Code Review / openocd.git / blob
? search:


5d90e3416c1b423a5c8d553e3f04cc328cdcd4cd
[openocd.git] / src / target / cortex_a.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2006 by Magnus Lundin *
6 * lundin@mlu.mine.nu *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
13 * *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
16 * *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
19 * *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex-R4 support *
22 * *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
25 * *
26 * This program is free software; you can redistribute it and/or modify *
27 * it under the terms of the GNU General Public License as published by *
28 * the Free Software Foundation; either version 2 of the License, or *
29 * (at your option) any later version. *
30 * *
31 * This program is distributed in the hope that it will be useful, *
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
34 * GNU General Public License for more details. *
35 * *
36 * You should have received a copy of the GNU General Public License *
37 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
38 * *
39 * Cortex-A8(tm) TRM, ARM DDI 0344H *
40 * Cortex-A9(tm) TRM, ARM DDI 0407F *
41 * Cortex-A4(tm) TRM, ARM DDI 0363E *
42 * Cortex-A15(tm)TRM, ARM DDI 0438C *
43 * *
44 ***************************************************************************/
45
46 #ifdef HAVE_CONFIG_H
47 #include "config.h"
48 #endif
49
50 #include "breakpoints.h"
51 #include "cortex_a.h"
52 #include "register.h"
53 #include "target_request.h"
54 #include "target_type.h"
55 #include "arm_opcodes.h"
56 #include "arm_semihosting.h"
57 #include "jtag/swd.h"
58 #include <helper/time_support.h>
59
60 static int cortex_a_poll(struct target *target);
61 static int cortex_a_debug_entry(struct target *target);
62 static int cortex_a_restore_context(struct target *target, bool bpwp);
63 static int cortex_a_set_breakpoint(struct target *target,
64 struct breakpoint *breakpoint, uint8_t matchmode);
65 static int cortex_a_set_context_breakpoint(struct target *target,
66 struct breakpoint *breakpoint, uint8_t matchmode);
67 static int cortex_a_set_hybrid_breakpoint(struct target *target,
68 struct breakpoint *breakpoint);
69 static int cortex_a_unset_breakpoint(struct target *target,
70 struct breakpoint *breakpoint);
71 static int cortex_a_dap_read_coreregister_u32(struct target *target,
72 uint32_t *value, int regnum);
73 static int cortex_a_dap_write_coreregister_u32(struct target *target,
74 uint32_t value, int regnum);
75 static int cortex_a_mmu(struct target *target, int *enabled);
76 static int cortex_a_mmu_modify(struct target *target, int enable);
77 static int cortex_a_virt2phys(struct target *target,
78 target_addr_t virt, target_addr_t *phys);
79 static int cortex_a_read_cpu_memory(struct target *target,
80 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
81
82
83 /* restore cp15_control_reg at resume */
84 static int cortex_a_restore_cp15_control_reg(struct target *target)
85 {
86 int retval = ERROR_OK;
87 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
88 struct armv7a_common *armv7a = target_to_armv7a(target);
89
90 if (cortex_a->cp15_control_reg != cortex_a->cp15_control_reg_curr) {
91 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
92 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
93 retval = armv7a->arm.mcr(target, 15,
94 0, 0, /* op1, op2 */
95 1, 0, /* CRn, CRm */
96 cortex_a->cp15_control_reg);
97 }
98 return retval;
99 }
100
101 /*
102 * Set up ARM core for memory access.
103 * If !phys_access, switch to SVC mode and make sure MMU is on
104 * If phys_access, switch off mmu
105 */
106 static int cortex_a_prep_memaccess(struct target *target, int phys_access)
107 {
108 struct armv7a_common *armv7a = target_to_armv7a(target);
109 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
110 int mmu_enabled = 0;
111
112 if (phys_access == 0) {
113 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
114 cortex_a_mmu(target, &mmu_enabled);
115 if (mmu_enabled)
116 cortex_a_mmu_modify(target, 1);
117 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
118 /* overwrite DACR to all-manager */
119 armv7a->arm.mcr(target, 15,
120 0, 0, 3, 0,
121 0xFFFFFFFF);
122 }
123 } else {
124 cortex_a_mmu(target, &mmu_enabled);
125 if (mmu_enabled)
126 cortex_a_mmu_modify(target, 0);
127 }
128 return ERROR_OK;
129 }
130
131 /*
132 * Restore ARM core after memory access.
133 * If !phys_access, switch to previous mode
134 * If phys_access, restore MMU setting
135 */
136 static int cortex_a_post_memaccess(struct target *target, int phys_access)
137 {
138 struct armv7a_common *armv7a = target_to_armv7a(target);
139 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
140
141 if (phys_access == 0) {
142 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
143 /* restore */
144 armv7a->arm.mcr(target, 15,
145 0, 0, 3, 0,
146 cortex_a->cp15_dacr_reg);
147 }
148 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
149 } else {
150 int mmu_enabled = 0;
151 cortex_a_mmu(target, &mmu_enabled);
152 if (mmu_enabled)
153 cortex_a_mmu_modify(target, 1);
154 }
155 return ERROR_OK;
156 }
157
158
159 /* modify cp15_control_reg in order to enable or disable mmu for :
160 * - virt2phys address conversion
161 * - read or write memory in phys or virt address */
162 static int cortex_a_mmu_modify(struct target *target, int enable)
163 {
164 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
165 struct armv7a_common *armv7a = target_to_armv7a(target);
166 int retval = ERROR_OK;
167 int need_write = 0;
168
169 if (enable) {
170 /* if mmu enabled at target stop and mmu not enable */
171 if (!(cortex_a->cp15_control_reg & 0x1U)) {
172 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
173 return ERROR_FAIL;
174 }
175 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0) {
176 cortex_a->cp15_control_reg_curr |= 0x1U;
177 need_write = 1;
178 }
179 } else {
180 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0x1U) {
181 cortex_a->cp15_control_reg_curr &= ~0x1U;
182 need_write = 1;
183 }
184 }
185
186 if (need_write) {
187 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32,
188 enable ? "enable mmu" : "disable mmu",
189 cortex_a->cp15_control_reg_curr);
190
191 retval = armv7a->arm.mcr(target, 15,
192 0, 0, /* op1, op2 */
193 1, 0, /* CRn, CRm */
194 cortex_a->cp15_control_reg_curr);
195 }
196 return retval;
197 }
198
199 /*
200 * Cortex-A Basic debug access, very low level assumes state is saved
201 */
202 static int cortex_a_init_debug_access(struct target *target)
203 {
204 struct armv7a_common *armv7a = target_to_armv7a(target);
205 int retval;
206
207 /* lock memory-mapped access to debug registers to prevent
208 * software interference */
209 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
210 armv7a->debug_base + CPUDBG_LOCKACCESS, 0);
211 if (retval != ERROR_OK)
212 return retval;
213
214 /* Disable cacheline fills and force cache write-through in debug state */
215 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
216 armv7a->debug_base + CPUDBG_DSCCR, 0);
217 if (retval != ERROR_OK)
218 return retval;
219
220 /* Disable TLB lookup and refill/eviction in debug state */
221 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
222 armv7a->debug_base + CPUDBG_DSMCR, 0);
223 if (retval != ERROR_OK)
224 return retval;
225
226 /* Enabling of instruction execution in debug mode is done in debug_entry code */
227
228 /* Resync breakpoint registers */
229
230 /* Since this is likely called from init or reset, update target state information*/
231 return cortex_a_poll(target);
232 }
233
234 static int cortex_a_wait_instrcmpl(struct target *target, uint32_t *dscr, bool force)
235 {
236 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
237 * Writes final value of DSCR into *dscr. Pass force to force always
238 * reading DSCR at least once. */
239 struct armv7a_common *armv7a = target_to_armv7a(target);
240 int64_t then = timeval_ms();
241 while ((*dscr & DSCR_INSTR_COMP) == 0 || force) {
242 force = false;
243 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
244 armv7a->debug_base + CPUDBG_DSCR, dscr);
245 if (retval != ERROR_OK) {
246 LOG_ERROR("Could not read DSCR register");
247 return retval;
248 }
249 if (timeval_ms() > then + 1000) {
250 LOG_ERROR("Timeout waiting for InstrCompl=1");
251 return ERROR_FAIL;
252 }
253 }
254 return ERROR_OK;
255 }
256
257 /* To reduce needless round-trips, pass in a pointer to the current
258 * DSCR value. Initialize it to zero if you just need to know the
259 * value on return from this function; or DSCR_INSTR_COMP if you
260 * happen to know that no instruction is pending.
261 */
262 static int cortex_a_exec_opcode(struct target *target,
263 uint32_t opcode, uint32_t *dscr_p)
264 {
265 uint32_t dscr;
266 int retval;
267 struct armv7a_common *armv7a = target_to_armv7a(target);
268
269 dscr = dscr_p ? *dscr_p : 0;
270
271 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
272
273 /* Wait for InstrCompl bit to be set */
274 retval = cortex_a_wait_instrcmpl(target, dscr_p, false);
275 if (retval != ERROR_OK)
276 return retval;
277
278 retval = mem_ap_write_u32(armv7a->debug_ap,
279 armv7a->debug_base + CPUDBG_ITR, opcode);
280 if (retval != ERROR_OK)
281 return retval;
282
283 int64_t then = timeval_ms();
284 do {
285 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
286 armv7a->debug_base + CPUDBG_DSCR, &dscr);
287 if (retval != ERROR_OK) {
288 LOG_ERROR("Could not read DSCR register");
289 return retval;
290 }
291 if (timeval_ms() > then + 1000) {
292 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
293 return ERROR_FAIL;
294 }
295 } while ((dscr & DSCR_INSTR_COMP) == 0); /* Wait for InstrCompl bit to be set */
296
297 if (dscr_p)
298 *dscr_p = dscr;
299
300 return retval;
301 }
302
303 /**************************************************************************
304 Read core register with very few exec_opcode, fast but needs work_area.
305 This can cause problems with MMU active.
306 **************************************************************************/
307 static int cortex_a_read_regs_through_mem(struct target *target, uint32_t address,
308 uint32_t *regfile)
309 {
310 int retval = ERROR_OK;
311 struct armv7a_common *armv7a = target_to_armv7a(target);
312
313 retval = cortex_a_dap_read_coreregister_u32(target, regfile, 0);
314 if (retval != ERROR_OK)
315 return retval;
316 retval = cortex_a_dap_write_coreregister_u32(target, address, 0);
317 if (retval != ERROR_OK)
318 return retval;
319 retval = cortex_a_exec_opcode(target, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL);
320 if (retval != ERROR_OK)
321 return retval;
322
323 retval = mem_ap_read_buf(armv7a->memory_ap,
324 (uint8_t *)(&regfile[1]), 4, 15, address);
325
326 return retval;
327 }
328
329 static int cortex_a_dap_read_coreregister_u32(struct target *target,
330 uint32_t *value, int regnum)
331 {
332 int retval = ERROR_OK;
333 uint8_t reg = regnum&0xFF;
334 uint32_t dscr = 0;
335 struct armv7a_common *armv7a = target_to_armv7a(target);
336
337 if (reg > 17)
338 return retval;
339
340 if (reg < 15) {
341 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
342 retval = cortex_a_exec_opcode(target,
343 ARMV4_5_MCR(14, 0, reg, 0, 5, 0),
344 &dscr);
345 if (retval != ERROR_OK)
346 return retval;
347 } else if (reg == 15) {
348 /* "MOV r0, r15"; then move r0 to DCCTX */
349 retval = cortex_a_exec_opcode(target, 0xE1A0000F, &dscr);
350 if (retval != ERROR_OK)
351 return retval;
352 retval = cortex_a_exec_opcode(target,
353 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
354 &dscr);
355 if (retval != ERROR_OK)
356 return retval;
357 } else {
358 /* "MRS r0, CPSR" or "MRS r0, SPSR"
359 * then move r0 to DCCTX
360 */
361 retval = cortex_a_exec_opcode(target, ARMV4_5_MRS(0, reg & 1), &dscr);
362 if (retval != ERROR_OK)
363 return retval;
364 retval = cortex_a_exec_opcode(target,
365 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
366 &dscr);
367 if (retval != ERROR_OK)
368 return retval;
369 }
370
371 /* Wait for DTRRXfull then read DTRRTX */
372 int64_t then = timeval_ms();
373 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
374 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
375 armv7a->debug_base + CPUDBG_DSCR, &dscr);
376 if (retval != ERROR_OK)
377 return retval;
378 if (timeval_ms() > then + 1000) {
379 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
380 return ERROR_FAIL;
381 }
382 }
383
384 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
385 armv7a->debug_base + CPUDBG_DTRTX, value);
386 LOG_DEBUG("read DCC 0x%08" PRIx32, *value);
387
388 return retval;
389 }
390
391 static int cortex_a_dap_write_coreregister_u32(struct target *target,
392 uint32_t value, int regnum)
393 {
394 int retval = ERROR_OK;
395 uint8_t Rd = regnum&0xFF;
396 uint32_t dscr;
397 struct armv7a_common *armv7a = target_to_armv7a(target);
398
399 LOG_DEBUG("register %i, value 0x%08" PRIx32, regnum, value);
400
401 /* Check that DCCRX is not full */
402 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
403 armv7a->debug_base + CPUDBG_DSCR, &dscr);
404 if (retval != ERROR_OK)
405 return retval;
406 if (dscr & DSCR_DTR_RX_FULL) {
407 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
408 /* Clear DCCRX with MRC(p14, 0, Rd, c0, c5, 0), opcode 0xEE100E15 */
409 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
410 &dscr);
411 if (retval != ERROR_OK)
412 return retval;
413 }
414
415 if (Rd > 17)
416 return retval;
417
418 /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
419 LOG_DEBUG("write DCC 0x%08" PRIx32, value);
420 retval = mem_ap_write_u32(armv7a->debug_ap,
421 armv7a->debug_base + CPUDBG_DTRRX, value);
422 if (retval != ERROR_OK)
423 return retval;
424
425 if (Rd < 15) {
426 /* DCCRX to Rn, "MRC p14, 0, Rn, c0, c5, 0", 0xEE10nE15 */
427 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, Rd, 0, 5, 0),
428 &dscr);
429
430 if (retval != ERROR_OK)
431 return retval;
432 } else if (Rd == 15) {
433 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
434 * then "mov r15, r0"
435 */
436 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
437 &dscr);
438 if (retval != ERROR_OK)
439 return retval;
440 retval = cortex_a_exec_opcode(target, 0xE1A0F000, &dscr);
441 if (retval != ERROR_OK)
442 return retval;
443 } else {
444 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
445 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
446 */
447 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
448 &dscr);
449 if (retval != ERROR_OK)
450 return retval;
451 retval = cortex_a_exec_opcode(target, ARMV4_5_MSR_GP(0, 0xF, Rd & 1),
452 &dscr);
453 if (retval != ERROR_OK)
454 return retval;
455
456 /* "Prefetch flush" after modifying execution status in CPSR */
457 if (Rd == 16) {
458 retval = cortex_a_exec_opcode(target,
459 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
460 &dscr);
461 if (retval != ERROR_OK)
462 return retval;
463 }
464 }
465
466 return retval;
467 }
468
469 /* Write to memory mapped registers directly with no cache or mmu handling */
470 static int cortex_a_dap_write_memap_register_u32(struct target *target,
471 uint32_t address,
472 uint32_t value)
473 {
474 int retval;
475 struct armv7a_common *armv7a = target_to_armv7a(target);
476
477 retval = mem_ap_write_atomic_u32(armv7a->debug_ap, address, value);
478
479 return retval;
480 }
481
482 /*
483 * Cortex-A implementation of Debug Programmer's Model
484 *
485 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
486 * so there's no need to poll for it before executing an instruction.
