1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2006 by Magnus Lundin *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex R4 support *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
26 * This program is free software; you can redistribute it and/or modify *
27 * it under the terms of the GNU General Public License as published by *
28 * the Free Software Foundation; either version 2 of the License, or *
29 * (at your option) any later version. *
31 * This program is distributed in the hope that it will be useful, *
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
34 * GNU General Public License for more details. *
36 * You should have received a copy of the GNU General Public License *
37 * along with this program; if not, write to the *
38 * Free Software Foundation, Inc., *
39 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
41 * Cortex-A8(tm) TRM, ARM DDI 0344H *
42 * Cortex-A9(tm) TRM, ARM DDI 0407F *
43 * Cortex-A4(tm) TRM, ARM DDI 0363E *
44 * Cortex-A15(tm)TRM, ARM DDI 0438C *
46 ***************************************************************************/
52 #include "breakpoints.h"
55 #include "target_request.h"
56 #include "target_type.h"
57 #include "arm_opcodes.h"
58 #include <helper/time_support.h>
60 static int cortex_a_poll(struct target *target);
61 static int cortex_a_debug_entry(struct target *target);
62 static int cortex_a_restore_context(struct target *target, bool bpwp);
63 static int cortex_a_set_breakpoint(struct target *target,
64 struct breakpoint *breakpoint, uint8_t matchmode);
65 static int cortex_a_set_context_breakpoint(struct target *target,
66 struct breakpoint *breakpoint, uint8_t matchmode);
67 static int cortex_a_set_hybrid_breakpoint(struct target *target,
68 struct breakpoint *breakpoint);
69 static int cortex_a_unset_breakpoint(struct target *target,
70 struct breakpoint *breakpoint);
71 static int cortex_a_dap_read_coreregister_u32(struct target *target,
72 uint32_t *value, int regnum);
73 static int cortex_a_dap_write_coreregister_u32(struct target *target,
74 uint32_t value, int regnum);
75 static int cortex_a_mmu(struct target *target, int *enabled);
76 static int cortex_a_mmu_modify(struct target *target, int enable);
77 static int cortex_a_virt2phys(struct target *target,
78 uint32_t virt, uint32_t *phys);
79 static int cortex_a_read_apb_ab_memory(struct target *target,
80 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
83 /* restore cp15_control_reg at resume */
84 static int cortex_a_restore_cp15_control_reg(struct target *target)
86 int retval = ERROR_OK;
87 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
88 struct armv7a_common *armv7a = target_to_armv7a(target);
90 if (cortex_a->cp15_control_reg != cortex_a->cp15_control_reg_curr) {
91 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
92 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
93 retval = armv7a->arm.mcr(target, 15,
96 cortex_a->cp15_control_reg);
102 * Set up ARM core for memory access.
103 * If !phys_access, switch to SVC mode and make sure MMU is on
104 * If phys_access, switch off mmu
106 static int cortex_a_prep_memaccess(struct target *target, int phys_access)
108 struct armv7a_common *armv7a = target_to_armv7a(target);
109 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
112 if (phys_access == 0) {
113 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
114 cortex_a_mmu(target, &mmu_enabled);
116 cortex_a_mmu_modify(target, 1);
117 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
118 /* overwrite DACR to all-manager */
119 armv7a->arm.mcr(target, 15,
124 cortex_a_mmu(target, &mmu_enabled);
126 cortex_a_mmu_modify(target, 0);
132 * Restore ARM core after memory access.
133 * If !phys_access, switch to previous mode
134 * If phys_access, restore MMU setting
136 static int cortex_a_post_memaccess(struct target *target, int phys_access)
138 struct armv7a_common *armv7a = target_to_armv7a(target);
139 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
141 if (phys_access == 0) {
142 if (cortex_a->dacrfixup_mode == CORTEX_A_DACRFIXUP_ON) {
144 armv7a->arm.mcr(target, 15,
146 cortex_a->cp15_dacr_reg);
148 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
151 cortex_a_mmu(target, &mmu_enabled);
153 cortex_a_mmu_modify(target, 1);
159 /* modify cp15_control_reg in order to enable or disable mmu for :
160 * - virt2phys address conversion
161 * - read or write memory in phys or virt address */
162 static int cortex_a_mmu_modify(struct target *target, int enable)
164 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
165 struct armv7a_common *armv7a = target_to_armv7a(target);
166 int retval = ERROR_OK;
170 /* if mmu enabled at target stop and mmu not enable */
171 if (!(cortex_a->cp15_control_reg & 0x1U)) {
172 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
175 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0) {
176 cortex_a->cp15_control_reg_curr |= 0x1U;
180 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0x1U) {
181 cortex_a->cp15_control_reg_curr &= ~0x1U;
187 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32,
188 enable ? "enable mmu" : "disable mmu",
189 cortex_a->cp15_control_reg_curr);
191 retval = armv7a->arm.mcr(target, 15,
194 cortex_a->cp15_control_reg_curr);
200 * Cortex-A Basic debug access, very low level assumes state is saved
202 static int cortex_a8_init_debug_access(struct target *target)
204 struct armv7a_common *armv7a = target_to_armv7a(target);
209 /* Unlocking the debug registers for modification
210 * The debugport might be uninitialised so try twice */
211 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
212 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
213 if (retval != ERROR_OK) {
215 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
216 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
217 if (retval == ERROR_OK)
219 "Locking debug access failed on first, but succeeded on second try.");
226 * Cortex-A Basic debug access, very low level assumes state is saved
228 static int cortex_a_init_debug_access(struct target *target)
230 struct armv7a_common *armv7a = target_to_armv7a(target);
233 uint32_t cortex_part_num;
234 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
237 cortex_part_num = (cortex_a->cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >>
238 CORTEX_A_MIDR_PARTNUM_SHIFT;
240 switch (cortex_part_num) {
241 case CORTEX_A7_PARTNUM:
242 case CORTEX_A15_PARTNUM:
243 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
244 armv7a->debug_base + CPUDBG_OSLSR,
246 if (retval != ERROR_OK)
249 LOG_DEBUG("DBGOSLSR 0x%" PRIx32, dbg_osreg);
251 if (dbg_osreg & CPUDBG_OSLAR_LK_MASK)
252 /* Unlocking the DEBUG OS registers for modification */
253 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
254 armv7a->debug_base + CPUDBG_OSLAR,
258 case CORTEX_A5_PARTNUM:
259 case CORTEX_A8_PARTNUM:
260 case CORTEX_A9_PARTNUM:
262 retval = cortex_a8_init_debug_access(target);
265 if (retval != ERROR_OK)
267 /* Clear Sticky Power Down status Bit in PRSR to enable access to
268 the registers in the Core Power Domain */
269 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
270 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
271 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
273 if (retval != ERROR_OK)
276 /* Disable cacheline fills and force cache write-through in debug state */
277 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
278 armv7a->debug_base + CPUDBG_DSCCR, 0);
279 if (retval != ERROR_OK)
282 /* Disable TLB lookup and refill/eviction in debug state */
283 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
284 armv7a->debug_base + CPUDBG_DSMCR, 0);
285 if (retval != ERROR_OK)
288 /* Enabling of instruction execution in debug mode is done in debug_entry code */
290 /* Resync breakpoint registers */
292 /* Since this is likely called from init or reset, update target state information*/
293 return cortex_a_poll(target);
296 static int cortex_a_wait_instrcmpl(struct target *target, uint32_t *dscr, bool force)
298 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
299 * Writes final value of DSCR into *dscr. Pass force to force always
300 * reading DSCR at least once. */
301 struct armv7a_common *armv7a = target_to_armv7a(target);
302 long long then = timeval_ms();
303 while ((*dscr & DSCR_INSTR_COMP) == 0 || force) {
305 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
306 armv7a->debug_base + CPUDBG_DSCR, dscr);
307 if (retval != ERROR_OK) {
308 LOG_ERROR("Could not read DSCR register");
311 if (timeval_ms() > then + 1000) {
312 LOG_ERROR("Timeout waiting for InstrCompl=1");
319 /* To reduce needless round-trips, pass in a pointer to the current
320 * DSCR value. Initialize it to zero if you just need to know the
321 * value on return from this function; or DSCR_INSTR_COMP if you
322 * happen to know that no instruction is pending.
324 static int cortex_a_exec_opcode(struct target *target,
325 uint32_t opcode, uint32_t *dscr_p)
329 struct armv7a_common *armv7a = target_to_armv7a(target);
331 dscr = dscr_p ? *dscr_p : 0;
333 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
335 /* Wait for InstrCompl bit to be set */
336 retval = cortex_a_wait_instrcmpl(target, dscr_p, false);
337 if (retval != ERROR_OK)
340 retval = mem_ap_write_u32(armv7a->debug_ap,
341 armv7a->debug_base + CPUDBG_ITR, opcode);
342 if (retval != ERROR_OK)
345 long long then = timeval_ms();
347 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
348 armv7a->debug_base + CPUDBG_DSCR, &dscr);
349 if (retval != ERROR_OK) {
350 LOG_ERROR("Could not read DSCR register");
353 if (timeval_ms() > then + 1000) {
354 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
357 } while ((dscr & DSCR_INSTR_COMP) == 0); /* Wait for InstrCompl bit to be set */
365 /**************************************************************************
366 Read core register with very few exec_opcode, fast but needs work_area.
367 This can cause problems with MMU active.
368 **************************************************************************/
369 static int cortex_a_read_regs_through_mem(struct target *target, uint32_t address,
372 int retval = ERROR_OK;
373 struct armv7a_common *armv7a = target_to_armv7a(target);
375 retval = cortex_a_dap_read_coreregister_u32(target, regfile, 0);
376 if (retval != ERROR_OK)
378 retval = cortex_a_dap_write_coreregister_u32(target, address, 0);
379 if (retval != ERROR_OK)
381 retval = cortex_a_exec_opcode(target, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL);
382 if (retval != ERROR_OK)
385 retval = mem_ap_read_buf(armv7a->memory_ap,
386 (uint8_t *)(®file[1]), 4, 15, address);
391 static int cortex_a_dap_read_coreregister_u32(struct target *target,
392 uint32_t *value, int regnum)
394 int retval = ERROR_OK;
395 uint8_t reg = regnum&0xFF;
397 struct armv7a_common *armv7a = target_to_armv7a(target);
403 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
404 retval = cortex_a_exec_opcode(target,
405 ARMV4_5_MCR(14, 0, reg, 0, 5, 0),
407 if (retval != ERROR_OK)
409 } else if (reg == 15) {
410 /* "MOV r0, r15"; then move r0 to DCCTX */
411 retval = cortex_a_exec_opcode(target, 0xE1A0000F, &dscr);
412 if (retval != ERROR_OK)
414 retval = cortex_a_exec_opcode(target,
415 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
417 if (retval != ERROR_OK)
420 /* "MRS r0, CPSR" or "MRS r0, SPSR"
421 * then move r0 to DCCTX
423 retval = cortex_a_exec_opcode(target, ARMV4_5_MRS(0, reg & 1), &dscr);
424 if (retval != ERROR_OK)
426 retval = cortex_a_exec_opcode(target,
427 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
429 if (retval != ERROR_OK)
433 /* Wait for DTRRXfull then read DTRRTX */
434 long long then = timeval_ms();
435 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
436 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
437 armv7a->debug_base + CPUDBG_DSCR, &dscr);
438 if (retval != ERROR_OK)
440 if (timeval_ms() > then + 1000) {
441 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
446 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
447 armv7a->debug_base + CPUDBG_DTRTX, value);
448 LOG_DEBUG("read DCC 0x%08" PRIx32, *value);
453 static int cortex_a_dap_write_coreregister_u32(struct target *target,
454 uint32_t value, int regnum)
456 int retval = ERROR_OK;
457 uint8_t Rd = regnum&0xFF;
459 struct armv7a_common *armv7a = target_to_armv7a(target);
461 LOG_DEBUG("register %i, value 0x%08" PRIx32, regnum, value);
463 /* Check that DCCRX is not full */
464 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
465 armv7a->debug_base + CPUDBG_DSCR, &dscr);
466 if (retval != ERROR_OK)
468 if (dscr & DSCR_DTR_RX_FULL) {
469 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
470 /* Clear DCCRX with MRC(p14, 0, Rd, c0, c5, 0), opcode 0xEE100E15 */
471 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
473 if (retval != ERROR_OK)
480 /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
481 LOG_DEBUG("write DCC 0x%08" PRIx32, value);
482 retval = mem_ap_write_u32(armv7a->debug_ap,
483 armv7a->debug_base + CPUDBG_DTRRX, value);
484 if (retval != ERROR_OK)
488 /* DCCRX to Rn, "MRC p14, 0, Rn, c0, c5, 0", 0xEE10nE15 */
489 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, Rd, 0, 5, 0),
492 if (retval != ERROR_OK)
494 } else if (Rd == 15) {
495 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
498 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
500 if (retval != ERROR_OK)
502 retval = cortex_a_exec_opcode(target, 0xE1A0F000, &dscr);
503 if (retval != ERROR_OK)
506 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
507 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
509 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
511 if (retval != ERROR_OK)
513 retval = cortex_a_exec_opcode(target, ARMV4_5_MSR_GP(0, 0xF, Rd & 1),
515 if (retval != ERROR_OK)
518 /* "Prefetch flush" after modifying execution status in CPSR */
520 retval = cortex_a_exec_opcode(target,
521 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
523 if (retval != ERROR_OK)
531 /* Write to memory mapped registers directly with no cache or mmu handling */
532 static int cortex_a_dap_write_memap_register_u32(struct target *target,
537 struct armv7a_common *armv7a = target_to_armv7a(target);
539 retval = mem_ap_write_atomic_u32(armv7a->debug_ap, address, value);
545 * Cortex-A implementation of Debug Programmer's Model
547 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
548 * so there's no need to poll for it before executing an instruction.
