You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1480 lines
47 KiB

  1. /***************************************************************************
  2. * Copyright (C) 2005 by Dominic Rath *
  3. * Dominic.Rath@gmx.de *
  4. * *
  5. * This program is free software; you can redistribute it and/or modify *
  6. * it under the terms of the GNU General Public License as published by *
  7. * the Free Software Foundation; either version 2 of the License, or *
  8. * (at your option) any later version. *
  9. * *
  10. * This program is distributed in the hope that it will be useful, *
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of *
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
  13. * GNU General Public License for more details. *
  14. * *
  15. * You should have received a copy of the GNU General Public License *
  16. * along with this program; if not, write to the *
  17. * Free Software Foundation, Inc., *
  18. * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
  19. ***************************************************************************/
  20. #ifdef HAVE_CONFIG_H
  21. #include "config.h"
  22. #endif
  23. #include "arm920t.h"
  24. #include "time_support.h"
  25. #include "target_type.h"
  26. #if 0
  27. #define _DEBUG_INSTRUCTION_EXECUTION_
  28. #endif
  29. /* cli handling */
  30. int arm920t_handle_cp15_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  31. int arm920t_handle_cp15i_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  32. int arm920t_handle_cache_info_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  33. int arm920t_handle_md_phys_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  34. int arm920t_handle_mw_phys_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  35. int arm920t_read_phys_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
  36. int arm920t_write_phys_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
  37. int arm920t_handle_read_cache_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  38. int arm920t_handle_read_mmu_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
  39. /* forward declarations */
  40. int arm920t_target_create(struct target_s *target, Jim_Interp *interp);
  41. int arm920t_init_target(struct command_context_s *cmd_ctx, struct target_s *target);
  42. int arm920t_quit(void);
  43. #define ARM920T_CP15_PHYS_ADDR(x, y, z) ((x << 5) | (y << 1) << (z))
  44. target_type_t arm920t_target =
  45. {
  46. .name = "arm920t",
  47. .poll = arm7_9_poll,
  48. .arch_state = arm920t_arch_state,
  49. .target_request_data = arm7_9_target_request_data,
  50. .halt = arm7_9_halt,
  51. .resume = arm7_9_resume,
  52. .step = arm7_9_step,
  53. .assert_reset = arm7_9_assert_reset,
  54. .deassert_reset = arm7_9_deassert_reset,
  55. .soft_reset_halt = arm920t_soft_reset_halt,
  56. .get_gdb_reg_list = armv4_5_get_gdb_reg_list,
  57. .read_memory = arm920t_read_memory,
  58. .write_memory = arm920t_write_memory,
  59. .read_phys_memory = arm920t_read_phys_memory,
  60. .write_phys_memory = arm920t_write_phys_memory,
  61. .bulk_write_memory = arm7_9_bulk_write_memory,
  62. .checksum_memory = arm7_9_checksum_memory,
  63. .blank_check_memory = arm7_9_blank_check_memory,
  64. .run_algorithm = armv4_5_run_algorithm,
  65. .add_breakpoint = arm7_9_add_breakpoint,
  66. .remove_breakpoint = arm7_9_remove_breakpoint,
  67. .add_watchpoint = arm7_9_add_watchpoint,
  68. .remove_watchpoint = arm7_9_remove_watchpoint,
  69. .register_commands = arm920t_register_commands,
  70. .target_create = arm920t_target_create,
  71. .init_target = arm920t_init_target,
  72. .examine = arm9tdmi_examine,
  73. .quit = arm920t_quit
  74. };
  75. int arm920t_read_cp15_physical(target_t *target, int reg_addr, uint32_t *value)
  76. {
  77. armv4_5_common_t *armv4_5 = target->arch_info;
  78. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  79. arm_jtag_t *jtag_info = &arm7_9->jtag_info;
  80. scan_field_t fields[4];
  81. uint8_t access_type_buf = 1;
  82. uint8_t reg_addr_buf = reg_addr & 0x3f;
  83. uint8_t nr_w_buf = 0;
  84. jtag_set_end_state(TAP_IDLE);
  85. arm_jtag_scann(jtag_info, 0xf);
  86. arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
  87. fields[0].tap = jtag_info->tap;
  88. fields[0].num_bits = 1;
  89. fields[0].out_value = &access_type_buf;
  90. fields[0].in_value = NULL;
  91. fields[1].tap = jtag_info->tap;
  92. fields[1].num_bits = 32;
  93. fields[1].out_value = NULL;
  94. fields[1].in_value = NULL;
  95. fields[2].tap = jtag_info->tap;
  96. fields[2].num_bits = 6;
  97. fields[2].out_value = &reg_addr_buf;
  98. fields[2].in_value = NULL;
  99. fields[3].tap = jtag_info->tap;
  100. fields[3].num_bits = 1;
  101. fields[3].out_value = &nr_w_buf;
  102. fields[3].in_value = NULL;
  103. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  104. fields[1].in_value = (uint8_t *)value;
  105. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  106. jtag_add_callback(arm_le_to_h_u32, (jtag_callback_data_t)value);
  107. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  108. jtag_execute_queue();
  109. LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, *value);
  110. #endif
  111. return ERROR_OK;
  112. }
  113. int arm920t_write_cp15_physical(target_t *target, int reg_addr, uint32_t value)
  114. {
  115. armv4_5_common_t *armv4_5 = target->arch_info;
  116. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  117. arm_jtag_t *jtag_info = &arm7_9->jtag_info;
  118. scan_field_t fields[4];
  119. uint8_t access_type_buf = 1;
  120. uint8_t reg_addr_buf = reg_addr & 0x3f;
  121. uint8_t nr_w_buf = 1;
  122. uint8_t value_buf[4];
  123. buf_set_u32(value_buf, 0, 32, value);
  124. jtag_set_end_state(TAP_IDLE);
  125. arm_jtag_scann(jtag_info, 0xf);
  126. arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
  127. fields[0].tap = jtag_info->tap;
  128. fields[0].num_bits = 1;
  129. fields[0].out_value = &access_type_buf;
  130. fields[0].in_value = NULL;
  131. fields[1].tap = jtag_info->tap;
  132. fields[1].num_bits = 32;
  133. fields[1].out_value = value_buf;
  134. fields[1].in_value = NULL;
  135. fields[2].tap = jtag_info->tap;
  136. fields[2].num_bits = 6;
  137. fields[2].out_value = &reg_addr_buf;
  138. fields[2].in_value = NULL;
  139. fields[3].tap = jtag_info->tap;
  140. fields[3].num_bits = 1;
