You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1480 lines
41 KiB

  1. /***************************************************************************
  2. * Copyright (C) 2005 by Dominic Rath *
  3. * Dominic.Rath@gmx.de *
  4. * *
  5. * This program is free software; you can redistribute it and/or modify *
  6. * it under the terms of the GNU General Public License as published by *
  7. * the Free Software Foundation; either version 2 of the License, or *
  8. * (at your option) any later version. *
  9. * *
  10. * This program is distributed in the hope that it will be useful, *
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of *
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
  13. * GNU General Public License for more details. *
  14. * *
  15. * You should have received a copy of the GNU General Public License *
  16. * along with this program; if not, write to the *
  17. * Free Software Foundation, Inc., *
  18. * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
  19. ***************************************************************************/
  20. #ifdef HAVE_CONFIG_H
  21. #include "config.h"
  22. #endif
  23. #include "arm920t.h"
  24. #include <helper/time_support.h>
  25. #include "target_type.h"
  26. #include "register.h"
  27. #include "arm_opcodes.h"
  28. /*
  29. * For information about the ARM920T, see ARM DDI 0151C especially
  30. * Chapter 9 about debug support, which shows how to manipulate each
  31. * of the different scan chains:
  32. *
  33. * 0 ... ARM920 signals, e.g. to rest of SOC (unused here)
  34. * 1 ... debugging; watchpoint and breakpoint status, etc; also
  35. * MMU and cache access in conjunction with scan chain 15
  36. * 2 ... EmbeddedICE
  37. * 3 ... external boundary scan (SoC-specific, unused here)
  38. * 4 ... access to cache tag RAM
  39. * 6 ... ETM9
  40. * 15 ... access coprocessor 15, "physical" or "interpreted" modes
  41. * "interpreted" works with a few actual MRC/MCR instructions
  42. * "physical" provides register-like behaviors.
  43. *
  44. * The ARM922T is similar, but with smaller caches (8K each, vs 16K).
  45. */
  46. #if 0
  47. #define _DEBUG_INSTRUCTION_EXECUTION_
  48. #endif
  49. #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
  50. static int arm920t_read_cp15_physical(struct target *target,
  51. int reg_addr, uint32_t *value)
  52. {
  53. struct arm920t_common *arm920t = target_to_arm920(target);
  54. struct arm_jtag *jtag_info;
  55. struct scan_field fields[4];
  56. uint8_t access_type_buf = 1;
  57. uint8_t reg_addr_buf = reg_addr & 0x3f;
  58. uint8_t nr_w_buf = 0;
  59. jtag_info = &arm920t->arm7_9_common.jtag_info;
  60. jtag_set_end_state(TAP_IDLE);
  61. arm_jtag_scann(jtag_info, 0xf);
  62. arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
  63. fields[0].tap = jtag_info->tap;
  64. fields[0].num_bits = 1;
  65. fields[0].out_value = &access_type_buf;
  66. fields[0].in_value = NULL;
  67. fields[1].tap = jtag_info->tap;
  68. fields[1].num_bits = 32;
  69. fields[1].out_value = NULL;
  70. fields[1].in_value = NULL;
  71. fields[2].tap = jtag_info->tap;
  72. fields[2].num_bits = 6;
  73. fields[2].out_value = &reg_addr_buf;
  74. fields[2].in_value = NULL;
  75. fields[3].tap = jtag_info->tap;
  76. fields[3].num_bits = 1;
  77. fields[3].out_value = &nr_w_buf;
  78. fields[3].in_value = NULL;
  79. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  80. fields[1].in_value = (uint8_t *)value;
  81. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  82. jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
  83. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  84. jtag_execute_queue();
  85. LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
  86. #endif
  87. return ERROR_OK;
  88. }
  89. static int arm920t_write_cp15_physical(struct target *target,
  90. int reg_addr, uint32_t value)
  91. {
  92. struct arm920t_common *arm920t = target_to_arm920(target);
  93. struct arm_jtag *jtag_info;
  94. struct scan_field fields[4];
  95. uint8_t access_type_buf = 1;
  96. uint8_t reg_addr_buf = reg_addr & 0x3f;
  97. uint8_t nr_w_buf = 1;
  98. uint8_t value_buf[4];
  99. jtag_info = &arm920t->arm7_9_common.jtag_info;
  100. buf_set_u32(value_buf, 0, 32, value);
  101. jtag_set_end_state(TAP_IDLE);
  102. arm_jtag_scann(jtag_info, 0xf);
  103. arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
  104. fields[0].tap = jtag_info->tap;
  105. fields[0].num_bits = 1;
  106. fields[0].out_value = &access_type_buf;
  107. fields[0].in_value = NULL;
  108. fields[1].tap = jtag_info->tap;
  109. fields[1].num_bits = 32;
  110. fields[1].out_value = value_buf;
  111. fields[1].in_value = NULL;
  112. fields[2].tap = jtag_info->tap;
  113. fields[2].num_bits = 6;
  114. fields[2].out_value = &reg_addr_buf;
  115. fields[2].in_value = NULL;
  116. fields[3].tap = jtag_info->tap;
  117. fields[3].num_bits = 1;
  118. fields[3].out_value = &nr_w_buf;
  119. fields[3].in_value = NULL;
  120. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  121. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  122. LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
  123. #endif
  124. return ERROR_OK;
  125. }
  126. static int arm920t_execute_cp15(struct target *target, uint32_t cp15_opcode,
  127. uint32_t arm_opcode)
  128. {
  129. int retval;
  130. struct arm920t_common *arm920t = target_to_arm920(target);
  131. struct arm_jtag *jtag_info;
  132. struct scan_field fields[4];
  133. uint8_t access_type_buf = 0; /* interpreted access */
  134. uint8_t reg_addr_buf = 0x0;
  135. uint8_t nr_w_buf = 0;
  136. uint8_t cp15_opcode_buf[4];
  137. jtag_info = &arm920t->arm7_9_common.jtag_info;
  138. jtag_set_end_state(TAP_IDLE);
  139. arm_jtag_scann(jtag_info, 0xf);
  140. arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
  141. buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
