_state = arm920t_arch_state,
1720
1721 .target_request_data = arm7_9_target_request_data,
1722
1723 .halt = arm7_9_halt,
1724 .resume = arm7_9_resume,
1725 .step = arm7_9_step,
1726
1727 .assert_reset = arm7_9_assert_reset,
1728 .deassert_reset = arm7_9_deassert_reset,
1729 .soft_reset_halt = arm920t_soft_reset_halt,
1730
1731 .get_gdb_reg_list = arm_get_gdb_reg_list,
1732
1733 .read_memory = arm920t_read_memory,
1734 .write_memory = arm920t_write_memory,
1735 .read_phys_memory = arm920t_read_phys_memory,
1736 .write_phys_memory = arm920t_write_phys_memory,
1737 .mmu = arm920_mmu,
1738 .virt2phys = arm920_virt2phys,
1739
1740 .bulk_write_memory = arm7_9_bulk_write_memory,
1741
1742 .checksum_memory = arm_checksum_memory,
1743 .blank_check_memory = arm_blank_check_memory,
1744
1745 .run_algorithm = armv4_5_run_algorithm,
1746
1747 .add_breakpoint = arm7_9_add_breakpoint,
1748 .remove_breakpoint = arm7_9_remove_breakpoint,
1749 .add_watchpoint = arm7_9_add_watchpoint,
1750 .remove_watchpoint = arm7_9_remove_watchpoint,
1751
1752 .commands = arm920t_command_handlers,
1753 .target_create = arm920t_target_create,
1754 .init_target = arm9tdmi_init_target,
1755 .examine = arm7_9_examine,
1756 .check_reset = arm7_9_check_reset,
1757 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)