1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2006 by Magnus Lundin *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex-R4 support *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
26 * This program is free software; you can redistribute it and/or modify *
27 * it under the terms of the GNU General Public License as published by *
28 * the Free Software Foundation; either version 2 of the License, or *
29 * (at your option) any later version. *
31 * This program is distributed in the hope that it will be useful, *
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
34 * GNU General Public License for more details. *
36 * You should have received a copy of the GNU General Public License *
37 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
39 * Cortex-A8(tm) TRM, ARM DDI 0344H *
40 * Cortex-A9(tm) TRM, ARM DDI 0407F *
41 * Cortex-A4(tm) TRM, ARM DDI 0363E *
42 * Cortex-A15(tm)TRM, ARM DDI 0438C *
44 ***************************************************************************/
50 #include "breakpoints.h"
53 #include "target_request.h"
54 #include "target_type.h"
55 #include "arm_opcodes.h"
56 #include "arm_semihosting.h"
57 #include "transport/transport.h"
58 #include <helper/time_support.h>
60 #define foreach_smp_target(pos, head) \
61 for (pos = head; (pos != NULL); pos = pos->next)
63 static int cortex_a_poll(struct target
*target
);
64 static int cortex_a_debug_entry(struct target
*target
);
65 static int cortex_a_restore_context(struct target
*target
, bool bpwp
);
66 static int cortex_a_set_breakpoint(struct target
*target
,
67 struct breakpoint
*breakpoint
, uint8_t matchmode
);
68 static int cortex_a_set_context_breakpoint(struct target
*target
,
69 struct breakpoint
*breakpoint
, uint8_t matchmode
);
70 static int cortex_a_set_hybrid_breakpoint(struct target
*target
,
71 struct breakpoint
*breakpoint
);
72 static int cortex_a_unset_breakpoint(struct target
*target
,
73 struct breakpoint
*breakpoint
);
74 static int cortex_a_dap_read_coreregister_u32(struct target
*target
,
75 uint32_t *value
, int regnum
);
76 static int cortex_a_dap_write_coreregister_u32(struct target
*target
,
77 uint32_t value
, int regnum
);
78 static int cortex_a_mmu(struct target
*target
, int *enabled
);
79 static int cortex_a_mmu_modify(struct target
*target
, int enable
);
80 static int cortex_a_virt2phys(struct target
*target
,
81 target_addr_t virt
, target_addr_t
*phys
);
82 static int cortex_a_read_cpu_memory(struct target
*target
,
83 uint32_t address
, uint32_t size
, uint32_t count
, uint8_t *buffer
);
86 /* restore cp15_control_reg at resume */
87 static int cortex_a_restore_cp15_control_reg(struct target
*target
)
89 int retval
= ERROR_OK
;
90 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
91 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
93 if (cortex_a
->cp15_control_reg
!= cortex_a
->cp15_control_reg_curr
) {
94 cortex_a
->cp15_control_reg_curr
= cortex_a
->cp15_control_reg
;
95 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
96 retval
= armv7a
->arm
.mcr(target
, 15,
99 cortex_a
->cp15_control_reg
);
105 * Set up ARM core for memory access.
106 * If !phys_access, switch to SVC mode and make sure MMU is on
107 * If phys_access, switch off mmu
109 static int cortex_a_prep_memaccess(struct target
*target
, int phys_access
)
111 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
112 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
115 if (phys_access
== 0) {
116 dpm_modeswitch(&armv7a
->dpm
, ARM_MODE_SVC
);
117 cortex_a_mmu(target
, &mmu_enabled
);
119 cortex_a_mmu_modify(target
, 1);
120 if (cortex_a
->dacrfixup_mode
== CORTEX_A_DACRFIXUP_ON
) {
121 /* overwrite DACR to all-manager */
122 armv7a
->arm
.mcr(target
, 15,
127 cortex_a_mmu(target
, &mmu_enabled
);
129 cortex_a_mmu_modify(target
, 0);
135 * Restore ARM core after memory access.
136 * If !phys_access, switch to previous mode
137 * If phys_access, restore MMU setting
139 static int cortex_a_post_memaccess(struct target
*target
, int phys_access
)
141 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
142 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
144 if (phys_access
== 0) {
145 if (cortex_a
->dacrfixup_mode
== CORTEX_A_DACRFIXUP_ON
) {
147 armv7a
->arm
.mcr(target
, 15,
149 cortex_a
->cp15_dacr_reg
);
151 dpm_modeswitch(&armv7a
->dpm
, ARM_MODE_ANY
);
154 cortex_a_mmu(target
, &mmu_enabled
);
156 cortex_a_mmu_modify(target
, 1);
162 /* modify cp15_control_reg in order to enable or disable mmu for :
163 * - virt2phys address conversion
164 * - read or write memory in phys or virt address */
165 static int cortex_a_mmu_modify(struct target
*target
, int enable
)
167 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
168 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
169 int retval
= ERROR_OK
;
173 /* if mmu enabled at target stop and mmu not enable */
174 if (!(cortex_a
->cp15_control_reg
& 0x1U
)) {
175 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
178 if ((cortex_a
->cp15_control_reg_curr
& 0x1U
) == 0) {
179 cortex_a
->cp15_control_reg_curr
|= 0x1U
;
183 if ((cortex_a
->cp15_control_reg_curr
& 0x1U
) == 0x1U
) {
184 cortex_a
->cp15_control_reg_curr
&= ~0x1U
;
190 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32
,
191 enable
? "enable mmu" : "disable mmu",
192 cortex_a
->cp15_control_reg_curr
);
194 retval
= armv7a
->arm
.mcr(target
, 15,
197 cortex_a
->cp15_control_reg_curr
);
203 * Cortex-A Basic debug access, very low level assumes state is saved
205 static int cortex_a_init_debug_access(struct target
*target
)
207 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
210 /* lock memory-mapped access to debug registers to prevent
211 * software interference */
212 retval
= mem_ap_write_u32(armv7a
->debug_ap
,
213 armv7a
->debug_base
+ CPUDBG_LOCKACCESS
, 0);
214 if (retval
!= ERROR_OK
)
217 /* Disable cacheline fills and force cache write-through in debug state */
218 retval
= mem_ap_write_u32(armv7a
->debug_ap
,
219 armv7a
->debug_base
+ CPUDBG_DSCCR
, 0);
220 if (retval
!= ERROR_OK
)
223 /* Disable TLB lookup and refill/eviction in debug state */
224 retval
= mem_ap_write_u32(armv7a
->debug_ap
,
225 armv7a
->debug_base
+ CPUDBG_DSMCR
, 0);
226 if (retval
!= ERROR_OK
)
229 retval
= dap_run(armv7a
->debug_ap
->dap
);
230 if (retval
!= ERROR_OK
)
233 /* Enabling of instruction execution in debug mode is done in debug_entry code */
235 /* Resync breakpoint registers */
237 /* Since this is likely called from init or reset, update target state information*/
238 return cortex_a_poll(target
);
241 static int cortex_a_wait_instrcmpl(struct target
*target
, uint32_t *dscr
, bool force
)
243 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
244 * Writes final value of DSCR into *dscr. Pass force to force always
245 * reading DSCR at least once. */
246 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
247 int64_t then
= timeval_ms();
248 while ((*dscr
& DSCR_INSTR_COMP
) == 0 || force
) {
250 int retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
251 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
);
252 if (retval
!= ERROR_OK
) {
253 LOG_ERROR("Could not read DSCR register");
256 if (timeval_ms() > then
+ 1000) {
257 LOG_ERROR("Timeout waiting for InstrCompl=1");
264 /* To reduce needless round-trips, pass in a pointer to the current
265 * DSCR value. Initialize it to zero if you just need to know the
266 * value on return from this function; or DSCR_INSTR_COMP if you
267 * happen to know that no instruction is pending.
269 static int cortex_a_exec_opcode(struct target
*target
,
270 uint32_t opcode
, uint32_t *dscr_p
)
274 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
276 dscr
= dscr_p
? *dscr_p
: 0;
278 LOG_DEBUG("exec opcode 0x%08" PRIx32
, opcode
);
280 /* Wait for InstrCompl bit to be set */
281 retval
= cortex_a_wait_instrcmpl(target
, dscr_p
, false);
282 if (retval
!= ERROR_OK
)
285 retval
= mem_ap_write_u32(armv7a
->debug_ap
,
286 armv7a
->debug_base
+ CPUDBG_ITR
, opcode
);
287 if (retval
!= ERROR_OK
)
290 int64_t then
= timeval_ms();
292 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
293 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
294 if (retval
!= ERROR_OK
) {
295 LOG_ERROR("Could not read DSCR register");
298 if (timeval_ms() > then
+ 1000) {
299 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
302 } while ((dscr
& DSCR_INSTR_COMP
) == 0); /* Wait for InstrCompl bit to be set */
310 /**************************************************************************
311 Read core register with very few exec_opcode, fast but needs work_area.
312 This can cause problems with MMU active.
313 **************************************************************************/
314 static int cortex_a_read_regs_through_mem(struct target
*target
, uint32_t address
,
317 int retval
= ERROR_OK
;
318 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
320 retval
= cortex_a_dap_read_coreregister_u32(target
, regfile
, 0);
321 if (retval
!= ERROR_OK
)
323 retval
= cortex_a_dap_write_coreregister_u32(target
, address
, 0);
324 if (retval
!= ERROR_OK
)
326 retval
= cortex_a_exec_opcode(target
, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL
);
327 if (retval
!= ERROR_OK
)
330 retval
= mem_ap_read_buf(armv7a
->memory_ap
,
331 (uint8_t *)(®file
[1]), 4, 15, address
);
336 static int cortex_a_dap_read_coreregister_u32(struct target
*target
,
337 uint32_t *value
, int regnum
)
339 int retval
= ERROR_OK
;
340 uint8_t reg
= regnum
&0xFF;
342 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
348 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
349 retval
= cortex_a_exec_opcode(target
,
350 ARMV4_5_MCR(14, 0, reg
, 0, 5, 0),
352 if (retval
!= ERROR_OK
)
354 } else if (reg
== 15) {
355 /* "MOV r0, r15"; then move r0 to DCCTX */
356 retval
= cortex_a_exec_opcode(target
, 0xE1A0000F, &dscr
);
357 if (retval
!= ERROR_OK
)
359 retval
= cortex_a_exec_opcode(target
,
360 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
362 if (retval
!= ERROR_OK
)
365 /* "MRS r0, CPSR" or "MRS r0, SPSR"
366 * then move r0 to DCCTX
368 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRS(0, reg
& 1), &dscr
);
369 if (retval
!= ERROR_OK
)
371 retval
= cortex_a_exec_opcode(target
,
372 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
374 if (retval
!= ERROR_OK
)
378 /* Wait for DTRRXfull then read DTRRTX */
379 int64_t then
= timeval_ms();
380 while ((dscr
& DSCR_DTR_TX_FULL
) == 0) {
381 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
382 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
383 if (retval
!= ERROR_OK
)
385 if (timeval_ms() > then
+ 1000) {
386 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
391 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
392 armv7a
->debug_base
+ CPUDBG_DTRTX
, value
);
393 LOG_DEBUG("read DCC 0x%08" PRIx32
, *value
);
398 static int cortex_a_dap_write_coreregister_u32(struct target
*target
,
399 uint32_t value
, int regnum
)
401 int retval
= ERROR_OK
;
402 uint8_t Rd
= regnum
&0xFF;
404 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
406 LOG_DEBUG("register %i, value 0x%08" PRIx32
, regnum
, value
);
408 /* Check that DCCRX is not full */
409 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
410 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
411 if (retval
!= ERROR_OK
)
413 if (dscr
& DSCR_DTR_RX_FULL
) {
414 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32
, dscr
);
415 /* Clear DCCRX with MRC(p14, 0, Rd, c0, c5, 0), opcode 0xEE100E15 */
416 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
418 if (retval
!= ERROR_OK
)
425 /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
426 LOG_DEBUG("write DCC 0x%08" PRIx32
, value
);
427 retval
= mem_ap_write_u32(armv7a
->debug_ap
,
428 armv7a
->debug_base
+ CPUDBG_DTRRX
, value
);
429 if (retval
!= ERROR_OK
)
433 /* DCCRX to Rn, "MRC p14, 0, Rn, c0, c5, 0", 0xEE10nE15 */
434 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, Rd
, 0, 5, 0),
437 if (retval
!= ERROR_OK
)
439 } else if (Rd
== 15) {
440 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
443 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
445 if (retval
!= ERROR_OK
)
447 retval
= cortex_a_exec_opcode(target
, 0xE1A0F000, &dscr
);
448 if (retval
!= ERROR_OK
)
451 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
452 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
454 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
456 if (retval
!= ERROR_OK
)
458 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MSR_GP(0, 0xF, Rd
& 1),
460 if (retval
!= ERROR_OK
)
463 /* "Prefetch flush" after modifying execution status in CPSR */
465 retval
= cortex_a_exec_opcode(target
,
466 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
468 if (retval
!= ERROR_OK
)
476 /* Write to memory mapped registers directly with no cache or mmu handling */
477 static int cortex_a_dap_write_memap_register_u32(struct target
*target
,
482 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
484 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
, address
, value
);
490 * Cortex-A implementation of Debug Programmer's Model
492 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
493 * so there's no need to poll for it before executing an instruction.
495 * NOTE that in several of these cases the "stall" mode might be useful.
496 * It'd let us queue a few operations together... prepare/finish might
497 * be the places to enable/disable that mode.