550 * NOTE that in several of these cases the "stall" mode might be useful.
551 * It'd let us queue a few operations together... prepare/finish might
552 * be the places to enable/disable that mode.
555 static inline struct cortex_a_common *dpm_to_a(struct arm_dpm *dpm)
557 return container_of(dpm, struct cortex_a_common, armv7a_common.dpm);
560 static int cortex_a_write_dcc(struct cortex_a_common *a, uint32_t data)
562 LOG_DEBUG("write DCC 0x%08" PRIx32, data);
563 return mem_ap_write_u32(a->armv7a_common.debug_ap,
564 a->armv7a_common.debug_base + CPUDBG_DTRRX, data);
567 static int cortex_a_read_dcc(struct cortex_a_common *a, uint32_t *data,
570 uint32_t dscr = DSCR_INSTR_COMP;
576 /* Wait for DTRRXfull */
577 long long then = timeval_ms();
578 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
579 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
580 a->armv7a_common.debug_base + CPUDBG_DSCR,
582 if (retval != ERROR_OK)
584 if (timeval_ms() > then + 1000) {
585 LOG_ERROR("Timeout waiting for read dcc");
590 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
591 a->armv7a_common.debug_base + CPUDBG_DTRTX, data);
592 if (retval != ERROR_OK)
594 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
602 static int cortex_a_dpm_prepare(struct arm_dpm *dpm)
604 struct cortex_a_common *a = dpm_to_a(dpm);
608 /* set up invariant: INSTR_COMP is set after ever DPM operation */
609 long long then = timeval_ms();
611 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
612 a->armv7a_common.debug_base + CPUDBG_DSCR,
614 if (retval != ERROR_OK)
616 if ((dscr & DSCR_INSTR_COMP) != 0)
618 if (timeval_ms() > then + 1000) {
619 LOG_ERROR("Timeout waiting for dpm prepare");
624 /* this "should never happen" ... */
625 if (dscr & DSCR_DTR_RX_FULL) {
626 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
628 retval = cortex_a_exec_opcode(
629 a->armv7a_common.arm.target,
630 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
632 if (retval != ERROR_OK)
639 static int cortex_a_dpm_finish(struct arm_dpm *dpm)
641 /* REVISIT what could be done here? */
645 static int cortex_a_instr_write_data_dcc(struct arm_dpm *dpm,
646 uint32_t opcode, uint32_t data)
648 struct cortex_a_common *a = dpm_to_a(dpm);
650 uint32_t dscr = DSCR_INSTR_COMP;
652 retval = cortex_a_write_dcc(a, data);
653 if (retval != ERROR_OK)
656 return cortex_a_exec_opcode(
657 a->armv7a_common.arm.target,
662 static int cortex_a_instr_write_data_r0(struct arm_dpm *dpm,
663 uint32_t opcode, uint32_t data)
665 struct cortex_a_common *a = dpm_to_a(dpm);
666 uint32_t dscr = DSCR_INSTR_COMP;
669 retval = cortex_a_write_dcc(a, data);
670 if (retval != ERROR_OK)
673 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
674 retval = cortex_a_exec_opcode(
675 a->armv7a_common.arm.target,
676 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
678 if (retval != ERROR_OK)
681 /* then the opcode, taking data from R0 */
682 retval = cortex_a_exec_opcode(
683 a->armv7a_common.arm.target,
690 static int cortex_a_instr_cpsr_sync(struct arm_dpm *dpm)
692 struct target *target = dpm->arm->target;
693 uint32_t dscr = DSCR_INSTR_COMP;
695 /* "Prefetch flush" after modifying execution status in CPSR */
696 return cortex_a_exec_opcode(target,
697 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
701 static int cortex_a_instr_read_data_dcc(struct arm_dpm *dpm,
702 uint32_t opcode, uint32_t *data)
704 struct cortex_a_common *a = dpm_to_a(dpm);
706 uint32_t dscr = DSCR_INSTR_COMP;
708 /* the opcode, writing data to DCC */
709 retval = cortex_a_exec_opcode(
710 a->armv7a_common.arm.target,
713 if (retval != ERROR_OK)
716 return cortex_a_read_dcc(a, data, &dscr);
720 static int cortex_a_instr_read_data_r0(struct arm_dpm *dpm,
721 uint32_t opcode, uint32_t *data)
723 struct cortex_a_common *a = dpm_to_a(dpm);
724 uint32_t dscr = DSCR_INSTR_COMP;
727 /* the opcode, writing data to R0 */
728 retval = cortex_a_exec_opcode(
729 a->armv7a_common.arm.target,
732 if (retval != ERROR_OK)
735 /* write R0 to DCC */
736 retval = cortex_a_exec_opcode(
737 a->armv7a_common.arm.target,
738 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
740 if (retval != ERROR_OK)
743 return cortex_a_read_dcc(a, data, &dscr);
746 static int cortex_a_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
747 uint32_t addr, uint32_t control)
749 struct cortex_a_common *a = dpm_to_a(dpm);
750 uint32_t vr = a->armv7a_common.debug_base;
751 uint32_t cr = a->armv7a_common.debug_base;
755 case 0 ... 15: /* breakpoints */
756 vr += CPUDBG_BVR_BASE;
757 cr += CPUDBG_BCR_BASE;
759 case 16 ... 31: /* watchpoints */
760 vr += CPUDBG_WVR_BASE;
761 cr += CPUDBG_WCR_BASE;
770 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
771 (unsigned) vr, (unsigned) cr);
773 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
775 if (retval != ERROR_OK)
777 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
782 static int cortex_a_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
784 struct cortex_a_common *a = dpm_to_a(dpm);
789 cr = a->armv7a_common.debug_base + CPUDBG_BCR_BASE;
792 cr = a->armv7a_common.debug_base + CPUDBG_WCR_BASE;
800 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr);
802 /* clear control register */
803 return cortex_a_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
806 static int cortex_a_dpm_setup(struct cortex_a_common *a, uint32_t didr)
808 struct arm_dpm *dpm = &a->armv7a_common.dpm;
811 dpm->arm = &a->armv7a_common.arm;
814 dpm->prepare = cortex_a_dpm_prepare;
815 dpm->finish = cortex_a_dpm_finish;
817 dpm->instr_write_data_dcc = cortex_a_instr_write_data_dcc;
818 dpm->instr_write_data_r0 = cortex_a_instr_write_data_r0;
819 dpm->instr_cpsr_sync = cortex_a_instr_cpsr_sync;
821 dpm->instr_read_data_dcc = cortex_a_instr_read_data_dcc;
822 dpm->instr_read_data_r0 = cortex_a_instr_read_data_r0;
824 dpm->bpwp_enable = cortex_a_bpwp_enable;
825 dpm->bpwp_disable = cortex_a_bpwp_disable;
827 retval = arm_dpm_setup(dpm);
828 if (retval == ERROR_OK)
829 retval = arm_dpm_initialize(dpm);
833 static struct target *get_cortex_a(struct target *target, int32_t coreid)
835 struct target_list *head;
839 while (head != (struct target_list *)NULL) {
841 if ((curr->coreid == coreid) && (curr->state == TARGET_HALTED))
847 static int cortex_a_halt(struct target *target);
849 static int cortex_a_halt_smp(struct target *target)
852 struct target_list *head;
855 while (head != (struct target_list *)NULL) {
857 if ((curr != target) && (curr->state != TARGET_HALTED))
858 retval += cortex_a_halt(curr);
864 static int update_halt_gdb(struct target *target)
867 if (target->gdb_service && target->gdb_service->core[0] == -1) {
868 target->gdb_service->target = target;
869 target->gdb_service->core[0] = target->coreid;
870 retval += cortex_a_halt_smp(target);
876 * Cortex-A Run control
879 static int cortex_a_poll(struct target *target)
881 int retval = ERROR_OK;
883 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
884 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
885 enum target_state prev_target_state = target->state;
886 /* toggle to another core is done by gdb as follow */
887 /* maint packet J core_id */
889 /* the next polling trigger an halt event sent to gdb */
890 if ((target->state == TARGET_HALTED) && (target->smp) &&
891 (target->gdb_service) &&
892 (target->gdb_service->target == NULL)) {
893 target->gdb_service->target =
894 get_cortex_a(target, target->gdb_service->core[1]);
895 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
898 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
899 armv7a->debug_base + CPUDBG_DSCR, &dscr);
900 if (retval != ERROR_OK)
902 cortex_a->cpudbg_dscr = dscr;
904 if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED)) {
905 if (prev_target_state != TARGET_HALTED) {
906 /* We have a halting debug event */
907 LOG_DEBUG("Target halted");
908 target->state = TARGET_HALTED;
909 if ((prev_target_state == TARGET_RUNNING)
910 || (prev_target_state == TARGET_UNKNOWN)
911 || (prev_target_state == TARGET_RESET)) {
912 retval = cortex_a_debug_entry(target);
913 if (retval != ERROR_OK)
916 retval = update_halt_gdb(target);
917 if (retval != ERROR_OK)
920 target_call_event_callbacks(target,
921 TARGET_EVENT_HALTED);
923 if (prev_target_state == TARGET_DEBUG_RUNNING) {
926 retval = cortex_a_debug_entry(target);
927 if (retval != ERROR_OK)
930 retval = update_halt_gdb(target);
931 if (retval != ERROR_OK)
935 target_call_event_callbacks(target,
936 TARGET_EVENT_DEBUG_HALTED);
939 } else if (DSCR_RUN_MODE(dscr) == DSCR_CORE_RESTARTED)
940 target->state = TARGET_RUNNING;
942 LOG_DEBUG("Unknown target state dscr = 0x%08" PRIx32, dscr);
943 target->state = TARGET_UNKNOWN;
949 static int cortex_a_halt(struct target *target)
951 int retval = ERROR_OK;
953 struct armv7a_common *armv7a = target_to_armv7a(target);
956 * Tell the core to be halted by writing DRCR with 0x1
957 * and then wait for the core to be halted.
