Code Review / openocd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
target/cortex_a: fix number of watchpoints
[openocd.git] / src / target / cortex_a.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2006 by Magnus Lundin *
6 * lundin@mlu.mine.nu *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
13 * *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
16 * *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
19 * *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex-R4 support *
22 * *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
25 * *
26 * Copyright (C) 2016 Chengyu Zheng *
27 * chengyu.zheng@polimi.it : watchpoint support *
28 * *
29 * This program is free software; you can redistribute it and/or modify *
30 * it under the terms of the GNU General Public License as published by *
31 * the Free Software Foundation; either version 2 of the License, or *
32 * (at your option) any later version. *
33 * *
34 * This program is distributed in the hope that it will be useful, *
35 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
36 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
37 * GNU General Public License for more details. *
38 * *
39 * You should have received a copy of the GNU General Public License *
40 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
41 * *
42 * Cortex-A8(tm) TRM, ARM DDI 0344H *
43 * Cortex-A9(tm) TRM, ARM DDI 0407F *
44 * Cortex-A4(tm) TRM, ARM DDI 0363E *
45 * Cortex-A15(tm)TRM, ARM DDI 0438C *
46 * *
47 ***************************************************************************/
48
49 #ifdef HAVE_CONFIG_H
50 #include "config.h"
51 #endif
52
53 #include "breakpoints.h"
54 #include "cortex_a.h"
55 #include "register.h"
56 #include "armv7a_mmu.h"
57 #include "target_request.h"
58 #include "target_type.h"
59 #include "arm_opcodes.h"
60 #include "arm_semihosting.h"
61 #include "jtag/interface.h"
62 #include "transport/transport.h"
63 #include "smp.h"
64 #include <helper/time_support.h>
65
66 static int cortex_a_poll(struct target *target);
67 static int cortex_a_debug_entry(struct target *target);
68 static int cortex_a_restore_context(struct target *target, bool bpwp);
69 static int cortex_a_set_breakpoint(struct target *target,
70 struct breakpoint *breakpoint, uint8_t matchmode);
71 static int cortex_a_set_context_breakpoint(struct target *target,
72 struct breakpoint *breakpoint, uint8_t matchmode);
73 static int cortex_a_set_hybrid_breakpoint(struct target *target,
74 struct breakpoint *breakpoint);
75 static int cortex_a_unset_breakpoint(struct target *target,
76 struct breakpoint *breakpoint);
77 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
78 uint32_t value, uint32_t *dscr);
79 static int cortex_a_mmu(struct target *target, int *enabled);
80 static int cortex_a_mmu_modify(struct target *target, int enable);
81 static int cortex_a_virt2phys(struct target *target,
82 target_addr_t virt, target_addr_t *phys);
83 static int cortex_a_read_cpu_memory(struct target *target,
84 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
85
86 static unsigned int ilog2(unsigned int x)
87 {
88 unsigned int y = 0;
89 x /= 2;
90 while (x) {
91 ++y;
92 x /= 2;
93 }
94 return y;
95 }
96
97 /* restore cp15_control_reg at resume */
98 static int cortex_a_restore_cp15_control_reg(struct target *target)
99 {
100 int retval = ERROR_OK;
101 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
102 struct armv7a_common *armv7a = target_to_armv7a(target);
103
104 if (cortex_a->cp15_control_reg != cortex_a->cp15_control_reg_curr) {
105 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
106 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
107 retval = armv7a->arm.mcr(target, 15,
108 0, 0, /* op1, op2 */
109 1, 0, /* CRn, CRm */
110 cortex_a->cp15_control_reg);
111 }
112 return retval;
113 }
114
115 /*
116 * Set up ARM core for memory access.
117 * If !phys_access, switch to SVC mode and make sure MMU is on
118 * If phys_access, switch off mmu
119 */
120 static int cortex_a_prep_memaccess(struct target *target, int phys_access)
121 {
122 struct armv7a_common *armv7a = target_to_armv7a(target);
123 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
124 int mmu_enabled = 0;
125
126 if (phys_access == 0) {
127 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
128 cortex_a_mmu(target, &mmu_enabled);
129 if (mmu_enabled)
130 cortex_a_mmu_modify(target, 1);
131 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
132 /* overwrite DACR to all-manager */
133 armv7a->arm.mcr(target, 15,
134 0, 0, 3, 0,
135 0xFFFFFFFF);
136 }
137 } else {
138 cortex_a_mmu(target, &mmu_enabled);
139 if (mmu_enabled)
140 cortex_a_mmu_modify(target, 0);
141 }
142 return ERROR_OK;
143 }
144
145 /*
146 * Restore ARM core after memory access.
147 * If !phys_access, switch to previous mode
148 * If phys_access, restore MMU setting
149 */
150 static int cortex_a_post_memaccess(struct target *target, int phys_access)
151 {
152 struct armv7a_common *armv7a = target_to_armv7a(target);
153 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
154
155 if (phys_access == 0) {
156 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
157 /* restore */
158 armv7a->arm.mcr(target, 15,
159 0, 0, 3, 0,
160 cortex_a->cp15_dacr_reg);
161 }
162 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
163 } else {
164 int mmu_enabled = 0;
165 cortex_a_mmu(target, &mmu_enabled);
166 if (mmu_enabled)
167 cortex_a_mmu_modify(target, 1);
168 }
169 return ERROR_OK;
170 }
171
172
173 /* modify cp15_control_reg in order to enable or disable mmu for :
174 * - virt2phys address conversion
175 * - read or write memory in phys or virt address */
176 static int cortex_a_mmu_modify(struct target *target, int enable)
177 {
178 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
179 struct armv7a_common *armv7a = target_to_armv7a(target);
180 int retval = ERROR_OK;
181 int need_write = 0;
182
183 if (enable) {
184 /* if mmu enabled at target stop and mmu not enable */
185 if (!(cortex_a->cp15_control_reg & 0x1U)) {
186 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
187 return ERROR_FAIL;
188 }
189 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0) {
190 cortex_a->cp15_control_reg_curr |= 0x1U;
191 need_write = 1;
192 }
193 } else {
194 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0x1U) {
195 cortex_a->cp15_control_reg_curr &= ~0x1U;
196 need_write = 1;
197 }
198 }
199
200 if (need_write) {
201 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32,
202 enable ? "enable mmu" : "disable mmu",
203 cortex_a->cp15_control_reg_curr);
204
205 retval = armv7a->arm.mcr(target, 15,
206 0, 0, /* op1, op2 */
207 1, 0, /* CRn, CRm */
208 cortex_a->cp15_control_reg_curr);
209 }
210 return retval;
211 }
212
213 /*
214 * Cortex-A Basic debug access, very low level assumes state is saved
215 */
216 static int cortex_a_init_debug_access(struct target *target)
217 {
218 struct armv7a_common *armv7a = target_to_armv7a(target);
219 uint32_t dscr;
220 int retval;
221
222 /* lock memory-mapped access to debug registers to prevent
223 * software interference */
224 retval = mem_ap_write_u32(armv7a->debug_ap,
225 armv7a->debug_base + CPUDBG_LOCKACCESS, 0);
226 if (retval != ERROR_OK)
227 return retval;
228
229 /* Disable cacheline fills and force cache write-through in debug state */
230 retval = mem_ap_write_u32(armv7a->debug_ap,
231 armv7a->debug_base + CPUDBG_DSCCR, 0);
232 if (retval != ERROR_OK)
233 return retval;
234
235 /* Disable TLB lookup and refill/eviction in debug state */
236 retval = mem_ap_write_u32(armv7a->debug_ap,
237 armv7a->debug_base + CPUDBG_DSMCR, 0);
238 if (retval != ERROR_OK)
239 return retval;
240
241 retval = dap_run(armv7a->debug_ap->dap);
242 if (retval != ERROR_OK)
243 return retval;
244
245 /* Enabling of instruction execution in debug mode is done in debug_entry code */
246
247 /* Resync breakpoint registers */
248
249 /* Enable halt for breakpoint, watchpoint and vector catch */
250 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
251 armv7a->debug_base + CPUDBG_DSCR, &dscr);
252 if (retval != ERROR_OK)
253 return retval;
254 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
255 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
256 if (retval != ERROR_OK)
257 return retval;
258
259 /* Since this is likely called from init or reset, update target state information*/
260 return cortex_a_poll(target);
261 }
262
263 static int cortex_a_wait_instrcmpl(struct target *target, uint32_t *dscr, bool force)
264 {
265 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
266 * Writes final value of DSCR into *dscr. Pass force to force always
267 * reading DSCR at least once. */
268 struct armv7a_common *armv7a = target_to_armv7a(target);
269 int retval;
270
271 if (force) {
272 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
273 armv7a->debug_base + CPUDBG_DSCR, dscr);
274 if (retval != ERROR_OK) {
275 LOG_ERROR("Could not read DSCR register");
276 return retval;
277 }
278 }
279
280 retval = cortex_a_wait_dscr_bits(target, DSCR_INSTR_COMP, DSCR_INSTR_COMP, dscr);
281 if (retval != ERROR_OK)
282 LOG_ERROR("Error waiting for InstrCompl=1");
283 return retval;
284 }
285
286 /* To reduce needless round-trips, pass in a pointer to the current
287 * DSCR value. Initialize it to zero if you just need to know the
288 * value on return from this function; or DSCR_INSTR_COMP if you
289 * happen to know that no instruction is pending.
290 */
291 static int cortex_a_exec_opcode(struct target *target,
292 uint32_t opcode, uint32_t *dscr_p)
293 {
294 uint32_t dscr;
295 int retval;
296 struct armv7a_common *armv7a = target_to_armv7a(target);
297
298 dscr = dscr_p ? *dscr_p : 0;
299
300 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
301
302 /* Wait for InstrCompl bit to be set */
303 retval = cortex_a_wait_instrcmpl(target, dscr_p, false);
304 if (retval != ERROR_OK)
305 return retval;
306
307 retval = mem_ap_write_u32(armv7a->debug_ap,
308 armv7a->debug_base + CPUDBG_ITR, opcode);
309 if (retval != ERROR_OK)
310 return retval;
311
312 /* Wait for InstrCompl bit to be set */
313 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
314 if (retval != ERROR_OK) {
315 LOG_ERROR("Error waiting for cortex_a_exec_opcode");
316 return retval;
317 }
318
319 if (dscr_p)
320 *dscr_p = dscr;
321
322 return retval;
323 }
324
325 /* Write to memory mapped registers directly with no cache or mmu handling */
326 static int cortex_a_dap_write_memap_register_u32(struct target *target,
327 uint32_t address,
328 uint32_t value)
329 {
330 int retval;
331 struct armv7a_common *armv7a = target_to_armv7a(target);
332
333 retval = mem_ap_write_atomic_u32(armv7a->debug_ap, address, value);
334
335 return retval;
336 }
337
338 /*
339 * Cortex-A implementation of Debug Programmer's Model
340 *
341 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
342 * so there's no need to poll for it before executing an instruction.
343 *
344 * NOTE that in several of these cases the "stall" mode might be useful.
345 * It'd let us queue a few operations together... prepare/finish might
346 * be the places to enable/disable that mode.