  141. fields[3].out_value = &nr_w_buf;
  142. fields[3].in_value = NULL;
  143. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  144. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  145. LOG_DEBUG("addr: 0x%x value: %8.8x", reg_addr, value);
  146. #endif
  147. return ERROR_OK;
  148. }
  149. int arm920t_execute_cp15(target_t *target, uint32_t cp15_opcode, uint32_t arm_opcode)
  150. {
  151. int retval;
  152. armv4_5_common_t *armv4_5 = target->arch_info;
  153. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  154. arm_jtag_t *jtag_info = &arm7_9->jtag_info;
  155. scan_field_t fields[4];
  156. uint8_t access_type_buf = 0; /* interpreted access */
  157. uint8_t reg_addr_buf = 0x0;
  158. uint8_t nr_w_buf = 0;
  159. uint8_t cp15_opcode_buf[4];
  160. jtag_set_end_state(TAP_IDLE);
  161. arm_jtag_scann(jtag_info, 0xf);
  162. arm_jtag_set_instr(jtag_info, jtag_info->intest_instr, NULL);
  163. buf_set_u32(cp15_opcode_buf, 0, 32, cp15_opcode);
  164. fields[0].tap = jtag_info->tap;
  165. fields[0].num_bits = 1;
  166. fields[0].out_value = &access_type_buf;
  167. fields[0].in_value = NULL;
  168. fields[1].tap = jtag_info->tap;
  169. fields[1].num_bits = 32;
  170. fields[1].out_value = cp15_opcode_buf;
  171. fields[1].in_value = NULL;
  172. fields[2].tap = jtag_info->tap;
  173. fields[2].num_bits = 6;
  174. fields[2].out_value = &reg_addr_buf;
  175. fields[2].in_value = NULL;
  176. fields[3].tap = jtag_info->tap;
  177. fields[3].num_bits = 1;
  178. fields[3].out_value = &nr_w_buf;
  179. fields[3].in_value = NULL;
  180. jtag_add_dr_scan(4, fields, jtag_get_end_state());
  181. arm9tdmi_clock_out(jtag_info, arm_opcode, 0, NULL, 0);
  182. arm9tdmi_clock_out(jtag_info, ARMV4_5_NOP, 0, NULL, 1);
  183. retval = arm7_9_execute_sys_speed(target);
  184. if (retval != ERROR_OK)
  185. return retval;
  186. if ((retval = jtag_execute_queue()) != ERROR_OK)
  187. {
  188. LOG_ERROR("failed executing JTAG queue, exiting");
  189. return retval;
  190. }
  191. return ERROR_OK;
  192. }
  193. int arm920t_read_cp15_interpreted(target_t *target, uint32_t cp15_opcode, uint32_t address, uint32_t *value)
  194. {
  195. armv4_5_common_t *armv4_5 = target->arch_info;
  196. uint32_t* regs_p[1];
  197. uint32_t regs[2];
  198. uint32_t cp15c15 = 0x0;
  199. /* load address into R1 */
  200. regs[1] = address;
  201. arm9tdmi_write_core_regs(target, 0x2, regs);
  202. /* read-modify-write CP15 test state register
  203. * to enable interpreted access mode */
  204. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  205. jtag_execute_queue();
  206. cp15c15 |= 1; /* set interpret mode */
  207. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  208. /* execute CP15 instruction and ARM load (reading from coprocessor) */
  209. arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_LDR(0, 1));
  210. /* disable interpreted access mode */
  211. cp15c15 &= ~1U; /* clear interpret mode */
  212. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  213. /* retrieve value from R0 */
  214. regs_p[0] = value;
  215. arm9tdmi_read_core_regs(target, 0x1, regs_p);
  216. jtag_execute_queue();
  217. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  218. LOG_DEBUG("cp15_opcode: %8.8x, address: %8.8x, value: %8.8x", cp15_opcode, address, *value);
  219. #endif
  220. if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
  221. return ERROR_FAIL;
  222. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = 1;
  223. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = 1;
  224. return ERROR_OK;
  225. }
  226. int arm920t_write_cp15_interpreted(target_t *target, uint32_t cp15_opcode, uint32_t value, uint32_t address)
  227. {
  228. uint32_t cp15c15 = 0x0;
  229. armv4_5_common_t *armv4_5 = target->arch_info;
  230. uint32_t regs[2];
  231. /* load value, address into R0, R1 */
  232. regs[0] = value;
  233. regs[1] = address;
  234. arm9tdmi_write_core_regs(target, 0x3, regs);
  235. /* read-modify-write CP15 test state register
  236. * to enable interpreted access mode */
  237. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  238. jtag_execute_queue();
  239. cp15c15 |= 1; /* set interpret mode */
  240. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  241. /* execute CP15 instruction and ARM store (writing to coprocessor) */
  242. arm920t_execute_cp15(target, cp15_opcode, ARMV4_5_STR(0, 1));
  243. /* disable interpreted access mode */
  244. cp15c15 &= ~1U; /* set interpret mode */
  245. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  246. #ifdef _DEBUG_INSTRUCTION_EXECUTION_
  247. LOG_DEBUG("cp15_opcode: %8.8x, value: %8.8x, address: %8.8x", cp15_opcode, value, address);
  248. #endif
  249. if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
  250. return ERROR_FAIL;
  251. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = 1;
  252. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = 1;
  253. return ERROR_OK;
  254. }
  255. uint32_t arm920t_get_ttb(target_t *target)
  256. {
  257. int retval;
  258. uint32_t ttb = 0x0;
  259. if ((retval = arm920t_read_cp15_interpreted(target, 0xeebf0f51, 0x0, &ttb)) != ERROR_OK)
  260. return retval;
  261. return ttb;
  262. }
  263. void arm920t_disable_mmu_caches(target_t *target, int mmu, int d_u_cache, int i_cache)
  264. {
  265. uint32_t cp15_control;
  266. /* read cp15 control register */
  267. arm920t_read_cp15_physical(target, 0x2, &cp15_control);
  268. jtag_execute_queue();
  269. if (mmu)
  270. cp15_control &= ~0x1U;
  271. if (d_u_cache)
  272. cp15_control &= ~0x4U;
  273. if (i_cache)
  274. cp15_control &= ~0x1000U;
  275. arm920t_write_cp15_physical(target, 0x2, cp15_control);
  276. }
  277. void arm920t_enable_mmu_caches(target_t *target, int mmu, int d_u_cache, int i_cache)
  278. {
  279. uint32_t cp15_control;
  280. /* read cp15 control register */
  281. arm920t_read_cp15_physical(target, 0x2, &cp15_control);
  282. jtag_execute_queue();
  283. if (mmu)
  284. cp15_control |= 0x1U;
  285. if (d_u_cache)
  286. cp15_control |= 0x4U;
  287. if (i_cache)
  288. cp15_control |= 0x1000U;
  289. arm920t_write_cp15_physical(target, 0x2, cp15_control);
  290. }
  291. void arm920t_post_debug_entry(target_t *target)
  292. {
  293. uint32_t cp15c15;
  294. armv4_5_common_t *armv4_5 = target->arch_info;
