git.gag.com Git - fw/openocd/blob - src/target/aarch64.c

   1 /***************************************************************************
   2  *   Copyright (C) 2015 by David Ung                                       *
   3  *                                                                         *
   4  *   This program is free software; you can redistribute it and/or modify  *
   5  *   it under the terms of the GNU General Public License as published by  *
   6  *   the Free Software Foundation; either version 2 of the License, or     *
   7  *   (at your option) any later version.                                   *
   8  *                                                                         *
   9  *   This program is distributed in the hope that it will be useful,       *
  10  *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
  11  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
  12  *   GNU General Public License for more details.                          *
  13  *                                                                         *
  14  *   You should have received a copy of the GNU General Public License     *
  15  *   along with this program; if not, write to the                         *
  16  *   Free Software Foundation, Inc.,                                       *
  17  *                                                                         *
  18  ***************************************************************************/
  19
  20 #ifdef HAVE_CONFIG_H
  21 #include "config.h"
  22 #endif
  23
  24 #include "breakpoints.h"
  25 #include "aarch64.h"
  26 #include "register.h"
  27 #include "target_request.h"
  28 #include "target_type.h"
  29 #include "armv8_opcodes.h"
  30 #include "armv8_cache.h"
  31 #include "arm_semihosting.h"
  32 #include "jtag/interface.h"
  33 #include "smp.h"
  34 #include <helper/time_support.h>
  35
  36 enum restart_mode {
  37         RESTART_LAZY,
  38         RESTART_SYNC,
  39 };
  40
  41 enum halt_mode {
  42         HALT_LAZY,
  43         HALT_SYNC,
  44 };
  45
  46 struct aarch64_private_config {
  47         struct adiv5_private_config adiv5_config;
  48         struct arm_cti *cti;
  49 };
  50
  51 static int aarch64_poll(struct target *target);
  52 static int aarch64_debug_entry(struct target *target);
  53 static int aarch64_restore_context(struct target *target, bool bpwp);
  54 static int aarch64_set_breakpoint(struct target *target,
  55         struct breakpoint *breakpoint, uint8_t matchmode);
  56 static int aarch64_set_context_breakpoint(struct target *target,
  57         struct breakpoint *breakpoint, uint8_t matchmode);
  58 static int aarch64_set_hybrid_breakpoint(struct target *target,
  59         struct breakpoint *breakpoint);
  60 static int aarch64_unset_breakpoint(struct target *target,
  61         struct breakpoint *breakpoint);
  62 static int aarch64_mmu(struct target *target, int *enabled);
  63 static int aarch64_virt2phys(struct target *target,
  64         target_addr_t virt, target_addr_t *phys);
  65 static int aarch64_read_cpu_memory(struct target *target,
  66         uint64_t address, uint32_t size, uint32_t count, uint8_t *buffer);
  67
  68 static int aarch64_restore_system_control_reg(struct target *target)
  69 {
  70         enum arm_mode target_mode = ARM_MODE_ANY;
  71         int retval = ERROR_OK;
  72         uint32_t instr;
  73
  74         struct aarch64_common *aarch64 = target_to_aarch64(target);
  75         struct armv8_common *armv8 = target_to_armv8(target);
  76
  77         if (aarch64->system_control_reg != aarch64->system_control_reg_curr) {
  78                 aarch64->system_control_reg_curr = aarch64->system_control_reg;
  79                 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_v8->cp15_control_reg); */
  80
  81                 switch (armv8->arm.core_mode) {
  82                 case ARMV8_64_EL0T:
  83                         target_mode = ARMV8_64_EL1H;
  84                         /* fall through */
  85                 case ARMV8_64_EL1T:
  86                 case ARMV8_64_EL1H:
  87                         instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL1, 0);
  88                         break;
  89                 case ARMV8_64_EL2T:
  90                 case ARMV8_64_EL2H:
  91                         instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL2, 0);
  92                         break;
  93                 case ARMV8_64_EL3H:
  94                 case ARMV8_64_EL3T:
  95                         instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL3, 0);
  96                         break;
  97
  98                 case ARM_MODE_SVC:
  99                 case ARM_MODE_ABT:
 100                 case ARM_MODE_FIQ:
 101                 case ARM_MODE_IRQ:
 102                 case ARM_MODE_HYP:
 103                 case ARM_MODE_SYS:
 104                         instr = ARMV4_5_MCR(15, 0, 0, 1, 0, 0);
 105                         break;
 106
 107                 default:
 108                         LOG_ERROR("cannot read system control register in this mode: (%s : 0x%" PRIx32 ")",
 109                                         armv8_mode_name(armv8->arm.core_mode), armv8->arm.core_mode);
 110                         return ERROR_FAIL;
 111                 }
 112
 113                 if (target_mode != ARM_MODE_ANY)
 114                         armv8_dpm_modeswitch(&armv8->dpm, target_mode);
 115
 116                 retval = armv8->dpm.instr_write_data_r0(&armv8->dpm, instr, aarch64->system_control_reg);
 117                 if (retval != ERROR_OK)
 118                         return retval;
 119
 120                 if (target_mode != ARM_MODE_ANY)
 121                         armv8_dpm_modeswitch(&armv8->dpm, ARM_MODE_ANY);
 122         }
 123
 124         return retval;
 125 }
 126
 127 /*  modify system_control_reg in order to enable or disable mmu for :
 128  *  - virt2phys address conversion
 129  *  - read or write memory in phys or virt address */
 130 static int aarch64_mmu_modify(struct target *target, int enable)
 131 {
 132         struct aarch64_common *aarch64 = target_to_aarch64(target);
 133         struct armv8_common *armv8 = &aarch64->armv8_common;
 134         int retval = ERROR_OK;
 135         uint32_t instr = 0;
 136
 137         if (enable) {
 138                 /*      if mmu enabled at target stop and mmu not enable */
 139                 if (!(aarch64->system_control_reg & 0x1U)) {
 140                         LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
 141                         return ERROR_FAIL;
 142                 }
 143                 if (!(aarch64->system_control_reg_curr & 0x1U))
 144                         aarch64->system_control_reg_curr |= 0x1U;
 145         } else {
 146                 if (aarch64->system_control_reg_curr & 0x4U) {
 147                         /*  data cache is active */
 148                         aarch64->system_control_reg_curr &= ~0x4U;
 149                         /* flush data cache armv8 function to be called */
 150                         if (armv8->armv8_mmu.armv8_cache.flush_all_data_cache)
 151                                 armv8->armv8_mmu.armv8_cache.flush_all_data_cache(target);
 152                 }
 153                 if ((aarch64->system_control_reg_curr & 0x1U)) {
 154                         aarch64->system_control_reg_curr &= ~0x1U;
 155                 }
 156         }
 157
 158         switch (armv8->arm.core_mode) {
 159         case ARMV8_64_EL0T:
 160         case ARMV8_64_EL1T:
 161         case ARMV8_64_EL1H:
 162                 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL1, 0);
 163                 break;
 164         case ARMV8_64_EL2T:
 165         case ARMV8_64_EL2H:
 166                 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL2, 0);
 167                 break;
 168         case ARMV8_64_EL3H:
 169         case ARMV8_64_EL3T:
 170                 instr = ARMV8_MSR_GP(SYSTEM_SCTLR_EL3, 0);
 171                 break;
 172
 173         case ARM_MODE_SVC:
 174         case ARM_MODE_ABT:
 175         case ARM_MODE_FIQ:
 176         case ARM_MODE_IRQ:
 177         case ARM_MODE_HYP:
 178         case ARM_MODE_SYS:
 179                 instr = ARMV4_5_MCR(15, 0, 0, 1, 0, 0);
 180                 break;
 181
 182         default:
 183                 LOG_DEBUG("unknown cpu state 0x%" PRIx32, armv8->arm.core_mode);
 184                 break;
 185         }
 186
 187         retval = armv8->dpm.instr_write_data_r0(&armv8->dpm, instr,
 188                                 aarch64->system_control_reg_curr);
 189         return retval;
 190 }
 191
 192 /*
 193  * Basic debug access, very low level assumes state is saved
 194  */
 195 static int aarch64_init_debug_access(struct target *target)
 196 {
 197         struct armv8_common *armv8 = target_to_armv8(target);
 198         int retval;
 199         uint32_t dummy;
 200
 201         LOG_DEBUG("%s", target_name(target));
 202
 203         retval = mem_ap_write_atomic_u32(armv8->debug_ap,
 204                         armv8->debug_base + CPUV8_DBG_OSLAR, 0);
 205         if (retval != ERROR_OK) {
 206                 LOG_DEBUG("Examine %s failed", "oslock");
 207                 return retval;
 208         }
 209
 210         /* Clear Sticky Power Down status Bit in PRSR to enable access to
 211            the registers in the Core Power Domain */
 212         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 213                         armv8->debug_base + CPUV8_DBG_PRSR, &dummy);
 214         if (retval != ERROR_OK)
 215                 return retval;
 216
 217         /*
 218          * Static CTI configuration:
 219          * Channel 0 -> trigger outputs HALT request to PE
 220          * Channel 1 -> trigger outputs Resume request to PE
 221          * Gate all channel trigger events from entering the CTM
 222          */
 223
 224         /* Enable CTI */
 225         retval = arm_cti_enable(armv8->cti, true);
 226         /* By default, gate all channel events to and from the CTM */
 227         if (retval == ERROR_OK)
 228                 retval = arm_cti_write_reg(armv8->cti, CTI_GATE, 0);
 229         /* output halt requests to PE on channel 0 event */
 230         if (retval == ERROR_OK)
 231                 retval = arm_cti_write_reg(armv8->cti, CTI_OUTEN0, CTI_CHNL(0));
 232         /* output restart requests to PE on channel 1 event */
 233         if (retval == ERROR_OK)
 234                 retval = arm_cti_write_reg(armv8->cti, CTI_OUTEN1, CTI_CHNL(1));
 235         if (retval != ERROR_OK)
 236                 return retval;
 237
 238         /* Resync breakpoint registers */
 239
 240         return ERROR_OK;
 241 }
 242
 243 /* Write to memory mapped registers directly with no cache or mmu handling */
 244 static int aarch64_dap_write_memap_register_u32(struct target *target,
 245         uint32_t address,
 246         uint32_t value)
 247 {
 248         int retval;
 249         struct armv8_common *armv8 = target_to_armv8(target);
 250
 251         retval = mem_ap_write_atomic_u32(armv8->debug_ap, address, value);
 252
 253         return retval;
 254 }
 255
 256 static int aarch64_dpm_setup(struct aarch64_common *a8, uint64_t debug)
 257 {
 258         struct arm_dpm *dpm = &a8->armv8_common.dpm;
 259         int retval;
 260
 261         dpm->arm = &a8->armv8_common.arm;
 262         dpm->didr = debug;
 263
 264         retval = armv8_dpm_setup(dpm);
 265         if (retval == ERROR_OK)
 266                 retval = armv8_dpm_initialize(dpm);
 267
 268         return retval;
 269 }
 270
 271 static int aarch64_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
 272 {
 273         struct armv8_common *armv8 = target_to_armv8(target);
 274         return armv8_set_dbgreg_bits(armv8, CPUV8_DBG_DSCR, bit_mask, value);
 275 }
 276
 277 static int aarch64_check_state_one(struct target *target,
 278                 uint32_t mask, uint32_t val, int *p_result, uint32_t *p_prsr)
 279 {
 280         struct armv8_common *armv8 = target_to_armv8(target);
 281         uint32_t prsr;
 282         int retval;
 283
 284         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 285                         armv8->debug_base + CPUV8_DBG_PRSR, &prsr);
 286         if (retval != ERROR_OK)
 287                 return retval;
 288
 289         if (p_prsr)
 290                 *p_prsr = prsr;
 291
 292         if (p_result)
 293                 *p_result = (prsr & mask) == (val & mask);
 294
 295         return ERROR_OK;
 296 }
 297
 298 static int aarch64_wait_halt_one(struct target *target)
 299 {
 300         int retval = ERROR_OK;
 301         uint32_t prsr;
 302
 303         int64_t then = timeval_ms();
 304         for (;;) {
 305                 int halted;
 306
 307                 retval = aarch64_check_state_one(target, PRSR_HALT, PRSR_HALT, &halted, &prsr);
 308                 if (retval != ERROR_OK || halted)
 309                         break;
 310
 311                 if (timeval_ms() > then + 1000) {
 312                         retval = ERROR_TARGET_TIMEOUT;
 313                         LOG_DEBUG("target %s timeout, prsr=0x%08"PRIx32, target_name(target), prsr);
 314                         break;
 315                 }
 316         }
 317         return retval;
 318 }
 319
 320 static int aarch64_prepare_halt_smp(struct target *target, bool exc_target, struct target **p_first)
 321 {
 322         int retval = ERROR_OK;
 323         struct target_list *head = target->head;
 324         struct target *first = NULL;
 325
 326         LOG_DEBUG("target %s exc %i", target_name(target), exc_target);
 327
 328         while (head != NULL) {
 329                 struct target *curr = head->target;
 330                 struct armv8_common *armv8 = target_to_armv8(curr);
 331                 head = head->next;
 332
 333                 if (exc_target && curr == target)
 334                         continue;
 335                 if (!target_was_examined(curr))
 336                         continue;
 337                 if (curr->state != TARGET_RUNNING)
 338                         continue;
 339
 340                 /* HACK: mark this target as prepared for halting */
 341                 curr->debug_reason = DBG_REASON_DBGRQ;
 342
 343                 /* open the gate for channel 0 to let HALT requests pass to the CTM */
 344                 retval = arm_cti_ungate_channel(armv8->cti, 0);
 345                 if (retval == ERROR_OK)
 346                         retval = aarch64_set_dscr_bits(curr, DSCR_HDE, DSCR_HDE);
 347                 if (retval != ERROR_OK)
 348                         break;
 349
 350                 LOG_DEBUG("target %s prepared", target_name(curr));
 351
 352                 if (first == NULL)
 353                         first = curr;
 354         }
 355
 356         if (p_first) {
 357                 if (exc_target && first)
 358                         *p_first = first;
 359                 else
 360                         *p_first = target;
 361         }
 362
 363         return retval;
 364 }
 365
 366 static int aarch64_halt_one(struct target *target, enum halt_mode mode)
 367 {
 368         int retval = ERROR_OK;
 369         struct armv8_common *armv8 = target_to_armv8(target);
 370
 371         LOG_DEBUG("%s", target_name(target));
 372
 373         /* allow Halting Debug Mode */
 374         retval = aarch64_set_dscr_bits(target, DSCR_HDE, DSCR_HDE);
 375         if (retval != ERROR_OK)
 376                 return retval;
 377
 378         /* trigger an event on channel 0, this outputs a halt request to the PE */
 379         retval = arm_cti_pulse_channel(armv8->cti, 0);
 380         if (retval != ERROR_OK)
 381                 return retval;
 382
 383         if (mode == HALT_SYNC) {
 384                 retval = aarch64_wait_halt_one(target);
 385                 if (retval != ERROR_OK) {
 386                         if (retval == ERROR_TARGET_TIMEOUT)
 387                                 LOG_ERROR("Timeout waiting for target %s halt", target_name(target));
 388                         return retval;
 389                 }
 390         }
 391
 392         return ERROR_OK;
 393 }
 394
 395 static int aarch64_halt_smp(struct target *target, bool exc_target)
 396 {
 397         struct target *next = target;
 398         int retval;
 399
 400         /* prepare halt on all PEs of the group */
 401         retval = aarch64_prepare_halt_smp(target, exc_target, &next);
 402
 403         if (exc_target && next == target)
 404                 return retval;
 405
 406         /* halt the target PE */
 407         if (retval == ERROR_OK)
 408                 retval = aarch64_halt_one(next, HALT_LAZY);
 409
 410         if (retval != ERROR_OK)
 411                 return retval;
 412
 413         /* wait for all PEs to halt */
 414         int64_t then = timeval_ms();
 415         for (;;) {
 416                 bool all_halted = true;
 417                 struct target_list *head;
 418                 struct target *curr;
 419
 420                 foreach_smp_target(head, target->head) {
 421                         int halted;
 422
 423                         curr = head->target;
 424
 425                         if (!target_was_examined(curr))
 426                                 continue;
 427
 428                         retval = aarch64_check_state_one(curr, PRSR_HALT, PRSR_HALT, &halted, NULL);
 429                         if (retval != ERROR_OK || !halted) {
 430                                 all_halted = false;
 431                                 break;
 432                         }
 433                 }
 434
 435                 if (all_halted)
 436                         break;
 437
 438                 if (timeval_ms() > then + 1000) {
 439                         retval = ERROR_TARGET_TIMEOUT;
 440                         break;
 441                 }
 442
 443                 /*
 444                  * HACK: on Hi6220 there are 8 cores organized in 2 clusters
 445                  * and it looks like the CTI's are not connected by a common
 446                  * trigger matrix. It seems that we need to halt one core in each
 447                  * cluster explicitly. So if we find that a core has not halted
 448                  * yet, we trigger an explicit halt for the second cluster.