347 */
348
349 static inline struct cortex_a_common *dpm_to_a(struct arm_dpm *dpm)
350 {
351 return container_of(dpm, struct cortex_a_common, armv7a_common.dpm);
352 }
353
354 static int cortex_a_write_dcc(struct cortex_a_common *a, uint32_t data)
355 {
356 LOG_DEBUG("write DCC 0x%08" PRIx32, data);
357 return mem_ap_write_u32(a->armv7a_common.debug_ap,
358 a->armv7a_common.debug_base + CPUDBG_DTRRX, data);
359 }
360
361 static int cortex_a_read_dcc(struct cortex_a_common *a, uint32_t *data,
362 uint32_t *dscr_p)
363 {
364 uint32_t dscr = DSCR_INSTR_COMP;
365 int retval;
366
367 if (dscr_p)
368 dscr = *dscr_p;
369
370 /* Wait for DTRRXfull */
371 retval = cortex_a_wait_dscr_bits(a->armv7a_common.arm.target,
372 DSCR_DTR_TX_FULL, DSCR_DTR_TX_FULL, &dscr);
373 if (retval != ERROR_OK) {
374 LOG_ERROR("Error waiting for read dcc");
375 return retval;
376 }
377
378 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
379 a->armv7a_common.debug_base + CPUDBG_DTRTX, data);
380 if (retval != ERROR_OK)
381 return retval;
382 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
383
384 if (dscr_p)
385 *dscr_p = dscr;
386
387 return retval;
388 }
389
390 static int cortex_a_dpm_prepare(struct arm_dpm *dpm)
391 {
392 struct cortex_a_common *a = dpm_to_a(dpm);
393 uint32_t dscr;
394 int retval;
395
396 /* set up invariant: INSTR_COMP is set after ever DPM operation */
397 retval = cortex_a_wait_instrcmpl(dpm->arm->target, &dscr, true);
398 if (retval != ERROR_OK) {
399 LOG_ERROR("Error waiting for dpm prepare");
400 return retval;
401 }
402
403 /* this "should never happen" ... */
404 if (dscr & DSCR_DTR_RX_FULL) {
405 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
406 /* Clear DCCRX */
407 retval = cortex_a_exec_opcode(
408 a->armv7a_common.arm.target,
409 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
410 &dscr);
411 if (retval != ERROR_OK)
412 return retval;
413 }
414
415 return retval;
416 }
417
418 static int cortex_a_dpm_finish(struct arm_dpm *dpm)
419 {
420 /* REVISIT what could be done here? */
421 return ERROR_OK;
422 }
423
424 static int cortex_a_instr_write_data_dcc(struct arm_dpm *dpm,
425 uint32_t opcode, uint32_t data)
426 {
427 struct cortex_a_common *a = dpm_to_a(dpm);
428 int retval;
429 uint32_t dscr = DSCR_INSTR_COMP;
430
431 retval = cortex_a_write_dcc(a, data);
432 if (retval != ERROR_OK)
433 return retval;
434
435 return cortex_a_exec_opcode(
436 a->armv7a_common.arm.target,
437 opcode,
438 &dscr);
439 }
440
441 static int cortex_a_instr_write_data_rt_dcc(struct arm_dpm *dpm,
442 uint8_t rt, uint32_t data)
443 {
444 struct cortex_a_common *a = dpm_to_a(dpm);
445 uint32_t dscr = DSCR_INSTR_COMP;
446 int retval;
447
448 if (rt > 15)
449 return ERROR_TARGET_INVALID;
450
451 retval = cortex_a_write_dcc(a, data);
452 if (retval != ERROR_OK)
453 return retval;
454
455 /* DCCRX to Rt, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
456 return cortex_a_exec_opcode(
457 a->armv7a_common.arm.target,
458 ARMV4_5_MRC(14, 0, rt, 0, 5, 0),
459 &dscr);
460 }
461
462 static int cortex_a_instr_write_data_r0(struct arm_dpm *dpm,
463 uint32_t opcode, uint32_t data)
464 {
465 struct cortex_a_common *a = dpm_to_a(dpm);
466 uint32_t dscr = DSCR_INSTR_COMP;
467 int retval;
468
469 retval = cortex_a_instr_write_data_rt_dcc(dpm, 0, data);
470 if (retval != ERROR_OK)
471 return retval;
472
473 /* then the opcode, taking data from R0 */
474 retval = cortex_a_exec_opcode(
475 a->armv7a_common.arm.target,
476 opcode,
477 &dscr);
478
479 return retval;
480 }
481
482 static int cortex_a_instr_cpsr_sync(struct arm_dpm *dpm)
483 {
484 struct target *target = dpm->arm->target;
485 uint32_t dscr = DSCR_INSTR_COMP;
486
487 /* "Prefetch flush" after modifying execution status in CPSR */
488 return cortex_a_exec_opcode(target,
489 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
490 &dscr);
491 }
492
493 static int cortex_a_instr_read_data_dcc(struct arm_dpm *dpm,
494 uint32_t opcode, uint32_t *data)
495 {
496 struct cortex_a_common *a = dpm_to_a(dpm);
497 int retval;
498 uint32_t dscr = DSCR_INSTR_COMP;
499
500 /* the opcode, writing data to DCC */
501 retval = cortex_a_exec_opcode(
502 a->armv7a_common.arm.target,
503 opcode,
504 &dscr);
505 if (retval != ERROR_OK)
506 return retval;
507
508 return cortex_a_read_dcc(a, data, &dscr);
509 }
510
511 static int cortex_a_instr_read_data_rt_dcc(struct arm_dpm *dpm,
512 uint8_t rt, uint32_t *data)
513 {
514 struct cortex_a_common *a = dpm_to_a(dpm);
515 uint32_t dscr = DSCR_INSTR_COMP;
516 int retval;
517
518 if (rt > 15)
519 return ERROR_TARGET_INVALID;
520
521 retval = cortex_a_exec_opcode(
522 a->armv7a_common.arm.target,
523 ARMV4_5_MCR(14, 0, rt, 0, 5, 0),
524 &dscr);
525 if (retval != ERROR_OK)
526 return retval;
527
528 return cortex_a_read_dcc(a, data, &dscr);
529 }
530
531 static int cortex_a_instr_read_data_r0(struct arm_dpm *dpm,
532 uint32_t opcode, uint32_t *data)
533 {
534 struct cortex_a_common *a = dpm_to_a(dpm);
535 uint32_t dscr = DSCR_INSTR_COMP;
536 int retval;
537
538 /* the opcode, writing data to R0 */
539 retval = cortex_a_exec_opcode(
540 a->armv7a_common.arm.target,
541 opcode,
542 &dscr);
543 if (retval != ERROR_OK)
544 return retval;
545
546 /* write R0 to DCC */
547 return cortex_a_instr_read_data_rt_dcc(dpm, 0, data);
548 }
549
550 static int cortex_a_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
551 uint32_t addr, uint32_t control)
552 {
553 struct cortex_a_common *a = dpm_to_a(dpm);
554 uint32_t vr = a->armv7a_common.debug_base;
555 uint32_t cr = a->armv7a_common.debug_base;
556 int retval;
557
558 switch (index_t) {
559 case 0 ... 15: /* breakpoints */
560 vr += CPUDBG_BVR_BASE;
561 cr += CPUDBG_BCR_BASE;
562 break;
563 case 16 ... 31: /* watchpoints */
564 vr += CPUDBG_WVR_BASE;
565 cr += CPUDBG_WCR_BASE;
566 index_t -= 16;
567 break;
568 default:
569 return ERROR_FAIL;
570 }
571 vr += 4 * index_t;
572 cr += 4 * index_t;
573
574 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
575 (unsigned) vr, (unsigned) cr);
576
577 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
578 vr, addr);
579 if (retval != ERROR_OK)
580 return retval;
581 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
582 cr, control);
583 return retval;
584 }
585
586 static int cortex_a_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
587 {
588 struct cortex_a_common *a = dpm_to_a(dpm);
589 uint32_t cr;
590
591 switch (index_t) {
592 case 0 ... 15:
593 cr = a->armv7a_common.debug_base + CPUDBG_BCR_BASE;
594 break;
595 case 16 ... 31:
596 cr = a->armv7a_common.debug_base + CPUDBG_WCR_BASE;
597 index_t -= 16;
598 break;
599 default:
600 return ERROR_FAIL;
601 }
602 cr += 4 * index_t;
603
604 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr);
605
606 /* clear control register */
607 return cortex_a_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
608 }
609
610 static int cortex_a_dpm_setup(struct cortex_a_common *a, uint32_t didr)
611 {
612 struct arm_dpm *dpm = &a->armv7a_common.dpm;
613 int retval;
614
615 dpm->arm = &a->armv7a_common.arm;
616 dpm->didr = didr;
617
618 dpm->prepare = cortex_a_dpm_prepare;
619 dpm->finish = cortex_a_dpm_finish;
620
621 dpm->instr_write_data_dcc = cortex_a_instr_write_data_dcc;
622 dpm->instr_write_data_r0 = cortex_a_instr_write_data_r0;
623 dpm->instr_cpsr_sync = cortex_a_instr_cpsr_sync;
624
625 dpm->instr_read_data_dcc = cortex_a_instr_read_data_dcc;
626 dpm->instr_read_data_r0 = cortex_a_instr_read_data_r0;
627
628 dpm->bpwp_enable = cortex_a_bpwp_enable;
629 dpm->bpwp_disable = cortex_a_bpwp_disable;
630
631 retval = arm_dpm_setup(dpm);
632 if (retval == ERROR_OK)
633 retval = arm_dpm_initialize(dpm);
634
635 return retval;
636 }
637 static struct target *get_cortex_a(struct target *target, int32_t coreid)
638 {
639 struct target_list *head;
640 struct target *curr;
641
642 head = target->head;
643 while (head != (struct target_list *)NULL) {
644 curr = head->target;
645 if ((curr->coreid == coreid) && (curr->state == TARGET_HALTED))
646 return curr;
647 head = head->next;
648 }
649 return target;
650 }
651 static int cortex_a_halt(struct target *target);
652
653 static int cortex_a_halt_smp(struct target *target)
654 {
655 int retval = 0;
656 struct target_list *head;
657 struct target *curr;
658 head = target->head;
659 while (head != (struct target_list *)NULL) {
660 curr = head->target;
661 if ((curr != target) && (curr->state != TARGET_HALTED)
662 && target_was_examined(curr))
663 retval += cortex_a_halt(curr);
664 head = head->next;
665 }
666 return retval;
667 }
668
669 static int update_halt_gdb(struct target *target)
670 {
671 struct target *gdb_target = NULL;
672 struct target_list *head;
673 struct target *curr;
674 int retval = 0;
675
676 if (target->gdb_service && target->gdb_service->core[0] == -1) {
677 target->gdb_service->target = target;
678 target->gdb_service->core[0] = target->coreid;
679 retval += cortex_a_halt_smp(target);
680 }
681
682 if (target->gdb_service)
683 gdb_target = target->gdb_service->target;
684
685 foreach_smp_target(head, target->head) {
686 curr = head->target;
687 /* skip calling context */
688 if (curr == target)
689 continue;
690 if (!target_was_examined(curr))
691 continue;
692 /* skip targets that were already halted */
693 if (curr->state == TARGET_HALTED)
694 continue;
695 /* Skip gdb_target; it alerts GDB so has to be polled as last one */
696 if (curr == gdb_target)
697 continue;
698
699 /* avoid recursion in cortex_a_poll() */
700 curr->smp = 0;
701 cortex_a_poll(curr);
702 curr->smp = 1;
703 }
704
705 /* after all targets were updated, poll the gdb serving target */
706 if (gdb_target != NULL && gdb_target != target)
707 cortex_a_poll(gdb_target);
708 return retval;
709 }
710
711 /*
712 * Cortex-A Run control
713 */
714
715 static int cortex_a_poll(struct target *target)
716 {
717 int retval = ERROR_OK;
718 uint32_t dscr;
719 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
720 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
721 enum target_state prev_target_state = target->state;
722 /* toggle to another core is done by gdb as follow */
723 /* maint packet J core_id */
724 /* continue */
725 /* the next polling trigger an halt event sent to gdb */
726 if ((target->state == TARGET_HALTED) && (target->smp) &&
727 (target->gdb_service) &&
728 (target->gdb_service->target == NULL)) {
729 target->gdb_service->target =
730 get_cortex_a(target, target->gdb_service->core[1]);
731 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
732 return retval;
733 }
734 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
735 armv7a->debug_base + CPUDBG_DSCR, &dscr);
736 if (retval != ERROR_OK)
737 return retval;
738 cortex_a->cpudbg_dscr = dscr;
739
740 if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED)) {
741 if (prev_target_state != TARGET_HALTED) {
742 /* We have a halting debug event */
743 LOG_DEBUG("Target halted");
744 target->state = TARGET_HALTED;
745
746 retval = cortex_a_debug_entry(target);
747 if (retval != ERROR_OK)
748 return retval;
749
750 if (target->smp) {
751 retval = update_halt_gdb(target);
752 if (retval != ERROR_OK)
753 return retval;
754 }
755
756 if (prev_target_state == TARGET_DEBUG_RUNNING) {
757 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
758 } else { /* prev_target_state is RUNNING, UNKNOWN or RESET */
759 if (arm_semihosting(target, &retval) != 0)
760 return retval;
761
762 target_call_event_callbacks(target,
763 TARGET_EVENT_HALTED);
764 }
765 }
766 } else
767 target->state = TARGET_RUNNING;
768
769 return retval;
770 }
771
772 static int cortex_a_halt(struct target *target)
773 {
774 int retval;
775 uint32_t dscr;
776 struct armv7a_common *armv7a = target_to_armv7a(target);
777
778 /*
779 * Tell the core to be halted by writing DRCR with 0x1
780 * and then wait for the core to be halted.
781 */
782 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
783 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
784 if (retval != ERROR_OK)
785 return retval;
786
787 dscr = 0; /* force read of dscr */
788 retval = cortex_a_wait_dscr_bits(target, DSCR_CORE_HALTED,
789 DSCR_CORE_HALTED, &dscr);
790 if (retval != ERROR_OK) {
791 LOG_ERROR("Error waiting for halt");
792 return retval;
793 }
794
795 target->debug_reason = DBG_REASON_DBGRQ;
796
797 return ERROR_OK;
798 }
799
800 static int cortex_a_internal_restore(struct target *target, int current,
801 target_addr_t *address, int handle_breakpoints, int debug_execution)
802 {
803 struct armv7a_common *armv7a = target_to_armv7a(target);
804 struct arm *arm = &armv7a->arm;
805 int retval;
806 uint32_t resume_pc;
807
808 if (!debug_execution)
809 target_free_all_working_areas(target);
810
811 #if 0
812 if (debug_execution) {
813 /* Disable interrupts */
814 /* We disable interrupts in the PRIMASK register instead of
815 * masking with C_MASKINTS,
816 * This is probably the same issue as Cortex-M3 Errata 377493:
817 * C_MASKINTS in parallel with disabled interrupts can cause
818 * local faults to not be taken. */
819 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
820 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = true;
821 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = true;
822
823 /* Make sure we are in Thumb mode */
824 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
825 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0,
826 32) | (1 << 24));
827 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = true;
828 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = true;
829 }
830 #endif
831
832 /* current = 1: continue on current pc, otherwise continue at <address> */
833 resume_pc = buf_get_u32(arm->pc->value, 0, 32);
834 if (!current)
835 resume_pc = *address;
836 else
837 *address = resume_pc;
838
839 /* Make sure that the Armv7 gdb thumb fixups does not
840 * kill the return address
841 */
842 switch (arm->core_state) {
843 case ARM_STATE_ARM:
844 resume_pc &= 0xFFFFFFFC;
845 break;
846 case ARM_STATE_THUMB:
847 case ARM_STATE_THUMB_EE:
848 /* When the return address is loaded into PC
849 * bit 0 must be 1 to stay in Thumb state
850 */
851 resume_pc |= 0x1;
852 break;
853 case ARM_STATE_JAZELLE:
854 LOG_ERROR("How do I resume into Jazelle state??");
855 return ERROR_FAIL;
856 case ARM_STATE_AARCH64:
857 LOG_ERROR("Shouldn't be in AARCH64 state");
858 return ERROR_FAIL;
859 }
860 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
861 buf_set_u32(arm->pc->value, 0, 32, resume_pc);
862 arm->pc->dirty = true;
863 arm->pc->valid = true;
864
865 /* restore dpm_mode at system halt */
866 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
867 /* called it now before restoring context because it uses cpu
868 * register r0 for restoring cp15 control register */
869 retval = cortex_a_restore_cp15_control_reg(target);
870 if (retval != ERROR_OK)
871 return retval;
872 retval = cortex_a_restore_context(target, handle_breakpoints);
873 if (retval != ERROR_OK)
874 return retval;
875 target->debug_reason = DBG_REASON_NOTHALTED;
876 target->state = TARGET_RUNNING;
877
878 /* registers are now invalid */
879 register_cache_invalidate(arm->core_cache);
880
881 #if 0
882 /* the front-end may request us not to handle breakpoints */
883 if (handle_breakpoints) {
884 /* Single step past breakpoint at current address */
885 breakpoint = breakpoint_find(target, resume_pc);
886 if (breakpoint) {
887 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
888 cortex_m3_unset_breakpoint(target, breakpoint);
889 cortex_m3_single_step_core(target);
890 cortex_m3_set_breakpoint(target, breakpoint);
891 }
892 }
893
894 #endif
895 return retval;
896 }
897
898 static int cortex_a_internal_restart(struct target *target)
899 {
900 struct armv7a_common *armv7a = target_to_armv7a(target);
901 struct arm *arm = &armv7a->arm;
902 int retval;
903 uint32_t dscr;
904 /*
905 * * Restart core and wait for it to be started. Clear ITRen and sticky
906 * * exception flags: see ARMv7 ARM, C5.9.