  295. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  296. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  297. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  298. /* examine cp15 control reg */
  299. arm920t_read_cp15_physical(target, 0x2, &arm920t->cp15_control_reg);
  300. jtag_execute_queue();
  301. LOG_DEBUG("cp15_control_reg: %8.8" PRIx32 "", arm920t->cp15_control_reg);
  302. if (arm920t->armv4_5_mmu.armv4_5_cache.ctype == -1)
  303. {
  304. uint32_t cache_type_reg;
  305. /* identify caches */
  306. arm920t_read_cp15_physical(target, 0x1, &cache_type_reg);
  307. jtag_execute_queue();
  308. armv4_5_identify_cache(cache_type_reg, &arm920t->armv4_5_mmu.armv4_5_cache);
  309. }
  310. arm920t->armv4_5_mmu.mmu_enabled = (arm920t->cp15_control_reg & 0x1U) ? 1 : 0;
  311. arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = (arm920t->cp15_control_reg & 0x4U) ? 1 : 0;
  312. arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = (arm920t->cp15_control_reg & 0x1000U) ? 1 : 0;
  313. /* save i/d fault status and address register */
  314. arm920t_read_cp15_interpreted(target, 0xee150f10, 0x0, &arm920t->d_fsr);
  315. arm920t_read_cp15_interpreted(target, 0xee150f30, 0x0, &arm920t->i_fsr);
  316. arm920t_read_cp15_interpreted(target, 0xee160f10, 0x0, &arm920t->d_far);
  317. arm920t_read_cp15_interpreted(target, 0xee160f30, 0x0, &arm920t->i_far);
  318. LOG_DEBUG("D FSR: 0x%8.8" PRIx32 ", D FAR: 0x%8.8" PRIx32 ", I FSR: 0x%8.8" PRIx32 ", I FAR: 0x%8.8" PRIx32 "",
  319. arm920t->d_fsr, arm920t->d_far, arm920t->i_fsr, arm920t->i_far);
  320. if (arm920t->preserve_cache)
  321. {
  322. /* read-modify-write CP15 test state register
  323. * to disable I/D-cache linefills */
  324. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  325. jtag_execute_queue();
  326. cp15c15 |= 0x600;
  327. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  328. }
  329. }
  330. void arm920t_pre_restore_context(target_t *target)
  331. {
  332. uint32_t cp15c15;
  333. armv4_5_common_t *armv4_5 = target->arch_info;
  334. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  335. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  336. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  337. /* restore i/d fault status and address register */
  338. arm920t_write_cp15_interpreted(target, 0xee050f10, arm920t->d_fsr, 0x0);
  339. arm920t_write_cp15_interpreted(target, 0xee050f30, arm920t->i_fsr, 0x0);
  340. arm920t_write_cp15_interpreted(target, 0xee060f10, arm920t->d_far, 0x0);
  341. arm920t_write_cp15_interpreted(target, 0xee060f30, arm920t->i_far, 0x0);
  342. /* read-modify-write CP15 test state register
  343. * to reenable I/D-cache linefills */
  344. if (arm920t->preserve_cache)
  345. {
  346. arm920t_read_cp15_physical(target, 0x1e, &cp15c15);
  347. jtag_execute_queue();
  348. cp15c15 &= ~0x600U;
  349. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  350. }
  351. }
  352. int arm920t_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p, arm9tdmi_common_t **arm9tdmi_p, arm920t_common_t **arm920t_p)
  353. {
  354. armv4_5_common_t *armv4_5 = target->arch_info;
  355. arm7_9_common_t *arm7_9;
  356. arm9tdmi_common_t *arm9tdmi;
  357. arm920t_common_t *arm920t;
  358. if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
  359. {
  360. return -1;
  361. }
  362. arm7_9 = armv4_5->arch_info;
  363. if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
  364. {
  365. return -1;
  366. }
  367. arm9tdmi = arm7_9->arch_info;
  368. if (arm9tdmi->common_magic != ARM9TDMI_COMMON_MAGIC)
  369. {
  370. return -1;
  371. }
  372. arm920t = arm9tdmi->arch_info;
  373. if (arm920t->common_magic != ARM920T_COMMON_MAGIC)
  374. {
  375. return -1;
  376. }
  377. *armv4_5_p = armv4_5;
  378. *arm7_9_p = arm7_9;
  379. *arm9tdmi_p = arm9tdmi;
  380. *arm920t_p = arm920t;
  381. return ERROR_OK;
  382. }
  383. int arm920t_arch_state(struct target_s *target)
  384. {
  385. armv4_5_common_t *armv4_5 = target->arch_info;
  386. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  387. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  388. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  389. char *state[] =
  390. {
  391. "disabled", "enabled"
  392. };
  393. if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
  394. {
  395. LOG_ERROR("BUG: called for a non-ARMv4/5 target");
  396. exit(-1);
  397. }
  398. LOG_USER("target halted in %s state due to %s, current mode: %s\n"
  399. "cpsr: 0x%8.8" PRIx32 " pc: 0x%8.8" PRIx32 "\n"
  400. "MMU: %s, D-Cache: %s, I-Cache: %s",
  401. armv4_5_state_strings[armv4_5->core_state],
  402. Jim_Nvp_value2name_simple(nvp_target_debug_reason, target->debug_reason)->name,
  403. armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)],
  404. buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32),
  405. buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32),
  406. state[arm920t->armv4_5_mmu.mmu_enabled],
  407. state[arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled],
  408. state[arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled]);
  409. return ERROR_OK;
  410. }
  411. int arm920t_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  412. {
  413. int retval;
  414. retval = arm7_9_read_memory(target, address, size, count, buffer);
  415. return retval;
  416. }
  417. int arm920t_read_phys_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  418. {
  419. armv4_5_common_t *armv4_5 = target->arch_info;
  420. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  421. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  422. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  423. return armv4_5_mmu_read_physical(target, &arm920t->armv4_5_mmu, address, size, count, buffer);
  424. }
  425. int arm920t_write_phys_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  426. {
  427. armv4_5_common_t *armv4_5 = target->arch_info;
  428. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  429. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  430. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  431. return armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu, address, size, count, buffer);
  432. }
  433. int arm920t_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
  434. {
  435. int retval;
