search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
target/xtensa: avoid IHI for writes to non-executable memory
[openocd.git] / src / target / arm920t.c
blob53b4d9d15f3ac6240f81c7fef9b8e9a6de46fa57
1 // SPDX-License-Identifier: GPL-2.0-or-later
2
3
4 /***************************************************************************
5 * Copyright (C) 2005 by Dominic Rath *
6 * Dominic.Rath@gmx.de *
7 ***************************************************************************/
8
9 #ifdef HAVE_CONFIG_H
10 #include "config.h"
11 #endif
12
13 #include "arm920t.h"
14 #include <helper/time_support.h>
15 #include "target_type.h"
16 #include "register.h"
17 #include "arm_opcodes.h"
18
19 /*
20 * For information about the ARM920T, see ARM DDI 0151C especially
21 * Chapter 9 about debug support, which shows how to manipulate each
22 * of the different scan chains:
23 *
24 * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
25 * 1 ... debugging; watchpoint and breakpoint status, etc; also
26 * MMU and cache access in conjunction with scan chain 15
27 * 2 ... EmbeddedICE
28 * 3 ... external boundary scan (SoC-specific, unused here)
29 * 4 ... access to cache tag RAM
30 * 6 ... ETM9
31 * 15 ... access coprocessor 15, "physical" or "interpreted" modes
32 * "interpreted" works with a few actual MRC/MCR instructions
33 * "physical" provides register-like behaviors. Section 9.6.7
34 * covers these details.
35 *
36 * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
37 */
38
39 #if 0
40 #define _DEBUG_INSTRUCTION_EXECUTION_
41 #endif
42
43 /* Table 9-8 shows scan chain 15 format during physical access mode, using a
44 * dedicated 6-bit address space (encoded in bits 33:38). Writes use one
45 * JTAG scan, while reads use two.
46 *
47 * Table 9-9 lists the thirteen registers which support physical access.
48 * ARM920T_CP15_PHYS_ADDR() constructs the 6-bit reg_addr parameter passed
49 * to arm920t_read_cp15_physical() and arm920t_write_cp15_physical().
50 *
51 * x == bit[38]
52 * y == bits[37:34]
53 * z == bit[33]
54 */
55 #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
56
57 /* Registers supporting physical Read access (from table 9-9) */
58 #define CP15PHYS_CACHETYPE ARM920T_CP15_PHYS_ADDR(0, 0x0, 1)
59 #define CP15PHYS_ICACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xd, 1)
60 #define CP15PHYS_DCACHE_IDX ARM920T_CP15_PHYS_ADDR(1, 0xe, 1)
61 /* NOTE: several more registers support only physical read access */
62
63 /* Registers supporting physical Read/Write access (from table 9-9) */
64 #define CP15PHYS_CTRL ARM920T_CP15_PHYS_ADDR(0, 0x1, 0)
65 #define CP15PHYS_PID ARM920T_CP15_PHYS_ADDR(0, 0xd, 0)
66 #define CP15PHYS_TESTSTATE ARM920T_CP15_PHYS_ADDR(0, 0xf, 0)
67 #define CP15PHYS_ICACHE ARM920T_CP15_PHYS_ADDR(1, 0x1, 1)
68 #define CP15PHYS_DCACHE ARM920T_CP15_PHYS_ADDR(1, 0x2, 1)
69
70 static int arm920t_read_cp15_physical(struct target *target,
71 int reg_addr, uint32_t *value)
72 {
73 struct arm920t_common *arm920t = target_to_arm920(target);
74 struct arm_jtag *jtag_info;
75 struct scan_field fields[4];
76 uint8_t access_type_buf = 1;
77 uint8_t reg_addr_buf = reg_addr & 0x3f;
78 uint8_t nr_w_buf = 0;
79 int retval;
80
81 jtag_info = &arm920t->arm7_9_common.jtag_info;
82
83 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
84 if (retval != ERROR_OK)
85 return retval;
86 retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
87 if (retval != ERROR_OK)
88 return retval;
89
90 fields[0].num_bits = 1;
91 fields[0].out_value = &access_type_buf;
92 fields[0].in_value = NULL;
93
94 fields[1].num_bits = 32;
95 fields[1].out_value = NULL;
96 fields[1].in_value = NULL;
97
98 fields[2].num_bits = 6;
99 fields[2].out_value = &reg_addr_buf;
100 fields[2].in_value = NULL;
101
102 fields[3].num_bits = 1;
103 fields[3].out_value = &nr_w_buf;
104 fields[3].in_value = NULL;
105
106 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
107
108 fields[1].in_value = (uint8_t *)value;
109
110 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
111
112 jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
113
114 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
115 jtag_execute_queue();
116 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
117 #endif
118
119 return ERROR_OK;
120 }
121
122 static int arm920t_write_cp15_physical(struct target *target,
123 int reg_addr, uint32_t value)
124 {
125 struct arm920t_common *arm920t = target_to_arm920(target);
126 struct arm_jtag *jtag_info;
127 struct scan_field fields[4];
128 uint8_t access_type_buf = 1;
129 uint8_t reg_addr_buf = reg_addr & 0x3f;
130 uint8_t nr_w_buf = 1;
131 uint8_t value_buf[4];
132 int retval;
133
134 jtag_info = &arm920t->arm7_9_common.jtag_info;
135
136 buf_set_u32(value_buf, 0, 32, value);
137
138 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
139 if (retval != ERROR_OK)
140 return retval;
141 retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
142 if (retval != ERROR_OK)
143 return retval;
144
145 fields[0].num_bits = 1;
146 fields[0].out_value = &access_type_buf;
147 fields[0].in_value = NULL;
148
149 fields[1].num_bits = 32;
150 fields[1].out_value = value_buf;
151 fields[1].in_value = NULL;
152
153 fields[2].num_bits = 6;
154 fields[2].out_value = &reg_addr_buf;
155 fields[2].in_value = NULL;
156
157 fields[3].num_bits = 1;
158 fields[3].out_value = &nr_w_buf;
159 fields[3].in_value = NULL;
160
161 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
162
163 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
164 LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
165 #endif
166
167 return ERROR_OK;
168 }
169
170 /* See table 9-10 for scan chain 15 format during interpreted access mode.
171 * If the TESTSTATE register is set for interpreted access, certain CP15
172 * MRC and MCR instructions may be executed through scan chain 15.
173 *
174 * Tables 9-11, 9-12, and 9-13 show which MRC and MCR instructions can be
175 * executed using scan chain 15 interpreted mode.
