1 /***************************************************************************
2 * Copyright (C) 2016 by Matthias Welwarsky *
3 * matthias.welwarsky@sysgo.com *
5 * Copyright (C) ST-Ericsson SA 2011 michel.jaouen@stericsson.com *
7 * This program is free software; you can redistribute it and/or modify *
8 * it under the terms of the GNU General Public License as published by *
9 * the Free Software Foundation; either version 2 of the License, or *
10 * (at your option) any later version. *
12 * This program is distributed in the hope that it will be useful, *
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
15 * GNU General Public License for more details. *
17 * You should have received a copy of the GNU General Public License *
18 * along with this program. If not, see <http://www.gnu.org/licenses/>. *
19 ***************************************************************************/
25 #include <helper/binarybuffer.h>
26 #include <helper/command.h>
28 #include "jtag/interface.h"
31 #include "armv7a_mmu.h"
32 #include "arm_opcodes.h"
35 #define SCTLR_BIT_AFE (1 << 29)
37 /* method adapted to Cortex-A : reused ARM v4 v5 method */
38 int armv7a_mmu_translate_va(struct target
*target
, uint32_t va
, uint32_t *val
)
40 uint32_t first_lvl_descriptor
= 0x0;
41 uint32_t second_lvl_descriptor
= 0x0;
43 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
44 uint32_t ttbidx
= 0; /* default to ttbr0 */
49 if (target
->state
!= TARGET_HALTED
)
50 LOG_INFO("target not halted, using cached values for translation table!");
52 /* if va is above the range handled by ttbr0, select ttbr1 */
53 if (va
> armv7a
->armv7a_mmu
.ttbr_range
[0]) {
58 ttb
= armv7a
->armv7a_mmu
.ttbr
[ttbidx
];
59 ttb_mask
= armv7a
->armv7a_mmu
.ttbr_mask
[ttbidx
];
60 va_mask
= 0xfff00000 & armv7a
->armv7a_mmu
.ttbr_range
[ttbidx
];
62 LOG_DEBUG("ttb_mask %" PRIx32
" va_mask %" PRIx32
" ttbidx %i",
63 ttb_mask
, va_mask
, ttbidx
);
64 retval
= armv7a
->armv7a_mmu
.read_physical_memory(target
,
65 (ttb
& ttb_mask
) | ((va
& va_mask
) >> 18),
66 4, 1, (uint8_t *)&first_lvl_descriptor
);
67 if (retval
!= ERROR_OK
)
69 first_lvl_descriptor
= target_buffer_get_u32(target
, (uint8_t *)
70 &first_lvl_descriptor
);
71 /* reuse armv4_5 piece of code, specific armv7a changes may come later */
72 LOG_DEBUG("1st lvl desc: %8.8" PRIx32
"", first_lvl_descriptor
);
74 if ((first_lvl_descriptor
& 0x3) == 0) {
75 /* Avoid LOG_ERROR, probably GDB is guessing the stack frame */
76 LOG_WARNING("Address translation failure [1]: va %8.8" PRIx32
"", va
);
77 return ERROR_TARGET_TRANSLATION_FAULT
;
80 if ((first_lvl_descriptor
& 0x40002) == 2) {
81 /* section descriptor */
82 *val
= (first_lvl_descriptor
& 0xfff00000) | (va
& 0x000fffff);
84 } else if ((first_lvl_descriptor
& 0x40002) == 0x40002) {
85 /* supersection descriptor */
86 if (first_lvl_descriptor
& 0x00f001e0) {