907 *
908 * REVISIT: for single stepping, we probably want to
909 * disable IRQs by default, with optional override...
910 */
911
912 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
913 armv7a->debug_base + CPUDBG_DSCR, &dscr);
914 if (retval != ERROR_OK)
915 return retval;
916
917 if ((dscr & DSCR_INSTR_COMP) == 0)
918 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
919
920 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
921 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
922 if (retval != ERROR_OK)
923 return retval;
924
925 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
926 armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART |
927 DRCR_CLEAR_EXCEPTIONS);
928 if (retval != ERROR_OK)
929 return retval;
930
931 dscr = 0; /* force read of dscr */
932 retval = cortex_a_wait_dscr_bits(target, DSCR_CORE_RESTARTED,
933 DSCR_CORE_RESTARTED, &dscr);
934 if (retval != ERROR_OK) {
935 LOG_ERROR("Error waiting for resume");
936 return retval;
937 }
938
939 target->debug_reason = DBG_REASON_NOTHALTED;
940 target->state = TARGET_RUNNING;
941
942 /* registers are now invalid */
943 register_cache_invalidate(arm->core_cache);
944
945 return ERROR_OK;
946 }
947
948 static int cortex_a_restore_smp(struct target *target, int handle_breakpoints)
949 {
950 int retval = 0;
951 struct target_list *head;
952 struct target *curr;
953 target_addr_t address;
954 head = target->head;
955 while (head != (struct target_list *)NULL) {
956 curr = head->target;
957 if ((curr != target) && (curr->state != TARGET_RUNNING)
958 && target_was_examined(curr)) {
959 /* resume current address , not in step mode */
960 retval += cortex_a_internal_restore(curr, 1, &address,
961 handle_breakpoints, 0);
962 retval += cortex_a_internal_restart(curr);
963 }
964 head = head->next;
965
966 }
967 return retval;
968 }
969
970 static int cortex_a_resume(struct target *target, int current,
971 target_addr_t address, int handle_breakpoints, int debug_execution)
972 {
973 int retval = 0;
974 /* dummy resume for smp toggle in order to reduce gdb impact */
975 if ((target->smp) && (target->gdb_service->core[1] != -1)) {
976 /* simulate a start and halt of target */
977 target->gdb_service->target = NULL;
978 target->gdb_service->core[0] = target->gdb_service->core[1];
979 /* fake resume at next poll we play the target core[1], see poll*/
980 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
981 return 0;
982 }
983 cortex_a_internal_restore(target, current, &address, handle_breakpoints, debug_execution);
984 if (target->smp) {
985 target->gdb_service->core[0] = -1;
986 retval = cortex_a_restore_smp(target, handle_breakpoints);
987 if (retval != ERROR_OK)
988 return retval;
989 }
990 cortex_a_internal_restart(target);
991
992 if (!debug_execution) {
993 target->state = TARGET_RUNNING;
994 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
995 LOG_DEBUG("target resumed at " TARGET_ADDR_FMT, address);
996 } else {
997 target->state = TARGET_DEBUG_RUNNING;
998 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
999 LOG_DEBUG("target debug resumed at " TARGET_ADDR_FMT, address);
1000 }
1001
1002 return ERROR_OK;
1003 }
1004
1005 static int cortex_a_debug_entry(struct target *target)
1006 {
1007 uint32_t dscr;
1008 int retval = ERROR_OK;
1009 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1010 struct armv7a_common *armv7a = target_to_armv7a(target);
1011 struct arm *arm = &armv7a->arm;
1012
1013 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a->cpudbg_dscr);
1014
1015 /* REVISIT surely we should not re-read DSCR !! */
1016 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1017 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1018 if (retval != ERROR_OK)
1019 return retval;
1020
1021 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1022 * imprecise data aborts get discarded by issuing a Data
1023 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1024 */
1025
1026 /* Enable the ITR execution once we are in debug mode */
1027 dscr |= DSCR_ITR_EN;
1028 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1029 armv7a->debug_base + CPUDBG_DSCR, dscr);
1030 if (retval != ERROR_OK)
1031 return retval;
1032
1033 /* Examine debug reason */
1034 arm_dpm_report_dscr(&armv7a->dpm, cortex_a->cpudbg_dscr);
1035
1036 /* save address of instruction that triggered the watchpoint? */
1037 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
1038 uint32_t wfar;
1039
1040 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1041 armv7a->debug_base + CPUDBG_WFAR,
1042 &wfar);
1043 if (retval != ERROR_OK)
1044 return retval;
1045 arm_dpm_report_wfar(&armv7a->dpm, wfar);
1046 }
1047
1048 /* First load register accessible through core debug port */
1049 retval = arm_dpm_read_current_registers(&armv7a->dpm);
1050 if (retval != ERROR_OK)
1051 return retval;
1052
1053 if (arm->spsr) {
1054 /* read SPSR */
1055 retval = arm_dpm_read_reg(&armv7a->dpm, arm->spsr, 17);
1056 if (retval != ERROR_OK)
1057 return retval;
1058 }
1059
1060 #if 0
1061 /* TODO, Move this */
1062 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1063 cortex_a_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1064 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1065
1066 cortex_a_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1067 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1068
1069 cortex_a_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1070 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1071 #endif
1072
1073 /* Are we in an exception handler */
1074 /* armv4_5->exception_number = 0; */
1075 if (armv7a->post_debug_entry) {
1076 retval = armv7a->post_debug_entry(target);
1077 if (retval != ERROR_OK)
1078 return retval;
1079 }
1080
1081 return retval;
1082 }
1083
1084 static int cortex_a_post_debug_entry(struct target *target)
1085 {
1086 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1087 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1088 int retval;
1089
1090 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1091 retval = armv7a->arm.mrc(target, 15,
1092 0, 0, /* op1, op2 */
1093 1, 0, /* CRn, CRm */
1094 &cortex_a->cp15_control_reg);
1095 if (retval != ERROR_OK)
1096 return retval;
1097 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg);
1098 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
1099
1100 if (!armv7a->is_armv7r)
1101 armv7a_read_ttbcr(target);
1102
1103 if (armv7a->armv7a_mmu.armv7a_cache.info == -1)
1104 armv7a_identify_cache(target);
1105
1106 if (armv7a->is_armv7r) {
1107 armv7a->armv7a_mmu.mmu_enabled = 0;
1108 } else {
1109 armv7a->armv7a_mmu.mmu_enabled =
1110 (cortex_a->cp15_control_reg & 0x1U) ? 1 : 0;
1111 }
1112 armv7a->armv7a_mmu.armv7a_cache.d_u_cache_enabled =
1113 (cortex_a->cp15_control_reg & 0x4U) ? 1 : 0;
1114 armv7a->armv7a_mmu.armv7a_cache.i_cache_enabled =
1115 (cortex_a->cp15_control_reg & 0x1000U) ? 1 : 0;
1116 cortex_a->curr_mode = armv7a->arm.core_mode;
1117
1118 /* switch to SVC mode to read DACR */
1119 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
1120 armv7a->arm.mrc(target, 15,
1121 0, 0, 3, 0,
1122 &cortex_a->cp15_dacr_reg);
1123
1124 LOG_DEBUG("cp15_dacr_reg: %8.8" PRIx32,
1125 cortex_a->cp15_dacr_reg);
1126
1127 arm_dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1128 return ERROR_OK;
1129 }
1130
1131 static int cortex_a_set_dscr_bits(struct target *target,
1132 unsigned long bit_mask, unsigned long value)
1133 {
1134 struct armv7a_common *armv7a = target_to_armv7a(target);
1135 uint32_t dscr;
1136
1137 /* Read DSCR */
1138 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1139 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1140 if (ERROR_OK != retval)
1141 return retval;
1142
1143 /* clear bitfield */
1144 dscr &= ~bit_mask;
1145 /* put new value */
1146 dscr |= value & bit_mask;
1147
1148 /* write new DSCR */
1149 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1150 armv7a->debug_base + CPUDBG_DSCR, dscr);
1151 return retval;
1152 }
1153
1154 static int cortex_a_step(struct target *target, int current, target_addr_t address,
1155 int handle_breakpoints)
1156 {
1157 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1158 struct armv7a_common *armv7a = target_to_armv7a(target);
1159 struct arm *arm = &armv7a->arm;
1160 struct breakpoint *breakpoint = NULL;
1161 struct breakpoint stepbreakpoint;
1162 struct reg *r;
1163 int retval;
1164
1165 if (target->state != TARGET_HALTED) {
1166 LOG_WARNING("target not halted");
1167 return ERROR_TARGET_NOT_HALTED;
1168 }
1169
1170 /* current = 1: continue on current pc, otherwise continue at <address> */
1171 r = arm->pc;
1172 if (!current)
1173 buf_set_u32(r->value, 0, 32, address);
1174 else
1175 address = buf_get_u32(r->value, 0, 32);
1176
1177 /* The front-end may request us not to handle breakpoints.
1178 * But since Cortex-A uses breakpoint for single step,
1179 * we MUST handle breakpoints.
1180 */
1181 handle_breakpoints = 1;
1182 if (handle_breakpoints) {
1183 breakpoint = breakpoint_find(target, address);
1184 if (breakpoint)
1185 cortex_a_unset_breakpoint(target, breakpoint);
1186 }
1187
1188 /* Setup single step breakpoint */
1189 stepbreakpoint.address = address;
1190 stepbreakpoint.asid = 0;
1191 stepbreakpoint.length = (arm->core_state == ARM_STATE_THUMB)
1192 ? 2 : 4;
1193 stepbreakpoint.type = BKPT_HARD;
1194 stepbreakpoint.set = 0;
1195
1196 /* Disable interrupts during single step if requested */
1197 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1198 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, DSCR_INT_DIS);
1199 if (ERROR_OK != retval)
1200 return retval;
1201 }
1202
1203 /* Break on IVA mismatch */
1204 cortex_a_set_breakpoint(target, &stepbreakpoint, 0x04);
1205
1206 target->debug_reason = DBG_REASON_SINGLESTEP;
1207
1208 retval = cortex_a_resume(target, 1, address, 0, 0);
1209 if (retval != ERROR_OK)
1210 return retval;
1211
1212 int64_t then = timeval_ms();
1213 while (target->state != TARGET_HALTED) {
1214 retval = cortex_a_poll(target);
1215 if (retval != ERROR_OK)
1216 return retval;
1217 if (target->state == TARGET_HALTED)
1218 break;
1219 if (timeval_ms() > then + 1000) {
1220 LOG_ERROR("timeout waiting for target halt");
1221 return ERROR_FAIL;
1222 }
1223 }
1224
1225 cortex_a_unset_breakpoint(target, &stepbreakpoint);
1226
1227 /* Re-enable interrupts if they were disabled */
1228 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1229 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, 0);
1230 if (ERROR_OK != retval)
1231 return retval;
1232 }
1233
1234
1235 target->debug_reason = DBG_REASON_BREAKPOINT;
1236
1237 if (breakpoint)
1238 cortex_a_set_breakpoint(target, breakpoint, 0);
1239
1240 if (target->state != TARGET_HALTED)
1241 LOG_DEBUG("target stepped");
1242
1243 return ERROR_OK;
1244 }
1245
1246 static int cortex_a_restore_context(struct target *target, bool bpwp)
1247 {
1248 struct armv7a_common *armv7a = target_to_armv7a(target);
1249
1250 LOG_DEBUG(" ");
1251
1252 if (armv7a->pre_restore_context)
1253 armv7a->pre_restore_context(target);
1254
1255 return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1256 }
1257
1258 /*
1259 * Cortex-A Breakpoint and watchpoint functions
1260 */
1261
1262 /* Setup hardware Breakpoint Register Pair */
1263 static int cortex_a_set_breakpoint(struct target *target,
1264 struct breakpoint *breakpoint, uint8_t matchmode)
1265 {
1266 int retval;
1267 int brp_i = 0;
1268 uint32_t control;
1269 uint8_t byte_addr_select = 0x0F;
1270 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1271 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1272 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1273
1274 if (breakpoint->set) {
1275 LOG_WARNING("breakpoint already set");
1276 return ERROR_OK;
1277 }
1278
1279 if (breakpoint->type == BKPT_HARD) {
1280 while (brp_list[brp_i].used && (brp_i < cortex_a->brp_num))
1281 brp_i++;
1282 if (brp_i >= cortex_a->brp_num) {
1283 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1284 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1285 }
1286 breakpoint->set = brp_i + 1;
1287 if (breakpoint->length == 2)
1288 byte_addr_select = (3 << (breakpoint->address & 0x02));
1289 control = ((matchmode & 0x7) << 20)
1290 | (byte_addr_select << 5)
1291 | (3 << 1) | 1;
1292 brp_list[brp_i].used = 1;
1293 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1294 brp_list[brp_i].control = control;
1295 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1296 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1297 brp_list[brp_i].value);
1298 if (retval != ERROR_OK)
1299 return retval;
1300 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1301 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1302 brp_list[brp_i].control);
1303 if (retval != ERROR_OK)
1304 return retval;
1305 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1306 brp_list[brp_i].control,
1307 brp_list[brp_i].value);
1308 } else if (breakpoint->type == BKPT_SOFT) {
1309 uint8_t code[4];
1310 /* length == 2: Thumb breakpoint */
1311 if (breakpoint->length == 2)
1312 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1313 else
1314 /* length == 3: Thumb-2 breakpoint, actual encoding is
1315 * a regular Thumb BKPT instruction but we replace a
1316 * 32bit Thumb-2 instruction, so fix-up the breakpoint
1317 * length
1318 */
1319 if (breakpoint->length == 3) {
1320 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1321 breakpoint->length = 4;
1322 } else
1323 /* length == 4, normal ARM breakpoint */
1324 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1325
1326 retval = target_read_memory(target,
1327 breakpoint->address & 0xFFFFFFFE,
1328 breakpoint->length, 1,
1329 breakpoint->orig_instr);
1330 if (retval != ERROR_OK)
1331 return retval;
1332
1333 /* make sure data cache is cleaned & invalidated down to PoC */
1334 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1335 armv7a_cache_flush_virt(target, breakpoint->address,
1336 breakpoint->length);
1337 }
1338
1339 retval = target_write_memory(target,
1340 breakpoint->address & 0xFFFFFFFE,
1341 breakpoint->length, 1, code);
1342 if (retval != ERROR_OK)
1343 return retval;
1344
1345 /* update i-cache at breakpoint location */
1346 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1347 breakpoint->length);
1348 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1349 breakpoint->length);
1350
1351 breakpoint->set = 0x11; /* Any nice value but 0 */
1352 }
1353
1354 return ERROR_OK;
1355 }
1356
1357 static int cortex_a_set_context_breakpoint(struct target *target,