176 */
177 static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
178 uint32_t arm_opcode)
179 {
180 int retval;
181 struct arm920t_common *arm920t = target_to_arm920(target);
182 struct arm_jtag *jtag_info;
183 struct scan_field fields[4];
184 uint8_t access_type_buf = 0; /* interpreted access */
185 uint8_t reg_addr_buf = 0x0;
186 uint8_t nr_w_buf = 0;
187 uint8_t cp15_opcode_buf[4];
188
189 jtag_info = &arm920t->arm7_9_common.jtag_info;
190
191 retval = arm_jtag_scann(jtag_info, 0xf, TAP_IDLE);
192 if (retval != ERROR_OK)
193 return retval;
194 retval = arm_jtag_set_instr(jtag_info->tap, jtag_info->intest_instr, NULL, TAP_IDLE);
195 if (retval != ERROR_OK)
196 return retval;
197
198 buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
199
200 fields[0].num_bits = 1;
201 fields[0].out_value = &access_type_buf;
202 fields[0].in_value = NULL;
203
204 fields[1].num_bits = 32;
205 fields[1].out_value = cp15_opcode_buf;
206 fields[1].in_value = NULL;
207
208 fields[2].num_bits = 6;
209 fields[2].out_value = &reg_addr_buf;
210 fields[2].in_value = NULL;
211
212 fields[3].num_bits = 1;
213 fields[3].out_value = &nr_w_buf;
214 fields[3].in_value = NULL;
215
216 jtag_add_dr_scan(jtag_info->tap, 4, fields, TAP_IDLE);
217
218 arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
219 arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
220 retval = arm7_9_execute_sys_speed(target);
221 if (retval != ERROR_OK)
222 return retval;
223
224 retval = jtag_execute_queue();
225 if (retval != ERROR_OK) {
226 LOG_ERROR("failed executing JTAG queue");
227 return retval;
228 }
229
230 return ERROR_OK;
231 }
232
233 static int arm920t_read_cp15_interpreted(struct target *target,
234 uint32_t cp15_opcode, uint32_t address, uint32_t *value)
235 {
236 struct arm *arm = target_to_arm(target);
237 uint32_t *regs_p[16];
238 uint32_t regs[16];
239 uint32_t cp15c15 = 0x0;
240 struct reg *r = arm->core_cache->reg_list;
241
242 /* load address into R1 */
243 regs[1] = address;
244 arm9tdmi_write_core_regs(target, 0x2, regs);
245
246 /* read-modify-write CP15 test state register
247 * to enable interpreted access mode */
248 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
249 jtag_execute_queue();
250 cp15c15 |= 1; /* set interpret mode */
251 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
252
253 /* execute CP15 instruction and ARM load (reading from coprocessor) */
254 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
255
256 /* disable interpreted access mode */
257 cp15c15 &= ~1U; /* clear interpret mode */
258 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
259
260 /* retrieve value from R0 */
261 regs_p[0] = value;
262 arm9tdmi_read_core_regs(target, 0x1, regs_p);
263 jtag_execute_queue();
264
265 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
266 LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x",
267 cp15_opcode, address, *value);
268 #endif
269
270 if (!is_arm_mode(arm->core_mode)) {
271 LOG_ERROR("not a valid arm core mode - communication failure?");
272 return ERROR_FAIL;
273 }
274
275 r[0].dirty = true;
276 r[1].dirty = true;
277
278 return ERROR_OK;
279 }
280
281 static
282 int arm920t_write_cp15_interpreted(struct target *target,
283 uint32_t cp15_opcode, uint32_t value, uint32_t address)
284 {
285 uint32_t cp15c15 = 0x0;
286 struct arm *arm = target_to_arm(target);
287 uint32_t regs[16];
288 struct reg *r = arm->core_cache->reg_list;
289
290 /* load value, address into R0, R1 */
291 regs[0] = value;
292 regs[1] = address;
293 arm9tdmi_write_core_regs(target, 0x3, regs);
294
295 /* read-modify-write CP15 test state register
296 * to enable interpreted access mode */
297 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
298 jtag_execute_queue();
299 cp15c15 |= 1; /* set interpret mode */
300 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
301
302 /* execute CP15 instruction and ARM store (writing to coprocessor) */
303 arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
304
305 /* disable interpreted access mode */
306 cp15c15 &= ~1U; /* set interpret mode */
307 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
308
309 #ifdef _DEBUG_INSTRUCTION_EXECUTION_
310 LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x",
311 cp15_opcode, value, address);
312 #endif
313
314 if (!is_arm_mode(arm->core_mode)) {
315 LOG_ERROR("not a valid arm core mode - communication failure?");
316 return ERROR_FAIL;
317 }
318
319 r[0].dirty = true;
320 r[1].dirty = true;
321
322 return ERROR_OK;
323 }
324
325 /* EXPORTED to FA256 */
326 int arm920t_get_ttb(struct target *target, uint32_t *result)
327 {
328 int retval;
329 uint32_t ttb = 0x0;
330
331 retval = arm920t_read_cp15_interpreted(target,
332 /* FIXME use opcode macro */
333 0xeebf0f51, 0x0, &ttb);
334 if (retval != ERROR_OK)
335 return retval;
336
337 *result = ttb;
338 return ERROR_OK;
339 }
340
341 /* EXPORTED to FA256 */
342 int arm920t_disable_mmu_caches(struct target *target, int mmu,
343 int d_u_cache, int i_cache)
344 {
345 uint32_t cp15_control;
346 int retval;
347
348 /* read cp15 control register */
349 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
350 if (retval != ERROR_OK)
351 return retval;
352 retval = jtag_execute_queue();
353 if (retval != ERROR_OK)
354 return retval;
355
356 if (mmu)
357 cp15_control &= ~0x1U;
358
359 if (d_u_cache)
360 cp15_control &= ~0x4U;
361
362 if (i_cache)
363 cp15_control &= ~0x1000U;
364
365 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
366 return retval;
367 }
368
369 /* EXPORTED to FA256 */
370 int arm920t_enable_mmu_caches(struct target *target, int mmu,
371 int d_u_cache, int i_cache)
372 {
373 uint32_t cp15_control;
374 int retval;
375
376 /* read cp15 control register */
377 retval = arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_control);
378 if (retval != ERROR_OK)
379 return retval;
380 retval = jtag_execute_queue();
381 if (retval != ERROR_OK)
382 return retval;
383
384 if (mmu)
385 cp15_control |= 0x1U;
386
387 if (d_u_cache)
388 cp15_control |= 0x4U;
389
390 if (i_cache)
391 cp15_control |= 0x1000U;
392
393 retval = arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_control);
394 return retval;
395 }
396
397 /* EXPORTED to FA256 */
398 int arm920t_post_debug_entry(struct target *target)
399 {
400 uint32_t cp15c15;
401 struct arm920t_common *arm920t = target_to_arm920(target);
402 int retval;
403
404 /* examine cp15 control reg */
405 retval = arm920t_read_cp15_physical(target,
406 CP15PHYS_CTRL, &arm920t->cp15_control_reg);
407 if (retval != ERROR_OK)
408 return retval;
409 retval = jtag_execute_queue();
410 if (retval != ERROR_OK)
411 return retval;
412 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, arm920t->cp15_control_reg);
413
414 if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1) {
415 uint32_t cache_type_reg;
416 /* identify caches */
417 retval = arm920t_read_cp15_physical(target,
418 CP15PHYS_CACHETYPE, &cache_type_reg);
419 if (retval != ERROR_OK)
420 return retval;
421 retval = jtag_execute_queue();
422 if (retval != ERROR_OK)
423 return retval;