959 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
960 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
961 if (retval != ERROR_OK)
965 * enter halting debug mode
967 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
968 armv7a->debug_base + CPUDBG_DSCR, &dscr);
969 if (retval != ERROR_OK)
972 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
973 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
974 if (retval != ERROR_OK)
977 long long then = timeval_ms();
979 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
980 armv7a->debug_base + CPUDBG_DSCR, &dscr);
981 if (retval != ERROR_OK)
983 if ((dscr & DSCR_CORE_HALTED) != 0)
985 if (timeval_ms() > then + 1000) {
986 LOG_ERROR("Timeout waiting for halt");
991 target->debug_reason = DBG_REASON_DBGRQ;
996 static int cortex_a_internal_restore(struct target *target, int current,
997 uint32_t *address, int handle_breakpoints, int debug_execution)
999 struct armv7a_common *armv7a = target_to_armv7a(target);
1000 struct arm *arm = &armv7a->arm;
1004 if (!debug_execution)
1005 target_free_all_working_areas(target);
1008 if (debug_execution) {
1009 /* Disable interrupts */
1010 /* We disable interrupts in the PRIMASK register instead of
1011 * masking with C_MASKINTS,
1012 * This is probably the same issue as Cortex-M3 Errata 377493:
1013 * C_MASKINTS in parallel with disabled interrupts can cause
1014 * local faults to not be taken. */
1015 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
1016 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
1017 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
1019 /* Make sure we are in Thumb mode */
1020 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
1021 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0,
1023 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
1024 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
1028 /* current = 1: continue on current pc, otherwise continue at <address> */
1029 resume_pc = buf_get_u32(arm->pc->value, 0, 32);
1031 resume_pc = *address;
1033 *address = resume_pc;
1035 /* Make sure that the Armv7 gdb thumb fixups does not
1036 * kill the return address
1038 switch (arm->core_state) {
1040 resume_pc &= 0xFFFFFFFC;
1042 case ARM_STATE_THUMB:
1043 case ARM_STATE_THUMB_EE:
1044 /* When the return address is loaded into PC
1045 * bit 0 must be 1 to stay in Thumb state
1049 case ARM_STATE_JAZELLE:
1050 LOG_ERROR("How do I resume into Jazelle state??");
1053 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
1054 buf_set_u32(arm->pc->value, 0, 32, resume_pc);
1058 /* restore dpm_mode at system halt */
1059 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1060 /* called it now before restoring context because it uses cpu
1061 * register r0 for restoring cp15 control register */
1062 retval = cortex_a_restore_cp15_control_reg(target);
1063 if (retval != ERROR_OK)
1065 retval = cortex_a_restore_context(target, handle_breakpoints);
1066 if (retval != ERROR_OK)
1068 target->debug_reason = DBG_REASON_NOTHALTED;
1069 target->state = TARGET_RUNNING;
1071 /* registers are now invalid */
1072 register_cache_invalidate(arm->core_cache);
1075 /* the front-end may request us not to handle breakpoints */
1076 if (handle_breakpoints) {
1077 /* Single step past breakpoint at current address */
1078 breakpoint = breakpoint_find(target, resume_pc);
1080 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1081 cortex_m3_unset_breakpoint(target, breakpoint);
1082 cortex_m3_single_step_core(target);
1083 cortex_m3_set_breakpoint(target, breakpoint);
1091 static int cortex_a_internal_restart(struct target *target)
1093 struct armv7a_common *armv7a = target_to_armv7a(target);
1094 struct arm *arm = &armv7a->arm;
1098 * * Restart core and wait for it to be started. Clear ITRen and sticky
1099 * * exception flags: see ARMv7 ARM, C5.9.
1101 * REVISIT: for single stepping, we probably want to
1102 * disable IRQs by default, with optional override...
1105 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1106 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1107 if (retval != ERROR_OK)
1110 if ((dscr & DSCR_INSTR_COMP) == 0)
1111 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
1113 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1114 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
1115 if (retval != ERROR_OK)
1118 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1119 armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART |
1120 DRCR_CLEAR_EXCEPTIONS);
1121 if (retval != ERROR_OK)
1124 long long then = timeval_ms();
1126 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1127 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1128 if (retval != ERROR_OK)
1130 if ((dscr & DSCR_CORE_RESTARTED) != 0)
1132 if (timeval_ms() > then + 1000) {
1133 LOG_ERROR("Timeout waiting for resume");
1138 target->debug_reason = DBG_REASON_NOTHALTED;
1139 target->state = TARGET_RUNNING;
1141 /* registers are now invalid */
1142 register_cache_invalidate(arm->core_cache);
1147 static int cortex_a_restore_smp(struct target *target, int handle_breakpoints)
1150 struct target_list *head;
1151 struct target *curr;
1153 head = target->head;
1154 while (head != (struct target_list *)NULL) {
1155 curr = head->target;
1156 if ((curr != target) && (curr->state != TARGET_RUNNING)) {
1157 /* resume current address , not in step mode */
1158 retval += cortex_a_internal_restore(curr, 1, &address,
1159 handle_breakpoints, 0);
1160 retval += cortex_a_internal_restart(curr);
1168 static int cortex_a_resume(struct target *target, int current,
1169 uint32_t address, int handle_breakpoints, int debug_execution)
1172 /* dummy resume for smp toggle in order to reduce gdb impact */
1173 if ((target->smp) && (target->gdb_service->core[1] != -1)) {
1174 /* simulate a start and halt of target */
1175 target->gdb_service->target = NULL;
1176 target->gdb_service->core[0] = target->gdb_service->core[1];
1177 /* fake resume at next poll we play the target core[1], see poll*/
1178 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1181 cortex_a_internal_restore(target, current, &address, handle_breakpoints, debug_execution);
1183 target->gdb_service->core[0] = -1;
1184 retval = cortex_a_restore_smp(target, handle_breakpoints);
1185 if (retval != ERROR_OK)
1188 cortex_a_internal_restart(target);
1190 if (!debug_execution) {
1191 target->state = TARGET_RUNNING;
1192 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1193 LOG_DEBUG("target resumed at 0x%" PRIx32, address);
1195 target->state = TARGET_DEBUG_RUNNING;
1196 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1197 LOG_DEBUG("target debug resumed at 0x%" PRIx32, address);
1203 static int cortex_a_debug_entry(struct target *target)
1206 uint32_t regfile[16], cpsr, dscr;
1207 int retval = ERROR_OK;
1208 struct working_area *regfile_working_area = NULL;
1209 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1210 struct armv7a_common *armv7a = target_to_armv7a(target);
1211 struct arm *arm = &armv7a->arm;
1214 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a->cpudbg_dscr);
1216 /* REVISIT surely we should not re-read DSCR !! */
1217 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1218 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1219 if (retval != ERROR_OK)
1222 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1223 * imprecise data aborts get discarded by issuing a Data
1224 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1227 /* Enable the ITR execution once we are in debug mode */
1228 dscr |= DSCR_ITR_EN;
1229 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1230 armv7a->debug_base + CPUDBG_DSCR, dscr);
1231 if (retval != ERROR_OK)
1234 /* Examine debug reason */
1235 arm_dpm_report_dscr(&armv7a->dpm, cortex_a->cpudbg_dscr);
1237 /* save address of instruction that triggered the watchpoint? */
1238 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
1241 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1242 armv7a->debug_base + CPUDBG_WFAR,
1244 if (retval != ERROR_OK)
1246 arm_dpm_report_wfar(&armv7a->dpm, wfar);
1249 /* REVISIT fast_reg_read is never set ... */
1251 /* Examine target state and mode */
1252 if (cortex_a->fast_reg_read)
1253 target_alloc_working_area(target, 64, ®file_working_area);
1255 /* First load register acessible through core debug port*/
1256 if (!regfile_working_area)
1257 retval = arm_dpm_read_current_registers(&armv7a->dpm);
1259 retval = cortex_a_read_regs_through_mem(target,
1260 regfile_working_area->address, regfile);
1262 target_free_working_area(target, regfile_working_area);
1263 if (retval != ERROR_OK)
1266 /* read Current PSR */
1267 retval = cortex_a_dap_read_coreregister_u32(target, &cpsr, 16);
1268 /* store current cpsr */
1269 if (retval != ERROR_OK)
1272 LOG_DEBUG("cpsr: %8.8" PRIx32, cpsr);
1274 arm_set_cpsr(arm, cpsr);
1277 for (i = 0; i <= ARM_PC; i++) {
1278 reg = arm_reg_current(arm, i);
1280 buf_set_u32(reg->value, 0, 32, regfile[i]);
1285 /* Fixup PC Resume Address */
1286 if (cpsr & (1 << 5)) {
1287 /* T bit set for Thumb or ThumbEE state */
1288 regfile[ARM_PC] -= 4;
1291 regfile[ARM_PC] -= 8;
1295 buf_set_u32(reg->value, 0, 32, regfile[ARM_PC]);
1296 reg->dirty = reg->valid;
1300 /* TODO, Move this */
1301 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1302 cortex_a_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1303 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1305 cortex_a_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1306 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1308 cortex_a_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1309 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1312 /* Are we in an exception handler */
1313 /* armv4_5->exception_number = 0; */
1314 if (armv7a->post_debug_entry) {
1315 retval = armv7a->post_debug_entry(target);
1316 if (retval != ERROR_OK)
1323 static int cortex_a_post_debug_entry(struct target *target)
1325 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1326 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1329 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1330 retval = armv7a->arm.mrc(target, 15,
1331 0, 0, /* op1, op2 */
1332 1, 0, /* CRn, CRm */
1333 &cortex_a->cp15_control_reg);
1334 if (retval != ERROR_OK)
1336 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg);
1337 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
1339 if (armv7a->armv7a_mmu.armv7a_cache.info == -1)
1340 armv7a_identify_cache(target);
1342 if (armv7a->is_armv7r) {
1343 armv7a->armv7a_mmu.mmu_enabled = 0;
1345 armv7a->armv7a_mmu.mmu_enabled =
1346 (cortex_a->cp15_control_reg & 0x1U) ? 1 : 0;
1348 armv7a->armv7a_mmu.armv7a_cache.d_u_cache_enabled =
1349 (cortex_a->cp15_control_reg & 0x4U) ? 1 : 0;
1350 armv7a->armv7a_mmu.armv7a_cache.i_cache_enabled =
1351 (cortex_a->cp15_control_reg & 0x1000U) ? 1 : 0;
1352 cortex_a->curr_mode = armv7a->arm.core_mode;
1354 /* switch to SVC mode to read DACR */
1355 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
1356 armv7a->arm.mrc(target, 15,
1358 &cortex_a->cp15_dacr_reg);
1360 LOG_DEBUG("cp15_dacr_reg: %8.8" PRIx32,
1361 cortex_a->cp15_dacr_reg);
1363 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1367 int cortex_a_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
1369 struct armv7a_common *armv7a = target_to_armv7a(target);
1373 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1374 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1375 if (ERROR_OK != retval)
1378 /* clear bitfield */
1381 dscr |= value & bit_mask;
1383 /* write new DSCR */
1384 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1385 armv7a->debug_base + CPUDBG_DSCR, dscr);
1389 static int cortex_a_step(struct target *target, int current, uint32_t address,
1390 int handle_breakpoints)
1392 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1393 struct armv7a_common *armv7a = target_to_armv7a(target);
1394 struct arm *arm = &armv7a->arm;
1395 struct breakpoint *breakpoint = NULL;
1396 struct breakpoint stepbreakpoint;
1400 if (target->state != TARGET_HALTED) {
1401 LOG_WARNING("target not halted");
1402 return ERROR_TARGET_NOT_HALTED;
1405 /* current = 1: continue on current pc, otherwise continue at <address> */
1408 buf_set_u32(r->value, 0, 32, address);
1410 address = buf_get_u32(r->value, 0, 32);
1412 /* The front-end may request us not to handle breakpoints.
