search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
debug: debug entry error propagation
[openocd/cortex.git] / src / target / arm920t.c
blob7627b25e84e784104fdbb88f3ff577a84aa71a5c
1
2 /***************************************************************************
3 * Copyright (C) 2005 by Dominic Rath *
4 * Dominic.Rath@gmx.de *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the *
18 * Free Software Foundation, Inc., *
19 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
20 ***************************************************************************/
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include "arm920t.h"
26 #include <helper/time_support.h>
27 #include "target_type.h"
28 #include "register.h"
29 #include "arm_opcodes.h"
30
31
32 /*
33 * For information about the ARM920T, see ARM DDI 0151C especially
34 * Chapter 9 about debug support, which shows how to manipulate each
35 * of the different scan chains:
36 *
37 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
38 * 1 ... debugging; watchpoint and breakpoint status, etc; also
39 * MMU and cache access in conjunction with scan chain 15
40 * 2 ... EmbeddedICE
41 * 3 ... external boundary scan (SoC-specific, unused here)
42 * 4 ... access to cache tag RAM
43 * 6 ... ETM9
44 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
45 * "interpreted" works with a few actual MRC/MCR instructions
46 * "physical" provides register-like behaviors. Section 9.6.7
47 * covers these details.
48 *
49 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
50 */
51
52 #if 0
53 #define _DEBUG_INSTRUCTION_EXECUTION_
54 #endif
55
56 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
57 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
58 * JTAG scan, while reads use two.
59 *
60 * Table 9-9 lists the thirteen registers which support physical access.
61 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
62 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
63 *
64 * x == bit[38]
65 * y == bits[37:34]
66 * z == bit[33]
67 */
68 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
69
70 /* Registers supporting physical Read access (from table 9-9) */
71 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
72 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
73 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
74 /* NOTE: several more registers support only physical read access */
75
76 /* Registers supporting physical Read/Write access (from table 9-9) */
77 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
78 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
79 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
80 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
81 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
82
83 static int arm920t_read_cp15_physical(struct target *target,
84 int reg_addr, uint32_t *value)
85 {
86 struct arm920t_common *arm920t = target_to_arm920(target);
87 struct arm_jtag *jtag_info;
88 struct scan_field fields[4];
89 uint8_t access_type_buf = 1;
90 uint8_t reg_addr_buf = reg_addr & 0x3f;
91 uint8_t nr_w_buf = 0;
92
93 jtag_info = &arm920t->arm7_9_common.jtag_info;
94
95 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
96 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
97
98 fields[0].num_bits = 1;
99 fields[0].out_value = &access_type_buf;
100 fields[0].in_value = NULL;
101
102 fields[1].num_bits = 32;
103 fields[1].out_value = NULL;
104 fields[1].in_value = NULL;
105
106 fields[2].num_bits = 6;
107 fields[2].out_value = &reg_addr_buf;
108 fields[2].in_value = NULL;
109
110 fields[3].num_bits = 1;
111 fields[3].out_value = &nr_w_buf;
112 fields[3].in_value = NULL;
113
114 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
115
116 fields[1].in_value = (uint8_t *)value;
117
118 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
119
120 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
121
122 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
123 jtag_execute_queue();
124 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
125 #endif
126
127 return ERROR_OK;
128 }
129
130 static int arm920t_write_cp15_physical(struct target *target,
131 int reg_addr, uint32_t value)
132 {
133 struct arm920t_common *arm920t = target_to_arm920(target);
134 struct arm_jtag *jtag_info;
135 struct scan_field fields[4];
136 uint8_t access_type_buf = 1;
137 uint8_t reg_addr_buf = reg_addr & 0x3f;
138 uint8_t nr_w_buf = 1;
139 uint8_t value_buf[4];
140
141 jtag_info = &arm920t->arm7_9_common.jtag_info;
142
143 buf_set_u32(value_buf, 0, 32, value);
144
145 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
146 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
147
148 fields[0].num_bits = 1;
149 fields[0].out_value = &access_type_buf;
150 fields[0].in_value = NULL;
151
152 fields[1].num_bits = 32;
153 fields[1].out_value = value_buf;
154 fields[1].in_value = NULL;
155
156 fields[2].num_bits = 6;
157 fields[2].out_value = &reg_addr_buf;
158 fields[2].in_value = NULL;
159
160 fields[3].num_bits = 1;
161 fields[3].out_value = &nr_w_buf;
162 fields[3].in_value = NULL;
163
164 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
165
166 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
167 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
168 #endif
169
170 return ERROR_OK;
171 }
172
173 /* See table 9-10 for scan chain 15 format during interpreted access mode.
174 * If the TESTSTATE register is set for interpreted access, certain CP15
175 * MRC and MCR instructions may be executed through scan chain 15.
176 *
177 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
178 * executed using scan chain 15 interpreted mode.