500 static inline struct cortex_a_common
*dpm_to_a(struct arm_dpm
*dpm
)
502 return container_of(dpm
, struct cortex_a_common
, armv7a_common
.dpm
);
505 static int cortex_a_write_dcc(struct cortex_a_common
*a
, uint32_t data
)
507 LOG_DEBUG("write DCC 0x%08" PRIx32
, data
);
508 return mem_ap_write_u32(a
->armv7a_common
.debug_ap
,
509 a
->armv7a_common
.debug_base
+ CPUDBG_DTRRX
, data
);
512 static int cortex_a_read_dcc(struct cortex_a_common
*a
, uint32_t *data
,
515 uint32_t dscr
= DSCR_INSTR_COMP
;
521 /* Wait for DTRRXfull */
522 int64_t then
= timeval_ms();
523 while ((dscr
& DSCR_DTR_TX_FULL
) == 0) {
524 retval
= mem_ap_read_atomic_u32(a
->armv7a_common
.debug_ap
,
525 a
->armv7a_common
.debug_base
+ CPUDBG_DSCR
,
527 if (retval
!= ERROR_OK
)
529 if (timeval_ms() > then
+ 1000) {
530 LOG_ERROR("Timeout waiting for read dcc");
535 retval
= mem_ap_read_atomic_u32(a
->armv7a_common
.debug_ap
,
536 a
->armv7a_common
.debug_base
+ CPUDBG_DTRTX
, data
);
537 if (retval
!= ERROR_OK
)
539 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
547 static int cortex_a_dpm_prepare(struct arm_dpm
*dpm
)
549 struct cortex_a_common
*a
= dpm_to_a(dpm
);
553 /* set up invariant: INSTR_COMP is set after ever DPM operation */
554 int64_t then
= timeval_ms();
556 retval
= mem_ap_read_atomic_u32(a
->armv7a_common
.debug_ap
,
557 a
->armv7a_common
.debug_base
+ CPUDBG_DSCR
,
559 if (retval
!= ERROR_OK
)
561 if ((dscr
& DSCR_INSTR_COMP
) != 0)
563 if (timeval_ms() > then
+ 1000) {
564 LOG_ERROR("Timeout waiting for dpm prepare");
569 /* this "should never happen" ... */
570 if (dscr
& DSCR_DTR_RX_FULL
) {
571 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32
, dscr
);
573 retval
= cortex_a_exec_opcode(
574 a
->armv7a_common
.arm
.target
,
575 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
577 if (retval
!= ERROR_OK
)
584 static int cortex_a_dpm_finish(struct arm_dpm
*dpm
)
586 /* REVISIT what could be done here? */
590 static int cortex_a_instr_write_data_dcc(struct arm_dpm
*dpm
,
591 uint32_t opcode
, uint32_t data
)
593 struct cortex_a_common
*a
= dpm_to_a(dpm
);
595 uint32_t dscr
= DSCR_INSTR_COMP
;
597 retval
= cortex_a_write_dcc(a
, data
);
598 if (retval
!= ERROR_OK
)
601 return cortex_a_exec_opcode(
602 a
->armv7a_common
.arm
.target
,
607 static int cortex_a_instr_write_data_r0(struct arm_dpm
*dpm
,
608 uint32_t opcode
, uint32_t data
)
610 struct cortex_a_common
*a
= dpm_to_a(dpm
);
611 uint32_t dscr
= DSCR_INSTR_COMP
;
614 retval
= cortex_a_write_dcc(a
, data
);
615 if (retval
!= ERROR_OK
)
618 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
619 retval
= cortex_a_exec_opcode(
620 a
->armv7a_common
.arm
.target
,
621 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
623 if (retval
!= ERROR_OK
)
626 /* then the opcode, taking data from R0 */
627 retval
= cortex_a_exec_opcode(
628 a
->armv7a_common
.arm
.target
,
635 static int cortex_a_instr_cpsr_sync(struct arm_dpm
*dpm
)
637 struct target
*target
= dpm
->arm
->target
;
638 uint32_t dscr
= DSCR_INSTR_COMP
;
640 /* "Prefetch flush" after modifying execution status in CPSR */
641 return cortex_a_exec_opcode(target
,
642 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
646 static int cortex_a_instr_read_data_dcc(struct arm_dpm
*dpm
,
647 uint32_t opcode
, uint32_t *data
)
649 struct cortex_a_common
*a
= dpm_to_a(dpm
);
651 uint32_t dscr
= DSCR_INSTR_COMP
;
653 /* the opcode, writing data to DCC */
654 retval
= cortex_a_exec_opcode(
655 a
->armv7a_common
.arm
.target
,
658 if (retval
!= ERROR_OK
)
661 return cortex_a_read_dcc(a
, data
, &dscr
);
665 static int cortex_a_instr_read_data_r0(struct arm_dpm
*dpm
,
666 uint32_t opcode
, uint32_t *data
)
668 struct cortex_a_common
*a
= dpm_to_a(dpm
);
669 uint32_t dscr
= DSCR_INSTR_COMP
;
672 /* the opcode, writing data to R0 */
673 retval
= cortex_a_exec_opcode(
674 a
->armv7a_common
.arm
.target
,
677 if (retval
!= ERROR_OK
)
680 /* write R0 to DCC */
681 retval
= cortex_a_exec_opcode(
682 a
->armv7a_common
.arm
.target
,
683 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
685 if (retval
!= ERROR_OK
)
688 return cortex_a_read_dcc(a
, data
, &dscr
);
691 static int cortex_a_bpwp_enable(struct arm_dpm
*dpm
, unsigned index_t
,
692 uint32_t addr
, uint32_t control
)
694 struct cortex_a_common
*a
= dpm_to_a(dpm
);
695 uint32_t vr
= a
->armv7a_common
.debug_base
;
696 uint32_t cr
= a
->armv7a_common
.debug_base
;
700 case 0 ... 15: /* breakpoints */
701 vr
+= CPUDBG_BVR_BASE
;
702 cr
+= CPUDBG_BCR_BASE
;
704 case 16 ... 31: /* watchpoints */
705 vr
+= CPUDBG_WVR_BASE
;
706 cr
+= CPUDBG_WCR_BASE
;
715 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
716 (unsigned) vr
, (unsigned) cr
);
718 retval
= cortex_a_dap_write_memap_register_u32(dpm
->arm
->target
,
720 if (retval
!= ERROR_OK
)
722 retval
= cortex_a_dap_write_memap_register_u32(dpm
->arm
->target
,
727 static int cortex_a_bpwp_disable(struct arm_dpm
*dpm
, unsigned index_t
)
729 struct cortex_a_common
*a
= dpm_to_a(dpm
);
734 cr
= a
->armv7a_common
.debug_base
+ CPUDBG_BCR_BASE
;
737 cr
= a
->armv7a_common
.debug_base
+ CPUDBG_WCR_BASE
;
745 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr
);
747 /* clear control register */
748 return cortex_a_dap_write_memap_register_u32(dpm
->arm
->target
, cr
, 0);
751 static int cortex_a_dpm_setup(struct cortex_a_common
*a
, uint32_t didr
)
753 struct arm_dpm
*dpm
= &a
->armv7a_common
.dpm
;
756 dpm
->arm
= &a
->armv7a_common
.arm
;
759 dpm
->prepare
= cortex_a_dpm_prepare
;
760 dpm
->finish
= cortex_a_dpm_finish
;
762 dpm
->instr_write_data_dcc
= cortex_a_instr_write_data_dcc
;
763 dpm
->instr_write_data_r0
= cortex_a_instr_write_data_r0
;
764 dpm
->instr_cpsr_sync
= cortex_a_instr_cpsr_sync
;
766 dpm
->instr_read_data_dcc
= cortex_a_instr_read_data_dcc
;
767 dpm
->instr_read_data_r0
= cortex_a_instr_read_data_r0
;
769 dpm
->bpwp_enable
= cortex_a_bpwp_enable
;
770 dpm
->bpwp_disable
= cortex_a_bpwp_disable
;
772 retval
= arm_dpm_setup(dpm
);
773 if (retval
== ERROR_OK
)
774 retval
= arm_dpm_initialize(dpm
);
778 static struct target
*get_cortex_a(struct target
*target
, int32_t coreid
)
780 struct target_list
*head
;
784 while (head
!= (struct target_list
*)NULL
) {
786 if ((curr
->coreid
== coreid
) && (curr
->state
== TARGET_HALTED
))
792 static int cortex_a_halt(struct target
*target
);
794 static int cortex_a_halt_smp(struct target
*target
)
797 struct target_list
*head
;
800 while (head
!= (struct target_list
*)NULL
) {
802 if ((curr
!= target
) && (curr
->state
!= TARGET_HALTED
)
803 && target_was_examined(curr
))
804 retval
+= cortex_a_halt(curr
);
810 static int update_halt_gdb(struct target
*target
)
812 struct target
*gdb_target
= NULL
;
813 struct target_list
*head
;
817 if (target
->gdb_service
&& target
->gdb_service
->core
[0] == -1) {
818 target
->gdb_service
->target
= target
;
819 target
->gdb_service
->core
[0] = target
->coreid
;
820 retval
+= cortex_a_halt_smp(target
);
823 if (target
->gdb_service
)
824 gdb_target
= target
->gdb_service
->target
;
826 foreach_smp_target(head
, target
->head
) {
828 /* skip calling context */
831 if (!target_was_examined(curr
))
833 /* skip targets that were already halted */
834 if (curr
->state
== TARGET_HALTED
)
836 /* Skip gdb_target; it alerts GDB so has to be polled as last one */
837 if (curr
== gdb_target
)
840 /* avoid recursion in cortex_a_poll() */
846 /* after all targets were updated, poll the gdb serving target */
847 if (gdb_target
!= NULL
&& gdb_target
!= target
)
848 cortex_a_poll(gdb_target
);
853 * Cortex-A Run control
856 static int cortex_a_poll(struct target
*target
)
858 int retval
= ERROR_OK
;
860 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
861 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
862 enum target_state prev_target_state
= target
->state
;
863 /* toggle to another core is done by gdb as follow */
864 /* maint packet J core_id */
866 /* the next polling trigger an halt event sent to gdb */
867 if ((target
->state
== TARGET_HALTED
) && (target
->smp
) &&
868 (target
->gdb_service
) &&
869 (target
->gdb_service
->target
== NULL
)) {
870 target
->gdb_service
->target
=
871 get_cortex_a(target
, target
->gdb_service
->core
[1]);
872 target_call_event_callbacks(target
, TARGET_EVENT_HALTED
);
875 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
876 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
877 if (retval
!= ERROR_OK
)
879 cortex_a
->cpudbg_dscr
= dscr
;
881 if (DSCR_RUN_MODE(dscr
) == (DSCR_CORE_HALTED
| DSCR_CORE_RESTARTED
)) {
882 if (prev_target_state
!= TARGET_HALTED
) {
883 /* We have a halting debug event */
884 LOG_DEBUG("Target halted");
885 target
->state
= TARGET_HALTED
;
886 if ((prev_target_state
== TARGET_RUNNING
)
887 || (prev_target_state
== TARGET_UNKNOWN
)
888 || (prev_target_state
== TARGET_RESET
)) {
889 retval
= cortex_a_debug_entry(target
);
890 if (retval
!= ERROR_OK
)
893 retval
= update_halt_gdb(target
);
894 if (retval
!= ERROR_OK
)
898 if (arm_semihosting(target
, &retval
) != 0)
901 target_call_event_callbacks(target
,
902 TARGET_EVENT_HALTED
);
904 if (prev_target_state
== TARGET_DEBUG_RUNNING
) {
907 retval
= cortex_a_debug_entry(target
);
908 if (retval
!= ERROR_OK
)
911 retval
= update_halt_gdb(target
);
912 if (retval
!= ERROR_OK
)
916 target_call_event_callbacks(target
,
917 TARGET_EVENT_DEBUG_HALTED
);
921 target
->state
= TARGET_RUNNING
;
926 static int cortex_a_halt(struct target
*target
)
928 int retval
= ERROR_OK
;
930 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
933 * Tell the core to be halted by writing DRCR with 0x1
934 * and then wait for the core to be halted.
936 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
937 armv7a
->debug_base
+ CPUDBG_DRCR
, DRCR_HALT
);
938 if (retval
!= ERROR_OK
)
942 * enter halting debug mode
944 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
945 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
946 if (retval
!= ERROR_OK
)
949 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
950 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
| DSCR_HALT_DBG_MODE
);
951 if (retval
!= ERROR_OK
)
954 int64_t then
= timeval_ms();
956 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
957 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
958 if (retval
!= ERROR_OK
)
960 if ((dscr
& DSCR_CORE_HALTED
) != 0)
962 if (timeval_ms() > then
+ 1000) {
963 LOG_ERROR("Timeout waiting for halt");
968 target
->debug_reason
= DBG_REASON_DBGRQ
;
973 static int cortex_a_internal_restore(struct target
*target
, int current
,
974 target_addr_t
*address
, int handle_breakpoints
, int debug_execution
)
976 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
977 struct arm
*arm
= &armv7a
->arm
;
981 if (!debug_execution
)
982 target_free_all_working_areas(target
);
985 if (debug_execution
) {
986 /* Disable interrupts */
987 /* We disable interrupts in the PRIMASK register instead of
988 * masking with C_MASKINTS,
989 * This is probably the same issue as Cortex-M3 Errata 377493:
990 * C_MASKINTS in parallel with disabled interrupts can cause
991 * local faults to not be taken. */
992 buf_set_u32(armv7m
->core_cache
->reg_list
[ARMV7M_PRIMASK
].value
, 0, 32, 1);
993 armv7m
->core_cache
->reg_list
[ARMV7M_PRIMASK
].dirty
= 1;
994 armv7m
->core_cache
->reg_list
[ARMV7M_PRIMASK
].valid
= 1;
996 /* Make sure we are in Thumb mode */
997 buf_set_u32(armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].value
, 0, 32,
998 buf_get_u32(armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].value
, 0,
1000 armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].dirty
= 1;
1001 armv7m
->core_cache
->reg_list
[ARMV7M_xPSR
].valid
= 1;
1005 /* current = 1: continue on current pc, otherwise continue at <address> */
1006 resume_pc
= buf_get_u32(arm
->pc
->value
, 0, 32);
1008 resume_pc
= *address
;
1010 *address
= resume_pc
;
1012 /* Make sure that the Armv7 gdb thumb fixups does not
1013 * kill the return address
1015 switch (arm
->core_state
) {
1017 resume_pc
&= 0xFFFFFFFC;
1019 case ARM_STATE_THUMB
:
1020 case ARM_STATE_THUMB_EE
:
1021 /* When the return address is loaded into PC
1022 * bit 0 must be 1 to stay in Thumb state
1026 case ARM_STATE_JAZELLE
:
1027 LOG_ERROR("How do I resume into Jazelle state??");
1029 case ARM_STATE_AARCH64
:
1030 LOG_ERROR("Shoudn't be in AARCH64 state");
1033 LOG_DEBUG("resume pc = 0x%08" PRIx32
, resume_pc
);
1034 buf_set_u32(arm
->pc
->value
, 0, 32, resume_pc
);
1038 /* restore dpm_mode at system halt */
1039 dpm_modeswitch(&armv7a
->dpm
, ARM_MODE_ANY
);
1040 /* called it now before restoring context because it uses cpu
1041 * register r0 for restoring cp15 control register */
1042 retval
= cortex_a_restore_cp15_control_reg(target
);
1043 if (retval
!= ERROR_OK
)
1045 retval
= cortex_a_restore_context(target
, handle_breakpoints
);
1046 if (retval
!= ERROR_OK
)
1048 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1049 target
->state
= TARGET_RUNNING
;
1051 /* registers are now invalid */
1052 register_cache_invalidate(arm
->core_cache
);
1055 /* the front-end may request us not to handle breakpoints */
1056 if (handle_breakpoints
) {
1057 /* Single step past breakpoint at current address */
1058 breakpoint
= breakpoint_find(target
, resume_pc
);
1060 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint
->address
);
1061 cortex_m3_unset_breakpoint(target
, breakpoint
);
1062 cortex_m3_single_step_core(target
);
1063 cortex_m3_set_breakpoint(target
, breakpoint
);
1071 static int cortex_a_internal_restart(struct target
*target
)
1073 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1074 struct arm
*arm
= &armv7a
->arm
;
1078 * * Restart core and wait for it to be started. Clear ITRen and sticky
1079 * * exception flags: see ARMv7 ARM, C5.9.
