1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
5 * Copyright (C) 2006 by Magnus Lundin *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
11 * Copyright (C) 2009 by Dirk Behme *
12 * dirk.behme@gmail.com - copy from cortex_m3 *
14 * Copyright (C) 2010 Øyvind Harboe *
15 * oyvind.harboe@zylin.com *
17 * Copyright (C) ST-Ericsson SA 2011 *
18 * michel.jaouen@stericsson.com : smp minimum support *
20 * Copyright (C) Broadcom 2012 *
21 * ehunter@broadcom.com : Cortex R4 support *
23 * Copyright (C) 2013 Kamal Dasu *
24 * kdasu.kdev@gmail.com *
26 * This program is free software; you can redistribute it and/or modify *
27 * it under the terms of the GNU General Public License as published by *
28 * the Free Software Foundation; either version 2 of the License, or *
29 * (at your option) any later version. *
31 * This program is distributed in the hope that it will be useful, *
32 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
33 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
34 * GNU General Public License for more details. *
36 * You should have received a copy of the GNU General Public License *
37 * along with this program; if not, write to the *
38 * Free Software Foundation, Inc., *
39 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. *
41 * Cortex-A8(tm) TRM, ARM DDI 0344H *
42 * Cortex-A9(tm) TRM, ARM DDI 0407F *
43 * Cortex-A4(tm) TRM, ARM DDI 0363E *
44 * Cortex-A15(tm)TRM, ARM DDI 0438C *
46 ***************************************************************************/
52 #include "breakpoints.h"
55 #include "target_request.h"
56 #include "target_type.h"
57 #include "arm_opcodes.h"
58 #include <helper/time_support.h>
60 static int cortex_a_poll(struct target *target);
61 static int cortex_a_debug_entry(struct target *target);
62 static int cortex_a_restore_context(struct target *target, bool bpwp);
63 static int cortex_a_set_breakpoint(struct target *target,
64 struct breakpoint *breakpoint, uint8_t matchmode);
65 static int cortex_a_set_context_breakpoint(struct target *target,
66 struct breakpoint *breakpoint, uint8_t matchmode);
67 static int cortex_a_set_hybrid_breakpoint(struct target *target,
68 struct breakpoint *breakpoint);
69 static int cortex_a_unset_breakpoint(struct target *target,
70 struct breakpoint *breakpoint);
71 static int cortex_a_dap_read_coreregister_u32(struct target *target,
72 uint32_t *value, int regnum);
73 static int cortex_a_dap_write_coreregister_u32(struct target *target,
74 uint32_t value, int regnum);
75 static int cortex_a_mmu(struct target *target, int *enabled);
76 static int cortex_a_mmu_modify(struct target *target, int enable);
77 static int cortex_a_virt2phys(struct target *target,
78 uint32_t virt, uint32_t *phys);
79 static int cortex_a_read_apb_ab_memory(struct target *target,
80 uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer);
83 /* restore cp15_control_reg at resume */
84 static int cortex_a_restore_cp15_control_reg(struct target *target)
86 int retval = ERROR_OK;
87 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
88 struct armv7a_common *armv7a = target_to_armv7a(target);
90 if (cortex_a->cp15_control_reg != cortex_a->cp15_control_reg_curr) {
91 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
92 /* LOG_INFO("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg); */
93 retval = armv7a->arm.mcr(target, 15,
96 cortex_a->cp15_control_reg);
102 * Set up ARM core for memory access.
103 * If !phys_access, switch to SVC mode and make sure MMU is on
104 * If phys_access, switch off mmu
106 static int cortex_a_prep_memaccess(struct target *target, int phys_access)
108 struct armv7a_common *armv7a = target_to_armv7a(target);
111 if (phys_access == 0) {
112 dpm_modeswitch(&armv7a->dpm, ARM_MODE_SVC);
113 cortex_a_mmu(target, &mmu_enabled);
115 cortex_a_mmu_modify(target, 1);
117 cortex_a_mmu(target, &mmu_enabled);
119 cortex_a_mmu_modify(target, 0);
125 * Restore ARM core after memory access.
126 * If !phys_access, switch to previous mode
127 * If phys_access, restore MMU setting
129 static int cortex_a_post_memaccess(struct target *target, int phys_access)
131 struct armv7a_common *armv7a = target_to_armv7a(target);
133 if (phys_access == 0) {
134 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
137 cortex_a_mmu(target, &mmu_enabled);
139 cortex_a_mmu_modify(target, 1);
145 /* modify cp15_control_reg in order to enable or disable mmu for :
146 * - virt2phys address conversion
147 * - read or write memory in phys or virt address */
148 static int cortex_a_mmu_modify(struct target *target, int enable)
150 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
151 struct armv7a_common *armv7a = target_to_armv7a(target);
152 int retval = ERROR_OK;
156 /* if mmu enabled at target stop and mmu not enable */
157 if (!(cortex_a->cp15_control_reg & 0x1U)) {
158 LOG_ERROR("trying to enable mmu on target stopped with mmu disable");
161 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0) {
162 cortex_a->cp15_control_reg_curr |= 0x1U;
166 if ((cortex_a->cp15_control_reg_curr & 0x1U) == 0x1U) {
167 cortex_a->cp15_control_reg_curr &= ~0x1U;
173 LOG_DEBUG("%s, writing cp15 ctrl: %" PRIx32,
174 enable ? "enable mmu" : "disable mmu",
175 cortex_a->cp15_control_reg_curr);
177 retval = armv7a->arm.mcr(target, 15,
180 cortex_a->cp15_control_reg_curr);
186 * Cortex-A Basic debug access, very low level assumes state is saved
188 static int cortex_a8_init_debug_access(struct target *target)
190 struct armv7a_common *armv7a = target_to_armv7a(target);
195 /* Unlocking the debug registers for modification
196 * The debugport might be uninitialised so try twice */
197 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
198 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
199 if (retval != ERROR_OK) {
201 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
202 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
203 if (retval == ERROR_OK)
205 "Locking debug access failed on first, but succeeded on second try.");
212 * Cortex-A Basic debug access, very low level assumes state is saved
214 static int cortex_a_init_debug_access(struct target *target)
216 struct armv7a_common *armv7a = target_to_armv7a(target);
219 uint32_t cortex_part_num;
220 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
223 cortex_part_num = (cortex_a->cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >>
224 CORTEX_A_MIDR_PARTNUM_SHIFT;
226 switch (cortex_part_num) {
227 case CORTEX_A7_PARTNUM:
228 case CORTEX_A15_PARTNUM:
229 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
230 armv7a->debug_base + CPUDBG_OSLSR,
232 if (retval != ERROR_OK)
235 LOG_DEBUG("DBGOSLSR 0x%" PRIx32, dbg_osreg);
237 if (dbg_osreg & CPUDBG_OSLAR_LK_MASK)
238 /* Unlocking the DEBUG OS registers for modification */
239 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
240 armv7a->debug_base + CPUDBG_OSLAR,
244 case CORTEX_A5_PARTNUM:
245 case CORTEX_A8_PARTNUM:
246 case CORTEX_A9_PARTNUM:
248 retval = cortex_a8_init_debug_access(target);
251 if (retval != ERROR_OK)
253 /* Clear Sticky Power Down status Bit in PRSR to enable access to
254 the registers in the Core Power Domain */
255 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
256 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
257 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
259 if (retval != ERROR_OK)
262 /* Disable cacheline fills and force cache write-through in debug state */
263 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
264 armv7a->debug_base + CPUDBG_DSCCR, 0);
265 if (retval != ERROR_OK)
268 /* Disable TLB lookup and refill/eviction in debug state */
269 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
270 armv7a->debug_base + CPUDBG_DSMCR, 0);
271 if (retval != ERROR_OK)
274 /* Enabling of instruction execution in debug mode is done in debug_entry code */
276 /* Resync breakpoint registers */
278 /* Since this is likely called from init or reset, update target state information*/
279 return cortex_a_poll(target);
282 static int cortex_a_wait_instrcmpl(struct target *target, uint32_t *dscr, bool force)
284 /* Waits until InstrCmpl_l becomes 1, indicating instruction is done.
285 * Writes final value of DSCR into *dscr. Pass force to force always
286 * reading DSCR at least once. */
287 struct armv7a_common *armv7a = target_to_armv7a(target);
288 long long then = timeval_ms();
289 while ((*dscr & DSCR_INSTR_COMP) == 0 || force) {
291 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
292 armv7a->debug_base + CPUDBG_DSCR, dscr);
293 if (retval != ERROR_OK) {
294 LOG_ERROR("Could not read DSCR register");
297 if (timeval_ms() > then + 1000) {
298 LOG_ERROR("Timeout waiting for InstrCompl=1");
305 /* To reduce needless round-trips, pass in a pointer to the current
306 * DSCR value. Initialize it to zero if you just need to know the
307 * value on return from this function; or DSCR_INSTR_COMP if you
308 * happen to know that no instruction is pending.
310 static int cortex_a_exec_opcode(struct target *target,
311 uint32_t opcode, uint32_t *dscr_p)
315 struct armv7a_common *armv7a = target_to_armv7a(target);
317 dscr = dscr_p ? *dscr_p : 0;
319 LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
321 /* Wait for InstrCompl bit to be set */
322 retval = cortex_a_wait_instrcmpl(target, dscr_p, false);
323 if (retval != ERROR_OK)
326 retval = mem_ap_write_u32(armv7a->debug_ap,
327 armv7a->debug_base + CPUDBG_ITR, opcode);
328 if (retval != ERROR_OK)
331 long long then = timeval_ms();
333 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
334 armv7a->debug_base + CPUDBG_DSCR, &dscr);
335 if (retval != ERROR_OK) {
336 LOG_ERROR("Could not read DSCR register");
339 if (timeval_ms() > then + 1000) {
340 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
343 } while ((dscr & DSCR_INSTR_COMP) == 0); /* Wait for InstrCompl bit to be set */
351 /**************************************************************************
352 Read core register with very few exec_opcode, fast but needs work_area.
353 This can cause problems with MMU active.
354 **************************************************************************/
355 static int cortex_a_read_regs_through_mem(struct target *target, uint32_t address,
358 int retval = ERROR_OK;
359 struct armv7a_common *armv7a = target_to_armv7a(target);
361 retval = cortex_a_dap_read_coreregister_u32(target, regfile, 0);
362 if (retval != ERROR_OK)
364 retval = cortex_a_dap_write_coreregister_u32(target, address, 0);
365 if (retval != ERROR_OK)
367 retval = cortex_a_exec_opcode(target, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL);
368 if (retval != ERROR_OK)
371 retval = mem_ap_read_buf(armv7a->memory_ap,
372 (uint8_t *)(®file[1]), 4, 15, address);
377 static int cortex_a_dap_read_coreregister_u32(struct target *target,
378 uint32_t *value, int regnum)
380 int retval = ERROR_OK;
381 uint8_t reg = regnum&0xFF;
383 struct armv7a_common *armv7a = target_to_armv7a(target);
389 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0" 0xEE00nE15 */
390 retval = cortex_a_exec_opcode(target,
391 ARMV4_5_MCR(14, 0, reg, 0, 5, 0),
393 if (retval != ERROR_OK)
395 } else if (reg == 15) {
396 /* "MOV r0, r15"; then move r0 to DCCTX */
397 retval = cortex_a_exec_opcode(target, 0xE1A0000F, &dscr);
398 if (retval != ERROR_OK)
400 retval = cortex_a_exec_opcode(target,
401 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
403 if (retval != ERROR_OK)
406 /* "MRS r0, CPSR" or "MRS r0, SPSR"
407 * then move r0 to DCCTX
409 retval = cortex_a_exec_opcode(target, ARMV4_5_MRS(0, reg & 1), &dscr);
410 if (retval != ERROR_OK)
412 retval = cortex_a_exec_opcode(target,
413 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
415 if (retval != ERROR_OK)
419 /* Wait for DTRRXfull then read DTRRTX */
420 long long then = timeval_ms();
421 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
422 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
423 armv7a->debug_base + CPUDBG_DSCR, &dscr);
424 if (retval != ERROR_OK)
426 if (timeval_ms() > then + 1000) {
427 LOG_ERROR("Timeout waiting for cortex_a_exec_opcode");
432 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
433 armv7a->debug_base + CPUDBG_DTRTX, value);
434 LOG_DEBUG("read DCC 0x%08" PRIx32, *value);
439 static int cortex_a_dap_write_coreregister_u32(struct target *target,
440 uint32_t value, int regnum)
442 int retval = ERROR_OK;
443 uint8_t Rd = regnum&0xFF;
445 struct armv7a_common *armv7a = target_to_armv7a(target);
447 LOG_DEBUG("register %i, value 0x%08" PRIx32, regnum, value);
449 /* Check that DCCRX is not full */
450 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
451 armv7a->debug_base + CPUDBG_DSCR, &dscr);
452 if (retval != ERROR_OK)
454 if (dscr & DSCR_DTR_RX_FULL) {
455 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
456 /* Clear DCCRX with MRC(p14, 0, Rd, c0, c5, 0), opcode 0xEE100E15 */
457 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
459 if (retval != ERROR_OK)
466 /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
467 LOG_DEBUG("write DCC 0x%08" PRIx32, value);
468 retval = mem_ap_write_u32(armv7a->debug_ap,
469 armv7a->debug_base + CPUDBG_DTRRX, value);
470 if (retval != ERROR_OK)
474 /* DCCRX to Rn, "MRC p14, 0, Rn, c0, c5, 0", 0xEE10nE15 */
475 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, Rd, 0, 5, 0),
478 if (retval != ERROR_OK)
480 } else if (Rd == 15) {
481 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
484 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
486 if (retval != ERROR_OK)
488 retval = cortex_a_exec_opcode(target, 0xE1A0F000, &dscr);
489 if (retval != ERROR_OK)
492 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
493 * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
495 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
497 if (retval != ERROR_OK)
499 retval = cortex_a_exec_opcode(target, ARMV4_5_MSR_GP(0, 0xF, Rd & 1),
501 if (retval != ERROR_OK)
504 /* "Prefetch flush" after modifying execution status in CPSR */
506 retval = cortex_a_exec_opcode(target,
507 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
509 if (retval != ERROR_OK)
517 /* Write to memory mapped registers directly with no cache or mmu handling */
518 static int cortex_a_dap_write_memap_register_u32(struct target *target,
523 struct armv7a_common *armv7a = target_to_armv7a(target);
525 retval = mem_ap_write_atomic_u32(armv7a->debug_ap, address, value);
531 * Cortex-A implementation of Debug Programmer's Model
533 * NOTE the invariant: these routines return with DSCR_INSTR_COMP set,
534 * so there's no need to poll for it before executing an instruction.