  142. fields[0].tap = jtag_info->tap;
  143. fields[0].num_bits = 1;
  144. fields[0].out_value = &access_type_buf;
  145. fields[0].in_value = NULL;
  146. fields[1].tap = jtag_info->tap;
  147. fields[1].num_bits = 32;
  148. fields[1].out_value = cp15_opcode_buf;
  149. fields[1].in_value = NULL;
  150. fields[2].tap = jtag_info->tap;
  151. fields[2].num_bits = 6;
  152. fields[2].out_value = &reg_addr_buf;
  153. fields[2].in_value = NULL;
  154. fields[3].tap = jtag_info->tap;
  155. fields[3].num_bits = 1;
  156. fields[3].out_value = &nr_w_buf;
  157. fields[3].in_value = NULL;
  158. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  159. arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
  160. arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
  161. retval = arm7_9_execute_sys_speed(target);
  162. if (retval != ERROR_OK)
  163. return retval;
  164. if ((retval = jtag_execute_queue()) != ERROR_OK)
  165. {
  166. LOG_ERROR("failed executing JTAG queue");
  167. return retval;
  168. }
  169. return ERROR_OK;
  170. }
  171. static int arm920t_read_cp15_interpreted(struct target *target,
  172. uint32_t cp15_opcode, uint32_t address, uint32_t *value)
  173. {
  174. struct arm *armv4_5 = target_to_arm(target);
  175. uint32_t* regs_p[1];
  176. uint32_t regs[2];
  177. uint32_t cp15c15 = 0x0;
  178. struct reg *r = armv4_5->core_cache->reg_list;
  179. /* load address into R1 */
  180. regs[1] = address;
  181. arm9tdmi_write_core_regs(target, 0x2, regs);
  182. /* read-modify-write CP15 test state register
  183. * to enable interpreted access mode */
  184. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  185. jtag_execute_queue();
  186. cp15c15 |= 1; /* set interpret mode */
  187. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  188. /* execute CP15 instruction and ARM load (reading from coprocessor) */
  189. arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
  190. /* disable interpreted access mode */
  191. cp15c15 &= ~1U; /* clear interpret mode */
  192. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  193. /* retrieve value from R0 */
  194. regs_p[0] = value;
  195. arm9tdmi_read_core_regs(target, 0x1, regs_p);
  196. jtag_execute_queue();
  197. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  198. LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x", cp15_opcode, address, *value);
  199. #endif
  200. if (!is_arm_mode(armv4_5->core_mode))
  201. return ERROR_FAIL;
  202. r[0].dirty = 1;
  203. r[1].dirty = 1;
  204. return ERROR_OK;
  205. }
  206. static
  207. int arm920t_write_cp15_interpreted(struct target *target,
  208. uint32_t cp15_opcode, uint32_t value, uint32_t address)
  209. {
  210. uint32_t cp15c15 = 0x0;
  211. struct arm *armv4_5 = target_to_arm(target);
  212. uint32_t regs[2];
  213. struct reg *r = armv4_5->core_cache->reg_list;
  214. /* load value, address into R0, R1 */
  215. regs[0] = value;
  216. regs[1] = address;
  217. arm9tdmi_write_core_regs(target, 0x3, regs);
  218. /* read-modify-write CP15 test state register
  219. * to enable interpreted access mode */
  220. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  221. jtag_execute_queue();
  222. cp15c15 |= 1; /* set interpret mode */
  223. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  224. /* execute CP15 instruction and ARM store (writing to coprocessor) */
  225. arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
  226. /* disable interpreted access mode */
  227. cp15c15 &= ~1U; /* set interpret mode */
  228. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  229. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  230. LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x", cp15_opcode, value, address);
  231. #endif
  232. if (!is_arm_mode(armv4_5->core_mode))
  233. return ERROR_FAIL;
  234. r[0].dirty = 1;
  235. r[1].dirty = 1;
  236. return ERROR_OK;
  237. }
  238. // EXPORTED to FA256
  239. uint32_t arm920t_get_ttb(struct target *target)
  240. {
  241. int retval;
  242. uint32_t ttb = 0x0;
  243. if ((retval = arm920t_read_cp15_interpreted(target, 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
  244. return retval;
  245. return ttb;
  246. }
  247. // EXPORTED to FA256
  248. void arm920t_disable_mmu_caches(struct target *target, int mmu, int d_u_cache, int i_cache)
  249. {
  250. uint32_t cp15_control;
  251. /* read cp15 control register */
  252. arm920t_read_cp15_physical(target, 0x2, &cp15_control);
  253. jtag_execute_queue();
  254. if (mmu)
  255. cp15_control &= ~0x1U;
  256. if (d_u_cache)
  257. cp15_control &= ~0x4U;
  258. if (i_cache)
  259. cp15_control &= ~0x1000U;
  260. arm920t_write_cp15_physical(target, 0x2, cp15_control);
  261. }
  262. // EXPORTED to FA256
  263. void arm920t_enable_mmu_caches(struct target *target, int mmu, int d_u_cache, int i_cache)
  264. {
  265. uint32_t cp15_control;
  266. /* read cp15 control register */
  267. arm920t_read_cp15_physical(target, 0x2, &cp15_control);
  268. jtag_execute_queue();
  269. if (mmu)
  270. cp15_control |= 0x1U;
  271. if (d_u_cache)
  272. cp15_control |= 0x4U;
  273. if (i_cache)
  274. cp15_control |= 0x1000U;
  275. arm920t_write_cp15_physical(target, 0x2, cp15_control);
  276. }
  277. // EXPORTED to FA256
  278. void arm920t_post_debug_entry(struct target *target)
  279. {
  280. uint32_t cp15c15;
  281. struct arm920t_common *arm920t = target_to_arm920(target);
  282. /* examine cp15 control reg */
  283. arm920t_read_cp15_physical(target, 0x2, &arm920t->cp15_control_reg);
  284. jtag_execute_queue();
  285. LOG_DEBUG("cp15_control_reg: %8.8" PRIx32 "", arm920t->cp15_control_reg);
  286. if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
  287. {
  288. uint32_t cache_type_reg;
  289. /* identify caches */
  290. arm920t_read_cp15_physical(target, 0x1, &cache_type_reg);