179 */
180 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
181 uint32_t arm_opcode)
182 {
183 int retval;
184 struct arm920t_common *arm920t = target_to_arm920(target);
185 struct arm_jtag *jtag_info;
186 struct scan_field fields[4];
187 uint8_t access_type_buf = 0; /* interpreted access */
188 uint8_t reg_addr_buf = 0x0;
189 uint8_t nr_w_buf = 0;
190 uint8_t cp15_opcode_buf[4];
191
192 jtag_info = &arm920t->arm7_9_common.jtag_info;
193
194 arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
195 arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL, TAP_IDLE);
196
197 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
198
199 fields[0].num_bits = 1;
200 fields[0].out_value = &access_type_buf;
201 fields[0].in_value = NULL;
202
203 fields[1].num_bits = 32;
204 fields[1].out_value = cp15_opcode_buf;
205 fields[1].in_value = NULL;
206
207 fields[2].num_bits = 6;
208 fields[2].out_value = &reg_addr_buf;
209 fields[2].in_value = NULL;
210
211 fields[3].num_bits = 1;
212 fields[3].out_value = &nr_w_buf;
213 fields[3].in_value = NULL;
214
215 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
216
217 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
218 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
219 retval = arm7_9_execute_sys_speed(target);
220 if (retval != ERROR_OK)
221 return retval;
222
223 if ((retval = jtag_execute_queue()) != ERROR_OK)
224 {
225 LOG_ERROR("failed executing JTAG queue");
226 return retval;
227 }
228
229 return ERROR_OK;
230 }
231
232 static int arm920t_read_cp15_interpreted(struct target *target,
233 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
234 {
235 struct arm *armv4_5 = target_to_arm(target);
236 uint32_t* regs_p[1];
237 uint32_t regs[2];
238 uint32_t cp15c15 = 0x0;
239 struct reg *r = armv4_5->core_cache->reg_list;
240
241 /* load address into R1 */
242 regs[1] = address;
243 arm9tdmi_write_core_regs(target, 0x2, regs);
244
245 /* read-modify-write CP15 test state register
246 * to enable interpreted access mode */
247 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
248 jtag_execute_queue();
249 cp15c15 |= 1; /* set interpret mode */
250 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
251
252 /* execute CP15 instruction and ARM load (reading from coprocessor) */
253 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
254
255 /* disable interpreted access mode */
256 cp15c15 &= ~1U; /* clear interpret mode */
257 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
258
259 /* retrieve value from R0 */
260 regs_p[0] = value;
261 arm9tdmi_read_core_regs(target, 0x1, regs_p);
262 jtag_execute_queue();
263
264 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
265 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
266 cp15_opcode, address, *value);
267 #endif
268
269 if (!is_arm_mode(armv4_5->core_mode))
270 return ERROR_FAIL;
271
272 r[0].dirty = 1;
273 r[1].dirty = 1;
274
275 return ERROR_OK;
276 }
277
278 static
279 int arm920t_write_cp15_interpreted(struct target *target,
280 uint32_t cp15_opcode, uint32_t value, uint32_t address)
281 {
282 uint32_t cp15c15 = 0x0;
283 struct arm *armv4_5 = target_to_arm(target);
284 uint32_t regs[2];
285 struct reg *r = armv4_5->core_cache->reg_list;
286
287 /* load value, address into R0, R1 */
288 regs[0] = value;
289 regs[1] = address;
290 arm9tdmi_write_core_regs(target, 0x3, regs);
291
292 /* read-modify-write CP15 test state register
293 * to enable interpreted access mode */
294 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
295 jtag_execute_queue();
296 cp15c15 |= 1; /* set interpret mode */
297 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
298
299 /* execute CP15 instruction and ARM store (writing to coprocessor) */
300 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
301
302 /* disable interpreted access mode */
303 cp15c15 &= ~1U; /* set interpret mode */
304 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
305
306 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
307 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
308 cp15_opcode, value, address);
309 #endif
310
311 if (!is_arm_mode(armv4_5->core_mode))
312 return ERROR_FAIL;
313
314 r[0].dirty = 1;
315 r[1].dirty = 1;
316
317 return ERROR_OK;
318 }
319
320 // EXPORTED to FA256
321 int arm920t_get_ttb(struct target *target, uint32_t *result)
322 {
323 int retval;
324 uint32_t ttb = 0x0;
325
326 if ((retval = arm920t_read_cp15_interpreted(target,
327 /* FIXME use opcode macro */
328 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
329 return retval;
330
331 *result = ttb;
332 return ERROR_OK;
333 }
334
335 // EXPORTED to FA256
336 int arm920t_disable_mmu_caches(struct target *target, int mmu,
337 int d_u_cache, int i_cache)
338 {
339 uint32_t cp15_control;
340 int retval;
341
342 /* read cp15 control register */
343 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
344 if (retval != ERROR_OK)
345 return retval;
346 retval = jtag_execute_queue();
347 if (retval != ERROR_OK)
348 return retval;
349
350 if (mmu)
351 cp15_control &= ~0x1U;
352
353 if (d_u_cache)
354 cp15_control &= ~0x4U;
355
356 if (i_cache)
357 cp15_control &= ~0x1000U;
358
359 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
360 return retval;
361 }
362
363 // EXPORTED to FA256
364 int arm920t_enable_mmu_caches(struct target *target, int mmu,
365 int d_u_cache, int i_cache)
366 {
367 uint32_t cp15_control;
368 int retval;
369
370 /* read cp15 control register */
371 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
372 if (retval != ERROR_OK)
373 return retval;
374 retval = jtag_execute_queue();
375 if (retval != ERROR_OK)
376 return retval;
377
378 if (mmu)
379 cp15_control |= 0x1U;
380
381 if (d_u_cache)
382 cp15_control |= 0x4U;
383
384 if (i_cache)
385 cp15_control |= 0x1000U;
386
387 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
388 return retval;
389 }
390
391 // EXPORTED to FA256
392 int arm920t_post_debug_entry(struct target *target)
393 {
394 uint32_t cp15c15;
395 struct arm920t_common *arm920t = target_to_arm920(target);
396 int retval;
397
398 /* examine cp15 control reg */
399 retval = arm920t_read_cp15_physical(target,
400 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
401 if (retval != ERROR_OK)
402 return retval;
403 retval = jtag_execute_queue();
404 if (retval != ERROR_OK)
405 return retval;
406 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
407
408 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
409 {
410 uint32_t cache_type_reg;
411 /* identify caches */
412 retval = arm920t_read_cp15_physical(target,
413 CP15PHYS_CACHETYPE, &cache_type_reg);
414 if (retval != ERROR_OK)
415 return retval;
416 retval = jtag_execute_queue();
417 if (retval != ERROR_OK)
418 return retval;
419 armv4_5_identify_cache(cache_type_reg,
420 &arm920t->armv4_5_mmu.armv4_5_cache);
421 }
422
423 arm920t->armv4_5_mmu.mmu_enabled =
424 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
425 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
426 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
427 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
428 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
429
430 /* save i/d fault status and address register */
431 /* FIXME use opcode macros */
432 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
433 if (retval != ERROR_OK)
434 return retval;