487 *
488 * NOTE that in several of these cases the "stall" mode might be useful.
489 * It'd let us queue a few operations together... prepare/finish might
490 * be the places to enable/disable that mode.
491 */
492
493 static inline struct cortex_a_common *dpm_to_a(struct arm_dpm *dpm)
494 {
495 return container_of(dpm, struct cortex_a_common, armv7a_common.dpm);
496 }
497
498 static int cortex_a_write_dcc(struct cortex_a_common *a, uint32_t data)
499 {
500 LOG_DEBUG("write DCC 0x%08" PRIx32, data);
501 return mem_ap_write_u32(a->armv7a_common.debug_ap,
502 a->armv7a_common.debug_base + CPUDBG_DTRRX, data);
503 }
504
505 static int cortex_a_read_dcc(struct cortex_a_common *a, uint32_t *data,
506 uint32_t *dscr_p)
507 {
508 uint32_t dscr = DSCR_INSTR_COMP;
509 int retval;
510
511 if (dscr_p)
512 dscr = *dscr_p;
513
514 /* Wait for DTRRXfull */
515 int64_t then = timeval_ms();
516 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
517 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
518 a->armv7a_common.debug_base + CPUDBG_DSCR,
519 &dscr);
520 if (retval != ERROR_OK)
521 return retval;
522 if (timeval_ms() > then + 1000) {
523 LOG_ERROR("Timeout waiting for read dcc");
524 return ERROR_FAIL;
525 }
526 }
527
528 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
529 a->armv7a_common.debug_base + CPUDBG_DTRTX, data);
530 if (retval != ERROR_OK)
531 return retval;
532 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
533
534 if (dscr_p)
535 *dscr_p = dscr;
536
537 return retval;
538 }
539
540 static int cortex_a_dpm_prepare(struct arm_dpm *dpm)
541 {
542 struct cortex_a_common *a = dpm_to_a(dpm);
543 uint32_t dscr;
544 int retval;
545
546 /* set up invariant: INSTR_COMP is set after ever DPM operation */
547 int64_t then = timeval_ms();
548 for (;; ) {
549 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
550 a->armv7a_common.debug_base + CPUDBG_DSCR,
551 &dscr);
552 if (retval != ERROR_OK)
553 return retval;
554 if ((dscr & DSCR_INSTR_COMP) != 0)
555 break;
556 if (timeval_ms() > then + 1000) {
557 LOG_ERROR("Timeout waiting for dpm prepare");
558 return ERROR_FAIL;
559 }
560 }
561
562 /* this "should never happen" ... */
563 if (dscr & DSCR_DTR_RX_FULL) {
564 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
565 /* Clear DCCRX */
566 retval = cortex_a_exec_opcode(
567 a->armv7a_common.arm.target,
568 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
569 &dscr);
570 if (retval != ERROR_OK)
571 return retval;
572 }
573
574 return retval;
575 }
576
577 static int cortex_a_dpm_finish(struct arm_dpm *dpm)
578 {
579 /* REVISIT what could be done here? */
580 return ERROR_OK;
581 }
582
583 static int cortex_a_instr_write_data_dcc(struct arm_dpm *dpm,
584 uint32_t opcode, uint32_t data)
585 {
586 struct cortex_a_common *a = dpm_to_a(dpm);
587 int retval;
588 uint32_t dscr = DSCR_INSTR_COMP;
589
590 retval = cortex_a_write_dcc(a, data);
591 if (retval != ERROR_OK)
592 return retval;
593
594 return cortex_a_exec_opcode(
595 a->armv7a_common.arm.target,
596 opcode,
597 &dscr);
598 }
599
600 static int cortex_a_instr_write_data_r0(struct arm_dpm *dpm,
601 uint32_t opcode, uint32_t data)
602 {
603 struct cortex_a_common *a = dpm_to_a(dpm);
604 uint32_t dscr = DSCR_INSTR_COMP;
605 int retval;
606
607 retval = cortex_a_write_dcc(a, data);
608 if (retval != ERROR_OK)
609 return retval;
610
611 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
612 retval = cortex_a_exec_opcode(
613 a->armv7a_common.arm.target,
614 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
615 &dscr);
616 if (retval != ERROR_OK)
617 return retval;
618
619 /* then the opcode, taking data from R0 */
620 retval = cortex_a_exec_opcode(
621 a->armv7a_common.arm.target,
622 opcode,
623 &dscr);
624
625 return retval;
626 }
627
628 static int cortex_a_instr_cpsr_sync(struct arm_dpm *dpm)
629 {
630 struct target *target = dpm->arm->target;
631 uint32_t dscr = DSCR_INSTR_COMP;
632
633 /* "Prefetch flush" after modifying execution status in CPSR */
634 return cortex_a_exec_opcode(target,
635 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
636 &dscr);
637 }
638
639 static int cortex_a_instr_read_data_dcc(struct arm_dpm *dpm,
640 uint32_t opcode, uint32_t *data)
641 {
642 struct cortex_a_common *a = dpm_to_a(dpm);
643 int retval;
644 uint32_t dscr = DSCR_INSTR_COMP;
645
646 /* the opcode, writing data to DCC */
647 retval = cortex_a_exec_opcode(
648 a->armv7a_common.arm.target,
649 opcode,
650 &dscr);
651 if (retval != ERROR_OK)
652 return retval;
653
654 return cortex_a_read_dcc(a, data, &dscr);
655 }
656
657
658 static int cortex_a_instr_read_data_r0(struct arm_dpm *dpm,
659 uint32_t opcode, uint32_t *data)
660 {
661 struct cortex_a_common *a = dpm_to_a(dpm);
662 uint32_t dscr = DSCR_INSTR_COMP;
663 int retval;
664
665 /* the opcode, writing data to R0 */
666 retval = cortex_a_exec_opcode(
667 a->armv7a_common.arm.target,
668 opcode,
669 &dscr);
670 if (retval != ERROR_OK)
671 return retval;
672
673 /* write R0 to DCC */
674 retval = cortex_a_exec_opcode(
675 a->armv7a_common.arm.target,
676 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
677 &dscr);
678 if (retval != ERROR_OK)
679 return retval;
680
681 return cortex_a_read_dcc(a, data, &dscr);
682 }
683
684 static int cortex_a_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
685 uint32_t addr, uint32_t control)
686 {
687 struct cortex_a_common *a = dpm_to_a(dpm);
688 uint32_t vr = a->armv7a_common.debug_base;
689 uint32_t cr = a->armv7a_common.debug_base;
690 int retval;
691
692 switch (index_t) {
693 case 0 ... 15: /* breakpoints */
694 vr += CPUDBG_BVR_BASE;
695 cr += CPUDBG_BCR_BASE;
696 break;
697 case 16 ... 31: /* watchpoints */
698 vr += CPUDBG_WVR_BASE;
699 cr += CPUDBG_WCR_BASE;
700 index_t -= 16;
701 break;
702 default:
703 return ERROR_FAIL;
704 }
705 vr += 4 * index_t;
706 cr += 4 * index_t;
707
708 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
709 (unsigned) vr, (unsigned) cr);
710
711 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
712 vr, addr);
713 if (retval != ERROR_OK)
714 return retval;
715 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
716 cr, control);
717 return retval;
718 }
719
720 static int cortex_a_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
721 {
722 struct cortex_a_common *a = dpm_to_a(dpm);
723 uint32_t cr;
724
725 switch (index_t) {
726 case 0 ... 15:
727 cr = a->armv7a_common.debug_base + CPUDBG_BCR_BASE;
728 break;
729 case 16 ... 31:
730 cr = a->armv7a_common.debug_base + CPUDBG_WCR_BASE;
731 index_t -= 16;
732 break;
733 default:
734 return ERROR_FAIL;
735 }
736 cr += 4 * index_t;
737
738 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr);
739
740 /* clear control register */
741 return cortex_a_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
742 }
743
744 static int cortex_a_dpm_setup(struct cortex_a_common *a, uint32_t didr)
745 {
746 struct arm_dpm *dpm = &a->armv7a_common.dpm;
747 int retval;
748
749 dpm->arm = &a->armv7a_common.arm;
750 dpm->didr = didr;
751
752 dpm->prepare = cortex_a_dpm_prepare;
753 dpm->finish = cortex_a_dpm_finish;
754
755 dpm->instr_write_data_dcc = cortex_a_instr_write_data_dcc;
756 dpm->instr_write_data_r0 = cortex_a_instr_write_data_r0;
757 dpm->instr_cpsr_sync = cortex_a_instr_cpsr_sync;
758
759 dpm->instr_read_data_dcc = cortex_a_instr_read_data_dcc;
760 dpm->instr_read_data_r0 = cortex_a_instr_read_data_r0;
761
762 dpm->bpwp_enable = cortex_a_bpwp_enable;
763 dpm->bpwp_disable = cortex_a_bpwp_disable;
764
765 retval = arm_dpm_setup(dpm);
766 if (retval == ERROR_OK)
767 retval = arm_dpm_initialize(dpm);
768
769 return retval;
770 }
771 static struct target *get_cortex_a(struct target *target, int32_t coreid)
772 {
773 struct target_list *head;
774 struct target *curr;
775
776 head = target->head;
777 while (head != (struct target_list *)NULL) {
778 curr = head->target;
779 if ((curr->coreid == coreid) && (curr->state == TARGET_HALTED))
780 return curr;
781 head = head->next;
782 }
783 return target;
784 }
785 static int cortex_a_halt(struct target *target);
786
787 static int cortex_a_halt_smp(struct target *target)
788 {
789 int retval = 0;
790 struct target_list *head;
791 struct target *curr;
792 head = target->head;
793 while (head != (struct target_list *)NULL) {
794 curr = head->target;
795 if ((curr != target) && (curr->state != TARGET_HALTED)
796 && target_was_examined(curr))
797 retval += cortex_a_halt(curr);
798 head = head->next;
799 }
800 return retval;
801 }
802
803 static int update_halt_gdb(struct target *target)
804 {
805 int retval = 0;
806 if (target->gdb_service && target->gdb_service->core[0] == -1) {
807 target->gdb_service->target = target;
808 target->gdb_service->core[0] = target->coreid;
809 retval += cortex_a_halt_smp(target);
810 }
811 return retval;
812 }
813
814 /*
815 * Cortex-A Run control
816 */
817
818 static int cortex_a_poll(struct target *target)
819 {
820 int retval = ERROR_OK;
821 uint32_t dscr;
822 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
823 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
824 enum target_state prev_target_state = target->state;
825 /* toggle to another core is done by gdb as follow */
826 /* maint packet J core_id */
827 /* continue */
828 /* the next polling trigger an halt event sent to gdb */
829 if ((target->state == TARGET_HALTED) && (target->smp) &&
830 (target->gdb_service) &&
831 (target->gdb_service->target == NULL)) {
832 target->gdb_service->target =
833 get_cortex_a(target, target->gdb_service->core[1]);
834 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
835 return retval;
836 }
837 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
838 armv7a->debug_base + CPUDBG_DSCR, &dscr);
839 if (retval != ERROR_OK)
840 return retval;
841 cortex_a->cpudbg_dscr = dscr;
842
843 if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED)) {
844 if (prev_target_state != TARGET_HALTED) {
845 /* We have a halting debug event */
846 LOG_DEBUG("Target halted");
847 target->state = TARGET_HALTED;
848 if ((prev_target_state == TARGET_RUNNING)
849 || (prev_target_state == TARGET_UNKNOWN)
850 || (prev_target_state == TARGET_RESET)) {
851 retval = cortex_a_debug_entry(target);
852 if (retval != ERROR_OK)
853 return retval;
854 if (target->smp) {
855 retval = update_halt_gdb(target);
856 if (retval != ERROR_OK)
857 return retval;
858 }
859
860 if (arm_semihosting(target, &retval) != 0)
861 return retval;
862
863 target_call_event_callbacks(target,
864 TARGET_EVENT_HALTED);
865 }
866 if (prev_target_state == TARGET_DEBUG_RUNNING) {
867 LOG_DEBUG(" ");
868
869 retval = cortex_a_debug_entry(target);
870 if (retval != ERROR_OK)
871 return retval;
872 if (target->smp) {
873 retval = update_halt_gdb(target);
874 if (retval != ERROR_OK)
875 return retval;
876 }
877
878 target_call_event_callbacks(target,
879 TARGET_EVENT_DEBUG_HALTED);
880 }
881 }
882 } else
883 target->state = TARGET_RUNNING;
884
885 return retval;
886 }
887
888 static int cortex_a_halt(struct target *target)
889 {
890 int retval = ERROR_OK;
891 uint32_t dscr;
892 struct armv7a_common *armv7a = target_to_armv7a(target);
893
894 /*
895 * Tell the core to be halted by writing DRCR with 0x1
896 * and then wait for the core to be halted.