  436. armv4_5_common_t *armv4_5 = target->arch_info;
  437. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  438. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  439. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  440. if ((retval = arm7_9_write_memory(target, address, size, count, buffer)) != ERROR_OK)
  441. return retval;
  442. if (((size == 4) || (size == 2)) && (count == 1))
  443. {
  444. if (arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
  445. {
  446. LOG_DEBUG("D-Cache enabled, writing through to main memory");
  447. uint32_t pa, cb, ap;
  448. int type, domain;
  449. pa = armv4_5_mmu_translate_va(target, &arm920t->armv4_5_mmu, address, &type, &cb, &domain, &ap);
  450. if (type == -1)
  451. return ERROR_OK;
  452. /* cacheable & bufferable means write-back region */
  453. if (cb == 3)
  454. armv4_5_mmu_write_physical(target, &arm920t->armv4_5_mmu, pa, size, count, buffer);
  455. }
  456. if (arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
  457. {
  458. LOG_DEBUG("I-Cache enabled, invalidating affected I-Cache line");
  459. arm920t_write_cp15_interpreted(target, 0xee070f35, 0x0, address);
  460. }
  461. }
  462. return retval;
  463. }
  464. int arm920t_soft_reset_halt(struct target_s *target)
  465. {
  466. int retval = ERROR_OK;
  467. armv4_5_common_t *armv4_5 = target->arch_info;
  468. arm7_9_common_t *arm7_9 = armv4_5->arch_info;
  469. arm9tdmi_common_t *arm9tdmi = arm7_9->arch_info;
  470. arm920t_common_t *arm920t = arm9tdmi->arch_info;
  471. reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
  472. if ((retval = target_halt(target)) != ERROR_OK)
  473. {
  474. return retval;
  475. }
  476. long long then = timeval_ms();
  477. int timeout;
  478. while (!(timeout = ((timeval_ms()-then) > 1000)))
  479. {
  480. if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) == 0)
  481. {
  482. embeddedice_read_reg(dbg_stat);
  483. if ((retval = jtag_execute_queue()) != ERROR_OK)
  484. {
  485. return retval;
  486. }
  487. } else
  488. {
  489. break;
  490. }
  491. if (debug_level >= 3)
  492. {
  493. /* do not eat all CPU, time out after 1 se*/
  494. alive_sleep(100);
  495. } else
  496. {
  497. keep_alive();
  498. }
  499. }
  500. if (timeout)
  501. {
  502. LOG_ERROR("Failed to halt CPU after 1 sec");
  503. return ERROR_TARGET_TIMEOUT;
  504. }
  505. target->state = TARGET_HALTED;
  506. /* SVC, ARM state, IRQ and FIQ disabled */
  507. buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
  508. armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
  509. armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
  510. /* start fetching from 0x0 */
  511. buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
  512. armv4_5->core_cache->reg_list[15].dirty = 1;
  513. armv4_5->core_cache->reg_list[15].valid = 1;
  514. armv4_5->core_mode = ARMV4_5_MODE_SVC;
  515. armv4_5->core_state = ARMV4_5_STATE_ARM;
  516. arm920t_disable_mmu_caches(target, 1, 1, 1);
  517. arm920t->armv4_5_mmu.mmu_enabled = 0;
  518. arm920t->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled = 0;
  519. arm920t->armv4_5_mmu.armv4_5_cache.i_cache_enabled = 0;
  520. if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
  521. {
  522. return retval;
  523. }
  524. return ERROR_OK;
  525. }
  526. int arm920t_init_target(struct command_context_s *cmd_ctx, struct target_s *target)
  527. {
  528. arm9tdmi_init_target(cmd_ctx, target);
  529. return ERROR_OK;
  530. }
  531. int arm920t_quit(void)
  532. {
  533. return ERROR_OK;
  534. }
  535. int arm920t_init_arch_info(target_t *target, arm920t_common_t *arm920t, jtag_tap_t *tap)
  536. {
  537. arm9tdmi_common_t *arm9tdmi = &arm920t->arm9tdmi_common;
  538. arm7_9_common_t *arm7_9 = &arm9tdmi->arm7_9_common;
  539. /* initialize arm9tdmi specific info (including arm7_9 and armv4_5)
  540. */
  541. arm9tdmi_init_arch_info(target, arm9tdmi, tap);
  542. arm9tdmi->arch_info = arm920t;
  543. arm920t->common_magic = ARM920T_COMMON_MAGIC;
  544. arm7_9->post_debug_entry = arm920t_post_debug_entry;
  545. arm7_9->pre_restore_context = arm920t_pre_restore_context;
  546. arm920t->armv4_5_mmu.armv4_5_cache.ctype = -1;
  547. arm920t->armv4_5_mmu.get_ttb = arm920t_get_ttb;
  548. arm920t->armv4_5_mmu.read_memory = arm7_9_read_memory;
  549. arm920t->armv4_5_mmu.write_memory = arm7_9_write_memory;
  550. arm920t->armv4_5_mmu.disable_mmu_caches = arm920t_disable_mmu_caches;
  551. arm920t->armv4_5_mmu.enable_mmu_caches = arm920t_enable_mmu_caches;
  552. arm920t->armv4_5_mmu.has_tiny_pages = 1;
  553. arm920t->armv4_5_mmu.mmu_enabled = 0;
  554. /* disabling linefills leads to lockups, so keep them enabled for now
  555. * this doesn't affect correctness, but might affect timing issues, if
  556. * important data is evicted from the cache during the debug session
  557. * */
  558. arm920t->preserve_cache = 0;
  559. /* override hw single-step capability from ARM9TDMI */
  560. arm7_9->has_single_step = 1;
  561. return ERROR_OK;
  562. }
  563. int arm920t_target_create(struct target_s *target, Jim_Interp *interp)
  564. {
  565. arm920t_common_t *arm920t = calloc(1,sizeof(arm920t_common_t));
  566. arm920t_init_arch_info(target, arm920t, target->tap);
  567. return ERROR_OK;
  568. }
  569. int arm920t_register_commands(struct command_context_s *cmd_ctx)
  570. {
  571. int retval;
  572. command_t *arm920t_cmd;
  573. retval = arm9tdmi_register_commands(cmd_ctx);
  574. arm920t_cmd = register_command(cmd_ctx, NULL, "arm920t", NULL, COMMAND_ANY, "arm920t specific commands");
  575. register_command(cmd_ctx, arm920t_cmd, "cp15", arm920t_handle_cp15_command, COMMAND_EXEC, "display/modify cp15 register <num> [value]");
  576. register_command(cmd_ctx, arm920t_cmd, "cp15i", arm920t_handle_cp15i_command, COMMAND_EXEC, "display/modify cp15 (interpreted access) <opcode> [value] [address]");
  577. register_command(cmd_ctx, arm920t_cmd, "cache_info", arm920t_handle_cache_info_command, COMMAND_EXEC, "display information about target caches");
  578. register_command(cmd_ctx, arm920t_cmd, "mdw_phys", arm920t_handle_md_phys_command, COMMAND_EXEC, "display memory words <physical addr> [count]");
  579. register_command(cmd_ctx, arm920t_cmd, "mdh_phys", arm920t_handle_md_phys_command, COMMAND_EXEC, "display memory half-words <physical addr> [count]");