  291. jtag_execute_queue();
  292. armv4_5_identify_cache(cache_type_reg, &arm920t->armv4_5_mmu.armv4_5_cache);
  293. }
  294. arm920t->armv4_5_mmu.mmu_enabled = (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
  295. arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
  296. arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
  297. /* save i/d fault status and address register */
  298. arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
  299. arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
  300. arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
  301. arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
  302. LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32 "",
  303. arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
  304. if (arm920t->preserve_cache)
  305. {
  306. /* read-modify-write CP15 test state register
  307. * to disable I/D-cache linefills */
  308. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  309. jtag_execute_queue();
  310. cp15c15 |= 0x600;
  311. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  312. }
  313. }
  314. // EXPORTED to FA256
  315. void arm920t_pre_restore_context(struct target *target)
  316. {
  317. uint32_t cp15c15;
  318. struct arm920t_common *arm920t = target_to_arm920(target);
  319. /* restore i/d fault status and address register */
  320. arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
  321. arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
  322. arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
  323. arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
  324. /* read-modify-write CP15 test state register
  325. * to reenable I/D-cache linefills */
  326. if (arm920t->preserve_cache)
  327. {
  328. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  329. jtag_execute_queue();
  330. cp15c15 &= ~0x600U;
  331. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  332. }
  333. }
  334. static const char arm920_not[] = "target is not an ARM920";
  335. static int arm920t_verify_pointer(struct command_context *cmd_ctx,
  336. struct arm920t_common *arm920t)
  337. {
  338. if (arm920t->common_magic != ARM920T_COMMON_MAGIC) {
  339. command_print(cmd_ctx, arm920_not);
  340. return ERROR_TARGET_INVALID;
  341. }
  342. return ERROR_OK;
  343. }
  344. /** Logs summary of ARM920 state for a halted target. */
  345. int arm920t_arch_state(struct target *target)
  346. {
  347. static const char *state[] =
  348. {
  349. "disabled", "enabled"
  350. };
  351. struct arm920t_common *arm920t = target_to_arm920(target);
  352. struct arm *armv4_5;
  353. if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
  354. {
  355. LOG_ERROR("BUG: %s", arm920_not);
  356. return ERROR_TARGET_INVALID;
  357. }
  358. armv4_5 = &arm920t->arm7_9_common.armv4_5_common;
  359. arm_arch_state(target);
  360. LOG_USER("MMU: %s, D-Cache: %s, I-Cache: %s",
  361. state[arm920t->armv4_5_mmu.mmu_enabled],
  362. state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
  363. state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
  364. return ERROR_OK;
  365. }
  366. static int arm920_mmu(struct target *target, int *enabled)
  367. {
  368. if (target->state != TARGET_HALTED) {
  369. LOG_ERROR("%s: target not halted", __func__);
  370. return ERROR_TARGET_INVALID;
  371. }
  372. *enabled = target_to_arm920(target)->armv4_5_mmu.mmu_enabled;
  373. return ERROR_OK;
  374. }
  375. static int arm920_virt2phys(struct target *target,
  376. uint32_t virt, uint32_t *phys)
  377. {
  378. /** @todo Implement this! */
  379. LOG_ERROR("%s: not implemented", __func__);
  380. return ERROR_FAIL;
  381. }
  382. /** Reads a buffer, in the specified word size, with current MMU settings. */
  383. int arm920t_read_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  384. {
  385. int retval;
  386. retval = arm7_9_read_memory(target, address, size, count, buffer);
  387. return retval;
  388. }
  389. static int arm920t_read_phys_memory(struct target *target,
  390. uint32_t address, uint32_t size,
  391. uint32_t count, uint8_t *buffer)
  392. {
  393. struct arm920t_common *arm920t = target_to_arm920(target);
  394. return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu,
  395. address, size, count, buffer);
  396. }
  397. static int arm920t_write_phys_memory(struct target *target,
  398. uint32_t address, uint32_t size,
  399. uint32_t count, uint8_t *buffer)
  400. {
  401. struct arm920t_common *arm920t = target_to_arm920(target);
  402. return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu,
  403. address, size, count, buffer);
  404. }
  405. /** Writes a buffer, in the specified word size, with current MMU settings. */
  406. int arm920t_write_memory(struct target *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  407. {
  408. int retval;
  409. if ((retval = arm7_9_write_memory(target, address, size, count, buffer)) != ERROR_OK)
  410. return retval;
  411. /* This fn is used to write breakpoints, so we need to make sure
  412. * that the data cache is flushed and the instruction cache is
  413. * invalidated
  414. */
  415. if (((size == 4) || (size == 2)) && (count == 1))
  416. {
  417. struct arm920t_common *arm920t = target_to_arm920(target);
  418. if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
  419. {
  420. LOG_DEBUG("D-Cache enabled, flush and invalidate cache line");
  421. /* MCR p15,0,Rd,c7,c10,2 */
  422. retval = arm920t_write_cp15_interpreted(target, 0xee070f5e, 0x0, address);
  423. if (retval != ERROR_OK)
  424. return retval;
  425. }
  426. if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
  427. {
  428. LOG_DEBUG("I-Cache enabled, invalidating affected I-Cache line");
  429. retval = arm920t_write_cp15_interpreted(target, 0xee070f35, 0x0, address);
  430. if (retval != ERROR_OK)
  431. return retval;
  432. }