536 * NOTE that in several of these cases the "stall" mode might be useful.
537 * It'd let us queue a few operations together... prepare/finish might
538 * be the places to enable/disable that mode.
541 static inline struct cortex_a_common *dpm_to_a(struct arm_dpm *dpm)
543 return container_of(dpm, struct cortex_a_common, armv7a_common.dpm);
546 static int cortex_a_write_dcc(struct cortex_a_common *a, uint32_t data)
548 LOG_DEBUG("write DCC 0x%08" PRIx32, data);
549 return mem_ap_write_u32(a->armv7a_common.debug_ap,
550 a->armv7a_common.debug_base + CPUDBG_DTRRX, data);
553 static int cortex_a_read_dcc(struct cortex_a_common *a, uint32_t *data,
556 uint32_t dscr = DSCR_INSTR_COMP;
562 /* Wait for DTRRXfull */
563 long long then = timeval_ms();
564 while ((dscr & DSCR_DTR_TX_FULL) == 0) {
565 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
566 a->armv7a_common.debug_base + CPUDBG_DSCR,
568 if (retval != ERROR_OK)
570 if (timeval_ms() > then + 1000) {
571 LOG_ERROR("Timeout waiting for read dcc");
576 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
577 a->armv7a_common.debug_base + CPUDBG_DTRTX, data);
578 if (retval != ERROR_OK)
580 /* LOG_DEBUG("read DCC 0x%08" PRIx32, *data); */
588 static int cortex_a_dpm_prepare(struct arm_dpm *dpm)
590 struct cortex_a_common *a = dpm_to_a(dpm);
594 /* set up invariant: INSTR_COMP is set after ever DPM operation */
595 long long then = timeval_ms();
597 retval = mem_ap_read_atomic_u32(a->armv7a_common.debug_ap,
598 a->armv7a_common.debug_base + CPUDBG_DSCR,
600 if (retval != ERROR_OK)
602 if ((dscr & DSCR_INSTR_COMP) != 0)
604 if (timeval_ms() > then + 1000) {
605 LOG_ERROR("Timeout waiting for dpm prepare");
610 /* this "should never happen" ... */
611 if (dscr & DSCR_DTR_RX_FULL) {
612 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
614 retval = cortex_a_exec_opcode(
615 a->armv7a_common.arm.target,
616 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
618 if (retval != ERROR_OK)
625 static int cortex_a_dpm_finish(struct arm_dpm *dpm)
627 /* REVISIT what could be done here? */
631 static int cortex_a_instr_write_data_dcc(struct arm_dpm *dpm,
632 uint32_t opcode, uint32_t data)
634 struct cortex_a_common *a = dpm_to_a(dpm);
636 uint32_t dscr = DSCR_INSTR_COMP;
638 retval = cortex_a_write_dcc(a, data);
639 if (retval != ERROR_OK)
642 return cortex_a_exec_opcode(
643 a->armv7a_common.arm.target,
648 static int cortex_a_instr_write_data_r0(struct arm_dpm *dpm,
649 uint32_t opcode, uint32_t data)
651 struct cortex_a_common *a = dpm_to_a(dpm);
652 uint32_t dscr = DSCR_INSTR_COMP;
655 retval = cortex_a_write_dcc(a, data);
656 if (retval != ERROR_OK)
659 /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
660 retval = cortex_a_exec_opcode(
661 a->armv7a_common.arm.target,
662 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
664 if (retval != ERROR_OK)
667 /* then the opcode, taking data from R0 */
668 retval = cortex_a_exec_opcode(
669 a->armv7a_common.arm.target,
676 static int cortex_a_instr_cpsr_sync(struct arm_dpm *dpm)
678 struct target *target = dpm->arm->target;
679 uint32_t dscr = DSCR_INSTR_COMP;
681 /* "Prefetch flush" after modifying execution status in CPSR */
682 return cortex_a_exec_opcode(target,
683 ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
687 static int cortex_a_instr_read_data_dcc(struct arm_dpm *dpm,
688 uint32_t opcode, uint32_t *data)
690 struct cortex_a_common *a = dpm_to_a(dpm);
692 uint32_t dscr = DSCR_INSTR_COMP;
694 /* the opcode, writing data to DCC */
695 retval = cortex_a_exec_opcode(
696 a->armv7a_common.arm.target,
699 if (retval != ERROR_OK)
702 return cortex_a_read_dcc(a, data, &dscr);
706 static int cortex_a_instr_read_data_r0(struct arm_dpm *dpm,
707 uint32_t opcode, uint32_t *data)
709 struct cortex_a_common *a = dpm_to_a(dpm);
710 uint32_t dscr = DSCR_INSTR_COMP;
713 /* the opcode, writing data to R0 */
714 retval = cortex_a_exec_opcode(
715 a->armv7a_common.arm.target,
718 if (retval != ERROR_OK)
721 /* write R0 to DCC */
722 retval = cortex_a_exec_opcode(
723 a->armv7a_common.arm.target,
724 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
726 if (retval != ERROR_OK)
729 return cortex_a_read_dcc(a, data, &dscr);
732 static int cortex_a_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
733 uint32_t addr, uint32_t control)
735 struct cortex_a_common *a = dpm_to_a(dpm);
736 uint32_t vr = a->armv7a_common.debug_base;
737 uint32_t cr = a->armv7a_common.debug_base;
741 case 0 ... 15: /* breakpoints */
742 vr += CPUDBG_BVR_BASE;
743 cr += CPUDBG_BCR_BASE;
745 case 16 ... 31: /* watchpoints */
746 vr += CPUDBG_WVR_BASE;
747 cr += CPUDBG_WCR_BASE;
756 LOG_DEBUG("A: bpwp enable, vr %08x cr %08x",
757 (unsigned) vr, (unsigned) cr);
759 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
761 if (retval != ERROR_OK)
763 retval = cortex_a_dap_write_memap_register_u32(dpm->arm->target,
768 static int cortex_a_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
770 struct cortex_a_common *a = dpm_to_a(dpm);
775 cr = a->armv7a_common.debug_base + CPUDBG_BCR_BASE;
778 cr = a->armv7a_common.debug_base + CPUDBG_WCR_BASE;
786 LOG_DEBUG("A: bpwp disable, cr %08x", (unsigned) cr);
788 /* clear control register */
789 return cortex_a_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
792 static int cortex_a_dpm_setup(struct cortex_a_common *a, uint32_t didr)
794 struct arm_dpm *dpm = &a->armv7a_common.dpm;
797 dpm->arm = &a->armv7a_common.arm;
800 dpm->prepare = cortex_a_dpm_prepare;
801 dpm->finish = cortex_a_dpm_finish;
803 dpm->instr_write_data_dcc = cortex_a_instr_write_data_dcc;
804 dpm->instr_write_data_r0 = cortex_a_instr_write_data_r0;
805 dpm->instr_cpsr_sync = cortex_a_instr_cpsr_sync;
807 dpm->instr_read_data_dcc = cortex_a_instr_read_data_dcc;
808 dpm->instr_read_data_r0 = cortex_a_instr_read_data_r0;
810 dpm->bpwp_enable = cortex_a_bpwp_enable;
811 dpm->bpwp_disable = cortex_a_bpwp_disable;
813 retval = arm_dpm_setup(dpm);
814 if (retval == ERROR_OK)
815 retval = arm_dpm_initialize(dpm);
819 static struct target *get_cortex_a(struct target *target, int32_t coreid)
821 struct target_list *head;
825 while (head != (struct target_list *)NULL) {
827 if ((curr->coreid == coreid) && (curr->state == TARGET_HALTED))
833 static int cortex_a_halt(struct target *target);
835 static int cortex_a_halt_smp(struct target *target)
838 struct target_list *head;
841 while (head != (struct target_list *)NULL) {
843 if ((curr != target) && (curr->state != TARGET_HALTED))
844 retval += cortex_a_halt(curr);
850 static int update_halt_gdb(struct target *target)
853 if (target->gdb_service && target->gdb_service->core[0] == -1) {
854 target->gdb_service->target = target;
855 target->gdb_service->core[0] = target->coreid;
856 retval += cortex_a_halt_smp(target);
862 * Cortex-A Run control
865 static int cortex_a_poll(struct target *target)
867 int retval = ERROR_OK;
869 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
870 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
871 enum target_state prev_target_state = target->state;
872 /* toggle to another core is done by gdb as follow */
873 /* maint packet J core_id */
875 /* the next polling trigger an halt event sent to gdb */
876 if ((target->state == TARGET_HALTED) && (target->smp) &&
877 (target->gdb_service) &&
878 (target->gdb_service->target == NULL)) {
879 target->gdb_service->target =
880 get_cortex_a(target, target->gdb_service->core[1]);
881 target_call_event_callbacks(target, TARGET_EVENT_HALTED);
884 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
885 armv7a->debug_base + CPUDBG_DSCR, &dscr);
886 if (retval != ERROR_OK)
888 cortex_a->cpudbg_dscr = dscr;
890 if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED)) {
891 if (prev_target_state != TARGET_HALTED) {
892 /* We have a halting debug event */
893 LOG_DEBUG("Target halted");
894 target->state = TARGET_HALTED;
895 if ((prev_target_state == TARGET_RUNNING)
896 || (prev_target_state == TARGET_UNKNOWN)
897 || (prev_target_state == TARGET_RESET)) {
898 retval = cortex_a_debug_entry(target);
899 if (retval != ERROR_OK)
902 retval = update_halt_gdb(target);
903 if (retval != ERROR_OK)
906 target_call_event_callbacks(target,
907 TARGET_EVENT_HALTED);
909 if (prev_target_state == TARGET_DEBUG_RUNNING) {
912 retval = cortex_a_debug_entry(target);
913 if (retval != ERROR_OK)
916 retval = update_halt_gdb(target);
917 if (retval != ERROR_OK)
921 target_call_event_callbacks(target,
922 TARGET_EVENT_DEBUG_HALTED);
925 } else if (DSCR_RUN_MODE(dscr) == DSCR_CORE_RESTARTED)
926 target->state = TARGET_RUNNING;
928 LOG_DEBUG("Unknown target state dscr = 0x%08" PRIx32, dscr);
929 target->state = TARGET_UNKNOWN;
935 static int cortex_a_halt(struct target *target)
937 int retval = ERROR_OK;
939 struct armv7a_common *armv7a = target_to_armv7a(target);
942 * Tell the core to be halted by writing DRCR with 0x1
943 * and then wait for the core to be halted.