 449                  */
 450                 retval = aarch64_halt_one(curr, HALT_LAZY);
 451                 if (retval != ERROR_OK)
 452                         break;
 453         }
 454
 455         return retval;
 456 }
 457
 458 static int update_halt_gdb(struct target *target, enum target_debug_reason debug_reason)
 459 {
 460         struct target *gdb_target = NULL;
 461         struct target_list *head;
 462         struct target *curr;
 463
 464         if (debug_reason == DBG_REASON_NOTHALTED) {
 465                 LOG_DEBUG("Halting remaining targets in SMP group");
 466                 aarch64_halt_smp(target, true);
 467         }
 468
 469         /* poll all targets in the group, but skip the target that serves GDB */
 470         foreach_smp_target(head, target->head) {
 471                 curr = head->target;
 472                 /* skip calling context */
 473                 if (curr == target)
 474                         continue;
 475                 if (!target_was_examined(curr))
 476                         continue;
 477                 /* skip targets that were already halted */
 478                 if (curr->state == TARGET_HALTED)
 479                         continue;
 480                 /* remember the gdb_service->target */
 481                 if (curr->gdb_service != NULL)
 482                         gdb_target = curr->gdb_service->target;
 483                 /* skip it */
 484                 if (curr == gdb_target)
 485                         continue;
 486
 487                 /* avoid recursion in aarch64_poll() */
 488                 curr->smp = 0;
 489                 aarch64_poll(curr);
 490                 curr->smp = 1;
 491         }
 492
 493         /* after all targets were updated, poll the gdb serving target */
 494         if (gdb_target != NULL && gdb_target != target)
 495                 aarch64_poll(gdb_target);
 496
 497         return ERROR_OK;
 498 }
 499
 500 /*
 501  * Aarch64 Run control
 502  */
 503
 504 static int aarch64_poll(struct target *target)
 505 {
 506         enum target_state prev_target_state;
 507         int retval = ERROR_OK;
 508         int halted;
 509
 510         retval = aarch64_check_state_one(target,
 511                                 PRSR_HALT, PRSR_HALT, &halted, NULL);
 512         if (retval != ERROR_OK)
 513                 return retval;
 514
 515         if (halted) {
 516                 prev_target_state = target->state;
 517                 if (prev_target_state != TARGET_HALTED) {
 518                         enum target_debug_reason debug_reason = target->debug_reason;
 519
 520                         /* We have a halting debug event */
 521                         target->state = TARGET_HALTED;
 522                         LOG_DEBUG("Target %s halted", target_name(target));
 523                         retval = aarch64_debug_entry(target);
 524                         if (retval != ERROR_OK)
 525                                 return retval;
 526
 527                         if (target->smp)
 528                                 update_halt_gdb(target, debug_reason);
 529
 530                         if (arm_semihosting(target, &retval) != 0)
 531                                 return retval;
 532
 533                         switch (prev_target_state) {
 534                         case TARGET_RUNNING:
 535                         case TARGET_UNKNOWN:
 536                         case TARGET_RESET:
 537                                 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
 538                                 break;
 539                         case TARGET_DEBUG_RUNNING:
 540                                 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED);
 541                                 break;
 542                         default:
 543                                 break;
 544                         }
 545                 }
 546         } else
 547                 target->state = TARGET_RUNNING;
 548
 549         return retval;
 550 }
 551
 552 static int aarch64_halt(struct target *target)
 553 {
 554         struct armv8_common *armv8 = target_to_armv8(target);
 555         armv8->last_run_control_op = ARMV8_RUNCONTROL_HALT;
 556
 557         if (target->smp)
 558                 return aarch64_halt_smp(target, false);
 559
 560         return aarch64_halt_one(target, HALT_SYNC);
 561 }
 562
 563 static int aarch64_restore_one(struct target *target, int current,
 564         uint64_t *address, int handle_breakpoints, int debug_execution)
 565 {
 566         struct armv8_common *armv8 = target_to_armv8(target);
 567         struct arm *arm = &armv8->arm;
 568         int retval;
 569         uint64_t resume_pc;
 570
 571         LOG_DEBUG("%s", target_name(target));
 572
 573         if (!debug_execution)
 574                 target_free_all_working_areas(target);
 575
 576         /* current = 1: continue on current pc, otherwise continue at <address> */
 577         resume_pc = buf_get_u64(arm->pc->value, 0, 64);
 578         if (!current)
 579                 resume_pc = *address;
 580         else
 581                 *address = resume_pc;
 582
 583         /* Make sure that the Armv7 gdb thumb fixups does not
 584          * kill the return address
 585          */
 586         switch (arm->core_state) {
 587                 case ARM_STATE_ARM:
 588                         resume_pc &= 0xFFFFFFFC;
 589                         break;
 590                 case ARM_STATE_AARCH64:
 591                         resume_pc &= 0xFFFFFFFFFFFFFFFC;
 592                         break;
 593                 case ARM_STATE_THUMB:
 594                 case ARM_STATE_THUMB_EE:
 595                         /* When the return address is loaded into PC
 596                          * bit 0 must be 1 to stay in Thumb state
 597                          */
 598                         resume_pc |= 0x1;
 599                         break;
 600                 case ARM_STATE_JAZELLE:
 601                         LOG_ERROR("How do I resume into Jazelle state??");
 602                         return ERROR_FAIL;
 603         }
 604         LOG_DEBUG("resume pc = 0x%016" PRIx64, resume_pc);
 605         buf_set_u64(arm->pc->value, 0, 64, resume_pc);
 606         arm->pc->dirty = true;
 607         arm->pc->valid = true;
 608
 609         /* called it now before restoring context because it uses cpu
 610          * register r0 for restoring system control register */
 611         retval = aarch64_restore_system_control_reg(target);
 612         if (retval == ERROR_OK)
 613                 retval = aarch64_restore_context(target, handle_breakpoints);
 614
 615         return retval;
 616 }
 617
 618 /**
 619  * prepare single target for restart
 620  *
 621  *
 622  */
 623 static int aarch64_prepare_restart_one(struct target *target)
 624 {
 625         struct armv8_common *armv8 = target_to_armv8(target);
 626         int retval;
 627         uint32_t dscr;
 628         uint32_t tmp;
 629
 630         LOG_DEBUG("%s", target_name(target));
 631
 632         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 633                         armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
 634         if (retval != ERROR_OK)
 635                 return retval;
 636
 637         if ((dscr & DSCR_ITE) == 0)
 638                 LOG_ERROR("DSCR.ITE must be set before leaving debug!");
 639         if ((dscr & DSCR_ERR) != 0)
 640                 LOG_ERROR("DSCR.ERR must be cleared before leaving debug!");
 641
 642         /* acknowledge a pending CTI halt event */
 643         retval = arm_cti_ack_events(armv8->cti, CTI_TRIG(HALT));
 644         /*
 645          * open the CTI gate for channel 1 so that the restart events
 646          * get passed along to all PEs. Also close gate for channel 0
 647          * to isolate the PE from halt events.
 648          */
 649         if (retval == ERROR_OK)
 650                 retval = arm_cti_ungate_channel(armv8->cti, 1);
 651         if (retval == ERROR_OK)
 652                 retval = arm_cti_gate_channel(armv8->cti, 0);
 653
 654         /* make sure that DSCR.HDE is set */
 655         if (retval == ERROR_OK) {
 656                 dscr |= DSCR_HDE;
 657                 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
 658                                 armv8->debug_base + CPUV8_DBG_DSCR, dscr);
 659         }
 660
 661         if (retval == ERROR_OK) {
 662                 /* clear sticky bits in PRSR, SDR is now 0 */
 663                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 664                                 armv8->debug_base + CPUV8_DBG_PRSR, &tmp);
 665         }
 666
 667         return retval;
 668 }
 669
 670 static int aarch64_do_restart_one(struct target *target, enum restart_mode mode)
 671 {
 672         struct armv8_common *armv8 = target_to_armv8(target);
 673         int retval;
 674
 675         LOG_DEBUG("%s", target_name(target));
 676
 677         /* trigger an event on channel 1, generates a restart request to the PE */
 678         retval = arm_cti_pulse_channel(armv8->cti, 1);
 679         if (retval != ERROR_OK)
 680                 return retval;
 681
 682         if (mode == RESTART_SYNC) {
 683                 int64_t then = timeval_ms();
 684                 for (;;) {
 685                         int resumed;
 686                         /*
 687                          * if PRSR.SDR is set now, the target did restart, even
 688                          * if it's now already halted again (e.g. due to breakpoint)
 689                          */
 690                         retval = aarch64_check_state_one(target,
 691                                                 PRSR_SDR, PRSR_SDR, &resumed, NULL);
 692                         if (retval != ERROR_OK || resumed)
 693                                 break;
 694
 695                         if (timeval_ms() > then + 1000) {
 696                                 LOG_ERROR("%s: Timeout waiting for resume"PRIx32, target_name(target));
 697                                 retval = ERROR_TARGET_TIMEOUT;
 698                                 break;
 699                         }
 700                 }
 701         }
 702
 703         if (retval != ERROR_OK)
 704                 return retval;
 705
 706         target->debug_reason = DBG_REASON_NOTHALTED;
 707         target->state = TARGET_RUNNING;
 708
 709         return ERROR_OK;
 710 }
 711
 712 static int aarch64_restart_one(struct target *target, enum restart_mode mode)
 713 {
 714         int retval;
 715
 716         LOG_DEBUG("%s", target_name(target));
 717
 718         retval = aarch64_prepare_restart_one(target);
 719         if (retval == ERROR_OK)
 720                 retval = aarch64_do_restart_one(target, mode);
 721
 722         return retval;
 723 }
 724
 725 /*
 726  * prepare all but the current target for restart
 727  */
 728 static int aarch64_prep_restart_smp(struct target *target, int handle_breakpoints, struct target **p_first)
 729 {
 730         int retval = ERROR_OK;
 731         struct target_list *head;
 732         struct target *first = NULL;
 733         uint64_t address;
 734
 735         foreach_smp_target(head, target->head) {
 736                 struct target *curr = head->target;
 737
 738                 /* skip calling target */
 739                 if (curr == target)
 740                         continue;
 741                 if (!target_was_examined(curr))
 742                         continue;
 743                 if (curr->state != TARGET_HALTED)
 744                         continue;
 745
 746                 /*  resume at current address, not in step mode */
 747                 retval = aarch64_restore_one(curr, 1, &address, handle_breakpoints, 0);
 748                 if (retval == ERROR_OK)
 749                         retval = aarch64_prepare_restart_one(curr);
 750                 if (retval != ERROR_OK) {
 751                         LOG_ERROR("failed to restore target %s", target_name(curr));
 752                         break;
 753                 }
 754                 /* remember the first valid target in the group */
 755                 if (first == NULL)
 756                         first = curr;
 757         }
 758
 759         if (p_first)
 760                 *p_first = first;
 761
 762         return retval;
 763 }
 764
 765
 766 static int aarch64_step_restart_smp(struct target *target)
 767 {
 768         int retval = ERROR_OK;
 769         struct target_list *head;
 770         struct target *first = NULL;
 771
 772         LOG_DEBUG("%s", target_name(target));
 773
 774         retval = aarch64_prep_restart_smp(target, 0, &first);
 775         if (retval != ERROR_OK)
 776                 return retval;
 777
 778         if (first != NULL)
 779                 retval = aarch64_do_restart_one(first, RESTART_LAZY);
 780         if (retval != ERROR_OK) {
 781                 LOG_DEBUG("error restarting target %s", target_name(first));
 782                 return retval;
 783         }
 784
 785         int64_t then = timeval_ms();
 786         for (;;) {
 787                 struct target *curr = target;
 788                 bool all_resumed = true;
 789
 790                 foreach_smp_target(head, target->head) {
 791                         uint32_t prsr;
 792                         int resumed;
 793
 794                         curr = head->target;
 795
 796                         if (curr == target)
 797                                 continue;
 798
 799                         if (!target_was_examined(curr))
 800                                 continue;
 801
 802                         retval = aarch64_check_state_one(curr,
 803                                         PRSR_SDR, PRSR_SDR, &resumed, &prsr);
 804                         if (retval != ERROR_OK || (!resumed && (prsr & PRSR_HALT))) {
 805                                 all_resumed = false;
 806                                 break;
 807                         }
 808
 809                         if (curr->state != TARGET_RUNNING) {
 810                                 curr->state = TARGET_RUNNING;
 811                                 curr->debug_reason = DBG_REASON_NOTHALTED;
 812                                 target_call_event_callbacks(curr, TARGET_EVENT_RESUMED);
 813                         }
 814                 }
 815
 816                 if (all_resumed)
 817                         break;
 818
 819                 if (timeval_ms() > then + 1000) {
 820                         LOG_ERROR("%s: timeout waiting for target resume", __func__);
 821                         retval = ERROR_TARGET_TIMEOUT;
 822                         break;
 823                 }
 824                 /*
 825                  * HACK: on Hi6220 there are 8 cores organized in 2 clusters
 826                  * and it looks like the CTI's are not connected by a common
 827                  * trigger matrix. It seems that we need to halt one core in each
 828                  * cluster explicitly. So if we find that a core has not halted
 829                  * yet, we trigger an explicit resume for the second cluster.