1358 struct breakpoint *breakpoint, uint8_t matchmode)
1359 {
1360 int retval = ERROR_FAIL;
1361 int brp_i = 0;
1362 uint32_t control;
1363 uint8_t byte_addr_select = 0x0F;
1364 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1365 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1366 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1367
1368 if (breakpoint->set) {
1369 LOG_WARNING("breakpoint already set");
1370 return retval;
1371 }
1372 /*check available context BRPs*/
1373 while ((brp_list[brp_i].used ||
1374 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < cortex_a->brp_num))
1375 brp_i++;
1376
1377 if (brp_i >= cortex_a->brp_num) {
1378 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1379 return ERROR_FAIL;
1380 }
1381
1382 breakpoint->set = brp_i + 1;
1383 control = ((matchmode & 0x7) << 20)
1384 | (byte_addr_select << 5)
1385 | (3 << 1) | 1;
1386 brp_list[brp_i].used = 1;
1387 brp_list[brp_i].value = (breakpoint->asid);
1388 brp_list[brp_i].control = control;
1389 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1390 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1391 brp_list[brp_i].value);
1392 if (retval != ERROR_OK)
1393 return retval;
1394 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1395 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1396 brp_list[brp_i].control);
1397 if (retval != ERROR_OK)
1398 return retval;
1399 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1400 brp_list[brp_i].control,
1401 brp_list[brp_i].value);
1402 return ERROR_OK;
1403
1404 }
1405
1406 static int cortex_a_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1407 {
1408 int retval = ERROR_FAIL;
1409 int brp_1 = 0; /* holds the contextID pair */
1410 int brp_2 = 0; /* holds the IVA pair */
1411 uint32_t control_CTX, control_IVA;
1412 uint8_t CTX_byte_addr_select = 0x0F;
1413 uint8_t IVA_byte_addr_select = 0x0F;
1414 uint8_t CTX_machmode = 0x03;
1415 uint8_t IVA_machmode = 0x01;
1416 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1417 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1418 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1419
1420 if (breakpoint->set) {
1421 LOG_WARNING("breakpoint already set");
1422 return retval;
1423 }
1424 /*check available context BRPs*/
1425 while ((brp_list[brp_1].used ||
1426 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < cortex_a->brp_num))
1427 brp_1++;
1428
1429 printf("brp(CTX) found num: %d\n", brp_1);
1430 if (brp_1 >= cortex_a->brp_num) {
1431 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1432 return ERROR_FAIL;
1433 }
1434
1435 while ((brp_list[brp_2].used ||
1436 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < cortex_a->brp_num))
1437 brp_2++;
1438
1439 printf("brp(IVA) found num: %d\n", brp_2);
1440 if (brp_2 >= cortex_a->brp_num) {
1441 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1442 return ERROR_FAIL;
1443 }
1444
1445 breakpoint->set = brp_1 + 1;
1446 breakpoint->linked_BRP = brp_2;
1447 control_CTX = ((CTX_machmode & 0x7) << 20)
1448 | (brp_2 << 16)
1449 | (0 << 14)
1450 | (CTX_byte_addr_select << 5)
1451 | (3 << 1) | 1;
1452 brp_list[brp_1].used = 1;
1453 brp_list[brp_1].value = (breakpoint->asid);
1454 brp_list[brp_1].control = control_CTX;
1455 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1456 + CPUDBG_BVR_BASE + 4 * brp_list[brp_1].BRPn,
1457 brp_list[brp_1].value);
1458 if (retval != ERROR_OK)
1459 return retval;
1460 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1461 + CPUDBG_BCR_BASE + 4 * brp_list[brp_1].BRPn,
1462 brp_list[brp_1].control);
1463 if (retval != ERROR_OK)
1464 return retval;
1465
1466 control_IVA = ((IVA_machmode & 0x7) << 20)
1467 | (brp_1 << 16)
1468 | (IVA_byte_addr_select << 5)
1469 | (3 << 1) | 1;
1470 brp_list[brp_2].used = 1;
1471 brp_list[brp_2].value = (breakpoint->address & 0xFFFFFFFC);
1472 brp_list[brp_2].control = control_IVA;
1473 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1474 + CPUDBG_BVR_BASE + 4 * brp_list[brp_2].BRPn,
1475 brp_list[brp_2].value);
1476 if (retval != ERROR_OK)
1477 return retval;
1478 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1479 + CPUDBG_BCR_BASE + 4 * brp_list[brp_2].BRPn,
1480 brp_list[brp_2].control);
1481 if (retval != ERROR_OK)
1482 return retval;
1483
1484 return ERROR_OK;
1485 }
1486
1487 static int cortex_a_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1488 {
1489 int retval;
1490 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1491 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1492 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1493
1494 if (!breakpoint->set) {
1495 LOG_WARNING("breakpoint not set");
1496 return ERROR_OK;
1497 }
1498
1499 if (breakpoint->type == BKPT_HARD) {
1500 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1501 int brp_i = breakpoint->set - 1;
1502 int brp_j = breakpoint->linked_BRP;
1503 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1504 LOG_DEBUG("Invalid BRP number in breakpoint");
1505 return ERROR_OK;
1506 }
1507 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1508 brp_list[brp_i].control, brp_list[brp_i].value);
1509 brp_list[brp_i].used = 0;
1510 brp_list[brp_i].value = 0;
1511 brp_list[brp_i].control = 0;
1512 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1513 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1514 brp_list[brp_i].control);
1515 if (retval != ERROR_OK)
1516 return retval;
1517 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1518 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1519 brp_list[brp_i].value);
1520 if (retval != ERROR_OK)
1521 return retval;
1522 if ((brp_j < 0) || (brp_j >= cortex_a->brp_num)) {
1523 LOG_DEBUG("Invalid BRP number in breakpoint");
1524 return ERROR_OK;
1525 }
1526 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_j,
1527 brp_list[brp_j].control, brp_list[brp_j].value);
1528 brp_list[brp_j].used = 0;
1529 brp_list[brp_j].value = 0;
1530 brp_list[brp_j].control = 0;
1531 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1532 + CPUDBG_BCR_BASE + 4 * brp_list[brp_j].BRPn,
1533 brp_list[brp_j].control);
1534 if (retval != ERROR_OK)
1535 return retval;
1536 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1537 + CPUDBG_BVR_BASE + 4 * brp_list[brp_j].BRPn,
1538 brp_list[brp_j].value);
1539 if (retval != ERROR_OK)
1540 return retval;
1541 breakpoint->linked_BRP = 0;
1542 breakpoint->set = 0;
1543 return ERROR_OK;
1544
1545 } else {
1546 int brp_i = breakpoint->set - 1;
1547 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1548 LOG_DEBUG("Invalid BRP number in breakpoint");
1549 return ERROR_OK;
1550 }
1551 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1552 brp_list[brp_i].control, brp_list[brp_i].value);
1553 brp_list[brp_i].used = 0;
1554 brp_list[brp_i].value = 0;
1555 brp_list[brp_i].control = 0;
1556 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1557 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1558 brp_list[brp_i].control);
1559 if (retval != ERROR_OK)
1560 return retval;
1561 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1562 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1563 brp_list[brp_i].value);
1564 if (retval != ERROR_OK)
1565 return retval;
1566 breakpoint->set = 0;
1567 return ERROR_OK;
1568 }
1569 } else {
1570
1571 /* make sure data cache is cleaned & invalidated down to PoC */
1572 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1573 armv7a_cache_flush_virt(target, breakpoint->address,
1574 breakpoint->length);
1575 }
1576
1577 /* restore original instruction (kept in target endianness) */
1578 if (breakpoint->length == 4) {
1579 retval = target_write_memory(target,
1580 breakpoint->address & 0xFFFFFFFE,
1581 4, 1, breakpoint->orig_instr);
1582 if (retval != ERROR_OK)
1583 return retval;
1584 } else {
1585 retval = target_write_memory(target,
1586 breakpoint->address & 0xFFFFFFFE,
1587 2, 1, breakpoint->orig_instr);
1588 if (retval != ERROR_OK)
1589 return retval;
1590 }
1591
1592 /* update i-cache at breakpoint location */
1593 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1594 breakpoint->length);
1595 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1596 breakpoint->length);
1597 }
1598 breakpoint->set = 0;
1599
1600 return ERROR_OK;
1601 }
1602
1603 static int cortex_a_add_breakpoint(struct target *target,
1604 struct breakpoint *breakpoint)
1605 {
1606 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1607
1608 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1609 LOG_INFO("no hardware breakpoint available");
1610 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1611 }
1612
1613 if (breakpoint->type == BKPT_HARD)
1614 cortex_a->brp_num_available--;
1615
1616 return cortex_a_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1617 }
1618
1619 static int cortex_a_add_context_breakpoint(struct target *target,
1620 struct breakpoint *breakpoint)
1621 {
1622 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1623
1624 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1625 LOG_INFO("no hardware breakpoint available");
1626 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1627 }
1628
1629 if (breakpoint->type == BKPT_HARD)
1630 cortex_a->brp_num_available--;
1631
1632 return cortex_a_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1633 }
1634
1635 static int cortex_a_add_hybrid_breakpoint(struct target *target,
1636 struct breakpoint *breakpoint)
1637 {
1638 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1639
1640 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1641 LOG_INFO("no hardware breakpoint available");
1642 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1643 }
1644
1645 if (breakpoint->type == BKPT_HARD)
1646 cortex_a->brp_num_available--;
1647
1648 return cortex_a_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1649 }
1650
1651
1652 static int cortex_a_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1653 {
1654 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1655
1656 #if 0
1657 /* It is perfectly possible to remove breakpoints while the target is running */
1658 if (target->state != TARGET_HALTED) {
1659 LOG_WARNING("target not halted");
1660 return ERROR_TARGET_NOT_HALTED;
1661 }
1662 #endif
1663
1664 if (breakpoint->set) {
1665 cortex_a_unset_breakpoint(target, breakpoint);
1666 if (breakpoint->type == BKPT_HARD)
1667 cortex_a->brp_num_available++;
1668 }
1669
1670
1671 return ERROR_OK;
1672 }
1673
1674 /**
1675 * Sets a watchpoint for an Cortex-A target in one of the watchpoint units. It is
1676 * considered a bug to call this function when there are no available watchpoint
1677 * units.
1678 *
1679 * @param target Pointer to an Cortex-A target to set a watchpoint on
1680 * @param watchpoint Pointer to the watchpoint to be set
1681 * @return Error status if watchpoint set fails or the result of executing the
1682 * JTAG queue
1683 */
1684 static int cortex_a_set_watchpoint(struct target *target, struct watchpoint *watchpoint)
1685 {
1686 int retval = ERROR_OK;
1687 int wrp_i = 0;
1688 uint32_t control;
1689 uint8_t address_mask = ilog2(watchpoint->length);
1690 uint8_t byte_address_select = 0xFF;
1691 uint8_t load_store_access_control = 0x3;
1692 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1693 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1694 struct cortex_a_wrp *wrp_list = cortex_a->wrp_list;
1695
1696 if (watchpoint->set) {
1697 LOG_WARNING("watchpoint already set");
1698 return retval;
1699 }
1700
1701 /* check available context WRPs */
1702 while (wrp_list[wrp_i].used && (wrp_i < cortex_a->wrp_num))
1703 wrp_i++;
1704
1705 if (wrp_i >= cortex_a->wrp_num) {
1706 LOG_ERROR("ERROR Can not find free Watchpoint Register Pair");
1707 return ERROR_FAIL;
1708 }
1709
1710 if (address_mask == 0x1 || address_mask == 0x2) {
1711 LOG_WARNING("length must be a power of 2 and different than 2 and 4");
1712 return ERROR_FAIL;
1713 }
1714
1715 watchpoint->set = wrp_i + 1;
1716 control = (address_mask << 24) |
1717 (byte_address_select << 5) |
1718 (load_store_access_control << 3) |
1719 (0x3 << 1) | 1;
1720 wrp_list[wrp_i].used = 1;
1721 wrp_list[wrp_i].value = (watchpoint->address & 0xFFFFFFFC);
1722 wrp_list[wrp_i].control = control;
1723
1724 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1725 + CPUDBG_WVR_BASE + 4 * wrp_list[wrp_i].WRPn,
1726 wrp_list[wrp_i].value);
1727 if (retval != ERROR_OK)
1728 return retval;
1729
1730 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1731 + CPUDBG_WCR_BASE + 4 * wrp_list[wrp_i].WRPn,
1732 wrp_list[wrp_i].control);
1733 if (retval != ERROR_OK)
1734 return retval;
1735
1736 LOG_DEBUG("wp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, wrp_i,
1737 wrp_list[wrp_i].control,
1738 wrp_list[wrp_i].value);
1739
1740 return ERROR_OK;
1741 }
1742
1743 /**
1744 * Unset an existing watchpoint and clear the used watchpoint unit.
1745 *
1746 * @param target Pointer to the target to have the watchpoint removed
1747 * @param watchpoint Pointer to the watchpoint to be removed
1748 * @return Error status while trying to unset the watchpoint or the result of
1749 * executing the JTAG queue
1750 */
1751 static int cortex_a_unset_watchpoint(struct target *target, struct watchpoint *watchpoint)
1752 {
1753 int retval;
1754 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1755 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1756 struct cortex_a_wrp *wrp_list = cortex_a->wrp_list;
1757
1758 if (!watchpoint->set) {
1759 LOG_WARNING("watchpoint not set");
1760 return ERROR_OK;
1761 }
1762
1763 int wrp_i = watchpoint->set - 1;
1764 if (wrp_i < 0 || wrp_i >= cortex_a->wrp_num) {
1765 LOG_DEBUG("Invalid WRP number in watchpoint");
1766 return ERROR_OK;
1767 }
1768 LOG_DEBUG("wrp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, wrp_i,
1769 wrp_list[wrp_i].control, wrp_list[wrp_i].value);
1770 wrp_list[wrp_i].used = 0;
1771 wrp_list[wrp_i].value = 0;
1772 wrp_list[wrp_i].control = 0;
1773 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1774 + CPUDBG_WCR_BASE + 4 * wrp_list[wrp_i].WRPn,
1775 wrp_list[wrp_i].control);
1776 if (retval != ERROR_OK)
1777 return retval;
1778 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1779 + CPUDBG_WVR_BASE + 4 * wrp_list[wrp_i].WRPn,
1780 wrp_list[wrp_i].value);
1781 if (retval != ERROR_OK)
1782 return retval;
1783 watchpoint->set = 0;
1784
1785 return ERROR_OK;
1786 }
1787
1788 /**
1789 * Add a watchpoint to an Cortex-A target. If there are no watchpoint units
1790 * available, an error response is returned.