945 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
946 armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
947 if (retval != ERROR_OK)
951 * enter halting debug mode
953 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
954 armv7a->debug_base + CPUDBG_DSCR, &dscr);
955 if (retval != ERROR_OK)
958 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
959 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
960 if (retval != ERROR_OK)
963 long long then = timeval_ms();
965 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
966 armv7a->debug_base + CPUDBG_DSCR, &dscr);
967 if (retval != ERROR_OK)
969 if ((dscr & DSCR_CORE_HALTED) != 0)
971 if (timeval_ms() > then + 1000) {
972 LOG_ERROR("Timeout waiting for halt");
977 target->debug_reason = DBG_REASON_DBGRQ;
982 static int cortex_a_internal_restore(struct target *target, int current,
983 uint32_t *address, int handle_breakpoints, int debug_execution)
985 struct armv7a_common *armv7a = target_to_armv7a(target);
986 struct arm *arm = &armv7a->arm;
990 if (!debug_execution)
991 target_free_all_working_areas(target);
994 if (debug_execution) {
995 /* Disable interrupts */
996 /* We disable interrupts in the PRIMASK register instead of
997 * masking with C_MASKINTS,
998 * This is probably the same issue as Cortex-M3 Errata 377493:
999 * C_MASKINTS in parallel with disabled interrupts can cause
1000 * local faults to not be taken. */
1001 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
1002 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
1003 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
1005 /* Make sure we are in Thumb mode */
1006 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
1007 buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0,
1009 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
1010 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
1014 /* current = 1: continue on current pc, otherwise continue at <address> */
1015 resume_pc = buf_get_u32(arm->pc->value, 0, 32);
1017 resume_pc = *address;
1019 *address = resume_pc;
1021 /* Make sure that the Armv7 gdb thumb fixups does not
1022 * kill the return address
1024 switch (arm->core_state) {
1026 resume_pc &= 0xFFFFFFFC;
1028 case ARM_STATE_THUMB:
1029 case ARM_STATE_THUMB_EE:
1030 /* When the return address is loaded into PC
1031 * bit 0 must be 1 to stay in Thumb state
1035 case ARM_STATE_JAZELLE:
1036 LOG_ERROR("How do I resume into Jazelle state??");
1039 LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
1040 buf_set_u32(arm->pc->value, 0, 32, resume_pc);
1043 /* restore dpm_mode at system halt */
1044 dpm_modeswitch(&armv7a->dpm, ARM_MODE_ANY);
1045 /* called it now before restoring context because it uses cpu
1046 * register r0 for restoring cp15 control register */
1047 retval = cortex_a_restore_cp15_control_reg(target);
1048 if (retval != ERROR_OK)
1050 retval = cortex_a_restore_context(target, handle_breakpoints);
1051 if (retval != ERROR_OK)
1053 target->debug_reason = DBG_REASON_NOTHALTED;
1054 target->state = TARGET_RUNNING;
1056 /* registers are now invalid */
1057 register_cache_invalidate(arm->core_cache);
1060 /* the front-end may request us not to handle breakpoints */
1061 if (handle_breakpoints) {
1062 /* Single step past breakpoint at current address */
1063 breakpoint = breakpoint_find(target, resume_pc);
1065 LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
1066 cortex_m3_unset_breakpoint(target, breakpoint);
1067 cortex_m3_single_step_core(target);
1068 cortex_m3_set_breakpoint(target, breakpoint);
1076 static int cortex_a_internal_restart(struct target *target)
1078 struct armv7a_common *armv7a = target_to_armv7a(target);
1079 struct arm *arm = &armv7a->arm;
1083 * * Restart core and wait for it to be started. Clear ITRen and sticky
1084 * * exception flags: see ARMv7 ARM, C5.9.
1086 * REVISIT: for single stepping, we probably want to
1087 * disable IRQs by default, with optional override...
1090 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1091 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1092 if (retval != ERROR_OK)
1095 if ((dscr & DSCR_INSTR_COMP) == 0)
1096 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
1098 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1099 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
1100 if (retval != ERROR_OK)
1103 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1104 armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART |
1105 DRCR_CLEAR_EXCEPTIONS);
1106 if (retval != ERROR_OK)
1109 long long then = timeval_ms();
1111 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1112 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1113 if (retval != ERROR_OK)
1115 if ((dscr & DSCR_CORE_RESTARTED) != 0)
1117 if (timeval_ms() > then + 1000) {
1118 LOG_ERROR("Timeout waiting for resume");
1123 target->debug_reason = DBG_REASON_NOTHALTED;
1124 target->state = TARGET_RUNNING;
1126 /* registers are now invalid */
1127 register_cache_invalidate(arm->core_cache);
1132 static int cortex_a_restore_smp(struct target *target, int handle_breakpoints)
1135 struct target_list *head;
1136 struct target *curr;
1138 head = target->head;
1139 while (head != (struct target_list *)NULL) {
1140 curr = head->target;
1141 if ((curr != target) && (curr->state != TARGET_RUNNING)) {
1142 /* resume current address , not in step mode */
1143 retval += cortex_a_internal_restore(curr, 1, &address,
1144 handle_breakpoints, 0);
1145 retval += cortex_a_internal_restart(curr);
1153 static int cortex_a_resume(struct target *target, int current,
1154 uint32_t address, int handle_breakpoints, int debug_execution)
1157 /* dummy resume for smp toggle in order to reduce gdb impact */
1158 if ((target->smp) && (target->gdb_service->core[1] != -1)) {
1159 /* simulate a start and halt of target */
1160 target->gdb_service->target = NULL;
1161 target->gdb_service->core[0] = target->gdb_service->core[1];
1162 /* fake resume at next poll we play the target core[1], see poll*/
1163 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1166 cortex_a_internal_restore(target, current, &address, handle_breakpoints, debug_execution);
1168 target->gdb_service->core[0] = -1;
1169 retval = cortex_a_restore_smp(target, handle_breakpoints);
1170 if (retval != ERROR_OK)
1173 cortex_a_internal_restart(target);
1175 if (!debug_execution) {
1176 target->state = TARGET_RUNNING;
1177 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
1178 LOG_DEBUG("target resumed at 0x%" PRIx32, address);
1180 target->state = TARGET_DEBUG_RUNNING;
1181 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
1182 LOG_DEBUG("target debug resumed at 0x%" PRIx32, address);
1188 static int cortex_a_debug_entry(struct target *target)
1191 uint32_t regfile[16], cpsr, dscr;
1192 int retval = ERROR_OK;
1193 struct working_area *regfile_working_area = NULL;
1194 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1195 struct armv7a_common *armv7a = target_to_armv7a(target);
1196 struct arm *arm = &armv7a->arm;
1199 LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a->cpudbg_dscr);
1201 /* REVISIT surely we should not re-read DSCR !! */
1202 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1203 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1204 if (retval != ERROR_OK)
1207 /* REVISIT see A TRM 12.11.4 steps 2..3 -- make sure that any
1208 * imprecise data aborts get discarded by issuing a Data
1209 * Synchronization Barrier: ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
1212 /* Enable the ITR execution once we are in debug mode */
1213 dscr |= DSCR_ITR_EN;
1214 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1215 armv7a->debug_base + CPUDBG_DSCR, dscr);
1216 if (retval != ERROR_OK)
1219 /* Examine debug reason */
1220 arm_dpm_report_dscr(&armv7a->dpm, cortex_a->cpudbg_dscr);
1222 /* save address of instruction that triggered the watchpoint? */
1223 if (target->debug_reason == DBG_REASON_WATCHPOINT) {
1226 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1227 armv7a->debug_base + CPUDBG_WFAR,
1229 if (retval != ERROR_OK)
1231 arm_dpm_report_wfar(&armv7a->dpm, wfar);
1234 /* REVISIT fast_reg_read is never set ... */
1236 /* Examine target state and mode */
1237 if (cortex_a->fast_reg_read)
1238 target_alloc_working_area(target, 64, ®file_working_area);
1240 /* First load register acessible through core debug port*/
1241 if (!regfile_working_area)
1242 retval = arm_dpm_read_current_registers(&armv7a->dpm);
1244 retval = cortex_a_read_regs_through_mem(target,
1245 regfile_working_area->address, regfile);
1247 target_free_working_area(target, regfile_working_area);
1248 if (retval != ERROR_OK)
1251 /* read Current PSR */
1252 retval = cortex_a_dap_read_coreregister_u32(target, &cpsr, 16);
1253 /* store current cpsr */
1254 if (retval != ERROR_OK)
1257 LOG_DEBUG("cpsr: %8.8" PRIx32, cpsr);
1259 arm_set_cpsr(arm, cpsr);
1262 for (i = 0; i <= ARM_PC; i++) {
1263 reg = arm_reg_current(arm, i);
1265 buf_set_u32(reg->value, 0, 32, regfile[i]);
1270 /* Fixup PC Resume Address */
1271 if (cpsr & (1 << 5)) {
1272 /* T bit set for Thumb or ThumbEE state */
1273 regfile[ARM_PC] -= 4;
1276 regfile[ARM_PC] -= 8;
1280 buf_set_u32(reg->value, 0, 32, regfile[ARM_PC]);
1281 reg->dirty = reg->valid;
1285 /* TODO, Move this */
1286 uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1287 cortex_a_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1288 LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1290 cortex_a_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1291 LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1293 cortex_a_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1294 LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1297 /* Are we in an exception handler */
1298 /* armv4_5->exception_number = 0; */
1299 if (armv7a->post_debug_entry) {
1300 retval = armv7a->post_debug_entry(target);
1301 if (retval != ERROR_OK)
1308 static int cortex_a_post_debug_entry(struct target *target)
1310 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1311 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1314 /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1315 retval = armv7a->arm.mrc(target, 15,
1316 0, 0, /* op1, op2 */
1317 1, 0, /* CRn, CRm */
1318 &cortex_a->cp15_control_reg);
1319 if (retval != ERROR_OK)
1321 LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a->cp15_control_reg);
1322 cortex_a->cp15_control_reg_curr = cortex_a->cp15_control_reg;
1324 if (armv7a->armv7a_mmu.armv7a_cache.info == -1)
1325 armv7a_identify_cache(target);
1327 if (armv7a->is_armv7r) {
1328 armv7a->armv7a_mmu.mmu_enabled = 0;
1330 armv7a->armv7a_mmu.mmu_enabled =
1331 (cortex_a->cp15_control_reg & 0x1U) ? 1 : 0;
1333 armv7a->armv7a_mmu.armv7a_cache.d_u_cache_enabled =
1334 (cortex_a->cp15_control_reg & 0x4U) ? 1 : 0;
1335 armv7a->armv7a_mmu.armv7a_cache.i_cache_enabled =
1336 (cortex_a->cp15_control_reg & 0x1000U) ? 1 : 0;
1337 cortex_a->curr_mode = armv7a->arm.core_mode;
1342 int cortex_a_set_dscr_bits(struct target *target, unsigned long bit_mask, unsigned long value)
1344 struct armv7a_common *armv7a = target_to_armv7a(target);
1348 int retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1349 armv7a->debug_base + CPUDBG_DSCR, &dscr);
1350 if (ERROR_OK != retval)
1353 /* clear bitfield */
1356 dscr |= value & bit_mask;
1358 /* write new DSCR */
1359 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1360 armv7a->debug_base + CPUDBG_DSCR, dscr);
1364 static int cortex_a_step(struct target *target, int current, uint32_t address,
1365 int handle_breakpoints)
1367 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1368 struct armv7a_common *armv7a = target_to_armv7a(target);
1369 struct arm *arm = &armv7a->arm;
1370 struct breakpoint *breakpoint = NULL;
1371 struct breakpoint stepbreakpoint;
1375 if (target->state != TARGET_HALTED) {
1376 LOG_WARNING("target not halted");
1377 return ERROR_TARGET_NOT_HALTED;
1380 /* current = 1: continue on current pc, otherwise continue at <address> */
1383 buf_set_u32(r->value, 0, 32, address);
1385 address = buf_get_u32(r->value, 0, 32);
1387 /* The front-end may request us not to handle breakpoints.
1388 * But since Cortex-A uses breakpoint for single step,
1389 * we MUST handle breakpoints.
