git.gag.com Git - fw/openocd/blob - src/target/cortex_a.c

   1 /***************************************************************************
   2  *   Copyright (C) 2005 by Dominic Rath                                    *
   3  *   Dominic.Rath@gmx.de                                                   *
   4  *                                                                         *
   5  *   Copyright (C) 2006 by Magnus Lundin                                   *
   6  *   lundin@mlu.mine.nu                                                    *
   7  *                                                                         *
   8  *   Copyright (C) 2008 by Spencer Oliver                                  *
   9  *   spen@spen-soft.co.uk                                                  *
  10  *                                                                         *
  11  *   Copyright (C) 2009 by Dirk Behme                                      *
  12  *   dirk.behme@gmail.com - copy from cortex_m3                            *
  13  *                                                                         *
  14  *   Copyright (C) 2010 Øyvind Harboe                                      *
  15  *   oyvind.harboe@zylin.com                                               *
  16  *                                                                         *
  17  *   This program is free software; you can redistribute it and/or modify  *
  18  *   it under the terms of the GNU General Public License as published by  *
  19  *   the Free Software Foundation; either version 2 of the License, or     *
  20  *   (at your option) any later version.                                   *
  21  *                                                                         *
  22  *   This program is distributed in the hope that it will be useful,       *
  23  *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
  24  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
  25  *   GNU General Public License for more details.                          *
  26  *                                                                         *
  27  *   You should have received a copy of the GNU General Public License     *
  28  *   along with this program; if not, write to the                         *
  29  *   Free Software Foundation, Inc.,                                       *
  30  *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
  31  *                                                                         *
  32  *   Cortex-A8(tm) TRM, ARM DDI 0344H                                      *
  33  *   Cortex-A9(tm) TRM, ARM DDI 0407F                                      *
  34  *                                                                         *
  35  ***************************************************************************/
  36 #ifdef HAVE_CONFIG_H
  37 #include "config.h"
  38 #endif
  39
  40 #include "breakpoints.h"
  41 #include "cortex_a.h"
  42 #include "register.h"
  43 #include "target_request.h"
  44 #include "target_type.h"
  45 #include "arm_opcodes.h"
  46 #include <helper/time_support.h>
  47
  48 static int cortex_a8_poll(struct target *target);
  49 static int cortex_a8_debug_entry(struct target *target);
  50 static int cortex_a8_restore_context(struct target *target, bool bpwp);
  51 static int cortex_a8_set_breakpoint(struct target *target,
  52                 struct breakpoint *breakpoint, uint8_t matchmode);
  53 static int cortex_a8_unset_breakpoint(struct target *target,
  54                 struct breakpoint *breakpoint);
  55 static int cortex_a8_dap_read_coreregister_u32(struct target *target,
  56                 uint32_t *value, int regnum);
  57 static int cortex_a8_dap_write_coreregister_u32(struct target *target,
  58                 uint32_t value, int regnum);
  59 static int cortex_a8_mmu(struct target *target, int *enabled);
  60 static int cortex_a8_virt2phys(struct target *target,
  61                 uint32_t virt, uint32_t *phys);
  62 static int cortex_a8_disable_mmu_caches(struct target *target, int mmu,
  63                 int d_u_cache, int i_cache);
  64 static int cortex_a8_enable_mmu_caches(struct target *target, int mmu,
  65                 int d_u_cache, int i_cache);
  66 static int cortex_a8_get_ttb(struct target *target, uint32_t *result);
  67
  68
  69 /*
  70  * FIXME do topology discovery using the ROM; don't
  71  * assume this is an OMAP3.   Also, allow for multiple ARMv7-A
  72  * cores, with different AP numbering ... don't use a #define
  73  * for these numbers, use per-core armv7a state.
  74  */
  75 #define swjdp_memoryap 0
  76 #define swjdp_debugap 1
  77
  78 /*
  79  * Cortex-A8 Basic debug access, very low level assumes state is saved
  80  */
  81 static int cortex_a8_init_debug_access(struct target *target)
  82 {
  83         struct armv7a_common *armv7a = target_to_armv7a(target);
  84         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
  85         int retval;
  86         uint32_t dummy;
  87
  88         LOG_DEBUG(" ");
  89
  90         /* Unlocking the debug registers for modification */
  91         /* The debugport might be uninitialised so try twice */
  92         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
  93                         armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
  94         if (retval != ERROR_OK)
  95         {
  96                 /* try again */
  97                 retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
  98                                 armv7a->debug_base + CPUDBG_LOCKACCESS, 0xC5ACCE55);
  99                 if (retval == ERROR_OK)
 100                 {
 101                         LOG_USER("Locking debug access failed on first, but succeeded on second try.");
 102                 }
 103         }
 104         if (retval != ERROR_OK)
 105                 return retval;
 106         /* Clear Sticky Power Down status Bit in PRSR to enable access to
 107            the registers in the Core Power Domain */
 108         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 109                                 armv7a->debug_base + CPUDBG_PRSR, &dummy);
 110         if (retval != ERROR_OK)
 111                 return retval;
 112
 113         /* Enabling of instruction execution in debug mode is done in debug_entry code */
 114
 115         /* Resync breakpoint registers */
 116
 117         /* Since this is likely called from init or reset, update target state information*/
 118         return cortex_a8_poll(target);
 119 }
 120
 121 /* To reduce needless round-trips, pass in a pointer to the current
 122  * DSCR value.  Initialize it to zero if you just need to know the
 123  * value on return from this function; or DSCR_INSTR_COMP if you
 124  * happen to know that no instruction is pending.