1081 * REVISIT: for single stepping, we probably want to
1082 * disable IRQs by default, with optional override...
1085 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
1086 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
1087 if (retval
!= ERROR_OK
)
1090 if ((dscr
& DSCR_INSTR_COMP
) == 0)
1091 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
1093 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
1094 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
& ~DSCR_ITR_EN
);
1095 if (retval
!= ERROR_OK
)
1098 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
1099 armv7a
->debug_base
+ CPUDBG_DRCR
, DRCR_RESTART
|
1100 DRCR_CLEAR_EXCEPTIONS
);
1101 if (retval
!= ERROR_OK
)
1104 int64_t then
= timeval_ms();
1106 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
1107 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
1108 if (retval
!= ERROR_OK
)
1110 if ((dscr
& DSCR_CORE_RESTARTED
) != 0)
1112 if (timeval_ms() > then
+ 1000) {
1113 LOG_ERROR("Timeout waiting for resume");
1118 target
->debug_reason
= DBG_REASON_NOTHALTED
;
1119 target
->state
= TARGET_RUNNING
;
1121 /* registers are now invalid */
1122 register_cache_invalidate(arm
->core_cache
);
1127 static int cortex_a_restore_smp(struct target
*target
, int handle_breakpoints
)
1130 struct target_list
*head
;
1131 struct target
*curr
;
1132 target_addr_t address
;
1133 head
= target
->head
;
1134 while (head
!= (struct target_list
*)NULL
) {
1135 curr
= head
->target
;
1136 if ((curr
!= target
) && (curr
->state
!= TARGET_RUNNING
)
1137 && target_was_examined(curr
)) {
1138 /* resume current address , not in step mode */
1139 retval
+= cortex_a_internal_restore(curr
, 1, &address
,
1140 handle_breakpoints
, 0);
1141 retval
+= cortex_a_internal_restart(curr
);
1149 static int cortex_a_resume(struct target
*target
, int current
,
1150 target_addr_t address
, int handle_breakpoints
, int debug_execution
)
1153 /* dummy resume for smp toggle in order to reduce gdb impact */
1154 if ((target
->smp
) && (target
->gdb_service
->core
[1] != -1)) {
1155 /* simulate a start and halt of target */
1156 target
->gdb_service
->target
= NULL
;
1157 target
->gdb_service
->core
[0] = target
->gdb_service
->core
[1];
1158 /* fake resume at next poll we play the target core[1], see poll*/
1159 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1162 cortex_a_internal_restore(target
, current
, &address
, handle_breakpoints
, debug_execution
);
1164 target
->gdb_service
->core
[0] = -1;
1165 retval
= cortex_a_restore_smp(target
, handle_breakpoints
);
1166 if (retval
!= ERROR_OK
)
1169 cortex_a_internal_restart(target
);
1171 if (!debug_execution
) {
1172 target
->state
= TARGET_RUNNING
;
1173 target_call_event_callbacks(target
, TARGET_EVENT_RESUMED
);
1174 LOG_DEBUG("target resumed at " TARGET_ADDR_FMT
, address
);
1176 target
->state
= TARGET_DEBUG_RUNNING
;
1177 target_call_event_callbacks(target
, TARGET_EVENT_DEBUG_RESUMED
);
1178 LOG_DEBUG("target debug resumed at " TARGET_ADDR_FMT
, address
);
1184 static int cortex_a_debug_entry(struct target
*target
)
1187 uint32_t regfile
[16], cpsr
, spsr
, dscr
;
1188 int retval
= ERROR_OK
;
1189 struct working_area
*regfile_working_area
= NULL
;
1190 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1191 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1192 struct arm
*arm
= &armv7a
->arm
;
1195 LOG_DEBUG("dscr = 0x%08" PRIx32
, cortex_a
->cpudbg_dscr
);
1197 /* REVISIT surely we should not re-read DSCR !! */
1198 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
1199 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
1200 if (retval
!= ERROR_OK
)
1203 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1204 * imprecise data aborts get discarded by issuing a Data
1205 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1208 /* Enable the ITR execution once we are in debug mode */
1209 dscr
|= DSCR_ITR_EN
;
1210 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
1211 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
);
1212 if (retval
!= ERROR_OK
)
1215 /* Examine debug reason */
1216 arm_dpm_report_dscr(&armv7a
->dpm
, cortex_a
->cpudbg_dscr
);
1218 /* save address of instruction that triggered the watchpoint? */
1219 if (target
->debug_reason
== DBG_REASON_WATCHPOINT
) {
1222 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
1223 armv7a
->debug_base
+ CPUDBG_WFAR
,
1225 if (retval
!= ERROR_OK
)
1227 arm_dpm_report_wfar(&armv7a
->dpm
, wfar
);
1230 /* REVISIT fast_reg_read is never set ... */
1232 /* Examine target state and mode */
1233 if (cortex_a
->fast_reg_read
)
1234 target_alloc_working_area(target
, 64, ®file_working_area
);
1237 /* First load register acessible through core debug port*/
1238 if (!regfile_working_area
)
1239 retval
= arm_dpm_read_current_registers(&armv7a
->dpm
);
1241 retval
= cortex_a_read_regs_through_mem(target
,
1242 regfile_working_area
->address
, regfile
);
1244 target_free_working_area(target
, regfile_working_area
);
1245 if (retval
!= ERROR_OK
)
1248 /* read Current PSR */
1249 retval
= cortex_a_dap_read_coreregister_u32(target
, &cpsr
, 16);
1250 /* store current cpsr */
1251 if (retval
!= ERROR_OK
)
1254 LOG_DEBUG("cpsr: %8.8" PRIx32
, cpsr
);
1256 arm_set_cpsr(arm
, cpsr
);
1259 for (i
= 0; i
<= ARM_PC
; i
++) {
1260 reg
= arm_reg_current(arm
, i
);
1262 buf_set_u32(reg
->value
, 0, 32, regfile
[i
]);
1267 /* Fixup PC Resume Address */
1268 if (cpsr
& (1 << 5)) {
1269 /* T bit set for Thumb or ThumbEE state */
1270 regfile
[ARM_PC
] -= 4;
1273 regfile
[ARM_PC
] -= 8;
1277 buf_set_u32(reg
->value
, 0, 32, regfile
[ARM_PC
]);
1278 reg
->dirty
= reg
->valid
;
1282 /* read Saved PSR */
1283 retval
= cortex_a_dap_read_coreregister_u32(target
, &spsr
, 17);
1284 /* store current spsr */
1285 if (retval
!= ERROR_OK
)
1289 buf_set_u32(reg
->value
, 0, 32, spsr
);
1295 /* TODO, Move this */
1296 uint32_t cp15_control_register
, cp15_cacr
, cp15_nacr
;
1297 cortex_a_read_cp(target
, &cp15_control_register
, 15, 0, 1, 0, 0);
1298 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register
);
1300 cortex_a_read_cp(target
, &cp15_cacr
, 15, 0, 1, 0, 2);
1301 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr
);
1303 cortex_a_read_cp(target
, &cp15_nacr
, 15, 0, 1, 1, 2);
1304 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr
);
1307 /* Are we in an exception handler */
1308 /* armv4_5->exception_number = 0; */
1309 if (armv7a
->post_debug_entry
) {
1310 retval
= armv7a
->post_debug_entry(target
);
1311 if (retval
!= ERROR_OK
)
1318 static int cortex_a_post_debug_entry(struct target
*target
)
1320 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1321 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
1324 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1325 retval
= armv7a
->arm
.mrc(target
, 15,
1326 0, 0, /* op1, op2 */
1327 1, 0, /* CRn, CRm */
1328 &cortex_a
->cp15_control_reg
);
1329 if (retval
!= ERROR_OK
)
1331 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32
, cortex_a
->cp15_control_reg
);
1332 cortex_a
->cp15_control_reg_curr
= cortex_a
->cp15_control_reg
;
1334 if (!armv7a
->is_armv7r
)
1335 armv7a_read_ttbcr(target
);
1337 if (armv7a
->armv7a_mmu
.armv7a_cache
.info
== -1)
1338 armv7a_identify_cache(target
);
1340 if (armv7a
->is_armv7r
) {
1341 armv7a
->armv7a_mmu
.mmu_enabled
= 0;
1343 armv7a
->armv7a_mmu
.mmu_enabled
=
1344 (cortex_a
->cp15_control_reg
& 0x1U
) ? 1 : 0;
1346 armv7a
->armv7a_mmu
.armv7a_cache
.d_u_cache_enabled
=
1347 (cortex_a
->cp15_control_reg
& 0x4U
) ? 1 : 0;
1348 armv7a
->armv7a_mmu
.armv7a_cache
.i_cache_enabled
=
1349 (cortex_a
->cp15_control_reg
& 0x1000U
) ? 1 : 0;
1350 cortex_a
->curr_mode
= armv7a
->arm
.core_mode
;
1352 /* switch to SVC mode to read DACR */
1353 dpm_modeswitch(&armv7a
->dpm
, ARM_MODE_SVC
);
1354 armv7a
->arm
.mrc(target
, 15,
1356 &cortex_a
->cp15_dacr_reg
);
1358 LOG_DEBUG("cp15_dacr_reg: %8.8" PRIx32
,
1359 cortex_a
->cp15_dacr_reg
);
1361 dpm_modeswitch(&armv7a
->dpm
, ARM_MODE_ANY
);
1365 int cortex_a_set_dscr_bits(struct target
*target
, unsigned long bit_mask
, unsigned long value
)
1367 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1371 int retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
1372 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
1373 if (ERROR_OK
!= retval
)
1376 /* clear bitfield */
1379 dscr
|= value
& bit_mask
;
1381 /* write new DSCR */
1382 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
1383 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
);
1387 static int cortex_a_step(struct target
*target
, int current
, target_addr_t address
,
1388 int handle_breakpoints
)
1390 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1391 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1392 struct arm
*arm
= &armv7a
->arm
;
1393 struct breakpoint
*breakpoint
= NULL
;
1394 struct breakpoint stepbreakpoint
;
1398 if (target
->state
!= TARGET_HALTED
) {
1399 LOG_WARNING("target not halted");
1400 return ERROR_TARGET_NOT_HALTED
;
1403 /* current = 1: continue on current pc, otherwise continue at <address> */
1406 buf_set_u32(r
->value
, 0, 32, address
);
1408 address
= buf_get_u32(r
->value
, 0, 32);
1410 /* The front-end may request us not to handle breakpoints.
1411 * But since Cortex-A uses breakpoint for single step,
1412 * we MUST handle breakpoints.