435 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
436 if (retval != ERROR_OK)
437 return retval;
438 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
439 if (retval != ERROR_OK)
440 return retval;
441 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
442 if (retval != ERROR_OK)
443 return retval;
444
445 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
446 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
447 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
448
449 if (arm920t->preserve_cache)
450 {
451 /* read-modify-write CP15 test state register
452 * to disable I/D-cache linefills */
453 retval = arm920t_read_cp15_physical(target,
454 CP15PHYS_TESTSTATE, &cp15c15);
455 if (retval != ERROR_OK)
456 return retval;
457 retval = jtag_execute_queue();
458 if (retval != ERROR_OK)
459 return retval;
460 cp15c15 |= 0x600;
461 retval = arm920t_write_cp15_physical(target,
462 CP15PHYS_TESTSTATE, cp15c15);
463 if (retval != ERROR_OK)
464 return retval;
465 }
466 return ERROR_OK;
467 }
468
469 // EXPORTED to FA256
470 void arm920t_pre_restore_context(struct target *target)
471 {
472 uint32_t cp15c15;
473 struct arm920t_common *arm920t = target_to_arm920(target);
474
475 /* restore i/d fault status and address register */
476 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
477 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
478 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
479 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
480
481 /* read-modify-write CP15 test state register
482 * to reenable I/D-cache linefills */
483 if (arm920t->preserve_cache)
484 {
485 arm920t_read_cp15_physical(target,
486 CP15PHYS_TESTSTATE, &cp15c15);
487 jtag_execute_queue();
488 cp15c15 &= ~0x600U;
489 arm920t_write_cp15_physical(target,
490 CP15PHYS_TESTSTATE, cp15c15);
491 }
492 }
493
494 static const char arm920_not[] = "target is not an ARM920";
495
496 static int arm920t_verify_pointer(struct command_context *cmd_ctx,
497 struct arm920t_common *arm920t)
498 {
499 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
500 command_print(cmd_ctx, arm920_not);
501 return ERROR_TARGET_INVALID;
502 }
503
504 return ERROR_OK;
505 }
506
507 /** Logs summary of ARM920 state for a halted target. */
508 int arm920t_arch_state(struct target *target)
509 {
510 static const char *state[] =
511 {
512 "disabled", "enabled"
513 };
514
515 struct arm920t_common *arm920t = target_to_arm920(target);
516 struct arm *armv4_5;
517
518 if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
519 {
520 LOG_ERROR("BUG: %s", arm920_not);
521 return ERROR_TARGET_INVALID;
522 }
523
524 armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
525
526 arm_arch_state(target);
527 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
528 state[arm920t->armv4_5_mmu.mmu_enabled],
529 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
530 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
531
532 return ERROR_OK;
533 }
534
535 static int arm920_mmu(struct target *target, int *enabled)
536 {
537 if (target->state != TARGET_HALTED) {
538 LOG_ERROR("%s: target not halted", __func__);
539 return ERROR_TARGET_INVALID;
540 }
541
542 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
543 return ERROR_OK;
544 }
545
546 static int arm920_virt2phys(struct target *target,
547 uint32_t virt, uint32_t *phys)
548 {
549 uint32_t cb;
550 struct arm920t_common *arm920t = target_to_arm920(target);
551
552 uint32_t ret;
553 int retval = armv4_5_mmu_translate_va(target,
554 &arm920t->armv4_5_mmu, virt, &cb, &ret);
555 if (retval != ERROR_OK)
556 return retval;
557 *phys = ret;
558 return ERROR_OK;
559 }
560
561 /** Reads a buffer, in the specified word size, with current MMU settings. */
562 int arm920t_read_memory(struct target *target, uint32_t address,
563 uint32_t size, uint32_t count, uint8_t *buffer)
564 {
565 int retval;
566
567 retval = arm7_9_read_memory(target, address, size, count, buffer);
568
569 return retval;
570 }
571
572
573 static int arm920t_read_phys_memory(struct target *target,
574 uint32_t address, uint32_t size,
575 uint32_t count, uint8_t *buffer)
576 {
577 struct arm920t_common *arm920t = target_to_arm920(target);
578
579 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
580 address, size, count, buffer);
581 }
582
583 static int arm920t_write_phys_memory(struct target *target,
584 uint32_t address, uint32_t size,
585 uint32_t count, uint8_t *buffer)
586 {
587 struct arm920t_common *arm920t = target_to_arm920(target);
588
589 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
590 address, size, count, buffer);
591 }
592
593
594 /** Writes a buffer, in the specified word size, with current MMU settings. */
595 int arm920t_write_memory(struct target *target, uint32_t address,
596 uint32_t size, uint32_t count, uint8_t *buffer)
597 {
598 int retval;
599 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
600 struct arm920t_common *arm920t = target_to_arm920(target);
601
602 /* FIX!!!! this should be cleaned up and made much more general. The
603 * plan is to write up and test on arm920t specifically and
604 * then generalize and clean up afterwards.
605 *
606 * Also it should be moved to the callbacks that handle breakpoints
607 * specifically and not the generic memory write fn's. See XScale code.
608 */
609 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
610 ((size==2) || (size==4)))
611 {
612 /* special case the handling of single word writes to
613 * bypass MMU, to allow implementation of breakpoints
614 * in memory marked read only
615 * by MMU
616 */
617 uint32_t cb;
618 uint32_t pa;
619
620 /*
621 * We need physical address and cb
622 */
623 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
624 address, &cb, &pa);
625 if (retval != ERROR_OK)
626 return retval;
627
628 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
629 {
630 if (cb & 0x1)
631 {
632 LOG_DEBUG("D-Cache buffered, "
633 "drain write buffer");
634 /*
635 * Buffered ?
636 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
637 */
638
639 retval = arm920t_write_cp15_interpreted(target,
640 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
641 0x0, 0);
642 if (retval != ERROR_OK)
643 return retval;
644 }
645
646 if (cb == 0x3)
647 {
648 /*
649 * Write back memory ? -> clean cache
650 *
651 * There is no way to clean cache lines using
652 * cp15 scan chain, so copy the full cache
653 * line from cache to physical memory.
654 */
655 uint8_t data[32];
656
657 LOG_DEBUG("D-Cache in 'write back' mode, "
658 "flush cache line");
659
660 retval = target_read_memory(target,
661 address & cache_mask, 1,
662 sizeof(data), &data[0]);
663 if (retval != ERROR_OK)
664 return retval;
665
666 retval = armv4_5_mmu_write_physical(target,
667 &arm920t->armv4_5_mmu,
668 pa & cache_mask, 1,
669 sizeof(data), &data[0]);
670 if (retval != ERROR_OK)
671 return retval;
672 }
673
674 /* Cached ? */
675 if (cb & 0x2)
676 {
677 /*
678 * Cached ? -> Invalidate data cache using MVA
679 *
680 * MCR p15,0,Rd,c7,c6,1
681 */
682 LOG_DEBUG("D-Cache enabled, "
683 "invalidate cache line");
684
685 retval = arm920t_write_cp15_interpreted(target,
686 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
687 address & cache_mask);
688 if (retval != ERROR_OK)
689 return retval;
690 }
691 }
692
693 /* write directly to physical memory,
694 * bypassing any read only MMU bits, etc.