87 LOG_ERROR("Physical address does not fit into 32 bits");
88 return ERROR_TARGET_TRANSLATION_FAULT
;
90 *val
= (first_lvl_descriptor
& 0xff000000) | (va
& 0x00ffffff);
95 retval
= armv7a
->armv7a_mmu
.read_physical_memory(target
,
96 (first_lvl_descriptor
& 0xfffffc00) | ((va
& 0x000ff000) >> 10),
97 4, 1, (uint8_t *)&second_lvl_descriptor
);
98 if (retval
!= ERROR_OK
)
101 second_lvl_descriptor
= target_buffer_get_u32(target
, (uint8_t *)
102 &second_lvl_descriptor
);
104 LOG_DEBUG("2nd lvl desc: %8.8" PRIx32
"", second_lvl_descriptor
);
106 if ((second_lvl_descriptor
& 0x3) == 0) {
107 /* Avoid LOG_ERROR, probably GDB is guessing the stack frame */
108 LOG_WARNING("Address translation failure [2]: va %8.8" PRIx32
"", va
);
109 return ERROR_TARGET_TRANSLATION_FAULT
;
112 if ((second_lvl_descriptor
& 0x3) == 1) {
113 /* large page descriptor */
114 *val
= (second_lvl_descriptor
& 0xffff0000) | (va
& 0x0000ffff);
116 /* small page descriptor */
117 *val
= (second_lvl_descriptor
& 0xfffff000) | (va
& 0x00000fff);
123 /* V7 method VA TO PA */
124 int armv7a_mmu_translate_va_pa(struct target
*target
, uint32_t va
,
125 uint32_t *val
, int meminfo
)
127 int retval
= ERROR_FAIL
;
128 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
129 struct arm_dpm
*dpm
= armv7a
->arm
.dpm
;
130 uint32_t virt
= va
& ~0xfff;
131 uint32_t NOS
, NS
, INNER
, OUTER
;
133 retval
= dpm
->prepare(dpm
);
134 if (retval
!= ERROR_OK
)
136 /* mmu must be enable in order to get a correct translation
137 * use VA to PA CP15 register for conversion */
138 retval
= dpm
->instr_write_data_r0(dpm
,
139 ARMV4_5_MCR(15, 0, 0, 7, 8, 0),
141 if (retval
!= ERROR_OK
)
143 retval
= dpm
->instr_read_data_r0(dpm
,
144 ARMV4_5_MRC(15, 0, 0, 7, 4, 0),
146 /* decode memory attribute */
147 NOS
= (*val
>> 10) & 1; /* Not Outer shareable */
148 NS
= (*val
>> 9) & 1; /* Non secure */
149 INNER
= (*val
>> 4) & 0x7;
150 OUTER
= (*val
>> 2) & 0x3;
152 if (retval
!= ERROR_OK
)
154 *val
= (*val
& ~0xfff) + (va
& 0xfff);
156 LOG_WARNING("virt = phys : MMU disable !!");
158 LOG_INFO("%" PRIx32
" : %" PRIx32
" %s outer shareable %s secured",
160 NOS
== 1 ? "not" : " ",
161 NS
== 1 ? "not" : "");
164 LOG_INFO("outer: Non-Cacheable");
167 LOG_INFO("outer: Write-Back, Write-Allocate");
170 LOG_INFO("outer: Write-Through, No Write-Allocate");
173 LOG_INFO("outer: Write-Back, no Write-Allocate");
178 LOG_INFO("inner: Non-Cacheable");
181 LOG_INFO("inner: Strongly-ordered");
184 LOG_INFO("inner: Device");
187 LOG_INFO("inner: Write-Back, Write-Allocate");
190 LOG_INFO("inner: Write-Through");
193 LOG_INFO("inner: Write-Back, no Write-Allocate");
196 LOG_INFO("inner: %" PRIx32
" ???", INNER
);
206 static const char *desc_bits_to_string(bool c_bit
, bool b_bit
, bool s_bit
, bool ap2
, int ap10
, bool afe
)
208 static char bits_string
[64];
214 bool priv
= !(ap10
& 2);