  433. }
  434. return retval;
  435. }
  436. // EXPORTED to FA256
  437. int arm920t_soft_reset_halt(struct target *target)
  438. {
  439. int retval = ERROR_OK;
  440. struct arm920t_common *arm920t = target_to_arm920(target);
  441. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  442. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  443. struct reg *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  444. if ((retval = target_halt(target)) != ERROR_OK)
  445. {
  446. return retval;
  447. }
  448. long long then = timeval_ms();
  449. int timeout;
  450. while (!(timeout = ((timeval_ms()-then) > 1000)))
  451. {
  452. if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0)
  453. {
  454. embeddedice_read_reg(dbg_stat);
  455. if ((retval = jtag_execute_queue()) != ERROR_OK)
  456. {
  457. return retval;
  458. }
  459. } else
  460. {
  461. break;
  462. }
  463. if (debug_level >= 3)
  464. {
  465. /* do not eat all CPU, time out after 1 se*/
  466. alive_sleep(100);
  467. } else
  468. {
  469. keep_alive();
  470. }
  471. }
  472. if (timeout)
  473. {
  474. LOG_ERROR("Failed to halt CPU after 1 sec");
  475. return ERROR_TARGET_TIMEOUT;
  476. }
  477. target->state = TARGET_HALTED;
  478. /* SVC, ARM state, IRQ and FIQ disabled */
  479. uint32_t cpsr;
  480. cpsr = buf_get_u32(armv4_5->cpsr->value, 0, 32);
  481. cpsr &= ~0xff;
  482. cpsr |= 0xd3;
  483. arm_set_cpsr(armv4_5, cpsr);
  484. armv4_5->cpsr->dirty = 1;
  485. /* start fetching from 0x0 */
  486. buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
  487. armv4_5->core_cache->reg_list[15].dirty = 1;
  488. armv4_5->core_cache->reg_list[15].valid = 1;
  489. arm920t_disable_mmu_caches(target, 1, 1, 1);
  490. arm920t->armv4_5_mmu.mmu_enabled = 0;
  491. arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
  492. arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
  493. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
  494. {
  495. return retval;
  496. }
  497. return ERROR_OK;
  498. }
  499. /* FIXME remove forward decls */
  500. static int arm920t_mrc(struct target *target, int cpnum,
  501. uint32_t op1, uint32_t op2,
  502. uint32_t CRn, uint32_t CRm,
  503. uint32_t *value);
  504. static int arm920t_mcr(struct target *target, int cpnum,
  505. uint32_t op1, uint32_t op2,
  506. uint32_t CRn, uint32_t CRm,
  507. uint32_t value);
  508. int arm920t_init_arch_info(struct target *target, struct arm920t_common *arm920t, struct jtag_tap *tap)
  509. {
  510. struct arm7_9_common *arm7_9 = &arm920t->arm7_9_common;
  511. arm7_9->armv4_5_common.mrc = arm920t_mrc;
  512. arm7_9->armv4_5_common.mcr = arm920t_mcr;
  513. /* initialize arm7/arm9 specific info (including armv4_5) */
  514. arm9tdmi_init_arch_info(target, arm7_9, tap);
  515. arm920t->common_magic = ARM920T_COMMON_MAGIC;
  516. arm7_9->post_debug_entry = arm920t_post_debug_entry;
  517. arm7_9->pre_restore_context = arm920t_pre_restore_context;
  518. arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
  519. arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
  520. arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
  521. arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
  522. arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
  523. arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
  524. arm920t->armv4_5_mmu.has_tiny_pages = 1;
  525. arm920t->armv4_5_mmu.mmu_enabled = 0;
  526. /* disabling linefills leads to lockups, so keep them enabled for now
  527. * this doesn't affect correctness, but might affect timing issues, if
  528. * important data is evicted from the cache during the debug session
  529. * */
  530. arm920t->preserve_cache = 0;
  531. /* override hw single-step capability from ARM9TDMI */
  532. arm7_9->has_single_step = 1;
  533. return ERROR_OK;
  534. }
  535. static int arm920t_target_create(struct target *target, Jim_Interp *interp)
  536. {
  537. struct arm920t_common *arm920t = calloc(1,sizeof(struct arm920t_common));
  538. return arm920t_init_arch_info(target, arm920t, target->tap);
  539. }
  540. COMMAND_HANDLER(arm920t_handle_read_cache_command)
  541. {
  542. int retval = ERROR_OK;
  543. struct target *target = get_current_target(CMD_CTX);
  544. struct arm920t_common *arm920t = target_to_arm920(target);
  545. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  546. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  547. uint32_t cp15c15;
  548. uint32_t cp15_ctrl, cp15_ctrl_saved;
  549. uint32_t regs[16];
  550. uint32_t *regs_p[16];
  551. uint32_t C15_C_D_Ind, C15_C_I_Ind;
  552. int i;
  553. FILE *output;
  554. struct arm920t_cache_line d_cache[8][64], i_cache[8][64];
  555. int segment, index;
  556. struct reg *r;
  557. retval = arm920t_verify_pointer(CMD_CTX, arm920t);
  558. if (retval != ERROR_OK)
  559. return retval;
  560. if (CMD_ARGC != 1)
  561. {
  562. command_print(CMD_CTX, "usage: arm920t read_cache <filename>");
  563. return ERROR_OK;
  564. }
  565. if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
  566. {
  567. LOG_DEBUG("error opening cache content file");
  568. return ERROR_OK;
  569. }
  570. for (i = 0; i < 16; i++)
  571. regs_p[i] = &regs[i];
  572. /* disable MMU and Caches */
  573. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), &cp15_ctrl);
  574. if ((retval = jtag_execute_queue()) != ERROR_OK)
  575. {
  576. return retval;
  577. }
  578. cp15_ctrl_saved = cp15_ctrl;
  579. cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
  580. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl);
  581. /* read CP15 test state register */
  582. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), &cp15c15);
  583. jtag_execute_queue();
  584. /* read DCache content */
  585. fprintf(output, "DCache:\n");
  586. /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