897 */
898 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
899 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
900 if (retval != ERROR_OK)
901 return retval;
902
903 /*
904 * enter halting debug mode
905 */
906 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
907 armv7a->debug_base + CPUDBG_DSCR, &dscr);
908 if (retval != ERROR_OK)
909 return retval;
910
911 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
912 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
913 if (retval != ERROR_OK)
914 return retval;
915
916 int64_t then = timeval_ms();
917 for (;; ) {
918 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
919 armv7a->debug_base + CPUDBG_DSCR, &dscr);
920 if (retval != ERROR_OK)
921 return retval;
922 if ((dscr & DSCR_CORE_HALTED) != 0)
923 break;
924 if (timeval_ms() > then + 1000) {
925 LOG_ERROR("Timeout waiting for halt");
926 return ERROR_FAIL;
927 }
928 }
929
930 target->debug_reason = DBG_REASON_DBGRQ;
931
932 return ERROR_OK;
933 }
934
935 static int cortex_a_internal_restore(struct target *target, int current,
936 target_addr_t *address, int handle_breakpoints, int debug_execution)
937 {
938 struct armv7a_common *armv7a = target_to_armv7a(target);
939 struct arm *arm = &armv7a->arm;
940 int retval;
941 uint32_t resume_pc;
942
943 if (!debug_execution)
944 target_free_all_working_areas(target);
945
946 #if 0
947 if (debug_execution) {
948 /* Disable interrupts */
949 /* We disable interrupts in the PRIMASK register instead of
950 * masking with C_MASKINTS,
951 * This is probably the same issue as Cortex-M3 Errata 377493:
952 * C_MASKINTS in parallel with disabled interrupts can cause
953 * local faults to not be taken. */
954 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
955 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
956 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
957
958 /* Make sure we are in Thumb mode */
959 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
960 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0,
961 32) | (1 << 24));
962 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
963 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
964 }
965 #endif
966
967 /* current = 1: continue on current pc, otherwise continue at <address> */
968 resume_pc = buf_get_u32(arm->pc->value, 0, 32);
969 if (!current)
970 resume_pc = *address;
971 else
972 *address = resume_pc;
973
974 /* Make sure that the Armv7 gdb thumb fixups does not
975 * kill the return address
976 */
977 switch (arm->core_state) {
978 case ARM_STATE_ARM:
979 resume_pc &= 0xFFFFFFFC;
980 break;
981 case ARM_STATE_THUMB:
982 case ARM_STATE_THUMB_EE:
983 /* When the return address is loaded into PC
984 * bit 0 must be 1 to stay in Thumb state
985 */
986 resume_pc |= 0x1;
987 break;
988 case ARM_STATE_JAZELLE:
989 LOG_ERROR("How do I resume into Jazelle state??");
990 return ERROR_FAIL;
991 case ARM_STATE_AARCH64:
992 LOG_ERROR("Shoudn't be in AARCH64 state");
993 return ERROR_FAIL;
994 }
995 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
996 buf_set_u32(arm->pc->value, 0, 32, resume_pc);
997 arm->pc->dirty = 1;
998 arm->pc->valid = 1;
999
1000 /* restore dpm_mode at system halt */
1001 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1002 /* called it now before restoring context because it uses cpu
1003 * register r0 for restoring cp15 control register */
1004 retval = cortex_a_restore_cp15_control_reg(target);
1005 if (retval != ERROR_OK)
1006 return retval;
1007 retval = cortex_a_restore_context(target, handle_breakpoints);
1008 if (retval != ERROR_OK)
1009 return retval;
1010 target->debug_reason = DBG_REASON_NOTHALTED;
1011 target->state = TARGET_RUNNING;
1012
1013 /* registers are now invalid */
1014 register_cache_invalidate(arm->core_cache);
1015
1016 #if 0
1017 /* the front-end may request us not to handle breakpoints */
1018 if (handle_breakpoints) {
1019 /* Single step past breakpoint at current address */
1020 breakpoint = breakpoint_find(target, resume_pc);
1021 if (breakpoint) {
1022 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1023 cortex_m3_unset_breakpoint(target, breakpoint);
1024 cortex_m3_single_step_core(target);
1025 cortex_m3_set_breakpoint(target, breakpoint);
1026 }
1027 }
1028
1029 #endif
1030 return retval;
1031 }
1032
1033 static int cortex_a_internal_restart(struct target *target)
1034 {
1035 struct armv7a_common *armv7a = target_to_armv7a(target);
1036 struct arm *arm = &armv7a->arm;
1037 int retval;
1038 uint32_t dscr;
1039 /*
1040 * * Restart core and wait for it to be started. Clear ITRen and sticky
1041 * * exception flags: see ARMv7 ARM, C5.9.
1042 *
1043 * REVISIT: for single stepping, we probably want to
1044 * disable IRQs by default, with optional override...
1045 */
1046
1047 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1048 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1049 if (retval != ERROR_OK)
1050 return retval;
1051
1052 if ((dscr & DSCR_INSTR_COMP) == 0)
1053 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
1054
1055 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1056 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
1057 if (retval != ERROR_OK)
1058 return retval;
1059
1060 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1061 armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART |
1062 DRCR_CLEAR_EXCEPTIONS);
1063 if (retval != ERROR_OK)
1064 return retval;
1065
1066 int64_t then = timeval_ms();
1067 for (;; ) {
1068 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1069 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1070 if (retval != ERROR_OK)
1071 return retval;
1072 if ((dscr & DSCR_CORE_RESTARTED) != 0)
1073 break;
1074 if (timeval_ms() > then + 1000) {
1075 LOG_ERROR("Timeout waiting for resume");
1076 return ERROR_FAIL;
1077 }
1078 }
1079
1080 target->debug_reason = DBG_REASON_NOTHALTED;
1081 target->state = TARGET_RUNNING;
1082
1083 /* registers are now invalid */
1084 register_cache_invalidate(arm->core_cache);
1085
1086 return ERROR_OK;
1087 }
1088
1089 static int cortex_a_restore_smp(struct target *target, int handle_breakpoints)
1090 {
1091 int retval = 0;
1092 struct target_list *head;
1093 struct target *curr;
1094 target_addr_t address;
1095 head = target->head;
1096 while (head != (struct target_list *)NULL) {
1097 curr = head->target;
1098 if ((curr != target) && (curr->state != TARGET_RUNNING)
1099 && target_was_examined(curr)) {
1100 /* resume current address , not in step mode */
1101 retval += cortex_a_internal_restore(curr, 1, &address,
1102 handle_breakpoints, 0);
1103 retval += cortex_a_internal_restart(curr);
1104 }
1105 head = head->next;
1106
1107 }
1108 return retval;
1109 }
1110
1111 static int cortex_a_resume(struct target *target, int current,
1112 target_addr_t address, int handle_breakpoints, int debug_execution)
1113 {
1114 int retval = 0;
1115 /* dummy resume for smp toggle in order to reduce gdb impact */
1116 if ((target->smp) && (target->gdb_service->core[1] != -1)) {
1117 /* simulate a start and halt of target */
1118 target->gdb_service->target = NULL;
1119 target->gdb_service->core[0] = target->gdb_service->core[1];
1120 /* fake resume at next poll we play the target core[1], see poll*/
1121 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1122 return 0;
1123 }
1124 cortex_a_internal_restore(target, current, &address, handle_breakpoints, debug_execution);
1125 if (target->smp) {
1126 target->gdb_service->core[0] = -1;
1127 retval = cortex_a_restore_smp(target, handle_breakpoints);
1128 if (retval != ERROR_OK)
1129 return retval;
1130 }
1131 cortex_a_internal_restart(target);
1132
1133 if (!debug_execution) {
1134 target->state = TARGET_RUNNING;
1135 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1136 LOG_DEBUG("target resumed at " TARGET_ADDR_FMT, address);
1137 } else {
1138 target->state = TARGET_DEBUG_RUNNING;
1139 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1140 LOG_DEBUG("target debug resumed at " TARGET_ADDR_FMT, address);
1141 }
1142
1143 return ERROR_OK;
1144 }
1145
1146 static int cortex_a_debug_entry(struct target *target)
1147 {
1148 int i;
1149 uint32_t regfile[16], cpsr, spsr, dscr;
1150 int retval = ERROR_OK;
1151 struct working_area *regfile_working_area = NULL;
1152 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1153 struct armv7a_common *armv7a = target_to_armv7a(target);
1154 struct arm *arm = &armv7a->arm;
1155 struct reg *reg;
1156
1157 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a->cpudbg_dscr);
1158
1159 /* REVISIT surely we should not re-read DSCR !! */
1160 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1161 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1162 if (retval != ERROR_OK)
1163 return retval;
1164
1165 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1166 * imprecise data aborts get discarded by issuing a Data
1167 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1168 */
1169
1170 /* Enable the ITR execution once we are in debug mode */
1171 dscr |= DSCR_ITR_EN;
1172 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1173 armv7a->debug_base + CPUDBG_DSCR, dscr);
1174 if (retval != ERROR_OK)
1175 return retval;
1176
1177 /* Examine debug reason */
1178 arm_dpm_report_dscr(&armv7a->dpm, cortex_a->cpudbg_dscr);
1179
1180 /* save address of instruction that triggered the watchpoint? */
1181 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
1182 uint32_t wfar;
1183
1184 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1185 armv7a->debug_base + CPUDBG_WFAR,
1186 &wfar);
1187 if (retval != ERROR_OK)
1188 return retval;
1189 arm_dpm_report_wfar(&armv7a->dpm, wfar);
1190 }
1191
1192 /* REVISIT fast_reg_read is never set ... */
1193
1194 /* Examine target state and mode */
1195 if (cortex_a->fast_reg_read)
1196 target_alloc_working_area(target, 64, &regfile_working_area);
1197
1198
1199 /* First load register acessible through core debug port*/
1200 if (!regfile_working_area)
1201 retval = arm_dpm_read_current_registers(&armv7a->dpm);
1202 else {
1203 retval = cortex_a_read_regs_through_mem(target,
1204 regfile_working_area->address, regfile);
1205
1206 target_free_working_area(target, regfile_working_area);
1207 if (retval != ERROR_OK)
1208 return retval;
1209
1210 /* read Current PSR */
1211 retval = cortex_a_dap_read_coreregister_u32(target, &cpsr, 16);
1212 /* store current cpsr */
1213 if (retval != ERROR_OK)
1214 return retval;
1215
1216 LOG_DEBUG("cpsr: %8.8" PRIx32, cpsr);
1217
1218 arm_set_cpsr(arm, cpsr);
1219
1220 /* update cache */
1221 for (i = 0; i <= ARM_PC; i++) {
1222 reg = arm_reg_current(arm, i);
1223
1224 buf_set_u32(reg->value, 0, 32, regfile[i]);
1225 reg->valid = 1;
1226 reg->dirty = 0;
1227 }
1228
1229 /* Fixup PC Resume Address */
1230 if (cpsr & (1 << 5)) {
1231 /* T bit set for Thumb or ThumbEE state */
1232 regfile[ARM_PC] -= 4;
1233 } else {
1234 /* ARM state */
1235 regfile[ARM_PC] -= 8;
1236 }
1237
1238 reg = arm->pc;
1239 buf_set_u32(reg->value, 0, 32, regfile[ARM_PC]);
1240 reg->dirty = reg->valid;
1241 }
1242
1243 if (arm->spsr) {
1244 /* read Saved PSR */
1245 retval = cortex_a_dap_read_coreregister_u32(target, &spsr, 17);
1246 /* store current spsr */
1247 if (retval != ERROR_OK)
1248 return retval;
1249
1250 reg = arm->spsr;
1251 buf_set_u32(reg->value, 0, 32, spsr);
1252 reg->valid = 1;
1253 reg->dirty = 0;
1254 }
1255
1256 #if 0
1257 /* TODO, Move this */
1258 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1259 cortex_a_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1260 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1261
1262 cortex_a_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1263 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1264
1265 cortex_a_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1266 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1267 #endif
1268
1269 /* Are we in an exception handler */
1270 /* armv4_5->exception_number = 0; */
1271 if (armv7a->post_debug_entry) {
1272 retval = armv7a->post_debug_entry(target);
1273 if (retval != ERROR_OK)
1274 return retval;
1275 }
1276
1277 return retval;
1278 }
1279
1280 static int cortex_a_post_debug_entry(struct target *target)
1281 {
1282 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1283 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1284 int retval;
1285
1286 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1287 retval = armv7a->arm.mrc(target, 15,
1288 0, 0, /* op1, op2 */
1289 1, 0, /* CRn, CRm */
1290 &cortex_a->cp15_control_reg);
1291 if (retval != ERROR_OK)
1292 return retval;
1293 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg);
1294 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
1295
1296 if (armv7a->armv7a_mmu.armv7a_cache.info == -1)
1297 armv7a_identify_cache(target);
1298
1299 if (armv7a->is_armv7r) {
1300 armv7a->armv7a_mmu.mmu_enabled = 0;
1301 } else {
1302 armv7a->armv7a_mmu.mmu_enabled =
1303 (cortex_a->cp15_control_reg & 0x1U) ? 1 : 0;
1304 }
1305 armv7a->armv7a_mmu.armv7a_cache.d_u_cache_enabled =
1306 (cortex_a->cp15_control_reg & 0x4U) ? 1 : 0;
1307 armv7a->armv7a_mmu.armv7a_cache.i_cache_enabled =
1308 (cortex_a->cp15_control_reg & 0x1000U) ? 1 : 0;
1309 cortex_a->curr_mode = armv7a->arm.core_mode;
1310
1311 /* switch to SVC mode to read DACR */
1312 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
1313 armv7a->arm.mrc(target, 15,
1314 0, 0, 3, 0,
1315 &cortex_a->cp15_dacr_reg);
1316
1317 LOG_DEBUG("cp15_dacr_reg: %8.8" PRIx32,
1318 cortex_a->cp15_dacr_reg);
1319
1320 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1321 return ERROR_OK;
1322 }
1323
1324 int cortex_a_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
1325 {
1326 struct armv7a_common *armv7a = target_to_armv7a(target);
1327 uint32_t dscr;
1328
1329 /* Read DSCR */
1330 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1331 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1332 if (ERROR_OK != retval)
1333 return retval;
1334
1335 /* clear bitfield */
1336 dscr &= ~bit_mask;
1337 /* put new value */
1338 dscr |= value & bit_mask;
1339
1340 /* write new DSCR */
1341 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1342 armv7a->debug_base + CPUDBG_DSCR, dscr);
1343 return retval;
1344 }
1345
1346 static int cortex_a_step(struct target *target, int current, target_addr_t address,
1347 int handle_breakpoints)
1348 {
1349 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1350 struct armv7a_common *armv7a = target_to_armv7a(target);
1351 struct arm *arm = &armv7a->arm;
1352 struct breakpoint *breakpoint = NULL;
1353 struct breakpoint stepbreakpoint;
1354 struct reg *r;
1355 int retval;
1356
1357 if (target->state != TARGET_HALTED) {
1358 LOG_WARNING("target not halted");
1359 return ERROR_TARGET_NOT_HALTED;
1360 }
1361
1362 /* current = 1: continue on current pc, otherwise continue at <address> */
1363 r = arm->pc;
1364 if (!current)
1365 buf_set_u32(r->value, 0, 32, address);
1366 else
1367 address = buf_get_u32(r->value, 0, 32);
1368
1369 /* The front-end may request us not to handle breakpoints.