424 armv4_5_identify_cache(cache_type_reg,
425 &arm920t->armv4_5_mmu.armv4_5_cache);
426 }
427
428 arm920t->armv4_5_mmu.mmu_enabled =
429 (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
430 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
431 (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
432 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
433 (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
434
435 /* save i/d fault status and address register
436 * FIXME use opcode macros */
437 retval = arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
438 if (retval != ERROR_OK)
439 return retval;
440 retval = arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
441 if (retval != ERROR_OK)
442 return retval;
443 retval = arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
444 if (retval != ERROR_OK)
445 return retval;
446 retval = arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
447 if (retval != ERROR_OK)
448 return retval;
449
450 LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32
451 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32,
452 arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
453
454 if (arm920t->preserve_cache) {
455 /* read-modify-write CP15 test state register
456 * to disable I/D-cache linefills */
457 retval = arm920t_read_cp15_physical(target,
458 CP15PHYS_TESTSTATE, &cp15c15);
459 if (retval != ERROR_OK)
460 return retval;
461 retval = jtag_execute_queue();
462 if (retval != ERROR_OK)
463 return retval;
464 cp15c15 |= 0x600;
465 retval = arm920t_write_cp15_physical(target,
466 CP15PHYS_TESTSTATE, cp15c15);
467 if (retval != ERROR_OK)
468 return retval;
469 }
470 return ERROR_OK;
471 }
472
473 /* EXPORTED to FA256 */
474 void arm920t_pre_restore_context(struct target *target)
475 {
476 uint32_t cp15c15 = 0;
477 struct arm920t_common *arm920t = target_to_arm920(target);
478
479 /* restore i/d fault status and address register */
480 arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
481 arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
482 arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
483 arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
484
485 /* read-modify-write CP15 test state register
486 * to reenable I/D-cache linefills */
487 if (arm920t->preserve_cache) {
488 arm920t_read_cp15_physical(target,
489 CP15PHYS_TESTSTATE, &cp15c15);
490 jtag_execute_queue();
491 cp15c15 &= ~0x600U;
492 arm920t_write_cp15_physical(target,
493 CP15PHYS_TESTSTATE, cp15c15);
494 }
495 }
496
497 static const char arm920_not[] = "target is not an ARM920";
498
499 static int arm920t_verify_pointer(struct command_invocation *cmd,
500 struct arm920t_common *arm920t)
501 {
502 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
503 command_print(cmd, arm920_not);
504 return ERROR_TARGET_INVALID;
505 }
506
507 return ERROR_OK;
508 }
509
510 /** Logs summary of ARM920 state for a halted target. */
511 int arm920t_arch_state(struct target *target)
512 {
513 static const char *state[] = {
514 "disabled", "enabled"
515 };
516
517 struct arm920t_common *arm920t = target_to_arm920(target);
518
519 if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
520 LOG_ERROR("BUG: %s", arm920_not);
521 return ERROR_TARGET_INVALID;
522 }
523
524 arm_arch_state(target);
525 LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
526 state[arm920t->armv4_5_mmu.mmu_enabled],
527 state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
528 state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
529
530 return ERROR_OK;
531 }
532
533 static int arm920_mmu(struct target *target, int *enabled)
534 {
535 if (target->state != TARGET_HALTED) {
536 LOG_TARGET_ERROR(target, "not halted");
537 return ERROR_TARGET_NOT_HALTED;
538 }
539
540 *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
541 return ERROR_OK;
542 }
543
544 static int arm920_virt2phys(struct target *target,
545 target_addr_t virt, target_addr_t *phys)
546 {
547 uint32_t cb;
548 struct arm920t_common *arm920t = target_to_arm920(target);
549
550 uint32_t ret;
551 int retval = armv4_5_mmu_translate_va(target,
552 &arm920t->armv4_5_mmu, virt, &cb, &ret);
553 if (retval != ERROR_OK)
554 return retval;
555 *phys = ret;
556 return ERROR_OK;
557 }
558
559 /** Reads a buffer, in the specified word size, with current MMU settings. */
560 int arm920t_read_memory(struct target *target, target_addr_t address,
561 uint32_t size, uint32_t count, uint8_t *buffer)
562 {
563 int retval;
564
565 retval = arm7_9_read_memory(target, address, size, count, buffer);
566
567 return retval;
568 }
569
570
571 static int arm920t_read_phys_memory(struct target *target,
572 target_addr_t address, uint32_t size,
573 uint32_t count, uint8_t *buffer)
574 {
575 struct arm920t_common *arm920t = target_to_arm920(target);
576
577 return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
578 address, size, count, buffer);
579 }
580
581 static int arm920t_write_phys_memory(struct target *target,
582 target_addr_t address, uint32_t size,
583 uint32_t count, const uint8_t *buffer)
584 {
585 struct arm920t_common *arm920t = target_to_arm920(target);
586
587 return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
588 address, size, count, buffer);
589 }
590
591 /** Writes a buffer, in the specified word size, with current MMU settings. */
592 int arm920t_write_memory(struct target *target, target_addr_t address,
593 uint32_t size, uint32_t count, const uint8_t *buffer)
594 {
595 int retval;
596 const uint32_t cache_mask = ~0x1f; /* cache line size : 32 byte */
597 struct arm920t_common *arm920t = target_to_arm920(target);
598
599 /* FIX!!!! this should be cleaned up and made much more general. The
600 * plan is to write up and test on arm920t specifically and
601 * then generalize and clean up afterwards.
602 *
603 * Also it should be moved to the callbacks that handle breakpoints
604 * specifically and not the generic memory write fn's. See XScale code.
605 */
606 if (arm920t->armv4_5_mmu.mmu_enabled && (count == 1) &&
607 ((size == 2) || (size == 4))) {
608 /* special case the handling of single word writes to
609 * bypass MMU, to allow implementation of breakpoints
610 * in memory marked read only
611 * by MMU
612 */
613 uint32_t cb;
614 uint32_t pa;
615
616 /*
617 * We need physical address and cb
618 */
619 retval = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu,
620 address, &cb, &pa);
621 if (retval != ERROR_OK)
622 return retval;
623
624 if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled) {
625 if (cb & 0x1) {
626 LOG_DEBUG("D-Cache buffered, "
627 "drain write buffer");
628 /*
629 * Buffered ?
630 * Drain write buffer - MCR p15,0,Rd,c7,c10,4
631 */
632
633 retval = arm920t_write_cp15_interpreted(target,
634 ARMV4_5_MCR(15, 0, 0, 7, 10, 4),
635 0x0, 0);
636 if (retval != ERROR_OK)
637 return retval;
638 }
639
640 if (cb == 0x3) {
641 /*
642 * Write back memory ? -> clean cache
643 *
644 * There is no way to clean cache lines using
645 * cp15 scan chain, so copy the full cache
646 * line from cache to physical memory.