1791 *
1792 * @param target Pointer to the Cortex-A target to add a watchpoint to
1793 * @param watchpoint Pointer to the watchpoint to be added
1794 * @return Error status while trying to add the watchpoint
1795 */
1796 static int cortex_a_add_watchpoint(struct target *target, struct watchpoint *watchpoint)
1797 {
1798 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1799
1800 if (cortex_a->wrp_num_available < 1) {
1801 LOG_INFO("no hardware watchpoint available");
1802 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1803 }
1804
1805 int retval = cortex_a_set_watchpoint(target, watchpoint);
1806 if (retval != ERROR_OK)
1807 return retval;
1808
1809 cortex_a->wrp_num_available--;
1810 return ERROR_OK;
1811 }
1812
1813 /**
1814 * Remove a watchpoint from an Cortex-A target. The watchpoint will be unset and
1815 * the used watchpoint unit will be reopened.
1816 *
1817 * @param target Pointer to the target to remove a watchpoint from
1818 * @param watchpoint Pointer to the watchpoint to be removed
1819 * @return Result of trying to unset the watchpoint
1820 */
1821 static int cortex_a_remove_watchpoint(struct target *target, struct watchpoint *watchpoint)
1822 {
1823 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1824
1825 if (watchpoint->set) {
1826 cortex_a->wrp_num_available++;
1827 cortex_a_unset_watchpoint(target, watchpoint);
1828 }
1829 return ERROR_OK;
1830 }
1831
1832
1833 /*
1834 * Cortex-A Reset functions
1835 */
1836
1837 static int cortex_a_assert_reset(struct target *target)
1838 {
1839 struct armv7a_common *armv7a = target_to_armv7a(target);
1840
1841 LOG_DEBUG(" ");
1842
1843 /* FIXME when halt is requested, make it work somehow... */
1844
1845 /* This function can be called in "target not examined" state */
1846
1847 /* Issue some kind of warm reset. */
1848 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1849 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1850 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1851 /* REVISIT handle "pulls" cases, if there's
1852 * hardware that needs them to work.
1853 */
1854
1855 /*
1856 * FIXME: fix reset when transport is not JTAG. This is a temporary
1857 * work-around for release v0.10 that is not intended to stay!
1858 */
1859 if (!transport_is_jtag() ||
1860 (target->reset_halt && (jtag_get_reset_config() & RESET_SRST_NO_GATING)))
1861 adapter_assert_reset();
1862
1863 } else {
1864 LOG_ERROR("%s: how to reset?", target_name(target));
1865 return ERROR_FAIL;
1866 }
1867
1868 /* registers are now invalid */
1869 if (target_was_examined(target))
1870 register_cache_invalidate(armv7a->arm.core_cache);
1871
1872 target->state = TARGET_RESET;
1873
1874 return ERROR_OK;
1875 }
1876
1877 static int cortex_a_deassert_reset(struct target *target)
1878 {
1879 struct armv7a_common *armv7a = target_to_armv7a(target);
1880 int retval;
1881
1882 LOG_DEBUG(" ");
1883
1884 /* be certain SRST is off */
1885 adapter_deassert_reset();
1886
1887 if (target_was_examined(target)) {
1888 retval = cortex_a_poll(target);
1889 if (retval != ERROR_OK)
1890 return retval;
1891 }
1892
1893 if (target->reset_halt) {
1894 if (target->state != TARGET_HALTED) {
1895 LOG_WARNING("%s: ran after reset and before halt ...",
1896 target_name(target));
1897 if (target_was_examined(target)) {
1898 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1899 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
1900 if (retval != ERROR_OK)
1901 return retval;
1902 } else
1903 target->state = TARGET_UNKNOWN;
1904 }
1905 }
1906
1907 return ERROR_OK;
1908 }
1909
1910 static int cortex_a_set_dcc_mode(struct target *target, uint32_t mode, uint32_t *dscr)
1911 {
1912 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1913 * New desired mode must be in mode. Current value of DSCR must be in
1914 * *dscr, which is updated with new value.
1915 *
1916 * This function elides actually sending the mode-change over the debug
1917 * interface if the mode is already set as desired.
1918 */
1919 uint32_t new_dscr = (*dscr & ~DSCR_EXT_DCC_MASK) | mode;
1920 if (new_dscr != *dscr) {
1921 struct armv7a_common *armv7a = target_to_armv7a(target);
1922 int retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1923 armv7a->debug_base + CPUDBG_DSCR, new_dscr);
1924 if (retval == ERROR_OK)
1925 *dscr = new_dscr;
1926 return retval;
1927 } else {
1928 return ERROR_OK;
1929 }
1930 }
1931
1932 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
1933 uint32_t value, uint32_t *dscr)
1934 {
1935 /* Waits until the specified bit(s) of DSCR take on a specified value. */
1936 struct armv7a_common *armv7a = target_to_armv7a(target);
1937 int64_t then;
1938 int retval;
1939
1940 if ((*dscr & mask) == value)
1941 return ERROR_OK;
1942
1943 then = timeval_ms();
1944 while (1) {
1945 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1946 armv7a->debug_base + CPUDBG_DSCR, dscr);
1947 if (retval != ERROR_OK) {
1948 LOG_ERROR("Could not read DSCR register");
1949 return retval;
1950 }
1951 if ((*dscr & mask) == value)
1952 break;
1953 if (timeval_ms() > then + 1000) {
1954 LOG_ERROR("timeout waiting for DSCR bit change");
1955 return ERROR_FAIL;
1956 }
1957 }
1958 return ERROR_OK;
1959 }
1960
1961 static int cortex_a_read_copro(struct target *target, uint32_t opcode,
1962 uint32_t *data, uint32_t *dscr)
1963 {
1964 int retval;
1965 struct armv7a_common *armv7a = target_to_armv7a(target);
1966
1967 /* Move from coprocessor to R0. */
1968 retval = cortex_a_exec_opcode(target, opcode, dscr);
1969 if (retval != ERROR_OK)
1970 return retval;
1971
1972 /* Move from R0 to DTRTX. */
1973 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr);
1974 if (retval != ERROR_OK)
1975 return retval;
1976
1977 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
1978 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
1979 * must also check TXfull_l). Most of the time this will be free
1980 * because TXfull_l will be set immediately and cached in dscr. */
1981 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
1982 DSCR_DTRTX_FULL_LATCHED, dscr);
1983 if (retval != ERROR_OK)
1984 return retval;
1985
1986 /* Read the value transferred to DTRTX. */
1987 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1988 armv7a->debug_base + CPUDBG_DTRTX, data);
1989 if (retval != ERROR_OK)
1990 return retval;
1991
1992 return ERROR_OK;
1993 }
1994
1995 static int cortex_a_read_dfar_dfsr(struct target *target, uint32_t *dfar,
1996 uint32_t *dfsr, uint32_t *dscr)
1997 {
1998 int retval;
1999
2000 if (dfar) {
2001 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar, dscr);
2002 if (retval != ERROR_OK)
2003 return retval;
2004 }
2005
2006 if (dfsr) {
2007 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr, dscr);
2008 if (retval != ERROR_OK)
2009 return retval;
2010 }
2011
2012 return ERROR_OK;
2013 }
2014
2015 static int cortex_a_write_copro(struct target *target, uint32_t opcode,
2016 uint32_t data, uint32_t *dscr)
2017 {
2018 int retval;
2019 struct armv7a_common *armv7a = target_to_armv7a(target);
2020
2021 /* Write the value into DTRRX. */
2022 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2023 armv7a->debug_base + CPUDBG_DTRRX, data);
2024 if (retval != ERROR_OK)
2025 return retval;
2026
2027 /* Move from DTRRX to R0. */
2028 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr);
2029 if (retval != ERROR_OK)
2030 return retval;
2031
2032 /* Move from R0 to coprocessor. */
2033 retval = cortex_a_exec_opcode(target, opcode, dscr);
2034 if (retval != ERROR_OK)
2035 return retval;
2036
2037 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2038 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2039 * check RXfull_l). Most of the time this will be free because RXfull_l
2040 * will be cleared immediately and cached in dscr. */
2041 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2042 if (retval != ERROR_OK)
2043 return retval;
2044
2045 return ERROR_OK;
2046 }
2047
2048 static int cortex_a_write_dfar_dfsr(struct target *target, uint32_t dfar,
2049 uint32_t dfsr, uint32_t *dscr)
2050 {
2051 int retval;
2052
2053 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar, dscr);
2054 if (retval != ERROR_OK)
2055 return retval;
2056
2057 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr, dscr);
2058 if (retval != ERROR_OK)
2059 return retval;
2060
2061 return ERROR_OK;
2062 }
2063
2064 static int cortex_a_dfsr_to_error_code(uint32_t dfsr)
2065 {
2066 uint32_t status, upper4;
2067
2068 if (dfsr & (1 << 9)) {
2069 /* LPAE format. */
2070 status = dfsr & 0x3f;
2071 upper4 = status >> 2;
2072 if (upper4 == 1 || upper4 == 2 || upper4 == 3 || upper4 == 15)
2073 return ERROR_TARGET_TRANSLATION_FAULT;
2074 else if (status == 33)
2075 return ERROR_TARGET_UNALIGNED_ACCESS;
2076 else
2077 return ERROR_TARGET_DATA_ABORT;
2078 } else {
2079 /* Normal format. */
2080 status = ((dfsr >> 6) & 0x10) | (dfsr & 0xf);
2081 if (status == 1)
2082 return ERROR_TARGET_UNALIGNED_ACCESS;
2083 else if (status == 5 || status == 7 || status == 3 || status == 6 ||
2084 status == 9 || status == 11 || status == 13 || status == 15)
2085 return ERROR_TARGET_TRANSLATION_FAULT;
2086 else
2087 return ERROR_TARGET_DATA_ABORT;
2088 }
2089 }
2090
2091 static int cortex_a_write_cpu_memory_slow(struct target *target,
2092 uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2093 {
2094 /* Writes count objects of size size from *buffer. Old value of DSCR must
2095 * be in *dscr; updated to new value. This is slow because it works for
2096 * non-word-sized objects. Avoid unaligned accesses as they do not work
2097 * on memory address space without "Normal" attribute. If size == 4 and
2098 * the address is aligned, cortex_a_write_cpu_memory_fast should be
2099 * preferred.
2100 * Preconditions:
2101 * - Address is in R0.
2102 * - R0 is marked dirty.
2103 */
2104 struct armv7a_common *armv7a = target_to_armv7a(target);
2105 struct arm *arm = &armv7a->arm;
2106 int retval;
2107
2108 /* Mark register R1 as dirty, to use for transferring data. */
2109 arm_reg_current(arm, 1)->dirty = true;
2110
2111 /* Switch to non-blocking mode if not already in that mode. */
2112 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2113 if (retval != ERROR_OK)
2114 return retval;
2115
2116 /* Go through the objects. */
2117 while (count) {
2118 /* Write the value to store into DTRRX. */
2119 uint32_t data, opcode;
2120 if (size == 1)
2121 data = *buffer;
2122 else if (size == 2)
2123 data = target_buffer_get_u16(target, buffer);
2124 else
2125 data = target_buffer_get_u32(target, buffer);
2126 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2127 armv7a->debug_base + CPUDBG_DTRRX, data);
2128 if (retval != ERROR_OK)
2129 return retval;
2130
2131 /* Transfer the value from DTRRX to R1. */
2132 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr);
2133 if (retval != ERROR_OK)
2134 return retval;
2135
2136 /* Write the value transferred to R1 into memory. */
2137 if (size == 1)
2138 opcode = ARMV4_5_STRB_IP(1, 0);
2139 else if (size == 2)
2140 opcode = ARMV4_5_STRH_IP(1, 0);
2141 else
2142 opcode = ARMV4_5_STRW_IP(1, 0);
2143 retval = cortex_a_exec_opcode(target, opcode, dscr);
2144 if (retval != ERROR_OK)
2145 return retval;
2146
2147 /* Check for faults and return early. */
2148 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2149 return ERROR_OK; /* A data fault is not considered a system failure. */
2150
2151 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
2152 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2153 * must also check RXfull_l). Most of the time this will be free
2154 * because RXfull_l will be cleared immediately and cached in dscr. */
2155 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2156 if (retval != ERROR_OK)
2157 return retval;
2158
2159 /* Advance. */
2160 buffer += size;
2161 --count;
2162 }
2163
2164 return ERROR_OK;
2165 }
2166
2167 static int cortex_a_write_cpu_memory_fast(struct target *target,
2168 uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2169 {
2170 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2171 * in *dscr; updated to new value. This is fast but only works for
2172 * word-sized objects at aligned addresses.
2173 * Preconditions:
2174 * - Address is in R0 and must be a multiple of 4.
2175 * - R0 is marked dirty.