1370 * But since Cortex-A uses breakpoint for single step,
1371 * we MUST handle breakpoints.
1372 */
1373 handle_breakpoints = 1;
1374 if (handle_breakpoints) {
1375 breakpoint = breakpoint_find(target, address);
1376 if (breakpoint)
1377 cortex_a_unset_breakpoint(target, breakpoint);
1378 }
1379
1380 /* Setup single step breakpoint */
1381 stepbreakpoint.address = address;
1382 stepbreakpoint.length = (arm->core_state == ARM_STATE_THUMB)
1383 ? 2 : 4;
1384 stepbreakpoint.type = BKPT_HARD;
1385 stepbreakpoint.set = 0;
1386
1387 /* Disable interrupts during single step if requested */
1388 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1389 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, DSCR_INT_DIS);
1390 if (ERROR_OK != retval)
1391 return retval;
1392 }
1393
1394 /* Break on IVA mismatch */
1395 cortex_a_set_breakpoint(target, &stepbreakpoint, 0x04);
1396
1397 target->debug_reason = DBG_REASON_SINGLESTEP;
1398
1399 retval = cortex_a_resume(target, 1, address, 0, 0);
1400 if (retval != ERROR_OK)
1401 return retval;
1402
1403 int64_t then = timeval_ms();
1404 while (target->state != TARGET_HALTED) {
1405 retval = cortex_a_poll(target);
1406 if (retval != ERROR_OK)
1407 return retval;
1408 if (timeval_ms() > then + 1000) {
1409 LOG_ERROR("timeout waiting for target halt");
1410 return ERROR_FAIL;
1411 }
1412 }
1413
1414 cortex_a_unset_breakpoint(target, &stepbreakpoint);
1415
1416 /* Re-enable interrupts if they were disabled */
1417 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1418 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, 0);
1419 if (ERROR_OK != retval)
1420 return retval;
1421 }
1422
1423
1424 target->debug_reason = DBG_REASON_BREAKPOINT;
1425
1426 if (breakpoint)
1427 cortex_a_set_breakpoint(target, breakpoint, 0);
1428
1429 if (target->state != TARGET_HALTED)
1430 LOG_DEBUG("target stepped");
1431
1432 return ERROR_OK;
1433 }
1434
1435 static int cortex_a_restore_context(struct target *target, bool bpwp)
1436 {
1437 struct armv7a_common *armv7a = target_to_armv7a(target);
1438
1439 LOG_DEBUG(" ");
1440
1441 if (armv7a->pre_restore_context)
1442 armv7a->pre_restore_context(target);
1443
1444 return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1445 }
1446
1447 /*
1448 * Cortex-A Breakpoint and watchpoint functions
1449 */
1450
1451 /* Setup hardware Breakpoint Register Pair */
1452 static int cortex_a_set_breakpoint(struct target *target,
1453 struct breakpoint *breakpoint, uint8_t matchmode)
1454 {
1455 int retval;
1456 int brp_i = 0;
1457 uint32_t control;
1458 uint8_t byte_addr_select = 0x0F;
1459 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1460 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1461 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1462
1463 if (breakpoint->set) {
1464 LOG_WARNING("breakpoint already set");
1465 return ERROR_OK;
1466 }
1467
1468 if (breakpoint->type == BKPT_HARD) {
1469 while (brp_list[brp_i].used && (brp_i < cortex_a->brp_num))
1470 brp_i++;
1471 if (brp_i >= cortex_a->brp_num) {
1472 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1473 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1474 }
1475 breakpoint->set = brp_i + 1;
1476 if (breakpoint->length == 2)
1477 byte_addr_select = (3 << (breakpoint->address & 0x02));
1478 control = ((matchmode & 0x7) << 20)
1479 | (byte_addr_select << 5)
1480 | (3 << 1) | 1;
1481 brp_list[brp_i].used = 1;
1482 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1483 brp_list[brp_i].control = control;
1484 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1485 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1486 brp_list[brp_i].value);
1487 if (retval != ERROR_OK)
1488 return retval;
1489 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1490 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1491 brp_list[brp_i].control);
1492 if (retval != ERROR_OK)
1493 return retval;
1494 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1495 brp_list[brp_i].control,
1496 brp_list[brp_i].value);
1497 } else if (breakpoint->type == BKPT_SOFT) {
1498 uint8_t code[4];
1499 if (breakpoint->length == 2)
1500 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1501 else
1502 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1503 retval = target_read_memory(target,
1504 breakpoint->address & 0xFFFFFFFE,
1505 breakpoint->length, 1,
1506 breakpoint->orig_instr);
1507 if (retval != ERROR_OK)
1508 return retval;
1509
1510 /* make sure data cache is cleaned & invalidated down to PoC */
1511 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1512 armv7a_cache_flush_virt(target, breakpoint->address,
1513 breakpoint->length);
1514 }
1515
1516 retval = target_write_memory(target,
1517 breakpoint->address & 0xFFFFFFFE,
1518 breakpoint->length, 1, code);
1519 if (retval != ERROR_OK)
1520 return retval;
1521
1522 /* update i-cache at breakpoint location */
1523 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1524 breakpoint->length);
1525 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1526 breakpoint->length);
1527
1528 breakpoint->set = 0x11; /* Any nice value but 0 */
1529 }
1530
1531 return ERROR_OK;
1532 }
1533
1534 static int cortex_a_set_context_breakpoint(struct target *target,
1535 struct breakpoint *breakpoint, uint8_t matchmode)
1536 {
1537 int retval = ERROR_FAIL;
1538 int brp_i = 0;
1539 uint32_t control;
1540 uint8_t byte_addr_select = 0x0F;
1541 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1542 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1543 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1544
1545 if (breakpoint->set) {
1546 LOG_WARNING("breakpoint already set");
1547 return retval;
1548 }
1549 /*check available context BRPs*/
1550 while ((brp_list[brp_i].used ||
1551 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < cortex_a->brp_num))
1552 brp_i++;
1553
1554 if (brp_i >= cortex_a->brp_num) {
1555 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1556 return ERROR_FAIL;
1557 }
1558
1559 breakpoint->set = brp_i + 1;
1560 control = ((matchmode & 0x7) << 20)
1561 | (byte_addr_select << 5)
1562 | (3 << 1) | 1;
1563 brp_list[brp_i].used = 1;
1564 brp_list[brp_i].value = (breakpoint->asid);
1565 brp_list[brp_i].control = control;
1566 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1567 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1568 brp_list[brp_i].value);
1569 if (retval != ERROR_OK)
1570 return retval;
1571 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1572 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1573 brp_list[brp_i].control);
1574 if (retval != ERROR_OK)
1575 return retval;
1576 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1577 brp_list[brp_i].control,
1578 brp_list[brp_i].value);
1579 return ERROR_OK;
1580
1581 }
1582
1583 static int cortex_a_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1584 {
1585 int retval = ERROR_FAIL;
1586 int brp_1 = 0; /* holds the contextID pair */
1587 int brp_2 = 0; /* holds the IVA pair */
1588 uint32_t control_CTX, control_IVA;
1589 uint8_t CTX_byte_addr_select = 0x0F;
1590 uint8_t IVA_byte_addr_select = 0x0F;
1591 uint8_t CTX_machmode = 0x03;
1592 uint8_t IVA_machmode = 0x01;
1593 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1594 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1595 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1596
1597 if (breakpoint->set) {
1598 LOG_WARNING("breakpoint already set");
1599 return retval;
1600 }
1601 /*check available context BRPs*/
1602 while ((brp_list[brp_1].used ||
1603 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < cortex_a->brp_num))
1604 brp_1++;
1605
1606 printf("brp(CTX) found num: %d\n", brp_1);
1607 if (brp_1 >= cortex_a->brp_num) {
1608 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1609 return ERROR_FAIL;
1610 }
1611
1612 while ((brp_list[brp_2].used ||
1613 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < cortex_a->brp_num))
1614 brp_2++;
1615
1616 printf("brp(IVA) found num: %d\n", brp_2);
1617 if (brp_2 >= cortex_a->brp_num) {
1618 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1619 return ERROR_FAIL;
1620 }
1621
1622 breakpoint->set = brp_1 + 1;
1623 breakpoint->linked_BRP = brp_2;
1624 control_CTX = ((CTX_machmode & 0x7) << 20)
1625 | (brp_2 << 16)
1626 | (0 << 14)
1627 | (CTX_byte_addr_select << 5)
1628 | (3 << 1) | 1;
1629 brp_list[brp_1].used = 1;
1630 brp_list[brp_1].value = (breakpoint->asid);
1631 brp_list[brp_1].control = control_CTX;
1632 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1633 + CPUDBG_BVR_BASE + 4 * brp_list[brp_1].BRPn,
1634 brp_list[brp_1].value);
1635 if (retval != ERROR_OK)
1636 return retval;
1637 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1638 + CPUDBG_BCR_BASE + 4 * brp_list[brp_1].BRPn,
1639 brp_list[brp_1].control);
1640 if (retval != ERROR_OK)
1641 return retval;
1642
1643 control_IVA = ((IVA_machmode & 0x7) << 20)
1644 | (brp_1 << 16)
1645 | (IVA_byte_addr_select << 5)
1646 | (3 << 1) | 1;
1647 brp_list[brp_2].used = 1;
1648 brp_list[brp_2].value = (breakpoint->address & 0xFFFFFFFC);
1649 brp_list[brp_2].control = control_IVA;
1650 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1651 + CPUDBG_BVR_BASE + 4 * brp_list[brp_2].BRPn,
1652 brp_list[brp_2].value);
1653 if (retval != ERROR_OK)
1654 return retval;
1655 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1656 + CPUDBG_BCR_BASE + 4 * brp_list[brp_2].BRPn,
1657 brp_list[brp_2].control);
1658 if (retval != ERROR_OK)
1659 return retval;
1660
1661 return ERROR_OK;
1662 }
1663
1664 static int cortex_a_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1665 {
1666 int retval;
1667 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1668 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1669 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1670
1671 if (!breakpoint->set) {
1672 LOG_WARNING("breakpoint not set");
1673 return ERROR_OK;
1674 }
1675
1676 if (breakpoint->type == BKPT_HARD) {
1677 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1678 int brp_i = breakpoint->set - 1;
1679 int brp_j = breakpoint->linked_BRP;
1680 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1681 LOG_DEBUG("Invalid BRP number in breakpoint");
1682 return ERROR_OK;
1683 }
1684 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1685 brp_list[brp_i].control, brp_list[brp_i].value);
1686 brp_list[brp_i].used = 0;
1687 brp_list[brp_i].value = 0;
1688 brp_list[brp_i].control = 0;
1689 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1690 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1691 brp_list[brp_i].control);
1692 if (retval != ERROR_OK)
1693 return retval;
1694 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1695 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1696 brp_list[brp_i].value);
1697 if (retval != ERROR_OK)
1698 return retval;
1699 if ((brp_j < 0) || (brp_j >= cortex_a->brp_num)) {
1700 LOG_DEBUG("Invalid BRP number in breakpoint");
1701 return ERROR_OK;
1702 }
1703 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_j,
1704 brp_list[brp_j].control, brp_list[brp_j].value);
1705 brp_list[brp_j].used = 0;
1706 brp_list[brp_j].value = 0;
1707 brp_list[brp_j].control = 0;
1708 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1709 + CPUDBG_BCR_BASE + 4 * brp_list[brp_j].BRPn,
1710 brp_list[brp_j].control);
1711 if (retval != ERROR_OK)
1712 return retval;
1713 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1714 + CPUDBG_BVR_BASE + 4 * brp_list[brp_j].BRPn,
1715 brp_list[brp_j].value);
1716 if (retval != ERROR_OK)
1717 return retval;
1718 breakpoint->linked_BRP = 0;
1719 breakpoint->set = 0;
1720 return ERROR_OK;
1721
1722 } else {
1723 int brp_i = breakpoint->set - 1;
1724 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1725 LOG_DEBUG("Invalid BRP number in breakpoint");
1726 return ERROR_OK;
1727 }
1728 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1729 brp_list[brp_i].control, brp_list[brp_i].value);
1730 brp_list[brp_i].used = 0;
1731 brp_list[brp_i].value = 0;
1732 brp_list[brp_i].control = 0;
1733 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1734 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1735 brp_list[brp_i].control);
1736 if (retval != ERROR_OK)
1737 return retval;
1738 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1739 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1740 brp_list[brp_i].value);
1741 if (retval != ERROR_OK)
1742 return retval;
1743 breakpoint->set = 0;
1744 return ERROR_OK;
1745 }
1746 } else {
1747
1748 /* make sure data cache is cleaned & invalidated down to PoC */
1749 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1750 armv7a_cache_flush_virt(target, breakpoint->address,
1751 breakpoint->length);
1752 }
1753
1754 /* restore original instruction (kept in target endianness) */
1755 if (breakpoint->length == 4) {
1756 retval = target_write_memory(target,
1757 breakpoint->address & 0xFFFFFFFE,
1758 4, 1, breakpoint->orig_instr);
1759 if (retval != ERROR_OK)
1760 return retval;
1761 } else {
1762 retval = target_write_memory(target,
1763 breakpoint->address & 0xFFFFFFFE,
1764 2, 1, breakpoint->orig_instr);
1765 if (retval != ERROR_OK)
1766 return retval;
1767 }
1768
1769 /* update i-cache at breakpoint location */
1770 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1771 breakpoint->length);
1772 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1773 breakpoint->length);
1774 }
1775 breakpoint->set = 0;
1776
1777 return ERROR_OK;
1778 }
1779
1780 static int cortex_a_add_breakpoint(struct target *target,
1781 struct breakpoint *breakpoint)
1782 {
1783 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1784
1785 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1786 LOG_INFO("no hardware breakpoint available");
1787 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1788 }
1789
1790 if (breakpoint->type == BKPT_HARD)
1791 cortex_a->brp_num_available--;
1792
1793 return cortex_a_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1794 }
1795
1796 static int cortex_a_add_context_breakpoint(struct target *target,
1797 struct breakpoint *breakpoint)
1798 {
1799 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1800
1801 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1802 LOG_INFO("no hardware breakpoint available");
1803 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1804 }
1805
1806 if (breakpoint->type == BKPT_HARD)
1807 cortex_a->brp_num_available--;
1808
1809 return cortex_a_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1810 }
1811
1812 static int cortex_a_add_hybrid_breakpoint(struct target *target,
1813 struct breakpoint *breakpoint)
1814 {
1815 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1816
1817 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1818 LOG_INFO("no hardware breakpoint available");
1819 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1820 }
1821
1822 if (breakpoint->type == BKPT_HARD)
1823 cortex_a->brp_num_available--;
1824
1825 return cortex_a_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1826 }
1827
1828
1829 static int cortex_a_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1830 {
1831 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1832
1833 #if 0
1834 /* It is perfectly possible to remove breakpoints while the target is running */
1835 if (target->state != TARGET_HALTED) {
1836 LOG_WARNING("target not halted");
1837 return ERROR_TARGET_NOT_HALTED;
1838 }
1839 #endif
1840
1841 if (breakpoint->set) {
1842 cortex_a_unset_breakpoint(target, breakpoint);
1843 if (breakpoint->type == BKPT_HARD)
1844 cortex_a->brp_num_available++;
1845 }
1846
1847
1848 return ERROR_OK;
1849 }
1850
1851 /*
1852 * Cortex-A Reset functions
1853 */
1854
1855 static int cortex_a_assert_reset(struct target *target)
1856 {
1857 struct armv7a_common *armv7a = target_to_armv7a(target);
1858
1859 LOG_DEBUG(" ");
1860
1861 /* FIXME when halt is requested, make it work somehow... */
1862
1863 /* This function can be called in "target not examined" state */
1864
1865 /* Issue some kind of warm reset. */
1866 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1867 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1868 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1869 /* REVISIT handle "pulls" cases, if there's
1870 * hardware that needs them to work.