 830                  */
 831                 retval = aarch64_do_restart_one(curr, RESTART_LAZY);
 832                 if (retval != ERROR_OK)
 833                         break;
 834 }
 835
 836         return retval;
 837 }
 838
 839 static int aarch64_resume(struct target *target, int current,
 840         target_addr_t address, int handle_breakpoints, int debug_execution)
 841 {
 842         int retval = 0;
 843         uint64_t addr = address;
 844
 845         struct armv8_common *armv8 = target_to_armv8(target);
 846         armv8->last_run_control_op = ARMV8_RUNCONTROL_RESUME;
 847
 848         if (target->state != TARGET_HALTED)
 849                 return ERROR_TARGET_NOT_HALTED;
 850
 851         /*
 852          * If this target is part of a SMP group, prepare the others
 853          * targets for resuming. This involves restoring the complete
 854          * target register context and setting up CTI gates to accept
 855          * resume events from the trigger matrix.
 856          */
 857         if (target->smp) {
 858                 retval = aarch64_prep_restart_smp(target, handle_breakpoints, NULL);
 859                 if (retval != ERROR_OK)
 860                         return retval;
 861         }
 862
 863         /* all targets prepared, restore and restart the current target */
 864         retval = aarch64_restore_one(target, current, &addr, handle_breakpoints,
 865                                  debug_execution);
 866         if (retval == ERROR_OK)
 867                 retval = aarch64_restart_one(target, RESTART_SYNC);
 868         if (retval != ERROR_OK)
 869                 return retval;
 870
 871         if (target->smp) {
 872                 int64_t then = timeval_ms();
 873                 for (;;) {
 874                         struct target *curr = target;
 875                         struct target_list *head;
 876                         bool all_resumed = true;
 877
 878                         foreach_smp_target(head, target->head) {
 879                                 uint32_t prsr;
 880                                 int resumed;
 881
 882                                 curr = head->target;
 883                                 if (curr == target)
 884                                         continue;
 885                                 if (!target_was_examined(curr))
 886                                         continue;
 887
 888                                 retval = aarch64_check_state_one(curr,
 889                                                 PRSR_SDR, PRSR_SDR, &resumed, &prsr);
 890                                 if (retval != ERROR_OK || (!resumed && (prsr & PRSR_HALT))) {
 891                                         all_resumed = false;
 892                                         break;
 893                                 }
 894
 895                                 if (curr->state != TARGET_RUNNING) {
 896                                         curr->state = TARGET_RUNNING;
 897                                         curr->debug_reason = DBG_REASON_NOTHALTED;
 898                                         target_call_event_callbacks(curr, TARGET_EVENT_RESUMED);
 899                                 }
 900                         }
 901
 902                         if (all_resumed)
 903                                 break;
 904
 905                         if (timeval_ms() > then + 1000) {
 906                                 LOG_ERROR("%s: timeout waiting for target %s to resume", __func__, target_name(curr));
 907                                 retval = ERROR_TARGET_TIMEOUT;
 908                                 break;
 909                         }
 910
 911                         /*
 912                          * HACK: on Hi6220 there are 8 cores organized in 2 clusters
 913                          * and it looks like the CTI's are not connected by a common
 914                          * trigger matrix. It seems that we need to halt one core in each
 915                          * cluster explicitly. So if we find that a core has not halted
 916                          * yet, we trigger an explicit resume for the second cluster.
 917                          */
 918                         retval = aarch64_do_restart_one(curr, RESTART_LAZY);
 919                         if (retval != ERROR_OK)
 920                                 break;
 921                 }
 922         }
 923
 924         if (retval != ERROR_OK)
 925                 return retval;
 926
 927         target->debug_reason = DBG_REASON_NOTHALTED;
 928
 929         if (!debug_execution) {
 930                 target->state = TARGET_RUNNING;
 931                 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
 932                 LOG_DEBUG("target resumed at 0x%" PRIx64, addr);
 933         } else {
 934                 target->state = TARGET_DEBUG_RUNNING;
 935                 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
 936                 LOG_DEBUG("target debug resumed at 0x%" PRIx64, addr);
 937         }
 938
 939         return ERROR_OK;
 940 }
 941
 942 static int aarch64_debug_entry(struct target *target)
 943 {
 944         int retval = ERROR_OK;
 945         struct armv8_common *armv8 = target_to_armv8(target);
 946         struct arm_dpm *dpm = &armv8->dpm;
 947         enum arm_state core_state;
 948         uint32_t dscr;
 949
 950         /* make sure to clear all sticky errors */
 951         retval = mem_ap_write_atomic_u32(armv8->debug_ap,
 952                         armv8->debug_base + CPUV8_DBG_DRCR, DRCR_CSE);
 953         if (retval == ERROR_OK)
 954                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 955                                 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
 956         if (retval == ERROR_OK)
 957                 retval = arm_cti_ack_events(armv8->cti, CTI_TRIG(HALT));
 958
 959         if (retval != ERROR_OK)
 960                 return retval;
 961
 962         LOG_DEBUG("%s dscr = 0x%08" PRIx32, target_name(target), dscr);
 963
 964         dpm->dscr = dscr;
 965         core_state = armv8_dpm_get_core_state(dpm);
 966         armv8_select_opcodes(armv8, core_state == ARM_STATE_AARCH64);
 967         armv8_select_reg_access(armv8, core_state == ARM_STATE_AARCH64);
 968
 969         /* close the CTI gate for all events */
 970         if (retval == ERROR_OK)
 971                 retval = arm_cti_write_reg(armv8->cti, CTI_GATE, 0);
 972         /* discard async exceptions */
 973         if (retval == ERROR_OK)
 974                 retval = dpm->instr_cpsr_sync(dpm);
 975         if (retval != ERROR_OK)
 976                 return retval;
 977
 978         /* Examine debug reason */
 979         armv8_dpm_report_dscr(dpm, dscr);
 980
 981         /* save address of instruction that triggered the watchpoint? */
 982         if (target->debug_reason == DBG_REASON_WATCHPOINT) {
 983                 uint32_t tmp;
 984                 uint64_t wfar = 0;
 985
 986                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 987                                 armv8->debug_base + CPUV8_DBG_WFAR1,
 988                                 &tmp);
 989                 if (retval != ERROR_OK)
 990                         return retval;
 991                 wfar = tmp;
 992                 wfar = (wfar << 32);
 993                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
 994                                 armv8->debug_base + CPUV8_DBG_WFAR0,
 995                                 &tmp);
 996                 if (retval != ERROR_OK)
 997                         return retval;
 998                 wfar |= tmp;
 999                 armv8_dpm_report_wfar(&armv8->dpm, wfar);
1000         }
1001
1002         retval = armv8_dpm_read_current_registers(&armv8->dpm);
1003
1004         if (retval == ERROR_OK && armv8->post_debug_entry)
1005                 retval = armv8->post_debug_entry(target);
1006
1007         return retval;
1008 }
1009
1010 static int aarch64_post_debug_entry(struct target *target)
1011 {
1012         struct aarch64_common *aarch64 = target_to_aarch64(target);
1013         struct armv8_common *armv8 = &aarch64->armv8_common;
1014         int retval;
1015         enum arm_mode target_mode = ARM_MODE_ANY;
1016         uint32_t instr;
1017
1018         switch (armv8->arm.core_mode) {
1019         case ARMV8_64_EL0T:
1020                 target_mode = ARMV8_64_EL1H;
1021                 /* fall through */
1022         case ARMV8_64_EL1T:
1023         case ARMV8_64_EL1H:
1024                 instr = ARMV8_MRS(SYSTEM_SCTLR_EL1, 0);
1025                 break;
1026         case ARMV8_64_EL2T:
1027         case ARMV8_64_EL2H:
1028                 instr = ARMV8_MRS(SYSTEM_SCTLR_EL2, 0);
1029                 break;
1030         case ARMV8_64_EL3H:
1031         case ARMV8_64_EL3T:
1032                 instr = ARMV8_MRS(SYSTEM_SCTLR_EL3, 0);
1033                 break;
1034
1035         case ARM_MODE_SVC:
1036         case ARM_MODE_ABT:
1037         case ARM_MODE_FIQ:
1038         case ARM_MODE_IRQ:
1039         case ARM_MODE_HYP:
1040         case ARM_MODE_SYS:
1041                 instr = ARMV4_5_MRC(15, 0, 0, 1, 0, 0);
1042                 break;
1043
1044         default:
1045                 LOG_ERROR("cannot read system control register in this mode: (%s : 0x%" PRIx32 ")",
1046                                 armv8_mode_name(armv8->arm.core_mode), armv8->arm.core_mode);
1047                 return ERROR_FAIL;
1048         }
1049
1050         if (target_mode != ARM_MODE_ANY)
1051                 armv8_dpm_modeswitch(&armv8->dpm, target_mode);
1052
1053         retval = armv8->dpm.instr_read_data_r0(&armv8->dpm, instr, &aarch64->system_control_reg);
1054         if (retval != ERROR_OK)
1055                 return retval;
1056
1057         if (target_mode != ARM_MODE_ANY)
1058                 armv8_dpm_modeswitch(&armv8->dpm, ARM_MODE_ANY);
1059
1060         LOG_DEBUG("System_register: %8.8" PRIx32, aarch64->system_control_reg);
1061         aarch64->system_control_reg_curr = aarch64->system_control_reg;
1062
1063         if (armv8->armv8_mmu.armv8_cache.info == -1) {
1064                 armv8_identify_cache(armv8);
1065                 armv8_read_mpidr(armv8);
1066         }
1067
1068         armv8->armv8_mmu.mmu_enabled =
1069                         (aarch64->system_control_reg & 0x1U) ? 1 : 0;
1070         armv8->armv8_mmu.armv8_cache.d_u_cache_enabled =
1071                 (aarch64->system_control_reg & 0x4U) ? 1 : 0;
1072         armv8->armv8_mmu.armv8_cache.i_cache_enabled =
1073                 (aarch64->system_control_reg & 0x1000U) ? 1 : 0;
1074         return ERROR_OK;
1075 }
1076
1077 /*
1078  * single-step a target
1079  */
1080 static int aarch64_step(struct target *target, int current, target_addr_t address,
1081         int handle_breakpoints)
1082 {
1083         struct armv8_common *armv8 = target_to_armv8(target);
1084         struct aarch64_common *aarch64 = target_to_aarch64(target);
1085         int saved_retval = ERROR_OK;
1086         int retval;
1087         uint32_t edecr;
1088
1089         armv8->last_run_control_op = ARMV8_RUNCONTROL_STEP;
1090
1091         if (target->state != TARGET_HALTED) {
1092                 LOG_WARNING("target not halted");
1093                 return ERROR_TARGET_NOT_HALTED;
1094         }
1095
1096         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1097                         armv8->debug_base + CPUV8_DBG_EDECR, &edecr);
1098         /* make sure EDECR.SS is not set when restoring the register */
1099
1100         if (retval == ERROR_OK) {
1101                 edecr &= ~0x4;
1102                 /* set EDECR.SS to enter hardware step mode */
1103                 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1104                                 armv8->debug_base + CPUV8_DBG_EDECR, (edecr|0x4));
1105         }
1106         /* disable interrupts while stepping */
1107         if (retval == ERROR_OK && aarch64->isrmasking_mode == AARCH64_ISRMASK_ON)
1108                 retval = aarch64_set_dscr_bits(target, 0x3 << 22, 0x3 << 22);
1109         /* bail out if stepping setup has failed */
1110         if (retval != ERROR_OK)
1111                 return retval;
1112
1113         if (target->smp && (current == 1)) {
1114                 /*
1115                  * isolate current target so that it doesn't get resumed
1116                  * together with the others
1117                  */
1118                 retval = arm_cti_gate_channel(armv8->cti, 1);
1119                 /* resume all other targets in the group */
1120                 if (retval == ERROR_OK)
1121                         retval = aarch64_step_restart_smp(target);
1122                 if (retval != ERROR_OK) {
1123                         LOG_ERROR("Failed to restart non-stepping targets in SMP group");
1124                         return retval;
1125                 }
1126                 LOG_DEBUG("Restarted all non-stepping targets in SMP group");
1127         }
1128
1129         /* all other targets running, restore and restart the current target */
1130         retval = aarch64_restore_one(target, current, &address, 0, 0);
1131         if (retval == ERROR_OK)
1132                 retval = aarch64_restart_one(target, RESTART_LAZY);
1133
1134         if (retval != ERROR_OK)
1135                 return retval;
1136
1137         LOG_DEBUG("target step-resumed at 0x%" PRIx64, address);
1138         if (!handle_breakpoints)
1139                 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1140
1141         int64_t then = timeval_ms();
1142         for (;;) {
1143                 int stepped;
1144                 uint32_t prsr;
1145
1146                 retval = aarch64_check_state_one(target,
1147                                         PRSR_SDR|PRSR_HALT, PRSR_SDR|PRSR_HALT, &stepped, &prsr);
1148                 if (retval != ERROR_OK || stepped)
1149                         break;
1150
1151                 if (timeval_ms() > then + 100) {
1152                         LOG_ERROR("timeout waiting for target %s halt after step",
1153                                         target_name(target));
1154                         retval = ERROR_TARGET_TIMEOUT;
1155                         break;
1156                 }
1157         }
1158
1159         /*
1160          * At least on one SoC (Renesas R8A7795) stepping over a WFI instruction
1161          * causes a timeout. The core takes the step but doesn't complete it and so
1162          * debug state is never entered. However, you can manually halt the core
1163          * as an external debug even is also a WFI wakeup event.