1391 handle_breakpoints = 1;
1392 if (handle_breakpoints) {
1393 breakpoint = breakpoint_find(target, address);
1395 cortex_a_unset_breakpoint(target, breakpoint);
1398 /* Setup single step breakpoint */
1399 stepbreakpoint.address = address;
1400 stepbreakpoint.length = (arm->core_state == ARM_STATE_THUMB)
1402 stepbreakpoint.type = BKPT_HARD;
1403 stepbreakpoint.set = 0;
1405 /* Disable interrupts during single step if requested */
1406 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1407 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, DSCR_INT_DIS);
1408 if (ERROR_OK != retval)
1412 /* Break on IVA mismatch */
1413 cortex_a_set_breakpoint(target, &stepbreakpoint, 0x04);
1415 target->debug_reason = DBG_REASON_SINGLESTEP;
1417 retval = cortex_a_resume(target, 1, address, 0, 0);
1418 if (retval != ERROR_OK)
1421 long long then = timeval_ms();
1422 while (target->state != TARGET_HALTED) {
1423 retval = cortex_a_poll(target);
1424 if (retval != ERROR_OK)
1426 if (timeval_ms() > then + 1000) {
1427 LOG_ERROR("timeout waiting for target halt");
1432 cortex_a_unset_breakpoint(target, &stepbreakpoint);
1434 /* Re-enable interrupts if they were disabled */
1435 if (cortex_a->isrmasking_mode == CORTEX_A_ISRMASK_ON) {
1436 retval = cortex_a_set_dscr_bits(target, DSCR_INT_DIS, 0);
1437 if (ERROR_OK != retval)
1442 target->debug_reason = DBG_REASON_BREAKPOINT;
1445 cortex_a_set_breakpoint(target, breakpoint, 0);
1447 if (target->state != TARGET_HALTED)
1448 LOG_DEBUG("target stepped");
1453 static int cortex_a_restore_context(struct target *target, bool bpwp)
1455 struct armv7a_common *armv7a = target_to_armv7a(target);
1459 if (armv7a->pre_restore_context)
1460 armv7a->pre_restore_context(target);
1462 return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1466 * Cortex-A Breakpoint and watchpoint functions
1469 /* Setup hardware Breakpoint Register Pair */
1470 static int cortex_a_set_breakpoint(struct target *target,
1471 struct breakpoint *breakpoint, uint8_t matchmode)
1476 uint8_t byte_addr_select = 0x0F;
1477 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1478 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1479 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1481 if (breakpoint->set) {
1482 LOG_WARNING("breakpoint already set");
1486 if (breakpoint->type == BKPT_HARD) {
1487 while (brp_list[brp_i].used && (brp_i < cortex_a->brp_num))
1489 if (brp_i >= cortex_a->brp_num) {
1490 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1491 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1493 breakpoint->set = brp_i + 1;
1494 if (breakpoint->length == 2)
1495 byte_addr_select = (3 << (breakpoint->address & 0x02));
1496 control = ((matchmode & 0x7) << 20)
1497 | (byte_addr_select << 5)
1499 brp_list[brp_i].used = 1;
1500 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1501 brp_list[brp_i].control = control;
1502 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1503 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1504 brp_list[brp_i].value);
1505 if (retval != ERROR_OK)
1507 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1508 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1509 brp_list[brp_i].control);
1510 if (retval != ERROR_OK)
1512 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1513 brp_list[brp_i].control,
1514 brp_list[brp_i].value);
1515 } else if (breakpoint->type == BKPT_SOFT) {
1517 if (breakpoint->length == 2)
1518 buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1520 buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1521 retval = target_read_memory(target,
1522 breakpoint->address & 0xFFFFFFFE,
1523 breakpoint->length, 1,
1524 breakpoint->orig_instr);
1525 if (retval != ERROR_OK)
1528 /* make sure data cache is cleaned & invalidated down to PoC */
1529 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1530 armv7a_cache_flush_virt(target, breakpoint->address,
1531 breakpoint->length);
1534 retval = target_write_memory(target,
1535 breakpoint->address & 0xFFFFFFFE,
1536 breakpoint->length, 1, code);
1537 if (retval != ERROR_OK)
1540 /* update i-cache at breakpoint location */
1541 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1542 breakpoint->length);
1543 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1544 breakpoint->length);
1546 breakpoint->set = 0x11; /* Any nice value but 0 */
1552 static int cortex_a_set_context_breakpoint(struct target *target,
1553 struct breakpoint *breakpoint, uint8_t matchmode)
1555 int retval = ERROR_FAIL;
1558 uint8_t byte_addr_select = 0x0F;
1559 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1560 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1561 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1563 if (breakpoint->set) {
1564 LOG_WARNING("breakpoint already set");
1567 /*check available context BRPs*/
1568 while ((brp_list[brp_i].used ||
1569 (brp_list[brp_i].type != BRP_CONTEXT)) && (brp_i < cortex_a->brp_num))
1572 if (brp_i >= cortex_a->brp_num) {
1573 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1577 breakpoint->set = brp_i + 1;
1578 control = ((matchmode & 0x7) << 20)
1579 | (byte_addr_select << 5)
1581 brp_list[brp_i].used = 1;
1582 brp_list[brp_i].value = (breakpoint->asid);
1583 brp_list[brp_i].control = control;
1584 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1585 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1586 brp_list[brp_i].value);
1587 if (retval != ERROR_OK)
1589 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1590 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1591 brp_list[brp_i].control);
1592 if (retval != ERROR_OK)
1594 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1595 brp_list[brp_i].control,
1596 brp_list[brp_i].value);
1601 static int cortex_a_set_hybrid_breakpoint(struct target *target, struct breakpoint *breakpoint)
1603 int retval = ERROR_FAIL;
1604 int brp_1 = 0; /* holds the contextID pair */
1605 int brp_2 = 0; /* holds the IVA pair */
1606 uint32_t control_CTX, control_IVA;
1607 uint8_t CTX_byte_addr_select = 0x0F;
1608 uint8_t IVA_byte_addr_select = 0x0F;
1609 uint8_t CTX_machmode = 0x03;
1610 uint8_t IVA_machmode = 0x01;
1611 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1612 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1613 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1615 if (breakpoint->set) {
1616 LOG_WARNING("breakpoint already set");
1619 /*check available context BRPs*/
1620 while ((brp_list[brp_1].used ||
1621 (brp_list[brp_1].type != BRP_CONTEXT)) && (brp_1 < cortex_a->brp_num))
1624 printf("brp(CTX) found num: %d\n", brp_1);
1625 if (brp_1 >= cortex_a->brp_num) {
1626 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1630 while ((brp_list[brp_2].used ||
1631 (brp_list[brp_2].type != BRP_NORMAL)) && (brp_2 < cortex_a->brp_num))
1634 printf("brp(IVA) found num: %d\n", brp_2);
1635 if (brp_2 >= cortex_a->brp_num) {
1636 LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1640 breakpoint->set = brp_1 + 1;
1641 breakpoint->linked_BRP = brp_2;
1642 control_CTX = ((CTX_machmode & 0x7) << 20)
1645 | (CTX_byte_addr_select << 5)
1647 brp_list[brp_1].used = 1;
1648 brp_list[brp_1].value = (breakpoint->asid);
1649 brp_list[brp_1].control = control_CTX;
1650 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1651 + CPUDBG_BVR_BASE + 4 * brp_list[brp_1].BRPn,
1652 brp_list[brp_1].value);
1653 if (retval != ERROR_OK)
1655 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1656 + CPUDBG_BCR_BASE + 4 * brp_list[brp_1].BRPn,
1657 brp_list[brp_1].control);
1658 if (retval != ERROR_OK)
1661 control_IVA = ((IVA_machmode & 0x7) << 20)
1663 | (IVA_byte_addr_select << 5)
1665 brp_list[brp_2].used = 1;
1666 brp_list[brp_2].value = (breakpoint->address & 0xFFFFFFFC);
1667 brp_list[brp_2].control = control_IVA;
1668 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1669 + CPUDBG_BVR_BASE + 4 * brp_list[brp_2].BRPn,
1670 brp_list[brp_2].value);
1671 if (retval != ERROR_OK)
1673 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1674 + CPUDBG_BCR_BASE + 4 * brp_list[brp_2].BRPn,
1675 brp_list[brp_2].control);
1676 if (retval != ERROR_OK)
1682 static int cortex_a_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1685 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1686 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
1687 struct cortex_a_brp *brp_list = cortex_a->brp_list;
1689 if (!breakpoint->set) {
1690 LOG_WARNING("breakpoint not set");
1694 if (breakpoint->type == BKPT_HARD) {
1695 if ((breakpoint->address != 0) && (breakpoint->asid != 0)) {
1696 int brp_i = breakpoint->set - 1;
1697 int brp_j = breakpoint->linked_BRP;
1698 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1699 LOG_DEBUG("Invalid BRP number in breakpoint");
1702 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1703 brp_list[brp_i].control, brp_list[brp_i].value);
1704 brp_list[brp_i].used = 0;
1705 brp_list[brp_i].value = 0;
1706 brp_list[brp_i].control = 0;
1707 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1708 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1709 brp_list[brp_i].control);
1710 if (retval != ERROR_OK)
1712 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1713 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1714 brp_list[brp_i].value);
1715 if (retval != ERROR_OK)
1717 if ((brp_j < 0) || (brp_j >= cortex_a->brp_num)) {
1718 LOG_DEBUG("Invalid BRP number in breakpoint");
1721 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_j,
1722 brp_list[brp_j].control, brp_list[brp_j].value);
1723 brp_list[brp_j].used = 0;
1724 brp_list[brp_j].value = 0;
1725 brp_list[brp_j].control = 0;
1726 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1727 + CPUDBG_BCR_BASE + 4 * brp_list[brp_j].BRPn,
1728 brp_list[brp_j].control);
1729 if (retval != ERROR_OK)
1731 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1732 + CPUDBG_BVR_BASE + 4 * brp_list[brp_j].BRPn,
1733 brp_list[brp_j].value);
1734 if (retval != ERROR_OK)
1736 breakpoint->linked_BRP = 0;
1737 breakpoint->set = 0;
1741 int brp_i = breakpoint->set - 1;
1742 if ((brp_i < 0) || (brp_i >= cortex_a->brp_num)) {
1743 LOG_DEBUG("Invalid BRP number in breakpoint");
1746 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1747 brp_list[brp_i].control, brp_list[brp_i].value);
1748 brp_list[brp_i].used = 0;
1749 brp_list[brp_i].value = 0;
1750 brp_list[brp_i].control = 0;
1751 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1752 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1753 brp_list[brp_i].control);
1754 if (retval != ERROR_OK)
1756 retval = cortex_a_dap_write_memap_register_u32(target, armv7a->debug_base
1757 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1758 brp_list[brp_i].value);
1759 if (retval != ERROR_OK)
1761 breakpoint->set = 0;
1766 /* make sure data cache is cleaned & invalidated down to PoC */
1767 if (!armv7a->armv7a_mmu.armv7a_cache.auto_cache_enabled) {
1768 armv7a_cache_flush_virt(target, breakpoint->address,
1769 breakpoint->length);
1772 /* restore original instruction (kept in target endianness) */
1773 if (breakpoint->length == 4) {
1774 retval = target_write_memory(target,
1775 breakpoint->address & 0xFFFFFFFE,
1776 4, 1, breakpoint->orig_instr);
1777 if (retval != ERROR_OK)
1780 retval = target_write_memory(target,
1781 breakpoint->address & 0xFFFFFFFE,
1782 2, 1, breakpoint->orig_instr);
1783 if (retval != ERROR_OK)
1787 /* update i-cache at breakpoint location */
1788 armv7a_l1_d_cache_inval_virt(target, breakpoint->address,
1789 breakpoint->length);
1790 armv7a_l1_i_cache_inval_virt(target, breakpoint->address,
1791 breakpoint->length);
1793 breakpoint->set = 0;
1798 static int cortex_a_add_breakpoint(struct target *target,
1799 struct breakpoint *breakpoint)
1801 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1803 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1804 LOG_INFO("no hardware breakpoint available");
1805 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1808 if (breakpoint->type == BKPT_HARD)
1809 cortex_a->brp_num_available--;
1811 return cortex_a_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1814 static int cortex_a_add_context_breakpoint(struct target *target,
1815 struct breakpoint *breakpoint)
1817 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1819 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1820 LOG_INFO("no hardware breakpoint available");
1821 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1824 if (breakpoint->type == BKPT_HARD)
1825 cortex_a->brp_num_available--;
1827 return cortex_a_set_context_breakpoint(target, breakpoint, 0x02); /* asid match */
1830 static int cortex_a_add_hybrid_breakpoint(struct target *target,
1831 struct breakpoint *breakpoint)
1833 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1835 if ((breakpoint->type == BKPT_HARD) && (cortex_a->brp_num_available < 1)) {
1836 LOG_INFO("no hardware breakpoint available");
1837 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1840 if (breakpoint->type == BKPT_HARD)
1841 cortex_a->brp_num_available--;
1843 return cortex_a_set_hybrid_breakpoint(target, breakpoint); /* ??? */
1847 static int cortex_a_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1849 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
1852 /* It is perfectly possible to remove breakpoints while the target is running */
1853 if (target->state != TARGET_HALTED) {
1854 LOG_WARNING("target not halted");
1855 return ERROR_TARGET_NOT_HALTED;
1859 if (breakpoint->set) {
1860 cortex_a_unset_breakpoint(target, breakpoint);
1861 if (breakpoint->type == BKPT_HARD)
1862 cortex_a->brp_num_available++;
1870 * Cortex-A Reset functions
1873 static int cortex_a_assert_reset(struct target *target)
1875 struct armv7a_common *armv7a = target_to_armv7a(target);
1879 /* FIXME when halt is requested, make it work somehow... */
1881 /* Issue some kind of warm reset. */
1882 if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT))
1883 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1884 else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1885 /* REVISIT handle "pulls" cases, if there's
1886 * hardware that needs them to work.