1871 */
1872
1873 /*
1874 * FIXME: fix reset when transport is SWD. This is a temporary
1875 * work-around for release v0.10 that is not intended to stay!
1876 */
1877 if (transport_is_swd() ||
1878 (target->reset_halt && (jtag_get_reset_config() & RESET_SRST_NO_GATING)))
1879 jtag_add_reset(0, 1);
1880
1881 } else {
1882 LOG_ERROR("%s: how to reset?", target_name(target));
1883 return ERROR_FAIL;
1884 }
1885
1886 /* registers are now invalid */
1887 if (target_was_examined(target))
1888 register_cache_invalidate(armv7a->arm.core_cache);
1889
1890 target->state = TARGET_RESET;
1891
1892 return ERROR_OK;
1893 }
1894
1895 static int cortex_a_deassert_reset(struct target *target)
1896 {
1897 int retval;
1898
1899 LOG_DEBUG(" ");
1900
1901 /* be certain SRST is off */
1902 jtag_add_reset(0, 0);
1903
1904 if (target_was_examined(target)) {
1905 retval = cortex_a_poll(target);
1906 if (retval != ERROR_OK)
1907 return retval;
1908 }
1909
1910 if (target->reset_halt) {
1911 if (target->state != TARGET_HALTED) {
1912 LOG_WARNING("%s: ran after reset and before halt ...",
1913 target_name(target));
1914 if (target_was_examined(target)) {
1915 retval = target_halt(target);
1916 if (retval != ERROR_OK)
1917 return retval;
1918 } else
1919 target->state = TARGET_UNKNOWN;
1920 }
1921 }
1922
1923 return ERROR_OK;
1924 }
1925
1926 static int cortex_a_set_dcc_mode(struct target *target, uint32_t mode, uint32_t *dscr)
1927 {
1928 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1929 * New desired mode must be in mode. Current value of DSCR must be in
1930 * *dscr, which is updated with new value.
1931 *
1932 * This function elides actually sending the mode-change over the debug
1933 * interface if the mode is already set as desired.
1934 */
1935 uint32_t new_dscr = (*dscr & ~DSCR_EXT_DCC_MASK) | mode;
1936 if (new_dscr != *dscr) {
1937 struct armv7a_common *armv7a = target_to_armv7a(target);
1938 int retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1939 armv7a->debug_base + CPUDBG_DSCR, new_dscr);
1940 if (retval == ERROR_OK)
1941 *dscr = new_dscr;
1942 return retval;
1943 } else {
1944 return ERROR_OK;
1945 }
1946 }
1947
1948 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
1949 uint32_t value, uint32_t *dscr)
1950 {
1951 /* Waits until the specified bit(s) of DSCR take on a specified value. */
1952 struct armv7a_common *armv7a = target_to_armv7a(target);
1953 int64_t then = timeval_ms();
1954 int retval;
1955
1956 while ((*dscr & mask) != value) {
1957 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1958 armv7a->debug_base + CPUDBG_DSCR, dscr);
1959 if (retval != ERROR_OK)
1960 return retval;
1961 if (timeval_ms() > then + 1000) {
1962 LOG_ERROR("timeout waiting for DSCR bit change");
1963 return ERROR_FAIL;
1964 }
1965 }
1966 return ERROR_OK;
1967 }
1968
1969 static int cortex_a_read_copro(struct target *target, uint32_t opcode,
1970 uint32_t *data, uint32_t *dscr)
1971 {
1972 int retval;
1973 struct armv7a_common *armv7a = target_to_armv7a(target);
1974
1975 /* Move from coprocessor to R0. */
1976 retval = cortex_a_exec_opcode(target, opcode, dscr);
1977 if (retval != ERROR_OK)
1978 return retval;
1979
1980 /* Move from R0 to DTRTX. */
1981 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr);
1982 if (retval != ERROR_OK)
1983 return retval;
1984
1985 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
1986 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
1987 * must also check TXfull_l). Most of the time this will be free
1988 * because TXfull_l will be set immediately and cached in dscr. */
1989 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
1990 DSCR_DTRTX_FULL_LATCHED, dscr);
1991 if (retval != ERROR_OK)
1992 return retval;
1993
1994 /* Read the value transferred to DTRTX. */
1995 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1996 armv7a->debug_base + CPUDBG_DTRTX, data);
1997 if (retval != ERROR_OK)
1998 return retval;
1999
2000 return ERROR_OK;
2001 }
2002
2003 static int cortex_a_read_dfar_dfsr(struct target *target, uint32_t *dfar,
2004 uint32_t *dfsr, uint32_t *dscr)
2005 {
2006 int retval;
2007
2008 if (dfar) {
2009 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar, dscr);
2010 if (retval != ERROR_OK)
2011 return retval;
2012 }
2013
2014 if (dfsr) {
2015 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr, dscr);
2016 if (retval != ERROR_OK)
2017 return retval;
2018 }
2019
2020 return ERROR_OK;
2021 }
2022
2023 static int cortex_a_write_copro(struct target *target, uint32_t opcode,
2024 uint32_t data, uint32_t *dscr)
2025 {
2026 int retval;
2027 struct armv7a_common *armv7a = target_to_armv7a(target);
2028
2029 /* Write the value into DTRRX. */
2030 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2031 armv7a->debug_base + CPUDBG_DTRRX, data);
2032 if (retval != ERROR_OK)
2033 return retval;
2034
2035 /* Move from DTRRX to R0. */
2036 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr);
2037 if (retval != ERROR_OK)
2038 return retval;
2039
2040 /* Move from R0 to coprocessor. */
2041 retval = cortex_a_exec_opcode(target, opcode, dscr);
2042 if (retval != ERROR_OK)
2043 return retval;
2044
2045 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2046 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2047 * check RXfull_l). Most of the time this will be free because RXfull_l
2048 * will be cleared immediately and cached in dscr. */
2049 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2050 if (retval != ERROR_OK)
2051 return retval;
2052
2053 return ERROR_OK;
2054 }
2055
2056 static int cortex_a_write_dfar_dfsr(struct target *target, uint32_t dfar,
2057 uint32_t dfsr, uint32_t *dscr)
2058 {
2059 int retval;
2060
2061 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar, dscr);
2062 if (retval != ERROR_OK)
2063 return retval;
2064
2065 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr, dscr);
2066 if (retval != ERROR_OK)
2067 return retval;
2068
2069 return ERROR_OK;
2070 }
2071
2072 static int cortex_a_dfsr_to_error_code(uint32_t dfsr)
2073 {
2074 uint32_t status, upper4;
2075
2076 if (dfsr & (1 << 9)) {
2077 /* LPAE format. */
2078 status = dfsr & 0x3f;
2079 upper4 = status >> 2;
2080 if (upper4 == 1 || upper4 == 2 || upper4 == 3 || upper4 == 15)
2081 return ERROR_TARGET_TRANSLATION_FAULT;
2082 else if (status == 33)
2083 return ERROR_TARGET_UNALIGNED_ACCESS;
2084 else
2085 return ERROR_TARGET_DATA_ABORT;
2086 } else {
2087 /* Normal format. */
2088 status = ((dfsr >> 6) & 0x10) | (dfsr & 0xf);
2089 if (status == 1)
2090 return ERROR_TARGET_UNALIGNED_ACCESS;
2091 else if (status == 5 || status == 7 || status == 3 || status == 6 ||
2092 status == 9 || status == 11 || status == 13 || status == 15)
2093 return ERROR_TARGET_TRANSLATION_FAULT;
2094 else
2095 return ERROR_TARGET_DATA_ABORT;
2096 }
2097 }
2098
2099 static int cortex_a_write_cpu_memory_slow(struct target *target,
2100 uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2101 {
2102 /* Writes count objects of size size from *buffer. Old value of DSCR must
2103 * be in *dscr; updated to new value. This is slow because it works for
2104 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2105 * the address is aligned, cortex_a_write_cpu_memory_fast should be
2106 * preferred.
2107 * Preconditions:
2108 * - Address is in R0.
2109 * - R0 is marked dirty.
2110 */
2111 struct armv7a_common *armv7a = target_to_armv7a(target);
2112 struct arm *arm = &armv7a->arm;
2113 int retval;
2114
2115 /* Mark register R1 as dirty, to use for transferring data. */
2116 arm_reg_current(arm, 1)->dirty = true;
2117
2118 /* Switch to non-blocking mode if not already in that mode. */
2119 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2120 if (retval != ERROR_OK)
2121 return retval;
2122
2123 /* Go through the objects. */
2124 while (count) {
2125 /* Write the value to store into DTRRX. */
2126 uint32_t data, opcode;
2127 if (size == 1)
2128 data = *buffer;
2129 else if (size == 2)
2130 data = target_buffer_get_u16(target, buffer);
2131 else
2132 data = target_buffer_get_u32(target, buffer);
2133 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2134 armv7a->debug_base + CPUDBG_DTRRX, data);
2135 if (retval != ERROR_OK)
2136 return retval;
2137
2138 /* Transfer the value from DTRRX to R1. */
2139 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr);
2140 if (retval != ERROR_OK)
2141 return retval;
2142
2143 /* Write the value transferred to R1 into memory. */
2144 if (size == 1)
2145 opcode = ARMV4_5_STRB_IP(1, 0);
2146 else if (size == 2)
2147 opcode = ARMV4_5_STRH_IP(1, 0);
2148 else
2149 opcode = ARMV4_5_STRW_IP(1, 0);
2150 retval = cortex_a_exec_opcode(target, opcode, dscr);
2151 if (retval != ERROR_OK)
2152 return retval;
2153
2154 /* Check for faults and return early. */
2155 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2156 return ERROR_OK; /* A data fault is not considered a system failure. */
2157
2158 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
2159 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2160 * must also check RXfull_l). Most of the time this will be free
2161 * because RXfull_l will be cleared immediately and cached in dscr. */
2162 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2163 if (retval != ERROR_OK)
2164 return retval;
2165
2166 /* Advance. */
2167 buffer += size;
2168 --count;
2169 }
2170
2171 return ERROR_OK;
2172 }
2173
2174 static int cortex_a_write_cpu_memory_fast(struct target *target,
2175 uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2176 {
2177 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2178 * in *dscr; updated to new value. This is fast but only works for
2179 * word-sized objects at aligned addresses.
2180 * Preconditions:
2181 * - Address is in R0 and must be a multiple of 4.
2182 * - R0 is marked dirty.
2183 */
2184 struct armv7a_common *armv7a = target_to_armv7a(target);
2185 int retval;
2186
2187 /* Switch to fast mode if not already in that mode. */
2188 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2189 if (retval != ERROR_OK)
2190 return retval;
2191
2192 /* Latch STC instruction. */
2193 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2194 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2195 if (retval != ERROR_OK)
2196 return retval;
2197
2198 /* Transfer all the data and issue all the instructions. */
2199 return mem_ap_write_buf_noincr(armv7a->debug_ap, buffer,
2200 4, count, armv7a->debug_base + CPUDBG_DTRRX);
2201 }
2202
2203 static int cortex_a_write_cpu_memory(struct target *target,
2204 uint32_t address, uint32_t size,
2205 uint32_t count, const uint8_t *buffer)
2206 {
2207 /* Write memory through the CPU. */
2208 int retval, final_retval;
2209 struct armv7a_common *armv7a = target_to_armv7a(target);
2210 struct arm *arm = &armv7a->arm;
2211 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2212
2213 LOG_DEBUG("Writing CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2214 address, size, count);
2215 if (target->state != TARGET_HALTED) {
2216 LOG_WARNING("target not halted");
2217 return ERROR_TARGET_NOT_HALTED;
2218 }
2219
2220 if (!count)
2221 return ERROR_OK;
2222
2223 /* Clear any abort. */
2224 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2225 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2226 if (retval != ERROR_OK)
2227 return retval;
2228
2229 /* Read DSCR. */
2230 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2231 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2232 if (retval != ERROR_OK)
2233 return retval;
2234
2235 /* Switch to non-blocking mode if not already in that mode. */
2236 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2237 if (retval != ERROR_OK)
2238 goto out;
2239
2240 /* Mark R0 as dirty. */
2241 arm_reg_current(arm, 0)->dirty = true;
2242
2243 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2244 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2245 if (retval != ERROR_OK)
2246 goto out;
2247
2248 /* Get the memory address into R0. */
2249 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2250 armv7a->debug_base + CPUDBG_DTRRX, address);
2251 if (retval != ERROR_OK)
2252 goto out;
2253 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2254 if (retval != ERROR_OK)
2255 goto out;
2256
2257 if (size == 4 && (address % 4) == 0) {
2258 /* We are doing a word-aligned transfer, so use fast mode. */
2259 retval = cortex_a_write_cpu_memory_fast(target, count, buffer, &dscr);
2260 } else {
2261 /* Use slow path. */
2262 retval = cortex_a_write_cpu_memory_slow(target, size, count, buffer, &dscr);
2263 }
2264
2265 out:
2266 final_retval = retval;
2267
2268 /* Switch to non-blocking mode if not already in that mode. */
2269 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2270 if (final_retval == ERROR_OK)
2271 final_retval = retval;
2272
2273 /* Wait for last issued instruction to complete. */
2274 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2275 if (final_retval == ERROR_OK)
2276 final_retval = retval;
2277
2278 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2279 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2280 * check RXfull_l). Most of the time this will be free because RXfull_l
2281 * will be cleared immediately and cached in dscr. However, don't do this
2282 * if there is fault, because then the instruction might not have completed
2283 * successfully. */
2284 if (!(dscr & DSCR_STICKY_ABORT_PRECISE)) {
2285 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, &dscr);
2286 if (retval != ERROR_OK)
2287 return retval;
2288 }
2289
2290 /* If there were any sticky abort flags, clear them. */
2291 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2292 fault_dscr = dscr;
2293 mem_ap_write_atomic_u32(armv7a->debug_ap,
2294 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2295 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2296 } else {
2297 fault_dscr = 0;
2298 }
2299
2300 /* Handle synchronous data faults. */
2301 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2302 if (final_retval == ERROR_OK) {
2303 /* Final return value will reflect cause of fault. */
2304 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2305 if (retval == ERROR_OK) {
2306 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2307 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2308 } else
2309 final_retval = retval;
2310 }
2311 /* Fault destroyed DFAR/DFSR; restore them. */
2312 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2313 if (retval != ERROR_OK)
2314 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2315 }
2316
2317 /* Handle asynchronous data faults. */
2318 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2319 if (final_retval == ERROR_OK)
2320 /* No other error has been recorded so far, so keep this one. */
2321 final_retval = ERROR_TARGET_DATA_ABORT;
2322 }
2323
2324 /* If the DCC is nonempty, clear it. */
2325 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2326 uint32_t dummy;
2327 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2328 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2329 if (final_retval == ERROR_OK)
2330 final_retval = retval;
2331 }
2332 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2333 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2334 if (final_retval == ERROR_OK)
2335 final_retval = retval;
2336 }
2337
2338 /* Done. */
2339 return final_retval;
2340 }
2341
2342 static int cortex_a_read_cpu_memory_slow(struct target *target,
2343 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
2344 {
2345 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2346 * in *dscr; updated to new value. This is slow because it works for
2347 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2348 * the address is aligned, cortex_a_read_cpu_memory_fast should be
2349 * preferred.