215 len
= snprintf(bits_string
, sizeof(bits_string
), "%s%s%s access%s: %s%s",
216 s_bit
? "S " : "", c_bit
? "C " : "", b_bit
? "B " : "",
217 priv
? "(priv)" : "", acc_r
? "R" : "N", acc_w
? "W " : "O ");
219 bool priv_acc_w
= !ap2
;
220 bool priv_acc_r
= true;
221 bool unpriv_acc_w
= priv_acc_w
;
222 bool unpriv_acc_r
= priv_acc_r
;
226 priv_acc_r
= priv_acc_w
= false;
227 unpriv_acc_r
= unpriv_acc_w
= false;
230 unpriv_acc_r
= unpriv_acc_w
= false;
233 unpriv_acc_w
= false;
239 len
= snprintf(bits_string
, sizeof(bits_string
), "%s%s%s access(priv): %s%s access(unpriv): %s%s",
240 s_bit
? "S " : "", c_bit
? "C " : "", b_bit
? "B " : "", priv_acc_r
? "R" : "N", priv_acc_w
? "W" : "O",
241 unpriv_acc_r
? "R" : "N", unpriv_acc_w
? "W" : "O");
244 if (len
>= sizeof(bits_string
))
250 static const char *l2_desc_bits_to_string(uint32_t l2_desc
, bool afe
)
252 bool c_bit
= !!(l2_desc
& (1 << 3));
253 bool b_bit
= !!(l2_desc
& (1 << 2));
254 bool s_bit
= !!(l2_desc
& (1 << 10));
255 bool ap2
= !!(l2_desc
& (1 << 9));
256 int ap10
= (l2_desc
>> 4) & 3;
258 return desc_bits_to_string(c_bit
, b_bit
, s_bit
, ap2
, ap10
, afe
);
261 static const char *l1_desc_bits_to_string(uint32_t l1_desc
, bool afe
)
263 bool c_bit
= !!(l1_desc
& (1 << 3));
264 bool b_bit
= !!(l1_desc
& (1 << 2));
265 bool s_bit
= !!(l1_desc
& (1 << 16));
266 bool ap2
= !!(l1_desc
& (1 << 15));
267 int ap10
= (l1_desc
>> 10) & 3;
269 return desc_bits_to_string(c_bit
, b_bit
, s_bit
, ap2
, ap10
, afe
);
272 COMMAND_HANDLER(armv7a_mmu_dump_table
)
274 struct target
*target
= get_current_target(CMD_CTX
);
275 struct cortex_a_common
*cortex_a
= target_to_cortex_a(target
);
276 struct armv7a_common
*armv7a
= target_to_armv7a(target
);
277 struct armv7a_mmu_common
*mmu
= &armv7a
->armv7a_mmu
;
278 struct armv7a_cache_common
*cache
= &mmu
->armv7a_cache
;
279 uint32_t *first_lvl_ptbl
;
284 int max_pt_idx
= 4095;
288 return ERROR_COMMAND_SYNTAX_ERROR
;
290 if (!strcmp(CMD_ARGV
[0], "addr")) {
292 return ERROR_COMMAND_SYNTAX_ERROR
;
294 COMMAND_PARSE_NUMBER(target_addr
, CMD_ARGV
[1], ttb
);
297 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[2], max_pt_idx
);
299 if (max_pt_idx
< 1 || max_pt_idx
> 4096)
300 return ERROR_COMMAND_ARGUMENT_INVALID
;
304 if (mmu
->cached
!= 1) {
305 LOG_ERROR("TTB not cached!");
309 COMMAND_PARSE_NUMBER(int, CMD_ARGV
[0], ttbidx
);
310 if (ttbidx
< 0 || ttbidx
> 1)
311 return ERROR_COMMAND_ARGUMENT_INVALID
;
313 ttb
= mmu
->ttbr
[ttbidx
] & mmu
->ttbr_mask
[ttbidx
];
316 int ttbcr_n
= mmu
->ttbcr
& 0x7;
317 max_pt_idx
= 0x0fff >> ttbcr_n
;
321 LOG_USER("Page Directory at (phys): %8.8" TARGET_PRIxADDR
, ttb
);
323 first_lvl_ptbl
= malloc(sizeof(uint32_t)*(max_pt_idx
+1));
324 if (first_lvl_ptbl
== NULL
)
328 * this may or may not be necessary depending on whether
329 * the table walker is configured to use the cache or not.