1888 jtag_add_reset(0, 1);
1890 LOG_ERROR("%s: how to reset?", target_name(target));
1894 /* registers are now invalid */
1895 register_cache_invalidate(armv7a->arm.core_cache);
1897 target->state = TARGET_RESET;
1902 static int cortex_a_deassert_reset(struct target *target)
1908 /* be certain SRST is off */
1909 jtag_add_reset(0, 0);
1911 retval = cortex_a_poll(target);
1912 if (retval != ERROR_OK)
1915 if (target->reset_halt) {
1916 if (target->state != TARGET_HALTED) {
1917 LOG_WARNING("%s: ran after reset and before halt ...",
1918 target_name(target));
1919 retval = target_halt(target);
1920 if (retval != ERROR_OK)
1928 static int cortex_a_set_dcc_mode(struct target *target, uint32_t mode, uint32_t *dscr)
1930 /* Changes the mode of the DCC between non-blocking, stall, and fast mode.
1931 * New desired mode must be in mode. Current value of DSCR must be in
1932 * *dscr, which is updated with new value.
1934 * This function elides actually sending the mode-change over the debug
1935 * interface if the mode is already set as desired.
1937 uint32_t new_dscr = (*dscr & ~DSCR_EXT_DCC_MASK) | mode;
1938 if (new_dscr != *dscr) {
1939 struct armv7a_common *armv7a = target_to_armv7a(target);
1940 int retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
1941 armv7a->debug_base + CPUDBG_DSCR, new_dscr);
1942 if (retval == ERROR_OK)
1950 static int cortex_a_wait_dscr_bits(struct target *target, uint32_t mask,
1951 uint32_t value, uint32_t *dscr)
1953 /* Waits until the specified bit(s) of DSCR take on a specified value. */
1954 struct armv7a_common *armv7a = target_to_armv7a(target);
1955 long long then = timeval_ms();
1958 while ((*dscr & mask) != value) {
1959 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1960 armv7a->debug_base + CPUDBG_DSCR, dscr);
1961 if (retval != ERROR_OK)
1963 if (timeval_ms() > then + 1000) {
1964 LOG_ERROR("timeout waiting for DSCR bit change");
1971 static int cortex_a_read_copro(struct target *target, uint32_t opcode,
1972 uint32_t *data, uint32_t *dscr)
1975 struct armv7a_common *armv7a = target_to_armv7a(target);
1977 /* Move from coprocessor to R0. */
1978 retval = cortex_a_exec_opcode(target, opcode, dscr);
1979 if (retval != ERROR_OK)
1982 /* Move from R0 to DTRTX. */
1983 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 0, 0, 5, 0), dscr);
1984 if (retval != ERROR_OK)
1987 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
1988 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
1989 * must also check TXfull_l). Most of the time this will be free
1990 * because TXfull_l will be set immediately and cached in dscr. */
1991 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
1992 DSCR_DTRTX_FULL_LATCHED, dscr);
1993 if (retval != ERROR_OK)
1996 /* Read the value transferred to DTRTX. */
1997 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
1998 armv7a->debug_base + CPUDBG_DTRTX, data);
1999 if (retval != ERROR_OK)
2005 static int cortex_a_read_dfar_dfsr(struct target *target, uint32_t *dfar,
2006 uint32_t *dfsr, uint32_t *dscr)
2011 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 6, 0, 0), dfar, dscr);
2012 if (retval != ERROR_OK)
2017 retval = cortex_a_read_copro(target, ARMV4_5_MRC(15, 0, 0, 5, 0, 0), dfsr, dscr);
2018 if (retval != ERROR_OK)
2025 static int cortex_a_write_copro(struct target *target, uint32_t opcode,
2026 uint32_t data, uint32_t *dscr)
2029 struct armv7a_common *armv7a = target_to_armv7a(target);
2031 /* Write the value into DTRRX. */
2032 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2033 armv7a->debug_base + CPUDBG_DTRRX, data);
2034 if (retval != ERROR_OK)
2037 /* Move from DTRRX to R0. */
2038 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), dscr);
2039 if (retval != ERROR_OK)
2042 /* Move from R0 to coprocessor. */
2043 retval = cortex_a_exec_opcode(target, opcode, dscr);
2044 if (retval != ERROR_OK)
2047 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2048 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2049 * check RXfull_l). Most of the time this will be free because RXfull_l
2050 * will be cleared immediately and cached in dscr. */
2051 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2052 if (retval != ERROR_OK)
2058 static int cortex_a_write_dfar_dfsr(struct target *target, uint32_t dfar,
2059 uint32_t dfsr, uint32_t *dscr)
2063 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 6, 0, 0), dfar, dscr);
2064 if (retval != ERROR_OK)
2067 retval = cortex_a_write_copro(target, ARMV4_5_MCR(15, 0, 0, 5, 0, 0), dfsr, dscr);
2068 if (retval != ERROR_OK)
2074 static int cortex_a_dfsr_to_error_code(uint32_t dfsr)
2076 uint32_t status, upper4;
2078 if (dfsr & (1 << 9)) {
2080 status = dfsr & 0x3f;
2081 upper4 = status >> 2;
2082 if (upper4 == 1 || upper4 == 2 || upper4 == 3 || upper4 == 15)
2083 return ERROR_TARGET_TRANSLATION_FAULT;
2084 else if (status == 33)
2085 return ERROR_TARGET_UNALIGNED_ACCESS;
2087 return ERROR_TARGET_DATA_ABORT;
2089 /* Normal format. */
2090 status = ((dfsr >> 6) & 0x10) | (dfsr & 0xf);
2092 return ERROR_TARGET_UNALIGNED_ACCESS;
2093 else if (status == 5 || status == 7 || status == 3 || status == 6 ||
2094 status == 9 || status == 11 || status == 13 || status == 15)
2095 return ERROR_TARGET_TRANSLATION_FAULT;
2097 return ERROR_TARGET_DATA_ABORT;
2101 static int cortex_a_write_apb_ab_memory_slow(struct target *target,
2102 uint32_t size, uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2104 /* Writes count objects of size size from *buffer. Old value of DSCR must
2105 * be in *dscr; updated to new value. This is slow because it works for
2106 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2107 * the address is aligned, cortex_a_write_apb_ab_memory_fast should be
2110 * - Address is in R0.
2111 * - R0 is marked dirty.
2113 struct armv7a_common *armv7a = target_to_armv7a(target);
2114 struct arm *arm = &armv7a->arm;
2117 /* Mark register R1 as dirty, to use for transferring data. */
2118 arm_reg_current(arm, 1)->dirty = true;
2120 /* Switch to non-blocking mode if not already in that mode. */
2121 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2122 if (retval != ERROR_OK)
2125 /* Go through the objects. */
2127 /* Write the value to store into DTRRX. */
2128 uint32_t data, opcode;
2132 data = target_buffer_get_u16(target, buffer);
2134 data = target_buffer_get_u32(target, buffer);
2135 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2136 armv7a->debug_base + CPUDBG_DTRRX, data);
2137 if (retval != ERROR_OK)
2140 /* Transfer the value from DTRRX to R1. */
2141 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), dscr);
2142 if (retval != ERROR_OK)
2145 /* Write the value transferred to R1 into memory. */
2147 opcode = ARMV4_5_STRB_IP(1, 0);
2149 opcode = ARMV4_5_STRH_IP(1, 0);
2151 opcode = ARMV4_5_STRW_IP(1, 0);
2152 retval = cortex_a_exec_opcode(target, opcode, dscr);
2153 if (retval != ERROR_OK)
2156 /* Check for faults and return early. */
2157 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2158 return ERROR_OK; /* A data fault is not considered a system failure. */
2160 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture
2161 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2162 * must also check RXfull_l). Most of the time this will be free
2163 * because RXfull_l will be cleared immediately and cached in dscr. */
2164 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, dscr);
2165 if (retval != ERROR_OK)
2176 static int cortex_a_write_apb_ab_memory_fast(struct target *target,
2177 uint32_t count, const uint8_t *buffer, uint32_t *dscr)
2179 /* Writes count objects of size 4 from *buffer. Old value of DSCR must be
2180 * in *dscr; updated to new value. This is fast but only works for
2181 * word-sized objects at aligned addresses.
2183 * - Address is in R0 and must be a multiple of 4.
2184 * - R0 is marked dirty.
2186 struct armv7a_common *armv7a = target_to_armv7a(target);
2189 /* Switch to fast mode if not already in that mode. */
2190 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2191 if (retval != ERROR_OK)
2194 /* Latch STC instruction. */
2195 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2196 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_STC(0, 1, 0, 1, 14, 5, 0, 4));
2197 if (retval != ERROR_OK)
2200 /* Transfer all the data and issue all the instructions. */
2201 return mem_ap_write_buf_noincr(armv7a->debug_ap, buffer,
2202 4, count, armv7a->debug_base + CPUDBG_DTRRX);
2205 static int cortex_a_write_apb_ab_memory(struct target *target,
2206 uint32_t address, uint32_t size,
2207 uint32_t count, const uint8_t *buffer)
2209 /* Write memory through APB-AP. */
2210 int retval, final_retval;
2211 struct armv7a_common *armv7a = target_to_armv7a(target);
2212 struct arm *arm = &armv7a->arm;
2213 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2215 LOG_DEBUG("Writing APB-AP memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2216 address, size, count);
2217 if (target->state != TARGET_HALTED) {
2218 LOG_WARNING("target not halted");
2219 return ERROR_TARGET_NOT_HALTED;
2225 /* Clear any abort. */
2226 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2227 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2228 if (retval != ERROR_OK)
2232 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2233 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2234 if (retval != ERROR_OK)
2237 /* Switch to non-blocking mode if not already in that mode. */
2238 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2239 if (retval != ERROR_OK)
2242 /* Mark R0 as dirty. */
2243 arm_reg_current(arm, 0)->dirty = true;
2245 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2246 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2247 if (retval != ERROR_OK)
2250 /* Get the memory address into R0. */
2251 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2252 armv7a->debug_base + CPUDBG_DTRRX, address);
2253 if (retval != ERROR_OK)
2255 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2256 if (retval != ERROR_OK)
2259 if (size == 4 && (address % 4) == 0) {
2260 /* We are doing a word-aligned transfer, so use fast mode. */
2261 retval = cortex_a_write_apb_ab_memory_fast(target, count, buffer, &dscr);
2263 /* Use slow path. */
2264 retval = cortex_a_write_apb_ab_memory_slow(target, size, count, buffer, &dscr);
2268 final_retval = retval;
2270 /* Switch to non-blocking mode if not already in that mode. */
2271 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2272 if (final_retval == ERROR_OK)
2273 final_retval = retval;
2275 /* Wait for last issued instruction to complete. */
2276 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2277 if (final_retval == ERROR_OK)
2278 final_retval = retval;
2280 /* Wait until DTRRX is empty (according to ARMv7-A/-R architecture manual
2281 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2282 * check RXfull_l). Most of the time this will be free because RXfull_l
2283 * will be cleared immediately and cached in dscr. However, don’t do this
2284 * if there is fault, because then the instruction might not have completed
2286 if (!(dscr & DSCR_STICKY_ABORT_PRECISE)) {
2287 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRRX_FULL_LATCHED, 0, &dscr);
2288 if (retval != ERROR_OK)
2292 /* If there were any sticky abort flags, clear them. */
2293 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2295 mem_ap_write_atomic_u32(armv7a->debug_ap,
2296 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2297 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2302 /* Handle synchronous data faults. */
2303 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2304 if (final_retval == ERROR_OK) {
2305 /* Final return value will reflect cause of fault. */
2306 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2307 if (retval == ERROR_OK) {
2308 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2309 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2311 final_retval = retval;
2313 /* Fault destroyed DFAR/DFSR; restore them. */
2314 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2315 if (retval != ERROR_OK)
2316 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2319 /* Handle asynchronous data faults. */
2320 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2321 if (final_retval == ERROR_OK)
2322 /* No other error has been recorded so far, so keep this one. */
2323 final_retval = ERROR_TARGET_DATA_ABORT;
2326 /* If the DCC is nonempty, clear it. */
2327 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2329 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2330 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2331 if (final_retval == ERROR_OK)
2332 final_retval = retval;
2334 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2335 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2336 if (final_retval == ERROR_OK)
2337 final_retval = retval;
2341 return final_retval;
2344 static int cortex_a_read_apb_ab_memory_slow(struct target *target,
2345 uint32_t size, uint32_t count, uint8_t *buffer, uint32_t *dscr)
2347 /* Reads count objects of size size into *buffer. Old value of DSCR must be
2348 * in *dscr; updated to new value. This is slow because it works for
2349 * non-word-sized objects and (maybe) unaligned accesses. If size == 4 and
2350 * the address is aligned, cortex_a_read_apb_ab_memory_fast should be
2353 * - Address is in R0.