  587. for (segment = 0; segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets; segment++)
  588. {
  589. fprintf(output, "\nsegment: %i\n----------", segment);
  590. /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
  591. regs[0] = 0x0 | (segment << 5);
  592. arm9tdmi_write_core_regs(target, 0x1, regs);
  593. /* set interpret mode */
  594. cp15c15 |= 0x1;
  595. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  596. /* D CAM Read, loads current victim into C15.C.D.Ind */
  597. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
  598. /* read current victim */
  599. arm920t_read_cp15_physical(target, 0x3d, &C15_C_D_Ind);
  600. /* clear interpret mode */
  601. cp15c15 &= ~0x1;
  602. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  603. for (index = 0; index < 64; index++)
  604. {
  605. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  606. regs[0] = 0x0 | (segment << 5) | (index << 26);
  607. arm9tdmi_write_core_regs(target, 0x1, regs);
  608. /* set interpret mode */
  609. cp15c15 |= 0x1;
  610. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  611. /* Write DCache victim */
  612. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
  613. /* Read D RAM */
  614. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,10,2), ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
  615. /* Read D CAM */
  616. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(9, 0));
  617. /* clear interpret mode */
  618. cp15c15 &= ~0x1;
  619. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  620. /* read D RAM and CAM content */
  621. arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
  622. if ((retval = jtag_execute_queue()) != ERROR_OK)
  623. {
  624. return retval;
  625. }
  626. d_cache[segment][index].cam = regs[9];
  627. /* mask LFSR[6] */
  628. regs[9] &= 0xfffffffe;
  629. fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8" PRIx32 ", content (%s):\n", segment, index, regs[9], (regs[9] & 0x10) ? "valid" : "invalid");
  630. for (i = 1; i < 9; i++)
  631. {
  632. d_cache[segment][index].data[i] = regs[i];
  633. fprintf(output, "%i: 0x%8.8" PRIx32 "\n", i-1, regs[i]);
  634. }
  635. }
  636. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  637. regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
  638. arm9tdmi_write_core_regs(target, 0x1, regs);
  639. /* set interpret mode */
  640. cp15c15 |= 0x1;
  641. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  642. /* Write DCache victim */
  643. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
  644. /* clear interpret mode */
  645. cp15c15 &= ~0x1;
  646. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  647. }
  648. /* read ICache content */
  649. fprintf(output, "ICache:\n");
  650. /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
  651. for (segment = 0; segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets; segment++)
  652. {
  653. fprintf(output, "segment: %i\n----------", segment);
  654. /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
  655. regs[0] = 0x0 | (segment << 5);
  656. arm9tdmi_write_core_regs(target, 0x1, regs);
  657. /* set interpret mode */
  658. cp15c15 |= 0x1;
  659. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  660. /* I CAM Read, loads current victim into C15.C.I.Ind */
  661. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
  662. /* read current victim */
  663. arm920t_read_cp15_physical(target, 0x3b, &C15_C_I_Ind);
  664. /* clear interpret mode */
  665. cp15c15 &= ~0x1;
  666. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  667. for (index = 0; index < 64; index++)
  668. {
  669. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  670. regs[0] = 0x0 | (segment << 5) | (index << 26);
  671. arm9tdmi_write_core_regs(target, 0x1, regs);
  672. /* set interpret mode */
  673. cp15c15 |= 0x1;
  674. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  675. /* Write ICache victim */
  676. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
  677. /* Read I RAM */
  678. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,9,2), ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
  679. /* Read I CAM */
  680. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(9, 0));
  681. /* clear interpret mode */
  682. cp15c15 &= ~0x1;
  683. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  684. /* read I RAM and CAM content */
  685. arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
  686. if ((retval = jtag_execute_queue()) != ERROR_OK)
  687. {
  688. return retval;
  689. }
  690. i_cache[segment][index].cam = regs[9];
  691. /* mask LFSR[6] */
  692. regs[9] &= 0xfffffffe;
  693. fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8" PRIx32 ", content (%s):\n", segment, index, regs[9], (regs[9] & 0x10) ? "valid" : "invalid");
  694. for (i = 1; i < 9; i++)
  695. {
  696. i_cache[segment][index].data[i] = regs[i];
  697. fprintf(output, "%i: 0x%8.8" PRIx32 "\n", i-1, regs[i]);
  698. }
  699. }
  700. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  701. regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
  702. arm9tdmi_write_core_regs(target, 0x1, regs);
  703. /* set interpret mode */
  704. cp15c15 |= 0x1;
  705. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  706. /* Write ICache victim */
  707. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
  708. /* clear interpret mode */
  709. cp15c15 &= ~0x1;
  710. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  711. }
  712. /* restore CP15 MMU and Cache settings */
  713. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl_saved);
  714. command_print(CMD_CTX, "cache content successfully output to %s", CMD_ARGV[0]);
  715. fclose(output);
  716. if (!is_arm_mode(armv4_5->core_mode))
  717. return ERROR_FAIL;
  718. /* force writeback of the valid data */
  719. r = armv4_5->core_cache->reg_list;