2350 * Preconditions:
2351 * - Address is in R0.
2352 * - R0 is marked dirty.
2353 */
2354 struct armv7a_common *armv7a = target_to_armv7a(target);
2355 struct arm *arm = &armv7a->arm;
2356 int retval;
2357
2358 /* Mark register R1 as dirty, to use for transferring data. */
2359 arm_reg_current(arm, 1)->dirty = true;
2360
2361 /* Switch to non-blocking mode if not already in that mode. */
2362 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2363 if (retval != ERROR_OK)
2364 return retval;
2365
2366 /* Go through the objects. */
2367 while (count) {
2368 /* Issue a load of the appropriate size to R1. */
2369 uint32_t opcode, data;
2370 if (size == 1)
2371 opcode = ARMV4_5_LDRB_IP(1, 0);
2372 else if (size == 2)
2373 opcode = ARMV4_5_LDRH_IP(1, 0);
2374 else
2375 opcode = ARMV4_5_LDRW_IP(1, 0);
2376 retval = cortex_a_exec_opcode(target, opcode, dscr);
2377 if (retval != ERROR_OK)
2378 return retval;
2379
2380 /* Issue a write of R1 to DTRTX. */
2381 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr);
2382 if (retval != ERROR_OK)
2383 return retval;
2384
2385 /* Check for faults and return early. */
2386 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2387 return ERROR_OK; /* A data fault is not considered a system failure. */
2388
2389 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2390 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2391 * must also check TXfull_l). Most of the time this will be free
2392 * because TXfull_l will be set immediately and cached in dscr. */
2393 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2394 DSCR_DTRTX_FULL_LATCHED, dscr);
2395 if (retval != ERROR_OK)
2396 return retval;
2397
2398 /* Read the value transferred to DTRTX into the buffer. */
2399 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2400 armv7a->debug_base + CPUDBG_DTRTX, &data);
2401 if (retval != ERROR_OK)
2402 return retval;
2403 if (size == 1)
2404 *buffer = (uint8_t) data;
2405 else if (size == 2)
2406 target_buffer_set_u16(target, buffer, (uint16_t) data);
2407 else
2408 target_buffer_set_u32(target, buffer, data);
2409
2410 /* Advance. */
2411 buffer += size;
2412 --count;
2413 }
2414
2415 return ERROR_OK;
2416 }
2417
2418 static int cortex_a_read_cpu_memory_fast(struct target *target,
2419 uint32_t count, uint8_t *buffer, uint32_t *dscr)
2420 {
2421 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2422 * *dscr; updated to new value. This is fast but only works for word-sized
2423 * objects at aligned addresses.
2424 * Preconditions:
2425 * - Address is in R0 and must be a multiple of 4.
2426 * - R0 is marked dirty.
2427 */
2428 struct armv7a_common *armv7a = target_to_armv7a(target);
2429 uint32_t u32;
2430 int retval;
2431
2432 /* Switch to non-blocking mode if not already in that mode. */
2433 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2434 if (retval != ERROR_OK)
2435 return retval;
2436
2437 /* Issue the LDC instruction via a write to ITR. */
2438 retval = cortex_a_exec_opcode(target, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr);
2439 if (retval != ERROR_OK)
2440 return retval;
2441
2442 count--;
2443
2444 if (count > 0) {
2445 /* Switch to fast mode if not already in that mode. */
2446 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2447 if (retval != ERROR_OK)
2448 return retval;
2449
2450 /* Latch LDC instruction. */
2451 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2452 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2453 if (retval != ERROR_OK)
2454 return retval;
2455
2456 /* Read the value transferred to DTRTX into the buffer. Due to fast
2457 * mode rules, this blocks until the instruction finishes executing and
2458 * then reissues the read instruction to read the next word from
2459 * memory. The last read of DTRTX in this call reads the second-to-last
2460 * word from memory and issues the read instruction for the last word.
2461 */
2462 retval = mem_ap_read_buf_noincr(armv7a->debug_ap, buffer,
2463 4, count, armv7a->debug_base + CPUDBG_DTRTX);
2464 if (retval != ERROR_OK)
2465 return retval;
2466
2467 /* Advance. */
2468 buffer += count * 4;
2469 }
2470
2471 /* Wait for last issued instruction to complete. */
2472 retval = cortex_a_wait_instrcmpl(target, dscr, false);
2473 if (retval != ERROR_OK)
2474 return retval;
2475
2476 /* Switch to non-blocking mode if not already in that mode. */
2477 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2478 if (retval != ERROR_OK)
2479 return retval;
2480
2481 /* Check for faults and return early. */
2482 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2483 return ERROR_OK; /* A data fault is not considered a system failure. */
2484
2485 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2486 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2487 * check TXfull_l). Most of the time this will be free because TXfull_l
2488 * will be set immediately and cached in dscr. */
2489 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2490 DSCR_DTRTX_FULL_LATCHED, dscr);
2491 if (retval != ERROR_OK)
2492 return retval;
2493
2494 /* Read the value transferred to DTRTX into the buffer. This is the last
2495 * word. */
2496 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2497 armv7a->debug_base + CPUDBG_DTRTX, &u32);
2498 if (retval != ERROR_OK)
2499 return retval;
2500 target_buffer_set_u32(target, buffer, u32);
2501
2502 return ERROR_OK;
2503 }
2504
2505 static int cortex_a_read_cpu_memory(struct target *target,
2506 uint32_t address, uint32_t size,
2507 uint32_t count, uint8_t *buffer)
2508 {
2509 /* Read memory through the CPU. */
2510 int retval, final_retval;
2511 struct armv7a_common *armv7a = target_to_armv7a(target);
2512 struct arm *arm = &armv7a->arm;
2513 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2514
2515 LOG_DEBUG("Reading CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2516 address, size, count);
2517 if (target->state != TARGET_HALTED) {
2518 LOG_WARNING("target not halted");
2519 return ERROR_TARGET_NOT_HALTED;
2520 }
2521
2522 if (!count)
2523 return ERROR_OK;
2524
2525 /* Clear any abort. */
2526 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2527 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2528 if (retval != ERROR_OK)
2529 return retval;
2530
2531 /* Read DSCR */
2532 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2533 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2534 if (retval != ERROR_OK)
2535 return retval;
2536
2537 /* Switch to non-blocking mode if not already in that mode. */
2538 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2539 if (retval != ERROR_OK)
2540 goto out;
2541
2542 /* Mark R0 as dirty. */
2543 arm_reg_current(arm, 0)->dirty = true;
2544
2545 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2546 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2547 if (retval != ERROR_OK)
2548 goto out;
2549
2550 /* Get the memory address into R0. */
2551 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2552 armv7a->debug_base + CPUDBG_DTRRX, address);
2553 if (retval != ERROR_OK)
2554 goto out;
2555 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2556 if (retval != ERROR_OK)
2557 goto out;
2558
2559 if (size == 4 && (address % 4) == 0) {
2560 /* We are doing a word-aligned transfer, so use fast mode. */
2561 retval = cortex_a_read_cpu_memory_fast(target, count, buffer, &dscr);
2562 } else {
2563 /* Use slow path. */
2564 retval = cortex_a_read_cpu_memory_slow(target, size, count, buffer, &dscr);
2565 }
2566
2567 out:
2568 final_retval = retval;
2569
2570 /* Switch to non-blocking mode if not already in that mode. */
2571 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2572 if (final_retval == ERROR_OK)
2573 final_retval = retval;
2574
2575 /* Wait for last issued instruction to complete. */
2576 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2577 if (final_retval == ERROR_OK)
2578 final_retval = retval;
2579
2580 /* If there were any sticky abort flags, clear them. */
2581 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2582 fault_dscr = dscr;
2583 mem_ap_write_atomic_u32(armv7a->debug_ap,
2584 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2585 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2586 } else {
2587 fault_dscr = 0;
2588 }
2589
2590 /* Handle synchronous data faults. */
2591 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2592 if (final_retval == ERROR_OK) {
2593 /* Final return value will reflect cause of fault. */
2594 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2595 if (retval == ERROR_OK) {
2596 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2597 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2598 } else
2599 final_retval = retval;
2600 }
2601 /* Fault destroyed DFAR/DFSR; restore them. */
2602 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2603 if (retval != ERROR_OK)
2604 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2605 }
2606
2607 /* Handle asynchronous data faults. */
2608 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2609 if (final_retval == ERROR_OK)
2610 /* No other error has been recorded so far, so keep this one. */
2611 final_retval = ERROR_TARGET_DATA_ABORT;
2612 }
2613
2614 /* If the DCC is nonempty, clear it. */
2615 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2616 uint32_t dummy;
2617 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2618 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2619 if (final_retval == ERROR_OK)
2620 final_retval = retval;
2621 }
2622 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2623 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2624 if (final_retval == ERROR_OK)
2625 final_retval = retval;
2626 }
2627
2628 /* Done. */
2629 return final_retval;
2630 }
2631
2632
2633 /*
2634 * Cortex-A Memory access
2635 *
2636 * This is same Cortex-M3 but we must also use the correct
2637 * ap number for every access.