647 */
648 uint8_t data[32];
649
650 LOG_DEBUG("D-Cache in 'write back' mode, "
651 "flush cache line");
652
653 retval = target_read_memory(target,
654 address & cache_mask, 1,
655 sizeof(data), &data[0]);
656 if (retval != ERROR_OK)
657 return retval;
658
659 retval = armv4_5_mmu_write_physical(target,
660 &arm920t->armv4_5_mmu,
661 pa & cache_mask, 1,
662 sizeof(data), &data[0]);
663 if (retval != ERROR_OK)
664 return retval;
665 }
666
667 /* Cached ? */
668 if (cb & 0x2) {
669 /*
670 * Cached ? -> Invalidate data cache using MVA
671 *
672 * MCR p15,0,Rd,c7,c6,1
673 */
674 LOG_DEBUG("D-Cache enabled, "
675 "invalidate cache line");
676
677 retval = arm920t_write_cp15_interpreted(target,
678 ARMV4_5_MCR(15, 0, 0, 7, 6, 1), 0x0,
679 address & cache_mask);
680 if (retval != ERROR_OK)
681 return retval;
682 }
683 }
684
685 /* write directly to physical memory,
686 * bypassing any read only MMU bits, etc.
687 */
688 retval = armv4_5_mmu_write_physical(target,
689 &arm920t->armv4_5_mmu, pa, size,
690 count, buffer);
691 if (retval != ERROR_OK)
692 return retval;
693 } else {
694 retval = arm7_9_write_memory(target, address, size, count, buffer);
695 if (retval != ERROR_OK)
696 return retval;
697 }
698
699 /* If ICache is enabled, we have to invalidate affected ICache lines
700 * the DCache is forced to write-through,
701 * so we don't have to clean it here
702 */
703 if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled) {
704 if (count <= 1) {
705 /* invalidate ICache single entry with MVA
706 * mcr 15, 0, r0, cr7, cr5, {1}
707 */
708 LOG_DEBUG("I-Cache enabled, "
709 "invalidating affected I-Cache line");
710 retval = arm920t_write_cp15_interpreted(target,
711 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
712 0x0, address & cache_mask);
713 if (retval != ERROR_OK)
714 return retval;
715 } else {
716 /* invalidate ICache
717 * mcr 15, 0, r0, cr7, cr5, {0}
718 */
719 retval = arm920t_write_cp15_interpreted(target,
720 ARMV4_5_MCR(15, 0, 0, 7, 5, 0),
721 0x0, 0x0);
722 if (retval != ERROR_OK)
723 return retval;
724 }
725 }
726
727 return ERROR_OK;
728 }
729
730 /* EXPORTED to FA256 */
731 int arm920t_soft_reset_halt(struct target *target)
732 {
733 int retval = ERROR_OK;
734 struct arm920t_common *arm920t = target_to_arm920(target);
735 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
736 struct arm *arm = &arm7_9->arm;
737 struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
738
739 retval = target_halt(target);
740 if (retval != ERROR_OK)
741 return retval;
742
743 int64_t then = timeval_ms();
744 bool timeout;
745 while (!(timeout = ((timeval_ms()-then) > 1000))) {
746 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0) {
747 embeddedice_read_reg(dbg_stat);
748 retval = jtag_execute_queue();
749 if (retval != ERROR_OK)
750 return retval;
751 } else
752 break;
753 if (debug_level >= 3) {
754 /* do not eat all CPU, time out after 1 se*/
755 alive_sleep(100);
756 } else
757 keep_alive();
758 }
759 if (timeout) {
760 LOG_ERROR("Failed to halt CPU after 1 sec");
761 return ERROR_TARGET_TIMEOUT;
762 }
763
764 target->state = TARGET_HALTED;
765
766 /* SVC, ARM state, IRQ and FIQ disabled */
767 uint32_t cpsr;
768
769 cpsr = buf_get_u32(arm->cpsr->value, 0, 32);
770 cpsr &= ~0xff;
771 cpsr |= 0xd3;
772 arm_set_cpsr(arm, cpsr);
773 arm->cpsr->dirty = true;
774
775 /* start fetching from 0x0 */
776 buf_set_u32(arm->pc->value, 0, 32, 0x0);
777 arm->pc->dirty = true;
778 arm->pc->valid = true;
779
780 arm920t_disable_mmu_caches(target, 1, 1, 1);
781 arm920t->armv4_5_mmu.mmu_enabled = 0;
782 arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
783 arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
784
785 return target_call_event_callbacks(target, TARGET_EVENT_HALTED);
786 }
787
788 /* FIXME remove forward decls */
789 static int arm920t_mrc(struct target *target, int cpnum,
790 uint32_t op1, uint32_t op2,
791 uint32_t crn, uint32_t crm,
792 uint32_t *value);
793 static int arm920t_mcr(struct target *target, int cpnum,
794 uint32_t op1, uint32_t op2,
795 uint32_t crn, uint32_t crm,
796 uint32_t value);
797
798 static int arm920t_init_arch_info(struct target *target,
799 struct arm920t_common *arm920t, struct jtag_tap *tap)
800 {
801 struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
802
803 arm7_9->arm.mrc = arm920t_mrc;
804 arm7_9->arm.mcr = arm920t_mcr;
805
806 /* initialize arm7/arm9 specific info (including armv4_5) */
807 arm9tdmi_init_arch_info(target, arm7_9, tap);
808
809 arm920t->common_magic = ARM920T_COMMON_MAGIC;
810
811 arm7_9->post_debug_entry = arm920t_post_debug_entry;
812 arm7_9->pre_restore_context = arm920t_pre_restore_context;
813 arm7_9->write_memory = arm920t_write_memory;
814
815 arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
816 arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
817 arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
818 arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
819 arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
820 arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
821 arm920t->armv4_5_mmu.has_tiny_pages = 1;
822 arm920t->armv4_5_mmu.mmu_enabled = 0;
823
824 /* disabling linefills leads to lockups, so keep them enabled for now
825 * this doesn't affect correctness, but might affect timing issues, if
826 * important data is evicted from the cache during the debug session
827 * */
828 arm920t->preserve_cache = 0;
829
830 /* override hw single-step capability from ARM9TDMI */
831 arm7_9->has_single_step = 1;
832
833 return ERROR_OK;
834 }
835
836 static int arm920t_target_create(struct target *target, Jim_Interp *interp)
837 {
838 struct arm920t_common *arm920t;
839
840 arm920t = calloc(1, sizeof(struct arm920t_common));
841 return arm920t_init_arch_info(target, arm920t, target->tap);
842 }
843
844 static void arm920t_deinit_target(struct target *target)
845 {
846 struct arm *arm = target_to_arm(target);
847 struct arm920t_common *arm920t = target_to_arm920(target);
848
849 arm7_9_deinit(target);
850 arm_free_reg_cache(arm);
851 free(arm920t);
852 }
853
854 COMMAND_HANDLER(arm920t_handle_read_cache_command)