1164          */
1165         if (retval == ERROR_TARGET_TIMEOUT)
1166                 saved_retval = aarch64_halt_one(target, HALT_SYNC);
1167
1168         /* restore EDECR */
1169         retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1170                         armv8->debug_base + CPUV8_DBG_EDECR, edecr);
1171         if (retval != ERROR_OK)
1172                 return retval;
1173
1174         /* restore interrupts */
1175         if (aarch64->isrmasking_mode == AARCH64_ISRMASK_ON) {
1176                 retval = aarch64_set_dscr_bits(target, 0x3 << 22, 0);
1177                 if (retval != ERROR_OK)
1178                         return ERROR_OK;
1179         }
1180
1181         if (saved_retval != ERROR_OK)
1182                 return saved_retval;
1183
1184         return ERROR_OK;
1185 }
1186
1187 static int aarch64_restore_context(struct target *target, bool bpwp)
1188 {
1189         struct armv8_common *armv8 = target_to_armv8(target);
1190         struct arm *arm = &armv8->arm;
1191
1192         int retval;
1193
1194         LOG_DEBUG("%s", target_name(target));
1195
1196         if (armv8->pre_restore_context)
1197                 armv8->pre_restore_context(target);
1198
1199         retval = armv8_dpm_write_dirty_registers(&armv8->dpm, bpwp);
1200         if (retval == ERROR_OK) {
1201                 /* registers are now invalid */
1202                 register_cache_invalidate(arm->core_cache);
1203                 register_cache_invalidate(arm->core_cache->next);
1204         }
1205
1206         return retval;
1207 }
1208
1209 /*
1210  * Cortex-A8 Breakpoint and watchpoint functions
1211  */
1212
1213 /* Setup hardware Breakpoint Register Pair */
1214 static int aarch64_set_breakpoint(struct target *target,
1215         struct breakpoint *breakpoint, uint8_t matchmode)
1216 {
1217         int retval;
1218         int brp_i = 0;
1219         uint32_t control;
1220         uint8_t byte_addr_select = 0x0F;
1221         struct aarch64_common *aarch64 = target_to_aarch64(target);
1222         struct armv8_common *armv8 = &aarch64->armv8_common;
1223         struct aarch64_brp *brp_list = aarch64->brp_list;
1224
1225         if (breakpoint->set) {
1226                 LOG_WARNING("breakpoint already set");
1227                 return ERROR_OK;
1228         }
1229
1230         if (breakpoint->type == BKPT_HARD) {
1231                 int64_t bpt_value;
1232                 while (brp_list[brp_i].used && (brp_i < aarch64->brp_num))
1233                         brp_i++;
1234                 if (brp_i >= aarch64->brp_num) {
1235                         LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1236                         return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1237                 }
1238                 breakpoint->set = brp_i + 1;
1239                 if (breakpoint->length == 2)
1240                         byte_addr_select = (3 << (breakpoint->address & 0x02));
1241                 control = ((matchmode & 0x7) << 20)
1242                         | (1 << 13)
1243                         | (byte_addr_select << 5)
1244                         | (3 << 1) | 1;
1245                 brp_list[brp_i].used = 1;
1246                 brp_list[brp_i].value = breakpoint->address & 0xFFFFFFFFFFFFFFFC;
1247                 brp_list[brp_i].control = control;
1248                 bpt_value = brp_list[brp_i].value;
1249
1250                 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1251                                 + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1252                                 (uint32_t)(bpt_value & 0xFFFFFFFF));
1253                 if (retval != ERROR_OK)
1254                         return retval;
1255                 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1256                                 + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_i].BRPn,
1257                                 (uint32_t)(bpt_value >> 32));
1258                 if (retval != ERROR_OK)
1259                         return retval;
1260
1261                 retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1262                                 + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1263                                 brp_list[brp_i].control);
1264                 if (retval != ERROR_OK)
1265                         return retval;
1266                 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%" TARGET_PRIxADDR, brp_i,
1267                         brp_list[brp_i].control,
1268                         brp_list[brp_i].value);
1269
1270         } else if (breakpoint->type == BKPT_SOFT) {
1271                 uint32_t opcode;
1272                 uint8_t code[4];
1273
1274                 if (armv8_dpm_get_core_state(&armv8->dpm) == ARM_STATE_AARCH64) {
1275                         opcode = ARMV8_HLT(11);
1276
1277                         if (breakpoint->length != 4)
1278                                 LOG_ERROR("bug: breakpoint length should be 4 in AArch64 mode");
1279                 } else {
1280                         /**
1281                          * core_state is ARM_STATE_ARM
1282                          * in that case the opcode depends on breakpoint length:
1283                          *  - if length == 4 => A32 opcode
1284                          *  - if length == 2 => T32 opcode
1285                          *  - if length == 3 => T32 opcode (refer to gdb doc : ARM-Breakpoint-Kinds)
1286                          *    in that case the length should be changed from 3 to 4 bytes
1287                          **/
1288                         opcode = (breakpoint->length == 4) ? ARMV8_HLT_A1(11) :
1289                                         (uint32_t) (ARMV8_HLT_T1(11) | ARMV8_HLT_T1(11) << 16);
1290
1291                         if (breakpoint->length == 3)
1292                                 breakpoint->length = 4;
1293                 }
1294
1295                 buf_set_u32(code, 0, 32, opcode);
1296
1297                 retval = target_read_memory(target,
1298                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1299                                 breakpoint->length, 1,
1300                                 breakpoint->orig_instr);
1301                 if (retval != ERROR_OK)
1302                         return retval;
1303
1304                 armv8_cache_d_inner_flush_virt(armv8,
1305                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1306                                 breakpoint->length);
1307
1308                 retval = target_write_memory(target,
1309                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1310                                 breakpoint->length, 1, code);
1311                 if (retval != ERROR_OK)
1312                         return retval;
1313
1314                 armv8_cache_d_inner_flush_virt(armv8,
1315                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1316                                 breakpoint->length);
1317
1318                 armv8_cache_i_inner_inval_virt(armv8,
1319                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1320                                 breakpoint->length);
1321
1322                 breakpoint->set = 0x11; /* Any nice value but 0 */
1323         }
1324
1325         /* Ensure that halting debug mode is enable */
1326         retval = aarch64_set_dscr_bits(target, DSCR_HDE, DSCR_HDE);
1327         if (retval != ERROR_OK) {
1328                 LOG_DEBUG("Failed to set DSCR.HDE");
1329                 return retval;
1330         }
1331
1332         return ERROR_OK;
1333 }
1334
1335 static int aarch64_set_context_breakpoint(struct target *target,
1336         struct breakpoint *breakpoint, uint8_t matchmode)
1337 {
1338         int retval = ERROR_FAIL;
1339         int brp_i = 0;
1340         uint32_t control;
1341         uint8_t byte_addr_select = 0x0F;
1342         struct aarch64_common *aarch64 = target_to_aarch64(target);
1343         struct armv8_common *armv8 = &aarch64->armv8_common;
1344         struct aarch64_brp *brp_list = aarch64->brp_list;
1345
1346         if (breakpoint->set) {
1347                 LOG_WARNING("breakpoint already set");
1348                 return retval;
1349         }
1350         /*check available context BRPs*/
1351         while ((brp_list[brp_i].used ||
1352                 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < aarch64->brp_num))
1353                 brp_i++;
1354
1355         if (brp_i >= aarch64->brp_num) {
1356                 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1357                 return ERROR_FAIL;
1358         }
1359
1360         breakpoint->set = brp_i + 1;
1361         control = ((matchmode & 0x7) << 20)
1362                 | (1 << 13)
1363                 | (byte_addr_select << 5)
1364                 | (3 << 1) | 1;
1365         brp_list[brp_i].used = 1;
1366         brp_list[brp_i].value = (breakpoint->asid);
1367         brp_list[brp_i].control = control;
1368         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1369                         + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1370                         brp_list[brp_i].value);
1371         if (retval != ERROR_OK)
1372                 return retval;
1373         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1374                         + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1375                         brp_list[brp_i].control);
1376         if (retval != ERROR_OK)
1377                 return retval;
1378         LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%" TARGET_PRIxADDR, brp_i,
1379                 brp_list[brp_i].control,
1380                 brp_list[brp_i].value);
1381         return ERROR_OK;
1382
1383 }
1384
1385 static int aarch64_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1386 {
1387         int retval = ERROR_FAIL;
1388         int brp_1 = 0;  /* holds the contextID pair */
1389         int brp_2 = 0;  /* holds the IVA pair */
1390         uint32_t control_CTX, control_IVA;
1391         uint8_t CTX_byte_addr_select = 0x0F;
1392         uint8_t IVA_byte_addr_select = 0x0F;
1393         uint8_t CTX_machmode = 0x03;
1394         uint8_t IVA_machmode = 0x01;
1395         struct aarch64_common *aarch64 = target_to_aarch64(target);
1396         struct armv8_common *armv8 = &aarch64->armv8_common;
1397         struct aarch64_brp *brp_list = aarch64->brp_list;
1398
1399         if (breakpoint->set) {
1400                 LOG_WARNING("breakpoint already set");
1401                 return retval;
1402         }
1403         /*check available context BRPs*/
1404         while ((brp_list[brp_1].used ||
1405                 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < aarch64->brp_num))
1406                 brp_1++;
1407
1408         printf("brp(CTX) found num: %d\n", brp_1);
1409         if (brp_1 >= aarch64->brp_num) {
1410                 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1411                 return ERROR_FAIL;
1412         }
1413
1414         while ((brp_list[brp_2].used ||
1415                 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < aarch64->brp_num))
1416                 brp_2++;
1417
1418         printf("brp(IVA) found num: %d\n", brp_2);
1419         if (brp_2 >= aarch64->brp_num) {
1420                 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1421                 return ERROR_FAIL;
1422         }
1423
1424         breakpoint->set = brp_1 + 1;
1425         breakpoint->linked_BRP = brp_2;
1426         control_CTX = ((CTX_machmode & 0x7) << 20)
1427                 | (brp_2 << 16)
1428                 | (0 << 14)
1429                 | (CTX_byte_addr_select << 5)
1430                 | (3 << 1) | 1;
1431         brp_list[brp_1].used = 1;
1432         brp_list[brp_1].value = (breakpoint->asid);
1433         brp_list[brp_1].control = control_CTX;
1434         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1435                         + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_1].BRPn,
1436                         brp_list[brp_1].value);
1437         if (retval != ERROR_OK)
1438                 return retval;
1439         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1440                         + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_1].BRPn,
1441                         brp_list[brp_1].control);
1442         if (retval != ERROR_OK)
1443                 return retval;
1444
1445         control_IVA = ((IVA_machmode & 0x7) << 20)
1446                 | (brp_1 << 16)
1447                 | (1 << 13)
1448                 | (IVA_byte_addr_select << 5)
1449                 | (3 << 1) | 1;
1450         brp_list[brp_2].used = 1;
1451         brp_list[brp_2].value = breakpoint->address & 0xFFFFFFFFFFFFFFFC;
1452         brp_list[brp_2].control = control_IVA;
1453         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1454                         + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_2].BRPn,
1455                         brp_list[brp_2].value & 0xFFFFFFFF);
1456         if (retval != ERROR_OK)
1457                 return retval;
1458         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1459                         + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_2].BRPn,
1460                         brp_list[brp_2].value >> 32);
1461         if (retval != ERROR_OK)
1462                 return retval;
1463         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1464                         + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_2].BRPn,
1465                         brp_list[brp_2].control);
1466         if (retval != ERROR_OK)
1467                 return retval;
1468
1469         return ERROR_OK;
1470 }
1471
1472 static int aarch64_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1473 {
1474         int retval;
1475         struct aarch64_common *aarch64 = target_to_aarch64(target);
1476         struct armv8_common *armv8 = &aarch64->armv8_common;
1477         struct aarch64_brp *brp_list = aarch64->brp_list;
1478
1479         if (!breakpoint->set) {
1480                 LOG_WARNING("breakpoint not set");
1481                 return ERROR_OK;
1482         }
1483
1484         if (breakpoint->type == BKPT_HARD) {
1485                 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1486                         int brp_i = breakpoint->set - 1;
1487                         int brp_j = breakpoint->linked_BRP;
1488                         if ((brp_i < 0) || (brp_i >= aarch64->brp_num)) {
1489                                 LOG_DEBUG("Invalid BRP number in breakpoint");
1490                                 return ERROR_OK;
1491                         }
1492                         LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%" TARGET_PRIxADDR, brp_i,
1493                                 brp_list[brp_i].control, brp_list[brp_i].value);
1494                         brp_list[brp_i].used = 0;
1495                         brp_list[brp_i].value = 0;
1496                         brp_list[brp_i].control = 0;
1497                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1498                                         + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1499                                         brp_list[brp_i].control);
1500                         if (retval != ERROR_OK)
1501                                 return retval;