1413 * But since Cortex-A uses breakpoint for single step,
1414 * we MUST handle breakpoints.
1416 handle_breakpoints = 1;
1417 if (handle_breakpoints) {
1418 breakpoint = breakpoint_find(target, address);
1420 cortex_a_unset_breakpoint(target, breakpoint);
1423 /* Setup single step breakpoint */
1424 stepbreakpoint.address = address;
1425 stepbreakpoint.length = (arm->core_state == ARM_STATE_THUMB)
1427 stepbreakpoint.type = BKPT_HARD;
1428 stepbreakpoint.set = 0;
1430 /* Disable interrupts during single step if requested */
1431 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1432 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, DSCR_INT_DIS);
1433 if (ERROR_OK != retval)
1437 /* Break on IVA mismatch */
1438 cortex_a_set_breakpoint(target, &stepbreakpoint, 0x04);
1440 target->debug_reason = DBG_REASON_SINGLESTEP;
1442 retval = cortex_a_resume(target, 1, address, 0, 0);
1443 if (retval != ERROR_OK)
1446 long long then = timeval_ms();
1447 while (target->state != TARGET_HALTED) {
1448 retval = cortex_a_poll(target);
1449 if (retval != ERROR_OK)
1451 if (timeval_ms() > then + 1000) {
1452 LOG_ERROR("timeout waiting for target halt");
1457 cortex_a_unset_breakpoint(target, &stepbreakpoint);
1459 /* Re-enable interrupts if they were disabled */
1460 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1461 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, 0);
1462 if (ERROR_OK != retval)
1467 target->debug_reason = DBG_REASON_BREAKPOINT;
1470 cortex_a_set_breakpoint(target, breakpoint, 0);
1472 if (target->state != TARGET_HALTED)
1473 LOG_DEBUG("target stepped");
1478 static int cortex_a_restore_context(struct target *target, bool bpwp)
1480 struct armv7a_common *armv7a = target_to_armv7a(target);
1484 if (armv7a->pre_restore_context)
1485 armv7a->pre_restore_context(target);
1487 return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1491 * Cortex-A Breakpoint and watchpoint functions
1494 /* Setup hardware Breakpoint Register Pair */
1495 static int cortex_a_set_breakpoint(struct target *target,
1496 struct breakpoint *breakpoint, uint8_t matchmode)
1501 uint8_t byte_addr_select = 0x0F;
1502 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1503 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1504 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1506 if (breakpoint->set) {
1507 LOG_WARNING("breakpoint already set");
1511 if (breakpoint->type == BKPT_HARD) {
1512 while (brp_list[brp_i].used && (brp_i < cortex_a->brp_num))
1514 if (brp_i >= cortex_a->brp_num) {
1515 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1516 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1518 breakpoint->set = brp_i + 1;
1519 if (breakpoint->length == 2)
1520 byte_addr_select = (3 << (breakpoint->address & 0x02));
1521 control = ((matchmode & 0x7) << 20)
1522 | (byte_addr_select << 5)
1524 brp_list[brp_i].used = 1;
1525 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1526 brp_list[brp_i].control = control;
1527 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1528 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1529 brp_list[brp_i].value);
1530 if (retval != ERROR_OK)
1532 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1533 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1534 brp_list[brp_i].control);
1535 if (retval != ERROR_OK)
1537 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1538 brp_list[brp_i].control,
1539 brp_list[brp_i].value);
1540 } else if (breakpoint->type == BKPT_SOFT) {
1542 if (breakpoint->length == 2)
1543 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1545 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1546 retval = target_read_memory(target,
1547 breakpoint->address & 0xFFFFFFFE,
1548 breakpoint->length, 1,
1549 breakpoint->orig_instr);
1550 if (retval != ERROR_OK)
1553 /* make sure data cache is cleaned & invalidated down to PoC */
1554 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1555 armv7a_cache_flush_virt(target, breakpoint->address,
1556 breakpoint->length);
1559 retval = target_write_memory(target,
1560 breakpoint->address & 0xFFFFFFFE,
1561 breakpoint->length, 1, code);
1562 if (retval != ERROR_OK)
1565 /* update i-cache at breakpoint location */
1566 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1567 breakpoint->length);
1568 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1569 breakpoint->length);
1571 breakpoint->set = 0x11; /* Any nice value but 0 */
1577 static int cortex_a_set_context_breakpoint(struct target *target,
1578 struct breakpoint *breakpoint, uint8_t matchmode)
1580 int retval = ERROR_FAIL;
1583 uint8_t byte_addr_select = 0x0F;
1584 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1585 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1586 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1588 if (breakpoint->set) {
1589 LOG_WARNING("breakpoint already set");
1592 /*check available context BRPs*/
1593 while ((brp_list[brp_i].used ||
1594 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < cortex_a->brp_num))
1597 if (brp_i >= cortex_a->brp_num) {
1598 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1602 breakpoint->set = brp_i + 1;
1603 control = ((matchmode & 0x7) << 20)
1604 | (byte_addr_select << 5)
1606 brp_list[brp_i].used = 1;
1607 brp_list[brp_i].value = (breakpoint->asid);
1608 brp_list[brp_i].control = control;
1609 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1610 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1611 brp_list[brp_i].value);
1612 if (retval != ERROR_OK)
1614 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1615 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1616 brp_list[brp_i].control);
1617 if (retval != ERROR_OK)
1619 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1620 brp_list[brp_i].control,
1621 brp_list[brp_i].value);
1626 static int cortex_a_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1628 int retval = ERROR_FAIL;
1629 int brp_1 = 0; /* holds the contextID pair */
1630 int brp_2 = 0; /* holds the IVA pair */
1631 uint32_t control_CTX, control_IVA;
1632 uint8_t CTX_byte_addr_select = 0x0F;
1633 uint8_t IVA_byte_addr_select = 0x0F;
1634 uint8_t CTX_machmode = 0x03;
1635 uint8_t IVA_machmode = 0x01;
1636 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1637 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1638 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1640 if (breakpoint->set) {
1641 LOG_WARNING("breakpoint already set");
1644 /*check available context BRPs*/
1645 while ((brp_list[brp_1].used ||
1646 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < cortex_a->brp_num))
1649 printf("brp(CTX) found num: %d\n", brp_1);
1650 if (brp_1 >= cortex_a->brp_num) {
1651 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1655 while ((brp_list[brp_2].used ||
1656 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < cortex_a->brp_num))
1659 printf("brp(IVA) found num: %d\n", brp_2);
1660 if (brp_2 >= cortex_a->brp_num) {
1661 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1665 breakpoint->set = brp_1 + 1;
1666 breakpoint->linked_BRP = brp_2;
1667 control_CTX = ((CTX_machmode & 0x7) << 20)
1670 | (CTX_byte_addr_select << 5)
1672 brp_list[brp_1].used = 1;
1673 brp_list[brp_1].value = (breakpoint->asid);
1674 brp_list[brp_1].control = control_CTX;
1675 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1676 + CPUDBG_BVR_BASE + 4 * brp_list[brp_1].BRPn,
1677 brp_list[brp_1].value);
1678 if (retval != ERROR_OK)
1680 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1681 + CPUDBG_BCR_BASE + 4 * brp_list[brp_1].BRPn,
1682 brp_list[brp_1].control);
1683 if (retval != ERROR_OK)
1686 control_IVA = ((IVA_machmode & 0x7) << 20)
1688 | (IVA_byte_addr_select << 5)
1690 brp_list[brp_2].used = 1;
1691 brp_list[brp_2].value = (breakpoint->address & 0xFFFFFFFC);
1692 brp_list[brp_2].control = control_IVA;
1693 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1694 + CPUDBG_BVR_BASE + 4 * brp_list[brp_2].BRPn,
1695 brp_list[brp_2].value);
1696 if (retval != ERROR_OK)
1698 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1699 + CPUDBG_BCR_BASE + 4 * brp_list[brp_2].BRPn,
1700 brp_list[brp_2].control);
1701 if (retval != ERROR_OK)
1707 static int cortex_a_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1710 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1711 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1712 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1714 if (!breakpoint->set) {
1715 LOG_WARNING("breakpoint not set");
1719 if (breakpoint->type == BKPT_HARD) {
1720 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1721 int brp_i = breakpoint->set - 1;
1722 int brp_j = breakpoint->linked_BRP;
1723 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1724 LOG_DEBUG("Invalid BRP number in breakpoint");
1727 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1728 brp_list[brp_i].control, brp_list[brp_i].value);
1729 brp_list[brp_i].used = 0;
1730 brp_list[brp_i].value = 0;
1731 brp_list[brp_i].control = 0;
1732 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1733 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1734 brp_list[brp_i].control);
1735 if (retval != ERROR_OK)
1737 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1738 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1739 brp_list[brp_i].value);
1740 if (retval != ERROR_OK)
1742 if ((brp_j < 0) || (brp_j >= cortex_a->brp_num)) {
1743 LOG_DEBUG("Invalid BRP number in breakpoint");
1746 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_j,
1747 brp_list[brp_j].control, brp_list[brp_j].value);
1748 brp_list[brp_j].used = 0;
1749 brp_list[brp_j].value = 0;
1750 brp_list[brp_j].control = 0;
1751 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1752 + CPUDBG_BCR_BASE + 4 * brp_list[brp_j].BRPn,
1753 brp_list[brp_j].control);
1754 if (retval != ERROR_OK)
1756 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1757 + CPUDBG_BVR_BASE + 4 * brp_list[brp_j].BRPn,
1758 brp_list[brp_j].value);
1759 if (retval != ERROR_OK)
1761 breakpoint->linked_BRP = 0;
1762 breakpoint->set = 0;
1766 int brp_i = breakpoint->set - 1;
1767 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1768 LOG_DEBUG("Invalid BRP number in breakpoint");
1771 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1772 brp_list[brp_i].control, brp_list[brp_i].value);
1773 brp_list[brp_i].used = 0;
1774 brp_list[brp_i].value = 0;
1775 brp_list[brp_i].control = 0;
1776 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1777 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1778 brp_list[brp_i].control);
1779 if (retval != ERROR_OK)
1781 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1782 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1783 brp_list[brp_i].value);
1784 if (retval != ERROR_OK)
1786 breakpoint->set = 0;
1791 /* make sure data cache is cleaned & invalidated down to PoC */
1792 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1793 armv7a_cache_flush_virt(target, breakpoint->address,
1794 breakpoint->length);
1797 /* restore original instruction (kept in target endianness) */
1798 if (breakpoint->length == 4) {
1799 retval = target_write_memory(target,
1800 breakpoint->address & 0xFFFFFFFE,
1801 4, 1, breakpoint->orig_instr);
1802 if (retval != ERROR_OK)
1805 retval = target_write_memory(target,
1806 breakpoint->address & 0xFFFFFFFE,
1807 2, 1, breakpoint->orig_instr);
1808 if (retval != ERROR_OK)
1812 /* update i-cache at breakpoint location */
1813 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1814 breakpoint->length);
1815 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1816 breakpoint->length);
1818 breakpoint->set = 0;
1823 static int cortex_a_add_breakpoint(struct target *target,
1824 struct breakpoint *breakpoint)
1826 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1828 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1829 LOG_INFO("no hardware breakpoint available");
1830 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1833 if (breakpoint->type == BKPT_HARD)
1834 cortex_a->brp_num_available--;
1836 return cortex_a_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1839 static int cortex_a_add_context_breakpoint(struct target *target,
1840 struct breakpoint *breakpoint)
1842 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1844 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1845 LOG_INFO("no hardware breakpoint available");
1846 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1849 if (breakpoint->type == BKPT_HARD)
1850 cortex_a->brp_num_available--;
1852 return cortex_a_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1855 static int cortex_a_add_hybrid_breakpoint(struct target *target,
1856 struct breakpoint *breakpoint)
1858 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1860 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1861 LOG_INFO("no hardware breakpoint available");
1862 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1865 if (breakpoint->type == BKPT_HARD)
1866 cortex_a->brp_num_available--;
1868 return cortex_a_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1872 static int cortex_a_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1874 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1877 /* It is perfectly possible to remove breakpoints while the target is running */
1878 if (target->state != TARGET_HALTED) {
1879 LOG_WARNING("target not halted");
1880 return ERROR_TARGET_NOT_HALTED;
1884 if (breakpoint->set) {
1885 cortex_a_unset_breakpoint(target, breakpoint);
1886 if (breakpoint->type == BKPT_HARD)
1887 cortex_a->brp_num_available++;
1895 * Cortex-A Reset functions
1898 static int cortex_a_assert_reset(struct target *target)
1900 struct armv7a_common *armv7a = target_to_armv7a(target);
1904 /* FIXME when halt is requested, make it work somehow... */
1906 /* Issue some kind of warm reset. */
1907 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1908 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1909 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1910 /* REVISIT handle "pulls" cases, if there's
1911 * hardware that needs them to work.