2176 */
2177 struct armv7a_common *armv7a = target_to_armv7a(target);
2178 int retval;
2179
2180 /* Switch to fast mode if not already in that mode. */
2181 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2182 if (retval != ERROR_OK)
2183 return retval;
2184
2185 /* Latch STC instruction. */
2186 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2187 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2188 if (retval != ERROR_OK)
2189 return retval;
2190
2191 /* Transfer all the data and issue all the instructions. */
2192 return mem_ap_write_buf_noincr(armv7a->debug_ap, buffer,
2193 4, count, armv7a->debug_base + CPUDBG_DTRRX);
2194 }
2195
2196 static int cortex_a_write_cpu_memory(struct target *target,
2197 uint32_t address, uint32_t size,
2198 uint32_t count, const uint8_t *buffer)
2199 {
2200 /* Write memory through the CPU. */
2201 int retval, final_retval;
2202 struct armv7a_common *armv7a = target_to_armv7a(target);
2203 struct arm *arm = &armv7a->arm;
2204 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2205
2206 LOG_DEBUG("Writing CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2207 address, size, count);
2208 if (target->state != TARGET_HALTED) {
2209 LOG_WARNING("target not halted");
2210 return ERROR_TARGET_NOT_HALTED;
2211 }
2212
2213 if (!count)
2214 return ERROR_OK;
2215
2216 /* Clear any abort. */
2217 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2218 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2219 if (retval != ERROR_OK)
2220 return retval;
2221
2222 /* Read DSCR. */
2223 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2224 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2225 if (retval != ERROR_OK)
2226 return retval;
2227
2228 /* Switch to non-blocking mode if not already in that mode. */
2229 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2230 if (retval != ERROR_OK)
2231 goto out;
2232
2233 /* Mark R0 as dirty. */
2234 arm_reg_current(arm, 0)->dirty = true;
2235
2236 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2237 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2238 if (retval != ERROR_OK)
2239 goto out;
2240
2241 /* Get the memory address into R0. */
2242 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2243 armv7a->debug_base + CPUDBG_DTRRX, address);
2244 if (retval != ERROR_OK)
2245 goto out;
2246 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2247 if (retval != ERROR_OK)
2248 goto out;
2249
2250 if (size == 4 && (address % 4) == 0) {
2251 /* We are doing a word-aligned transfer, so use fast mode. */
2252 retval = cortex_a_write_cpu_memory_fast(target, count, buffer, &dscr);
2253 } else {
2254 /* Use slow path. Adjust size for aligned accesses */
2255 switch (address % 4) {
2256 case 1:
2257 case 3:
2258 count *= size;
2259 size = 1;
2260 break;
2261 case 2:
2262 if (size == 4) {
2263 count *= 2;
2264 size = 2;
2265 }
2266 case 0:
2267 default:
2268 break;
2269 }
2270 retval = cortex_a_write_cpu_memory_slow(target, size, count, buffer, &dscr);
2271 }
2272
2273 out:
2274 final_retval = retval;
2275
2276 /* Switch to non-blocking mode if not already in that mode. */
2277 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2278 if (final_retval == ERROR_OK)
2279 final_retval = retval;
2280
2281 /* Wait for last issued instruction to complete. */
2282 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2283 if (final_retval == ERROR_OK)
2284 final_retval = retval;
2285
2286 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2287 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2288 * check RXfull_l). Most of the time this will be free because RXfull_l
2289 * will be cleared immediately and cached in dscr. However, don't do this
2290 * if there is fault, because then the instruction might not have completed
2291 * successfully. */
2292 if (!(dscr & DSCR_STICKY_ABORT_PRECISE)) {
2293 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, &dscr);
2294 if (retval != ERROR_OK)
2295 return retval;
2296 }
2297
2298 /* If there were any sticky abort flags, clear them. */
2299 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2300 fault_dscr = dscr;
2301 mem_ap_write_atomic_u32(armv7a->debug_ap,
2302 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2303 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2304 } else {
2305 fault_dscr = 0;
2306 }
2307
2308 /* Handle synchronous data faults. */
2309 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2310 if (final_retval == ERROR_OK) {
2311 /* Final return value will reflect cause of fault. */
2312 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2313 if (retval == ERROR_OK) {
2314 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2315 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2316 } else
2317 final_retval = retval;
2318 }
2319 /* Fault destroyed DFAR/DFSR; restore them. */
2320 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2321 if (retval != ERROR_OK)
2322 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2323 }
2324
2325 /* Handle asynchronous data faults. */
2326 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2327 if (final_retval == ERROR_OK)
2328 /* No other error has been recorded so far, so keep this one. */
2329 final_retval = ERROR_TARGET_DATA_ABORT;
2330 }
2331
2332 /* If the DCC is nonempty, clear it. */
2333 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2334 uint32_t dummy;
2335 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2336 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2337 if (final_retval == ERROR_OK)
2338 final_retval = retval;
2339 }
2340 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2341 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2342 if (final_retval == ERROR_OK)
2343 final_retval = retval;
2344 }
2345
2346 /* Done. */
2347 return final_retval;
2348 }
2349
2350 static int cortex_a_read_cpu_memory_slow(struct target *target,
2351 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
2352 {
2353 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2354 * in *dscr; updated to new value. This is slow because it works for
2355 * non-word-sized objects. Avoid unaligned accesses as they do not work
2356 * on memory address space without "Normal" attribute. If size == 4 and
2357 * the address is aligned, cortex_a_read_cpu_memory_fast should be
2358 * preferred.
2359 * Preconditions:
2360 * - Address is in R0.
2361 * - R0 is marked dirty.
2362 */
2363 struct armv7a_common *armv7a = target_to_armv7a(target);
2364 struct arm *arm = &armv7a->arm;
2365 int retval;
2366
2367 /* Mark register R1 as dirty, to use for transferring data. */
2368 arm_reg_current(arm, 1)->dirty = true;
2369
2370 /* Switch to non-blocking mode if not already in that mode. */
2371 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2372 if (retval != ERROR_OK)
2373 return retval;
2374
2375 /* Go through the objects. */
2376 while (count) {
2377 /* Issue a load of the appropriate size to R1. */
2378 uint32_t opcode, data;
2379 if (size == 1)
2380 opcode = ARMV4_5_LDRB_IP(1, 0);
2381 else if (size == 2)
2382 opcode = ARMV4_5_LDRH_IP(1, 0);
2383 else
2384 opcode = ARMV4_5_LDRW_IP(1, 0);
2385 retval = cortex_a_exec_opcode(target, opcode, dscr);
2386 if (retval != ERROR_OK)
2387 return retval;
2388
2389 /* Issue a write of R1 to DTRTX. */
2390 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr);
2391 if (retval != ERROR_OK)
2392 return retval;
2393
2394 /* Check for faults and return early. */
2395 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2396 return ERROR_OK; /* A data fault is not considered a system failure. */
2397
2398 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2399 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2400 * must also check TXfull_l). Most of the time this will be free
2401 * because TXfull_l will be set immediately and cached in dscr. */
2402 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2403 DSCR_DTRTX_FULL_LATCHED, dscr);
2404 if (retval != ERROR_OK)
2405 return retval;
2406
2407 /* Read the value transferred to DTRTX into the buffer. */
2408 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2409 armv7a->debug_base + CPUDBG_DTRTX, &data);
2410 if (retval != ERROR_OK)
2411 return retval;
2412 if (size == 1)
2413 *buffer = (uint8_t) data;
2414 else if (size == 2)
2415 target_buffer_set_u16(target, buffer, (uint16_t) data);
2416 else
2417 target_buffer_set_u32(target, buffer, data);
2418
2419 /* Advance. */
2420 buffer += size;
2421 --count;
2422 }
2423
2424 return ERROR_OK;
2425 }
2426
2427 static int cortex_a_read_cpu_memory_fast(struct target *target,
2428 uint32_t count, uint8_t *buffer, uint32_t *dscr)
2429 {
2430 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2431 * *dscr; updated to new value. This is fast but only works for word-sized
2432 * objects at aligned addresses.
2433 * Preconditions:
2434 * - Address is in R0 and must be a multiple of 4.
2435 * - R0 is marked dirty.
2436 */
2437 struct armv7a_common *armv7a = target_to_armv7a(target);
2438 uint32_t u32;
2439 int retval;
2440
2441 /* Switch to non-blocking mode if not already in that mode. */
2442 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2443 if (retval != ERROR_OK)
2444 return retval;
2445
2446 /* Issue the LDC instruction via a write to ITR. */
2447 retval = cortex_a_exec_opcode(target, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr);
2448 if (retval != ERROR_OK)
2449 return retval;
2450
2451 count--;
2452
2453 if (count > 0) {
2454 /* Switch to fast mode if not already in that mode. */
2455 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2456 if (retval != ERROR_OK)
2457 return retval;
2458
2459 /* Latch LDC instruction. */
2460 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2461 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2462 if (retval != ERROR_OK)
2463 return retval;
2464
2465 /* Read the value transferred to DTRTX into the buffer. Due to fast
2466 * mode rules, this blocks until the instruction finishes executing and
2467 * then reissues the read instruction to read the next word from
2468 * memory. The last read of DTRTX in this call reads the second-to-last
2469 * word from memory and issues the read instruction for the last word.
2470 */
2471 retval = mem_ap_read_buf_noincr(armv7a->debug_ap, buffer,
2472 4, count, armv7a->debug_base + CPUDBG_DTRTX);
2473 if (retval != ERROR_OK)
2474 return retval;
2475
2476 /* Advance. */
2477 buffer += count * 4;
2478 }
2479
2480 /* Wait for last issued instruction to complete. */
2481 retval = cortex_a_wait_instrcmpl(target, dscr, false);
2482 if (retval != ERROR_OK)
2483 return retval;
2484
2485 /* Switch to non-blocking mode if not already in that mode. */
2486 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2487 if (retval != ERROR_OK)
2488 return retval;
2489
2490 /* Check for faults and return early. */
2491 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2492 return ERROR_OK; /* A data fault is not considered a system failure. */
2493
2494 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2495 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2496 * check TXfull_l). Most of the time this will be free because TXfull_l
2497 * will be set immediately and cached in dscr. */
2498 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2499 DSCR_DTRTX_FULL_LATCHED, dscr);
2500 if (retval != ERROR_OK)
2501 return retval;
2502
2503 /* Read the value transferred to DTRTX into the buffer. This is the last
2504 * word. */
2505 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2506 armv7a->debug_base + CPUDBG_DTRTX, &u32);
2507 if (retval != ERROR_OK)
2508 return retval;
2509 target_buffer_set_u32(target, buffer, u32);
2510
2511 return ERROR_OK;
2512 }
2513
2514 static int cortex_a_read_cpu_memory(struct target *target,
2515 uint32_t address, uint32_t size,
2516 uint32_t count, uint8_t *buffer)
2517 {
2518 /* Read memory through the CPU. */
2519 int retval, final_retval;
2520 struct armv7a_common *armv7a = target_to_armv7a(target);
2521 struct arm *arm = &armv7a->arm;
2522 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2523
2524 LOG_DEBUG("Reading CPU memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2525 address, size, count);
2526 if (target->state != TARGET_HALTED) {
2527 LOG_WARNING("target not halted");
2528 return ERROR_TARGET_NOT_HALTED;
2529 }
2530
2531 if (!count)
2532 return ERROR_OK;
2533
2534 /* Clear any abort. */
2535 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2536 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2537 if (retval != ERROR_OK)
2538 return retval;
2539
2540 /* Read DSCR */
2541 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2542 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2543 if (retval != ERROR_OK)
2544 return retval;
2545
2546 /* Switch to non-blocking mode if not already in that mode. */
2547 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2548 if (retval != ERROR_OK)
2549 goto out;
2550
2551 /* Mark R0 as dirty. */
2552 arm_reg_current(arm, 0)->dirty = true;
2553
2554 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2555 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2556 if (retval != ERROR_OK)
2557 goto out;
2558
2559 /* Get the memory address into R0. */
2560 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2561 armv7a->debug_base + CPUDBG_DTRRX, address);
2562 if (retval != ERROR_OK)
2563 goto out;
2564 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2565 if (retval != ERROR_OK)
2566 goto out;
2567
2568 if (size == 4 && (address % 4) == 0) {
2569 /* We are doing a word-aligned transfer, so use fast mode. */
2570 retval = cortex_a_read_cpu_memory_fast(target, count, buffer, &dscr);
2571 } else {
2572 /* Use slow path. Adjust size for aligned accesses */
2573 switch (address % 4) {
2574 case 1:
2575 case 3:
2576 count *= size;
2577 size = 1;
2578 break;
2579 case 2:
2580 if (size == 4) {
2581 count *= 2;
2582 size = 2;
2583 }
2584 break;
2585 case 0:
2586 default:
2587 break;
2588 }
2589 retval = cortex_a_read_cpu_memory_slow(target, size, count, buffer, &dscr);
2590 }
2591
2592 out:
2593 final_retval = retval;
2594
2595 /* Switch to non-blocking mode if not already in that mode. */
2596 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2597 if (final_retval == ERROR_OK)
2598 final_retval = retval;
2599
2600 /* Wait for last issued instruction to complete. */
2601 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2602 if (final_retval == ERROR_OK)
2603 final_retval = retval;
2604
2605 /* If there were any sticky abort flags, clear them. */
2606 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2607 fault_dscr = dscr;
2608 mem_ap_write_atomic_u32(armv7a->debug_ap,
2609 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2610 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2611 } else {
2612 fault_dscr = 0;
2613 }
2614
2615 /* Handle synchronous data faults. */
2616 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2617 if (final_retval == ERROR_OK) {
2618 /* Final return value will reflect cause of fault. */
2619 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2620 if (retval == ERROR_OK) {
2621 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2622 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2623 } else
2624 final_retval = retval;
2625 }
2626 /* Fault destroyed DFAR/DFSR; restore them. */
2627 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2628 if (retval != ERROR_OK)
2629 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2630 }
2631
2632 /* Handle asynchronous data faults. */
2633 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2634 if (final_retval == ERROR_OK)
2635 /* No other error has been recorded so far, so keep this one. */
2636 final_retval = ERROR_TARGET_DATA_ABORT;
2637 }
2638
2639 /* If the DCC is nonempty, clear it. */
2640 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2641 uint32_t dummy;
2642 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2643 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2644 if (final_retval == ERROR_OK)
2645 final_retval = retval;
2646 }
2647 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2648 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2649 if (final_retval == ERROR_OK)
2650 final_retval = retval;
2651 }
2652
2653 /* Done. */
2654 return final_retval;
2655 }
2656
2657
2658 /*
2659 * Cortex-A Memory access
2660 *
2661 * This is same Cortex-M3 but we must also use the correct
2662 * ap number for every access.