1502                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1503                                         + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1504                                         (uint32_t)brp_list[brp_i].value);
1505                         if (retval != ERROR_OK)
1506                                 return retval;
1507                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1508                                         + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_i].BRPn,
1509                                         (uint32_t)brp_list[brp_i].value);
1510                         if (retval != ERROR_OK)
1511                                 return retval;
1512                         if ((brp_j < 0) || (brp_j >= aarch64->brp_num)) {
1513                                 LOG_DEBUG("Invalid BRP number in breakpoint");
1514                                 return ERROR_OK;
1515                         }
1516                         LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx64, brp_j,
1517                                 brp_list[brp_j].control, brp_list[brp_j].value);
1518                         brp_list[brp_j].used = 0;
1519                         brp_list[brp_j].value = 0;
1520                         brp_list[brp_j].control = 0;
1521                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1522                                         + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_j].BRPn,
1523                                         brp_list[brp_j].control);
1524                         if (retval != ERROR_OK)
1525                                 return retval;
1526                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1527                                         + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_j].BRPn,
1528                                         (uint32_t)brp_list[brp_j].value);
1529                         if (retval != ERROR_OK)
1530                                 return retval;
1531                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1532                                         + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_j].BRPn,
1533                                         (uint32_t)brp_list[brp_j].value);
1534                         if (retval != ERROR_OK)
1535                                 return retval;
1536
1537                         breakpoint->linked_BRP = 0;
1538                         breakpoint->set = 0;
1539                         return ERROR_OK;
1540
1541                 } else {
1542                         int brp_i = breakpoint->set - 1;
1543                         if ((brp_i < 0) || (brp_i >= aarch64->brp_num)) {
1544                                 LOG_DEBUG("Invalid BRP number in breakpoint");
1545                                 return ERROR_OK;
1546                         }
1547                         LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx64, brp_i,
1548                                 brp_list[brp_i].control, brp_list[brp_i].value);
1549                         brp_list[brp_i].used = 0;
1550                         brp_list[brp_i].value = 0;
1551                         brp_list[brp_i].control = 0;
1552                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1553                                         + CPUV8_DBG_BCR_BASE + 16 * brp_list[brp_i].BRPn,
1554                                         brp_list[brp_i].control);
1555                         if (retval != ERROR_OK)
1556                                 return retval;
1557                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1558                                         + CPUV8_DBG_BVR_BASE + 16 * brp_list[brp_i].BRPn,
1559                                         brp_list[brp_i].value);
1560                         if (retval != ERROR_OK)
1561                                 return retval;
1562
1563                         retval = aarch64_dap_write_memap_register_u32(target, armv8->debug_base
1564                                         + CPUV8_DBG_BVR_BASE + 4 + 16 * brp_list[brp_i].BRPn,
1565                                         (uint32_t)brp_list[brp_i].value);
1566                         if (retval != ERROR_OK)
1567                                 return retval;
1568                         breakpoint->set = 0;
1569                         return ERROR_OK;
1570                 }
1571         } else {
1572                 /* restore original instruction (kept in target endianness) */
1573
1574                 armv8_cache_d_inner_flush_virt(armv8,
1575                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1576                                 breakpoint->length);
1577
1578                 if (breakpoint->length == 4) {
1579                         retval = target_write_memory(target,
1580                                         breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1581                                         4, 1, breakpoint->orig_instr);
1582                         if (retval != ERROR_OK)
1583                                 return retval;
1584                 } else {
1585                         retval = target_write_memory(target,
1586                                         breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1587                                         2, 1, breakpoint->orig_instr);
1588                         if (retval != ERROR_OK)
1589                                 return retval;
1590                 }
1591
1592                 armv8_cache_d_inner_flush_virt(armv8,
1593                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1594                                 breakpoint->length);
1595
1596                 armv8_cache_i_inner_inval_virt(armv8,
1597                                 breakpoint->address & 0xFFFFFFFFFFFFFFFE,
1598                                 breakpoint->length);
1599         }
1600         breakpoint->set = 0;
1601
1602         return ERROR_OK;
1603 }
1604
1605 static int aarch64_add_breakpoint(struct target *target,
1606         struct breakpoint *breakpoint)
1607 {
1608         struct aarch64_common *aarch64 = target_to_aarch64(target);
1609
1610         if ((breakpoint->type == BKPT_HARD) && (aarch64->brp_num_available < 1)) {
1611                 LOG_INFO("no hardware breakpoint available");
1612                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1613         }
1614
1615         if (breakpoint->type == BKPT_HARD)
1616                 aarch64->brp_num_available--;
1617
1618         return aarch64_set_breakpoint(target, breakpoint, 0x00);        /* Exact match */
1619 }
1620
1621 static int aarch64_add_context_breakpoint(struct target *target,
1622         struct breakpoint *breakpoint)
1623 {
1624         struct aarch64_common *aarch64 = target_to_aarch64(target);
1625
1626         if ((breakpoint->type == BKPT_HARD) && (aarch64->brp_num_available < 1)) {
1627                 LOG_INFO("no hardware breakpoint available");
1628                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1629         }
1630
1631         if (breakpoint->type == BKPT_HARD)
1632                 aarch64->brp_num_available--;
1633
1634         return aarch64_set_context_breakpoint(target, breakpoint, 0x02);        /* asid match */
1635 }
1636
1637 static int aarch64_add_hybrid_breakpoint(struct target *target,
1638         struct breakpoint *breakpoint)
1639 {
1640         struct aarch64_common *aarch64 = target_to_aarch64(target);
1641
1642         if ((breakpoint->type == BKPT_HARD) && (aarch64->brp_num_available < 1)) {
1643                 LOG_INFO("no hardware breakpoint available");
1644                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1645         }
1646
1647         if (breakpoint->type == BKPT_HARD)
1648                 aarch64->brp_num_available--;
1649
1650         return aarch64_set_hybrid_breakpoint(target, breakpoint);       /* ??? */
1651 }
1652
1653
1654 static int aarch64_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1655 {
1656         struct aarch64_common *aarch64 = target_to_aarch64(target);
1657
1658 #if 0
1659 /* It is perfectly possible to remove breakpoints while the target is running */
1660         if (target->state != TARGET_HALTED) {
1661                 LOG_WARNING("target not halted");
1662                 return ERROR_TARGET_NOT_HALTED;
1663         }
1664 #endif
1665
1666         if (breakpoint->set) {
1667                 aarch64_unset_breakpoint(target, breakpoint);
1668                 if (breakpoint->type == BKPT_HARD)
1669                         aarch64->brp_num_available++;
1670         }
1671
1672         return ERROR_OK;
1673 }
1674
1675 /*
1676  * Cortex-A8 Reset functions
1677  */
1678
1679 static int aarch64_assert_reset(struct target *target)
1680 {
1681         struct armv8_common *armv8 = target_to_armv8(target);
1682
1683         LOG_DEBUG(" ");
1684
1685         /* FIXME when halt is requested, make it work somehow... */
1686
1687         /* Issue some kind of warm reset. */
1688         if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1689                 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1690         else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1691                 /* REVISIT handle "pulls" cases, if there's
1692                  * hardware that needs them to work.
1693                  */
1694                 adapter_assert_reset();
1695         } else {
1696                 LOG_ERROR("%s: how to reset?", target_name(target));
1697                 return ERROR_FAIL;
1698         }
1699
1700         /* registers are now invalid */
1701         if (target_was_examined(target)) {
1702                 register_cache_invalidate(armv8->arm.core_cache);
1703                 register_cache_invalidate(armv8->arm.core_cache->next);
1704         }
1705
1706         target->state = TARGET_RESET;
1707
1708         return ERROR_OK;
1709 }
1710
1711 static int aarch64_deassert_reset(struct target *target)
1712 {
1713         int retval;
1714
1715         LOG_DEBUG(" ");
1716
1717         /* be certain SRST is off */
1718         adapter_deassert_reset();
1719
1720         if (!target_was_examined(target))
1721                 return ERROR_OK;
1722
1723         retval = aarch64_poll(target);
1724         if (retval != ERROR_OK)
1725                 return retval;
1726
1727         retval = aarch64_init_debug_access(target);
1728         if (retval != ERROR_OK)
1729                 return retval;
1730
1731         if (target->reset_halt) {
1732                 if (target->state != TARGET_HALTED) {
1733                         LOG_WARNING("%s: ran after reset and before halt ...",
1734                                 target_name(target));
1735                         retval = target_halt(target);
1736                 }
1737         }
1738
1739         return retval;
1740 }
1741
1742 static int aarch64_write_cpu_memory_slow(struct target *target,
1743         uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
1744 {
1745         struct armv8_common *armv8 = target_to_armv8(target);
1746         struct arm_dpm *dpm = &armv8->dpm;
1747         struct arm *arm = &armv8->arm;
1748         int retval;
1749
1750         armv8_reg_current(arm, 1)->dirty = true;
1751
1752         /* change DCC to normal mode if necessary */
1753         if (*dscr & DSCR_MA) {
1754                 *dscr &= ~DSCR_MA;
1755                 retval =  mem_ap_write_atomic_u32(armv8->debug_ap,
1756                                 armv8->debug_base + CPUV8_DBG_DSCR, *dscr);
1757                 if (retval != ERROR_OK)
1758                         return retval;
1759         }
1760
1761         while (count) {
1762                 uint32_t data, opcode;
1763
1764                 /* write the data to store into DTRRX */
1765                 if (size == 1)
1766                         data = *buffer;
1767                 else if (size == 2)
1768                         data = target_buffer_get_u16(target, buffer);
1769                 else
1770                         data = target_buffer_get_u32(target, buffer);
1771                 retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1772                                 armv8->debug_base + CPUV8_DBG_DTRRX, data);
1773                 if (retval != ERROR_OK)
1774                         return retval;
1775
1776                 if (arm->core_state == ARM_STATE_AARCH64)
1777                         retval = dpm->instr_execute(dpm, ARMV8_MRS(SYSTEM_DBG_DTRRX_EL0, 1));
1778                 else
1779                         retval = dpm->instr_execute(dpm, ARMV4_5_MRC(14, 0, 1, 0, 5, 0));
1780                 if (retval != ERROR_OK)
1781                         return retval;
1782
1783                 if (size == 1)
1784                         opcode = armv8_opcode(armv8, ARMV8_OPC_STRB_IP);
1785                 else if (size == 2)
1786                         opcode = armv8_opcode(armv8, ARMV8_OPC_STRH_IP);
1787                 else
1788                         opcode = armv8_opcode(armv8, ARMV8_OPC_STRW_IP);
1789                 retval = dpm->instr_execute(dpm, opcode);
1790                 if (retval != ERROR_OK)
1791                         return retval;
1792
1793                 /* Advance */
1794                 buffer += size;
1795                 --count;
1796         }
1797
1798         return ERROR_OK;
1799 }
1800
1801 static int aarch64_write_cpu_memory_fast(struct target *target,
1802         uint32_t count, const uint8_t *buffer, uint32_t *dscr)
1803 {
1804         struct armv8_common *armv8 = target_to_armv8(target);
1805         struct arm *arm = &armv8->arm;
1806         int retval;
1807
1808         armv8_reg_current(arm, 1)->dirty = true;
1809
1810         /* Step 1.d   - Change DCC to memory mode */
1811         *dscr |= DSCR_MA;
1812         retval =  mem_ap_write_atomic_u32(armv8->debug_ap,
1813                         armv8->debug_base + CPUV8_DBG_DSCR, *dscr);
1814         if (retval != ERROR_OK)
1815                 return retval;
1816
1817
1818         /* Step 2.a   - Do the write */
1819         retval = mem_ap_write_buf_noincr(armv8->debug_ap,
1820                                         buffer, 4, count, armv8->debug_base + CPUV8_DBG_DTRRX);
1821         if (retval != ERROR_OK)
1822                 return retval;
1823
1824         /* Step 3.a   - Switch DTR mode back to Normal mode */
1825         *dscr &= ~DSCR_MA;
1826         retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1827                                 armv8->debug_base + CPUV8_DBG_DSCR, *dscr);
1828         if (retval != ERROR_OK)
1829                 return retval;
1830
1831         return ERROR_OK;
1832 }
1833
1834 static int aarch64_write_cpu_memory(struct target *target,
1835         uint64_t address, uint32_t size,
1836         uint32_t count, const uint8_t *buffer)
1837 {
1838         /* write memory through APB-AP */
1839         int retval = ERROR_COMMAND_SYNTAX_ERROR;
1840         struct armv8_common *armv8 = target_to_armv8(target);
1841         struct arm_dpm *dpm = &armv8->dpm;
1842         struct arm *arm = &armv8->arm;
1843         uint32_t dscr;
1844
1845         if (target->state != TARGET_HALTED) {
1846                 LOG_WARNING("target not halted");
1847                 return ERROR_TARGET_NOT_HALTED;
1848         }
1849
1850         /* Mark register X0 as dirty, as it will be used
1851          * for transferring the data.