1414 handle_breakpoints
= 1;
1415 if (handle_breakpoints
) {
1416 breakpoint
= breakpoint_find(target
, address
);
1418 cortex_a_unset_breakpoint(target
, breakpoint
);
1421 /* Setup single step breakpoint */
1422 stepbreakpoint
.address
= address
;
1423 stepbreakpoint
.length
= (arm
->core_state
== ARM_STATE_THUMB
)
1425 stepbreakpoint
.type
= BKPT_HARD
;
1426 stepbreakpoint
.set
= 0;
1428 /* Disable interrupts during single step if requested */
1429 if (cortex_a
->isrmasking_mode
== CORTEX_A_ISRMASK_ON
) {
1430 retval
= cortex_a_set_dscr_bits(target
, DSCR_INT_DIS
, DSCR_INT_DIS
);
1431 if (ERROR_OK
!= retval
)
1435 /* Break on IVA mismatch */
1436 cortex_a_set_breakpoint(target
, &stepbreakpoint
, 0x04);
1438 target
->debug_reason
= DBG_REASON_SINGLESTEP
;
1440 retval
= cortex_a_resume(target
, 1, address
, 0, 0);
1441 if (retval
!= ERROR_OK
)
1444 int64_t then
= timeval_ms();
1445 while (target
->state
!= TARGET_HALTED
) {
1446 retval
= cortex_a_poll(target
);
1447 if (retval
!= ERROR_OK
)
1449 if (timeval_ms() > then
+ 1000) {
1450 LOG_ERROR("timeout waiting for target halt");
1455 cortex_a_unset_breakpoint(target
, &stepbreakpoint
);
1457 /* Re-enable interrupts if they were disabled */
1458 if (cortex_a
->isrmasking_mode
== CORTEX_A_ISRMASK_ON
) {
1459 retval
= cortex_a_set_dscr_bits(target
, DSCR_INT_DIS
, 0);
1460 if (ERROR_OK
!= retval
)
1465 target
->debug_reason
= DBG_REASON_BREAKPOINT
;
1468 cortex_a_set_breakpoint(target
, breakpoint
, 0);
1470 if (target
->state
!= TARGET_HALTED
)
1471 LOG_DEBUG("target stepped");
1476 static int cortex_a_restore_context(struct target
*target
, bool bpwp
)
1478 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1482 if (armv7a
->pre_restore_context
)
1483 armv7a
->pre_restore_context(target
);
1485 return arm_dpm_write_dirty_registers(&armv7a
->dpm
, bpwp
);
1489 * Cortex-A Breakpoint and watchpoint functions
1492 /* Setup hardware Breakpoint Register Pair */
1493 static int cortex_a_set_breakpoint(struct target
*target
,
1494 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1499 uint8_t byte_addr_select
= 0x0F;
1500 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1501 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
1502 struct cortex_a_brp
*brp_list
= cortex_a
->brp_list
;
1504 if (breakpoint
->set
) {
1505 LOG_WARNING("breakpoint already set");
1509 if (breakpoint
->type
== BKPT_HARD
) {
1510 while (brp_list
[brp_i
].used
&& (brp_i
< cortex_a
->brp_num
))
1512 if (brp_i
>= cortex_a
->brp_num
) {
1513 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1514 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1516 breakpoint
->set
= brp_i
+ 1;
1517 if (breakpoint
->length
== 2)
1518 byte_addr_select
= (3 << (breakpoint
->address
& 0x02));
1519 control
= ((matchmode
& 0x7) << 20)
1520 | (byte_addr_select
<< 5)
1522 brp_list
[brp_i
].used
= 1;
1523 brp_list
[brp_i
].value
= (breakpoint
->address
& 0xFFFFFFFC);
1524 brp_list
[brp_i
].control
= control
;
1525 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1526 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1527 brp_list
[brp_i
].value
);
1528 if (retval
!= ERROR_OK
)
1530 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1531 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1532 brp_list
[brp_i
].control
);
1533 if (retval
!= ERROR_OK
)
1535 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_i
,
1536 brp_list
[brp_i
].control
,
1537 brp_list
[brp_i
].value
);
1538 } else if (breakpoint
->type
== BKPT_SOFT
) {
1540 /* length == 2: Thumb breakpoint */
1541 if (breakpoint
->length
== 2)
1542 buf_set_u32(code
, 0, 32, ARMV5_T_BKPT(0x11));
1544 /* length == 3: Thumb-2 breakpoint, actual encoding is
1545 * a regular Thumb BKPT instruction but we replace a
1546 * 32bit Thumb-2 instruction, so fix-up the breakpoint
1549 if (breakpoint
->length
== 3) {
1550 buf_set_u32(code
, 0, 32, ARMV5_T_BKPT(0x11));
1551 breakpoint
->length
= 4;
1553 /* length == 4, normal ARM breakpoint */
1554 buf_set_u32(code
, 0, 32, ARMV5_BKPT(0x11));
1556 retval
= target_read_memory(target
,
1557 breakpoint
->address
& 0xFFFFFFFE,
1558 breakpoint
->length
, 1,
1559 breakpoint
->orig_instr
);
1560 if (retval
!= ERROR_OK
)
1563 /* make sure data cache is cleaned & invalidated down to PoC */
1564 if (!armv7a
->armv7a_mmu
.armv7a_cache
.auto_cache_enabled
) {
1565 armv7a_cache_flush_virt(target
, breakpoint
->address
,
1566 breakpoint
->length
);
1569 retval
= target_write_memory(target
,
1570 breakpoint
->address
& 0xFFFFFFFE,
1571 breakpoint
->length
, 1, code
);
1572 if (retval
!= ERROR_OK
)
1575 /* update i-cache at breakpoint location */
1576 armv7a_l1_d_cache_inval_virt(target
, breakpoint
->address
,
1577 breakpoint
->length
);
1578 armv7a_l1_i_cache_inval_virt(target
, breakpoint
->address
,
1579 breakpoint
->length
);
1581 breakpoint
->set
= 0x11; /* Any nice value but 0 */
1587 static int cortex_a_set_context_breakpoint(struct target
*target
,
1588 struct breakpoint
*breakpoint
, uint8_t matchmode
)
1590 int retval
= ERROR_FAIL
;
1593 uint8_t byte_addr_select
= 0x0F;
1594 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1595 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
1596 struct cortex_a_brp
*brp_list
= cortex_a
->brp_list
;
1598 if (breakpoint
->set
) {
1599 LOG_WARNING("breakpoint already set");
1602 /*check available context BRPs*/
1603 while ((brp_list
[brp_i
].used
||
1604 (brp_list
[brp_i
].type
!= BRP_CONTEXT
)) && (brp_i
< cortex_a
->brp_num
))
1607 if (brp_i
>= cortex_a
->brp_num
) {
1608 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1612 breakpoint
->set
= brp_i
+ 1;
1613 control
= ((matchmode
& 0x7) << 20)
1614 | (byte_addr_select
<< 5)
1616 brp_list
[brp_i
].used
= 1;
1617 brp_list
[brp_i
].value
= (breakpoint
->asid
);
1618 brp_list
[brp_i
].control
= control
;
1619 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1620 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1621 brp_list
[brp_i
].value
);
1622 if (retval
!= ERROR_OK
)
1624 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1625 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1626 brp_list
[brp_i
].control
);
1627 if (retval
!= ERROR_OK
)
1629 LOG_DEBUG("brp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_i
,
1630 brp_list
[brp_i
].control
,
1631 brp_list
[brp_i
].value
);
1636 static int cortex_a_set_hybrid_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1638 int retval
= ERROR_FAIL
;
1639 int brp_1
= 0; /* holds the contextID pair */
1640 int brp_2
= 0; /* holds the IVA pair */
1641 uint32_t control_CTX
, control_IVA
;
1642 uint8_t CTX_byte_addr_select
= 0x0F;
1643 uint8_t IVA_byte_addr_select
= 0x0F;
1644 uint8_t CTX_machmode
= 0x03;
1645 uint8_t IVA_machmode
= 0x01;
1646 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1647 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
1648 struct cortex_a_brp
*brp_list
= cortex_a
->brp_list
;
1650 if (breakpoint
->set
) {
1651 LOG_WARNING("breakpoint already set");
1654 /*check available context BRPs*/
1655 while ((brp_list
[brp_1
].used
||
1656 (brp_list
[brp_1
].type
!= BRP_CONTEXT
)) && (brp_1
< cortex_a
->brp_num
))
1659 printf("brp(CTX) found num: %d\n", brp_1
);
1660 if (brp_1
>= cortex_a
->brp_num
) {
1661 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1665 while ((brp_list
[brp_2
].used
||
1666 (brp_list
[brp_2
].type
!= BRP_NORMAL
)) && (brp_2
< cortex_a
->brp_num
))
1669 printf("brp(IVA) found num: %d\n", brp_2
);
1670 if (brp_2
>= cortex_a
->brp_num
) {
1671 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1675 breakpoint
->set
= brp_1
+ 1;
1676 breakpoint
->linked_BRP
= brp_2
;
1677 control_CTX
= ((CTX_machmode
& 0x7) << 20)
1680 | (CTX_byte_addr_select
<< 5)
1682 brp_list
[brp_1
].used
= 1;
1683 brp_list
[brp_1
].value
= (breakpoint
->asid
);
1684 brp_list
[brp_1
].control
= control_CTX
;
1685 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1686 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_1
].BRPn
,
1687 brp_list
[brp_1
].value
);
1688 if (retval
!= ERROR_OK
)
1690 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1691 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_1
].BRPn
,
1692 brp_list
[brp_1
].control
);
1693 if (retval
!= ERROR_OK
)
1696 control_IVA
= ((IVA_machmode
& 0x7) << 20)
1698 | (IVA_byte_addr_select
<< 5)
1700 brp_list
[brp_2
].used
= 1;
1701 brp_list
[brp_2
].value
= (breakpoint
->address
& 0xFFFFFFFC);
1702 brp_list
[brp_2
].control
= control_IVA
;
1703 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1704 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_2
].BRPn
,
1705 brp_list
[brp_2
].value
);
1706 if (retval
!= ERROR_OK
)
1708 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1709 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_2
].BRPn
,
1710 brp_list
[brp_2
].control
);
1711 if (retval
!= ERROR_OK
)
1717 static int cortex_a_unset_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1720 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1721 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
1722 struct cortex_a_brp
*brp_list
= cortex_a
->brp_list
;
1724 if (!breakpoint
->set
) {
1725 LOG_WARNING("breakpoint not set");
1729 if (breakpoint
->type
== BKPT_HARD
) {
1730 if ((breakpoint
->address
!= 0) && (breakpoint
->asid
!= 0)) {
1731 int brp_i
= breakpoint
->set
- 1;
1732 int brp_j
= breakpoint
->linked_BRP
;
1733 if ((brp_i
< 0) || (brp_i
>= cortex_a
->brp_num
)) {
1734 LOG_DEBUG("Invalid BRP number in breakpoint");
1737 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_i
,
1738 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1739 brp_list
[brp_i
].used
= 0;
1740 brp_list
[brp_i
].value
= 0;
1741 brp_list
[brp_i
].control
= 0;
1742 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1743 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1744 brp_list
[brp_i
].control
);
1745 if (retval
!= ERROR_OK
)
1747 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1748 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1749 brp_list
[brp_i
].value
);
1750 if (retval
!= ERROR_OK
)
1752 if ((brp_j
< 0) || (brp_j
>= cortex_a
->brp_num
)) {
1753 LOG_DEBUG("Invalid BRP number in breakpoint");
1756 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_j
,
1757 brp_list
[brp_j
].control
, brp_list
[brp_j
].value
);
1758 brp_list
[brp_j
].used
= 0;
1759 brp_list
[brp_j
].value
= 0;
1760 brp_list
[brp_j
].control
= 0;
1761 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1762 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_j
].BRPn
,
1763 brp_list
[brp_j
].control
);
1764 if (retval
!= ERROR_OK
)
1766 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1767 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_j
].BRPn
,
1768 brp_list
[brp_j
].value
);
1769 if (retval
!= ERROR_OK
)
1771 breakpoint
->linked_BRP
= 0;
1772 breakpoint
->set
= 0;
1776 int brp_i
= breakpoint
->set
- 1;
1777 if ((brp_i
< 0) || (brp_i
>= cortex_a
->brp_num
)) {
1778 LOG_DEBUG("Invalid BRP number in breakpoint");
1781 LOG_DEBUG("rbp %i control 0x%0" PRIx32
" value 0x%0" PRIx32
, brp_i
,
1782 brp_list
[brp_i
].control
, brp_list
[brp_i
].value
);
1783 brp_list
[brp_i
].used
= 0;
1784 brp_list
[brp_i
].value
= 0;
1785 brp_list
[brp_i
].control
= 0;
1786 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1787 + CPUDBG_BCR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1788 brp_list
[brp_i
].control
);
1789 if (retval
!= ERROR_OK
)
1791 retval
= cortex_a_dap_write_memap_register_u32(target
, armv7a
->debug_base
1792 + CPUDBG_BVR_BASE
+ 4 * brp_list
[brp_i
].BRPn
,
1793 brp_list
[brp_i
].value
);
1794 if (retval
!= ERROR_OK
)
1796 breakpoint
->set
= 0;
1801 /* make sure data cache is cleaned & invalidated down to PoC */
1802 if (!armv7a
->armv7a_mmu
.armv7a_cache
.auto_cache_enabled
) {
1803 armv7a_cache_flush_virt(target
, breakpoint
->address
,
1804 breakpoint
->length
);
1807 /* restore original instruction (kept in target endianness) */
1808 if (breakpoint
->length
== 4) {
1809 retval
= target_write_memory(target
,
1810 breakpoint
->address
& 0xFFFFFFFE,
1811 4, 1, breakpoint
->orig_instr
);
1812 if (retval
!= ERROR_OK
)
1815 retval
= target_write_memory(target
,
1816 breakpoint
->address
& 0xFFFFFFFE,
1817 2, 1, breakpoint
->orig_instr
);
1818 if (retval
!= ERROR_OK
)
1822 /* update i-cache at breakpoint location */
1823 armv7a_l1_d_cache_inval_virt(target
, breakpoint
->address
,
1824 breakpoint
->length
);
1825 armv7a_l1_i_cache_inval_virt(target
, breakpoint
->address
,
1826 breakpoint
->length
);
1828 breakpoint
->set
= 0;
1833 static int cortex_a_add_breakpoint(struct target
*target
,
1834 struct breakpoint
*breakpoint
)
1836 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1838 if ((breakpoint
->type
== BKPT_HARD
) && (cortex_a
->brp_num_available
< 1)) {
1839 LOG_INFO("no hardware breakpoint available");
1840 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1843 if (breakpoint
->type
== BKPT_HARD
)
1844 cortex_a
->brp_num_available
--;
1846 return cortex_a_set_breakpoint(target
, breakpoint
, 0x00); /* Exact match */
1849 static int cortex_a_add_context_breakpoint(struct target
*target
,
1850 struct breakpoint
*breakpoint
)
1852 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1854 if ((breakpoint
->type
== BKPT_HARD
) && (cortex_a
->brp_num_available
< 1)) {
1855 LOG_INFO("no hardware breakpoint available");
1856 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1859 if (breakpoint
->type
== BKPT_HARD
)
1860 cortex_a
->brp_num_available
--;
1862 return cortex_a_set_context_breakpoint(target
, breakpoint
, 0x02); /* asid match */
1865 static int cortex_a_add_hybrid_breakpoint(struct target
*target
,
1866 struct breakpoint
*breakpoint
)
1868 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1870 if ((breakpoint
->type
== BKPT_HARD
) && (cortex_a
->brp_num_available
< 1)) {
1871 LOG_INFO("no hardware breakpoint available");
1872 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE
;
1875 if (breakpoint
->type
== BKPT_HARD
)
1876 cortex_a
->brp_num_available
--;
1878 return cortex_a_set_hybrid_breakpoint(target
, breakpoint
); /* ??? */
1882 static int cortex_a_remove_breakpoint(struct target
*target
, struct breakpoint
*breakpoint
)
1884 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
1887 /* It is perfectly possible to remove breakpoints while the target is running */
1888 if (target
->state
!= TARGET_HALTED
) {
1889 LOG_WARNING("target not halted");
1890 return ERROR_TARGET_NOT_HALTED
;
1894 if (breakpoint
->set
) {
1895 cortex_a_unset_breakpoint(target
, breakpoint
);
1896 if (breakpoint
->type
== BKPT_HARD
)
1897 cortex_a
->brp_num_available
++;
1905 * Cortex-A Reset functions
1908 static int cortex_a_assert_reset(struct target
*target
)
1910 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1914 /* FIXME when halt is requested, make it work somehow... */
1916 /* This function can be called in "target not examined" state */
1918 /* Issue some kind of warm reset. */
1919 if (target_has_event_action(target
, TARGET_EVENT_RESET_ASSERT
))
1920 target_handle_event(target
, TARGET_EVENT_RESET_ASSERT
);
1921 else if (jtag_get_reset_config() & RESET_HAS_SRST
) {
1922 /* REVISIT handle "pulls" cases, if there's
1923 * hardware that needs them to work.