1913 jtag_add_reset(0, 1);
1915 LOG_ERROR("%s: how to reset?", target_name(target));
1919 /* registers are now invalid */
1920 register_cache_invalidate(armv7a->arm.core_cache);
1922 target->state = TARGET_RESET;
1927 static int cortex_a_deassert_reset(struct target *target)
1933 /* be certain SRST is off */
1934 jtag_add_reset(0, 0);
1936 retval = cortex_a_poll(target);
1937 if (retval != ERROR_OK)
1940 if (target->reset_halt) {
1941 if (target->state != TARGET_HALTED) {
1942 LOG_WARNING("%s: ran after reset and before halt ...",
1943 target_name(target));
1944 retval = target_halt(target);
1945 if (retval != ERROR_OK)
1953 static int cortex_a_set_dcc_mode(struct target *target, uint32_t mode, uint32_t *dscr)
1955 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1956 * New desired mode must be in mode. Current value of DSCR must be in
1957 * *dscr, which is updated with new value.
1959 * This function elides actually sending the mode-change over the debug
1960 * interface if the mode is already set as desired.
1962 uint32_t new_dscr = (*dscr & ~DSCR_EXT_DCC_MASK) | mode;
1963 if (new_dscr != *dscr) {
1964 struct armv7a_common *armv7a = target_to_armv7a(target);
1965 int retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1966 armv7a->debug_base + CPUDBG_DSCR, new_dscr);
1967 if (retval == ERROR_OK)
1975 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
1976 uint32_t value, uint32_t *dscr)
1978 /* Waits until the specified bit(s) of DSCR take on a specified value. */
1979 struct armv7a_common *armv7a = target_to_armv7a(target);
1980 long long then = timeval_ms();
1983 while ((*dscr & mask) != value) {
1984 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1985 armv7a->debug_base + CPUDBG_DSCR, dscr);
1986 if (retval != ERROR_OK)
1988 if (timeval_ms() > then + 1000) {
1989 LOG_ERROR("timeout waiting for DSCR bit change");
1996 static int cortex_a_read_copro(struct target *target, uint32_t opcode,
1997 uint32_t *data, uint32_t *dscr)
2000 struct armv7a_common *armv7a = target_to_armv7a(target);
2002 /* Move from coprocessor to R0. */
2003 retval = cortex_a_exec_opcode(target, opcode, dscr);
2004 if (retval != ERROR_OK)
2007 /* Move from R0 to DTRTX. */
2008 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr);
2009 if (retval != ERROR_OK)
2012 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2013 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2014 * must also check TXfull_l). Most of the time this will be free
2015 * because TXfull_l will be set immediately and cached in dscr. */
2016 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2017 DSCR_DTRTX_FULL_LATCHED, dscr);
2018 if (retval != ERROR_OK)
2021 /* Read the value transferred to DTRTX. */
2022 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2023 armv7a->debug_base + CPUDBG_DTRTX, data);
2024 if (retval != ERROR_OK)
2030 static int cortex_a_read_dfar_dfsr(struct target *target, uint32_t *dfar,
2031 uint32_t *dfsr, uint32_t *dscr)
2036 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar, dscr);
2037 if (retval != ERROR_OK)
2042 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr, dscr);
2043 if (retval != ERROR_OK)
2050 static int cortex_a_write_copro(struct target *target, uint32_t opcode,
2051 uint32_t data, uint32_t *dscr)
2054 struct armv7a_common *armv7a = target_to_armv7a(target);
2056 /* Write the value into DTRRX. */
2057 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2058 armv7a->debug_base + CPUDBG_DTRRX, data);
2059 if (retval != ERROR_OK)
2062 /* Move from DTRRX to R0. */
2063 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr);
2064 if (retval != ERROR_OK)
2067 /* Move from R0 to coprocessor. */
2068 retval = cortex_a_exec_opcode(target, opcode, dscr);
2069 if (retval != ERROR_OK)
2072 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2073 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2074 * check RXfull_l). Most of the time this will be free because RXfull_l
2075 * will be cleared immediately and cached in dscr. */
2076 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2077 if (retval != ERROR_OK)
2083 static int cortex_a_write_dfar_dfsr(struct target *target, uint32_t dfar,
2084 uint32_t dfsr, uint32_t *dscr)
2088 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar, dscr);
2089 if (retval != ERROR_OK)
2092 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr, dscr);
2093 if (retval != ERROR_OK)
2099 static int cortex_a_dfsr_to_error_code(uint32_t dfsr)
2101 uint32_t status, upper4;
2103 if (dfsr & (1 << 9)) {
2105 status = dfsr & 0x3f;
2106 upper4 = status >> 2;
2107 if (upper4 == 1 || upper4 == 2 || upper4 == 3 || upper4 == 15)
2108 return ERROR_TARGET_TRANSLATION_FAULT;
2109 else if (status == 33)
2110 return ERROR_TARGET_UNALIGNED_ACCESS;
2112 return ERROR_TARGET_DATA_ABORT;
2114 /* Normal format. */
2115 status = ((dfsr >> 6) & 0x10) | (dfsr & 0xf);
2117 return ERROR_TARGET_UNALIGNED_ACCESS;
2118 else if (status == 5 || status == 7 || status == 3 || status == 6 ||
2119 status == 9 || status == 11 || status == 13 || status == 15)
2120 return ERROR_TARGET_TRANSLATION_FAULT;
2122 return ERROR_TARGET_DATA_ABORT;
2126 static int cortex_a_write_apb_ab_memory_slow(struct target *target,
2127 uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2129 /* Writes count objects of size size from *buffer. Old value of DSCR must
2130 * be in *dscr; updated to new value. This is slow because it works for
2131 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2132 * the address is aligned, cortex_a_write_apb_ab_memory_fast should be
2135 * - Address is in R0.
2136 * - R0 is marked dirty.
2138 struct armv7a_common *armv7a = target_to_armv7a(target);
2139 struct arm *arm = &armv7a->arm;
2142 /* Mark register R1 as dirty, to use for transferring data. */
2143 arm_reg_current(arm, 1)->dirty = true;
2145 /* Switch to non-blocking mode if not already in that mode. */
2146 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2147 if (retval != ERROR_OK)
2150 /* Go through the objects. */
2152 /* Write the value to store into DTRRX. */
2153 uint32_t data, opcode;
2157 data = target_buffer_get_u16(target, buffer);
2159 data = target_buffer_get_u32(target, buffer);
2160 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2161 armv7a->debug_base + CPUDBG_DTRRX, data);
2162 if (retval != ERROR_OK)
2165 /* Transfer the value from DTRRX to R1. */
2166 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr);
2167 if (retval != ERROR_OK)
2170 /* Write the value transferred to R1 into memory. */
2172 opcode = ARMV4_5_STRB_IP(1, 0);
2174 opcode = ARMV4_5_STRH_IP(1, 0);
2176 opcode = ARMV4_5_STRW_IP(1, 0);
2177 retval = cortex_a_exec_opcode(target, opcode, dscr);
2178 if (retval != ERROR_OK)
2181 /* Check for faults and return early. */
2182 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2183 return ERROR_OK; /* A data fault is not considered a system failure. */
2185 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
2186 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2187 * must also check RXfull_l). Most of the time this will be free
2188 * because RXfull_l will be cleared immediately and cached in dscr. */
2189 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2190 if (retval != ERROR_OK)
2201 static int cortex_a_write_apb_ab_memory_fast(struct target *target,
2202 uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2204 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2205 * in *dscr; updated to new value. This is fast but only works for
2206 * word-sized objects at aligned addresses.
2208 * - Address is in R0 and must be a multiple of 4.
2209 * - R0 is marked dirty.