1852          * It will be restored automatically when exiting
1853          * debug mode
1854          */
1855         armv8_reg_current(arm, 0)->dirty = true;
1856
1857         /* This algorithm comes from DDI0487A.g, chapter J9.1 */
1858
1859         /* Read DSCR */
1860         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1861                         armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1862         if (retval != ERROR_OK)
1863                 return retval;
1864
1865         /* Set Normal access mode  */
1866         dscr = (dscr & ~DSCR_MA);
1867         retval = mem_ap_write_atomic_u32(armv8->debug_ap,
1868                         armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1869         if (retval != ERROR_OK)
1870                 return retval;
1871
1872         if (arm->core_state == ARM_STATE_AARCH64) {
1873                 /* Write X0 with value 'address' using write procedure */
1874                 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
1875                 /* Step 1.c   - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
1876                 retval = dpm->instr_write_data_dcc_64(dpm,
1877                                 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0, 0), address);
1878         } else {
1879                 /* Write R0 with value 'address' using write procedure */
1880                 /* Step 1.a+b - Write the address for read access into DBGDTRRX */
1881                 /* Step 1.c   - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
1882                 retval = dpm->instr_write_data_dcc(dpm,
1883                                 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address);
1884         }
1885
1886         if (retval != ERROR_OK)
1887                 return retval;
1888
1889         if (size == 4 && (address % 4) == 0)
1890                 retval = aarch64_write_cpu_memory_fast(target, count, buffer, &dscr);
1891         else
1892                 retval = aarch64_write_cpu_memory_slow(target, size, count, buffer, &dscr);
1893
1894         if (retval != ERROR_OK) {
1895                 /* Unset DTR mode */
1896                 mem_ap_read_atomic_u32(armv8->debug_ap,
1897                                         armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1898                 dscr &= ~DSCR_MA;
1899                 mem_ap_write_atomic_u32(armv8->debug_ap,
1900                                         armv8->debug_base + CPUV8_DBG_DSCR, dscr);
1901         }
1902
1903         /* Check for sticky abort flags in the DSCR */
1904         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1905                                 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
1906         if (retval != ERROR_OK)
1907                 return retval;
1908
1909         dpm->dscr = dscr;
1910         if (dscr & (DSCR_ERR | DSCR_SYS_ERROR_PEND)) {
1911                 /* Abort occurred - clear it and exit */
1912                 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32, dscr);
1913                 armv8_dpm_handle_exception(dpm, true);
1914                 return ERROR_FAIL;
1915         }
1916
1917         /* Done */
1918         return ERROR_OK;
1919 }
1920
1921 static int aarch64_read_cpu_memory_slow(struct target *target,
1922         uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
1923 {
1924         struct armv8_common *armv8 = target_to_armv8(target);
1925         struct arm_dpm *dpm = &armv8->dpm;
1926         struct arm *arm = &armv8->arm;
1927         int retval;
1928
1929         armv8_reg_current(arm, 1)->dirty = true;
1930
1931         /* change DCC to normal mode (if necessary) */
1932         if (*dscr & DSCR_MA) {
1933                 *dscr &= DSCR_MA;
1934                 retval =  mem_ap_write_atomic_u32(armv8->debug_ap,
1935                                 armv8->debug_base + CPUV8_DBG_DSCR, *dscr);
1936                 if (retval != ERROR_OK)
1937                         return retval;
1938         }
1939
1940         while (count) {
1941                 uint32_t opcode, data;
1942
1943                 if (size == 1)
1944                         opcode = armv8_opcode(armv8, ARMV8_OPC_LDRB_IP);
1945                 else if (size == 2)
1946                         opcode = armv8_opcode(armv8, ARMV8_OPC_LDRH_IP);
1947                 else
1948                         opcode = armv8_opcode(armv8, ARMV8_OPC_LDRW_IP);
1949                 retval = dpm->instr_execute(dpm, opcode);
1950                 if (retval != ERROR_OK)
1951                         return retval;
1952
1953                 if (arm->core_state == ARM_STATE_AARCH64)
1954                         retval = dpm->instr_execute(dpm, ARMV8_MSR_GP(SYSTEM_DBG_DTRTX_EL0, 1));
1955                 else
1956                         retval = dpm->instr_execute(dpm, ARMV4_5_MCR(14, 0, 1, 0, 5, 0));
1957                 if (retval != ERROR_OK)
1958                         return retval;
1959
1960                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
1961                                 armv8->debug_base + CPUV8_DBG_DTRTX, &data);
1962                 if (retval != ERROR_OK)
1963                         return retval;
1964
1965                 if (size == 1)
1966                         *buffer = (uint8_t)data;
1967                 else if (size == 2)
1968                         target_buffer_set_u16(target, buffer, (uint16_t)data);
1969                 else
1970                         target_buffer_set_u32(target, buffer, data);
1971
1972                 /* Advance */
1973                 buffer += size;
1974                 --count;
1975         }
1976
1977         return ERROR_OK;
1978 }
1979
1980 static int aarch64_read_cpu_memory_fast(struct target *target,
1981         uint32_t count, uint8_t *buffer, uint32_t *dscr)
1982 {
1983         struct armv8_common *armv8 = target_to_armv8(target);
1984         struct arm_dpm *dpm = &armv8->dpm;
1985         struct arm *arm = &armv8->arm;
1986         int retval;
1987         uint32_t value;
1988
1989         /* Mark X1 as dirty */
1990         armv8_reg_current(arm, 1)->dirty = true;
1991
1992         if (arm->core_state == ARM_STATE_AARCH64) {
1993                 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1994                 retval = dpm->instr_execute(dpm, ARMV8_MSR_GP(SYSTEM_DBG_DBGDTR_EL0, 0));
1995         } else {
1996                 /* Step 1.d - Dummy operation to ensure EDSCR.Txfull == 1 */
1997                 retval = dpm->instr_execute(dpm, ARMV4_5_MCR(14, 0, 0, 0, 5, 0));
1998         }
1999
2000         if (retval != ERROR_OK)
2001                 return retval;
2002
2003         /* Step 1.e - Change DCC to memory mode */
2004         *dscr |= DSCR_MA;
2005         retval =  mem_ap_write_atomic_u32(armv8->debug_ap,
2006                         armv8->debug_base + CPUV8_DBG_DSCR, *dscr);
2007         if (retval != ERROR_OK)
2008                 return retval;
2009
2010         /* Step 1.f - read DBGDTRTX and discard the value */
2011         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2012                         armv8->debug_base + CPUV8_DBG_DTRTX, &value);
2013         if (retval != ERROR_OK)
2014                 return retval;
2015
2016         count--;
2017         /* Read the data - Each read of the DTRTX register causes the instruction to be reissued
2018          * Abort flags are sticky, so can be read at end of transactions
2019          *
2020          * This data is read in aligned to 32 bit boundary.
2021          */
2022
2023         if (count) {
2024                 /* Step 2.a - Loop n-1 times, each read of DBGDTRTX reads the data from [X0] and
2025                  * increments X0 by 4. */
2026                 retval = mem_ap_read_buf_noincr(armv8->debug_ap, buffer, 4, count,
2027                                                                         armv8->debug_base + CPUV8_DBG_DTRTX);
2028                 if (retval != ERROR_OK)
2029                         return retval;
2030         }
2031
2032         /* Step 3.a - set DTR access mode back to Normal mode   */
2033         *dscr &= ~DSCR_MA;
2034         retval =  mem_ap_write_atomic_u32(armv8->debug_ap,
2035                                         armv8->debug_base + CPUV8_DBG_DSCR, *dscr);
2036         if (retval != ERROR_OK)
2037                 return retval;
2038
2039         /* Step 3.b - read DBGDTRTX for the final value */
2040         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2041                         armv8->debug_base + CPUV8_DBG_DTRTX, &value);
2042         if (retval != ERROR_OK)
2043                 return retval;
2044
2045         target_buffer_set_u32(target, buffer + count * 4, value);
2046         return retval;
2047 }
2048
2049 static int aarch64_read_cpu_memory(struct target *target,
2050         target_addr_t address, uint32_t size,
2051         uint32_t count, uint8_t *buffer)
2052 {
2053         /* read memory through APB-AP */
2054         int retval = ERROR_COMMAND_SYNTAX_ERROR;
2055         struct armv8_common *armv8 = target_to_armv8(target);
2056         struct arm_dpm *dpm = &armv8->dpm;
2057         struct arm *arm = &armv8->arm;
2058         uint32_t dscr;
2059
2060         LOG_DEBUG("Reading CPU memory address 0x%016" PRIx64 " size %" PRIu32 " count %" PRIu32,
2061                         address, size, count);
2062
2063         if (target->state != TARGET_HALTED) {
2064                 LOG_WARNING("target not halted");
2065                 return ERROR_TARGET_NOT_HALTED;
2066         }
2067
2068         /* Mark register X0 as dirty, as it will be used
2069          * for transferring the data.