695 */
696 retval = armv4_5_mmu_write_physical(target,
697 &arm920t->armv4_5_mmu, pa, size,
698 count, buffer);
699 if (retval != ERROR_OK)
700 return retval;
701 } else
702 {
703 if ((retval = arm7_9_write_memory(target, address,
704 size, count, buffer)) != ERROR_OK)
705 return retval;
706 }
707
708 /* If ICache is enabled, we have to invalidate affected ICache lines
709 * the DCache is forced to write-through,
710 * so we don't have to clean it here
711 */
712 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
713 {
714 if (count <= 1)
715 {
716 /* invalidate ICache single entry with MVA
717 * mcr 15, 0, r0, cr7, cr5, {1}
718 */
719 LOG_DEBUG("I-Cache enabled, "
720 "invalidating affected I-Cache line");
721 retval = arm920t_write_cp15_interpreted(target,
722 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
723 0x0, address & cache_mask);
724 if (retval != ERROR_OK)
725 return retval;
726 }
727 else
728 {
729 /* invalidate ICache
730 * mcr 15, 0, r0, cr7, cr5, {0}
731 */
732 retval = arm920t_write_cp15_interpreted(target,
733 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
734 0x0, 0x0);
735 if (retval != ERROR_OK)
736 return retval;
737 }
738 }
739
740 return ERROR_OK;
741 }
742
743 // EXPORTED to FA256
744 int arm920t_soft_reset_halt(struct target *target)
745 {
746 int retval = ERROR_OK;
747 struct arm920t_common *arm920t = target_to_arm920(target);
748 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
749 struct arm *armv4_5 = &arm7_9->armv4_5_common;
750 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
751
752 if ((retval = target_halt(target)) != ERROR_OK)
753 {
754 return retval;
755 }
756
757 long long then = timeval_ms();
758 int timeout;
759 while (!(timeout = ((timeval_ms()-then) > 1000)))
760 {
761 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1)
762 == 0)
763 {
764 embeddedice_read_reg(dbg_stat);
765 if ((retval = jtag_execute_queue()) != ERROR_OK)
766 {
767 return retval;
768 }
769 } else
770 {
771 break;
772 }
773 if (debug_level >= 3)
774 {
775 /* do not eat all CPU, time out after 1 se*/
776 alive_sleep(100);
777 } else
778 {
779 keep_alive();
780 }
781 }
782 if (timeout)
783 {
784 LOG_ERROR("Failed to halt CPU after 1 sec");
785 return ERROR_TARGET_TIMEOUT;
786 }
787
788 target->state = TARGET_HALTED;
789
790 /* SVC, ARM state, IRQ and FIQ disabled */
791 uint32_t cpsr;
792
793 cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
794 cpsr &= ~0xff;
795 cpsr |= 0xd3;
796 arm_set_cpsr(armv4_5, cpsr);
797 armv4_5->cpsr->dirty = 1;
798
799 /* start fetching from 0x0 */
800 buf_set_u32(armv4_5->pc->value, 0, 32, 0x0);
801 armv4_5->pc->dirty = 1;
802 armv4_5->pc->valid = 1;
803
804 arm920t_disable_mmu_caches(target, 1, 1, 1);
805 arm920t->armv4_5_mmu.mmu_enabled = 0;
806 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
807 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
808
809 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
810 }
811
812 /* FIXME remove forward decls */
813 static int arm920t_mrc(struct target *target, int cpnum,
814 uint32_t op1, uint32_t op2,
815 uint32_t CRn, uint32_t CRm,
816 uint32_t *value);
817 static int arm920t_mcr(struct target *target, int cpnum,
818 uint32_t op1, uint32_t op2,
819 uint32_t CRn, uint32_t CRm,
820 uint32_t value);
821
822 static int arm920t_init_arch_info(struct target *target,
823 struct arm920t_common *arm920t, struct jtag_tap *tap)
824 {
825 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
826
827 arm7_9->armv4_5_common.mrc = arm920t_mrc;
828 arm7_9->armv4_5_common.mcr = arm920t_mcr;
829
830 /* initialize arm7/arm9 specific info (including armv4_5) */
831 arm9tdmi_init_arch_info(target, arm7_9, tap);
832
833 arm920t->common_magic = ARM920T_COMMON_MAGIC;
834
835 arm7_9->post_debug_entry = arm920t_post_debug_entry;
836 arm7_9->pre_restore_context = arm920t_pre_restore_context;
837
838 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
839 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
840 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
841 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
842 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
843 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
844 arm920t->armv4_5_mmu.has_tiny_pages = 1;
845 arm920t->armv4_5_mmu.mmu_enabled = 0;
846
847 /* disabling linefills leads to lockups, so keep them enabled for now
848 * this doesn't affect correctness, but might affect timing issues, if
849 * important data is evicted from the cache during the debug session
850 * */
851 arm920t->preserve_cache = 0;
852
853 /* override hw single-step capability from ARM9TDMI */
854 arm7_9->has_single_step = 1;
855
856 return ERROR_OK;
857 }
858
859 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
860 {
861 struct arm920t_common *arm920t;
862
863 arm920t = calloc(1,sizeof(struct arm920t_common));
864 return arm920t_init_arch_info(target, arm920t, target->tap);
865 }
866
867 COMMAND_HANDLER(arm920t_handle_read_cache_command)
868 {
869 int retval = ERROR_OK;
870 struct target *target = get_current_target(CMD_CTX);
871 struct arm920t_common *arm920t = target_to_arm920(target);
872 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
873 struct arm *armv4_5 = &arm7_9->armv4_5_common;
874 uint32_t cp15c15;
875 uint32_t cp15_ctrl, cp15_ctrl_saved;
876 uint32_t regs[16];
877 uint32_t *regs_p[16];
878 uint32_t C15_C_D_Ind, C15_C_I_Ind;
879 int i;
880 FILE *output;
881 struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
882 int segment, index_t;
883 struct reg *r;
884
885 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
886 if (retval != ERROR_OK)
887 return retval;
888
889 if (CMD_ARGC != 1)
890 {
891 command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
892 return ERROR_OK;
893 }
894
895 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
896 {
897 LOG_DEBUG("error opening cache content file");
898 return ERROR_OK;
899 }
900
901 for (i = 0; i < 16; i++)
902 regs_p[i] = &regs[i];
903
904 /* disable MMU and Caches */
905 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
906 if ((retval = jtag_execute_queue()) != ERROR_OK)
907 {
908 return retval;
909 }
910 cp15_ctrl_saved = cp15_ctrl;
911 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
912 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