2354 * - R0 is marked dirty.
2356 struct armv7a_common *armv7a = target_to_armv7a(target);
2357 struct arm *arm = &armv7a->arm;
2360 /* Mark register R1 as dirty, to use for transferring data. */
2361 arm_reg_current(arm, 1)->dirty = true;
2363 /* Switch to non-blocking mode if not already in that mode. */
2364 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2365 if (retval != ERROR_OK)
2368 /* Go through the objects. */
2370 /* Issue a load of the appropriate size to R1. */
2371 uint32_t opcode, data;
2373 opcode = ARMV4_5_LDRB_IP(1, 0);
2375 opcode = ARMV4_5_LDRH_IP(1, 0);
2377 opcode = ARMV4_5_LDRW_IP(1, 0);
2378 retval = cortex_a_exec_opcode(target, opcode, dscr);
2379 if (retval != ERROR_OK)
2382 /* Issue a write of R1 to DTRTX. */
2383 retval = cortex_a_exec_opcode(target, ARMV4_5_MCR(14, 0, 1, 0, 5, 0), dscr);
2384 if (retval != ERROR_OK)
2387 /* Check for faults and return early. */
2388 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2389 return ERROR_OK; /* A data fault is not considered a system failure. */
2391 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture
2392 * manual section C8.4.3, checking InstrCmpl_l is not sufficient; one
2393 * must also check TXfull_l). Most of the time this will be free
2394 * because TXfull_l will be set immediately and cached in dscr. */
2395 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2396 DSCR_DTRTX_FULL_LATCHED, dscr);
2397 if (retval != ERROR_OK)
2400 /* Read the value transferred to DTRTX into the buffer. */
2401 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2402 armv7a->debug_base + CPUDBG_DTRTX, &data);
2403 if (retval != ERROR_OK)
2406 *buffer = (uint8_t) data;
2408 target_buffer_set_u16(target, buffer, (uint16_t) data);
2410 target_buffer_set_u32(target, buffer, data);
2420 static int cortex_a_read_apb_ab_memory_fast(struct target *target,
2421 uint32_t count, uint8_t *buffer, uint32_t *dscr)
2423 /* Reads count objects of size 4 into *buffer. Old value of DSCR must be in
2424 * *dscr; updated to new value. This is fast but only works for word-sized
2425 * objects at aligned addresses.
2427 * - Address is in R0 and must be a multiple of 4.
2428 * - R0 is marked dirty.
2430 struct armv7a_common *armv7a = target_to_armv7a(target);
2434 /* Switch to non-blocking mode if not already in that mode. */
2435 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2436 if (retval != ERROR_OK)
2439 /* Issue the LDC instruction via a write to ITR. */
2440 retval = cortex_a_exec_opcode(target, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4), dscr);
2441 if (retval != ERROR_OK)
2447 /* Switch to fast mode if not already in that mode. */
2448 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_FAST_MODE, dscr);
2449 if (retval != ERROR_OK)
2452 /* Latch LDC instruction. */
2453 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2454 armv7a->debug_base + CPUDBG_ITR, ARMV4_5_LDC(0, 1, 0, 1, 14, 5, 0, 4));
2455 if (retval != ERROR_OK)
2458 /* Read the value transferred to DTRTX into the buffer. Due to fast
2459 * mode rules, this blocks until the instruction finishes executing and
2460 * then reissues the read instruction to read the next word from
2461 * memory. The last read of DTRTX in this call reads the second-to-last
2462 * word from memory and issues the read instruction for the last word.
2464 retval = mem_ap_read_buf_noincr(armv7a->debug_ap, buffer,
2465 4, count, armv7a->debug_base + CPUDBG_DTRTX);
2466 if (retval != ERROR_OK)
2470 buffer += count * 4;
2473 /* Wait for last issued instruction to complete. */
2474 retval = cortex_a_wait_instrcmpl(target, dscr, false);
2475 if (retval != ERROR_OK)
2478 /* Switch to non-blocking mode if not already in that mode. */
2479 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, dscr);
2480 if (retval != ERROR_OK)
2483 /* Check for faults and return early. */
2484 if (*dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE))
2485 return ERROR_OK; /* A data fault is not considered a system failure. */
2487 /* Wait until DTRTX is full (according to ARMv7-A/-R architecture manual
2488 * section C8.4.3, checking InstrCmpl_l is not sufficient; one must also
2489 * check TXfull_l). Most of the time this will be free because TXfull_l
2490 * will be set immediately and cached in dscr. */
2491 retval = cortex_a_wait_dscr_bits(target, DSCR_DTRTX_FULL_LATCHED,
2492 DSCR_DTRTX_FULL_LATCHED, dscr);
2493 if (retval != ERROR_OK)
2496 /* Read the value transferred to DTRTX into the buffer. This is the last
2498 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2499 armv7a->debug_base + CPUDBG_DTRTX, &u32);
2500 if (retval != ERROR_OK)
2502 target_buffer_set_u32(target, buffer, u32);
2507 static int cortex_a_read_apb_ab_memory(struct target *target,
2508 uint32_t address, uint32_t size,
2509 uint32_t count, uint8_t *buffer)
2511 /* Read memory through APB-AP. */
2512 int retval, final_retval;
2513 struct armv7a_common *armv7a = target_to_armv7a(target);
2514 struct arm *arm = &armv7a->arm;
2515 uint32_t dscr, orig_dfar, orig_dfsr, fault_dscr, fault_dfar, fault_dfsr;
2517 LOG_DEBUG("Reading APB-AP memory address 0x%" PRIx32 " size %" PRIu32 " count %" PRIu32,
2518 address, size, count);
2519 if (target->state != TARGET_HALTED) {
2520 LOG_WARNING("target not halted");
2521 return ERROR_TARGET_NOT_HALTED;
2527 /* Clear any abort. */
2528 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2529 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2530 if (retval != ERROR_OK)
2534 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2535 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2536 if (retval != ERROR_OK)
2539 /* Switch to non-blocking mode if not already in that mode. */
2540 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2541 if (retval != ERROR_OK)
2544 /* Mark R0 as dirty. */
2545 arm_reg_current(arm, 0)->dirty = true;
2547 /* Read DFAR and DFSR, as they will be modified in the event of a fault. */
2548 retval = cortex_a_read_dfar_dfsr(target, &orig_dfar, &orig_dfsr, &dscr);
2549 if (retval != ERROR_OK)
2552 /* Get the memory address into R0. */
2553 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
2554 armv7a->debug_base + CPUDBG_DTRRX, address);
2555 if (retval != ERROR_OK)
2557 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0), &dscr);
2558 if (retval != ERROR_OK)
2561 if (size == 4 && (address % 4) == 0) {
2562 /* We are doing a word-aligned transfer, so use fast mode. */
2563 retval = cortex_a_read_apb_ab_memory_fast(target, count, buffer, &dscr);
2565 /* Use slow path. */
2566 retval = cortex_a_read_apb_ab_memory_slow(target, size, count, buffer, &dscr);
2570 final_retval = retval;
2572 /* Switch to non-blocking mode if not already in that mode. */
2573 retval = cortex_a_set_dcc_mode(target, DSCR_EXT_DCC_NON_BLOCKING, &dscr);
2574 if (final_retval == ERROR_OK)
2575 final_retval = retval;
2577 /* Wait for last issued instruction to complete. */
2578 retval = cortex_a_wait_instrcmpl(target, &dscr, true);
2579 if (final_retval == ERROR_OK)
2580 final_retval = retval;
2582 /* If there were any sticky abort flags, clear them. */
2583 if (dscr & (DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE)) {
2585 mem_ap_write_atomic_u32(armv7a->debug_ap,
2586 armv7a->debug_base + CPUDBG_DRCR, DRCR_CLEAR_EXCEPTIONS);
2587 dscr &= ~(DSCR_STICKY_ABORT_PRECISE | DSCR_STICKY_ABORT_IMPRECISE);
2592 /* Handle synchronous data faults. */
2593 if (fault_dscr & DSCR_STICKY_ABORT_PRECISE) {
2594 if (final_retval == ERROR_OK) {
2595 /* Final return value will reflect cause of fault. */
2596 retval = cortex_a_read_dfar_dfsr(target, &fault_dfar, &fault_dfsr, &dscr);
2597 if (retval == ERROR_OK) {
2598 LOG_ERROR("data abort at 0x%08" PRIx32 ", dfsr = 0x%08" PRIx32, fault_dfar, fault_dfsr);
2599 final_retval = cortex_a_dfsr_to_error_code(fault_dfsr);
2601 final_retval = retval;
2603 /* Fault destroyed DFAR/DFSR; restore them. */
2604 retval = cortex_a_write_dfar_dfsr(target, orig_dfar, orig_dfsr, &dscr);
2605 if (retval != ERROR_OK)
2606 LOG_ERROR("error restoring dfar/dfsr - dscr = 0x%08" PRIx32, dscr);
2609 /* Handle asynchronous data faults. */
2610 if (fault_dscr & DSCR_STICKY_ABORT_IMPRECISE) {
2611 if (final_retval == ERROR_OK)
2612 /* No other error has been recorded so far, so keep this one. */
2613 final_retval = ERROR_TARGET_DATA_ABORT;
2616 /* If the DCC is nonempty, clear it. */
2617 if (dscr & DSCR_DTRTX_FULL_LATCHED) {
2619 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2620 armv7a->debug_base + CPUDBG_DTRTX, &dummy);
2621 if (final_retval == ERROR_OK)
2622 final_retval = retval;
2624 if (dscr & DSCR_DTRRX_FULL_LATCHED) {
2625 retval = cortex_a_exec_opcode(target, ARMV4_5_MRC(14, 0, 1, 0, 5, 0), &dscr);
2626 if (final_retval == ERROR_OK)
2627 final_retval = retval;
2631 return final_retval;
2636 * Cortex-A Memory access
2638 * This is same Cortex M3 but we must also use the correct
2639 * ap number for every access.