855 {
856 int retval = ERROR_OK;
857 struct target *target = get_current_target(CMD_CTX);
858 struct arm920t_common *arm920t = target_to_arm920(target);
859 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
860 struct arm *arm = &arm7_9->arm;
861 uint32_t cp15c15;
862 uint32_t cp15_ctrl, cp15_ctrl_saved;
863 uint32_t regs[16];
864 uint32_t *regs_p[16];
865 uint32_t c15_c_d_ind, c15_c_i_ind;
866 int i;
867 FILE *output;
868 int segment, index_t;
869 struct reg *r;
870
871 retval = arm920t_verify_pointer(CMD, arm920t);
872 if (retval != ERROR_OK)
873 return retval;
874
875 if (CMD_ARGC != 1)
876 return ERROR_COMMAND_SYNTAX_ERROR;
877
878 output = fopen(CMD_ARGV[0], "w");
879 if (!output) {
880 LOG_DEBUG("error opening cache content file");
881 return ERROR_OK;
882 }
883
884 for (i = 0; i < 16; i++)
885 regs_p[i] = &regs[i];
886
887 /* disable MMU and Caches */
888 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
889 retval = jtag_execute_queue();
890 if (retval != ERROR_OK)
891 return retval;
892 cp15_ctrl_saved = cp15_ctrl;
893 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
894 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
895 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
896
897 /* read CP15 test state register */
898 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
899 jtag_execute_queue();
900
901 /* read DCache content */
902 fprintf(output, "DCache:\n");
903
904 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
905 for (segment = 0;
906 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
907 segment++) {
908 fprintf(output, "\nsegment: %i\n----------", segment);
909
910 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
911 regs[0] = 0x0 | (segment << 5);
912 arm9tdmi_write_core_regs(target, 0x1, regs);
913
914 /* set interpret mode */
915 cp15c15 |= 0x1;
916 arm920t_write_cp15_physical(target,
917 CP15PHYS_TESTSTATE, cp15c15);
918
919 /* D CAM Read, loads current victim into C15.C.D.Ind */
920 arm920t_execute_cp15(target,
921 ARMV4_5_MCR(15, 2, 0, 15, 6, 2), ARMV4_5_LDR(1, 0));
922
923 /* read current victim */
924 arm920t_read_cp15_physical(target,
925 CP15PHYS_DCACHE_IDX, &c15_c_d_ind);
926
927 /* clear interpret mode */
928 cp15c15 &= ~0x1;
929 arm920t_write_cp15_physical(target,
930 CP15PHYS_TESTSTATE, cp15c15);
931
932 for (index_t = 0; index_t < 64; index_t++) {
933 /* Ra:
934 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
935 */
936 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
937 arm9tdmi_write_core_regs(target, 0x1, regs);
938
939 /* set interpret mode */
940 cp15c15 |= 0x1;
941 arm920t_write_cp15_physical(target,
942 CP15PHYS_TESTSTATE, cp15c15);
943
944 /* Write DCache victim */
945 arm920t_execute_cp15(target,
946 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
947
948 /* Read D RAM */
949 arm920t_execute_cp15(target,
950 ARMV4_5_MCR(15, 2, 0, 15, 10, 2),
951 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
952
953 /* Read D CAM */
954 arm920t_execute_cp15(target,
955 ARMV4_5_MCR(15, 2, 0, 15, 6, 2),
956 ARMV4_5_LDR(9, 0));
957
958 /* clear interpret mode */
959 cp15c15 &= ~0x1;
960 arm920t_write_cp15_physical(target,
961 CP15PHYS_TESTSTATE, cp15c15);
962
963 /* read D RAM and CAM content */
964 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
965 retval = jtag_execute_queue();
966 if (retval != ERROR_OK)
967 return retval;
968
969 /* mask LFSR[6] */
970 regs[9] &= 0xfffffffe;
971 fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8"
972 PRIx32 ", content (%s):\n",
973 segment, index_t, regs[9],
974 (regs[9] & 0x10) ? "valid" : "invalid");
975
976 for (i = 1; i < 9; i++) {
977 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
978 i-1, regs[i]);
979 }
980
981 }
982
983 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
984 regs[0] = 0x0 | (segment << 5) | (c15_c_d_ind << 26);
985 arm9tdmi_write_core_regs(target, 0x1, regs);
986
987 /* set interpret mode */
988 cp15c15 |= 0x1;
989 arm920t_write_cp15_physical(target,
990 CP15PHYS_TESTSTATE, cp15c15);
991
992 /* Write DCache victim */
993 arm920t_execute_cp15(target,
994 ARMV4_5_MCR(15, 0, 0, 9, 1, 0), ARMV4_5_LDR(1, 0));
995
996 /* clear interpret mode */
997 cp15c15 &= ~0x1;
998 arm920t_write_cp15_physical(target,
999 CP15PHYS_TESTSTATE, cp15c15);
1000 }
1001
1002 /* read ICache content */
1003 fprintf(output, "ICache:\n");
1004
1005 /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
1006 for (segment = 0;
1007 segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets;
1008 segment++) {
1009 fprintf(output, "segment: %i\n----------", segment);
1010
1011 /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
1012 regs[0] = 0x0 | (segment << 5);
1013 arm9tdmi_write_core_regs(target, 0x1, regs);
1014
1015 /* set interpret mode */
1016 cp15c15 |= 0x1;
1017 arm920t_write_cp15_physical(target,
1018 CP15PHYS_TESTSTATE, cp15c15);
1019
1020 /* I CAM Read, loads current victim into C15.C.I.Ind */
1021 arm920t_execute_cp15(target,
1022 ARMV4_5_MCR(15, 2, 0, 15, 5, 2), ARMV4_5_LDR(1, 0));
1023
1024 /* read current victim */
1025 arm920t_read_cp15_physical(target, CP15PHYS_ICACHE_IDX,
1026 &c15_c_i_ind);
1027
1028 /* clear interpret mode */
1029 cp15c15 &= ~0x1;
1030 arm920t_write_cp15_physical(target,
1031 CP15PHYS_TESTSTATE, cp15c15);
1032
1033 for (index_t = 0; index_t < 64; index_t++) {
1034 /* Ra:
1035 * r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0)
1036 */
1037 regs[0] = 0x0 | (segment << 5) | (index_t << 26);
1038 arm9tdmi_write_core_regs(target, 0x1, regs);
1039
1040 /* set interpret mode */
1041 cp15c15 |= 0x1;
1042 arm920t_write_cp15_physical(target,
1043 CP15PHYS_TESTSTATE, cp15c15);
1044
1045 /* Write ICache victim */
1046 arm920t_execute_cp15(target,
1047 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1048
1049 /* Read I RAM */
1050 arm920t_execute_cp15(target,
1051 ARMV4_5_MCR(15, 2, 0, 15, 9, 2),
1052 ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
1053
1054 /* Read I CAM */
1055 arm920t_execute_cp15(target,
1056 ARMV4_5_MCR(15, 2, 0, 15, 5, 2),
1057 ARMV4_5_LDR(9, 0));
1058