913 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
914
915 /* read CP15 test state register */
916 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
917 jtag_execute_queue();
918
919 /* read DCache content */
920 fprintf(output, "DCache:\n");
921
922 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
923 for (segment = 0;
924 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
925 segment++)
926 {
927 fprintf(output, "\nsegment: %i\n----------", segment);
928
929 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
930 regs[0] = 0x0 | (segment << 5);
931 arm9tdmi_write_core_regs(target, 0x1, regs);
932
933 /* set interpret mode */
934 cp15c15 |= 0x1;
935 arm920t_write_cp15_physical(target,
936 CP15PHYS_TESTSTATE, cp15c15);
937
938 /* D CAM Read, loads current victim into C15.C.D.Ind */
939 arm920t_execute_cp15(target,
940 ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
941
942 /* read current victim */
943 arm920t_read_cp15_physical(target,
944 CP15PHYS_DCACHE_IDX, &C15_C_D_Ind);
945
946 /* clear interpret mode */
947 cp15c15 &= ~0x1;
948 arm920t_write_cp15_physical(target,
949 CP15PHYS_TESTSTATE, cp15c15);
950
951 for (index_t = 0; index_t < 64; index_t++)
952 {
953 /* Ra:
954 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
955 */
956 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
957 arm9tdmi_write_core_regs(target, 0x1, regs);
958
959 /* set interpret mode */
960 cp15c15 |= 0x1;
961 arm920t_write_cp15_physical(target,
962 CP15PHYS_TESTSTATE, cp15c15);
963
964 /* Write DCache victim */
965 arm920t_execute_cp15(target,
966 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
967
968 /* Read D RAM */
969 arm920t_execute_cp15(target,
970 ARMV4_5_MCR(15,2,0,15,10,2),
971 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
972
973 /* Read D CAM */
974 arm920t_execute_cp15(target,
975 ARMV4_5_MCR(15,2,0,15,6,2),
976 ARMV4_5_LDR(9, 0));
977
978 /* clear interpret mode */
979 cp15c15 &= ~0x1;
980 arm920t_write_cp15_physical(target,
981 CP15PHYS_TESTSTATE, cp15c15);
982
983 /* read D RAM and CAM content */
984 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
985 if ((retval = jtag_execute_queue()) != ERROR_OK)
986 {
987 return retval;
988 }
989
990 d_cache[segment][index_t].cam = regs[9];
991
992 /* mask LFSR[6] */
993 regs[9] &= 0xfffffffe;
994 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
995 PRIx32 ", content (%s):\n",
996 segment, index_t, regs[9],
997 (regs[9] & 0x10) ? "valid" : "invalid");
998
999 for (i = 1; i < 9; i++)
1000 {
1001 d_cache[segment][index_t].data[i] = regs[i];
1002 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1003 i-1, regs[i]);
1004 }
1005
1006 }
1007
1008 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1009 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1010 arm9tdmi_write_core_regs(target, 0x1, regs);
1011
1012 /* set interpret mode */
1013 cp15c15 |= 0x1;
1014 arm920t_write_cp15_physical(target,
1015 CP15PHYS_TESTSTATE, cp15c15);
1016
1017 /* Write DCache victim */
1018 arm920t_execute_cp15(target,
1019 ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
1020
1021 /* clear interpret mode */
1022 cp15c15 &= ~0x1;
1023 arm920t_write_cp15_physical(target,
1024 CP15PHYS_TESTSTATE, cp15c15);
1025 }
1026
1027 /* read ICache content */
1028 fprintf(output, "ICache:\n");
1029
1030 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1031 for (segment = 0;
1032 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1033 segment++)
1034 {
1035 fprintf(output, "segment: %i\n----------", segment);
1036
1037 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1038 regs[0] = 0x0 | (segment << 5);
1039 arm9tdmi_write_core_regs(target, 0x1, regs);
1040
1041 /* set interpret mode */
1042 cp15c15 |= 0x1;
1043 arm920t_write_cp15_physical(target,
1044 CP15PHYS_TESTSTATE, cp15c15);
1045
1046 /* I CAM Read, loads current victim into C15.C.I.Ind */
1047 arm920t_execute_cp15(target,
1048 ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
1049
1050 /* read current victim */
1051 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1052 &C15_C_I_Ind);
1053
1054 /* clear interpret mode */
1055 cp15c15 &= ~0x1;
1056 arm920t_write_cp15_physical(target,
1057 CP15PHYS_TESTSTATE, cp15c15);
1058
1059 for (index_t = 0; index_t < 64; index_t++)
1060 {
1061 /* Ra:
1062 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1063 */
1064 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1065 arm9tdmi_write_core_regs(target, 0x1, regs);
1066
1067 /* set interpret mode */
1068 cp15c15 |= 0x1;
1069 arm920t_write_cp15_physical(target,
1070 CP15PHYS_TESTSTATE, cp15c15);
1071
1072 /* Write ICache victim */
1073 arm920t_execute_cp15(target,
1074 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1075
1076 /* Read I RAM */
1077 arm920t_execute_cp15(target,
1078 ARMV4_5_MCR(15,2,0,15,9,2),
1079 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1080
1081 /* Read I CAM */
1082 arm920t_execute_cp15(target,
1083 ARMV4_5_MCR(15,2,0,15,5,2),
1084 ARMV4_5_LDR(9, 0));
1085
1086 /* clear interpret mode */
1087 cp15c15 &= ~0x1;
1088 arm920t_write_cp15_physical(target,
1089 CP15PHYS_TESTSTATE, cp15c15);
1090
1091 /* read I RAM and CAM content */
1092 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1093 if ((retval = jtag_execute_queue()) != ERROR_OK)
1094 {
1095 return retval;
1096 }
1097
1098 i_cache[segment][index_t].cam = regs[9];
1099
1100 /* mask LFSR[6] */
1101 regs[9] &= 0xfffffffe;
1102 fprintf(output, "\nsegment: %i, index: %i, "
1103 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1104 segment, index_t, regs[9],
1105 (regs[9] & 0x10) ? "valid" : "invalid");
1106
1107 for (i = 1; i < 9; i++)
1108 {
1109 i_cache[segment][index_t].data[i] = regs[i];
1110 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1111 i-1, regs[i]);
1112 }
1113 }
1114
1115 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1116 regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
1117 arm9tdmi_write_core_regs(target, 0x1, regs);
1118
1119 /* set interpret mode */
1120 cp15c15 |= 0x1;
1121 arm920t_write_cp15_physical(target,
1122 CP15PHYS_TESTSTATE, cp15c15);
1123
1124 /* Write ICache victim */
1125 arm920t_execute_cp15(target,
1126 ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
1127
1128 /* clear interpret mode */
1129 cp15c15 &= ~0x1;