331 cache
->flush_all_data_cache(target
);
333 retval
= mmu
->read_physical_memory(target
, ttb
, 4, max_pt_idx
+1, (uint8_t *)first_lvl_ptbl
);
334 if (retval
!= ERROR_OK
) {
335 LOG_ERROR("Failed to read first-level page table!");
339 afe
= !!(cortex_a
->cp15_control_reg
& SCTLR_BIT_AFE
);
341 for (pt_idx
= 0; pt_idx
<= max_pt_idx
;) {
342 uint32_t first_lvl_descriptor
= target_buffer_get_u32(target
,
343 (uint8_t *)&first_lvl_ptbl
[pt_idx
]);
345 LOG_DEBUG("L1 desc[%8.8"PRIx32
"]: %8.8"PRIx32
, pt_idx
<< 20, first_lvl_descriptor
);
347 /* skip empty entries in the first level table */
348 if ((first_lvl_descriptor
& 3) == 0) {
351 if ((first_lvl_descriptor
& 0x40002) == 2) {
352 /* section descriptor */
353 uint32_t va_range
= 1024*1024-1; /* 1MB range */
354 uint32_t va_start
= pt_idx
<< 20;
355 uint32_t va_end
= va_start
+ va_range
;
357 uint32_t pa_start
= (first_lvl_descriptor
& 0xfff00000);
358 uint32_t pa_end
= pa_start
+ va_range
;
360 LOG_USER("SECT: VA[%8.8"PRIx32
" -- %8.8"PRIx32
"]: PA[%8.8"PRIx32
" -- %8.8"PRIx32
"] %s",
361 va_start
, va_end
, pa_start
, pa_end
, l1_desc_bits_to_string(first_lvl_descriptor
, afe
));
364 if ((first_lvl_descriptor
& 0x40002) == 0x40002) {
365 /* supersection descriptor */
366 uint32_t va_range
= 16*1024*1024-1; /* 16MB range */
367 uint32_t va_start
= pt_idx
<< 20;
368 uint32_t va_end
= va_start
+ va_range
;
370 uint32_t pa_start
= (first_lvl_descriptor
& 0xff000000);
371 uint32_t pa_end
= pa_start
+ va_range
;
373 LOG_USER("SSCT: VA[%8.8"PRIx32
" -- %8.8"PRIx32
"]: PA[%8.8"PRIx32
" -- %8.8"PRIx32
"] %s",
374 va_start
, va_end
, pa_start
, pa_end
, l1_desc_bits_to_string(first_lvl_descriptor
, afe
));
376 /* skip next 15 entries, they're duplicating the first entry */
379 target_addr_t second_lvl_ptbl
= first_lvl_descriptor
& 0xfffffc00;
380 uint32_t second_lvl_descriptor
;
384 /* page table, always 1KB long */
386 retval
= mmu
->read_physical_memory(target
, second_lvl_ptbl
,
387 4, 256, (uint8_t *)pt2
);
388 if (retval
!= ERROR_OK
) {
389 LOG_ERROR("Failed to read second-level page table!");
393 for (pt2_idx
= 0; pt2_idx
< 256; ) {
394 second_lvl_descriptor
= target_buffer_get_u32(target
,
395 (uint8_t *)&pt2
[pt2_idx
]);
397 if ((second_lvl_descriptor
& 3) == 0) {
401 if ((second_lvl_descriptor
& 3) == 1) {
403 uint32_t va_range
= 64*1024-1; /* 64KB range */
404 uint32_t va_start
= (pt_idx
<< 20) + (pt2_idx
<< 12);
405 uint32_t va_end
= va_start
+ va_range
;
407 uint32_t pa_start
= (second_lvl_descriptor
& 0xffff0000);
408 uint32_t pa_end
= pa_start
+ va_range
;
410 LOG_USER("LPGE: VA[%8.8"PRIx32
" -- %8.8"PRIx32
"]: PA[%8.8"PRIx32
" -- %8.8"PRIx32
"] %s",
411 va_start
, va_end
, pa_start
, pa_end
, l2_desc_bits_to_string(second_lvl_descriptor
, afe
));
416 uint32_t va_range
= 4*1024-1; /* 4KB range */
417 uint32_t va_start
= (pt_idx
<< 20) + (pt2_idx
<< 12);
418 uint32_t va_end
= va_start
+ va_range
;
420 uint32_t pa_start
= (second_lvl_descriptor
& 0xfffff000);
421 uint32_t pa_end
= pa_start
+ va_range
;
423 LOG_USER("SPGE: VA[%8.8"PRIx32
" -- %8.8"PRIx32
"]: PA[%8.8"PRIx32
" -- %8.8"PRIx32
"] %s",
424 va_start
, va_end
, pa_start
, pa_end
, l2_desc_bits_to_string(second_lvl_descriptor
, afe
));
434 free(first_lvl_ptbl
);
438 static const struct command_registration armv7a_mmu_group_handlers
[] = {
441 .handler
= armv7a_mmu_dump_table
,
443 .help
= "dump translation table 0, 1 or from <address>",
444 .usage
= "(0|1|addr <address> [num_entries])",
446 COMMAND_REGISTRATION_DONE
449 const struct command_registration armv7a_mmu_command_handlers
[] = {
453 .help
= "mmu command group",
455 .chain
= armv7a_mmu_group_handlers
,
457 COMMAND_REGISTRATION_DONE