  580. register_command(cmd_ctx, arm920t_cmd, "mdb_phys", arm920t_handle_md_phys_command, COMMAND_EXEC, "display memory bytes <physical addr> [count]");
  581. register_command(cmd_ctx, arm920t_cmd, "mww_phys", arm920t_handle_mw_phys_command, COMMAND_EXEC, "write memory word <physical addr> <value>");
  582. register_command(cmd_ctx, arm920t_cmd, "mwh_phys", arm920t_handle_mw_phys_command, COMMAND_EXEC, "write memory half-word <physical addr> <value>");
  583. register_command(cmd_ctx, arm920t_cmd, "mwb_phys", arm920t_handle_mw_phys_command, COMMAND_EXEC, "write memory byte <physical addr> <value>");
  584. register_command(cmd_ctx, arm920t_cmd, "read_cache", arm920t_handle_read_cache_command, COMMAND_EXEC, "display I/D cache content");
  585. register_command(cmd_ctx, arm920t_cmd, "read_mmu", arm920t_handle_read_mmu_command, COMMAND_EXEC, "display I/D mmu content");
  586. return retval;
  587. }
  588. int arm920t_handle_read_cache_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
  589. {
  590. int retval = ERROR_OK;
  591. target_t *target = get_current_target(cmd_ctx);
  592. armv4_5_common_t *armv4_5;
  593. arm7_9_common_t *arm7_9;
  594. arm9tdmi_common_t *arm9tdmi;
  595. arm920t_common_t *arm920t;
  596. arm_jtag_t *jtag_info;
  597. uint32_t cp15c15;
  598. uint32_t cp15_ctrl, cp15_ctrl_saved;
  599. uint32_t regs[16];
  600. uint32_t *regs_p[16];
  601. uint32_t C15_C_D_Ind, C15_C_I_Ind;
  602. int i;
  603. FILE *output;
  604. arm920t_cache_line_t d_cache[8][64], i_cache[8][64];
  605. int segment, index;
  606. if (argc != 1)
  607. {
  608. command_print(cmd_ctx, "usage: arm920t read_cache <filename>");
  609. return ERROR_OK;
  610. }
  611. if ((output = fopen(args[0], "w")) == NULL)
  612. {
  613. LOG_DEBUG("error opening cache content file");
  614. return ERROR_OK;
  615. }
  616. for (i = 0; i < 16; i++)
  617. regs_p[i] = &regs[i];
  618. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  619. {
  620. command_print(cmd_ctx, "current target isn't an ARM920t target");
  621. return ERROR_OK;
  622. }
  623. jtag_info = &arm7_9->jtag_info;
  624. /* disable MMU and Caches */
  625. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), &cp15_ctrl);
  626. if ((retval = jtag_execute_queue()) != ERROR_OK)
  627. {
  628. return retval;
  629. }
  630. cp15_ctrl_saved = cp15_ctrl;
  631. cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
  632. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl);
  633. /* read CP15 test state register */
  634. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), &cp15c15);
  635. jtag_execute_queue();
  636. /* read DCache content */
  637. fprintf(output, "DCache:\n");
  638. /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
  639. for (segment = 0; segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets; segment++)
  640. {
  641. fprintf(output, "\nsegment: %i\n----------", segment);
  642. /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
  643. regs[0] = 0x0 | (segment << 5);
  644. arm9tdmi_write_core_regs(target, 0x1, regs);
  645. /* set interpret mode */
  646. cp15c15 |= 0x1;
  647. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  648. /* D CAM Read, loads current victim into C15.C.D.Ind */
  649. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(1, 0));
  650. /* read current victim */
  651. arm920t_read_cp15_physical(target, 0x3d, &C15_C_D_Ind);
  652. /* clear interpret mode */
  653. cp15c15 &= ~0x1;
  654. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  655. for (index = 0; index < 64; index++)
  656. {
  657. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  658. regs[0] = 0x0 | (segment << 5) | (index << 26);
  659. arm9tdmi_write_core_regs(target, 0x1, regs);
  660. /* set interpret mode */
  661. cp15c15 |= 0x1;
  662. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  663. /* Write DCache victim */
  664. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
  665. /* Read D RAM */
  666. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,10,2), ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
  667. /* Read D CAM */
  668. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,6,2), ARMV4_5_LDR(9, 0));
  669. /* clear interpret mode */
  670. cp15c15 &= ~0x1;
  671. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  672. /* read D RAM and CAM content */
  673. arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
  674. if ((retval = jtag_execute_queue()) != ERROR_OK)
  675. {
  676. return retval;
  677. }
  678. d_cache[segment][index].cam = regs[9];
  679. /* mask LFSR[6] */
  680. regs[9] &= 0xfffffffe;
  681. fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8" PRIx32 ", content (%s):\n", segment, index, regs[9], (regs[9] & 0x10) ? "valid" : "invalid");
  682. for (i = 1; i < 9; i++)
  683. {
  684. d_cache[segment][index].data[i] = regs[i];
  685. fprintf(output, "%i: 0x%8.8" PRIx32 "\n", i-1, regs[i]);
  686. }
  687. }
  688. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  689. regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
  690. arm9tdmi_write_core_regs(target, 0x1, regs);
  691. /* set interpret mode */
  692. cp15c15 |= 0x1;
  693. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  694. /* Write DCache victim */
  695. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,0), ARMV4_5_LDR(1, 0));
  696. /* clear interpret mode */
  697. cp15c15 &= ~0x1;
  698. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  699. }
  700. /* read ICache content */
  701. fprintf(output, "ICache:\n");
  702. /* go through segments 0 to nsets (8 on ARM920T, 4 on ARM922T) */
  703. for (segment = 0; segment < arm920t->armv4_5_mmu.armv4_5_cache.d_u_size.nsets; segment++)
  704. {
  705. fprintf(output, "segment: %i\n----------", segment);
  706. /* Ra: r0 = SBZ(31:8):segment(7:5):SBZ(4:0) */
  707. regs[0] = 0x0 | (segment << 5);
  708. arm9tdmi_write_core_regs(target, 0x1, regs);
  709. /* set interpret mode */
  710. cp15c15 |= 0x1;
  711. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  712. /* I CAM Read, loads current victim into C15.C.I.Ind */
  713. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(1, 0));
  714. /* read current victim */
  715. arm920t_read_cp15_physical(target, 0x3b, &C15_C_I_Ind);
  716. /* clear interpret mode */
  717. cp15c15 &= ~0x1;