  720. r[0].dirty = r[0].valid;
  721. r[1].dirty = r[1].valid;
  722. r[2].dirty = r[2].valid;
  723. r[3].dirty = r[3].valid;
  724. r[4].dirty = r[4].valid;
  725. r[5].dirty = r[5].valid;
  726. r[6].dirty = r[6].valid;
  727. r[7].dirty = r[7].valid;
  728. r = arm_reg_current(armv4_5, 8);
  729. r->dirty = r->valid;
  730. r = arm_reg_current(armv4_5, 9);
  731. r->dirty = r->valid;
  732. return ERROR_OK;
  733. }
  734. COMMAND_HANDLER(arm920t_handle_read_mmu_command)
  735. {
  736. int retval = ERROR_OK;
  737. struct target *target = get_current_target(CMD_CTX);
  738. struct arm920t_common *arm920t = target_to_arm920(target);
  739. struct arm7_9_common *arm7_9 = target_to_arm7_9(target);
  740. struct arm *armv4_5 = &arm7_9->armv4_5_common;
  741. uint32_t cp15c15;
  742. uint32_t cp15_ctrl, cp15_ctrl_saved;
  743. uint32_t regs[16];
  744. uint32_t *regs_p[16];
  745. int i;
  746. FILE *output;
  747. uint32_t Dlockdown, Ilockdown;
  748. struct arm920t_tlb_entry d_tlb[64], i_tlb[64];
  749. int victim;
  750. struct reg *r;
  751. retval = arm920t_verify_pointer(CMD_CTX, arm920t);
  752. if (retval != ERROR_OK)
  753. return retval;
  754. if (CMD_ARGC != 1)
  755. {
  756. command_print(CMD_CTX, "usage: arm920t read_mmu <filename>");
  757. return ERROR_OK;
  758. }
  759. if ((output = fopen(CMD_ARGV[0], "w")) == NULL)
  760. {
  761. LOG_DEBUG("error opening mmu content file");
  762. return ERROR_OK;
  763. }
  764. for (i = 0; i < 16; i++)
  765. regs_p[i] = &regs[i];
  766. /* disable MMU and Caches */
  767. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), &cp15_ctrl);
  768. if ((retval = jtag_execute_queue()) != ERROR_OK)
  769. {
  770. return retval;
  771. }
  772. cp15_ctrl_saved = cp15_ctrl;
  773. cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
  774. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl);
  775. /* read CP15 test state register */
  776. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), &cp15c15);
  777. if ((retval = jtag_execute_queue()) != ERROR_OK)
  778. {
  779. return retval;
  780. }
  781. /* prepare reading D TLB content
  782. * */
  783. /* set interpret mode */
  784. cp15c15 |= 0x1;
  785. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  786. /* Read D TLB lockdown */
  787. arm920t_execute_cp15(target, ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
  788. /* clear interpret mode */
  789. cp15c15 &= ~0x1;
  790. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  791. /* read D TLB lockdown stored to r1 */
  792. arm9tdmi_read_core_regs(target, 0x2, regs_p);
  793. if ((retval = jtag_execute_queue()) != ERROR_OK)
  794. {
  795. return retval;
  796. }
  797. Dlockdown = regs[1];
  798. for (victim = 0; victim < 64; victim += 8)
  799. {
  800. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  801. * base remains unchanged, victim goes through entries 0 to 63 */
  802. regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
  803. arm9tdmi_write_core_regs(target, 0x2, regs);
  804. /* set interpret mode */
  805. cp15c15 |= 0x1;
  806. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  807. /* Write D TLB lockdown */
  808. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
  809. /* Read D TLB CAM */
  810. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,6,4), ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
  811. /* clear interpret mode */
  812. cp15c15 &= ~0x1;
  813. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  814. /* read D TLB CAM content stored to r2-r9 */
  815. arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
  816. if ((retval = jtag_execute_queue()) != ERROR_OK)
  817. {
  818. return retval;
  819. }
  820. for (i = 0; i < 8; i++)
  821. d_tlb[victim + i].cam = regs[i + 2];
  822. }
  823. for (victim = 0; victim < 64; victim++)
  824. {
  825. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  826. * base remains unchanged, victim goes through entries 0 to 63 */
  827. regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
  828. arm9tdmi_write_core_regs(target, 0x2, regs);
  829. /* set interpret mode */
  830. cp15c15 |= 0x1;
  831. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  832. /* Write D TLB lockdown */
  833. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
  834. /* Read D TLB RAM1 */
  835. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
  836. /* Read D TLB RAM2 */
  837. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
  838. /* clear interpret mode */
  839. cp15c15 &= ~0x1;
  840. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  841. /* read D TLB RAM content stored to r2 and r3 */
  842. arm9tdmi_read_core_regs(target, 0xc, regs_p);
  843. if ((retval = jtag_execute_queue()) != ERROR_OK)
  844. {
  845. return retval;
  846. }
  847. d_tlb[victim].ram1 = regs[2];
  848. d_tlb[victim].ram2 = regs[3];
  849. }
  850. /* restore D TLB lockdown */
  851. regs[1] = Dlockdown;
  852. arm9tdmi_write_core_regs(target, 0x2, regs);
  853. /* Write D TLB lockdown */
  854. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
  855. /* prepare reading I TLB content
  856. * */
  857. /* set interpret mode */
  858. cp15c15 |= 0x1;
  859. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  860. /* Read I TLB lockdown */
  861. arm920t_execute_cp15(target, ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
  862. /* clear interpret mode */
  863. cp15c15 &= ~0x1;
  864. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  865. /* read I TLB lockdown stored to r1 */
  866. arm9tdmi_read_core_regs(target, 0x2, regs_p);
  867. if ((retval = jtag_execute_queue()) != ERROR_OK)
  868. {
  869. return retval;
  870. }
  871. Ilockdown = regs[1];
  872. for (victim = 0; victim < 64; victim += 8)
  873. {
  874. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  875. * base remains unchanged, victim goes through entries 0 to 63 */