2638 */
2639
2640 static int cortex_a_read_phys_memory(struct target *target,
2641 target_addr_t address, uint32_t size,
2642 uint32_t count, uint8_t *buffer)
2643 {
2644 struct armv7a_common *armv7a = target_to_armv7a(target);
2645 struct adiv5_dap *swjdp = armv7a->arm.dap;
2646 uint8_t apsel = swjdp->apsel;
2647 int retval;
2648
2649 if (!count || !buffer)
2650 return ERROR_COMMAND_SYNTAX_ERROR;
2651
2652 LOG_DEBUG("Reading memory at real address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2653 address, size, count);
2654
2655 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num))
2656 return mem_ap_read_buf(armv7a->memory_ap, buffer, size, count, address);
2657
2658 /* read memory through the CPU */
2659 cortex_a_prep_memaccess(target, 1);
2660 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2661 cortex_a_post_memaccess(target, 1);
2662
2663 return retval;
2664 }
2665
2666 static int cortex_a_read_memory(struct target *target, target_addr_t address,
2667 uint32_t size, uint32_t count, uint8_t *buffer)
2668 {
2669 int retval;
2670
2671 /* cortex_a handles unaligned memory access */
2672 LOG_DEBUG("Reading memory at address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2673 address, size, count);
2674
2675 cortex_a_prep_memaccess(target, 0);
2676 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2677 cortex_a_post_memaccess(target, 0);
2678
2679 return retval;
2680 }
2681
2682 static int cortex_a_read_memory_ahb(struct target *target, target_addr_t address,
2683 uint32_t size, uint32_t count, uint8_t *buffer)
2684 {
2685 int mmu_enabled = 0;
2686 target_addr_t virt, phys;
2687 int retval;
2688 struct armv7a_common *armv7a = target_to_armv7a(target);
2689 struct adiv5_dap *swjdp = armv7a->arm.dap;
2690 uint8_t apsel = swjdp->apsel;
2691
2692 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2693 return target_read_memory(target, address, size, count, buffer);
2694
2695 /* cortex_a handles unaligned memory access */
2696 LOG_DEBUG("Reading memory at address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2697 address, size, count);
2698
2699 /* determine if MMU was enabled on target stop */
2700 if (!armv7a->is_armv7r) {
2701 retval = cortex_a_mmu(target, &mmu_enabled);
2702 if (retval != ERROR_OK)
2703 return retval;
2704 }
2705
2706 if (mmu_enabled) {
2707 virt = address;
2708 retval = cortex_a_virt2phys(target, virt, &phys);
2709 if (retval != ERROR_OK)
2710 return retval;
2711
2712 LOG_DEBUG("Reading at virtual address. "
2713 "Translating v:" TARGET_ADDR_FMT " to r:" TARGET_ADDR_FMT,
2714 virt, phys);
2715 address = phys;
2716 }
2717
2718 if (!count || !buffer)
2719 return ERROR_COMMAND_SYNTAX_ERROR;
2720
2721 retval = mem_ap_read_buf(armv7a->memory_ap, buffer, size, count, address);
2722
2723 return retval;
2724 }
2725
2726 static int cortex_a_write_phys_memory(struct target *target,
2727 target_addr_t address, uint32_t size,
2728 uint32_t count, const uint8_t *buffer)
2729 {
2730 struct armv7a_common *armv7a = target_to_armv7a(target);
2731 struct adiv5_dap *swjdp = armv7a->arm.dap;
2732 uint8_t apsel = swjdp->apsel;
2733 int retval;
2734
2735 if (!count || !buffer)
2736 return ERROR_COMMAND_SYNTAX_ERROR;
2737
2738 LOG_DEBUG("Writing memory to real address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2739 address, size, count);
2740
2741 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num))
2742 return mem_ap_write_buf(armv7a->memory_ap, buffer, size, count, address);
2743
2744 /* write memory through the CPU */
2745 cortex_a_prep_memaccess(target, 1);
2746 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2747 cortex_a_post_memaccess(target, 1);
2748
2749 return retval;
2750 }
2751
2752 static int cortex_a_write_memory(struct target *target, target_addr_t address,
2753 uint32_t size, uint32_t count, const uint8_t *buffer)
2754 {
2755 int retval;
2756
2757 /* cortex_a handles unaligned memory access */
2758 LOG_DEBUG("Writing memory at address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2759 address, size, count);
2760
2761 /* memory writes bypass the caches, must flush before writing */
2762 armv7a_cache_auto_flush_on_write(target, address, size * count);
2763
2764 cortex_a_prep_memaccess(target, 0);
2765 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2766 cortex_a_post_memaccess(target, 0);
2767 return retval;
2768 }
2769
2770 static int cortex_a_write_memory_ahb(struct target *target, target_addr_t address,
2771 uint32_t size, uint32_t count, const uint8_t *buffer)
2772 {
2773 int mmu_enabled = 0;
2774 target_addr_t virt, phys;
2775 int retval;
2776 struct armv7a_common *armv7a = target_to_armv7a(target);
2777 struct adiv5_dap *swjdp = armv7a->arm.dap;
2778 uint8_t apsel = swjdp->apsel;
2779
2780 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2781 return target_write_memory(target, address, size, count, buffer);
2782
2783 /* cortex_a handles unaligned memory access */
2784 LOG_DEBUG("Writing memory at address " TARGET_ADDR_FMT "; size %" PRId32 "; count %" PRId32,
2785 address, size, count);
2786
2787 /* determine if MMU was enabled on target stop */
2788 if (!armv7a->is_armv7r) {
2789 retval = cortex_a_mmu(target, &mmu_enabled);
2790 if (retval != ERROR_OK)
2791 return retval;
2792 }
2793
2794 if (mmu_enabled) {
2795 virt = address;
2796 retval = cortex_a_virt2phys(target, virt, &phys);
2797 if (retval != ERROR_OK)
2798 return retval;
2799
2800 LOG_DEBUG("Writing to virtual address. "
2801 "Translating v:" TARGET_ADDR_FMT " to r:" TARGET_ADDR_FMT,
2802 virt,
2803 phys);
2804 address = phys;
2805 }
2806
2807 if (!count || !buffer)
2808 return ERROR_COMMAND_SYNTAX_ERROR;
2809
2810 retval = mem_ap_write_buf(armv7a->memory_ap, buffer, size, count, address);
2811
2812 return retval;
2813 }
2814
2815 static int cortex_a_read_buffer(struct target *target, target_addr_t address,
2816 uint32_t count, uint8_t *buffer)
2817 {
2818 uint32_t size;
2819
2820 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2821 * will have something to do with the size we leave to it. */
2822 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2823 if (address & size) {
2824 int retval = cortex_a_read_memory_ahb(target, address, size, 1, buffer);
2825 if (retval != ERROR_OK)
2826 return retval;
2827 address += size;
2828 count -= size;
2829 buffer += size;
2830 }
2831 }
2832
2833 /* Read the data with as large access size as possible. */
2834 for (; size > 0; size /= 2) {
2835 uint32_t aligned = count - count % size;
2836 if (aligned > 0) {
2837 int retval = cortex_a_read_memory_ahb(target, address, size, aligned / size, buffer);
2838 if (retval != ERROR_OK)
2839 return retval;
2840 address += aligned;
2841 count -= aligned;
2842 buffer += aligned;
2843 }
2844 }
2845
2846 return ERROR_OK;
2847 }
2848
2849 static int cortex_a_write_buffer(struct target *target, target_addr_t address,
2850 uint32_t count, const uint8_t *buffer)
2851 {
2852 uint32_t size;
2853
2854 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2855 * will have something to do with the size we leave to it. */
2856 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2857 if (address & size) {
2858 int retval = cortex_a_write_memory_ahb(target, address, size, 1, buffer);
2859 if (retval != ERROR_OK)
2860 return retval;
2861 address += size;
2862 count -= size;
2863 buffer += size;
2864 }
2865 }
2866
2867 /* Write the data with as large access size as possible. */
2868 for (; size > 0; size /= 2) {
2869 uint32_t aligned = count - count % size;
2870 if (aligned > 0) {
2871 int retval = cortex_a_write_memory_ahb(target, address, size, aligned / size, buffer);
2872 if (retval != ERROR_OK)
2873 return retval;
2874 address += aligned;
2875 count -= aligned;
2876 buffer += aligned;
2877 }
2878 }
2879
2880 return ERROR_OK;
2881 }
2882
2883 static int cortex_a_handle_target_request(void *priv)
2884 {
2885 struct target *target = priv;
2886 struct armv7a_common *armv7a = target_to_armv7a(target);
2887 int retval;
2888
2889 if (!target_was_examined(target))
2890 return ERROR_OK;
2891 if (!target->dbg_msg_enabled)
2892 return ERROR_OK;
2893
2894 if (target->state == TARGET_RUNNING) {
2895 uint32_t request;
2896 uint32_t dscr;
2897 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2898 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2899
2900 /* check if we have data */
2901 int64_t then = timeval_ms();
2902 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2903 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2904 armv7a->debug_base + CPUDBG_DTRTX, &request);
2905 if (retval == ERROR_OK) {
2906 target_request(target, request);
2907 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2908 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2909 }
2910 if (timeval_ms() > then + 1000) {
2911 LOG_ERROR("Timeout waiting for dtr tx full");
2912 return ERROR_FAIL;
2913 }
2914 }
2915 }
2916
2917 return ERROR_OK;
2918 }
2919
2920 /*
2921 * Cortex-A target information and configuration
2922 */
2923
2924 static int cortex_a_examine_first(struct target *target)
2925 {
2926 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2927 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2928 struct adiv5_dap *swjdp = armv7a->arm.dap;
2929
2930 int i;
2931 int retval = ERROR_OK;
2932 uint32_t didr, cpuid, dbg_osreg;
2933
2934 retval = dap_dp_init(swjdp);
2935 if (retval != ERROR_OK) {
2936 LOG_ERROR("Could not initialize the debug port");
2937 return retval;
2938 }
2939
2940 /* Search for the APB-AP - it is needed for access to debug registers */
2941 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
2942 if (retval != ERROR_OK) {
2943 LOG_ERROR("Could not find APB-AP for debug access");
2944 return retval;
2945 }
2946
2947 retval = mem_ap_init(armv7a->debug_ap);
2948 if (retval != ERROR_OK) {
2949 LOG_ERROR("Could not initialize the APB-AP");
2950 return retval;
2951 }
2952
2953 armv7a->debug_ap->memaccess_tck = 80;
2954
2955 /* Search for the AHB-AB.
2956 * REVISIT: We should search for AXI-AP as well and make sure the AP's MEMTYPE says it
2957 * can access system memory. */
2958 armv7a->memory_ap_available = false;
2959 retval = dap_find_ap(swjdp, AP_TYPE_AHB_AP, &armv7a->memory_ap);
2960 if (retval == ERROR_OK) {
2961 retval = mem_ap_init(armv7a->memory_ap);
2962 if (retval == ERROR_OK)
2963 armv7a->memory_ap_available = true;
2964 }
2965 if (retval != ERROR_OK) {
2966 /* AHB-AP not found or unavailable - use the CPU */
2967 LOG_DEBUG("No AHB-AP available for memory access");
2968 }
2969
2970 if (!target->dbgbase_set) {
2971 uint32_t dbgbase;
2972 /* Get ROM Table base */
2973 uint32_t apid;
2974 int32_t coreidx = target->coreid;
2975 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
2976 target->cmd_name);
2977 retval = dap_get_debugbase(armv7a->debug_ap, &dbgbase, &apid);
2978 if (retval != ERROR_OK)
2979 return retval;
2980 /* Lookup 0x15 -- Processor DAP */
2981 retval = dap_lookup_cs_component(armv7a->debug_ap, dbgbase, 0x15,
2982 &armv7a->debug_base, &coreidx);
2983 if (retval != ERROR_OK) {
2984 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
2985 target->cmd_name);
2986 return retval;
2987 }
2988 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32,
2989 target->coreid, armv7a->debug_base);
2990 } else
2991 armv7a->debug_base = target->dbgbase;
2992
2993 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2994 armv7a->debug_base + CPUDBG_DIDR, &didr);
2995 if (retval != ERROR_OK) {
2996 LOG_DEBUG("Examine %s failed", "DIDR");
2997 return retval;
2998 }
2999
3000 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3001 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
3002 if (retval != ERROR_OK) {
3003 LOG_DEBUG("Examine %s failed", "CPUID");
3004 return retval;
3005 }
3006
3007 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
3008 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
3009
3010 cortex_a->didr = didr;
3011 cortex_a->cpuid = cpuid;
3012
3013 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3014 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
3015 if (retval != ERROR_OK)
3016 return retval;
3017 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
3018
3019 if ((dbg_osreg & PRSR_POWERUP_STATUS) == 0) {
3020 LOG_ERROR("target->coreid %" PRId32 " powered down!", target->coreid);
3021 target->state = TARGET_UNKNOWN; /* TARGET_NO_POWER? */
3022 return ERROR_TARGET_INIT_FAILED;
3023 }
3024
3025 if (dbg_osreg & PRSR_STICKY_RESET_STATUS)
3026 LOG_DEBUG("target->coreid %" PRId32 " was reset!", target->coreid);
3027
3028 /* Read DBGOSLSR and check if OSLK is implemented */
3029 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3030 armv7a->debug_base + CPUDBG_OSLSR, &dbg_osreg);
3031 if (retval != ERROR_OK)
3032 return retval;
3033 LOG_DEBUG("target->coreid %" PRId32 " DBGOSLSR 0x%" PRIx32, target->coreid, dbg_osreg);
3034
3035 /* check if OS Lock is implemented */
3036 if ((dbg_osreg & OSLSR_OSLM) == OSLSR_OSLM0 || (dbg_osreg & OSLSR_OSLM) == OSLSR_OSLM1) {
3037 /* check if OS Lock is set */
3038 if (dbg_osreg & OSLSR_OSLK) {
3039 LOG_DEBUG("target->coreid %" PRId32 " OSLock set! Trying to unlock", target->coreid);
3040
3041 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3042 armv7a->debug_base + CPUDBG_OSLAR,
3043 0);
3044 if (retval == ERROR_OK)
3045 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3046 armv7a->debug_base + CPUDBG_OSLSR, &dbg_osreg);
3047
3048 /* if we fail to access the register or cannot reset the OSLK bit, bail out */
3049 if (retval != ERROR_OK || (dbg_osreg & OSLSR_OSLK) != 0) {
3050 LOG_ERROR("target->coreid %" PRId32 " OSLock sticky, core not powered?",
3051 target->coreid);
3052 target->state = TARGET_UNKNOWN; /* TARGET_NO_POWER? */
3053 return ERROR_TARGET_INIT_FAILED;
3054 }
3055 }
3056 }
3057
3058 armv7a->arm.core_type = ARM_MODE_MON;
3059
3060 /* Avoid recreating the registers cache */
3061 if (!target_was_examined(target)) {
3062 retval = cortex_a_dpm_setup(cortex_a, didr);
3063 if (retval != ERROR_OK)
3064 return retval;
3065 }
3066
3067 /* Setup Breakpoint Register Pairs */
3068 cortex_a->brp_num = ((didr >> 24) & 0x0F) + 1;
3069 cortex_a->brp_num_context = ((didr >> 20) & 0x0F) + 1;
3070 cortex_a->brp_num_available = cortex_a->brp_num;
3071 free(cortex_a->brp_list);
3072 cortex_a->brp_list = calloc(cortex_a->brp_num, sizeof(struct cortex_a_brp));