2211 struct armv7a_common *armv7a = target_to_armv7a(target);
2214 /* Switch to fast mode if not already in that mode. */
2215 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2216 if (retval != ERROR_OK)
2219 /* Latch STC instruction. */
2220 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2221 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2222 if (retval != ERROR_OK)
2225 /* Transfer all the data and issue all the instructions. */
2226 return mem_ap_write_buf_noincr(armv7a->debug_ap, buffer,
2227 4, count, armv7a->debug_base + CPUDBG_DTRRX);
2230 static int cortex_a_write_apb_ab_memory(struct target *target,
2231 uint32_t address, uint32_t size,
2232 uint32_t count, const uint8_t *buffer)
2234 /* Write memory through APB-AP. */
2235 int retval, final_retval;
2236 struct armv7a_common *armv7a = target_to_armv7a(target);
2237 struct arm *arm = &armv7a->arm;
2238 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2240 LOG_DEBUG("Writing APB-AP memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2241 address, size, count);
2242 if (target->state != TARGET_HALTED) {
2243 LOG_WARNING("target not halted");
2244 return ERROR_TARGET_NOT_HALTED;
2250 /* Clear any abort. */
2251 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2252 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2253 if (retval != ERROR_OK)
2257 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2258 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2259 if (retval != ERROR_OK)
2262 /* Switch to non-blocking mode if not already in that mode. */
2263 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2264 if (retval != ERROR_OK)
2267 /* Mark R0 as dirty. */
2268 arm_reg_current(arm, 0)->dirty = true;
2270 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2271 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2272 if (retval != ERROR_OK)
2275 /* Get the memory address into R0. */
2276 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2277 armv7a->debug_base + CPUDBG_DTRRX, address);
2278 if (retval != ERROR_OK)
2280 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2281 if (retval != ERROR_OK)
2284 if (size == 4 && (address % 4) == 0) {
2285 /* We are doing a word-aligned transfer, so use fast mode. */
2286 retval = cortex_a_write_apb_ab_memory_fast(target, count, buffer, &dscr);
2288 /* Use slow path. */
2289 retval = cortex_a_write_apb_ab_memory_slow(target, size, count, buffer, &dscr);
2293 final_retval = retval;
2295 /* Switch to non-blocking mode if not already in that mode. */
2296 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2297 if (final_retval == ERROR_OK)
2298 final_retval = retval;
2300 /* Wait for last issued instruction to complete. */
2301 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2302 if (final_retval == ERROR_OK)
2303 final_retval = retval;
2305 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2306 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2307 * check RXfull_l). Most of the time this will be free because RXfull_l
2308 * will be cleared immediately and cached in dscr. However, don't do this
2309 * if there is fault, because then the instruction might not have completed
2311 if (!(dscr & DSCR_STICKY_ABORT_PRECISE)) {
2312 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, &dscr);
2313 if (retval != ERROR_OK)
2317 /* If there were any sticky abort flags, clear them. */
2318 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2320 mem_ap_write_atomic_u32(armv7a->debug_ap,
2321 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2322 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2327 /* Handle synchronous data faults. */
2328 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2329 if (final_retval == ERROR_OK) {
2330 /* Final return value will reflect cause of fault. */
2331 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2332 if (retval == ERROR_OK) {
2333 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2334 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2336 final_retval = retval;
2338 /* Fault destroyed DFAR/DFSR; restore them. */
2339 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2340 if (retval != ERROR_OK)
2341 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2344 /* Handle asynchronous data faults. */
2345 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2346 if (final_retval == ERROR_OK)
2347 /* No other error has been recorded so far, so keep this one. */
2348 final_retval = ERROR_TARGET_DATA_ABORT;
2351 /* If the DCC is nonempty, clear it. */
2352 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2354 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2355 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2356 if (final_retval == ERROR_OK)
2357 final_retval = retval;
2359 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2360 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2361 if (final_retval == ERROR_OK)
2362 final_retval = retval;
2366 return final_retval;
2369 static int cortex_a_read_apb_ab_memory_slow(struct target *target,
2370 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
2372 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2373 * in *dscr; updated to new value. This is slow because it works for
2374 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2375 * the address is aligned, cortex_a_read_apb_ab_memory_fast should be
2378 * - Address is in R0.
2379 * - R0 is marked dirty.
2381 struct armv7a_common *armv7a = target_to_armv7a(target);
2382 struct arm *arm = &armv7a->arm;
2385 /* Mark register R1 as dirty, to use for transferring data. */
2386 arm_reg_current(arm, 1)->dirty = true;
2388 /* Switch to non-blocking mode if not already in that mode. */
2389 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2390 if (retval != ERROR_OK)
2393 /* Go through the objects. */
2395 /* Issue a load of the appropriate size to R1. */
2396 uint32_t opcode, data;
2398 opcode = ARMV4_5_LDRB_IP(1, 0);
2400 opcode = ARMV4_5_LDRH_IP(1, 0);
2402 opcode = ARMV4_5_LDRW_IP(1, 0);
2403 retval = cortex_a_exec_opcode(target, opcode, dscr);
2404 if (retval != ERROR_OK)
2407 /* Issue a write of R1 to DTRTX. */
2408 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr);
2409 if (retval != ERROR_OK)
2412 /* Check for faults and return early. */
2413 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2414 return ERROR_OK; /* A data fault is not considered a system failure. */
2416 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2417 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2418 * must also check TXfull_l). Most of the time this will be free
2419 * because TXfull_l will be set immediately and cached in dscr. */
2420 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2421 DSCR_DTRTX_FULL_LATCHED, dscr);
2422 if (retval != ERROR_OK)
2425 /* Read the value transferred to DTRTX into the buffer. */
2426 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2427 armv7a->debug_base + CPUDBG_DTRTX, &data);
2428 if (retval != ERROR_OK)
2431 *buffer = (uint8_t) data;
2433 target_buffer_set_u16(target, buffer, (uint16_t) data);
2435 target_buffer_set_u32(target, buffer, data);
2445 static int cortex_a_read_apb_ab_memory_fast(struct target *target,
2446 uint32_t count, uint8_t *buffer, uint32_t *dscr)
2448 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2449 * *dscr; updated to new value. This is fast but only works for word-sized
2450 * objects at aligned addresses.
2452 * - Address is in R0 and must be a multiple of 4.
2453 * - R0 is marked dirty.
2455 struct armv7a_common *armv7a = target_to_armv7a(target);
2459 /* Switch to non-blocking mode if not already in that mode. */
2460 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2461 if (retval != ERROR_OK)
2464 /* Issue the LDC instruction via a write to ITR. */
2465 retval = cortex_a_exec_opcode(target, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr);
2466 if (retval != ERROR_OK)
2472 /* Switch to fast mode if not already in that mode. */
2473 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2474 if (retval != ERROR_OK)
2477 /* Latch LDC instruction. */
2478 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2479 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2480 if (retval != ERROR_OK)
2483 /* Read the value transferred to DTRTX into the buffer. Due to fast
2484 * mode rules, this blocks until the instruction finishes executing and
2485 * then reissues the read instruction to read the next word from
2486 * memory. The last read of DTRTX in this call reads the second-to-last
2487 * word from memory and issues the read instruction for the last word.
2489 retval = mem_ap_read_buf_noincr(armv7a->debug_ap, buffer,
2490 4, count, armv7a->debug_base + CPUDBG_DTRTX);
2491 if (retval != ERROR_OK)
2495 buffer += count * 4;
2498 /* Wait for last issued instruction to complete. */
2499 retval = cortex_a_wait_instrcmpl(target, dscr, false);
2500 if (retval != ERROR_OK)
2503 /* Switch to non-blocking mode if not already in that mode. */
2504 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2505 if (retval != ERROR_OK)
2508 /* Check for faults and return early. */
2509 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2510 return ERROR_OK; /* A data fault is not considered a system failure. */
2512 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2513 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2514 * check TXfull_l). Most of the time this will be free because TXfull_l
2515 * will be set immediately and cached in dscr. */
2516 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2517 DSCR_DTRTX_FULL_LATCHED, dscr);
2518 if (retval != ERROR_OK)
2521 /* Read the value transferred to DTRTX into the buffer. This is the last
2523 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2524 armv7a->debug_base + CPUDBG_DTRTX, &u32);
2525 if (retval != ERROR_OK)
2527 target_buffer_set_u32(target, buffer, u32);
2532 static int cortex_a_read_apb_ab_memory(struct target *target,
2533 uint32_t address, uint32_t size,
2534 uint32_t count, uint8_t *buffer)
2536 /* Read memory through APB-AP. */
2537 int retval, final_retval;
2538 struct armv7a_common *armv7a = target_to_armv7a(target);
2539 struct arm *arm = &armv7a->arm;
2540 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2542 LOG_DEBUG("Reading APB-AP memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2543 address, size, count);
2544 if (target->state != TARGET_HALTED) {
2545 LOG_WARNING("target not halted");
2546 return ERROR_TARGET_NOT_HALTED;
2552 /* Clear any abort. */
2553 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2554 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2555 if (retval != ERROR_OK)
2559 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2560 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2561 if (retval != ERROR_OK)
2564 /* Switch to non-blocking mode if not already in that mode. */
2565 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2566 if (retval != ERROR_OK)
2569 /* Mark R0 as dirty. */
2570 arm_reg_current(arm, 0)->dirty = true;
2572 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2573 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2574 if (retval != ERROR_OK)
2577 /* Get the memory address into R0. */
2578 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2579 armv7a->debug_base + CPUDBG_DTRRX, address);
2580 if (retval != ERROR_OK)
2582 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2583 if (retval != ERROR_OK)
2586 if (size == 4 && (address % 4) == 0) {
2587 /* We are doing a word-aligned transfer, so use fast mode. */
2588 retval = cortex_a_read_apb_ab_memory_fast(target, count, buffer, &dscr);
2590 /* Use slow path. */
2591 retval = cortex_a_read_apb_ab_memory_slow(target, size, count, buffer, &dscr);
2595 final_retval = retval;
2597 /* Switch to non-blocking mode if not already in that mode. */
2598 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2599 if (final_retval == ERROR_OK)
2600 final_retval = retval;
2602 /* Wait for last issued instruction to complete. */
2603 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2604 if (final_retval == ERROR_OK)
2605 final_retval = retval;
2607 /* If there were any sticky abort flags, clear them. */
2608 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2610 mem_ap_write_atomic_u32(armv7a->debug_ap,
2611 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2612 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2617 /* Handle synchronous data faults. */
2618 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2619 if (final_retval == ERROR_OK) {
2620 /* Final return value will reflect cause of fault. */
2621 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2622 if (retval == ERROR_OK) {
2623 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2624 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2626 final_retval = retval;
2628 /* Fault destroyed DFAR/DFSR; restore them. */
2629 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2630 if (retval != ERROR_OK)
2631 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2634 /* Handle asynchronous data faults. */
2635 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2636 if (final_retval == ERROR_OK)
2637 /* No other error has been recorded so far, so keep this one. */
2638 final_retval = ERROR_TARGET_DATA_ABORT;
2641 /* If the DCC is nonempty, clear it. */
2642 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2644 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2645 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2646 if (final_retval == ERROR_OK)
2647 final_retval = retval;
2649 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2650 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2651 if (final_retval == ERROR_OK)
2652 final_retval = retval;
2656 return final_retval;
2661 * Cortex-A Memory access
2663 * This is same Cortex M3 but we must also use the correct
2664 * ap number for every access.