  876. regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
  877. arm9tdmi_write_core_regs(target, 0x2, regs);
  878. /* set interpret mode */
  879. cp15c15 |= 0x1;
  880. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  881. /* Write I TLB lockdown */
  882. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
  883. /* Read I TLB CAM */
  884. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,5,4), ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
  885. /* clear interpret mode */
  886. cp15c15 &= ~0x1;
  887. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  888. /* read I TLB CAM content stored to r2-r9 */
  889. arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
  890. if ((retval = jtag_execute_queue()) != ERROR_OK)
  891. {
  892. return retval;
  893. }
  894. for (i = 0; i < 8; i++)
  895. i_tlb[i + victim].cam = regs[i + 2];
  896. }
  897. for (victim = 0; victim < 64; victim++)
  898. {
  899. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  900. * base remains unchanged, victim goes through entries 0 to 63 */
  901. regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
  902. arm9tdmi_write_core_regs(target, 0x2, regs);
  903. /* set interpret mode */
  904. cp15c15 |= 0x1;
  905. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  906. /* Write I TLB lockdown */
  907. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
  908. /* Read I TLB RAM1 */
  909. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
  910. /* Read I TLB RAM2 */
  911. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
  912. /* clear interpret mode */
  913. cp15c15 &= ~0x1;
  914. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  915. /* read I TLB RAM content stored to r2 and r3 */
  916. arm9tdmi_read_core_regs(target, 0xc, regs_p);
  917. if ((retval = jtag_execute_queue()) != ERROR_OK)
  918. {
  919. return retval;
  920. }
  921. i_tlb[victim].ram1 = regs[2];
  922. i_tlb[victim].ram2 = regs[3];
  923. }
  924. /* restore I TLB lockdown */
  925. regs[1] = Ilockdown;
  926. arm9tdmi_write_core_regs(target, 0x2, regs);
  927. /* Write I TLB lockdown */
  928. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
  929. /* restore CP15 MMU and Cache settings */
  930. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl_saved);
  931. /* output data to file */
  932. fprintf(output, "D TLB content:\n");
  933. for (i = 0; i < 64; i++)
  934. {
  935. fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " %s\n", i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2, (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
  936. }
  937. fprintf(output, "\n\nI TLB content:\n");
  938. for (i = 0; i < 64; i++)
  939. {
  940. fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " %s\n", i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2, (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
  941. }
  942. command_print(CMD_CTX, "mmu content successfully output to %s", CMD_ARGV[0]);
  943. fclose(output);
  944. if (!is_arm_mode(armv4_5->core_mode))
  945. return ERROR_FAIL;
  946. /* force writeback of the valid data */
  947. r = armv4_5->core_cache->reg_list;
  948. r[0].dirty = r[0].valid;
  949. r[1].dirty = r[1].valid;
  950. r[2].dirty = r[2].valid;
  951. r[3].dirty = r[3].valid;
  952. r[4].dirty = r[4].valid;
  953. r[5].dirty = r[5].valid;
  954. r[6].dirty = r[6].valid;
  955. r[7].dirty = r[7].valid;
  956. r = arm_reg_current(armv4_5, 8);
  957. r->dirty = r->valid;
  958. r = arm_reg_current(armv4_5, 9);
  959. r->dirty = r->valid;
  960. return ERROR_OK;
  961. }
  962. COMMAND_HANDLER(arm920t_handle_cp15_command)
  963. {
  964. int retval;
  965. struct target *target = get_current_target(CMD_CTX);
  966. struct arm920t_common *arm920t = target_to_arm920(target);
  967. retval = arm920t_verify_pointer(CMD_CTX, arm920t);
  968. if (retval != ERROR_OK)
  969. return retval;
  970. if (target->state != TARGET_HALTED)
  971. {
  972. command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
  973. return ERROR_OK;
  974. }
  975. /* one or more argument, access a single register (write if second argument is given */
  976. if (CMD_ARGC >= 1)
  977. {
  978. int address;
  979. COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], address);
  980. if (CMD_ARGC == 1)
  981. {
  982. uint32_t value;
  983. if ((retval = arm920t_read_cp15_physical(target, address, &value)) != ERROR_OK)
  984. {
  985. command_print(CMD_CTX, "couldn't access reg %i", address);
  986. return ERROR_OK;
  987. }
  988. if ((retval = jtag_execute_queue()) != ERROR_OK)
  989. {
  990. return retval;
  991. }
  992. command_print(CMD_CTX, "%i: %8.8" PRIx32 "", address, value);
  993. }
  994. else if (CMD_ARGC == 2)
  995. {
  996. uint32_t value;
  997. COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
  998. if ((retval = arm920t_write_cp15_physical(target, address, value)) != ERROR_OK)
  999. {
  1000. command_print(CMD_CTX, "couldn't access reg %i", address);
  1001. return ERROR_OK;
  1002. }
  1003. command_print(CMD_CTX, "%i: %8.8" PRIx32 "", address, value);
  1004. }
  1005. }
  1006. return ERROR_OK;
  1007. }
  1008. COMMAND_HANDLER(arm920t_handle_cp15i_command)
  1009. {
  1010. int retval;
  1011. struct target *target = get_current_target(CMD_CTX);
  1012. struct arm920t_common *arm920t = target_to_arm920(target);
  1013. retval = arm920t_verify_pointer(CMD_CTX, arm920t);
  1014. if (retval != ERROR_OK)
  1015. return retval;
  1016. if (target->state != TARGET_HALTED)
  1017. {
  1018. command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
  1019. return ERROR_OK;
  1020. }
  1021. /* one or more argument, access a single register (write if second argument is given */
  1022. if (CMD_ARGC >= 1)
  1023. {
  1024. uint32_t opcode;
  1025. COMMAND_PARSE_NUMBER(u32, CMD_ARGV[0], opcode);
  1026. if (CMD_ARGC == 1)