1927 * FIXME: fix reset when transport is SWD. This is a temporary
1928 * work-around for release v0.10 that is not intended to stay!
1930 if (transport_is_swd() ||
1931 (target
->reset_halt
&& (jtag_get_reset_config() & RESET_SRST_NO_GATING
)))
1932 jtag_add_reset(0, 1);
1935 LOG_ERROR("%s: how to reset?", target_name(target
));
1939 /* registers are now invalid */
1940 if (target_was_examined(target
))
1941 register_cache_invalidate(armv7a
->arm
.core_cache
);
1943 target
->state
= TARGET_RESET
;
1948 static int cortex_a_deassert_reset(struct target
*target
)
1954 /* be certain SRST is off */
1955 jtag_add_reset(0, 0);
1957 if (target_was_examined(target
)) {
1958 retval
= cortex_a_poll(target
);
1959 if (retval
!= ERROR_OK
)
1963 if (target
->reset_halt
) {
1964 if (target
->state
!= TARGET_HALTED
) {
1965 LOG_WARNING("%s: ran after reset and before halt ...",
1966 target_name(target
));
1967 if (target_was_examined(target
)) {
1968 retval
= target_halt(target
);
1969 if (retval
!= ERROR_OK
)
1972 target
->state
= TARGET_UNKNOWN
;
1979 static int cortex_a_set_dcc_mode(struct target
*target
, uint32_t mode
, uint32_t *dscr
)
1981 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1982 * New desired mode must be in mode. Current value of DSCR must be in
1983 * *dscr, which is updated with new value.
1985 * This function elides actually sending the mode-change over the debug
1986 * interface if the mode is already set as desired.
1988 uint32_t new_dscr
= (*dscr
& ~DSCR_EXT_DCC_MASK
) | mode
;
1989 if (new_dscr
!= *dscr
) {
1990 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
1991 int retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
1992 armv7a
->debug_base
+ CPUDBG_DSCR
, new_dscr
);
1993 if (retval
== ERROR_OK
)
2001 static int cortex_a_wait_dscr_bits(struct target
*target
, uint32_t mask
,
2002 uint32_t value
, uint32_t *dscr
)
2004 /* Waits until the specified bit(s) of DSCR take on a specified value. */
2005 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2006 int64_t then
= timeval_ms();
2009 while ((*dscr
& mask
) != value
) {
2010 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2011 armv7a
->debug_base
+ CPUDBG_DSCR
, dscr
);
2012 if (retval
!= ERROR_OK
)
2014 if (timeval_ms() > then
+ 1000) {
2015 LOG_ERROR("timeout waiting for DSCR bit change");
2022 static int cortex_a_read_copro(struct target
*target
, uint32_t opcode
,
2023 uint32_t *data
, uint32_t *dscr
)
2026 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2028 /* Move from coprocessor to R0. */
2029 retval
= cortex_a_exec_opcode(target
, opcode
, dscr
);
2030 if (retval
!= ERROR_OK
)
2033 /* Move from R0 to DTRTX. */
2034 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr
);
2035 if (retval
!= ERROR_OK
)
2038 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2039 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2040 * must also check TXfull_l). Most of the time this will be free
2041 * because TXfull_l will be set immediately and cached in dscr. */
2042 retval
= cortex_a_wait_dscr_bits(target
, DSCR_DTRTX_FULL_LATCHED
,
2043 DSCR_DTRTX_FULL_LATCHED
, dscr
);
2044 if (retval
!= ERROR_OK
)
2047 /* Read the value transferred to DTRTX. */
2048 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2049 armv7a
->debug_base
+ CPUDBG_DTRTX
, data
);
2050 if (retval
!= ERROR_OK
)
2056 static int cortex_a_read_dfar_dfsr(struct target
*target
, uint32_t *dfar
,
2057 uint32_t *dfsr
, uint32_t *dscr
)
2062 retval
= cortex_a_read_copro(target
, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar
, dscr
);
2063 if (retval
!= ERROR_OK
)
2068 retval
= cortex_a_read_copro(target
, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr
, dscr
);
2069 if (retval
!= ERROR_OK
)
2076 static int cortex_a_write_copro(struct target
*target
, uint32_t opcode
,
2077 uint32_t data
, uint32_t *dscr
)
2080 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2082 /* Write the value into DTRRX. */
2083 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2084 armv7a
->debug_base
+ CPUDBG_DTRRX
, data
);
2085 if (retval
!= ERROR_OK
)
2088 /* Move from DTRRX to R0. */
2089 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr
);
2090 if (retval
!= ERROR_OK
)
2093 /* Move from R0 to coprocessor. */
2094 retval
= cortex_a_exec_opcode(target
, opcode
, dscr
);
2095 if (retval
!= ERROR_OK
)
2098 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2099 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2100 * check RXfull_l). Most of the time this will be free because RXfull_l
2101 * will be cleared immediately and cached in dscr. */
2102 retval
= cortex_a_wait_dscr_bits(target
, DSCR_DTRRX_FULL_LATCHED
, 0, dscr
);
2103 if (retval
!= ERROR_OK
)
2109 static int cortex_a_write_dfar_dfsr(struct target
*target
, uint32_t dfar
,
2110 uint32_t dfsr
, uint32_t *dscr
)
2114 retval
= cortex_a_write_copro(target
, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar
, dscr
);
2115 if (retval
!= ERROR_OK
)
2118 retval
= cortex_a_write_copro(target
, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr
, dscr
);
2119 if (retval
!= ERROR_OK
)
2125 static int cortex_a_dfsr_to_error_code(uint32_t dfsr
)
2127 uint32_t status
, upper4
;
2129 if (dfsr
& (1 << 9)) {
2131 status
= dfsr
& 0x3f;
2132 upper4
= status
>> 2;
2133 if (upper4
== 1 || upper4
== 2 || upper4
== 3 || upper4
== 15)
2134 return ERROR_TARGET_TRANSLATION_FAULT
;
2135 else if (status
== 33)
2136 return ERROR_TARGET_UNALIGNED_ACCESS
;
2138 return ERROR_TARGET_DATA_ABORT
;
2140 /* Normal format. */
2141 status
= ((dfsr
>> 6) & 0x10) | (dfsr
& 0xf);
2143 return ERROR_TARGET_UNALIGNED_ACCESS
;
2144 else if (status
== 5 || status
== 7 || status
== 3 || status
== 6 ||
2145 status
== 9 || status
== 11 || status
== 13 || status
== 15)
2146 return ERROR_TARGET_TRANSLATION_FAULT
;
2148 return ERROR_TARGET_DATA_ABORT
;
2152 static int cortex_a_write_cpu_memory_slow(struct target
*target
,
2153 uint32_t size
, uint32_t count
, const uint8_t *buffer
, uint32_t *dscr
)
2155 /* Writes count objects of size size from *buffer. Old value of DSCR must
2156 * be in *dscr; updated to new value. This is slow because it works for
2157 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2158 * the address is aligned, cortex_a_write_cpu_memory_fast should be
2161 * - Address is in R0.
2162 * - R0 is marked dirty.
2164 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2165 struct arm
*arm
= &armv7a
->arm
;
2168 /* Mark register R1 as dirty, to use for transferring data. */
2169 arm_reg_current(arm
, 1)->dirty
= true;
2171 /* Switch to non-blocking mode if not already in that mode. */
2172 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, dscr
);
2173 if (retval
!= ERROR_OK
)
2176 /* Go through the objects. */
2178 /* Write the value to store into DTRRX. */
2179 uint32_t data
, opcode
;
2183 data
= target_buffer_get_u16(target
, buffer
);
2185 data
= target_buffer_get_u32(target
, buffer
);
2186 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2187 armv7a
->debug_base
+ CPUDBG_DTRRX
, data
);
2188 if (retval
!= ERROR_OK
)
2191 /* Transfer the value from DTRRX to R1. */
2192 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr
);
2193 if (retval
!= ERROR_OK
)
2196 /* Write the value transferred to R1 into memory. */
2198 opcode
= ARMV4_5_STRB_IP(1, 0);
2200 opcode
= ARMV4_5_STRH_IP(1, 0);
2202 opcode
= ARMV4_5_STRW_IP(1, 0);
2203 retval
= cortex_a_exec_opcode(target
, opcode
, dscr
);
2204 if (retval
!= ERROR_OK
)
2207 /* Check for faults and return early. */
2208 if (*dscr
& (DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
))
2209 return ERROR_OK
; /* A data fault is not considered a system failure. */
2211 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
2212 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2213 * must also check RXfull_l). Most of the time this will be free
2214 * because RXfull_l will be cleared immediately and cached in dscr. */
2215 retval
= cortex_a_wait_dscr_bits(target
, DSCR_DTRRX_FULL_LATCHED
, 0, dscr
);
2216 if (retval
!= ERROR_OK
)
2227 static int cortex_a_write_cpu_memory_fast(struct target
*target
,
2228 uint32_t count
, const uint8_t *buffer
, uint32_t *dscr
)
2230 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2231 * in *dscr; updated to new value. This is fast but only works for
2232 * word-sized objects at aligned addresses.
2234 * - Address is in R0 and must be a multiple of 4.
2235 * - R0 is marked dirty.
2237 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2240 /* Switch to fast mode if not already in that mode. */
2241 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_FAST_MODE
, dscr
);
2242 if (retval
!= ERROR_OK
)
2245 /* Latch STC instruction. */
2246 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2247 armv7a
->debug_base
+ CPUDBG_ITR
, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2248 if (retval
!= ERROR_OK
)
2251 /* Transfer all the data and issue all the instructions. */
2252 return mem_ap_write_buf_noincr(armv7a
->debug_ap
, buffer
,
2253 4, count
, armv7a
->debug_base
+ CPUDBG_DTRRX
);
2256 static int cortex_a_write_cpu_memory(struct target
*target
,
2257 uint32_t address
, uint32_t size
,
2258 uint32_t count
, const uint8_t *buffer
)
2260 /* Write memory through the CPU. */
2261 int retval
, final_retval
;
2262 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2263 struct arm
*arm
= &armv7a
->arm
;
2264 uint32_t dscr
, orig_dfar
, orig_dfsr
, fault_dscr
, fault_dfar
, fault_dfsr
;
2266 LOG_DEBUG("Writing CPU memory address 0x%" PRIx32
" size %" PRIu32
" count %" PRIu32
,
2267 address
, size
, count
);
2268 if (target
->state
!= TARGET_HALTED
) {
2269 LOG_WARNING("target not halted");
2270 return ERROR_TARGET_NOT_HALTED
;
2276 /* Clear any abort. */
2277 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2278 armv7a
->debug_base
+ CPUDBG_DRCR
, DRCR_CLEAR_EXCEPTIONS
);
2279 if (retval
!= ERROR_OK
)
2283 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2284 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
2285 if (retval
!= ERROR_OK
)
2288 /* Switch to non-blocking mode if not already in that mode. */
2289 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, &dscr
);
2290 if (retval
!= ERROR_OK
)
2293 /* Mark R0 as dirty. */
2294 arm_reg_current(arm
, 0)->dirty
= true;
2296 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2297 retval
= cortex_a_read_dfar_dfsr(target
, &orig_dfar
, &orig_dfsr
, &dscr
);
2298 if (retval
!= ERROR_OK
)
2301 /* Get the memory address into R0. */
2302 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2303 armv7a
->debug_base
+ CPUDBG_DTRRX
, address
);
2304 if (retval
!= ERROR_OK
)
2306 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr
);
2307 if (retval
!= ERROR_OK
)
2310 if (size
== 4 && (address
% 4) == 0) {
2311 /* We are doing a word-aligned transfer, so use fast mode. */
2312 retval
= cortex_a_write_cpu_memory_fast(target
, count
, buffer
, &dscr
);
2314 /* Use slow path. */
2315 retval
= cortex_a_write_cpu_memory_slow(target
, size
, count
, buffer
, &dscr
);
2319 final_retval
= retval
;
2321 /* Switch to non-blocking mode if not already in that mode. */
2322 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, &dscr
);
2323 if (final_retval
== ERROR_OK
)
2324 final_retval
= retval
;
2326 /* Wait for last issued instruction to complete. */
2327 retval
= cortex_a_wait_instrcmpl(target
, &dscr
, true);
2328 if (final_retval
== ERROR_OK
)
2329 final_retval
= retval
;
2331 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2332 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2333 * check RXfull_l). Most of the time this will be free because RXfull_l
2334 * will be cleared immediately and cached in dscr. However, don't do this
2335 * if there is fault, because then the instruction might not have completed
2337 if (!(dscr
& DSCR_STICKY_ABORT_PRECISE
)) {
2338 retval
= cortex_a_wait_dscr_bits(target
, DSCR_DTRRX_FULL_LATCHED
, 0, &dscr
);
2339 if (retval
!= ERROR_OK
)
2343 /* If there were any sticky abort flags, clear them. */
2344 if (dscr
& (DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
)) {
2346 mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2347 armv7a
->debug_base
+ CPUDBG_DRCR
, DRCR_CLEAR_EXCEPTIONS
);
2348 dscr
&= ~(DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
);
2353 /* Handle synchronous data faults. */
2354 if (fault_dscr
& DSCR_STICKY_ABORT_PRECISE
) {
2355 if (final_retval
== ERROR_OK
) {
2356 /* Final return value will reflect cause of fault. */
2357 retval
= cortex_a_read_dfar_dfsr(target
, &fault_dfar
, &fault_dfsr
, &dscr
);
2358 if (retval
== ERROR_OK
) {
2359 LOG_ERROR("data abort at 0x%08" PRIx32
", dfsr = 0x%08" PRIx32
, fault_dfar
, fault_dfsr
);
2360 final_retval
= cortex_a_dfsr_to_error_code(fault_dfsr
);
2362 final_retval
= retval
;
2364 /* Fault destroyed DFAR/DFSR; restore them. */
2365 retval
= cortex_a_write_dfar_dfsr(target
, orig_dfar
, orig_dfsr
, &dscr
);
2366 if (retval
!= ERROR_OK
)
2367 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32
, dscr
);
2370 /* Handle asynchronous data faults. */
2371 if (fault_dscr
& DSCR_STICKY_ABORT_IMPRECISE
) {
2372 if (final_retval
== ERROR_OK
)
2373 /* No other error has been recorded so far, so keep this one. */
2374 final_retval
= ERROR_TARGET_DATA_ABORT
;
2377 /* If the DCC is nonempty, clear it. */
2378 if (dscr
& DSCR_DTRTX_FULL_LATCHED
) {
2380 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2381 armv7a
->debug_base
+ CPUDBG_DTRTX
, &dummy
);
2382 if (final_retval
== ERROR_OK
)
2383 final_retval
= retval
;
2385 if (dscr
& DSCR_DTRRX_FULL_LATCHED
) {
2386 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr
);
2387 if (final_retval
== ERROR_OK
)
2388 final_retval
= retval
;
2392 return final_retval
;
2395 static int cortex_a_read_cpu_memory_slow(struct target
*target
,
2396 uint32_t size
, uint32_t count
, uint8_t *buffer
, uint32_t *dscr
)
2398 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2399 * in *dscr; updated to new value. This is slow because it works for
2400 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2401 * the address is aligned, cortex_a_read_cpu_memory_fast should be
2404 * - Address is in R0.