2667 static int cortex_a_read_phys_memory(struct target *target,
2668 uint32_t address, uint32_t size,
2669 uint32_t count, uint8_t *buffer)
2671 int retval = ERROR_COMMAND_SYNTAX_ERROR;
2673 LOG_DEBUG("Reading memory at real address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32,
2674 address, size, count);
2676 if (count && buffer) {
2677 /* read memory through APB-AP */
2678 cortex_a_prep_memaccess(target, 1);
2679 retval = cortex_a_read_apb_ab_memory(target, address, size, count, buffer);
2680 cortex_a_post_memaccess(target, 1);
2685 static int cortex_a_read_memory(struct target *target, uint32_t address,
2686 uint32_t size, uint32_t count, uint8_t *buffer)
2690 /* cortex_a handles unaligned memory access */
2691 LOG_DEBUG("Reading memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2694 cortex_a_prep_memaccess(target, 0);
2695 retval = cortex_a_read_apb_ab_memory(target, address, size, count, buffer);
2696 cortex_a_post_memaccess(target, 0);
2701 static int cortex_a_read_memory_ahb(struct target *target, uint32_t address,
2702 uint32_t size, uint32_t count, uint8_t *buffer)
2704 int mmu_enabled = 0;
2705 uint32_t virt, phys;
2707 struct armv7a_common *armv7a = target_to_armv7a(target);
2708 struct adiv5_dap *swjdp = armv7a->arm.dap;
2709 uint8_t apsel = swjdp->apsel;
2711 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2712 return target_read_memory(target, address, size, count, buffer);
2714 /* cortex_a handles unaligned memory access */
2715 LOG_DEBUG("Reading memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2718 /* determine if MMU was enabled on target stop */
2719 if (!armv7a->is_armv7r) {
2720 retval = cortex_a_mmu(target, &mmu_enabled);
2721 if (retval != ERROR_OK)
2727 retval = cortex_a_virt2phys(target, virt, &phys);
2728 if (retval != ERROR_OK)
2731 LOG_DEBUG("Reading at virtual address. Translating v:0x%" PRIx32 " to r:0x%" PRIx32,
2736 if (!count || !buffer)
2737 return ERROR_COMMAND_SYNTAX_ERROR;
2739 retval = mem_ap_read_buf(armv7a->memory_ap, buffer, size, count, address);
2744 static int cortex_a_write_phys_memory(struct target *target,
2745 uint32_t address, uint32_t size,
2746 uint32_t count, const uint8_t *buffer)
2748 int retval = ERROR_COMMAND_SYNTAX_ERROR;
2750 LOG_DEBUG("Writing memory to real address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2753 if (count && buffer) {
2754 /* write memory through APB-AP */
2755 cortex_a_prep_memaccess(target, 1);
2756 retval = cortex_a_write_apb_ab_memory(target, address, size, count, buffer);
2757 cortex_a_post_memaccess(target, 1);
2763 static int cortex_a_write_memory(struct target *target, uint32_t address,
2764 uint32_t size, uint32_t count, const uint8_t *buffer)
2768 /* cortex_a handles unaligned memory access */
2769 LOG_DEBUG("Writing memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2772 /* memory writes bypass the caches, must flush before writing */
2773 armv7a_cache_auto_flush_on_write(target, address, size * count);
2775 cortex_a_prep_memaccess(target, 0);
2776 retval = cortex_a_write_apb_ab_memory(target, address, size, count, buffer);
2777 cortex_a_post_memaccess(target, 0);
2781 static int cortex_a_write_memory_ahb(struct target *target, uint32_t address,
2782 uint32_t size, uint32_t count, const uint8_t *buffer)
2784 int mmu_enabled = 0;
2785 uint32_t virt, phys;
2787 struct armv7a_common *armv7a = target_to_armv7a(target);
2788 struct adiv5_dap *swjdp = armv7a->arm.dap;
2789 uint8_t apsel = swjdp->apsel;
2791 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2792 return target_write_memory(target, address, size, count, buffer);
2794 /* cortex_a handles unaligned memory access */
2795 LOG_DEBUG("Writing memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2798 /* determine if MMU was enabled on target stop */
2799 if (!armv7a->is_armv7r) {
2800 retval = cortex_a_mmu(target, &mmu_enabled);
2801 if (retval != ERROR_OK)
2807 retval = cortex_a_virt2phys(target, virt, &phys);
2808 if (retval != ERROR_OK)
2811 LOG_DEBUG("Writing to virtual address. Translating v:0x%" PRIx32 " to r:0x%" PRIx32,
2817 if (!count || !buffer)
2818 return ERROR_COMMAND_SYNTAX_ERROR;
2820 retval = mem_ap_write_buf(armv7a->memory_ap, buffer, size, count, address);
2825 static int cortex_a_read_buffer(struct target *target, uint32_t address,
2826 uint32_t count, uint8_t *buffer)
2830 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2831 * will have something to do with the size we leave to it. */
2832 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2833 if (address & size) {
2834 int retval = cortex_a_read_memory_ahb(target, address, size, 1, buffer);
2835 if (retval != ERROR_OK)
2843 /* Read the data with as large access size as possible. */
2844 for (; size > 0; size /= 2) {
2845 uint32_t aligned = count - count % size;
2847 int retval = cortex_a_read_memory_ahb(target, address, size, aligned / size, buffer);
2848 if (retval != ERROR_OK)
2859 static int cortex_a_write_buffer(struct target *target, uint32_t address,
2860 uint32_t count, const uint8_t *buffer)
2864 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2865 * will have something to do with the size we leave to it. */
2866 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2867 if (address & size) {
2868 int retval = cortex_a_write_memory_ahb(target, address, size, 1, buffer);
2869 if (retval != ERROR_OK)
2877 /* Write the data with as large access size as possible. */
2878 for (; size > 0; size /= 2) {
2879 uint32_t aligned = count - count % size;
2881 int retval = cortex_a_write_memory_ahb(target, address, size, aligned / size, buffer);
2882 if (retval != ERROR_OK)
2893 static int cortex_a_handle_target_request(void *priv)
2895 struct target *target = priv;
2896 struct armv7a_common *armv7a = target_to_armv7a(target);
2899 if (!target_was_examined(target))
2901 if (!target->dbg_msg_enabled)
2904 if (target->state == TARGET_RUNNING) {
2907 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2908 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2910 /* check if we have data */
2911 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2912 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2913 armv7a->debug_base + CPUDBG_DTRTX, &request);
2914 if (retval == ERROR_OK) {
2915 target_request(target, request);
2916 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2917 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2926 * Cortex-A target information and configuration
2929 static int cortex_a_examine_first(struct target *target)
2931 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2932 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2933 struct adiv5_dap *swjdp = armv7a->arm.dap;
2935 int retval = ERROR_OK;
2936 uint32_t didr, ctypr, ttypr, cpuid, dbg_osreg;
2938 retval = dap_dp_init(swjdp);
2939 if (retval != ERROR_OK) {
2940 LOG_ERROR("Could not initialize the debug port");
2944 /* Search for the APB-AB - it is needed for access to debug registers */
2945 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
2946 if (retval != ERROR_OK) {
2947 LOG_ERROR("Could not find APB-AP for debug access");
2951 retval = mem_ap_init(armv7a->debug_ap);
2952 if (retval != ERROR_OK) {
2953 LOG_ERROR("Could not initialize the APB-AP");
2957 armv7a->debug_ap->memaccess_tck = 80;
2959 /* Search for the AHB-AB.
2960 * REVISIT: We should search for AXI-AP as well and make sure the AP's MEMTYPE says it
2961 * can access system memory. */
2962 armv7a->memory_ap_available = false;
2963 retval = dap_find_ap(swjdp, AP_TYPE_AHB_AP, &armv7a->memory_ap);
2964 if (retval == ERROR_OK) {
2965 retval = mem_ap_init(armv7a->memory_ap);
2966 if (retval == ERROR_OK)
2967 armv7a->memory_ap_available = true;
2969 LOG_WARNING("Could not initialize AHB-AP for memory access - using APB-AP");
2971 /* AHB-AP not found - use APB-AP */
2972 LOG_DEBUG("Could not find AHB-AP - using APB-AP for memory access");
2975 if (!target->dbgbase_set) {
2977 /* Get ROM Table base */
2979 int32_t coreidx = target->coreid;
2980 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
2982 retval = dap_get_debugbase(armv7a->debug_ap, &dbgbase, &apid);
2983 if (retval != ERROR_OK)
2985 /* Lookup 0x15 -- Processor DAP */
2986 retval = dap_lookup_cs_component(armv7a->debug_ap, dbgbase, 0x15,
2987 &armv7a->debug_base, &coreidx);
2988 if (retval != ERROR_OK) {
2989 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
2993 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32,
2994 target->coreid, armv7a->debug_base);
2996 armv7a->debug_base = target->dbgbase;
2998 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2999 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
3000 if (retval != ERROR_OK)
3003 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3004 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
3005 if (retval != ERROR_OK) {
3006 LOG_DEBUG("Examine %s failed", "CPUID");
3010 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3011 armv7a->debug_base + CPUDBG_CTYPR, &ctypr);
3012 if (retval != ERROR_OK) {
3013 LOG_DEBUG("Examine %s failed", "CTYPR");
3017 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3018 armv7a->debug_base + CPUDBG_TTYPR, &ttypr);
3019 if (retval != ERROR_OK) {
3020 LOG_DEBUG("Examine %s failed", "TTYPR");
3024 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3025 armv7a->debug_base + CPUDBG_DIDR, &didr);
3026 if (retval != ERROR_OK) {
3027 LOG_DEBUG("Examine %s failed", "DIDR");
3031 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
3032 LOG_DEBUG("ctypr = 0x%08" PRIx32, ctypr);
3033 LOG_DEBUG("ttypr = 0x%08" PRIx32, ttypr);
3034 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
3036 cortex_a->cpuid = cpuid;
3037 cortex_a->ctypr = ctypr;
3038 cortex_a->ttypr = ttypr;
3039 cortex_a->didr = didr;
3041 /* Unlocking the debug registers */
3042 if ((cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >> CORTEX_A_MIDR_PARTNUM_SHIFT ==
3043 CORTEX_A15_PARTNUM) {
3045 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3046 armv7a->debug_base + CPUDBG_OSLAR,
3049 if (retval != ERROR_OK)
3053 /* Unlocking the debug registers */
3054 if ((cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >> CORTEX_A_MIDR_PARTNUM_SHIFT ==
3055 CORTEX_A7_PARTNUM) {
3057 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3058 armv7a->debug_base + CPUDBG_OSLAR,
3061 if (retval != ERROR_OK)
3065 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3066 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
3068 if (retval != ERROR_OK)
3071 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
3073 armv7a->arm.core_type = ARM_MODE_MON;
3075 /* Avoid recreating the registers cache */
3076 if (!target_was_examined(target)) {
3077 retval = cortex_a_dpm_setup(cortex_a, didr);
3078 if (retval != ERROR_OK)
3082 /* Setup Breakpoint Register Pairs */
3083 cortex_a->brp_num = ((didr >> 24) & 0x0F) + 1;
3084 cortex_a->brp_num_context = ((didr >> 20) & 0x0F) + 1;
3085 cortex_a->brp_num_available = cortex_a->brp_num;
3086 free(cortex_a->brp_list);
3087 cortex_a->brp_list = calloc(cortex_a->brp_num, sizeof(struct cortex_a_brp));
3088 /* cortex_a->brb_enabled = ????; */
3089 for (i = 0; i < cortex_a->brp_num; i++) {
3090 cortex_a->brp_list[i].used = 0;
3091 if (i < (cortex_a->brp_num-cortex_a->brp_num_context))
3092 cortex_a->brp_list[i].type = BRP_NORMAL;
3094 cortex_a->brp_list[i].type = BRP_CONTEXT;
3095 cortex_a->brp_list[i].value = 0;
3096 cortex_a->brp_list[i].control = 0;
3097 cortex_a->brp_list[i].BRPn = i;
3100 LOG_DEBUG("Configured %i hw breakpoints", cortex_a->brp_num);
3102 /* select debug_ap as default */