  718. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  719. for (index = 0; index < 64; index++)
  720. {
  721. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  722. regs[0] = 0x0 | (segment << 5) | (index << 26);
  723. arm9tdmi_write_core_regs(target, 0x1, regs);
  724. /* set interpret mode */
  725. cp15c15 |= 0x1;
  726. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  727. /* Write ICache victim */
  728. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
  729. /* Read I RAM */
  730. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,9,2), ARMV4_5_LDMIA(0, 0x1fe, 0, 0));
  731. /* Read I CAM */
  732. arm920t_execute_cp15(target, ARMV4_5_MCR(15,2,0,15,5,2), ARMV4_5_LDR(9, 0));
  733. /* clear interpret mode */
  734. cp15c15 &= ~0x1;
  735. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  736. /* read I RAM and CAM content */
  737. arm9tdmi_read_core_regs(target, 0x3fe, regs_p);
  738. if ((retval = jtag_execute_queue()) != ERROR_OK)
  739. {
  740. return retval;
  741. }
  742. i_cache[segment][index].cam = regs[9];
  743. /* mask LFSR[6] */
  744. regs[9] &= 0xfffffffe;
  745. fprintf(output, "\nsegment: %i, index: %i, CAM: 0x%8.8" PRIx32 ", content (%s):\n", segment, index, regs[9], (regs[9] & 0x10) ? "valid" : "invalid");
  746. for (i = 1; i < 9; i++)
  747. {
  748. i_cache[segment][index].data[i] = regs[i];
  749. fprintf(output, "%i: 0x%8.8" PRIx32 "\n", i-1, regs[i]);
  750. }
  751. }
  752. /* Ra: r0 = index(31:26):SBZ(25:8):segment(7:5):SBZ(4:0) */
  753. regs[0] = 0x0 | (segment << 5) | (C15_C_D_Ind << 26);
  754. arm9tdmi_write_core_regs(target, 0x1, regs);
  755. /* set interpret mode */
  756. cp15c15 |= 0x1;
  757. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  758. /* Write ICache victim */
  759. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,9,1,1), ARMV4_5_LDR(1, 0));
  760. /* clear interpret mode */
  761. cp15c15 &= ~0x1;
  762. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  763. }
  764. /* restore CP15 MMU and Cache settings */
  765. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl_saved);
  766. command_print(cmd_ctx, "cache content successfully output to %s", args[0]);
  767. fclose(output);
  768. if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
  769. return ERROR_FAIL;
  770. /* mark registers dirty. */
  771. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
  772. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).valid;
  773. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).valid;
  774. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).valid;
  775. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).valid;
  776. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).valid;
  777. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).valid;
  778. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).valid;
  779. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).valid;
  780. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).valid;
  781. return ERROR_OK;
  782. }
  783. int arm920t_handle_read_mmu_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
  784. {
  785. int retval = ERROR_OK;
  786. target_t *target = get_current_target(cmd_ctx);
  787. armv4_5_common_t *armv4_5;
  788. arm7_9_common_t *arm7_9;
  789. arm9tdmi_common_t *arm9tdmi;
  790. arm920t_common_t *arm920t;
  791. arm_jtag_t *jtag_info;
  792. uint32_t cp15c15;
  793. uint32_t cp15_ctrl, cp15_ctrl_saved;
  794. uint32_t regs[16];
  795. uint32_t *regs_p[16];
  796. int i;
  797. FILE *output;
  798. uint32_t Dlockdown, Ilockdown;
  799. arm920t_tlb_entry_t d_tlb[64], i_tlb[64];
  800. int victim;
  801. if (argc != 1)
  802. {
  803. command_print(cmd_ctx, "usage: arm920t read_mmu <filename>");
  804. return ERROR_OK;
  805. }
  806. if ((output = fopen(args[0], "w")) == NULL)
  807. {
  808. LOG_DEBUG("error opening mmu content file");
  809. return ERROR_OK;
  810. }
  811. for (i = 0; i < 16; i++)
  812. regs_p[i] = &regs[i];
  813. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  814. {
  815. command_print(cmd_ctx, "current target isn't an ARM920t target");
  816. return ERROR_OK;
  817. }
  818. jtag_info = &arm7_9->jtag_info;
  819. /* disable MMU and Caches */
  820. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), &cp15_ctrl);
  821. if ((retval = jtag_execute_queue()) != ERROR_OK)
  822. {
  823. return retval;
  824. }
  825. cp15_ctrl_saved = cp15_ctrl;
  826. cp15_ctrl &= ~(ARMV4_5_MMU_ENABLED | ARMV4_5_D_U_CACHE_ENABLED | ARMV4_5_I_CACHE_ENABLED);
  827. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl);
  828. /* read CP15 test state register */
  829. arm920t_read_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), &cp15c15);
  830. if ((retval = jtag_execute_queue()) != ERROR_OK)
  831. {
  832. return retval;
  833. }
  834. /* prepare reading D TLB content
  835. * */
  836. /* set interpret mode */
  837. cp15c15 |= 0x1;
  838. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  839. /* Read D TLB lockdown */
  840. arm920t_execute_cp15(target, ARMV4_5_MRC(15,0,0,10,0,0), ARMV4_5_LDR(1, 0));
  841. /* clear interpret mode */
  842. cp15c15 &= ~0x1;
  843. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  844. /* read D TLB lockdown stored to r1 */
  845. arm9tdmi_read_core_regs(target, 0x2, regs_p);
  846. if ((retval = jtag_execute_queue()) != ERROR_OK)
  847. {
  848. return retval;
  849. }
  850. Dlockdown = regs[1];
  851. for (victim = 0; victim < 64; victim += 8)
  852. {
  853. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  854. * base remains unchanged, victim goes through entries 0 to 63 */
  855. regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
  856. arm9tdmi_write_core_regs(target, 0x2, regs);
  857. /* set interpret mode */
  858. cp15c15 |= 0x1;
  859. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  860. /* Write D TLB lockdown */
  861. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
  862. /* Read D TLB CAM */
  863. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,6,4), ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
  864. /* clear interpret mode */
  865. cp15c15 &= ~0x1;
  866. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  867. /* read D TLB CAM content stored to r2-r9 */
  868. arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