2663 */
2664
2665 static int cortex_a_read_phys_memory(struct target *target,
2666 target_addr_t address, uint32_t size,
2667 uint32_t count, uint8_t *buffer)
2668 {
2669 int retval;
2670
2671 if (!count || !buffer)
2672 return ERROR_COMMAND_SYNTAX_ERROR;
2673
2674 LOG_DEBUG("Reading memory at real address " TARGET_ADDR_FMT "; size %" PRIu32 "; count %" PRIu32,
2675 address, size, count);
2676
2677 /* read memory through the CPU */
2678 cortex_a_prep_memaccess(target, 1);
2679 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2680 cortex_a_post_memaccess(target, 1);
2681
2682 return retval;
2683 }
2684
2685 static int cortex_a_read_memory(struct target *target, target_addr_t address,
2686 uint32_t size, uint32_t count, uint8_t *buffer)
2687 {
2688 int retval;
2689
2690 /* cortex_a handles unaligned memory access */
2691 LOG_DEBUG("Reading memory at address " TARGET_ADDR_FMT "; size %" PRIu32 "; count %" PRIu32,
2692 address, size, count);
2693
2694 cortex_a_prep_memaccess(target, 0);
2695 retval = cortex_a_read_cpu_memory(target, address, size, count, buffer);
2696 cortex_a_post_memaccess(target, 0);
2697
2698 return retval;
2699 }
2700
2701 static int cortex_a_write_phys_memory(struct target *target,
2702 target_addr_t address, uint32_t size,
2703 uint32_t count, const uint8_t *buffer)
2704 {
2705 int retval;
2706
2707 if (!count || !buffer)
2708 return ERROR_COMMAND_SYNTAX_ERROR;
2709
2710 LOG_DEBUG("Writing memory to real address " TARGET_ADDR_FMT "; size %" PRIu32 "; count %" PRIu32,
2711 address, size, count);
2712
2713 /* write memory through the CPU */
2714 cortex_a_prep_memaccess(target, 1);
2715 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2716 cortex_a_post_memaccess(target, 1);
2717
2718 return retval;
2719 }
2720
2721 static int cortex_a_write_memory(struct target *target, target_addr_t address,
2722 uint32_t size, uint32_t count, const uint8_t *buffer)
2723 {
2724 int retval;
2725
2726 /* cortex_a handles unaligned memory access */
2727 LOG_DEBUG("Writing memory at address " TARGET_ADDR_FMT "; size %" PRIu32 "; count %" PRIu32,
2728 address, size, count);
2729
2730 /* memory writes bypass the caches, must flush before writing */
2731 armv7a_cache_auto_flush_on_write(target, address, size * count);
2732
2733 cortex_a_prep_memaccess(target, 0);
2734 retval = cortex_a_write_cpu_memory(target, address, size, count, buffer);
2735 cortex_a_post_memaccess(target, 0);
2736 return retval;
2737 }
2738
2739 static int cortex_a_read_buffer(struct target *target, target_addr_t address,
2740 uint32_t count, uint8_t *buffer)
2741 {
2742 uint32_t size;
2743
2744 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2745 * will have something to do with the size we leave to it. */
2746 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2747 if (address & size) {
2748 int retval = target_read_memory(target, address, size, 1, buffer);
2749 if (retval != ERROR_OK)
2750 return retval;
2751 address += size;
2752 count -= size;
2753 buffer += size;
2754 }
2755 }
2756
2757 /* Read the data with as large access size as possible. */
2758 for (; size > 0; size /= 2) {
2759 uint32_t aligned = count - count % size;
2760 if (aligned > 0) {
2761 int retval = target_read_memory(target, address, size, aligned / size, buffer);
2762 if (retval != ERROR_OK)
2763 return retval;
2764 address += aligned;
2765 count -= aligned;
2766 buffer += aligned;
2767 }
2768 }
2769
2770 return ERROR_OK;
2771 }
2772
2773 static int cortex_a_write_buffer(struct target *target, target_addr_t address,
2774 uint32_t count, const uint8_t *buffer)
2775 {
2776 uint32_t size;
2777
2778 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2779 * will have something to do with the size we leave to it. */
2780 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2781 if (address & size) {
2782 int retval = target_write_memory(target, address, size, 1, buffer);
2783 if (retval != ERROR_OK)
2784 return retval;
2785 address += size;
2786 count -= size;
2787 buffer += size;
2788 }
2789 }
2790
2791 /* Write the data with as large access size as possible. */
2792 for (; size > 0; size /= 2) {
2793 uint32_t aligned = count - count % size;
2794 if (aligned > 0) {
2795 int retval = target_write_memory(target, address, size, aligned / size, buffer);
2796 if (retval != ERROR_OK)
2797 return retval;
2798 address += aligned;
2799 count -= aligned;
2800 buffer += aligned;
2801 }
2802 }
2803
2804 return ERROR_OK;
2805 }
2806
2807 static int cortex_a_handle_target_request(void *priv)
2808 {
2809 struct target *target = priv;
2810 struct armv7a_common *armv7a = target_to_armv7a(target);
2811 int retval;
2812
2813 if (!target_was_examined(target))
2814 return ERROR_OK;
2815 if (!target->dbg_msg_enabled)
2816 return ERROR_OK;
2817
2818 if (target->state == TARGET_RUNNING) {
2819 uint32_t request;
2820 uint32_t dscr;
2821 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2822 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2823
2824 /* check if we have data */
2825 int64_t then = timeval_ms();
2826 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2827 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2828 armv7a->debug_base + CPUDBG_DTRTX, &request);
2829 if (retval == ERROR_OK) {
2830 target_request(target, request);
2831 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2832 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2833 }
2834 if (timeval_ms() > then + 1000) {
2835 LOG_ERROR("Timeout waiting for dtr tx full");
2836 return ERROR_FAIL;
2837 }
2838 }
2839 }
2840
2841 return ERROR_OK;
2842 }
2843
2844 /*
2845 * Cortex-A target information and configuration
2846 */
2847
2848 static int cortex_a_examine_first(struct target *target)
2849 {
2850 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2851 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2852 struct adiv5_dap *swjdp = armv7a->arm.dap;
2853
2854 int i;
2855 int retval = ERROR_OK;
2856 uint32_t didr, cpuid, dbg_osreg, dbg_idpfr1;
2857
2858 /* Search for the APB-AP - it is needed for access to debug registers */
2859 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
2860 if (retval != ERROR_OK) {
2861 LOG_ERROR("Could not find APB-AP for debug access");
2862 return retval;
2863 }
2864
2865 retval = mem_ap_init(armv7a->debug_ap);
2866 if (retval != ERROR_OK) {
2867 LOG_ERROR("Could not initialize the APB-AP");
2868 return retval;
2869 }
2870
2871 armv7a->debug_ap->memaccess_tck = 80;
2872
2873 if (!target->dbgbase_set) {
2874 uint32_t dbgbase;
2875 /* Get ROM Table base */
2876 uint32_t apid;
2877 int32_t coreidx = target->coreid;
2878 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
2879 target->cmd_name);
2880 retval = dap_get_debugbase(armv7a->debug_ap, &dbgbase, &apid);
2881 if (retval != ERROR_OK)
2882 return retval;
2883 /* Lookup 0x15 -- Processor DAP */
2884 retval = dap_lookup_cs_component(armv7a->debug_ap, dbgbase, 0x15,
2885 &armv7a->debug_base, &coreidx);
2886 if (retval != ERROR_OK) {
2887 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
2888 target->cmd_name);
2889 return retval;
2890 }
2891 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32,
2892 target->coreid, armv7a->debug_base);
2893 } else
2894 armv7a->debug_base = target->dbgbase;
2895
2896 if ((armv7a->debug_base & (1UL<<31)) == 0)
2897 LOG_WARNING("Debug base address for target %s has bit 31 set to 0. Access to debug registers will likely fail!\n"
2898 "Please fix the target configuration.", target_name(target));
2899
2900 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2901 armv7a->debug_base + CPUDBG_DIDR, &didr);
2902 if (retval != ERROR_OK) {
2903 LOG_DEBUG("Examine %s failed", "DIDR");
2904 return retval;
2905 }
2906
2907 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2908 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
2909 if (retval != ERROR_OK) {
2910 LOG_DEBUG("Examine %s failed", "CPUID");
2911 return retval;
2912 }
2913
2914 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
2915 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
2916
2917 cortex_a->didr = didr;
2918 cortex_a->cpuid = cpuid;
2919
2920 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2921 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
2922 if (retval != ERROR_OK)
2923 return retval;
2924 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
2925
2926 if ((dbg_osreg & PRSR_POWERUP_STATUS) == 0) {
2927 LOG_ERROR("target->coreid %" PRId32 " powered down!", target->coreid);
2928 target->state = TARGET_UNKNOWN; /* TARGET_NO_POWER? */
2929 return ERROR_TARGET_INIT_FAILED;
2930 }
2931
2932 if (dbg_osreg & PRSR_STICKY_RESET_STATUS)
2933 LOG_DEBUG("target->coreid %" PRId32 " was reset!", target->coreid);
2934
2935 /* Read DBGOSLSR and check if OSLK is implemented */
2936 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2937 armv7a->debug_base + CPUDBG_OSLSR, &dbg_osreg);
2938 if (retval != ERROR_OK)
2939 return retval;
2940 LOG_DEBUG("target->coreid %" PRId32 " DBGOSLSR 0x%" PRIx32, target->coreid, dbg_osreg);
2941
2942 /* check if OS Lock is implemented */
2943 if ((dbg_osreg & OSLSR_OSLM) == OSLSR_OSLM0 || (dbg_osreg & OSLSR_OSLM) == OSLSR_OSLM1) {
2944 /* check if OS Lock is set */
2945 if (dbg_osreg & OSLSR_OSLK) {
2946 LOG_DEBUG("target->coreid %" PRId32 " OSLock set! Trying to unlock", target->coreid);
2947
2948 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2949 armv7a->debug_base + CPUDBG_OSLAR,
2950 0);
2951 if (retval == ERROR_OK)
2952 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2953 armv7a->debug_base + CPUDBG_OSLSR, &dbg_osreg);
2954
2955 /* if we fail to access the register or cannot reset the OSLK bit, bail out */
2956 if (retval != ERROR_OK || (dbg_osreg & OSLSR_OSLK) != 0) {
2957 LOG_ERROR("target->coreid %" PRId32 " OSLock sticky, core not powered?",
2958 target->coreid);
2959 target->state = TARGET_UNKNOWN; /* TARGET_NO_POWER? */
2960 return ERROR_TARGET_INIT_FAILED;
2961 }
2962 }
2963 }
2964
2965 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2966 armv7a->debug_base + CPUDBG_ID_PFR1, &dbg_idpfr1);
2967 if (retval != ERROR_OK)
2968 return retval;
2969
2970 if (dbg_idpfr1 & 0x000000f0) {
2971 LOG_DEBUG("target->coreid %" PRId32 " has security extensions",
2972 target->coreid);
2973 armv7a->arm.core_type = ARM_CORE_TYPE_SEC_EXT;
2974 }
2975 if (dbg_idpfr1 & 0x0000f000) {
2976 LOG_DEBUG("target->coreid %" PRId32 " has virtualization extensions",
2977 target->coreid);
2978 /*
2979 * overwrite and simplify the checks.