2070          * It will be restored automatically when exiting
2071          * debug mode
2072          */
2073         armv8_reg_current(arm, 0)->dirty = true;
2074
2075         /* Read DSCR */
2076         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2077                                 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
2078         if (retval != ERROR_OK)
2079                 return retval;
2080
2081         /* This algorithm comes from DDI0487A.g, chapter J9.1 */
2082
2083         /* Set Normal access mode  */
2084         dscr &= ~DSCR_MA;
2085         retval =  mem_ap_write_atomic_u32(armv8->debug_ap,
2086                         armv8->debug_base + CPUV8_DBG_DSCR, dscr);
2087         if (retval != ERROR_OK)
2088                 return retval;
2089
2090         if (arm->core_state == ARM_STATE_AARCH64) {
2091                 /* Write X0 with value 'address' using write procedure */
2092                 /* Step 1.a+b - Write the address for read access into DBGDTR_EL0 */
2093                 /* Step 1.c   - Copy value from DTR to R0 using instruction mrs DBGDTR_EL0, x0 */
2094                 retval = dpm->instr_write_data_dcc_64(dpm,
2095                                 ARMV8_MRS(SYSTEM_DBG_DBGDTR_EL0, 0), address);
2096         } else {
2097                 /* Write R0 with value 'address' using write procedure */
2098                 /* Step 1.a+b - Write the address for read access into DBGDTRRXint */
2099                 /* Step 1.c   - Copy value from DTR to R0 using instruction mrc DBGDTRTXint, r0 */
2100                 retval = dpm->instr_write_data_dcc(dpm,
2101                                 ARMV4_5_MRC(14, 0, 0, 0, 5, 0), address);
2102         }
2103
2104         if (retval != ERROR_OK)
2105                 return retval;
2106
2107         if (size == 4 && (address % 4) == 0)
2108                 retval = aarch64_read_cpu_memory_fast(target, count, buffer, &dscr);
2109         else
2110                 retval = aarch64_read_cpu_memory_slow(target, size, count, buffer, &dscr);
2111
2112         if (dscr & DSCR_MA) {
2113                 dscr &= ~DSCR_MA;
2114                 mem_ap_write_atomic_u32(armv8->debug_ap,
2115                                         armv8->debug_base + CPUV8_DBG_DSCR, dscr);
2116         }
2117
2118         if (retval != ERROR_OK)
2119                 return retval;
2120
2121         /* Check for sticky abort flags in the DSCR */
2122         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2123                                 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
2124         if (retval != ERROR_OK)
2125                 return retval;
2126
2127         dpm->dscr = dscr;
2128
2129         if (dscr & (DSCR_ERR | DSCR_SYS_ERROR_PEND)) {
2130                 /* Abort occurred - clear it and exit */
2131                 LOG_ERROR("abort occurred - dscr = 0x%08" PRIx32, dscr);
2132                 armv8_dpm_handle_exception(dpm, true);
2133                 return ERROR_FAIL;
2134         }
2135
2136         /* Done */
2137         return ERROR_OK;
2138 }
2139
2140 static int aarch64_read_phys_memory(struct target *target,
2141         target_addr_t address, uint32_t size,
2142         uint32_t count, uint8_t *buffer)
2143 {
2144         int retval = ERROR_COMMAND_SYNTAX_ERROR;
2145
2146         if (count && buffer) {
2147                 /* read memory through APB-AP */
2148                 retval = aarch64_mmu_modify(target, 0);
2149                 if (retval != ERROR_OK)
2150                         return retval;
2151                 retval = aarch64_read_cpu_memory(target, address, size, count, buffer);
2152         }
2153         return retval;
2154 }
2155
2156 static int aarch64_read_memory(struct target *target, target_addr_t address,
2157         uint32_t size, uint32_t count, uint8_t *buffer)
2158 {
2159         int mmu_enabled = 0;
2160         int retval;
2161
2162         /* determine if MMU was enabled on target stop */
2163         retval = aarch64_mmu(target, &mmu_enabled);
2164         if (retval != ERROR_OK)
2165                 return retval;
2166
2167         if (mmu_enabled) {
2168                 /* enable MMU as we could have disabled it for phys access */
2169                 retval = aarch64_mmu_modify(target, 1);
2170                 if (retval != ERROR_OK)
2171                         return retval;
2172         }
2173         return aarch64_read_cpu_memory(target, address, size, count, buffer);
2174 }
2175
2176 static int aarch64_write_phys_memory(struct target *target,
2177         target_addr_t address, uint32_t size,
2178         uint32_t count, const uint8_t *buffer)
2179 {
2180         int retval = ERROR_COMMAND_SYNTAX_ERROR;
2181
2182         if (count && buffer) {
2183                 /* write memory through APB-AP */
2184                 retval = aarch64_mmu_modify(target, 0);
2185                 if (retval != ERROR_OK)
2186                         return retval;
2187                 return aarch64_write_cpu_memory(target, address, size, count, buffer);
2188         }
2189
2190         return retval;
2191 }
2192
2193 static int aarch64_write_memory(struct target *target, target_addr_t address,
2194         uint32_t size, uint32_t count, const uint8_t *buffer)
2195 {
2196         int mmu_enabled = 0;
2197         int retval;
2198
2199         /* determine if MMU was enabled on target stop */
2200         retval = aarch64_mmu(target, &mmu_enabled);
2201         if (retval != ERROR_OK)
2202                 return retval;
2203
2204         if (mmu_enabled) {
2205                 /* enable MMU as we could have disabled it for phys access */
2206                 retval = aarch64_mmu_modify(target, 1);
2207                 if (retval != ERROR_OK)
2208                         return retval;
2209         }
2210         return aarch64_write_cpu_memory(target, address, size, count, buffer);
2211 }
2212
2213 static int aarch64_handle_target_request(void *priv)
2214 {
2215         struct target *target = priv;
2216         struct armv8_common *armv8 = target_to_armv8(target);
2217         int retval;
2218
2219         if (!target_was_examined(target))
2220                 return ERROR_OK;
2221         if (!target->dbg_msg_enabled)
2222                 return ERROR_OK;
2223
2224         if (target->state == TARGET_RUNNING) {
2225                 uint32_t request;
2226                 uint32_t dscr;
2227                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2228                                 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
2229
2230                 /* check if we have data */
2231                 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2232                         retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2233                                         armv8->debug_base + CPUV8_DBG_DTRTX, &request);
2234                         if (retval == ERROR_OK) {
2235                                 target_request(target, request);
2236                                 retval = mem_ap_read_atomic_u32(armv8->debug_ap,
2237                                                 armv8->debug_base + CPUV8_DBG_DSCR, &dscr);
2238                         }
2239                 }
2240         }
2241
2242         return ERROR_OK;
2243 }
2244
2245 static int aarch64_examine_first(struct target *target)
2246 {
2247         struct aarch64_common *aarch64 = target_to_aarch64(target);
2248         struct armv8_common *armv8 = &aarch64->armv8_common;
2249         struct adiv5_dap *swjdp = armv8->arm.dap;
2250         struct aarch64_private_config *pc;
2251         int i;
2252         int retval = ERROR_OK;
2253         uint64_t debug, ttypr;
2254         uint32_t cpuid;
2255         uint32_t tmp0, tmp1, tmp2, tmp3;
2256         debug = ttypr = cpuid = 0;
2257
2258         /* Search for the APB-AB - it is needed for access to debug registers */
2259         retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv8->debug_ap);
2260         if (retval != ERROR_OK) {
2261                 LOG_ERROR("Could not find APB-AP for debug access");
2262                 return retval;
2263         }
2264
2265         retval = mem_ap_init(armv8->debug_ap);
2266         if (retval != ERROR_OK) {
2267                 LOG_ERROR("Could not initialize the APB-AP");
2268                 return retval;
2269         }
2270
2271         armv8->debug_ap->memaccess_tck = 10;
2272
2273         if (!target->dbgbase_set) {
2274                 uint32_t dbgbase;
2275                 /* Get ROM Table base */
2276                 uint32_t apid;
2277                 int32_t coreidx = target->coreid;
2278                 retval = dap_get_debugbase(armv8->debug_ap, &dbgbase, &apid);
2279                 if (retval != ERROR_OK)
2280                         return retval;
2281                 /* Lookup 0x15 -- Processor DAP */
2282                 retval = dap_lookup_cs_component(armv8->debug_ap, dbgbase, 0x15,
2283                                 &armv8->debug_base, &coreidx);
2284                 if (retval != ERROR_OK)
2285                         return retval;
2286                 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32
2287                                 " apid: %08" PRIx32, coreidx, armv8->debug_base, apid);
2288         } else
2289                 armv8->debug_base = target->dbgbase;
2290
2291         retval = mem_ap_write_atomic_u32(armv8->debug_ap,
2292                         armv8->debug_base + CPUV8_DBG_OSLAR, 0);
2293         if (retval != ERROR_OK) {
2294                 LOG_DEBUG("Examine %s failed", "oslock");
2295                 return retval;
2296         }
2297
2298         retval = mem_ap_read_u32(armv8->debug_ap,
2299                         armv8->debug_base + CPUV8_DBG_MAINID0, &cpuid);
2300         if (retval != ERROR_OK) {
2301                 LOG_DEBUG("Examine %s failed", "CPUID");
2302                 return retval;
2303         }
2304
2305         retval = mem_ap_read_u32(armv8->debug_ap,
2306                         armv8->debug_base + CPUV8_DBG_MEMFEATURE0, &tmp0);
2307         retval += mem_ap_read_u32(armv8->debug_ap,
2308                         armv8->debug_base + CPUV8_DBG_MEMFEATURE0 + 4, &tmp1);
2309         if (retval != ERROR_OK) {
2310                 LOG_DEBUG("Examine %s failed", "Memory Model Type");
2311                 return retval;
2312         }
2313         retval = mem_ap_read_u32(armv8->debug_ap,
2314                         armv8->debug_base + CPUV8_DBG_DBGFEATURE0, &tmp2);
2315         retval += mem_ap_read_u32(armv8->debug_ap,
2316                         armv8->debug_base + CPUV8_DBG_DBGFEATURE0 + 4, &tmp3);
2317         if (retval != ERROR_OK) {
2318                 LOG_DEBUG("Examine %s failed", "ID_AA64DFR0_EL1");
2319                 return retval;
2320         }
2321
2322         retval = dap_run(armv8->debug_ap->dap);
2323         if (retval != ERROR_OK) {
2324                 LOG_ERROR("%s: examination failed\n", target_name(target));
2325                 return retval;
2326         }
2327
2328         ttypr |= tmp1;
2329         ttypr = (ttypr << 32) | tmp0;
2330         debug |= tmp3;
2331         debug = (debug << 32) | tmp2;
2332
2333         LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
2334         LOG_DEBUG("ttypr = 0x%08" PRIx64, ttypr);
2335         LOG_DEBUG("debug = 0x%08" PRIx64, debug);
2336
2337         if (target->private_config == NULL)
2338                 return ERROR_FAIL;
2339
2340         pc = (struct aarch64_private_config *)target->private_config;
2341         if (pc->cti == NULL)
2342                 return ERROR_FAIL;
2343
2344         armv8->cti = pc->cti;
2345
2346         retval = aarch64_dpm_setup(aarch64, debug);
2347         if (retval != ERROR_OK)
2348                 return retval;
2349
2350         /* Setup Breakpoint Register Pairs */
2351         aarch64->brp_num = (uint32_t)((debug >> 12) & 0x0F) + 1;
2352         aarch64->brp_num_context = (uint32_t)((debug >> 28) & 0x0F) + 1;
2353         aarch64->brp_num_available = aarch64->brp_num;
2354         aarch64->brp_list = calloc(aarch64->brp_num, sizeof(struct aarch64_brp));
2355         for (i = 0; i < aarch64->brp_num; i++) {
2356                 aarch64->brp_list[i].used = 0;
2357                 if (i < (aarch64->brp_num-aarch64->brp_num_context))
2358                         aarch64->brp_list[i].type = BRP_NORMAL;
2359                 else
2360                         aarch64->brp_list[i].type = BRP_CONTEXT;
2361                 aarch64->brp_list[i].value = 0;
2362                 aarch64->brp_list[i].control = 0;
2363                 aarch64->brp_list[i].BRPn = i;
2364         }
2365
2366         LOG_DEBUG("Configured %i hw breakpoints", aarch64->brp_num);
2367
2368         target->state = TARGET_UNKNOWN;
2369         target->debug_reason = DBG_REASON_NOTHALTED;
2370         aarch64->isrmasking_mode = AARCH64_ISRMASK_ON;
2371         target_set_examined(target);
2372         return ERROR_OK;
2373 }
2374
2375 static int aarch64_examine(struct target *target)
2376 {
2377         int retval = ERROR_OK;
2378
2379         /* don't re-probe hardware after each reset */
2380         if (!target_was_examined(target))
2381                 retval = aarch64_examine_first(target);
2382
2383         /* Configure core debug access */
2384         if (retval == ERROR_OK)
2385                 retval = aarch64_init_debug_access(target);
2386
2387         return retval;
2388 }
2389
2390 /*
2391  *      Cortex-A8 target creation and initialization
2392  */
2393
2394 static int aarch64_init_target(struct command_context *cmd_ctx,
2395         struct target *target)
2396 {
2397         /* examine_first() does a bunch of this */
2398         arm_semihosting_init(target);
2399         return ERROR_OK;
2400 }
2401
2402 static int aarch64_init_arch_info(struct target *target,
2403         struct aarch64_common *aarch64, struct adiv5_dap *dap)
2404 {
2405         struct armv8_common *armv8 = &aarch64->armv8_common;
2406
2407         /* Setup struct aarch64_common */
2408         aarch64->common_magic = AARCH64_COMMON_MAGIC;
2409         armv8->arm.dap = dap;
2410
2411         /* register arch-specific functions */
2412         armv8->examine_debug_reason = NULL;
2413         armv8->post_debug_entry = aarch64_post_debug_entry;
2414         armv8->pre_restore_context = NULL;
2415         armv8->armv8_mmu.read_physical_memory = aarch64_read_phys_memory;
2416
2417         armv8_init_arch_info(target, armv8);
2418         target_register_timer_callback(aarch64_handle_target_request, 1,
2419                 TARGET_TIMER_TYPE_PERIODIC, target);
2420
2421         return ERROR_OK;
2422 }
2423
2424 static int aarch64_target_create(struct target *target, Jim_Interp *interp)
2425 {
2426         struct aarch64_private_config *pc = target->private_config;
2427         struct aarch64_common *aarch64;
2428
2429         if (adiv5_verify_config(&pc->adiv5_config) != ERROR_OK)
2430                 return ERROR_FAIL;
2431
2432         aarch64 = calloc(1, sizeof(struct aarch64_common));
2433         if (aarch64 == NULL) {
2434                 LOG_ERROR("Out of memory");
2435                 return ERROR_FAIL;
2436         }
2437
2438         return aarch64_init_arch_info(target, aarch64, pc->adiv5_config.dap);
2439 }
2440
2441 static void aarch64_deinit_target(struct target *target)
2442 {
2443         struct aarch64_common *aarch64 = target_to_aarch64(target);
2444         struct armv8_common *armv8 = &aarch64->armv8_common;
2445         struct arm_dpm *dpm = &armv8->dpm;
2446
2447         armv8_free_reg_cache(target);
2448         free(aarch64->brp_list);
2449         free(dpm->dbp);
2450         free(dpm->dwp);
2451         free(target->private_config);
2452         free(aarch64);
2453 }
2454
2455 static int aarch64_mmu(struct target *target, int *enabled)
2456 {
2457         if (target->state != TARGET_HALTED) {
2458                 LOG_ERROR("%s: target %s not halted", __func__, target_name(target));
2459                 return ERROR_TARGET_INVALID;
2460         }
2461
2462         *enabled = target_to_aarch64(target)->armv8_common.armv8_mmu.mmu_enabled;
2463         return ERROR_OK;
2464 }
2465
2466 static int aarch64_virt2phys(struct target *target, target_addr_t virt,
2467                              target_addr_t *phys)
2468 {
2469         return armv8_mmu_translate_va_pa(target, virt, phys, 1);
2470 }
2471
2472 /*
2473  * private target configuration items
2474  */
2475 enum aarch64_cfg_param {
2476         CFG_CTI,
2477 };
2478
2479 static const Jim_Nvp nvp_config_opts[] = {
2480         { .name = "-cti", .value = CFG_CTI },
2481         { .name = NULL, .value = -1 }
2482 };
2483
2484 static int aarch64_jim_configure(struct target *target, Jim_GetOptInfo *goi)
2485 {
2486         struct aarch64_private_config *pc;
2487         Jim_Nvp *n;
2488         int e;
2489
2490         pc = (struct aarch64_private_config *)target->private_config;
2491         if (pc == NULL) {
2492                         pc = calloc(1, sizeof(struct aarch64_private_config));
2493                         target->private_config = pc;
2494         }
2495
2496         /*
2497          * Call adiv5_jim_configure() to parse the common DAP options
2498          * It will return JIM_CONTINUE if it didn't find any known
2499          * options, JIM_OK if it correctly parsed the topmost option
2500          * and JIM_ERR if an error occurred during parameter evaluation.