2405 * - R0 is marked dirty.
2407 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2408 struct arm
*arm
= &armv7a
->arm
;
2411 /* Mark register R1 as dirty, to use for transferring data. */
2412 arm_reg_current(arm
, 1)->dirty
= true;
2414 /* Switch to non-blocking mode if not already in that mode. */
2415 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, dscr
);
2416 if (retval
!= ERROR_OK
)
2419 /* Go through the objects. */
2421 /* Issue a load of the appropriate size to R1. */
2422 uint32_t opcode
, data
;
2424 opcode
= ARMV4_5_LDRB_IP(1, 0);
2426 opcode
= ARMV4_5_LDRH_IP(1, 0);
2428 opcode
= ARMV4_5_LDRW_IP(1, 0);
2429 retval
= cortex_a_exec_opcode(target
, opcode
, dscr
);
2430 if (retval
!= ERROR_OK
)
2433 /* Issue a write of R1 to DTRTX. */
2434 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr
);
2435 if (retval
!= ERROR_OK
)
2438 /* Check for faults and return early. */
2439 if (*dscr
& (DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
))
2440 return ERROR_OK
; /* A data fault is not considered a system failure. */
2442 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2443 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2444 * must also check TXfull_l). Most of the time this will be free
2445 * because TXfull_l will be set immediately and cached in dscr. */
2446 retval
= cortex_a_wait_dscr_bits(target
, DSCR_DTRTX_FULL_LATCHED
,
2447 DSCR_DTRTX_FULL_LATCHED
, dscr
);
2448 if (retval
!= ERROR_OK
)
2451 /* Read the value transferred to DTRTX into the buffer. */
2452 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2453 armv7a
->debug_base
+ CPUDBG_DTRTX
, &data
);
2454 if (retval
!= ERROR_OK
)
2457 *buffer
= (uint8_t) data
;
2459 target_buffer_set_u16(target
, buffer
, (uint16_t) data
);
2461 target_buffer_set_u32(target
, buffer
, data
);
2471 static int cortex_a_read_cpu_memory_fast(struct target
*target
,
2472 uint32_t count
, uint8_t *buffer
, uint32_t *dscr
)
2474 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2475 * *dscr; updated to new value. This is fast but only works for word-sized
2476 * objects at aligned addresses.
2478 * - Address is in R0 and must be a multiple of 4.
2479 * - R0 is marked dirty.
2481 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2485 /* Switch to non-blocking mode if not already in that mode. */
2486 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, dscr
);
2487 if (retval
!= ERROR_OK
)
2490 /* Issue the LDC instruction via a write to ITR. */
2491 retval
= cortex_a_exec_opcode(target
, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr
);
2492 if (retval
!= ERROR_OK
)
2498 /* Switch to fast mode if not already in that mode. */
2499 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_FAST_MODE
, dscr
);
2500 if (retval
!= ERROR_OK
)
2503 /* Latch LDC instruction. */
2504 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2505 armv7a
->debug_base
+ CPUDBG_ITR
, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2506 if (retval
!= ERROR_OK
)
2509 /* Read the value transferred to DTRTX into the buffer. Due to fast
2510 * mode rules, this blocks until the instruction finishes executing and
2511 * then reissues the read instruction to read the next word from
2512 * memory. The last read of DTRTX in this call reads the second-to-last
2513 * word from memory and issues the read instruction for the last word.
2515 retval
= mem_ap_read_buf_noincr(armv7a
->debug_ap
, buffer
,
2516 4, count
, armv7a
->debug_base
+ CPUDBG_DTRTX
);
2517 if (retval
!= ERROR_OK
)
2521 buffer
+= count
* 4;
2524 /* Wait for last issued instruction to complete. */
2525 retval
= cortex_a_wait_instrcmpl(target
, dscr
, false);
2526 if (retval
!= ERROR_OK
)
2529 /* Switch to non-blocking mode if not already in that mode. */
2530 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, dscr
);
2531 if (retval
!= ERROR_OK
)
2534 /* Check for faults and return early. */
2535 if (*dscr
& (DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
))
2536 return ERROR_OK
; /* A data fault is not considered a system failure. */
2538 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2539 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2540 * check TXfull_l). Most of the time this will be free because TXfull_l
2541 * will be set immediately and cached in dscr. */
2542 retval
= cortex_a_wait_dscr_bits(target
, DSCR_DTRTX_FULL_LATCHED
,
2543 DSCR_DTRTX_FULL_LATCHED
, dscr
);
2544 if (retval
!= ERROR_OK
)
2547 /* Read the value transferred to DTRTX into the buffer. This is the last
2549 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2550 armv7a
->debug_base
+ CPUDBG_DTRTX
, &u32
);
2551 if (retval
!= ERROR_OK
)
2553 target_buffer_set_u32(target
, buffer
, u32
);
2558 static int cortex_a_read_cpu_memory(struct target
*target
,
2559 uint32_t address
, uint32_t size
,
2560 uint32_t count
, uint8_t *buffer
)
2562 /* Read memory through the CPU. */
2563 int retval
, final_retval
;
2564 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2565 struct arm
*arm
= &armv7a
->arm
;
2566 uint32_t dscr
, orig_dfar
, orig_dfsr
, fault_dscr
, fault_dfar
, fault_dfsr
;
2568 LOG_DEBUG("Reading CPU memory address 0x%" PRIx32
" size %" PRIu32
" count %" PRIu32
,
2569 address
, size
, count
);
2570 if (target
->state
!= TARGET_HALTED
) {
2571 LOG_WARNING("target not halted");
2572 return ERROR_TARGET_NOT_HALTED
;
2578 /* Clear any abort. */
2579 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2580 armv7a
->debug_base
+ CPUDBG_DRCR
, DRCR_CLEAR_EXCEPTIONS
);
2581 if (retval
!= ERROR_OK
)
2585 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2586 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
2587 if (retval
!= ERROR_OK
)
2590 /* Switch to non-blocking mode if not already in that mode. */
2591 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, &dscr
);
2592 if (retval
!= ERROR_OK
)
2595 /* Mark R0 as dirty. */
2596 arm_reg_current(arm
, 0)->dirty
= true;
2598 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2599 retval
= cortex_a_read_dfar_dfsr(target
, &orig_dfar
, &orig_dfsr
, &dscr
);
2600 if (retval
!= ERROR_OK
)
2603 /* Get the memory address into R0. */
2604 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2605 armv7a
->debug_base
+ CPUDBG_DTRRX
, address
);
2606 if (retval
!= ERROR_OK
)
2608 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr
);
2609 if (retval
!= ERROR_OK
)
2612 if (size
== 4 && (address
% 4) == 0) {
2613 /* We are doing a word-aligned transfer, so use fast mode. */
2614 retval
= cortex_a_read_cpu_memory_fast(target
, count
, buffer
, &dscr
);
2616 /* Use slow path. */
2617 retval
= cortex_a_read_cpu_memory_slow(target
, size
, count
, buffer
, &dscr
);
2621 final_retval
= retval
;
2623 /* Switch to non-blocking mode if not already in that mode. */
2624 retval
= cortex_a_set_dcc_mode(target
, DSCR_EXT_DCC_NON_BLOCKING
, &dscr
);
2625 if (final_retval
== ERROR_OK
)
2626 final_retval
= retval
;
2628 /* Wait for last issued instruction to complete. */
2629 retval
= cortex_a_wait_instrcmpl(target
, &dscr
, true);
2630 if (final_retval
== ERROR_OK
)
2631 final_retval
= retval
;
2633 /* If there were any sticky abort flags, clear them. */
2634 if (dscr
& (DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
)) {
2636 mem_ap_write_atomic_u32(armv7a
->debug_ap
,
2637 armv7a
->debug_base
+ CPUDBG_DRCR
, DRCR_CLEAR_EXCEPTIONS
);
2638 dscr
&= ~(DSCR_STICKY_ABORT_PRECISE
| DSCR_STICKY_ABORT_IMPRECISE
);
2643 /* Handle synchronous data faults. */
2644 if (fault_dscr
& DSCR_STICKY_ABORT_PRECISE
) {
2645 if (final_retval
== ERROR_OK
) {
2646 /* Final return value will reflect cause of fault. */
2647 retval
= cortex_a_read_dfar_dfsr(target
, &fault_dfar
, &fault_dfsr
, &dscr
);
2648 if (retval
== ERROR_OK
) {
2649 LOG_ERROR("data abort at 0x%08" PRIx32
", dfsr = 0x%08" PRIx32
, fault_dfar
, fault_dfsr
);
2650 final_retval
= cortex_a_dfsr_to_error_code(fault_dfsr
);
2652 final_retval
= retval
;
2654 /* Fault destroyed DFAR/DFSR; restore them. */
2655 retval
= cortex_a_write_dfar_dfsr(target
, orig_dfar
, orig_dfsr
, &dscr
);
2656 if (retval
!= ERROR_OK
)
2657 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32
, dscr
);
2660 /* Handle asynchronous data faults. */
2661 if (fault_dscr
& DSCR_STICKY_ABORT_IMPRECISE
) {
2662 if (final_retval
== ERROR_OK
)
2663 /* No other error has been recorded so far, so keep this one. */
2664 final_retval
= ERROR_TARGET_DATA_ABORT
;
2667 /* If the DCC is nonempty, clear it. */
2668 if (dscr
& DSCR_DTRTX_FULL_LATCHED
) {
2670 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2671 armv7a
->debug_base
+ CPUDBG_DTRTX
, &dummy
);
2672 if (final_retval
== ERROR_OK
)
2673 final_retval
= retval
;
2675 if (dscr
& DSCR_DTRRX_FULL_LATCHED
) {
2676 retval
= cortex_a_exec_opcode(target
, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr
);
2677 if (final_retval
== ERROR_OK
)
2678 final_retval
= retval
;
2682 return final_retval
;
2687 * Cortex-A Memory access
2689 * This is same Cortex-M3 but we must also use the correct
2690 * ap number for every access.