1130 arm920t_write_cp15_physical(target,
1131 CP15PHYS_TESTSTATE, cp15c15);
1132 }
1133
1134 /* restore CP15 MMU and Cache settings */
1135 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1136
1137 command_print(CMD_CTX, "cache content successfully output to %s",
1138 CMD_ARGV[0]);
1139
1140 fclose(output);
1141
1142 if (!is_arm_mode(armv4_5->core_mode))
1143 return ERROR_FAIL;
1144
1145 /* force writeback of the valid data */
1146 r = armv4_5->core_cache->reg_list;
1147 r[0].dirty = r[0].valid;
1148 r[1].dirty = r[1].valid;
1149 r[2].dirty = r[2].valid;
1150 r[3].dirty = r[3].valid;
1151 r[4].dirty = r[4].valid;
1152 r[5].dirty = r[5].valid;
1153 r[6].dirty = r[6].valid;
1154 r[7].dirty = r[7].valid;
1155
1156 r = arm_reg_current(armv4_5, 8);
1157 r->dirty = r->valid;
1158
1159 r = arm_reg_current(armv4_5, 9);
1160 r->dirty = r->valid;
1161
1162 return ERROR_OK;
1163 }
1164
1165 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1166 {
1167 int retval = ERROR_OK;
1168 struct target *target = get_current_target(CMD_CTX);
1169 struct arm920t_common *arm920t = target_to_arm920(target);
1170 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1171 struct arm *armv4_5 = &arm7_9->armv4_5_common;
1172 uint32_t cp15c15;
1173 uint32_t cp15_ctrl, cp15_ctrl_saved;
1174 uint32_t regs[16];
1175 uint32_t *regs_p[16];
1176 int i;
1177 FILE *output;
1178 uint32_t Dlockdown, Ilockdown;
1179 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1180 int victim;
1181 struct reg *r;
1182
1183 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1184 if (retval != ERROR_OK)
1185 return retval;
1186
1187 if (CMD_ARGC != 1)
1188 {
1189 command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
1190 return ERROR_OK;
1191 }
1192
1193 if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
1194 {
1195 LOG_DEBUG("error opening mmu content file");
1196 return ERROR_OK;
1197 }
1198
1199 for (i = 0; i < 16; i++)
1200 regs_p[i] = &regs[i];
1201
1202 /* disable MMU and Caches */
1203 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1204 if ((retval = jtag_execute_queue()) != ERROR_OK)
1205 {
1206 return retval;
1207 }
1208 cp15_ctrl_saved = cp15_ctrl;
1209 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1210 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1211 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1212
1213 /* read CP15 test state register */
1214 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1215 if ((retval = jtag_execute_queue()) != ERROR_OK)
1216 {
1217 return retval;
1218 }
1219
1220 /* prepare reading D TLB content
1221 * */
1222
1223 /* set interpret mode */
1224 cp15c15 |= 0x1;
1225 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1226
1227 /* Read D TLB lockdown */
1228 arm920t_execute_cp15(target,
1229 ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
1230
1231 /* clear interpret mode */
1232 cp15c15 &= ~0x1;
1233 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1234
1235 /* read D TLB lockdown stored to r1 */
1236 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1237 if ((retval = jtag_execute_queue()) != ERROR_OK)
1238 {
1239 return retval;
1240 }
1241 Dlockdown = regs[1];
1242
1243 for (victim = 0; victim < 64; victim += 8)
1244 {
1245 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1246 * base remains unchanged, victim goes through entries 0 to 63
1247 */
1248 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1249 arm9tdmi_write_core_regs(target, 0x2, regs);
1250
1251 /* set interpret mode */
1252 cp15c15 |= 0x1;
1253 arm920t_write_cp15_physical(target,
1254 CP15PHYS_TESTSTATE, cp15c15);
1255
1256 /* Write D TLB lockdown */
1257 arm920t_execute_cp15(target,
1258 ARMV4_5_MCR(15,0,0,10,0,0),
1259 ARMV4_5_STR(1, 0));
1260
1261 /* Read D TLB CAM */
1262 arm920t_execute_cp15(target,
1263 ARMV4_5_MCR(15,4,0,15,6,4),
1264 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1265
1266 /* clear interpret mode */
1267 cp15c15 &= ~0x1;
1268 arm920t_write_cp15_physical(target,
1269 CP15PHYS_TESTSTATE, cp15c15);
1270
1271 /* read D TLB CAM content stored to r2-r9 */
1272 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1273 if ((retval = jtag_execute_queue()) != ERROR_OK)
1274 {
1275 return retval;
1276 }
1277
1278 for (i = 0; i < 8; i++)
1279 d_tlb[victim + i].cam = regs[i + 2];
1280 }
1281
1282 for (victim = 0; victim < 64; victim++)
1283 {
1284 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1285 * base remains unchanged, victim goes through entries 0 to 63
1286 */
1287 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1288 arm9tdmi_write_core_regs(target, 0x2, regs);
1289
1290 /* set interpret mode */
1291 cp15c15 |= 0x1;
1292 arm920t_write_cp15_physical(target,
1293 CP15PHYS_TESTSTATE, cp15c15);
1294
1295 /* Write D TLB lockdown */
1296 arm920t_execute_cp15(target,
1297 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1298
1299 /* Read D TLB RAM1 */
1300 arm920t_execute_cp15(target,
1301 ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
1302
1303 /* Read D TLB RAM2 */
1304 arm920t_execute_cp15(target,
1305 ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
1306
1307 /* clear interpret mode */
1308 cp15c15 &= ~0x1;
1309 arm920t_write_cp15_physical(target,
1310 CP15PHYS_TESTSTATE, cp15c15);
1311
1312 /* read D TLB RAM content stored to r2 and r3 */
1313 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1314 if ((retval = jtag_execute_queue()) != ERROR_OK)
1315 {
1316 return retval;
1317 }
1318
1319 d_tlb[victim].ram1 = regs[2];
1320 d_tlb[victim].ram2 = regs[3];
1321 }
1322
1323 /* restore D TLB lockdown */
1324 regs[1] = Dlockdown;
1325 arm9tdmi_write_core_regs(target, 0x2, regs);
1326
1327 /* Write D TLB lockdown */
1328 arm920t_execute_cp15(target,
1329 ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
1330
1331 /* prepare reading I TLB content
1332 * */
1333
1334 /* set interpret mode */
1335 cp15c15 |= 0x1;
1336 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1337
1338 /* Read I TLB lockdown */
1339 arm920t_execute_cp15(target,
1340 ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
1341
1342 /* clear interpret mode */
1343 cp15c15 &= ~0x1;
1344 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1345
1346 /* read I TLB lockdown stored to r1 */
1347 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1348 if ((retval = jtag_execute_queue()) != ERROR_OK)