2980 * virtualization extensions require implementation of security extension
2981 */
2982 armv7a->arm.core_type = ARM_CORE_TYPE_VIRT_EXT;
2983 }
2984
2985 /* Avoid recreating the registers cache */
2986 if (!target_was_examined(target)) {
2987 retval = cortex_a_dpm_setup(cortex_a, didr);
2988 if (retval != ERROR_OK)
2989 return retval;
2990 }
2991
2992 /* Setup Breakpoint Register Pairs */
2993 cortex_a->brp_num = ((didr >> 24) & 0x0F) + 1;
2994 cortex_a->brp_num_context = ((didr >> 20) & 0x0F) + 1;
2995 cortex_a->brp_num_available = cortex_a->brp_num;
2996 free(cortex_a->brp_list);
2997 cortex_a->brp_list = calloc(cortex_a->brp_num, sizeof(struct cortex_a_brp));
2998 /* cortex_a->brb_enabled = ????; */
2999 for (i = 0; i < cortex_a->brp_num; i++) {
3000 cortex_a->brp_list[i].used = 0;
3001 if (i < (cortex_a->brp_num-cortex_a->brp_num_context))
3002 cortex_a->brp_list[i].type = BRP_NORMAL;
3003 else
3004 cortex_a->brp_list[i].type = BRP_CONTEXT;
3005 cortex_a->brp_list[i].value = 0;
3006 cortex_a->brp_list[i].control = 0;
3007 cortex_a->brp_list[i].BRPn = i;
3008 }
3009
3010 LOG_DEBUG("Configured %i hw breakpoints", cortex_a->brp_num);
3011
3012 /* Setup Watchpoint Register Pairs */
3013 cortex_a->wrp_num = ((didr >> 28) & 0x0F) + 1;
3014 cortex_a->wrp_num_available = cortex_a->wrp_num;
3015 free(cortex_a->wrp_list);
3016 cortex_a->wrp_list = calloc(cortex_a->wrp_num, sizeof(struct cortex_a_wrp));
3017 for (i = 0; i < cortex_a->wrp_num; i++) {
3018 cortex_a->wrp_list[i].used = 0;
3019 cortex_a->wrp_list[i].value = 0;
3020 cortex_a->wrp_list[i].control = 0;
3021 cortex_a->wrp_list[i].WRPn = i;
3022 }
3023
3024 LOG_DEBUG("Configured %i hw watchpoints", cortex_a->wrp_num);
3025
3026 /* select debug_ap as default */
3027 swjdp->apsel = armv7a->debug_ap->ap_num;
3028
3029 target_set_examined(target);
3030 return ERROR_OK;
3031 }
3032
3033 static int cortex_a_examine(struct target *target)
3034 {
3035 int retval = ERROR_OK;
3036
3037 /* Reestablish communication after target reset */
3038 retval = cortex_a_examine_first(target);
3039
3040 /* Configure core debug access */
3041 if (retval == ERROR_OK)
3042 retval = cortex_a_init_debug_access(target);
3043
3044 return retval;
3045 }
3046
3047 /*
3048 * Cortex-A target creation and initialization
3049 */
3050
3051 static int cortex_a_init_target(struct command_context *cmd_ctx,
3052 struct target *target)
3053 {
3054 /* examine_first() does a bunch of this */
3055 arm_semihosting_init(target);
3056 return ERROR_OK;
3057 }
3058
3059 static int cortex_a_init_arch_info(struct target *target,
3060 struct cortex_a_common *cortex_a, struct adiv5_dap *dap)
3061 {
3062 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
3063
3064 /* Setup struct cortex_a_common */
3065 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
3066 armv7a->arm.dap = dap;
3067
3068 /* register arch-specific functions */
3069 armv7a->examine_debug_reason = NULL;
3070
3071 armv7a->post_debug_entry = cortex_a_post_debug_entry;
3072
3073 armv7a->pre_restore_context = NULL;
3074
3075 armv7a->armv7a_mmu.read_physical_memory = cortex_a_read_phys_memory;
3076
3077
3078 /* arm7_9->handle_target_request = cortex_a_handle_target_request; */
3079
3080 /* REVISIT v7a setup should be in a v7a-specific routine */
3081 armv7a_init_arch_info(target, armv7a);
3082 target_register_timer_callback(cortex_a_handle_target_request, 1,
3083 TARGET_TIMER_TYPE_PERIODIC, target);
3084
3085 return ERROR_OK;
3086 }
3087
3088 static int cortex_a_target_create(struct target *target, Jim_Interp *interp)
3089 {
3090 struct cortex_a_common *cortex_a;
3091 struct adiv5_private_config *pc;
3092
3093 if (target->private_config == NULL)
3094 return ERROR_FAIL;
3095
3096 pc = (struct adiv5_private_config *)target->private_config;
3097
3098 cortex_a = calloc(1, sizeof(struct cortex_a_common));
3099 if (cortex_a == NULL) {
3100 LOG_ERROR("Out of memory");
3101 return ERROR_FAIL;
3102 }
3103 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
3104 cortex_a->armv7a_common.is_armv7r = false;
3105 cortex_a->armv7a_common.arm.arm_vfp_version = ARM_VFP_V3;
3106
3107 return cortex_a_init_arch_info(target, cortex_a, pc->dap);
3108 }
3109
3110 static int cortex_r4_target_create(struct target *target, Jim_Interp *interp)
3111 {
3112 struct cortex_a_common *cortex_a;
3113 struct adiv5_private_config *pc;
3114
3115 pc = (struct adiv5_private_config *)target->private_config;
3116 if (adiv5_verify_config(pc) != ERROR_OK)
3117 return ERROR_FAIL;
3118
3119 cortex_a = calloc(1, sizeof(struct cortex_a_common));
3120 if (cortex_a == NULL) {
3121 LOG_ERROR("Out of memory");
3122 return ERROR_FAIL;
3123 }
3124 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
3125 cortex_a->armv7a_common.is_armv7r = true;
3126
3127 return cortex_a_init_arch_info(target, cortex_a, pc->dap);
3128 }
3129
3130 static void cortex_a_deinit_target(struct target *target)
3131 {
3132 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3133 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
3134 struct arm_dpm *dpm = &armv7a->dpm;
3135 uint32_t dscr;
3136 int retval;
3137
3138 if (target_was_examined(target)) {
3139 /* Disable halt for breakpoint, watchpoint and vector catch */
3140 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3141 armv7a->debug_base + CPUDBG_DSCR, &dscr);
3142 if (retval == ERROR_OK)
3143 mem_ap_write_atomic_u32(armv7a->debug_ap,
3144 armv7a->debug_base + CPUDBG_DSCR,
3145 dscr & ~DSCR_HALT_DBG_MODE);
3146 }
3147
3148 free(cortex_a->brp_list);
3149 arm_free_reg_cache(dpm->arm);
3150 free(dpm->dbp);
3151 free(dpm->dwp);
3152 free(target->private_config);
3153 free(cortex_a);
3154 }
3155
3156 static int cortex_a_mmu(struct target *target, int *enabled)
3157 {
3158 struct armv7a_common *armv7a = target_to_armv7a(target);
3159
3160 if (target->state != TARGET_HALTED) {
3161 LOG_ERROR("%s: target not halted", __func__);
3162 return ERROR_TARGET_INVALID;
3163 }
3164
3165 if (armv7a->is_armv7r)
3166 *enabled = 0;
3167 else
3168 *enabled = target_to_cortex_a(target)->armv7a_common.armv7a_mmu.mmu_enabled;
3169
3170 return ERROR_OK;
3171 }
3172
3173 static int cortex_a_virt2phys(struct target *target,
3174 target_addr_t virt, target_addr_t *phys)
3175 {
3176 int retval;
3177 int mmu_enabled = 0;
3178
3179 /*
3180 * If the MMU was not enabled at debug entry, there is no
3181 * way of knowing if there was ever a valid configuration
3182 * for it and thus it's not safe to enable it. In this case,
3183 * just return the virtual address as physical.
3184 */
3185 cortex_a_mmu(target, &mmu_enabled);
3186 if (!mmu_enabled) {
3187 *phys = virt;
3188 return ERROR_OK;
3189 }
3190
3191 /* mmu must be enable in order to get a correct translation */
3192 retval = cortex_a_mmu_modify(target, 1);
3193 if (retval != ERROR_OK)
3194 return retval;
3195 return armv7a_mmu_translate_va_pa(target, (uint32_t)virt,
3196 phys, 1);
3197 }
3198
3199 COMMAND_HANDLER(cortex_a_handle_cache_info_command)
3200 {
3201 struct target *target = get_current_target(CMD_CTX);
3202 struct armv7a_common *armv7a = target_to_armv7a(target);
3203
3204 return armv7a_handle_cache_info_command(CMD,
3205 &armv7a->armv7a_mmu.armv7a_cache);
3206 }
3207
3208
3209 COMMAND_HANDLER(cortex_a_handle_dbginit_command)
3210 {
3211 struct target *target = get_current_target(CMD_CTX);
3212 if (!target_was_examined(target)) {
3213 LOG_ERROR("target not examined yet");
3214 return ERROR_FAIL;
3215 }
3216
3217 return cortex_a_init_debug_access(target);
3218 }
3219
3220 COMMAND_HANDLER(handle_cortex_a_mask_interrupts_command)
3221 {
3222 struct target *target = get_current_target(CMD_CTX);
3223 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3224
3225 static const Jim_Nvp nvp_maskisr_modes[] = {
3226 { .name = "off", .value = CORTEX_A_ISRMASK_OFF },
3227 { .name = "on", .value = CORTEX_A_ISRMASK_ON },
3228 { .name = NULL, .value = -1 },
3229 };
3230 const Jim_Nvp *n;
3231
3232 if (CMD_ARGC > 0) {
3233 n = Jim_Nvp_name2value_simple(nvp_maskisr_modes, CMD_ARGV[0]);
3234 if (n->name == NULL) {
3235 LOG_ERROR("Unknown parameter: %s - should be off or on", CMD_ARGV[0]);
3236 return ERROR_COMMAND_SYNTAX_ERROR;
3237 }
3238
3239 cortex_a->isrmasking_mode = n->value;
3240 }
3241
3242 n = Jim_Nvp_value2name_simple(nvp_maskisr_modes, cortex_a->isrmasking_mode);
3243 command_print(CMD, "cortex_a interrupt mask %s", n->name);
3244
3245 return ERROR_OK;
3246 }
3247
3248 COMMAND_HANDLER(handle_cortex_a_dacrfixup_command)
3249 {
3250 struct target *target = get_current_target(CMD_CTX);
3251 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3252
3253 static const Jim_Nvp nvp_dacrfixup_modes[] = {
3254 { .name = "off", .value = CORTEX_A_DACRFIXUP_OFF },
3255 { .name = "on", .value = CORTEX_A_DACRFIXUP_ON },
3256 { .name = NULL, .value = -1 },
3257 };
3258 const Jim_Nvp *n;
3259
3260 if (CMD_ARGC > 0) {
3261 n = Jim_Nvp_name2value_simple(nvp_dacrfixup_modes, CMD_ARGV[0]);
3262 if (n->name == NULL)
3263 return ERROR_COMMAND_SYNTAX_ERROR;
3264 cortex_a->dacrfixup_mode = n->value;
3265
3266 }
3267
3268 n = Jim_Nvp_value2name_simple(nvp_dacrfixup_modes, cortex_a->dacrfixup_mode);
3269 command_print(CMD, "cortex_a domain access control fixup %s", n->name);
3270
3271 return ERROR_OK;
3272 }
3273
3274 static const struct command_registration cortex_a_exec_command_handlers[] = {
3275 {
3276 .name = "cache_info",
3277 .handler = cortex_a_handle_cache_info_command,
3278 .mode = COMMAND_EXEC,
3279 .help = "display information about target caches",
3280 .usage = "",
3281 },
3282 {
3283 .name = "dbginit",
3284 .handler = cortex_a_handle_dbginit_command,
3285 .mode = COMMAND_EXEC,
3286 .help = "Initialize core debug",
3287 .usage = "",
3288 },
3289 {
3290 .name = "maskisr",
3291 .handler = handle_cortex_a_mask_interrupts_command,
3292 .mode = COMMAND_ANY,
3293 .help = "mask cortex_a interrupts",
3294 .usage = "['on'|'off']",
3295 },
3296 {
3297 .name = "dacrfixup",
3298 .handler = handle_cortex_a_dacrfixup_command,
3299 .mode = COMMAND_ANY,
3300 .help = "set domain access control (DACR) to all-manager "
3301 "on memory access",
3302 .usage = "['on'|'off']",
3303 },
3304 {
3305 .chain = armv7a_mmu_command_handlers,
3306 },
3307 {
3308 .chain = smp_command_handlers,
3309 },
3310
3311 COMMAND_REGISTRATION_DONE
3312 };
3313 static const struct command_registration cortex_a_command_handlers[] = {
3314 {
3315 .chain = arm_command_handlers,
3316 },
3317 {
3318 .chain = armv7a_command_handlers,
3319 },
3320 {
3321 .name = "cortex_a",
3322 .mode = COMMAND_ANY,
3323 .help = "Cortex-A command group",
3324 .usage = "",
3325 .chain = cortex_a_exec_command_handlers,
3326 },
3327 COMMAND_REGISTRATION_DONE
3328 };
3329
3330 struct target_type cortexa_target = {
3331 .name = "cortex_a",
3332
3333 .poll = cortex_a_poll,
3334 .arch_state = armv7a_arch_state,
3335
3336 .halt = cortex_a_halt,
3337 .resume = cortex_a_resume,
3338 .step = cortex_a_step,
3339
3340 .assert_reset = cortex_a_assert_reset,
3341 .deassert_reset = cortex_a_deassert_reset,
3342
3343 /* REVISIT allow exporting VFP3 registers ... */
3344 .get_gdb_arch = arm_get_gdb_arch,
3345 .get_gdb_reg_list = arm_get_gdb_reg_list,
3346
3347 .read_memory = cortex_a_read_memory,
3348 .write_memory = cortex_a_write_memory,
3349
3350 .read_buffer = cortex_a_read_buffer,
3351 .write_buffer = cortex_a_write_buffer,
3352
3353 .checksum_memory = arm_checksum_memory,
3354 .blank_check_memory = arm_blank_check_memory,
3355
3356 .run_algorithm = armv4_5_run_algorithm,
3357
3358 .add_breakpoint = cortex_a_add_breakpoint,
3359 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3360 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3361 .remove_breakpoint = cortex_a_remove_breakpoint,
3362 .add_watchpoint = cortex_a_add_watchpoint,
3363 .remove_watchpoint = cortex_a_remove_watchpoint,
3364
3365 .commands = cortex_a_command_handlers,
3366 .target_create = cortex_a_target_create,
3367 .target_jim_configure = adiv5_jim_configure,
3368 .init_target = cortex_a_init_target,
3369 .examine = cortex_a_examine,
3370 .deinit_target = cortex_a_deinit_target,
3371
3372 .read_phys_memory = cortex_a_read_phys_memory,
3373 .write_phys_memory = cortex_a_write_phys_memory,
3374 .mmu = cortex_a_mmu,
3375 .virt2phys = cortex_a_virt2phys,
3376 };
3377
3378 static const struct command_registration cortex_r4_exec_command_handlers[] = {
3379 {
3380 .name = "dbginit",
3381 .handler = cortex_a_handle_dbginit_command,
3382 .mode = COMMAND_EXEC,
3383 .help = "Initialize core debug",
3384 .usage = "",
3385 },
3386 {
3387 .name = "maskisr",
3388 .handler = handle_cortex_a_mask_interrupts_command,
3389 .mode = COMMAND_EXEC,
3390 .help = "mask cortex_r4 interrupts",
3391 .usage = "['on'|'off']",
3392 },
3393
3394 COMMAND_REGISTRATION_DONE
3395 };
3396 static const struct command_registration cortex_r4_command_handlers[] = {
3397 {
3398 .chain = arm_command_handlers,
3399 },
3400 {
3401 .name = "cortex_r4",
3402 .mode = COMMAND_ANY,
3403 .help = "Cortex-R4 command group",
3404 .usage = "",
3405 .chain = cortex_r4_exec_command_handlers,
3406 },
3407 COMMAND_REGISTRATION_DONE
3408 };
3409
3410 struct target_type cortexr4_target = {
3411 .name = "cortex_r4",
3412
3413 .poll = cortex_a_poll,
3414 .arch_state = armv7a_arch_state,
3415
3416 .halt = cortex_a_halt,
3417 .resume = cortex_a_resume,
3418 .step = cortex_a_step,
3419
3420 .assert_reset = cortex_a_assert_reset,
3421 .deassert_reset = cortex_a_deassert_reset,
3422
3423 /* REVISIT allow exporting VFP3 registers ... */
3424 .get_gdb_arch = arm_get_gdb_arch,
3425 .get_gdb_reg_list = arm_get_gdb_reg_list,
3426
3427 .read_memory = cortex_a_read_phys_memory,
3428 .write_memory = cortex_a_write_phys_memory,
3429
3430 .checksum_memory = arm_checksum_memory,
3431 .blank_check_memory = arm_blank_check_memory,
3432
3433 .run_algorithm = armv4_5_run_algorithm,
3434
3435 .add_breakpoint = cortex_a_add_breakpoint,
3436 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3437 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3438 .remove_breakpoint = cortex_a_remove_breakpoint,
3439 .add_watchpoint = cortex_a_add_watchpoint,
3440 .remove_watchpoint = cortex_a_remove_watchpoint,
3441
3442 .commands = cortex_r4_command_handlers,
3443 .target_create = cortex_r4_target_create,
3444 .target_jim_configure = adiv5_jim_configure,
3445 .init_target = cortex_a_init_target,
3446 .examine = cortex_a_examine,
3447 .deinit_target = cortex_a_deinit_target,
3448 };
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)