2693 static int cortex_a_read_phys_memory(struct target
*target
,
2694 target_addr_t address
, uint32_t size
,
2695 uint32_t count
, uint8_t *buffer
)
2697 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2698 struct adiv5_dap
*swjdp
= armv7a
->arm
.dap
;
2699 uint8_t apsel
= swjdp
->apsel
;
2702 if (!count
|| !buffer
)
2703 return ERROR_COMMAND_SYNTAX_ERROR
;
2705 LOG_DEBUG("Reading memory at real address " TARGET_ADDR_FMT
"; size %" PRId32
"; count %" PRId32
,
2706 address
, size
, count
);
2708 if (armv7a
->memory_ap_available
&& (apsel
== armv7a
->memory_ap
->ap_num
))
2709 return mem_ap_read_buf(armv7a
->memory_ap
, buffer
, size
, count
, address
);
2711 /* read memory through the CPU */
2712 cortex_a_prep_memaccess(target
, 1);
2713 retval
= cortex_a_read_cpu_memory(target
, address
, size
, count
, buffer
);
2714 cortex_a_post_memaccess(target
, 1);
2719 static int cortex_a_read_memory(struct target
*target
, target_addr_t address
,
2720 uint32_t size
, uint32_t count
, uint8_t *buffer
)
2724 /* cortex_a handles unaligned memory access */
2725 LOG_DEBUG("Reading memory at address " TARGET_ADDR_FMT
"; size %" PRId32
"; count %" PRId32
,
2726 address
, size
, count
);
2728 cortex_a_prep_memaccess(target
, 0);
2729 retval
= cortex_a_read_cpu_memory(target
, address
, size
, count
, buffer
);
2730 cortex_a_post_memaccess(target
, 0);
2735 static int cortex_a_read_memory_ahb(struct target
*target
, target_addr_t address
,
2736 uint32_t size
, uint32_t count
, uint8_t *buffer
)
2738 int mmu_enabled
= 0;
2739 target_addr_t virt
, phys
;
2741 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2742 struct adiv5_dap
*swjdp
= armv7a
->arm
.dap
;
2743 uint8_t apsel
= swjdp
->apsel
;
2745 if (!armv7a
->memory_ap_available
|| (apsel
!= armv7a
->memory_ap
->ap_num
))
2746 return target_read_memory(target
, address
, size
, count
, buffer
);
2748 /* cortex_a handles unaligned memory access */
2749 LOG_DEBUG("Reading memory at address " TARGET_ADDR_FMT
"; size %" PRId32
"; count %" PRId32
,
2750 address
, size
, count
);
2752 /* determine if MMU was enabled on target stop */
2753 if (!armv7a
->is_armv7r
) {
2754 retval
= cortex_a_mmu(target
, &mmu_enabled
);
2755 if (retval
!= ERROR_OK
)
2761 retval
= cortex_a_virt2phys(target
, virt
, &phys
);
2762 if (retval
!= ERROR_OK
)
2765 LOG_DEBUG("Reading at virtual address. "
2766 "Translating v:" TARGET_ADDR_FMT
" to r:" TARGET_ADDR_FMT
,
2771 if (!count
|| !buffer
)
2772 return ERROR_COMMAND_SYNTAX_ERROR
;
2774 retval
= mem_ap_read_buf(armv7a
->memory_ap
, buffer
, size
, count
, address
);
2779 static int cortex_a_write_phys_memory(struct target
*target
,
2780 target_addr_t address
, uint32_t size
,
2781 uint32_t count
, const uint8_t *buffer
)
2783 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2784 struct adiv5_dap
*swjdp
= armv7a
->arm
.dap
;
2785 uint8_t apsel
= swjdp
->apsel
;
2788 if (!count
|| !buffer
)
2789 return ERROR_COMMAND_SYNTAX_ERROR
;
2791 LOG_DEBUG("Writing memory to real address " TARGET_ADDR_FMT
"; size %" PRId32
"; count %" PRId32
,
2792 address
, size
, count
);
2794 if (armv7a
->memory_ap_available
&& (apsel
== armv7a
->memory_ap
->ap_num
))
2795 return mem_ap_write_buf(armv7a
->memory_ap
, buffer
, size
, count
, address
);
2797 /* write memory through the CPU */
2798 cortex_a_prep_memaccess(target
, 1);
2799 retval
= cortex_a_write_cpu_memory(target
, address
, size
, count
, buffer
);
2800 cortex_a_post_memaccess(target
, 1);
2805 static int cortex_a_write_memory(struct target
*target
, target_addr_t address
,
2806 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
2810 /* cortex_a handles unaligned memory access */
2811 LOG_DEBUG("Writing memory at address " TARGET_ADDR_FMT
"; size %" PRId32
"; count %" PRId32
,
2812 address
, size
, count
);
2814 /* memory writes bypass the caches, must flush before writing */
2815 armv7a_cache_auto_flush_on_write(target
, address
, size
* count
);
2817 cortex_a_prep_memaccess(target
, 0);
2818 retval
= cortex_a_write_cpu_memory(target
, address
, size
, count
, buffer
);
2819 cortex_a_post_memaccess(target
, 0);
2823 static int cortex_a_write_memory_ahb(struct target
*target
, target_addr_t address
,
2824 uint32_t size
, uint32_t count
, const uint8_t *buffer
)
2826 int mmu_enabled
= 0;
2827 target_addr_t virt
, phys
;
2829 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2830 struct adiv5_dap
*swjdp
= armv7a
->arm
.dap
;
2831 uint8_t apsel
= swjdp
->apsel
;
2833 if (!armv7a
->memory_ap_available
|| (apsel
!= armv7a
->memory_ap
->ap_num
))
2834 return target_write_memory(target
, address
, size
, count
, buffer
);
2836 /* cortex_a handles unaligned memory access */
2837 LOG_DEBUG("Writing memory at address " TARGET_ADDR_FMT
"; size %" PRId32
"; count %" PRId32
,
2838 address
, size
, count
);
2840 /* determine if MMU was enabled on target stop */
2841 if (!armv7a
->is_armv7r
) {
2842 retval
= cortex_a_mmu(target
, &mmu_enabled
);
2843 if (retval
!= ERROR_OK
)
2849 retval
= cortex_a_virt2phys(target
, virt
, &phys
);
2850 if (retval
!= ERROR_OK
)
2853 LOG_DEBUG("Writing to virtual address. "
2854 "Translating v:" TARGET_ADDR_FMT
" to r:" TARGET_ADDR_FMT
,
2860 if (!count
|| !buffer
)
2861 return ERROR_COMMAND_SYNTAX_ERROR
;
2863 retval
= mem_ap_write_buf(armv7a
->memory_ap
, buffer
, size
, count
, address
);
2868 static int cortex_a_read_buffer(struct target
*target
, target_addr_t address
,
2869 uint32_t count
, uint8_t *buffer
)
2873 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2874 * will have something to do with the size we leave to it. */
2875 for (size
= 1; size
< 4 && count
>= size
* 2 + (address
& size
); size
*= 2) {
2876 if (address
& size
) {
2877 int retval
= cortex_a_read_memory_ahb(target
, address
, size
, 1, buffer
);
2878 if (retval
!= ERROR_OK
)
2886 /* Read the data with as large access size as possible. */
2887 for (; size
> 0; size
/= 2) {
2888 uint32_t aligned
= count
- count
% size
;
2890 int retval
= cortex_a_read_memory_ahb(target
, address
, size
, aligned
/ size
, buffer
);
2891 if (retval
!= ERROR_OK
)
2902 static int cortex_a_write_buffer(struct target
*target
, target_addr_t address
,
2903 uint32_t count
, const uint8_t *buffer
)
2907 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2908 * will have something to do with the size we leave to it. */
2909 for (size
= 1; size
< 4 && count
>= size
* 2 + (address
& size
); size
*= 2) {
2910 if (address
& size
) {
2911 int retval
= cortex_a_write_memory_ahb(target
, address
, size
, 1, buffer
);
2912 if (retval
!= ERROR_OK
)
2920 /* Write the data with as large access size as possible. */
2921 for (; size
> 0; size
/= 2) {
2922 uint32_t aligned
= count
- count
% size
;
2924 int retval
= cortex_a_write_memory_ahb(target
, address
, size
, aligned
/ size
, buffer
);
2925 if (retval
!= ERROR_OK
)
2936 static int cortex_a_handle_target_request(void *priv
)
2938 struct target
*target
= priv
;
2939 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
2942 if (!target_was_examined(target
))
2944 if (!target
->dbg_msg_enabled
)
2947 if (target
->state
== TARGET_RUNNING
) {
2950 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2951 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
2953 /* check if we have data */
2954 int64_t then
= timeval_ms();
2955 while ((dscr
& DSCR_DTR_TX_FULL
) && (retval
== ERROR_OK
)) {
2956 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2957 armv7a
->debug_base
+ CPUDBG_DTRTX
, &request
);
2958 if (retval
== ERROR_OK
) {
2959 target_request(target
, request
);
2960 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
2961 armv7a
->debug_base
+ CPUDBG_DSCR
, &dscr
);
2963 if (timeval_ms() > then
+ 1000) {
2964 LOG_ERROR("Timeout waiting for dtr tx full");
2974 * Cortex-A target information and configuration
2977 static int cortex_a_examine_first(struct target
*target
)
2979 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
2980 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
2981 struct adiv5_dap
*swjdp
= armv7a
->arm
.dap
;
2984 int retval
= ERROR_OK
;
2985 uint32_t didr
, cpuid
, dbg_osreg
;
2987 /* Search for the APB-AP - it is needed for access to debug registers */
2988 retval
= dap_find_ap(swjdp
, AP_TYPE_APB_AP
, &armv7a
->debug_ap
);
2989 if (retval
!= ERROR_OK
) {
2990 LOG_ERROR("Could not find APB-AP for debug access");
2994 retval
= mem_ap_init(armv7a
->debug_ap
);
2995 if (retval
!= ERROR_OK
) {
2996 LOG_ERROR("Could not initialize the APB-AP");
3000 armv7a
->debug_ap
->memaccess_tck
= 80;
3002 /* Search for the AHB-AB.
3003 * REVISIT: We should search for AXI-AP as well and make sure the AP's MEMTYPE says it
3004 * can access system memory. */
3005 armv7a
->memory_ap_available
= false;
3006 retval
= dap_find_ap(swjdp
, AP_TYPE_AHB_AP
, &armv7a
->memory_ap
);
3007 if (retval
== ERROR_OK
) {
3008 retval
= mem_ap_init(armv7a
->memory_ap
);
3009 if (retval
== ERROR_OK
)
3010 armv7a
->memory_ap_available
= true;
3012 if (retval
!= ERROR_OK
) {
3013 /* AHB-AP not found or unavailable - use the CPU */
3014 LOG_DEBUG("No AHB-AP available for memory access");
3017 if (!target
->dbgbase_set
) {
3019 /* Get ROM Table base */
3021 int32_t coreidx
= target
->coreid
;
3022 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
3024 retval
= dap_get_debugbase(armv7a
->debug_ap
, &dbgbase
, &apid
);
3025 if (retval
!= ERROR_OK
)
3027 /* Lookup 0x15 -- Processor DAP */
3028 retval
= dap_lookup_cs_component(armv7a
->debug_ap
, dbgbase
, 0x15,
3029 &armv7a
->debug_base
, &coreidx
);
3030 if (retval
!= ERROR_OK
) {
3031 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
3035 LOG_DEBUG("Detected core %" PRId32
" dbgbase: %08" PRIx32
,
3036 target
->coreid
, armv7a
->debug_base
);
3038 armv7a
->debug_base
= target
->dbgbase
;
3040 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
3041 armv7a
->debug_base
+ CPUDBG_DIDR
, &didr
);
3042 if (retval
!= ERROR_OK
) {
3043 LOG_DEBUG("Examine %s failed", "DIDR");
3047 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
3048 armv7a
->debug_base
+ CPUDBG_CPUID
, &cpuid
);
3049 if (retval
!= ERROR_OK
) {
3050 LOG_DEBUG("Examine %s failed", "CPUID");
3054 LOG_DEBUG("didr = 0x%08" PRIx32
, didr
);
3055 LOG_DEBUG("cpuid = 0x%08" PRIx32
, cpuid
);
3057 cortex_a
->didr
= didr
;
3058 cortex_a
->cpuid
= cpuid
;
3060 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
3061 armv7a
->debug_base
+ CPUDBG_PRSR
, &dbg_osreg
);
3062 if (retval
!= ERROR_OK
)
3064 LOG_DEBUG("target->coreid %" PRId32
" DBGPRSR 0x%" PRIx32
, target
->coreid
, dbg_osreg
);
3066 if ((dbg_osreg
& PRSR_POWERUP_STATUS
) == 0) {
3067 LOG_ERROR("target->coreid %" PRId32
" powered down!", target
->coreid
);
3068 target
->state
= TARGET_UNKNOWN
; /* TARGET_NO_POWER? */
3069 return ERROR_TARGET_INIT_FAILED
;
3072 if (dbg_osreg
& PRSR_STICKY_RESET_STATUS
)
3073 LOG_DEBUG("target->coreid %" PRId32
" was reset!", target
->coreid
);
3075 /* Read DBGOSLSR and check if OSLK is implemented */
3076 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
3077 armv7a
->debug_base
+ CPUDBG_OSLSR
, &dbg_osreg
);
3078 if (retval
!= ERROR_OK
)
3080 LOG_DEBUG("target->coreid %" PRId32
" DBGOSLSR 0x%" PRIx32
, target
->coreid
, dbg_osreg
);
3082 /* check if OS Lock is implemented */
3083 if ((dbg_osreg
& OSLSR_OSLM
) == OSLSR_OSLM0
|| (dbg_osreg
& OSLSR_OSLM
) == OSLSR_OSLM1
) {
3084 /* check if OS Lock is set */
3085 if (dbg_osreg
& OSLSR_OSLK
) {
3086 LOG_DEBUG("target->coreid %" PRId32
" OSLock set! Trying to unlock", target
->coreid
);
3088 retval
= mem_ap_write_atomic_u32(armv7a
->debug_ap
,
3089 armv7a
->debug_base
+ CPUDBG_OSLAR
,
3091 if (retval
== ERROR_OK
)
3092 retval
= mem_ap_read_atomic_u32(armv7a
->debug_ap
,
3093 armv7a
->debug_base
+ CPUDBG_OSLSR
, &dbg_osreg
);
3095 /* if we fail to access the register or cannot reset the OSLK bit, bail out */
3096 if (retval
!= ERROR_OK
|| (dbg_osreg
& OSLSR_OSLK
) != 0) {
3097 LOG_ERROR("target->coreid %" PRId32
" OSLock sticky, core not powered?",
3099 target
->state
= TARGET_UNKNOWN
; /* TARGET_NO_POWER? */
3100 return ERROR_TARGET_INIT_FAILED
;
3105 armv7a
->arm
.core_type
= ARM_MODE_MON
;
3107 /* Avoid recreating the registers cache */
3108 if (!target_was_examined(target
)) {
3109 retval
= cortex_a_dpm_setup(cortex_a
, didr
);
3110 if (retval
!= ERROR_OK
)
3114 /* Setup Breakpoint Register Pairs */
3115 cortex_a
->brp_num
= ((didr
>> 24) & 0x0F) + 1;
3116 cortex_a
->brp_num_context
= ((didr
>> 20) & 0x0F) + 1;
3117 cortex_a
->brp_num_available
= cortex_a
->brp_num
;
3118 free(cortex_a
->brp_list
);
3119 cortex_a
->brp_list
= calloc(cortex_a
->brp_num
, sizeof(struct cortex_a_brp
));
3120 /* cortex_a->brb_enabled = ????; */
3121 for (i
= 0; i
< cortex_a
->brp_num
; i
++) {
3122 cortex_a
->brp_list
[i
].used
= 0;
3123 if (i
< (cortex_a
->brp_num
-cortex_a
->brp_num_context
))
3124 cortex_a
->brp_list
[i
].type
= BRP_NORMAL
;
3126 cortex_a
->brp_list
[i
].type
= BRP_CONTEXT
;
3127 cortex_a
->brp_list
[i
].value
= 0;
3128 cortex_a
->brp_list
[i
].control
= 0;
3129 cortex_a
->brp_list
[i
].BRPn
= i
;
3132 LOG_DEBUG("Configured %i hw breakpoints", cortex_a
->brp_num
);
3134 /* select debug_ap as default */
3135 swjdp
->apsel
= armv7a
->debug_ap
->ap_num
;
3137 target_set_examined(target
);
3141 static int cortex_a_examine(struct target
*target
)
3143 int retval
= ERROR_OK
;
3145 /* Reestablish communication after target reset */
3146 retval
= cortex_a_examine_first(target
);
3148 /* Configure core debug access */
3149 if (retval
== ERROR_OK
)
3150 retval
= cortex_a_init_debug_access(target
);
3156 * Cortex-A target creation and initialization
3159 static int cortex_a_init_target(struct command_context
*cmd_ctx
,
3160 struct target
*target
)
3162 /* examine_first() does a bunch of this */
3163 arm_semihosting_init(target
);
3167 static int cortex_a_init_arch_info(struct target
*target
,
3168 struct cortex_a_common
*cortex_a
, struct adiv5_dap
*dap
)
3170 struct armv7a_common
*armv7a
= &cortex_a
->armv7a_common
;
3172 /* Setup struct cortex_a_common */
3173 cortex_a
->common_magic
= CORTEX_A_COMMON_MAGIC
;
3174 armv7a
->arm
.dap
= dap
;
3176 cortex_a
->fast_reg_read
= 0;
3178 /* register arch-specific functions */
3179 armv7a
->examine_debug_reason
= NULL
;
3181 armv7a
->post_debug_entry
= cortex_a_post_debug_entry
;
3183 armv7a
->pre_restore_context
= NULL
;
3185 armv7a
->armv7a_mmu
.read_physical_memory
= cortex_a_read_phys_memory
;
3188 /* arm7_9->handle_target_request = cortex_a_handle_target_request; */
3190 /* REVISIT v7a setup should be in a v7a-specific routine */
3191 armv7a_init_arch_info(target
, armv7a
);
3192 target_register_timer_callback(cortex_a_handle_target_request
, 1, 1, target
);
3197 static int cortex_a_target_create(struct target
*target
, Jim_Interp
*interp
)
3199 struct cortex_a_common
*cortex_a
= calloc(1, sizeof(struct cortex_a_common
));
3200 cortex_a
->common_magic
= CORTEX_A_COMMON_MAGIC
;
3201 struct adiv5_private_config
*pc
;
3203 if (target
->private_config
== NULL
)
3206 pc
= (struct adiv5_private_config
*)target
->private_config
;
3208 cortex_a
->armv7a_common
.is_armv7r
= false;
3210 cortex_a
->armv7a_common
.arm
.arm_vfp_version
= ARM_VFP_V3
;
3212 return cortex_a_init_arch_info(target
, cortex_a
, pc
->dap
);
3215 static int cortex_r4_target_create(struct target
*target
, Jim_Interp
*interp
)
3217 struct cortex_a_common
*cortex_a
= calloc(1, sizeof(struct cortex_a_common
));
3218 cortex_a
->common_magic
= CORTEX_A_COMMON_MAGIC
;
3219 struct adiv5_private_config
*pc
;
3221 pc
= (struct adiv5_private_config
*)target
->private_config
;
3222 if (adiv5_verify_config(pc
) != ERROR_OK
)
3225 cortex_a
->armv7a_common
.is_armv7r
= true;
3227 return cortex_a_init_arch_info(target
, cortex_a
, pc
->dap
);
3230 static void cortex_a_deinit_target(struct target
*target
)
3232 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
3233 struct arm_dpm
*dpm
= &cortex_a
->armv7a_common
.dpm
;
3235 free(cortex_a
->brp_list
);
3238 free(target
->private_config
);
3242 static int cortex_a_mmu(struct target
*target
, int *enabled
)
3244 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
3246 if (target
->state
!= TARGET_HALTED
) {
3247 LOG_ERROR("%s: target not halted", __func__
);
3248 return ERROR_TARGET_INVALID
;
3251 if (armv7a
->is_armv7r
)
3254 *enabled
= target_to_cortex_a(target
)->armv7a_common
.armv7a_mmu
.mmu_enabled
;
3259 static int cortex_a_virt2phys(struct target
*target
,
3260 target_addr_t virt
, target_addr_t
*phys
)
3262 int retval
= ERROR_FAIL
;
3263 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
3264 struct adiv5_dap
*swjdp
= armv7a
->arm
.dap
;
3265 uint8_t apsel
= swjdp
->apsel
;
3266 int mmu_enabled
= 0;
3269 * If the MMU was not enabled at debug entry, there is no
3270 * way of knowing if there was ever a valid configuration
3271 * for it and thus it's not safe to enable it. In this case,
3272 * just return the virtual address as physical.