3073 /* cortex_a->brb_enabled = ????; */
3074 for (i = 0; i < cortex_a->brp_num; i++) {
3075 cortex_a->brp_list[i].used = 0;
3076 if (i < (cortex_a->brp_num-cortex_a->brp_num_context))
3077 cortex_a->brp_list[i].type = BRP_NORMAL;
3078 else
3079 cortex_a->brp_list[i].type = BRP_CONTEXT;
3080 cortex_a->brp_list[i].value = 0;
3081 cortex_a->brp_list[i].control = 0;
3082 cortex_a->brp_list[i].BRPn = i;
3083 }
3084
3085 LOG_DEBUG("Configured %i hw breakpoints", cortex_a->brp_num);
3086
3087 /* select debug_ap as default */
3088 swjdp->apsel = armv7a->debug_ap->ap_num;
3089
3090 target_set_examined(target);
3091 return ERROR_OK;
3092 }
3093
3094 static int cortex_a_examine(struct target *target)
3095 {
3096 int retval = ERROR_OK;
3097
3098 /* Reestablish communication after target reset */
3099 retval = cortex_a_examine_first(target);
3100
3101 /* Configure core debug access */
3102 if (retval == ERROR_OK)
3103 retval = cortex_a_init_debug_access(target);
3104
3105 return retval;
3106 }
3107
3108 /*
3109 * Cortex-A target creation and initialization
3110 */
3111
3112 static int cortex_a_init_target(struct command_context *cmd_ctx,
3113 struct target *target)
3114 {
3115 /* examine_first() does a bunch of this */
3116 arm_semihosting_init(target);
3117 return ERROR_OK;
3118 }
3119
3120 static int cortex_a_init_arch_info(struct target *target,
3121 struct cortex_a_common *cortex_a, struct jtag_tap *tap)
3122 {
3123 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
3124
3125 /* Setup struct cortex_a_common */
3126 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
3127
3128 /* tap has no dap initialized */
3129 if (!tap->dap) {
3130 tap->dap = dap_init();
3131
3132 /* Leave (only) generic DAP stuff for debugport_init() */
3133 tap->dap->tap = tap;
3134 }
3135
3136 armv7a->arm.dap = tap->dap;
3137
3138 cortex_a->fast_reg_read = 0;
3139
3140 /* register arch-specific functions */
3141 armv7a->examine_debug_reason = NULL;
3142
3143 armv7a->post_debug_entry = cortex_a_post_debug_entry;
3144
3145 armv7a->pre_restore_context = NULL;
3146
3147 armv7a->armv7a_mmu.read_physical_memory = cortex_a_read_phys_memory;
3148
3149
3150 /* arm7_9->handle_target_request = cortex_a_handle_target_request; */
3151
3152 /* REVISIT v7a setup should be in a v7a-specific routine */
3153 armv7a_init_arch_info(target, armv7a);
3154 target_register_timer_callback(cortex_a_handle_target_request, 1, 1, target);
3155
3156 return ERROR_OK;
3157 }
3158
3159 static int cortex_a_target_create(struct target *target, Jim_Interp *interp)
3160 {
3161 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
3162
3163 cortex_a->armv7a_common.is_armv7r = false;
3164
3165 return cortex_a_init_arch_info(target, cortex_a, target->tap);
3166 }
3167
3168 static int cortex_r4_target_create(struct target *target, Jim_Interp *interp)
3169 {
3170 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
3171
3172 cortex_a->armv7a_common.is_armv7r = true;
3173
3174 return cortex_a_init_arch_info(target, cortex_a, target->tap);
3175 }
3176
3177 static void cortex_a_deinit_target(struct target *target)
3178 {
3179 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3180 struct arm_dpm *dpm = &cortex_a->armv7a_common.dpm;
3181
3182 free(cortex_a->brp_list);
3183 free(dpm->dbp);
3184 free(dpm->dwp);
3185 free(cortex_a);
3186 }
3187
3188 static int cortex_a_mmu(struct target *target, int *enabled)
3189 {
3190 struct armv7a_common *armv7a = target_to_armv7a(target);
3191
3192 if (target->state != TARGET_HALTED) {
3193 LOG_ERROR("%s: target not halted", __func__);
3194 return ERROR_TARGET_INVALID;
3195 }
3196
3197 if (armv7a->is_armv7r)
3198 *enabled = 0;
3199 else
3200 *enabled = target_to_cortex_a(target)->armv7a_common.armv7a_mmu.mmu_enabled;
3201
3202 return ERROR_OK;
3203 }
3204
3205 static int cortex_a_virt2phys(struct target *target,
3206 target_addr_t virt, target_addr_t *phys)
3207 {
3208 int retval = ERROR_FAIL;
3209 struct armv7a_common *armv7a = target_to_armv7a(target);
3210 struct adiv5_dap *swjdp = armv7a->arm.dap;
3211 uint8_t apsel = swjdp->apsel;
3212 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num)) {
3213 uint32_t ret;
3214 retval = armv7a_mmu_translate_va(target,
3215 virt, &ret);
3216 if (retval != ERROR_OK)
3217 goto done;
3218 *phys = ret;
3219 } else {/* use this method if armv7a->memory_ap not selected
3220 * mmu must be enable in order to get a correct translation */
3221 retval = cortex_a_mmu_modify(target, 1);
3222 if (retval != ERROR_OK)
3223 goto done;
3224 retval = armv7a_mmu_translate_va_pa(target, (uint32_t)virt,
3225 (uint32_t *)phys, 1);
3226 }
3227 done:
3228 return retval;
3229 }
3230
3231 COMMAND_HANDLER(cortex_a_handle_cache_info_command)
3232 {
3233 struct target *target = get_current_target(CMD_CTX);
3234 struct armv7a_common *armv7a = target_to_armv7a(target);
3235
3236 return armv7a_handle_cache_info_command(CMD_CTX,
3237 &armv7a->armv7a_mmu.armv7a_cache);
3238 }
3239
3240
3241 COMMAND_HANDLER(cortex_a_handle_dbginit_command)
3242 {
3243 struct target *target = get_current_target(CMD_CTX);
3244 if (!target_was_examined(target)) {
3245 LOG_ERROR("target not examined yet");
3246 return ERROR_FAIL;
3247 }
3248
3249 return cortex_a_init_debug_access(target);
3250 }
3251 COMMAND_HANDLER(cortex_a_handle_smp_off_command)
3252 {
3253 struct target *target = get_current_target(CMD_CTX);
3254 /* check target is an smp target */
3255 struct target_list *head;
3256 struct target *curr;
3257 head = target->head;
3258 target->smp = 0;
3259 if (head != (struct target_list *)NULL) {
3260 while (head != (struct target_list *)NULL) {
3261 curr = head->target;
3262 curr->smp = 0;
3263 head = head->next;
3264 }
3265 /* fixes the target display to the debugger */
3266 target->gdb_service->target = target;
3267 }
3268 return ERROR_OK;
3269 }
3270
3271 COMMAND_HANDLER(cortex_a_handle_smp_on_command)
3272 {
3273 struct target *target = get_current_target(CMD_CTX);
3274 struct target_list *head;
3275 struct target *curr;
3276 head = target->head;
3277 if (head != (struct target_list *)NULL) {
3278 target->smp = 1;
3279 while (head != (struct target_list *)NULL) {
3280 curr = head->target;
3281 curr->smp = 1;
3282 head = head->next;
3283 }
3284 }
3285 return ERROR_OK;
3286 }
3287
3288 COMMAND_HANDLER(cortex_a_handle_smp_gdb_command)
3289 {
3290 struct target *target = get_current_target(CMD_CTX);
3291 int retval = ERROR_OK;
3292 struct target_list *head;
3293 head = target->head;
3294 if (head != (struct target_list *)NULL) {
3295 if (CMD_ARGC == 1) {
3296 int coreid = 0;
3297 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], coreid);
3298 if (ERROR_OK != retval)
3299 return retval;
3300 target->gdb_service->core[1] = coreid;
3301
3302 }
3303 command_print(CMD_CTX, "gdb coreid %" PRId32 " -> %" PRId32, target->gdb_service->core[0]
3304 , target->gdb_service->core[1]);
3305 }
3306 return ERROR_OK;
3307 }
3308
3309 COMMAND_HANDLER(handle_cortex_a_mask_interrupts_command)
3310 {
3311 struct target *target = get_current_target(CMD_CTX);
3312 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3313
3314 static const Jim_Nvp nvp_maskisr_modes[] = {
3315 { .name = "off", .value = CORTEX_A_ISRMASK_OFF },
3316 { .name = "on", .value = CORTEX_A_ISRMASK_ON },
3317 { .name = NULL, .value = -1 },
3318 };
3319 const Jim_Nvp *n;
3320
3321 if (CMD_ARGC > 0) {
3322 n = Jim_Nvp_name2value_simple(nvp_maskisr_modes, CMD_ARGV[0]);
3323 if (n->name == NULL) {
3324 LOG_ERROR("Unknown parameter: %s - should be off or on", CMD_ARGV[0]);
3325 return ERROR_COMMAND_SYNTAX_ERROR;
3326 }
3327
3328 cortex_a->isrmasking_mode = n->value;
3329 }
3330
3331 n = Jim_Nvp_value2name_simple(nvp_maskisr_modes, cortex_a->isrmasking_mode);
3332 command_print(CMD_CTX, "cortex_a interrupt mask %s", n->name);
3333
3334 return ERROR_OK;
3335 }
3336
3337 COMMAND_HANDLER(handle_cortex_a_dacrfixup_command)
3338 {
3339 struct target *target = get_current_target(CMD_CTX);
3340 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3341
3342 static const Jim_Nvp nvp_dacrfixup_modes[] = {
3343 { .name = "off", .value = CORTEX_A_DACRFIXUP_OFF },
3344 { .name = "on", .value = CORTEX_A_DACRFIXUP_ON },
3345 { .name = NULL, .value = -1 },
3346 };
3347 const Jim_Nvp *n;
3348
3349 if (CMD_ARGC > 0) {
3350 n = Jim_Nvp_name2value_simple(nvp_dacrfixup_modes, CMD_ARGV[0]);
3351 if (n->name == NULL)
3352 return ERROR_COMMAND_SYNTAX_ERROR;
3353 cortex_a->dacrfixup_mode = n->value;
3354
3355 }
3356
3357 n = Jim_Nvp_value2name_simple(nvp_dacrfixup_modes, cortex_a->dacrfixup_mode);
3358 command_print(CMD_CTX, "cortex_a domain access control fixup %s", n->name);
3359
3360 return ERROR_OK;
3361 }
3362
3363 static const struct command_registration cortex_a_exec_command_handlers[] = {
3364 {
3365 .name = "cache_info",
3366 .handler = cortex_a_handle_cache_info_command,
3367 .mode = COMMAND_EXEC,
3368 .help = "display information about target caches",
3369 .usage = "",
3370 },
3371 {
3372 .name = "dbginit",
3373 .handler = cortex_a_handle_dbginit_command,
3374 .mode = COMMAND_EXEC,
3375 .help = "Initialize core debug",
3376 .usage = "",
3377 },
3378 { .name = "smp_off",
3379 .handler = cortex_a_handle_smp_off_command,
3380 .mode = COMMAND_EXEC,
3381 .help = "Stop smp handling",
3382 .usage = "",},
3383 {
3384 .name = "smp_on",
3385 .handler = cortex_a_handle_smp_on_command,
3386 .mode = COMMAND_EXEC,
3387 .help = "Restart smp handling",
3388 .usage = "",
3389 },
3390 {
3391 .name = "smp_gdb",
3392 .handler = cortex_a_handle_smp_gdb_command,
3393 .mode = COMMAND_EXEC,
3394 .help = "display/fix current core played to gdb",
3395 .usage = "",
3396 },
3397 {
3398 .name = "maskisr",
3399 .handler = handle_cortex_a_mask_interrupts_command,
3400 .mode = COMMAND_ANY,
3401 .help = "mask cortex_a interrupts",
3402 .usage = "['on'|'off']",
3403 },
3404 {
3405 .name = "dacrfixup",
3406 .handler = handle_cortex_a_dacrfixup_command,
3407 .mode = COMMAND_EXEC,
3408 .help = "set domain access control (DACR) to all-manager "
3409 "on memory access",
3410 .usage = "['on'|'off']",
3411 },
3412
3413 COMMAND_REGISTRATION_DONE
3414 };
3415 static const struct command_registration cortex_a_command_handlers[] = {
3416 {
3417 .chain = arm_command_handlers,
3418 },
3419 {
3420 .chain = armv7a_command_handlers,
3421 },
3422 {
3423 .name = "cortex_a",
3424 .mode = COMMAND_ANY,
3425 .help = "Cortex-A command group",
3426 .usage = "",
3427 .chain = cortex_a_exec_command_handlers,
3428 },
3429 COMMAND_REGISTRATION_DONE
3430 };
3431
3432 struct target_type cortexa_target = {
3433 .name = "cortex_a",
3434 .deprecated_name = "cortex_a8",
3435
3436 .poll = cortex_a_poll,
3437 .arch_state = armv7a_arch_state,
3438
3439 .halt = cortex_a_halt,
3440 .resume = cortex_a_resume,
3441 .step = cortex_a_step,
3442
3443 .assert_reset = cortex_a_assert_reset,
3444 .deassert_reset = cortex_a_deassert_reset,
3445
3446 /* REVISIT allow exporting VFP3 registers ... */
3447 .get_gdb_reg_list = arm_get_gdb_reg_list,
3448
3449 .read_memory = cortex_a_read_memory,
3450 .write_memory = cortex_a_write_memory,
3451
3452 .read_buffer = cortex_a_read_buffer,
3453 .write_buffer = cortex_a_write_buffer,
3454
3455 .checksum_memory = arm_checksum_memory,
3456 .blank_check_memory = arm_blank_check_memory,
3457
3458 .run_algorithm = armv4_5_run_algorithm,
3459
3460 .add_breakpoint = cortex_a_add_breakpoint,
3461 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3462 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3463 .remove_breakpoint = cortex_a_remove_breakpoint,
3464 .add_watchpoint = NULL,
3465 .remove_watchpoint = NULL,
3466
3467 .commands = cortex_a_command_handlers,
3468 .target_create = cortex_a_target_create,
3469 .init_target = cortex_a_init_target,
3470 .examine = cortex_a_examine,
3471 .deinit_target = cortex_a_deinit_target,
3472
3473 .read_phys_memory = cortex_a_read_phys_memory,
3474 .write_phys_memory = cortex_a_write_phys_memory,
3475 .mmu = cortex_a_mmu,
3476 .virt2phys = cortex_a_virt2phys,
3477 };
3478
3479 static const struct command_registration cortex_r4_exec_command_handlers[] = {
3480 {
3481 .name = "cache_info",
3482 .handler = cortex_a_handle_cache_info_command,
3483 .mode = COMMAND_EXEC,
3484 .help = "display information about target caches",
3485 .usage = "",
3486 },
3487 {
3488 .name = "dbginit",
3489 .handler = cortex_a_handle_dbginit_command,
3490 .mode = COMMAND_EXEC,
3491 .help = "Initialize core debug",
3492 .usage = "",
3493 },
3494 {
3495 .name = "maskisr",
3496 .handler = handle_cortex_a_mask_interrupts_command,
3497 .mode = COMMAND_EXEC,
3498 .help = "mask cortex_r4 interrupts",
3499 .usage = "['on'|'off']",
3500 },
3501
3502 COMMAND_REGISTRATION_DONE
3503 };
3504 static const struct command_registration cortex_r4_command_handlers[] = {
3505 {
3506 .chain = arm_command_handlers,
3507 },
3508 {
3509 .chain = armv7a_command_handlers,
3510 },
3511 {
3512 .name = "cortex_r4",
3513 .mode = COMMAND_ANY,
3514 .help = "Cortex-R4 command group",
3515 .usage = "",
3516 .chain = cortex_r4_exec_command_handlers,
3517 },
3518 COMMAND_REGISTRATION_DONE
3519 };
3520
3521 struct target_type cortexr4_target = {
3522 .name = "cortex_r4",
3523
3524 .poll = cortex_a_poll,
3525 .arch_state = armv7a_arch_state,
3526
3527 .halt = cortex_a_halt,
3528 .resume = cortex_a_resume,
3529 .step = cortex_a_step,
3530
3531 .assert_reset = cortex_a_assert_reset,
3532 .deassert_reset = cortex_a_deassert_reset,
3533
3534 /* REVISIT allow exporting VFP3 registers ... */
3535 .get_gdb_reg_list = arm_get_gdb_reg_list,
3536
3537 .read_memory = cortex_a_read_phys_memory,
3538 .write_memory = cortex_a_write_phys_memory,
3539
3540 .checksum_memory = arm_checksum_memory,
3541 .blank_check_memory = arm_blank_check_memory,
3542
3543 .run_algorithm = armv4_5_run_algorithm,
3544
3545 .add_breakpoint = cortex_a_add_breakpoint,
3546 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3547 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3548 .remove_breakpoint = cortex_a_remove_breakpoint,
3549 .add_watchpoint = NULL,
3550 .remove_watchpoint = NULL,
3551
3552 .commands = cortex_r4_command_handlers,
3553 .target_create = cortex_r4_target_create,
3554 .init_target = cortex_a_init_target,
3555 .examine = cortex_a_examine,
3556 .deinit_target = cortex_a_deinit_target,
3557 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)