  1027. {
  1028. uint32_t value;
  1029. if ((retval = arm920t_read_cp15_interpreted(target, opcode, 0x0, &value)) != ERROR_OK)
  1030. {
  1031. command_print(CMD_CTX, "couldn't execute %8.8" PRIx32 "", opcode);
  1032. return ERROR_OK;
  1033. }
  1034. command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32 "", opcode, value);
  1035. }
  1036. else if (CMD_ARGC == 2)
  1037. {
  1038. uint32_t value;
  1039. COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
  1040. if ((retval = arm920t_write_cp15_interpreted(target, opcode, value, 0)) != ERROR_OK)
  1041. {
  1042. command_print(CMD_CTX, "couldn't execute %8.8" PRIx32 "", opcode);
  1043. return ERROR_OK;
  1044. }
  1045. command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32 "", opcode, value);
  1046. }
  1047. else if (CMD_ARGC == 3)
  1048. {
  1049. uint32_t value;
  1050. COMMAND_PARSE_NUMBER(u32, CMD_ARGV[1], value);
  1051. uint32_t address;
  1052. COMMAND_PARSE_NUMBER(u32, CMD_ARGV[2], address);
  1053. if ((retval = arm920t_write_cp15_interpreted(target, opcode, value, address)) != ERROR_OK)
  1054. {
  1055. command_print(CMD_CTX, "couldn't execute %8.8" PRIx32 "", opcode);
  1056. return ERROR_OK;
  1057. }
  1058. command_print(CMD_CTX, "%8.8" PRIx32 ": %8.8" PRIx32 " %8.8" PRIx32 "", opcode, value, address);
  1059. }
  1060. }
  1061. else
  1062. {
  1063. command_print(CMD_CTX, "usage: arm920t cp15i <opcode> [value] [address]");
  1064. }
  1065. return ERROR_OK;
  1066. }
  1067. COMMAND_HANDLER(arm920t_handle_cache_info_command)
  1068. {
  1069. int retval;
  1070. struct target *target = get_current_target(CMD_CTX);
  1071. struct arm920t_common *arm920t = target_to_arm920(target);
  1072. retval = arm920t_verify_pointer(CMD_CTX, arm920t);
  1073. if (retval != ERROR_OK)
  1074. return retval;
  1075. return armv4_5_handle_cache_info_command(CMD_CTX, &arm920t->armv4_5_mmu.armv4_5_cache);
  1076. }
  1077. static int arm920t_mrc(struct target *target, int cpnum,
  1078. uint32_t op1, uint32_t op2,
  1079. uint32_t CRn, uint32_t CRm,
  1080. uint32_t *value)
  1081. {
  1082. if (cpnum!=15)
  1083. {
  1084. LOG_ERROR("Only cp15 is supported");
  1085. return ERROR_FAIL;
  1086. }
  1087. /* read "to" r0 */
  1088. return arm920t_read_cp15_interpreted(target,
  1089. ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2),
  1090. 0, value);
  1091. }
  1092. static int arm920t_mcr(struct target *target, int cpnum,
  1093. uint32_t op1, uint32_t op2,
  1094. uint32_t CRn, uint32_t CRm,
  1095. uint32_t value)
  1096. {
  1097. if (cpnum!=15)
  1098. {
  1099. LOG_ERROR("Only cp15 is supported");
  1100. return ERROR_FAIL;
  1101. }
  1102. /* write "from" r0 */
  1103. return arm920t_write_cp15_interpreted(target,
  1104. ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2),
  1105. 0, value);
  1106. }
  1107. static const struct command_registration arm920t_exec_command_handlers[] = {
  1108. {
  1109. .name = "cp15",
  1110. .handler = arm920t_handle_cp15_command,
  1111. .mode = COMMAND_EXEC,
  1112. .help = "display/modify cp15 register",
  1113. .usage = "regnum [value]",
  1114. },
  1115. {
  1116. .name = "cp15i",
  1117. .handler = arm920t_handle_cp15i_command,
  1118. .mode = COMMAND_EXEC,
  1119. /* prefer using less error-prone "arm mcr" or "arm mrc" */
  1120. .help = "display/modify cp15 register using ARM opcode"
  1121. " (DEPRECATED)",
  1122. .usage = "instruction [value [address]]",
  1123. },
  1124. {
  1125. .name = "cache_info",
  1126. .handler = arm920t_handle_cache_info_command,
  1127. .mode = COMMAND_EXEC,
  1128. .help = "display information about target caches",
  1129. },
  1130. {
  1131. .name = "read_cache",
  1132. .handler = arm920t_handle_read_cache_command,
  1133. .mode = COMMAND_EXEC,
  1134. .help = "dump I/D cache content to file",
  1135. .usage = "filename",
  1136. },
  1137. {
  1138. .name = "read_mmu",
  1139. .handler = arm920t_handle_read_mmu_command,
  1140. .mode = COMMAND_EXEC,
  1141. .help = "dump I/D mmu content to file",
  1142. .usage = "filename",
  1143. },
  1144. COMMAND_REGISTRATION_DONE
  1145. };
  1146. const struct command_registration arm920t_command_handlers[] = {
  1147. {
  1148. .chain = arm9tdmi_command_handlers,
  1149. },
  1150. {
  1151. .name = "arm920t",
  1152. .mode = COMMAND_ANY,
  1153. .help = "arm920t command group",
  1154. .chain = arm920t_exec_command_handlers,
  1155. },
  1156. COMMAND_REGISTRATION_DONE
  1157. };
  1158. /** Holds methods for ARM920 targets. */
  1159. struct target_type arm920t_target =
  1160. {
  1161. .name = "arm920t",
  1162. .poll = arm7_9_poll,
  1163. .arch_state = arm920t_arch_state,
  1164. .target_request_data = arm7_9_target_request_data,
  1165. .halt = arm7_9_halt,
  1166. .resume = arm7_9_resume,
  1167. .step = arm7_9_step,
  1168. .assert_reset = arm7_9_assert_reset,
  1169. .deassert_reset = arm7_9_deassert_reset,
  1170. .soft_reset_halt = arm920t_soft_reset_halt,
  1171. .get_gdb_reg_list = arm_get_gdb_reg_list,
  1172. .read_memory = arm920t_read_memory,
  1173. .write_memory = arm920t_write_memory,
  1174. .read_phys_memory = arm920t_read_phys_memory,
  1175. .write_phys_memory = arm920t_write_phys_memory,
  1176. .mmu = arm920_mmu,
  1177. .virt2phys = arm920_virt2phys,
  1178. .bulk_write_memory = arm7_9_bulk_write_memory,
  1179. .checksum_memory = arm_checksum_memory,
  1180. .blank_check_memory = arm_blank_check_memory,
  1181. .run_algorithm = armv4_5_run_algorithm,
  1182. .add_breakpoint = arm7_9_add_breakpoint,
  1183. .remove_breakpoint = arm7_9_remove_breakpoint,
  1184. .add_watchpoint = arm7_9_add_watchpoint,
  1185. .remove_watchpoint = arm7_9_remove_watchpoint,
  1186. .commands = arm920t_command_handlers,
  1187. .target_create = arm920t_target_create,
  1188. .init_target = arm9tdmi_init_target,
  1189. .examine = arm7_9_examine,
  1190. };