3274 cortex_a_mmu(target
, &mmu_enabled
);
3280 if (armv7a
->memory_ap_available
&& (apsel
== armv7a
->memory_ap
->ap_num
)) {
3282 retval
= armv7a_mmu_translate_va(target
,
3284 if (retval
!= ERROR_OK
)
3287 } else {/* use this method if armv7a->memory_ap not selected
3288 * mmu must be enable in order to get a correct translation */
3289 retval
= cortex_a_mmu_modify(target
, 1);
3290 if (retval
!= ERROR_OK
)
3292 retval
= armv7a_mmu_translate_va_pa(target
, (uint32_t)virt
,
3293 (uint32_t *)phys
, 1);
3299 COMMAND_HANDLER(cortex_a_handle_cache_info_command
)
3301 struct target
*target
= get_current_target(CMD_CTX
);
3302 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
3304 return armv7a_handle_cache_info_command(CMD_CTX
,
3305 &armv7a
->armv7a_mmu
.armv7a_cache
);
3309 COMMAND_HANDLER(cortex_a_handle_dbginit_command
)
3311 struct target
*target
= get_current_target(CMD_CTX
);
3312 if (!target_was_examined(target
)) {
3313 LOG_ERROR("target not examined yet");
3317 return cortex_a_init_debug_access(target
);
3319 COMMAND_HANDLER(cortex_a_handle_smp_off_command
)
3321 struct target
*target
= get_current_target(CMD_CTX
);
3322 /* check target is an smp target */
3323 struct target_list
*head
;
3324 struct target
*curr
;
3325 head
= target
->head
;
3327 if (head
!= (struct target_list
*)NULL
) {
3328 while (head
!= (struct target_list
*)NULL
) {
3329 curr
= head
->target
;
3333 /* fixes the target display to the debugger */
3334 target
->gdb_service
->target
= target
;
3339 COMMAND_HANDLER(cortex_a_handle_smp_on_command
)
3341 struct target
*target
= get_current_target(CMD_CTX
);
3342 struct target_list
*head
;
3343 struct target
*curr
;
3344 head
= target
->head
;
3345 if (head
!= (struct target_list
*)NULL
) {
3347 while (head
!= (struct target_list
*)NULL
) {
3348 curr
= head
->target
;
3356 COMMAND_HANDLER(cortex_a_handle_smp_gdb_command
)
3358 struct target
*target
= get_current_target(CMD_CTX
);
3359 int retval
= ERROR_OK
;
3360 struct target_list
*head
;
3361 head
= target
->head
;
3362 if (head
!= (struct target_list
*)NULL
) {
3363 if (CMD_ARGC
== 1) {
3365 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[0], coreid
);
3366 if (ERROR_OK
!= retval
)
3368 target
->gdb_service
->core
[1] = coreid
;
3371 command_print(CMD_CTX
, "gdb coreid %" PRId32
" -> %" PRId32
, target
->gdb_service
->core
[0]
3372 , target
->gdb_service
->core
[1]);
3377 COMMAND_HANDLER(handle_cortex_a_mask_interrupts_command
)
3379 struct target
*target
= get_current_target(CMD_CTX
);
3380 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
3382 static const Jim_Nvp nvp_maskisr_modes
[] = {
3383 { .name
= "off", .value
= CORTEX_A_ISRMASK_OFF
},
3384 { .name
= "on", .value
= CORTEX_A_ISRMASK_ON
},
3385 { .name
= NULL
, .value
= -1 },
3390 n
= Jim_Nvp_name2value_simple(nvp_maskisr_modes
, CMD_ARGV
[0]);
3391 if (n
->name
== NULL
) {
3392 LOG_ERROR("Unknown parameter: %s - should be off or on", CMD_ARGV
[0]);
3393 return ERROR_COMMAND_SYNTAX_ERROR
;
3396 cortex_a
->isrmasking_mode
= n
->value
;
3399 n
= Jim_Nvp_value2name_simple(nvp_maskisr_modes
, cortex_a
->isrmasking_mode
);
3400 command_print(CMD_CTX
, "cortex_a interrupt mask %s", n
->name
);
3405 COMMAND_HANDLER(handle_cortex_a_dacrfixup_command
)
3407 struct target
*target
= get_current_target(CMD_CTX
);
3408 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
3410 static const Jim_Nvp nvp_dacrfixup_modes
[] = {
3411 { .name
= "off", .value
= CORTEX_A_DACRFIXUP_OFF
},
3412 { .name
= "on", .value
= CORTEX_A_DACRFIXUP_ON
},
3413 { .name
= NULL
, .value
= -1 },
3418 n
= Jim_Nvp_name2value_simple(nvp_dacrfixup_modes
, CMD_ARGV
[0]);
3419 if (n
->name
== NULL
)
3420 return ERROR_COMMAND_SYNTAX_ERROR
;
3421 cortex_a
->dacrfixup_mode
= n
->value
;
3425 n
= Jim_Nvp_value2name_simple(nvp_dacrfixup_modes
, cortex_a
->dacrfixup_mode
);
3426 command_print(CMD_CTX
, "cortex_a domain access control fixup %s", n
->name
);
3431 static const struct command_registration cortex_a_exec_command_handlers
[] = {
3433 .name
= "cache_info",
3434 .handler
= cortex_a_handle_cache_info_command
,
3435 .mode
= COMMAND_EXEC
,
3436 .help
= "display information about target caches",
3441 .handler
= cortex_a_handle_dbginit_command
,
3442 .mode
= COMMAND_EXEC
,
3443 .help
= "Initialize core debug",
3446 { .name
= "smp_off",
3447 .handler
= cortex_a_handle_smp_off_command
,
3448 .mode
= COMMAND_EXEC
,
3449 .help
= "Stop smp handling",
3453 .handler
= cortex_a_handle_smp_on_command
,
3454 .mode
= COMMAND_EXEC
,
3455 .help
= "Restart smp handling",
3460 .handler
= cortex_a_handle_smp_gdb_command
,
3461 .mode
= COMMAND_EXEC
,
3462 .help
= "display/fix current core played to gdb",
3467 .handler
= handle_cortex_a_mask_interrupts_command
,
3468 .mode
= COMMAND_ANY
,
3469 .help
= "mask cortex_a interrupts",
3470 .usage
= "['on'|'off']",
3473 .name
= "dacrfixup",
3474 .handler
= handle_cortex_a_dacrfixup_command
,
3475 .mode
= COMMAND_ANY
,
3476 .help
= "set domain access control (DACR) to all-manager "
3478 .usage
= "['on'|'off']",
3481 COMMAND_REGISTRATION_DONE
3483 static const struct command_registration cortex_a_command_handlers
[] = {
3485 .chain
= arm_command_handlers
,
3488 .chain
= armv7a_command_handlers
,
3492 .mode
= COMMAND_ANY
,
3493 .help
= "Cortex-A command group",
3495 .chain
= cortex_a_exec_command_handlers
,
3497 COMMAND_REGISTRATION_DONE
3500 struct target_type cortexa_target
= {
3502 .deprecated_name
= "cortex_a8",
3504 .poll
= cortex_a_poll
,
3505 .arch_state
= armv7a_arch_state
,
3507 .halt
= cortex_a_halt
,
3508 .resume
= cortex_a_resume
,
3509 .step
= cortex_a_step
,
3511 .assert_reset
= cortex_a_assert_reset
,
3512 .deassert_reset
= cortex_a_deassert_reset
,
3514 /* REVISIT allow exporting VFP3 registers ... */
3515 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
3517 .read_memory
= cortex_a_read_memory
,
3518 .write_memory
= cortex_a_write_memory
,
3520 .read_buffer
= cortex_a_read_buffer
,
3521 .write_buffer
= cortex_a_write_buffer
,
3523 .checksum_memory
= arm_checksum_memory
,
3524 .blank_check_memory
= arm_blank_check_memory
,
3526 .run_algorithm
= armv4_5_run_algorithm
,
3528 .add_breakpoint
= cortex_a_add_breakpoint
,
3529 .add_context_breakpoint
= cortex_a_add_context_breakpoint
,
3530 .add_hybrid_breakpoint
= cortex_a_add_hybrid_breakpoint
,
3531 .remove_breakpoint
= cortex_a_remove_breakpoint
,
3532 .add_watchpoint
= NULL
,
3533 .remove_watchpoint
= NULL
,
3535 .commands
= cortex_a_command_handlers
,
3536 .target_create
= cortex_a_target_create
,
3537 .target_jim_configure
= adiv5_jim_configure
,
3538 .init_target
= cortex_a_init_target
,
3539 .examine
= cortex_a_examine
,
3540 .deinit_target
= cortex_a_deinit_target
,
3542 .read_phys_memory
= cortex_a_read_phys_memory
,
3543 .write_phys_memory
= cortex_a_write_phys_memory
,
3544 .mmu
= cortex_a_mmu
,
3545 .virt2phys
= cortex_a_virt2phys
,
3548 static const struct command_registration cortex_r4_exec_command_handlers
[] = {
3551 .handler
= cortex_a_handle_dbginit_command
,
3552 .mode
= COMMAND_EXEC
,
3553 .help
= "Initialize core debug",
3558 .handler
= handle_cortex_a_mask_interrupts_command
,
3559 .mode
= COMMAND_EXEC
,
3560 .help
= "mask cortex_r4 interrupts",
3561 .usage
= "['on'|'off']",
3564 COMMAND_REGISTRATION_DONE
3566 static const struct command_registration cortex_r4_command_handlers
[] = {
3568 .chain
= arm_command_handlers
,
3571 .name
= "cortex_r4",
3572 .mode
= COMMAND_ANY
,
3573 .help
= "Cortex-R4 command group",
3575 .chain
= cortex_r4_exec_command_handlers
,
3577 COMMAND_REGISTRATION_DONE
3580 struct target_type cortexr4_target
= {
3581 .name
= "cortex_r4",
3583 .poll
= cortex_a_poll
,
3584 .arch_state
= armv7a_arch_state
,
3586 .halt
= cortex_a_halt
,
3587 .resume
= cortex_a_resume
,
3588 .step
= cortex_a_step
,
3590 .assert_reset
= cortex_a_assert_reset
,
3591 .deassert_reset
= cortex_a_deassert_reset
,
3593 /* REVISIT allow exporting VFP3 registers ... */
3594 .get_gdb_reg_list
= arm_get_gdb_reg_list
,
3596 .read_memory
= cortex_a_read_phys_memory
,
3597 .write_memory
= cortex_a_write_phys_memory
,
3599 .checksum_memory
= arm_checksum_memory
,
3600 .blank_check_memory
= arm_blank_check_memory
,
3602 .run_algorithm
= armv4_5_run_algorithm
,
3604 .add_breakpoint
= cortex_a_add_breakpoint
,
3605 .add_context_breakpoint
= cortex_a_add_context_breakpoint
,
3606 .add_hybrid_breakpoint
= cortex_a_add_hybrid_breakpoint
,
3607 .remove_breakpoint
= cortex_a_remove_breakpoint
,
3608 .add_watchpoint
= NULL
,
3609 .remove_watchpoint
= NULL
,
3611 .commands
= cortex_r4_command_handlers
,
3612 .target_create
= cortex_r4_target_create
,
3613 .target_jim_configure
= adiv5_jim_configure
,
3614 .init_target
= cortex_a_init_target
,
3615 .examine
= cortex_a_examine
,
3616 .deinit_target
= cortex_a_deinit_target
,