1349 {
1350 return retval;
1351 }
1352 Ilockdown = regs[1];
1353
1354 for (victim = 0; victim < 64; victim += 8)
1355 {
1356 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1357 * base remains unchanged, victim goes through entries 0 to 63
1358 */
1359 regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
1360 arm9tdmi_write_core_regs(target, 0x2, regs);
1361
1362 /* set interpret mode */
1363 cp15c15 |= 0x1;
1364 arm920t_write_cp15_physical(target,
1365 CP15PHYS_TESTSTATE, cp15c15);
1366
1367 /* Write I TLB lockdown */
1368 arm920t_execute_cp15(target,
1369 ARMV4_5_MCR(15,0,0,10,0,1),
1370 ARMV4_5_STR(1, 0));
1371
1372 /* Read I TLB CAM */
1373 arm920t_execute_cp15(target,
1374 ARMV4_5_MCR(15,4,0,15,5,4),
1375 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1376
1377 /* clear interpret mode */
1378 cp15c15 &= ~0x1;
1379 arm920t_write_cp15_physical(target,
1380 CP15PHYS_TESTSTATE, cp15c15);
1381
1382 /* read I TLB CAM content stored to r2-r9 */
1383 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1384 if ((retval = jtag_execute_queue()) != ERROR_OK)
1385 {
1386 return retval;
1387 }
1388
1389 for (i = 0; i < 8; i++)
1390 i_tlb[i + victim].cam = regs[i + 2];
1391 }
1392
1393 for (victim = 0; victim < 64; victim++)
1394 {
1395 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1396 * base remains unchanged, victim goes through entries 0 to 63
1397 */
1398 regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
1399 arm9tdmi_write_core_regs(target, 0x2, regs);
1400
1401 /* set interpret mode */
1402 cp15c15 |= 0x1;
1403 arm920t_write_cp15_physical(target,
1404 CP15PHYS_TESTSTATE, cp15c15);
1405
1406 /* Write I TLB lockdown */
1407 arm920t_execute_cp15(target,
1408 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1409
1410 /* Read I TLB RAM1 */
1411 arm920t_execute_cp15(target,
1412 ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
1413
1414 /* Read I TLB RAM2 */
1415 arm920t_execute_cp15(target,
1416 ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
1417
1418 /* clear interpret mode */
1419 cp15c15 &= ~0x1;
1420 arm920t_write_cp15_physical(target,
1421 CP15PHYS_TESTSTATE, cp15c15);
1422
1423 /* read I TLB RAM content stored to r2 and r3 */
1424 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1425 if ((retval = jtag_execute_queue()) != ERROR_OK)
1426 {
1427 return retval;
1428 }
1429
1430 i_tlb[victim].ram1 = regs[2];
1431 i_tlb[victim].ram2 = regs[3];
1432 }
1433
1434 /* restore I TLB lockdown */
1435 regs[1] = Ilockdown;
1436 arm9tdmi_write_core_regs(target, 0x2, regs);
1437
1438 /* Write I TLB lockdown */
1439 arm920t_execute_cp15(target,
1440 ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
1441
1442 /* restore CP15 MMU and Cache settings */
1443 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1444
1445 /* output data to file */
1446 fprintf(output, "D TLB content:\n");
1447 for (i = 0; i < 64; i++)
1448 {
1449 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1450 " 0x%8.8" PRIx32 " %s\n",
1451 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1452 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1453 }
1454
1455 fprintf(output, "\n\nI TLB content:\n");
1456 for (i = 0; i < 64; i++)
1457 {
1458 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1459 " 0x%8.8" PRIx32 " %s\n",
1460 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1461 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1462 }
1463
1464 command_print(CMD_CTX, "mmu content successfully output to %s",
1465 CMD_ARGV[0]);
1466
1467 fclose(output);
1468
1469 if (!is_arm_mode(armv4_5->core_mode))
1470 return ERROR_FAIL;
1471
1472 /* force writeback of the valid data */
1473 r = armv4_5->core_cache->reg_list;
1474 r[0].dirty = r[0].valid;
1475 r[1].dirty = r[1].valid;
1476 r[2].dirty = r[2].valid;
1477 r[3].dirty = r[3].valid;
1478 r[4].dirty = r[4].valid;
1479 r[5].dirty = r[5].valid;
1480 r[6].dirty = r[6].valid;
1481 r[7].dirty = r[7].valid;
1482
1483 r = arm_reg_current(armv4_5, 8);
1484 r->dirty = r->valid;
1485
1486 r = arm_reg_current(armv4_5, 9);
1487 r->dirty = r->valid;
1488
1489 return ERROR_OK;
1490 }
1491
1492 COMMAND_HANDLER(arm920t_handle_cp15_command)
1493 {
1494 int retval;
1495 struct target *target = get_current_target(CMD_CTX);
1496 struct arm920t_common *arm920t = target_to_arm920(target);
1497
1498 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1499 if (retval != ERROR_OK)
1500 return retval;
1501
1502 if (target->state != TARGET_HALTED)
1503 {
1504 command_print(CMD_CTX, "target must be stopped for "
1505 "\"%s\" command", CMD_NAME);
1506 return ERROR_OK;
1507 }
1508
1509 /* one argument, read a register.
1510 * two arguments, write it.
1511 */
1512 if (CMD_ARGC >= 1)
1513 {
1514 int address;
1515 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1516
1517 if (CMD_ARGC == 1)
1518 {
1519 uint32_t value;
1520 if ((retval = arm920t_read_cp15_physical(target,
1521 address, &value)) != ERROR_OK)
1522 {
1523 command_print(CMD_CTX,
1524 "couldn't access reg %i", address);
1525 return ERROR_OK;
1526 }
1527 if ((retval = jtag_execute_queue()) != ERROR_OK)
1528 {
1529 return retval;
1530 }
1531
1532 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1533 address, value);
1534 }
1535 else if (CMD_ARGC == 2)
1536 {
1537 uint32_t value;
1538 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1539 retval = arm920t_write_cp15_physical(target,
1540 address, value);
1541 if (retval != ERROR_OK)
1542 {
1543 command_print(CMD_CTX,
1544 "couldn't access reg %i", address);
1545 /* REVISIT why lie? "return retval"? */
1546 return ERROR_OK;
1547 }
1548 command_print(CMD_CTX, "%i: %8.8" PRIx32,
1549 address, value);
1550 }
1551 }
1552
1553 return ERROR_OK;
1554 }
1555
1556 COMMAND_HANDLER(arm920t_handle_cp15i_command)
1557 {
1558 int retval;
1559 struct target *target = get_current_target(CMD_CTX);
1560 struct arm920t_common *arm920t = target_to_arm920(target);
1561
1562 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1563 if (retval != ERROR_OK)
1564 return retval;
1565
1566
1567 if (target->state != TARGET_HALTED)
1568 {
1569 command_print(CMD_CTX, "target must be stopped for "
1570 "\"%s\" command", CMD_NAME);
1571 return ERROR_OK;
1572 }
1573
1574 /* one argument, read a register.
1575 * two arguments, write it.