2642 static int cortex_a_read_phys_memory(struct target *target,
2643 uint32_t address, uint32_t size,
2644 uint32_t count, uint8_t *buffer)
2646 int retval = ERROR_COMMAND_SYNTAX_ERROR;
2648 LOG_DEBUG("Reading memory at real address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32,
2649 address, size, count);
2651 if (count && buffer) {
2652 /* read memory through APB-AP */
2653 cortex_a_prep_memaccess(target, 1);
2654 retval = cortex_a_read_apb_ab_memory(target, address, size, count, buffer);
2655 cortex_a_post_memaccess(target, 1);
2660 static int cortex_a_read_memory(struct target *target, uint32_t address,
2661 uint32_t size, uint32_t count, uint8_t *buffer)
2665 /* cortex_a handles unaligned memory access */
2666 LOG_DEBUG("Reading memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2669 cortex_a_prep_memaccess(target, 0);
2670 retval = cortex_a_read_apb_ab_memory(target, address, size, count, buffer);
2671 cortex_a_post_memaccess(target, 0);
2676 static int cortex_a_read_memory_ahb(struct target *target, uint32_t address,
2677 uint32_t size, uint32_t count, uint8_t *buffer)
2679 int mmu_enabled = 0;
2680 uint32_t virt, phys;
2682 struct armv7a_common *armv7a = target_to_armv7a(target);
2683 struct adiv5_dap *swjdp = armv7a->arm.dap;
2684 uint8_t apsel = swjdp->apsel;
2686 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2687 return target_read_memory(target, address, size, count, buffer);
2689 /* cortex_a handles unaligned memory access */
2690 LOG_DEBUG("Reading memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2693 /* determine if MMU was enabled on target stop */
2694 if (!armv7a->is_armv7r) {
2695 retval = cortex_a_mmu(target, &mmu_enabled);
2696 if (retval != ERROR_OK)
2702 retval = cortex_a_virt2phys(target, virt, &phys);
2703 if (retval != ERROR_OK)
2706 LOG_DEBUG("Reading at virtual address. Translating v:0x%" PRIx32 " to r:0x%" PRIx32,
2711 if (!count || !buffer)
2712 return ERROR_COMMAND_SYNTAX_ERROR;
2714 retval = mem_ap_read_buf(armv7a->memory_ap, buffer, size, count, address);
2719 static int cortex_a_write_phys_memory(struct target *target,
2720 uint32_t address, uint32_t size,
2721 uint32_t count, const uint8_t *buffer)
2723 int retval = ERROR_COMMAND_SYNTAX_ERROR;
2725 LOG_DEBUG("Writing memory to real address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2728 if (count && buffer) {
2729 /* write memory through APB-AP */
2730 cortex_a_prep_memaccess(target, 1);
2731 retval = cortex_a_write_apb_ab_memory(target, address, size, count, buffer);
2732 cortex_a_post_memaccess(target, 1);
2738 static int cortex_a_write_memory(struct target *target, uint32_t address,
2739 uint32_t size, uint32_t count, const uint8_t *buffer)
2743 /* cortex_a handles unaligned memory access */
2744 LOG_DEBUG("Writing memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2747 /* memory writes bypass the caches, must flush before writing */
2748 armv7a_cache_auto_flush_on_write(target, address, size * count);
2750 cortex_a_prep_memaccess(target, 0);
2751 retval = cortex_a_write_apb_ab_memory(target, address, size, count, buffer);
2752 cortex_a_post_memaccess(target, 0);
2756 static int cortex_a_write_memory_ahb(struct target *target, uint32_t address,
2757 uint32_t size, uint32_t count, const uint8_t *buffer)
2759 int mmu_enabled = 0;
2760 uint32_t virt, phys;
2762 struct armv7a_common *armv7a = target_to_armv7a(target);
2763 struct adiv5_dap *swjdp = armv7a->arm.dap;
2764 uint8_t apsel = swjdp->apsel;
2766 if (!armv7a->memory_ap_available || (apsel != armv7a->memory_ap->ap_num))
2767 return target_write_memory(target, address, size, count, buffer);
2769 /* cortex_a handles unaligned memory access */
2770 LOG_DEBUG("Writing memory at address 0x%" PRIx32 "; size %" PRId32 "; count %" PRId32, address,
2773 /* determine if MMU was enabled on target stop */
2774 if (!armv7a->is_armv7r) {
2775 retval = cortex_a_mmu(target, &mmu_enabled);
2776 if (retval != ERROR_OK)
2782 retval = cortex_a_virt2phys(target, virt, &phys);
2783 if (retval != ERROR_OK)
2786 LOG_DEBUG("Writing to virtual address. Translating v:0x%" PRIx32 " to r:0x%" PRIx32,
2792 if (!count || !buffer)
2793 return ERROR_COMMAND_SYNTAX_ERROR;
2795 retval = mem_ap_write_buf(armv7a->memory_ap, buffer, size, count, address);
2800 static int cortex_a_read_buffer(struct target *target, uint32_t address,
2801 uint32_t count, uint8_t *buffer)
2805 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2806 * will have something to do with the size we leave to it. */
2807 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2808 if (address & size) {
2809 int retval = cortex_a_read_memory_ahb(target, address, size, 1, buffer);
2810 if (retval != ERROR_OK)
2818 /* Read the data with as large access size as possible. */
2819 for (; size > 0; size /= 2) {
2820 uint32_t aligned = count - count % size;
2822 int retval = cortex_a_read_memory_ahb(target, address, size, aligned / size, buffer);
2823 if (retval != ERROR_OK)
2834 static int cortex_a_write_buffer(struct target *target, uint32_t address,
2835 uint32_t count, const uint8_t *buffer)
2839 /* Align up to maximum 4 bytes. The loop condition makes sure the next pass
2840 * will have something to do with the size we leave to it. */
2841 for (size = 1; size < 4 && count >= size * 2 + (address & size); size *= 2) {
2842 if (address & size) {
2843 int retval = cortex_a_write_memory_ahb(target, address, size, 1, buffer);
2844 if (retval != ERROR_OK)
2852 /* Write the data with as large access size as possible. */
2853 for (; size > 0; size /= 2) {
2854 uint32_t aligned = count - count % size;
2856 int retval = cortex_a_write_memory_ahb(target, address, size, aligned / size, buffer);
2857 if (retval != ERROR_OK)
2868 static int cortex_a_handle_target_request(void *priv)
2870 struct target *target = priv;
2871 struct armv7a_common *armv7a = target_to_armv7a(target);
2874 if (!target_was_examined(target))
2876 if (!target->dbg_msg_enabled)
2879 if (target->state == TARGET_RUNNING) {
2882 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2883 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2885 /* check if we have data */
2886 while ((dscr & DSCR_DTR_TX_FULL) && (retval == ERROR_OK)) {
2887 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2888 armv7a->debug_base + CPUDBG_DTRTX, &request);
2889 if (retval == ERROR_OK) {
2890 target_request(target, request);
2891 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2892 armv7a->debug_base + CPUDBG_DSCR, &dscr);
2901 * Cortex-A target information and configuration
2904 static int cortex_a_examine_first(struct target *target)
2906 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
2907 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
2908 struct adiv5_dap *swjdp = armv7a->arm.dap;
2910 int retval = ERROR_OK;
2911 uint32_t didr, ctypr, ttypr, cpuid, dbg_osreg;
2913 retval = dap_dp_init(swjdp);
2914 if (retval != ERROR_OK) {
2915 LOG_ERROR("Could not initialize the debug port");
2919 /* Search for the APB-AB - it is needed for access to debug registers */
2920 retval = dap_find_ap(swjdp, AP_TYPE_APB_AP, &armv7a->debug_ap);
2921 if (retval != ERROR_OK) {
2922 LOG_ERROR("Could not find APB-AP for debug access");
2926 retval = mem_ap_init(armv7a->debug_ap);
2927 if (retval != ERROR_OK) {
2928 LOG_ERROR("Could not initialize the APB-AP");
2932 armv7a->debug_ap->memaccess_tck = 80;
2934 /* Search for the AHB-AB.
2935 * REVISIT: We should search for AXI-AP as well and make sure the AP's MEMTYPE says it
2936 * can access system memory. */
2937 armv7a->memory_ap_available = false;
2938 retval = dap_find_ap(swjdp, AP_TYPE_AHB_AP, &armv7a->memory_ap);
2939 if (retval == ERROR_OK) {
2940 retval = mem_ap_init(armv7a->memory_ap);
2941 if (retval == ERROR_OK)
2942 armv7a->memory_ap_available = true;
2944 LOG_WARNING("Could not initialize AHB-AP for memory access - using APB-AP");
2946 /* AHB-AP not found - use APB-AP */
2947 LOG_DEBUG("Could not find AHB-AP - using APB-AP for memory access");
2950 if (!target->dbgbase_set) {
2952 /* Get ROM Table base */
2954 int32_t coreidx = target->coreid;
2955 LOG_DEBUG("%s's dbgbase is not set, trying to detect using the ROM table",
2957 retval = dap_get_debugbase(armv7a->debug_ap, &dbgbase, &apid);
2958 if (retval != ERROR_OK)
2960 /* Lookup 0x15 -- Processor DAP */
2961 retval = dap_lookup_cs_component(armv7a->debug_ap, dbgbase, 0x15,
2962 &armv7a->debug_base, &coreidx);
2963 if (retval != ERROR_OK) {
2964 LOG_ERROR("Can't detect %s's dbgbase from the ROM table; you need to specify it explicitly.",
2968 LOG_DEBUG("Detected core %" PRId32 " dbgbase: %08" PRIx32,
2969 target->coreid, armv7a->debug_base);
2971 armv7a->debug_base = target->dbgbase;
2973 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2974 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
2975 if (retval != ERROR_OK)
2978 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2979 armv7a->debug_base + CPUDBG_CPUID, &cpuid);
2980 if (retval != ERROR_OK) {
2981 LOG_DEBUG("Examine %s failed", "CPUID");
2985 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2986 armv7a->debug_base + CPUDBG_CTYPR, &ctypr);
2987 if (retval != ERROR_OK) {
2988 LOG_DEBUG("Examine %s failed", "CTYPR");
2992 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
2993 armv7a->debug_base + CPUDBG_TTYPR, &ttypr);
2994 if (retval != ERROR_OK) {
2995 LOG_DEBUG("Examine %s failed", "TTYPR");
2999 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3000 armv7a->debug_base + CPUDBG_DIDR, &didr);
3001 if (retval != ERROR_OK) {
3002 LOG_DEBUG("Examine %s failed", "DIDR");
3006 LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
3007 LOG_DEBUG("ctypr = 0x%08" PRIx32, ctypr);
3008 LOG_DEBUG("ttypr = 0x%08" PRIx32, ttypr);
3009 LOG_DEBUG("didr = 0x%08" PRIx32, didr);
3011 cortex_a->cpuid = cpuid;
3012 cortex_a->ctypr = ctypr;
3013 cortex_a->ttypr = ttypr;
3014 cortex_a->didr = didr;
3016 /* Unlocking the debug registers */
3017 if ((cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >> CORTEX_A_MIDR_PARTNUM_SHIFT ==
3018 CORTEX_A15_PARTNUM) {
3020 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3021 armv7a->debug_base + CPUDBG_OSLAR,
3024 if (retval != ERROR_OK)
3028 /* Unlocking the debug registers */
3029 if ((cpuid & CORTEX_A_MIDR_PARTNUM_MASK) >> CORTEX_A_MIDR_PARTNUM_SHIFT ==
3030 CORTEX_A7_PARTNUM) {
3032 retval = mem_ap_write_atomic_u32(armv7a->debug_ap,
3033 armv7a->debug_base + CPUDBG_OSLAR,
3036 if (retval != ERROR_OK)
3040 retval = mem_ap_read_atomic_u32(armv7a->debug_ap,
3041 armv7a->debug_base + CPUDBG_PRSR, &dbg_osreg);
3043 if (retval != ERROR_OK)
3046 LOG_DEBUG("target->coreid %" PRId32 " DBGPRSR 0x%" PRIx32, target->coreid, dbg_osreg);
3048 armv7a->arm.core_type = ARM_MODE_MON;
3050 /* Avoid recreating the registers cache */
3051 if (!target_was_examined(target)) {
3052 retval = cortex_a_dpm_setup(cortex_a, didr);
3053 if (retval != ERROR_OK)
3057 /* Setup Breakpoint Register Pairs */
3058 cortex_a->brp_num = ((didr >> 24) & 0x0F) + 1;
3059 cortex_a->brp_num_context = ((didr >> 20) & 0x0F) + 1;
3060 cortex_a->brp_num_available = cortex_a->brp_num;
3061 free(cortex_a->brp_list);
3062 cortex_a->brp_list = calloc(cortex_a->brp_num, sizeof(struct cortex_a_brp));