2501          * For JIM_CONTINUE, we check our own params.
2502          */
2503         e = adiv5_jim_configure(target, goi);
2504         if (e != JIM_CONTINUE)
2505                 return e;
2506
2507         /* parse config or cget options ... */
2508         if (goi->argc > 0) {
2509                 Jim_SetEmptyResult(goi->interp);
2510
2511                 /* check first if topmost item is for us */
2512                 e = Jim_Nvp_name2value_obj(goi->interp, nvp_config_opts,
2513                                 goi->argv[0], &n);
2514                 if (e != JIM_OK)
2515                         return JIM_CONTINUE;
2516
2517                 e = Jim_GetOpt_Obj(goi, NULL);
2518                 if (e != JIM_OK)
2519                         return e;
2520
2521                 switch (n->value) {
2522                 case CFG_CTI: {
2523                         if (goi->isconfigure) {
2524                                 Jim_Obj *o_cti;
2525                                 struct arm_cti *cti;
2526                                 e = Jim_GetOpt_Obj(goi, &o_cti);
2527                                 if (e != JIM_OK)
2528                                         return e;
2529                                 cti = cti_instance_by_jim_obj(goi->interp, o_cti);
2530                                 if (cti == NULL) {
2531                                         Jim_SetResultString(goi->interp, "CTI name invalid!", -1);
2532                                         return JIM_ERR;
2533                                 }
2534                                 pc->cti = cti;
2535                         } else {
2536                                 if (goi->argc != 0) {
2537                                         Jim_WrongNumArgs(goi->interp,
2538                                                         goi->argc, goi->argv,
2539                                                         "NO PARAMS");
2540                                         return JIM_ERR;
2541                                 }
2542
2543                                 if (pc == NULL || pc->cti == NULL) {
2544                                         Jim_SetResultString(goi->interp, "CTI not configured", -1);
2545                                         return JIM_ERR;
2546                                 }
2547                                 Jim_SetResultString(goi->interp, arm_cti_name(pc->cti), -1);
2548                         }
2549                         break;
2550                 }
2551
2552                 default:
2553                         return JIM_CONTINUE;
2554                 }
2555         }
2556
2557         return JIM_OK;
2558 }
2559
2560 COMMAND_HANDLER(aarch64_handle_cache_info_command)
2561 {
2562         struct target *target = get_current_target(CMD_CTX);
2563         struct armv8_common *armv8 = target_to_armv8(target);
2564
2565         return armv8_handle_cache_info_command(CMD,
2566                         &armv8->armv8_mmu.armv8_cache);
2567 }
2568
2569
2570 COMMAND_HANDLER(aarch64_handle_dbginit_command)
2571 {
2572         struct target *target = get_current_target(CMD_CTX);
2573         if (!target_was_examined(target)) {
2574                 LOG_ERROR("target not examined yet");
2575                 return ERROR_FAIL;
2576         }
2577
2578         return aarch64_init_debug_access(target);
2579 }
2580
2581 COMMAND_HANDLER(aarch64_mask_interrupts_command)
2582 {
2583         struct target *target = get_current_target(CMD_CTX);
2584         struct aarch64_common *aarch64 = target_to_aarch64(target);
2585
2586         static const Jim_Nvp nvp_maskisr_modes[] = {
2587                 { .name = "off", .value = AARCH64_ISRMASK_OFF },
2588                 { .name = "on", .value = AARCH64_ISRMASK_ON },
2589                 { .name = NULL, .value = -1 },
2590         };
2591         const Jim_Nvp *n;
2592
2593         if (CMD_ARGC > 0) {
2594                 n = Jim_Nvp_name2value_simple(nvp_maskisr_modes, CMD_ARGV[0]);
2595                 if (n->name == NULL) {
2596                         LOG_ERROR("Unknown parameter: %s - should be off or on", CMD_ARGV[0]);
2597                         return ERROR_COMMAND_SYNTAX_ERROR;
2598                 }
2599
2600                 aarch64->isrmasking_mode = n->value;
2601         }
2602
2603         n = Jim_Nvp_value2name_simple(nvp_maskisr_modes, aarch64->isrmasking_mode);
2604         command_print(CMD, "aarch64 interrupt mask %s", n->name);
2605
2606         return ERROR_OK;
2607 }
2608
2609 static int jim_mcrmrc(Jim_Interp *interp, int argc, Jim_Obj * const *argv)
2610 {
2611         struct command_context *context;
2612         struct target *target;
2613         struct arm *arm;
2614         int retval;
2615         bool is_mcr = false;
2616         int arg_cnt = 0;
2617
2618         if (Jim_CompareStringImmediate(interp, argv[0], "mcr")) {
2619                 is_mcr = true;
2620                 arg_cnt = 7;
2621         } else {
2622                 arg_cnt = 6;
2623         }
2624
2625         context = current_command_context(interp);
2626         assert(context != NULL);
2627
2628         target = get_current_target(context);
2629         if (target == NULL) {
2630                 LOG_ERROR("%s: no current target", __func__);
2631                 return JIM_ERR;
2632         }
2633         if (!target_was_examined(target)) {
2634                 LOG_ERROR("%s: not yet examined", target_name(target));
2635                 return JIM_ERR;
2636         }
2637
2638         arm = target_to_arm(target);
2639         if (!is_arm(arm)) {
2640                 LOG_ERROR("%s: not an ARM", target_name(target));
2641                 return JIM_ERR;
2642         }
2643
2644         if (target->state != TARGET_HALTED)
2645                 return ERROR_TARGET_NOT_HALTED;
2646
2647         if (arm->core_state == ARM_STATE_AARCH64) {
2648                 LOG_ERROR("%s: not 32-bit arm target", target_name(target));
2649                 return JIM_ERR;
2650         }
2651
2652         if (argc != arg_cnt) {
2653                 LOG_ERROR("%s: wrong number of arguments", __func__);
2654                 return JIM_ERR;
2655         }
2656
2657         int cpnum;
2658         uint32_t op1;
2659         uint32_t op2;
2660         uint32_t CRn;
2661         uint32_t CRm;
2662         uint32_t value;
2663         long l;
2664
2665         /* NOTE:  parameter sequence matches ARM instruction set usage:
2666          *      MCR     pNUM, op1, rX, CRn, CRm, op2    ; write CP from rX
2667          *      MRC     pNUM, op1, rX, CRn, CRm, op2    ; read CP into rX
2668          * The "rX" is necessarily omitted; it uses Tcl mechanisms.
2669          */
2670         retval = Jim_GetLong(interp, argv[1], &l);
2671         if (retval != JIM_OK)
2672                 return retval;
2673         if (l & ~0xf) {
2674                 LOG_ERROR("%s: %s %d out of range", __func__,
2675                         "coprocessor", (int) l);
2676                 return JIM_ERR;
2677         }
2678         cpnum = l;
2679
2680         retval = Jim_GetLong(interp, argv[2], &l);
2681         if (retval != JIM_OK)
2682                 return retval;
2683         if (l & ~0x7) {
2684                 LOG_ERROR("%s: %s %d out of range", __func__,
2685                         "op1", (int) l);
2686                 return JIM_ERR;
2687         }
2688         op1 = l;
2689
2690         retval = Jim_GetLong(interp, argv[3], &l);
2691         if (retval != JIM_OK)
2692                 return retval;
2693         if (l & ~0xf) {
2694                 LOG_ERROR("%s: %s %d out of range", __func__,
2695                         "CRn", (int) l);
2696                 return JIM_ERR;
2697         }
2698         CRn = l;
2699
2700         retval = Jim_GetLong(interp, argv[4], &l);
2701         if (retval != JIM_OK)
2702                 return retval;
2703         if (l & ~0xf) {
2704                 LOG_ERROR("%s: %s %d out of range", __func__,
2705                         "CRm", (int) l);
2706                 return JIM_ERR;
2707         }
2708         CRm = l;
2709
2710         retval = Jim_GetLong(interp, argv[5], &l);
2711         if (retval != JIM_OK)
2712                 return retval;
2713         if (l & ~0x7) {
2714                 LOG_ERROR("%s: %s %d out of range", __func__,
2715                         "op2", (int) l);
2716                 return JIM_ERR;
2717         }
2718         op2 = l;
2719
2720         value = 0;
2721
2722         if (is_mcr == true) {
2723                 retval = Jim_GetLong(interp, argv[6], &l);
2724                 if (retval != JIM_OK)
2725                         return retval;
2726                 value = l;
2727
2728                 /* NOTE: parameters reordered! */
2729                 /* ARMV4_5_MCR(cpnum, op1, 0, CRn, CRm, op2) */
2730                 retval = arm->mcr(target, cpnum, op1, op2, CRn, CRm, value);
2731                 if (retval != ERROR_OK)
2732                         return JIM_ERR;
2733         } else {
2734                 /* NOTE: parameters reordered! */
2735                 /* ARMV4_5_MRC(cpnum, op1, 0, CRn, CRm, op2) */
2736                 retval = arm->mrc(target, cpnum, op1, op2, CRn, CRm, &value);
2737                 if (retval != ERROR_OK)
2738                         return JIM_ERR;
2739
2740                 Jim_SetResult(interp, Jim_NewIntObj(interp, value));
2741         }
2742
2743         return JIM_OK;
2744 }
2745
2746 static const struct command_registration aarch64_exec_command_handlers[] = {
2747         {
2748                 .name = "cache_info",
2749                 .handler = aarch64_handle_cache_info_command,
2750                 .mode = COMMAND_EXEC,
2751                 .help = "display information about target caches",
2752                 .usage = "",
2753         },
2754         {
2755                 .name = "dbginit",
2756                 .handler = aarch64_handle_dbginit_command,
2757                 .mode = COMMAND_EXEC,
2758                 .help = "Initialize core debug",
2759                 .usage = "",
2760         },
2761         {
2762                 .name = "maskisr",
2763                 .handler = aarch64_mask_interrupts_command,
2764                 .mode = COMMAND_ANY,
2765                 .help = "mask aarch64 interrupts during single-step",
2766                 .usage = "['on'|'off']",
2767         },
2768         {
2769                 .name = "mcr",
2770                 .mode = COMMAND_EXEC,
2771                 .jim_handler = jim_mcrmrc,
2772                 .help = "write coprocessor register",
2773                 .usage = "cpnum op1 CRn CRm op2 value",
2774         },
2775         {
2776                 .name = "mrc",
2777                 .mode = COMMAND_EXEC,
2778                 .jim_handler = jim_mcrmrc,
2779                 .help = "read coprocessor register",
2780                 .usage = "cpnum op1 CRn CRm op2",
2781         },
2782         {
2783                 .chain = smp_command_handlers,
2784         },
2785
2786
2787         COMMAND_REGISTRATION_DONE
2788 };
2789
2790 extern const struct command_registration semihosting_common_handlers[];
2791
2792 static const struct command_registration aarch64_command_handlers[] = {
2793         {
2794                 .name = "arm",
2795                 .mode = COMMAND_ANY,
2796                 .help = "ARM Command Group",
2797                 .usage = "",
2798                 .chain = semihosting_common_handlers
2799         },
2800         {
2801                 .chain = armv8_command_handlers,
2802         },
2803         {
2804                 .name = "aarch64",
2805                 .mode = COMMAND_ANY,
2806                 .help = "Aarch64 command group",
2807                 .usage = "",
2808                 .chain = aarch64_exec_command_handlers,
2809         },
2810         COMMAND_REGISTRATION_DONE
2811 };
2812
2813 struct target_type aarch64_target = {
2814         .name = "aarch64",
2815
2816         .poll = aarch64_poll,
2817         .arch_state = armv8_arch_state,
2818
2819         .halt = aarch64_halt,
2820         .resume = aarch64_resume,
2821         .step = aarch64_step,
2822
2823         .assert_reset = aarch64_assert_reset,
2824         .deassert_reset = aarch64_deassert_reset,
2825
2826         /* REVISIT allow exporting VFP3 registers ... */
2827         .get_gdb_arch = armv8_get_gdb_arch,
2828         .get_gdb_reg_list = armv8_get_gdb_reg_list,
2829
2830         .read_memory = aarch64_read_memory,
2831         .write_memory = aarch64_write_memory,
2832
2833         .add_breakpoint = aarch64_add_breakpoint,
2834         .add_context_breakpoint = aarch64_add_context_breakpoint,
2835         .add_hybrid_breakpoint = aarch64_add_hybrid_breakpoint,
2836         .remove_breakpoint = aarch64_remove_breakpoint,
2837         .add_watchpoint = NULL,
2838         .remove_watchpoint = NULL,
2839
2840         .commands = aarch64_command_handlers,
2841         .target_create = aarch64_target_create,
2842         .target_jim_configure = aarch64_jim_configure,
2843         .init_target = aarch64_init_target,
2844         .deinit_target = aarch64_deinit_target,
2845         .examine = aarch64_examine,
2846
2847         .read_phys_memory = aarch64_read_phys_memory,
2848         .write_phys_memory = aarch64_write_phys_memory,
2849         .mmu = aarch64_mmu,
2850         .virt2phys = aarch64_virt2phys,
2851 };