  869. if ((retval = jtag_execute_queue()) != ERROR_OK)
  870. {
  871. return retval;
  872. }
  873. for (i = 0; i < 8; i++)
  874. d_tlb[victim + i].cam = regs[i + 2];
  875. }
  876. for (victim = 0; victim < 64; victim++)
  877. {
  878. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  879. * base remains unchanged, victim goes through entries 0 to 63 */
  880. regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
  881. arm9tdmi_write_core_regs(target, 0x2, regs);
  882. /* set interpret mode */
  883. cp15c15 |= 0x1;
  884. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  885. /* Write D TLB lockdown */
  886. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
  887. /* Read D TLB RAM1 */
  888. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,10,4), ARMV4_5_LDR(2,0));
  889. /* Read D TLB RAM2 */
  890. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,2,5), ARMV4_5_LDR(3,0));
  891. /* clear interpret mode */
  892. cp15c15 &= ~0x1;
  893. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  894. /* read D TLB RAM content stored to r2 and r3 */
  895. arm9tdmi_read_core_regs(target, 0xc, regs_p);
  896. if ((retval = jtag_execute_queue()) != ERROR_OK)
  897. {
  898. return retval;
  899. }
  900. d_tlb[victim].ram1 = regs[2];
  901. d_tlb[victim].ram2 = regs[3];
  902. }
  903. /* restore D TLB lockdown */
  904. regs[1] = Dlockdown;
  905. arm9tdmi_write_core_regs(target, 0x2, regs);
  906. /* Write D TLB lockdown */
  907. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,0), ARMV4_5_STR(1, 0));
  908. /* prepare reading I TLB content
  909. * */
  910. /* set interpret mode */
  911. cp15c15 |= 0x1;
  912. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  913. /* Read I TLB lockdown */
  914. arm920t_execute_cp15(target, ARMV4_5_MRC(15,0,0,10,0,1), ARMV4_5_LDR(1, 0));
  915. /* clear interpret mode */
  916. cp15c15 &= ~0x1;
  917. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  918. /* read I TLB lockdown stored to r1 */
  919. arm9tdmi_read_core_regs(target, 0x2, regs_p);
  920. if ((retval = jtag_execute_queue()) != ERROR_OK)
  921. {
  922. return retval;
  923. }
  924. Ilockdown = regs[1];
  925. for (victim = 0; victim < 64; victim += 8)
  926. {
  927. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  928. * base remains unchanged, victim goes through entries 0 to 63 */
  929. regs[1] = (Ilockdown & 0xfc000000) | (victim << 20);
  930. arm9tdmi_write_core_regs(target, 0x2, regs);
  931. /* set interpret mode */
  932. cp15c15 |= 0x1;
  933. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  934. /* Write I TLB lockdown */
  935. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
  936. /* Read I TLB CAM */
  937. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,5,4), ARMV4_5_LDMIA(0, 0x3fc, 0, 0));
  938. /* clear interpret mode */
  939. cp15c15 &= ~0x1;
  940. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  941. /* read I TLB CAM content stored to r2-r9 */
  942. arm9tdmi_read_core_regs(target, 0x3fc, regs_p);
  943. if ((retval = jtag_execute_queue()) != ERROR_OK)
  944. {
  945. return retval;
  946. }
  947. for (i = 0; i < 8; i++)
  948. i_tlb[i + victim].cam = regs[i + 2];
  949. }
  950. for (victim = 0; victim < 64; victim++)
  951. {
  952. /* new lockdown value: base[31:26]:victim[25:20]:SBZ[19:1]:p[0]
  953. * base remains unchanged, victim goes through entries 0 to 63 */
  954. regs[1] = (Dlockdown & 0xfc000000) | (victim << 20);
  955. arm9tdmi_write_core_regs(target, 0x2, regs);
  956. /* set interpret mode */
  957. cp15c15 |= 0x1;
  958. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0xf, 0), cp15c15);
  959. /* Write I TLB lockdown */
  960. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
  961. /* Read I TLB RAM1 */
  962. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,9,4), ARMV4_5_LDR(2,0));
  963. /* Read I TLB RAM2 */
  964. arm920t_execute_cp15(target, ARMV4_5_MCR(15,4,0,15,1,5), ARMV4_5_LDR(3,0));
  965. /* clear interpret mode */
  966. cp15c15 &= ~0x1;
  967. arm920t_write_cp15_physical(target, 0x1e, cp15c15);
  968. /* read I TLB RAM content stored to r2 and r3 */
  969. arm9tdmi_read_core_regs(target, 0xc, regs_p);
  970. if ((retval = jtag_execute_queue()) != ERROR_OK)
  971. {
  972. return retval;
  973. }
  974. i_tlb[victim].ram1 = regs[2];
  975. i_tlb[victim].ram2 = regs[3];
  976. }
  977. /* restore I TLB lockdown */
  978. regs[1] = Ilockdown;
  979. arm9tdmi_write_core_regs(target, 0x2, regs);
  980. /* Write I TLB lockdown */
  981. arm920t_execute_cp15(target, ARMV4_5_MCR(15,0,0,10,0,1), ARMV4_5_STR(1, 0));
  982. /* restore CP15 MMU and Cache settings */
  983. arm920t_write_cp15_physical(target, ARM920T_CP15_PHYS_ADDR(0, 0x1, 0), cp15_ctrl_saved);
  984. /* output data to file */
  985. fprintf(output, "D TLB content:\n");
  986. for (i = 0; i < 64; i++)
  987. {
  988. fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " %s\n", i, d_tlb[i].cam, d_tlb[i].ram1, d_tlb[i].ram2, (d_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
  989. }
  990. fprintf(output, "\n\nI TLB content:\n");
  991. for (i = 0; i < 64; i++)
  992. {
  993. fprintf(output, "%i: 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " 0x%8.8" PRIx32 " %s\n", i, i_tlb[i].cam, i_tlb[i].ram1, i_tlb[i].ram2, (i_tlb[i].cam & 0x20) ? "(valid)" : "(invalid)");
  994. }
  995. command_print(cmd_ctx, "mmu content successfully output to %s", args[0]);
  996. fclose(output);
  997. if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
  998. return ERROR_FAIL;
  999. /* mark registers dirty */
  1000. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
  1001. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 1).valid;
  1002. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 2).valid;
  1003. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 3).valid;
  1004. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 4).valid;
  1005. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 5).valid;
  1006. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 6).valid;
  1007. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 7).valid;
  1008. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 8).valid;
  1009. ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 9).valid;
  1010. return ERROR_OK;
  1011. }