1059 /* clear interpret mode */
1060 cp15c15 &= ~0x1;
1061 arm920t_write_cp15_physical(target,
1062 CP15PHYS_TESTSTATE, cp15c15);
1063
1064 /* read I RAM and CAM content */
1065 arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
1066 retval = jtag_execute_queue();
1067 if (retval != ERROR_OK)
1068 return retval;
1069
1070 /* mask LFSR[6] */
1071 regs[9] &= 0xfffffffe;
1072 fprintf(output, "\nsegment: %i, index: %i, "
1073 "CAM: 0x%8.8" PRIx32 ", content (%s):\n",
1074 segment, index_t, regs[9],
1075 (regs[9] & 0x10) ? "valid" : "invalid");
1076
1077 for (i = 1; i < 9; i++) {
1078 fprintf(output, "%i: 0x%8.8" PRIx32 "\n",
1079 i-1, regs[i]);
1080 }
1081 }
1082
1083 /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
1084 regs[0] = 0x0 | (segment << 5) | (c15_c_d_ind << 26);
1085 arm9tdmi_write_core_regs(target, 0x1, regs);
1086
1087 /* set interpret mode */
1088 cp15c15 |= 0x1;
1089 arm920t_write_cp15_physical(target,
1090 CP15PHYS_TESTSTATE, cp15c15);
1091
1092 /* Write ICache victim */
1093 arm920t_execute_cp15(target,
1094 ARMV4_5_MCR(15, 0, 0, 9, 1, 1), ARMV4_5_LDR(1, 0));
1095
1096 /* clear interpret mode */
1097 cp15c15 &= ~0x1;
1098 arm920t_write_cp15_physical(target,
1099 CP15PHYS_TESTSTATE, cp15c15);
1100 }
1101
1102 /* restore CP15 MMU and Cache settings */
1103 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1104
1105 command_print(CMD, "cache content successfully output to %s",
1106 CMD_ARGV[0]);
1107
1108 fclose(output);
1109
1110 if (!is_arm_mode(arm->core_mode)) {
1111 LOG_ERROR("not a valid arm core mode - communication failure?");
1112 return ERROR_FAIL;
1113 }
1114
1115 /* force writeback of the valid data */
1116 r = arm->core_cache->reg_list;
1117 r[0].dirty = r[0].valid;
1118 r[1].dirty = r[1].valid;
1119 r[2].dirty = r[2].valid;
1120 r[3].dirty = r[3].valid;
1121 r[4].dirty = r[4].valid;
1122 r[5].dirty = r[5].valid;
1123 r[6].dirty = r[6].valid;
1124 r[7].dirty = r[7].valid;
1125
1126 r = arm_reg_current(arm, 8);
1127 r->dirty = r->valid;
1128
1129 r = arm_reg_current(arm, 9);
1130 r->dirty = r->valid;
1131
1132 return ERROR_OK;
1133 }
1134
1135 COMMAND_HANDLER(arm920t_handle_read_mmu_command)
1136 {
1137 int retval = ERROR_OK;
1138 struct target *target = get_current_target(CMD_CTX);
1139 struct arm920t_common *arm920t = target_to_arm920(target);
1140 struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
1141 struct arm *arm = &arm7_9->arm;
1142 uint32_t cp15c15;
1143 uint32_t cp15_ctrl, cp15_ctrl_saved;
1144 uint32_t regs[16];
1145 uint32_t *regs_p[16];
1146 int i;
1147 FILE *output;
1148 uint32_t d_lockdown, i_lockdown;
1149 struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
1150 int victim;
1151 struct reg *r;
1152
1153 retval = arm920t_verify_pointer(CMD, arm920t);
1154 if (retval != ERROR_OK)
1155 return retval;
1156
1157 if (CMD_ARGC != 1)
1158 return ERROR_COMMAND_SYNTAX_ERROR;
1159
1160 output = fopen(CMD_ARGV[0], "w");
1161 if (!output) {
1162 LOG_DEBUG("error opening mmu content file");
1163 return ERROR_OK;
1164 }
1165
1166 for (i = 0; i < 16; i++)
1167 regs_p[i] = &regs[i];
1168
1169 /* disable MMU and Caches */
1170 arm920t_read_cp15_physical(target, CP15PHYS_CTRL, &cp15_ctrl);
1171 retval = jtag_execute_queue();
1172 if (retval != ERROR_OK)
1173 return retval;
1174 cp15_ctrl_saved = cp15_ctrl;
1175 cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED
1176 | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
1177 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl);
1178
1179 /* read CP15 test state register */
1180 arm920t_read_cp15_physical(target, CP15PHYS_TESTSTATE, &cp15c15);
1181 retval = jtag_execute_queue();
1182 if (retval != ERROR_OK)
1183 return retval;
1184
1185 /* prepare reading D TLB content
1186 * */
1187
1188 /* set interpret mode */
1189 cp15c15 |= 0x1;
1190 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1191
1192 /* Read D TLB lockdown */
1193 arm920t_execute_cp15(target,
1194 ARMV4_5_MRC(15, 0, 0, 10, 0, 0), ARMV4_5_LDR(1, 0));
1195
1196 /* clear interpret mode */
1197 cp15c15 &= ~0x1;
1198 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1199
1200 /* read D TLB lockdown stored to r1 */
1201 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1202 retval = jtag_execute_queue();
1203 if (retval != ERROR_OK)
1204 return retval;
1205 d_lockdown = regs[1];
1206
1207 for (victim = 0; victim < 64; victim += 8) {
1208 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1209 * base remains unchanged, victim goes through entries 0 to 63
1210 */
1211 regs[1] = (d_lockdown & 0xfc000000) | (victim << 20);
1212 arm9tdmi_write_core_regs(target, 0x2, regs);
1213
1214 /* set interpret mode */
1215 cp15c15 |= 0x1;
1216 arm920t_write_cp15_physical(target,
1217 CP15PHYS_TESTSTATE, cp15c15);
1218
1219 /* Write D TLB lockdown */
1220 arm920t_execute_cp15(target,
1221 ARMV4_5_MCR(15, 0, 0, 10, 0, 0),
1222 ARMV4_5_STR(1, 0));
1223
1224 /* Read D TLB CAM */
1225 arm920t_execute_cp15(target,
1226 ARMV4_5_MCR(15, 4, 0, 15, 6, 4),
1227 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1228
1229 /* clear interpret mode */
1230 cp15c15 &= ~0x1;
1231 arm920t_write_cp15_physical(target,
1232 CP15PHYS_TESTSTATE, cp15c15);
1233
1234 /* read D TLB CAM content stored to r2-r9 */
1235 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1236 retval = jtag_execute_queue();
1237 if (retval != ERROR_OK)
1238 return retval;
1239
1240 for (i = 0; i < 8; i++)
1241 d_tlb[victim + i].cam = regs[i + 2];
1242 }
1243
1244 for (victim = 0; victim < 64; victim++) {
1245 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1246 * base remains unchanged, victim goes through entries 0 to 63
1247 */
1248 regs[1] = (d_lockdown & 0xfc000000) | (victim << 20);
1249 arm9tdmi_write_core_regs(target, 0x2, regs);
1250
1251 /* set interpret mode */
1252 cp15c15 |= 0x1;
1253 arm920t_write_cp15_physical(target,
1254 CP15PHYS_TESTSTATE, cp15c15);
1255
1256 /* Write D TLB lockdown */
1257 arm920t_execute_cp15(target,
1258 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1259
1260 /* Read D TLB RAM1 */
1261 arm920t_execute_cp15(target,