3063 /* cortex_a->brb_enabled = ????; */
3064 for (i = 0; i < cortex_a->brp_num; i++) {
3065 cortex_a->brp_list[i].used = 0;
3066 if (i < (cortex_a->brp_num-cortex_a->brp_num_context))
3067 cortex_a->brp_list[i].type = BRP_NORMAL;
3069 cortex_a->brp_list[i].type = BRP_CONTEXT;
3070 cortex_a->brp_list[i].value = 0;
3071 cortex_a->brp_list[i].control = 0;
3072 cortex_a->brp_list[i].BRPn = i;
3075 LOG_DEBUG("Configured %i hw breakpoints", cortex_a->brp_num);
3077 /* select debug_ap as default */
3078 swjdp->apsel = armv7a->debug_ap->ap_num;
3080 target_set_examined(target);
3084 static int cortex_a_examine(struct target *target)
3086 int retval = ERROR_OK;
3088 /* Reestablish communication after target reset */
3089 retval = cortex_a_examine_first(target);
3091 /* Configure core debug access */
3092 if (retval == ERROR_OK)
3093 retval = cortex_a_init_debug_access(target);
3099 * Cortex-A target creation and initialization
3102 static int cortex_a_init_target(struct command_context *cmd_ctx,
3103 struct target *target)
3105 /* examine_first() does a bunch of this */
3109 static int cortex_a_init_arch_info(struct target *target,
3110 struct cortex_a_common *cortex_a, struct jtag_tap *tap)
3112 struct armv7a_common *armv7a = &cortex_a->armv7a_common;
3114 /* Setup struct cortex_a_common */
3115 cortex_a->common_magic = CORTEX_A_COMMON_MAGIC;
3117 /* tap has no dap initialized */
3119 tap->dap = dap_init();
3121 /* Leave (only) generic DAP stuff for debugport_init() */
3122 tap->dap->tap = tap;
3125 armv7a->arm.dap = tap->dap;
3127 cortex_a->fast_reg_read = 0;
3129 /* register arch-specific functions */
3130 armv7a->examine_debug_reason = NULL;
3132 armv7a->post_debug_entry = cortex_a_post_debug_entry;
3134 armv7a->pre_restore_context = NULL;
3136 armv7a->armv7a_mmu.read_physical_memory = cortex_a_read_phys_memory;
3139 /* arm7_9->handle_target_request = cortex_a_handle_target_request; */
3141 /* REVISIT v7a setup should be in a v7a-specific routine */
3142 armv7a_init_arch_info(target, armv7a);
3143 target_register_timer_callback(cortex_a_handle_target_request, 1, 1, target);
3148 static int cortex_a_target_create(struct target *target, Jim_Interp *interp)
3150 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
3152 cortex_a->armv7a_common.is_armv7r = false;
3154 return cortex_a_init_arch_info(target, cortex_a, target->tap);
3157 static int cortex_r4_target_create(struct target *target, Jim_Interp *interp)
3159 struct cortex_a_common *cortex_a = calloc(1, sizeof(struct cortex_a_common));
3161 cortex_a->armv7a_common.is_armv7r = true;
3163 return cortex_a_init_arch_info(target, cortex_a, target->tap);
3166 static void cortex_a_deinit_target(struct target *target)
3168 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3169 struct arm_dpm *dpm = &cortex_a->armv7a_common.dpm;
3171 free(cortex_a->brp_list);
3177 static int cortex_a_mmu(struct target *target, int *enabled)
3179 struct armv7a_common *armv7a = target_to_armv7a(target);
3181 if (target->state != TARGET_HALTED) {
3182 LOG_ERROR("%s: target not halted", __func__);
3183 return ERROR_TARGET_INVALID;
3186 if (armv7a->is_armv7r)
3189 *enabled = target_to_cortex_a(target)->armv7a_common.armv7a_mmu.mmu_enabled;
3194 static int cortex_a_virt2phys(struct target *target,
3195 uint32_t virt, uint32_t *phys)
3197 int retval = ERROR_FAIL;
3198 struct armv7a_common *armv7a = target_to_armv7a(target);
3199 struct adiv5_dap *swjdp = armv7a->arm.dap;
3200 uint8_t apsel = swjdp->apsel;
3201 if (armv7a->memory_ap_available && (apsel == armv7a->memory_ap->ap_num)) {
3203 retval = armv7a_mmu_translate_va(target,
3205 if (retval != ERROR_OK)
3208 } else {/* use this method if armv7a->memory_ap not selected
3209 * mmu must be enable in order to get a correct translation */
3210 retval = cortex_a_mmu_modify(target, 1);
3211 if (retval != ERROR_OK)
3213 retval = armv7a_mmu_translate_va_pa(target, virt, phys, 1);
3219 COMMAND_HANDLER(cortex_a_handle_cache_info_command)
3221 struct target *target = get_current_target(CMD_CTX);
3222 struct armv7a_common *armv7a = target_to_armv7a(target);
3224 return armv7a_handle_cache_info_command(CMD_CTX,
3225 &armv7a->armv7a_mmu.armv7a_cache);
3229 COMMAND_HANDLER(cortex_a_handle_dbginit_command)
3231 struct target *target = get_current_target(CMD_CTX);
3232 if (!target_was_examined(target)) {
3233 LOG_ERROR("target not examined yet");
3237 return cortex_a_init_debug_access(target);
3239 COMMAND_HANDLER(cortex_a_handle_smp_off_command)
3241 struct target *target = get_current_target(CMD_CTX);
3242 /* check target is an smp target */
3243 struct target_list *head;
3244 struct target *curr;
3245 head = target->head;
3247 if (head != (struct target_list *)NULL) {
3248 while (head != (struct target_list *)NULL) {
3249 curr = head->target;
3253 /* fixes the target display to the debugger */
3254 target->gdb_service->target = target;
3259 COMMAND_HANDLER(cortex_a_handle_smp_on_command)
3261 struct target *target = get_current_target(CMD_CTX);
3262 struct target_list *head;
3263 struct target *curr;
3264 head = target->head;
3265 if (head != (struct target_list *)NULL) {
3267 while (head != (struct target_list *)NULL) {
3268 curr = head->target;
3276 COMMAND_HANDLER(cortex_a_handle_smp_gdb_command)
3278 struct target *target = get_current_target(CMD_CTX);
3279 int retval = ERROR_OK;
3280 struct target_list *head;
3281 head = target->head;
3282 if (head != (struct target_list *)NULL) {
3283 if (CMD_ARGC == 1) {
3285 COMMAND_PARSE_NUMBER(int, CMD_ARGV[0], coreid);
3286 if (ERROR_OK != retval)
3288 target->gdb_service->core[1] = coreid;
3291 command_print(CMD_CTX, "gdb coreid %" PRId32 " -> %" PRId32, target->gdb_service->core[0]
3292 , target->gdb_service->core[1]);
3297 COMMAND_HANDLER(handle_cortex_a_mask_interrupts_command)
3299 struct target *target = get_current_target(CMD_CTX);
3300 struct cortex_a_common *cortex_a = target_to_cortex_a(target);
3302 static const Jim_Nvp nvp_maskisr_modes[] = {
3303 { .name = "off", .value = CORTEX_A_ISRMASK_OFF },
3304 { .name = "on", .value = CORTEX_A_ISRMASK_ON },
3305 { .name = NULL, .value = -1 },
3309 if (target->state != TARGET_HALTED) {
3310 command_print(CMD_CTX, "target must be stopped for \"%s\" command", CMD_NAME);
3315 n = Jim_Nvp_name2value_simple(nvp_maskisr_modes, CMD_ARGV[0]);
3316 if (n->name == NULL)
3317 return ERROR_COMMAND_SYNTAX_ERROR;
3318 cortex_a->isrmasking_mode = n->value;
3322 n = Jim_Nvp_value2name_simple(nvp_maskisr_modes, cortex_a->isrmasking_mode);
3323 command_print(CMD_CTX, "cortex_a interrupt mask %s", n->name);
3328 static const struct command_registration cortex_a_exec_command_handlers[] = {
3330 .name = "cache_info",
3331 .handler = cortex_a_handle_cache_info_command,
3332 .mode = COMMAND_EXEC,
3333 .help = "display information about target caches",
3338 .handler = cortex_a_handle_dbginit_command,
3339 .mode = COMMAND_EXEC,
3340 .help = "Initialize core debug",
3343 { .name = "smp_off",
3344 .handler = cortex_a_handle_smp_off_command,
3345 .mode = COMMAND_EXEC,
3346 .help = "Stop smp handling",
3350 .handler = cortex_a_handle_smp_on_command,
3351 .mode = COMMAND_EXEC,
3352 .help = "Restart smp handling",
3357 .handler = cortex_a_handle_smp_gdb_command,
3358 .mode = COMMAND_EXEC,
3359 .help = "display/fix current core played to gdb",
3364 .handler = handle_cortex_a_mask_interrupts_command,
3365 .mode = COMMAND_EXEC,
3366 .help = "mask cortex_a interrupts",
3367 .usage = "['on'|'off']",
3371 COMMAND_REGISTRATION_DONE
3373 static const struct command_registration cortex_a_command_handlers[] = {
3375 .chain = arm_command_handlers,
3378 .chain = armv7a_command_handlers,
3382 .mode = COMMAND_ANY,
3383 .help = "Cortex-A command group",
3385 .chain = cortex_a_exec_command_handlers,
3387 COMMAND_REGISTRATION_DONE
3390 struct target_type cortexa_target = {
3392 .deprecated_name = "cortex_a8",
3394 .poll = cortex_a_poll,
3395 .arch_state = armv7a_arch_state,
3397 .halt = cortex_a_halt,
3398 .resume = cortex_a_resume,
3399 .step = cortex_a_step,
3401 .assert_reset = cortex_a_assert_reset,
3402 .deassert_reset = cortex_a_deassert_reset,
3404 /* REVISIT allow exporting VFP3 registers ... */
3405 .get_gdb_reg_list = arm_get_gdb_reg_list,
3407 .read_memory = cortex_a_read_memory,
3408 .write_memory = cortex_a_write_memory,
3410 .read_buffer = cortex_a_read_buffer,
3411 .write_buffer = cortex_a_write_buffer,
3413 .checksum_memory = arm_checksum_memory,
3414 .blank_check_memory = arm_blank_check_memory,
3416 .run_algorithm = armv4_5_run_algorithm,
3418 .add_breakpoint = cortex_a_add_breakpoint,
3419 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3420 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3421 .remove_breakpoint = cortex_a_remove_breakpoint,
3422 .add_watchpoint = NULL,
3423 .remove_watchpoint = NULL,
3425 .commands = cortex_a_command_handlers,
3426 .target_create = cortex_a_target_create,
3427 .init_target = cortex_a_init_target,
3428 .examine = cortex_a_examine,
3429 .deinit_target = cortex_a_deinit_target,
3431 .read_phys_memory = cortex_a_read_phys_memory,
3432 .write_phys_memory = cortex_a_write_phys_memory,
3433 .mmu = cortex_a_mmu,
3434 .virt2phys = cortex_a_virt2phys,
3437 static const struct command_registration cortex_r4_exec_command_handlers[] = {
3439 .name = "cache_info",
3440 .handler = cortex_a_handle_cache_info_command,
3441 .mode = COMMAND_EXEC,
3442 .help = "display information about target caches",
3447 .handler = cortex_a_handle_dbginit_command,
3448 .mode = COMMAND_EXEC,
3449 .help = "Initialize core debug",
3454 .handler = handle_cortex_a_mask_interrupts_command,
3455 .mode = COMMAND_EXEC,
3456 .help = "mask cortex_r4 interrupts",
3457 .usage = "['on'|'off']",
3460 COMMAND_REGISTRATION_DONE
3462 static const struct command_registration cortex_r4_command_handlers[] = {
3464 .chain = arm_command_handlers,
3467 .chain = armv7a_command_handlers,
3470 .name = "cortex_r4",
3471 .mode = COMMAND_ANY,
3472 .help = "Cortex-R4 command group",
3474 .chain = cortex_r4_exec_command_handlers,
3476 COMMAND_REGISTRATION_DONE
3479 struct target_type cortexr4_target = {
3480 .name = "cortex_r4",
3482 .poll = cortex_a_poll,
3483 .arch_state = armv7a_arch_state,
3485 .halt = cortex_a_halt,
3486 .resume = cortex_a_resume,
3487 .step = cortex_a_step,
3489 .assert_reset = cortex_a_assert_reset,
3490 .deassert_reset = cortex_a_deassert_reset,
3492 /* REVISIT allow exporting VFP3 registers ... */
3493 .get_gdb_reg_list = arm_get_gdb_reg_list,
3495 .read_memory = cortex_a_read_memory,
3496 .write_memory = cortex_a_write_memory,
3498 .checksum_memory = arm_checksum_memory,
3499 .blank_check_memory = arm_blank_check_memory,
3501 .run_algorithm = armv4_5_run_algorithm,
3503 .add_breakpoint = cortex_a_add_breakpoint,
3504 .add_context_breakpoint = cortex_a_add_context_breakpoint,
3505 .add_hybrid_breakpoint = cortex_a_add_hybrid_breakpoint,
3506 .remove_breakpoint = cortex_a_remove_breakpoint,
3507 .add_watchpoint = NULL,
3508 .remove_watchpoint = NULL,
3510 .commands = cortex_r4_command_handlers,
3511 .target_create = cortex_r4_target_create,
3512 .init_target = cortex_a_init_target,
3513 .examine = cortex_a_examine,
3514 .deinit_target = cortex_a_deinit_target,
projects / fw / openocd / blob