  1012. int arm920t_handle_cp15_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
  1013. {
  1014. int retval;
  1015. target_t *target = get_current_target(cmd_ctx);
  1016. armv4_5_common_t *armv4_5;
  1017. arm7_9_common_t *arm7_9;
  1018. arm9tdmi_common_t *arm9tdmi;
  1019. arm920t_common_t *arm920t;
  1020. arm_jtag_t *jtag_info;
  1021. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  1022. {
  1023. command_print(cmd_ctx, "current target isn't an ARM920t target");
  1024. return ERROR_OK;
  1025. }
  1026. jtag_info = &arm7_9->jtag_info;
  1027. if (target->state != TARGET_HALTED)
  1028. {
  1029. command_print(cmd_ctx, "target must be stopped for \"%s\" command", cmd);
  1030. return ERROR_OK;
  1031. }
  1032. /* one or more argument, access a single register (write if second argument is given */
  1033. if (argc >= 1)
  1034. {
  1035. int address = strtoul(args[0], NULL, 0);
  1036. if (argc == 1)
  1037. {
  1038. uint32_t value;
  1039. if ((retval = arm920t_read_cp15_physical(target, address, &value)) != ERROR_OK)
  1040. {
  1041. command_print(cmd_ctx, "couldn't access reg %i", address);
  1042. return ERROR_OK;
  1043. }
  1044. if ((retval = jtag_execute_queue()) != ERROR_OK)
  1045. {
  1046. return retval;
  1047. }
  1048. command_print(cmd_ctx, "%i: %8.8" PRIx32 "", address, value);
  1049. }
  1050. else if (argc == 2)
  1051. {
  1052. uint32_t value = strtoul(args[1], NULL, 0);
  1053. if ((retval = arm920t_write_cp15_physical(target, address, value)) != ERROR_OK)
  1054. {
  1055. command_print(cmd_ctx, "couldn't access reg %i", address);
  1056. return ERROR_OK;
  1057. }
  1058. command_print(cmd_ctx, "%i: %8.8" PRIx32 "", address, value);
  1059. }
  1060. }
  1061. return ERROR_OK;
  1062. }
  1063. int arm920t_handle_cp15i_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
  1064. {
  1065. int retval;
  1066. target_t *target = get_current_target(cmd_ctx);
  1067. armv4_5_common_t *armv4_5;
  1068. arm7_9_common_t *arm7_9;
  1069. arm9tdmi_common_t *arm9tdmi;
  1070. arm920t_common_t *arm920t;
  1071. arm_jtag_t *jtag_info;
  1072. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  1073. {
  1074. command_print(cmd_ctx, "current target isn't an ARM920t target");
  1075. return ERROR_OK;
  1076. }
  1077. jtag_info = &arm7_9->jtag_info;
  1078. if (target->state != TARGET_HALTED)
  1079. {
  1080. command_print(cmd_ctx, "target must be stopped for \"%s\" command", cmd);
  1081. return ERROR_OK;
  1082. }
  1083. /* one or more argument, access a single register (write if second argument is given */
  1084. if (argc >= 1)
  1085. {
  1086. uint32_t opcode = strtoul(args[0], NULL, 0);
  1087. if (argc == 1)
  1088. {
  1089. uint32_t value;
  1090. if ((retval = arm920t_read_cp15_interpreted(target, opcode, 0x0, &value)) != ERROR_OK)
  1091. {
  1092. command_print(cmd_ctx, "couldn't execute %8.8" PRIx32 "", opcode);
  1093. return ERROR_OK;
  1094. }
  1095. command_print(cmd_ctx, "%8.8" PRIx32 ": %8.8" PRIx32 "", opcode, value);
  1096. }
  1097. else if (argc == 2)
  1098. {
  1099. uint32_t value = strtoul(args[1], NULL, 0);
  1100. if ((retval = arm920t_write_cp15_interpreted(target, opcode, value, 0)) != ERROR_OK)
  1101. {
  1102. command_print(cmd_ctx, "couldn't execute %8.8" PRIx32 "", opcode);
  1103. return ERROR_OK;
  1104. }
  1105. command_print(cmd_ctx, "%8.8" PRIx32 ": %8.8" PRIx32 "", opcode, value);
  1106. }
  1107. else if (argc == 3)
  1108. {
  1109. uint32_t value = strtoul(args[1], NULL, 0);
  1110. uint32_t address = strtoul(args[2], NULL, 0);
  1111. if ((retval = arm920t_write_cp15_interpreted(target, opcode, value, address)) != ERROR_OK)
  1112. {
  1113. command_print(cmd_ctx, "couldn't execute %8.8" PRIx32 "", opcode);
  1114. return ERROR_OK;
  1115. }
  1116. command_print(cmd_ctx, "%8.8" PRIx32 ": %8.8" PRIx32 " %8.8" PRIx32 "", opcode, value, address);
  1117. }
  1118. }
  1119. else
  1120. {
  1121. command_print(cmd_ctx, "usage: arm920t cp15i <opcode> [value] [address]");
  1122. }
  1123. return ERROR_OK;
  1124. }
  1125. int arm920t_handle_cache_info_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
  1126. {
  1127. target_t *target = get_current_target(cmd_ctx);
  1128. armv4_5_common_t *armv4_5;
  1129. arm7_9_common_t *arm7_9;
  1130. arm9tdmi_common_t *arm9tdmi;
  1131. arm920t_common_t *arm920t;
  1132. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  1133. {
  1134. command_print(cmd_ctx, "current target isn't an ARM920t target");
  1135. return ERROR_OK;
  1136. }
  1137. return armv4_5_handle_cache_info_command(cmd_ctx, &arm920t->armv4_5_mmu.armv4_5_cache);
  1138. }
  1139. int arm920t_handle_md_phys_command(command_context_t *cmd_ctx, char *cmd, char **args, int argc)
  1140. {
  1141. target_t *target = get_current_target(cmd_ctx);
  1142. armv4_5_common_t *armv4_5;
  1143. arm7_9_common_t *arm7_9;
  1144. arm9tdmi_common_t *arm9tdmi;
  1145. arm920t_common_t *arm920t;
  1146. arm_jtag_t *jtag_info;
  1147. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  1148. {
  1149. command_print(cmd_ctx, "current target isn't an ARM920t target");
  1150. return ERROR_OK;
  1151. }
  1152. jtag_info = &arm7_9->jtag_info;
  1153. if (target->state != TARGET_HALTED)
  1154. {
  1155. command_print(cmd_ctx, "target must be stopped for \"%s\" command", cmd);
  1156. return ERROR_OK;
  1157. }
  1158. return armv4_5_mmu_handle_md_phys_command(cmd_ctx, cmd, args, argc, target, &arm920t->armv4_5_mmu);
  1159. }
  1160. int arm920t_handle_mw_phys_command(command_context_t *cmd_ctx, char *cmd, char **args, int argc)
  1161. {
  1162. target_t *target = get_current_target(cmd_ctx);
  1163. armv4_5_common_t *armv4_5;
  1164. arm7_9_common_t *arm7_9;
  1165. arm9tdmi_common_t *arm9tdmi;
  1166. arm920t_common_t *arm920t;
  1167. arm_jtag_t *jtag_info;
  1168. if (arm920t_get_arch_pointers(target, &armv4_5, &arm7_9, &arm9tdmi, &arm920t) != ERROR_OK)
  1169. {
  1170. command_print(cmd_ctx, "current target isn't an ARM920t target");
  1171. return ERROR_OK;
  1172. }
  1173. jtag_info = &arm7_9->jtag_info;
  1174. if (target->state != TARGET_HALTED)
  1175. {
  1176. command_print(cmd_ctx, "target must be stopped for \"%s\" command", cmd);
  1177. return ERROR_OK;
  1178. }
  1179. return armv4_5_mmu_handle_mw_phys_command(cmd_ctx, cmd, args, argc, target, &arm920t->armv4_5_mmu);
  1180. }