1262 ARMV4_5_MCR(15, 4, 0, 15, 10, 4), ARMV4_5_LDR(2, 0));
1263
1264 /* Read D TLB RAM2 */
1265 arm920t_execute_cp15(target,
1266 ARMV4_5_MCR(15, 4, 0, 15, 2, 5), ARMV4_5_LDR(3, 0));
1267
1268 /* clear interpret mode */
1269 cp15c15 &= ~0x1;
1270 arm920t_write_cp15_physical(target,
1271 CP15PHYS_TESTSTATE, cp15c15);
1272
1273 /* read D TLB RAM content stored to r2 and r3 */
1274 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1275 retval = jtag_execute_queue();
1276 if (retval != ERROR_OK)
1277 return retval;
1278
1279 d_tlb[victim].ram1 = regs[2];
1280 d_tlb[victim].ram2 = regs[3];
1281 }
1282
1283 /* restore D TLB lockdown */
1284 regs[1] = d_lockdown;
1285 arm9tdmi_write_core_regs(target, 0x2, regs);
1286
1287 /* Write D TLB lockdown */
1288 arm920t_execute_cp15(target,
1289 ARMV4_5_MCR(15, 0, 0, 10, 0, 0), ARMV4_5_STR(1, 0));
1290
1291 /* prepare reading I TLB content
1292 * */
1293
1294 /* set interpret mode */
1295 cp15c15 |= 0x1;
1296 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1297
1298 /* Read I TLB lockdown */
1299 arm920t_execute_cp15(target,
1300 ARMV4_5_MRC(15, 0, 0, 10, 0, 1), ARMV4_5_LDR(1, 0));
1301
1302 /* clear interpret mode */
1303 cp15c15 &= ~0x1;
1304 arm920t_write_cp15_physical(target, CP15PHYS_TESTSTATE, cp15c15);
1305
1306 /* read I TLB lockdown stored to r1 */
1307 arm9tdmi_read_core_regs(target, 0x2, regs_p);
1308 retval = jtag_execute_queue();
1309 if (retval != ERROR_OK)
1310 return retval;
1311 i_lockdown = regs[1];
1312
1313 for (victim = 0; victim < 64; victim += 8) {
1314 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1315 * base remains unchanged, victim goes through entries 0 to 63
1316 */
1317 regs[1] = (i_lockdown & 0xfc000000) | (victim << 20);
1318 arm9tdmi_write_core_regs(target, 0x2, regs);
1319
1320 /* set interpret mode */
1321 cp15c15 |= 0x1;
1322 arm920t_write_cp15_physical(target,
1323 CP15PHYS_TESTSTATE, cp15c15);
1324
1325 /* Write I TLB lockdown */
1326 arm920t_execute_cp15(target,
1327 ARMV4_5_MCR(15, 0, 0, 10, 0, 1),
1328 ARMV4_5_STR(1, 0));
1329
1330 /* Read I TLB CAM */
1331 arm920t_execute_cp15(target,
1332 ARMV4_5_MCR(15, 4, 0, 15, 5, 4),
1333 ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
1334
1335 /* clear interpret mode */
1336 cp15c15 &= ~0x1;
1337 arm920t_write_cp15_physical(target,
1338 CP15PHYS_TESTSTATE, cp15c15);
1339
1340 /* read I TLB CAM content stored to r2-r9 */
1341 arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
1342 retval = jtag_execute_queue();
1343 if (retval != ERROR_OK)
1344 return retval;
1345
1346 for (i = 0; i < 8; i++)
1347 i_tlb[i + victim].cam = regs[i + 2];
1348 }
1349
1350 for (victim = 0; victim < 64; victim++) {
1351 /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
1352 * base remains unchanged, victim goes through entries 0 to 63
1353 */
1354 regs[1] = (d_lockdown & 0xfc000000) | (victim << 20);
1355 arm9tdmi_write_core_regs(target, 0x2, regs);
1356
1357 /* set interpret mode */
1358 cp15c15 |= 0x1;
1359 arm920t_write_cp15_physical(target,
1360 CP15PHYS_TESTSTATE, cp15c15);
1361
1362 /* Write I TLB lockdown */
1363 arm920t_execute_cp15(target,
1364 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1365
1366 /* Read I TLB RAM1 */
1367 arm920t_execute_cp15(target,
1368 ARMV4_5_MCR(15, 4, 0, 15, 9, 4), ARMV4_5_LDR(2, 0));
1369
1370 /* Read I TLB RAM2 */
1371 arm920t_execute_cp15(target,
1372 ARMV4_5_MCR(15, 4, 0, 15, 1, 5), ARMV4_5_LDR(3, 0));
1373
1374 /* clear interpret mode */
1375 cp15c15 &= ~0x1;
1376 arm920t_write_cp15_physical(target,
1377 CP15PHYS_TESTSTATE, cp15c15);
1378
1379 /* read I TLB RAM content stored to r2 and r3 */
1380 arm9tdmi_read_core_regs(target, 0xc, regs_p);
1381 retval = jtag_execute_queue();
1382 if (retval != ERROR_OK)
1383 return retval;
1384
1385 i_tlb[victim].ram1 = regs[2];
1386 i_tlb[victim].ram2 = regs[3];
1387 }
1388
1389 /* restore I TLB lockdown */
1390 regs[1] = i_lockdown;
1391 arm9tdmi_write_core_regs(target, 0x2, regs);
1392
1393 /* Write I TLB lockdown */
1394 arm920t_execute_cp15(target,
1395 ARMV4_5_MCR(15, 0, 0, 10, 0, 1), ARMV4_5_STR(1, 0));
1396
1397 /* restore CP15 MMU and Cache settings */
1398 arm920t_write_cp15_physical(target, CP15PHYS_CTRL, cp15_ctrl_saved);
1399
1400 /* output data to file */
1401 fprintf(output, "D TLB content:\n");
1402 for (i = 0; i < 64; i++) {
1403 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1404 " 0x%8.8" PRIx32 " %s\n",
1405 i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2,
1406 (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1407 }
1408
1409 fprintf(output, "\n\nI TLB content:\n");
1410 for (i = 0; i < 64; i++) {
1411 fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32
1412 " 0x%8.8" PRIx32 " %s\n",
1413 i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2,
1414 (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
1415 }
1416
1417 command_print(CMD, "mmu content successfully output to %s",
1418 CMD_ARGV[0]);
1419
1420 fclose(output);
1421
1422 if (!is_arm_mode(arm->core_mode)) {
1423 LOG_ERROR("not a valid arm core mode - communication failure?");
1424 return ERROR_FAIL;
1425 }
1426
1427 /* force writeback of the valid data */
1428 r = arm->core_cache->reg_list;
1429 r[0].dirty = r[0].valid;
1430 r[1].dirty = r[1].valid;
1431 r[2].dirty = r[2].valid;
1432 r[3].dirty = r[3].valid;
1433 r[4].dirty = r[4].valid;
1434 r[5].dirty = r[5].valid;
1435 r[6].dirty = r[6].valid;
1436 r[7].dirty = r[7].valid;
1437
1438 r = arm_reg_current(arm, 8);
1439 r->dirty = r->valid;
1440
1441 r = arm_reg_current(arm, 9);
1442 r->dirty = r->valid;
1443
1444 return ERROR_OK;
1445 }
1446
1447 COMMAND_HANDLER(arm920t_handle_cp15_command)
1448 {
1449 int retval;
1450 struct target *target = get_current_target(CMD_CTX);
1451 struct arm920t_common *arm920t = target_to_arm920(target);
1452
1453 retval = arm920t_verify_pointer(CMD, arm920t);
1454 if (retval != ERROR_OK)
1455 return retval;
1456
1457 if (target->state != TARGET_HALTED) {
1458 command_print(CMD, "Error: target must be stopped for "
1459 "\"%s\" command", CMD_NAME);
1460 return ERROR_TARGET_NOT_HALTED;
1461 }
1462
1463 /* one argument, read a register.