1576 */
1577 if (CMD_ARGC >= 1)
1578 {
1579 uint32_t opcode;
1580 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
1581
1582 if (CMD_ARGC == 1)
1583 {
1584 uint32_t value;
1585 retval = arm920t_read_cp15_interpreted(target,
1586 opcode, 0x0, &value);
1587 if (retval != ERROR_OK)
1588 {
1589 command_print(CMD_CTX,
1590 "couldn't execute %8.8" PRIx32,
1591 opcode);
1592 /* REVISIT why lie? "return retval"? */
1593 return ERROR_OK;
1594 }
1595
1596 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1597 opcode, value);
1598 }
1599 else if (CMD_ARGC == 2)
1600 {
1601 uint32_t value;
1602 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1603 retval = arm920t_write_cp15_interpreted(target,
1604 opcode, value, 0);
1605 if (retval != ERROR_OK)
1606 {
1607 command_print(CMD_CTX,
1608 "couldn't execute %8.8" PRIx32,
1609 opcode);
1610 /* REVISIT why lie? "return retval"? */
1611 return ERROR_OK;
1612 }
1613 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32,
1614 opcode, value);
1615 }
1616 else if (CMD_ARGC == 3)
1617 {
1618 uint32_t value;
1619 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1620 uint32_t address;
1621 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
1622 retval = arm920t_write_cp15_interpreted(target,
1623 opcode, value, address);
1624 if (retval != ERROR_OK)
1625 {
1626 command_print(CMD_CTX,
1627 "couldn't execute %8.8" PRIx32, opcode);
1628 /* REVISIT why lie? "return retval"? */
1629 return ERROR_OK;
1630 }
1631 command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32
1632 " %8.8" PRIx32, opcode, value, address);
1633 }
1634 }
1635 else
1636 {
1637 command_print(CMD_CTX,
1638 "usage: arm920t cp15i <opcode> [value] [address]");
1639 }
1640
1641 return ERROR_OK;
1642 }
1643
1644 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1645 {
1646 int retval;
1647 struct target *target = get_current_target(CMD_CTX);
1648 struct arm920t_common *arm920t = target_to_arm920(target);
1649
1650 retval = arm920t_verify_pointer(CMD_CTX, arm920t);
1651 if (retval != ERROR_OK)
1652 return retval;
1653
1654 return armv4_5_handle_cache_info_command(CMD_CTX,
1655 &arm920t->armv4_5_mmu.armv4_5_cache);
1656 }
1657
1658
1659 static int arm920t_mrc(struct target *target, int cpnum,
1660 uint32_t op1, uint32_t op2,
1661 uint32_t CRn, uint32_t CRm,
1662 uint32_t *value)
1663 {
1664 if (cpnum!=15)
1665 {
1666 LOG_ERROR("Only cp15 is supported");
1667 return ERROR_FAIL;
1668 }
1669
1670 /* read "to" r0 */
1671 return arm920t_read_cp15_interpreted(target,
1672 ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
1673 0, value);
1674 }
1675
1676 static int arm920t_mcr(struct target *target, int cpnum,
1677 uint32_t op1, uint32_t op2,
1678 uint32_t CRn, uint32_t CRm,
1679 uint32_t value)
1680 {
1681 if (cpnum!=15)
1682 {
1683 LOG_ERROR("Only cp15 is supported");
1684 return ERROR_FAIL;
1685 }
1686
1687 /* write "from" r0 */
1688 return arm920t_write_cp15_interpreted(target,
1689 ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
1690 0, value);
1691 }
1692
1693 static const struct command_registration arm920t_exec_command_handlers[] = {
1694 {
1695 .name = "cp15",
1696 .handler = arm920t_handle_cp15_command,
1697 .mode = COMMAND_EXEC,
1698 .help = "display/modify cp15 register",
1699 .usage = "regnum [value]",
1700 },
1701 {
1702 .name = "cp15i",
1703 .handler = arm920t_handle_cp15i_command,
1704 .mode = COMMAND_EXEC,
1705 /* prefer using less error-prone "arm mcr" or "arm mrc" */
1706 .help = "display/modify cp15 register using ARM opcode"
1707 " (DEPRECATED)",
1708 .usage = "instruction [value [address]]",
1709 },
1710 {
1711 .name = "cache_info",
1712 .handler = arm920t_handle_cache_info_command,
1713 .mode = COMMAND_EXEC,
1714 .help = "display information about target caches",
1715 },
1716 {
1717 .name = "read_cache",
1718 .handler = arm920t_handle_read_cache_command,
1719 .mode = COMMAND_EXEC,
1720 .help = "dump I/D cache content to file",
1721 .usage = "filename",
1722 },
1723 {
1724 .name = "read_mmu",
1725 .handler = arm920t_handle_read_mmu_command,
1726 .mode = COMMAND_EXEC,
1727 .help = "dump I/D mmu content to file",
1728 .usage = "filename",
1729 },
1730 COMMAND_REGISTRATION_DONE
1731 };
1732 const struct command_registration arm920t_command_handlers[] = {
1733 {
1734 .chain = arm9tdmi_command_handlers,
1735 },
1736 {
1737 .name = "arm920t",
1738 .mode = COMMAND_ANY,
1739 .help = "arm920t command group",
1740 .chain = arm920t_exec_command_handlers,
1741 },
1742 COMMAND_REGISTRATION_DONE
1743 };
1744
1745 /** Holds methods for ARM920 targets. */
1746 struct target_type arm920t_target =
1747 {
1748 .name = "arm920t",
1749
1750 .poll = arm7_9_poll,
1751 .arch_state = arm920t_arch_state,
1752
1753 .target_request_data = arm7_9_target_request_data,
1754
1755 .halt = arm7_9_halt,
1756 .resume = arm7_9_resume,
1757 .step = arm7_9_step,
1758
1759 .assert_reset = arm7_9_assert_reset,
1760 .deassert_reset = arm7_9_deassert_reset,
1761 .soft_reset_halt = arm920t_soft_reset_halt,
1762
1763 .get_gdb_reg_list = arm_get_gdb_reg_list,
1764
1765 .read_memory = arm920t_read_memory,
1766 .write_memory = arm920t_write_memory,
1767 .read_phys_memory = arm920t_read_phys_memory,
1768 .write_phys_memory = arm920t_write_phys_memory,
1769 .mmu = arm920_mmu,
1770 .virt2phys = arm920_virt2phys,
1771
1772 .bulk_write_memory = arm7_9_bulk_write_memory,
1773
1774 .checksum_memory = arm_checksum_memory,
1775 .blank_check_memory = arm_blank_check_memory,
1776
1777 .run_algorithm = armv4_5_run_algorithm,
1778
1779 .add_breakpoint = arm7_9_add_breakpoint,
1780 .remove_breakpoint = arm7_9_remove_breakpoint,
1781 .add_watchpoint = arm7_9_add_watchpoint,
1782 .remove_watchpoint = arm7_9_remove_watchpoint,
1783
1784 .commands = arm920t_command_handlers,
1785 .target_create = arm920t_target_create,
1786 .init_target = arm9tdmi_init_target,
1787 .examine = arm7_9_examine,
1788 .check_reset = arm7_9_check_reset,
1789 };
Marex's Cortex A8 development branch