3103 swjdp->apsel = armv7a->debug_ap->ap_num;
3105 target_set_examined(target);
3109 static int cortex_a_examine(struct target *target)
3111 int retval = ERROR_OK;
3113 /* Reestablish communication after target reset */
3114 retval = cortex_a_examine_first(target);
3116 /* Configure core debug access */
3117 if (retval == ERROR_OK)
3118 retval = cortex_a_init_debug_access(target);
3124 * Cortex-A target creation and initialization
3127 static int cortex_a_init_target(struct command_context *cmd_ctx,
3128 struct target *target)
3130 /* examine_first() does a bunch of this */
3134 static int cortex_a_init_arch_info(struct target *target,
3135 struct cortex_a_common *cortex_a, struct jtag_tap *tap)
3137 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
3139 /* Setup struct cortex_a_common */
3140 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
3142 /* tap has no dap initialized */
3144 tap->dap = dap_init();
3146 /* Leave (only) generic DAP stuff for debugport_init() */
3147 tap->dap->tap = tap;
3150 armv7a->arm.dap = tap->dap;
3152 cortex_a->fast_reg_read = 0;
3154 /* register arch-specific functions */
3155 armv7a->examine_debug_reason = NULL;
3157 armv7a->post_debug_entry = cortex_a_post_debug_entry;
3159 armv7a->pre_restore_context = NULL;
3161 armv7a->armv7a_mmu.read_physical_memory = cortex_a_read_phys_memory;
3164 /* arm7_9->handle_target_request = cortex_a_handle_target_request; */
3166 /* REVISIT v7a setup should be in a v7a-specific routine */
3167 armv7a_init_arch_info(target, armv7a);
3168 target_register_timer_callback(cortex_a_handle_target_request, 1, 1, target);
3173 static int cortex_a_target_create(struct target *target, Jim_Interp *interp)
3175 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
3177 cortex_a->armv7a_common.is_armv7r = false;
3179 return cortex_a_init_arch_info(target, cortex_a, target->tap);
3182 static int cortex_r4_target_create(struct target *target, Jim_Interp *interp)
3184 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
3186 cortex_a->armv7a_common.is_armv7r = true;
3188 return cortex_a_init_arch_info(target, cortex_a, target->tap);
3191 static void cortex_a_deinit_target(struct target *target)
3193 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3194 struct arm_dpm *dpm = &cortex_a->armv7a_common.dpm;
3196 free(cortex_a->brp_list);
3202 static int cortex_a_mmu(struct target *target, int *enabled)
3204 struct armv7a_common *armv7a = target_to_armv7a(target);
3206 if (target->state != TARGET_HALTED) {
3207 LOG_ERROR("%s: target not halted", __func__);
3208 return ERROR_TARGET_INVALID;
3211 if (armv7a->is_armv7r)
3214 *enabled = target_to_cortex_a(target)->armv7a_common.armv7a_mmu.mmu_enabled;
3219 static int cortex_a_virt2phys(struct target *target,
3220 uint32_t virt, uint32_t *phys)
3222 int retval = ERROR_FAIL;
3223 struct armv7a_common *armv7a = target_to_armv7a(target);
3224 struct adiv5_dap *swjdp = armv7a->arm.dap;
3225 uint8_t apsel = swjdp->apsel;
3226 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num)) {
3228 retval = armv7a_mmu_translate_va(target,
3230 if (retval != ERROR_OK)
3233 } else {/* use this method if armv7a->memory_ap not selected
3234 * mmu must be enable in order to get a correct translation */
3235 retval = cortex_a_mmu_modify(target, 1);
3236 if (retval != ERROR_OK)
3238 retval = armv7a_mmu_translate_va_pa(target, virt, phys, 1);
3244 COMMAND_HANDLER(cortex_a_handle_cache_info_command)
3246 struct target *target = get_current_target(CMD_CTX);
3247 struct armv7a_common *armv7a = target_to_armv7a(target);
3249 return armv7a_handle_cache_info_command(CMD_CTX,
3250 &armv7a->armv7a_mmu.armv7a_cache);
3254 COMMAND_HANDLER(cortex_a_handle_dbginit_command)
3256 struct target *target = get_current_target(CMD_CTX);
3257 if (!target_was_examined(target)) {
3258 LOG_ERROR("target not examined yet");
3262 return cortex_a_init_debug_access(target);
3264 COMMAND_HANDLER(cortex_a_handle_smp_off_command)
3266 struct target *target = get_current_target(CMD_CTX);
3267 /* check target is an smp target */
3268 struct target_list *head;
3269 struct target *curr;
3270 head = target->head;
3272 if (head != (struct target_list *)NULL) {
3273 while (head != (struct target_list *)NULL) {
3274 curr = head->target;
3278 /* fixes the target display to the debugger */
3279 target->gdb_service->target = target;
3284 COMMAND_HANDLER(cortex_a_handle_smp_on_command)
3286 struct target *target = get_current_target(CMD_CTX);
3287 struct target_list *head;
3288 struct target *curr;
3289 head = target->head;
3290 if (head != (struct target_list *)NULL) {
3292 while (head != (struct target_list *)NULL) {
3293 curr = head->target;
3301 COMMAND_HANDLER(cortex_a_handle_smp_gdb_command)
3303 struct target *target = get_current_target(CMD_CTX);
3304 int retval = ERROR_OK;
3305 struct target_list *head;
3306 head = target->head;
3307 if (head != (struct target_list *)NULL) {
3308 if (CMD_ARGC == 1) {
3310 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], coreid);
3311 if (ERROR_OK != retval)
3313 target->gdb_service->core[1] = coreid;
3316 command_print(CMD_CTX, "gdb coreid %" PRId32 " -> %" PRId32, target->gdb_service->core[0]
3317 , target->gdb_service->core[1]);
3322 COMMAND_HANDLER(handle_cortex_a_mask_interrupts_command)
3324 struct target *target = get_current_target(CMD_CTX);
3325 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3327 static const Jim_Nvp nvp_maskisr_modes[] = {
3328 { .name = "off", .value = CORTEX_A_ISRMASK_OFF },
3329 { .name = "on", .value = CORTEX_A_ISRMASK_ON },
3330 { .name = NULL, .value = -1 },
3334 if (target->state != TARGET_HALTED) {
3335 command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
3340 n = Jim_Nvp_name2value_simple(nvp_maskisr_modes, CMD_ARGV[0]);
3341 if (n->name == NULL)
3342 return ERROR_COMMAND_SYNTAX_ERROR;
3343 cortex_a->isrmasking_mode = n->value;
3347 n = Jim_Nvp_value2name_simple(nvp_maskisr_modes, cortex_a->isrmasking_mode);
3348 command_print(CMD_CTX, "cortex_a interrupt mask %s", n->name);
3353 COMMAND_HANDLER(handle_cortex_a_dacrfixup_command)
3355 struct target *target = get_current_target(CMD_CTX);
3356 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3358 static const Jim_Nvp nvp_dacrfixup_modes[] = {
3359 { .name = "off", .value = CORTEX_A_DACRFIXUP_OFF },
3360 { .name = "on", .value = CORTEX_A_DACRFIXUP_ON },
3361 { .name = NULL, .value = -1 },
3366 n = Jim_Nvp_name2value_simple(nvp_dacrfixup_modes, CMD_ARGV[0]);
3367 if (n->name == NULL)
3368 return ERROR_COMMAND_SYNTAX_ERROR;
3369 cortex_a->dacrfixup_mode = n->value;
3373 n = Jim_Nvp_value2name_simple(nvp_dacrfixup_modes, cortex_a->dacrfixup_mode);
3374 command_print(CMD_CTX, "cortex_a domain access control fixup %s", n->name);
3379 static const struct command_registration cortex_a_exec_command_handlers[] = {
3381 .name = "cache_info",
3382 .handler = cortex_a_handle_cache_info_command,
3383 .mode = COMMAND_EXEC,
3384 .help = "display information about target caches",
3389 .handler = cortex_a_handle_dbginit_command,
3390 .mode = COMMAND_EXEC,
3391 .help = "Initialize core debug",
3394 { .name = "smp_off",
3395 .handler = cortex_a_handle_smp_off_command,
3396 .mode = COMMAND_EXEC,
3397 .help = "Stop smp handling",
3401 .handler = cortex_a_handle_smp_on_command,
3402 .mode = COMMAND_EXEC,
3403 .help = "Restart smp handling",
3408 .handler = cortex_a_handle_smp_gdb_command,
3409 .mode = COMMAND_EXEC,
3410 .help = "display/fix current core played to gdb",
3415 .handler = handle_cortex_a_mask_interrupts_command,
3416 .mode = COMMAND_EXEC,
3417 .help = "mask cortex_a interrupts",
3418 .usage = "['on'|'off']",
3421 .name = "dacrfixup",
3422 .handler = handle_cortex_a_dacrfixup_command,
3423 .mode = COMMAND_EXEC,
3424 .help = "set domain access control (DACR) to all-manager "
3426 .usage = "['on'|'off']",
3429 COMMAND_REGISTRATION_DONE
3431 static const struct command_registration cortex_a_command_handlers[] = {
3433 .chain = arm_command_handlers,
3436 .chain = armv7a_command_handlers,
3440 .mode = COMMAND_ANY,
3441 .help = "Cortex-A command group",
3443 .chain = cortex_a_exec_command_handlers,
3445 COMMAND_REGISTRATION_DONE
3448 struct target_type cortexa_target = {
3450 .deprecated_name = "cortex_a8",
3452 .poll = cortex_a_poll,
3453 .arch_state = armv7a_arch_state,
3455 .halt = cortex_a_halt,
3456 .resume = cortex_a_resume,
3457 .step = cortex_a_step,
3459 .assert_reset = cortex_a_assert_reset,
3460 .deassert_reset = cortex_a_deassert_reset,
3462 /* REVISIT allow exporting VFP3 registers ... */
3463 .get_gdb_reg_list = arm_get_gdb_reg_list,
3465 .read_memory = cortex_a_read_memory,
3466 .write_memory = cortex_a_write_memory,
3468 .read_buffer = cortex_a_read_buffer,
3469 .write_buffer = cortex_a_write_buffer,
3471 .checksum_memory = arm_checksum_memory,
3472 .blank_check_memory = arm_blank_check_memory,
3474 .run_algorithm = armv4_5_run_algorithm,
3476 .add_breakpoint = cortex_a_add_breakpoint,
3477 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3478 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3479 .remove_breakpoint = cortex_a_remove_breakpoint,
3480 .add_watchpoint = NULL,
3481 .remove_watchpoint = NULL,
3483 .commands = cortex_a_command_handlers,
3484 .target_create = cortex_a_target_create,
3485 .init_target = cortex_a_init_target,
3486 .examine = cortex_a_examine,
3487 .deinit_target = cortex_a_deinit_target,
3489 .read_phys_memory = cortex_a_read_phys_memory,
3490 .write_phys_memory = cortex_a_write_phys_memory,
3491 .mmu = cortex_a_mmu,
3492 .virt2phys = cortex_a_virt2phys,
3495 static const struct command_registration cortex_r4_exec_command_handlers[] = {
3497 .name = "cache_info",
3498 .handler = cortex_a_handle_cache_info_command,
3499 .mode = COMMAND_EXEC,
3500 .help = "display information about target caches",
3505 .handler = cortex_a_handle_dbginit_command,
3506 .mode = COMMAND_EXEC,
3507 .help = "Initialize core debug",
3512 .handler = handle_cortex_a_mask_interrupts_command,
3513 .mode = COMMAND_EXEC,
3514 .help = "mask cortex_r4 interrupts",
3515 .usage = "['on'|'off']",
3518 COMMAND_REGISTRATION_DONE
3520 static const struct command_registration cortex_r4_command_handlers[] = {
3522 .chain = arm_command_handlers,
3525 .chain = armv7a_command_handlers,
3528 .name = "cortex_r4",
3529 .mode = COMMAND_ANY,
3530 .help = "Cortex-R4 command group",
3532 .chain = cortex_r4_exec_command_handlers,
3534 COMMAND_REGISTRATION_DONE
3537 struct target_type cortexr4_target = {
3538 .name = "cortex_r4",
3540 .poll = cortex_a_poll,
3541 .arch_state = armv7a_arch_state,
3543 .halt = cortex_a_halt,
3544 .resume = cortex_a_resume,
3545 .step = cortex_a_step,
3547 .assert_reset = cortex_a_assert_reset,
3548 .deassert_reset = cortex_a_deassert_reset,
3550 /* REVISIT allow exporting VFP3 registers ... */
3551 .get_gdb_reg_list = arm_get_gdb_reg_list,
3553 .read_memory = cortex_a_read_memory,
3554 .write_memory = cortex_a_write_memory,
3556 .checksum_memory = arm_checksum_memory,
3557 .blank_check_memory = arm_blank_check_memory,
3559 .run_algorithm = armv4_5_run_algorithm,
3561 .add_breakpoint = cortex_a_add_breakpoint,
3562 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3563 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3564 .remove_breakpoint = cortex_a_remove_breakpoint,
3565 .add_watchpoint = NULL,
3566 .remove_watchpoint = NULL,
3568 .commands = cortex_r4_command_handlers,
3569 .target_create = cortex_r4_target_create,
3570 .init_target = cortex_a_init_target,
3571 .examine = cortex_a_examine,
3572 .deinit_target = cortex_a_deinit_target,
projects / fw / openocd / blob