1464 * two arguments, write it.
1465 */
1466 if (CMD_ARGC >= 1) {
1467 int address;
1468 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
1469
1470 if (CMD_ARGC == 1) {
1471 uint32_t value;
1472 retval = arm920t_read_cp15_physical(target, address, &value);
1473 if (retval != ERROR_OK) {
1474 command_print(CMD,
1475 "couldn't access reg %i", address);
1476 return ERROR_OK;
1477 }
1478 retval = jtag_execute_queue();
1479 if (retval != ERROR_OK)
1480 return retval;
1481
1482 command_print(CMD, "%i: %8.8" PRIx32,
1483 address, value);
1484 } else if (CMD_ARGC == 2) {
1485 uint32_t value;
1486 COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
1487 retval = arm920t_write_cp15_physical(target,
1488 address, value);
1489 if (retval != ERROR_OK) {
1490 command_print(CMD,
1491 "couldn't access reg %i", address);
1492 /* REVISIT why lie? "return retval"? */
1493 return ERROR_OK;
1494 }
1495 command_print(CMD, "%i: %8.8" PRIx32,
1496 address, value);
1497 }
1498 }
1499
1500 return ERROR_OK;
1501 }
1502
1503 COMMAND_HANDLER(arm920t_handle_cache_info_command)
1504 {
1505 int retval;
1506 struct target *target = get_current_target(CMD_CTX);
1507 struct arm920t_common *arm920t = target_to_arm920(target);
1508
1509 retval = arm920t_verify_pointer(CMD, arm920t);
1510 if (retval != ERROR_OK)
1511 return retval;
1512
1513 return armv4_5_handle_cache_info_command(CMD,
1514 &arm920t->armv4_5_mmu.armv4_5_cache);
1515 }
1516
1517
1518 static int arm920t_mrc(struct target *target, int cpnum,
1519 uint32_t op1, uint32_t op2,
1520 uint32_t crn, uint32_t crm,
1521 uint32_t *value)
1522 {
1523 if (cpnum != 15) {
1524 LOG_ERROR("Only cp15 is supported");
1525 return ERROR_FAIL;
1526 }
1527
1528 /* read "to" r0 */
1529 return arm920t_read_cp15_interpreted(target,
1530 ARMV4_5_MRC(cpnum, op1, 0, crn, crm, op2),
1531 0, value);
1532 }
1533
1534 static int arm920t_mcr(struct target *target, int cpnum,
1535 uint32_t op1, uint32_t op2,
1536 uint32_t crn, uint32_t crm,
1537 uint32_t value)
1538 {
1539 if (cpnum != 15) {
1540 LOG_ERROR("Only cp15 is supported");
1541 return ERROR_FAIL;
1542 }
1543
1544 /* write "from" r0 */
1545 return arm920t_write_cp15_interpreted(target,
1546 ARMV4_5_MCR(cpnum, op1, 0, crn, crm, op2),
1547 0, value);
1548 }
1549
1550 static const struct command_registration arm920t_exec_command_handlers[] = {
1551 {
1552 .name = "cp15",
1553 .handler = arm920t_handle_cp15_command,
1554 .mode = COMMAND_EXEC,
1555 .help = "display/modify cp15 register",
1556 .usage = "regnum [value]",
1557 },
1558 {
1559 .name = "cache_info",
1560 .handler = arm920t_handle_cache_info_command,
1561 .mode = COMMAND_EXEC,
1562 .usage = "",
1563 .help = "display information about target caches",
1564 },
1565 {
1566 .name = "read_cache",
1567 .handler = arm920t_handle_read_cache_command,
1568 .mode = COMMAND_EXEC,
1569 .help = "dump I/D cache content to file",
1570 .usage = "filename",
1571 },
1572 {
1573 .name = "read_mmu",
1574 .handler = arm920t_handle_read_mmu_command,
1575 .mode = COMMAND_EXEC,
1576 .help = "dump I/D mmu content to file",
1577 .usage = "filename",
1578 },
1579 COMMAND_REGISTRATION_DONE
1580 };
1581 const struct command_registration arm920t_command_handlers[] = {
1582 {
1583 .chain = arm9tdmi_command_handlers,
1584 },
1585 {
1586 .name = "arm920t",
1587 .mode = COMMAND_ANY,
1588 .help = "arm920t command group",
1589 .usage = "",
1590 .chain = arm920t_exec_command_handlers,
1591 },
1592 COMMAND_REGISTRATION_DONE
1593 };
1594
1595 /** Holds methods for ARM920 targets. */
1596 struct target_type arm920t_target = {
1597 .name = "arm920t",
1598
1599 .poll = arm7_9_poll,
1600 .arch_state = arm920t_arch_state,
1601
1602 .target_request_data = arm7_9_target_request_data,
1603
1604 .halt = arm7_9_halt,
1605 .resume = arm7_9_resume,
1606 .step = arm7_9_step,
1607
1608 .assert_reset = arm7_9_assert_reset,
1609 .deassert_reset = arm7_9_deassert_reset,
1610 .soft_reset_halt = arm920t_soft_reset_halt,
1611
1612 .get_gdb_arch = arm_get_gdb_arch,
1613 .get_gdb_reg_list = arm_get_gdb_reg_list,
1614
1615 .read_memory = arm920t_read_memory,
1616 .write_memory = arm7_9_write_memory_opt,
1617 .read_phys_memory = arm920t_read_phys_memory,
1618 .write_phys_memory = arm920t_write_phys_memory,
1619 .mmu = arm920_mmu,
1620 .virt2phys = arm920_virt2phys,
1621
1622 .checksum_memory = arm_checksum_memory,
1623 .blank_check_memory = arm_blank_check_memory,
1624
1625 .run_algorithm = armv4_5_run_algorithm,
1626
1627 .add_breakpoint = arm7_9_add_breakpoint,
1628 .remove_breakpoint = arm7_9_remove_breakpoint,
1629 .add_watchpoint = arm7_9_add_watchpoint,
1630 .remove_watchpoint = arm7_9_remove_watchpoint,
1631
1632 .commands = arm920t_command_handlers,
1633 .target_create = arm920t_target_create,
1634 .init_target = arm9tdmi_init_target,
1635 .deinit_target = arm920t_deinit_target,
1636 .examine = arm7_9_examine,
1637 .check_reset = arm7_9_check_reset,
1638 };
Official OpenOCD Mirror