 125  */
 126 static int cortex_a8_exec_opcode(struct target *target,
 127                 uint32_t opcode, uint32_t *dscr_p)
 128 {
 129         uint32_t dscr;
 130         int retval;
 131         struct armv7a_common *armv7a = target_to_armv7a(target);
 132         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 133
 134         dscr = dscr_p ? *dscr_p : 0;
 135
 136         LOG_DEBUG("exec opcode 0x%08" PRIx32, opcode);
 137
 138         /* Wait for InstrCompl bit to be set */
 139         long long then = timeval_ms();
 140         while ((dscr & DSCR_INSTR_COMP) == 0)
 141         {
 142                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 143                                 armv7a->debug_base + CPUDBG_DSCR, &dscr);
 144                 if (retval != ERROR_OK)
 145                 {
 146                         LOG_ERROR("Could not read DSCR register, opcode = 0x%08" PRIx32, opcode);
 147                         return retval;
 148                 }
 149                 if (timeval_ms() > then + 1000)
 150                 {
 151                         LOG_ERROR("Timeout waiting for cortex_a8_exec_opcode");
 152                         return ERROR_FAIL;
 153                 }
 154         }
 155
 156         retval = mem_ap_sel_write_u32(swjdp, swjdp_debugap,
 157                                 armv7a->debug_base + CPUDBG_ITR, opcode);
 158         if (retval != ERROR_OK)
 159                 return retval;
 160
 161         then = timeval_ms();
 162         do
 163         {
 164                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 165                                 armv7a->debug_base + CPUDBG_DSCR, &dscr);
 166                 if (retval != ERROR_OK)
 167                 {
 168                         LOG_ERROR("Could not read DSCR register");
 169                         return retval;
 170                 }
 171                 if (timeval_ms() > then + 1000)
 172                 {
 173                         LOG_ERROR("Timeout waiting for cortex_a8_exec_opcode");
 174                         return ERROR_FAIL;
 175                 }
 176         }
 177         while ((dscr & DSCR_INSTR_COMP) == 0); /* Wait for InstrCompl bit to be set */
 178
 179         if (dscr_p)
 180                 *dscr_p = dscr;
 181
 182         return retval;
 183 }
 184
 185 /**************************************************************************
 186 Read core register with very few exec_opcode, fast but needs work_area.
 187 This can cause problems with MMU active.
 188 **************************************************************************/
 189 static int cortex_a8_read_regs_through_mem(struct target *target, uint32_t address,
 190                 uint32_t * regfile)
 191 {
 192         int retval = ERROR_OK;
 193         struct armv7a_common *armv7a = target_to_armv7a(target);
 194         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 195
 196         retval = cortex_a8_dap_read_coreregister_u32(target, regfile, 0);
 197         if (retval != ERROR_OK)
 198                 return retval;
 199         retval = cortex_a8_dap_write_coreregister_u32(target, address, 0);
 200         if (retval != ERROR_OK)
 201                 return retval;
 202         retval = cortex_a8_exec_opcode(target, ARMV4_5_STMIA(0, 0xFFFE, 0, 0), NULL);
 203         if (retval != ERROR_OK)
 204                 return retval;
 205
 206         retval = mem_ap_sel_read_buf_u32(swjdp, swjdp_memoryap,
 207                         (uint8_t *)(&regfile[1]), 4*15, address);
 208
 209         return retval;
 210 }
 211
 212 static int cortex_a8_dap_read_coreregister_u32(struct target *target,
 213                 uint32_t *value, int regnum)
 214 {
 215         int retval = ERROR_OK;
 216         uint8_t reg = regnum&0xFF;
 217         uint32_t dscr = 0;
 218         struct armv7a_common *armv7a = target_to_armv7a(target);
 219         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 220
 221         if (reg > 17)
 222                 return retval;
 223
 224         if (reg < 15)
 225         {
 226                 /* Rn to DCCTX, "MCR p14, 0, Rn, c0, c5, 0"  0xEE00nE15 */
 227                 retval = cortex_a8_exec_opcode(target,
 228                                 ARMV4_5_MCR(14, 0, reg, 0, 5, 0),
 229                                 &dscr);
 230                 if (retval != ERROR_OK)
 231                         return retval;
 232         }
 233         else if (reg == 15)
 234         {
 235                 /* "MOV r0, r15"; then move r0 to DCCTX */
 236                 retval = cortex_a8_exec_opcode(target, 0xE1A0000F, &dscr);
 237                 if (retval != ERROR_OK)
 238                         return retval;
 239                 retval = cortex_a8_exec_opcode(target,
 240                                 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
 241                                 &dscr);
 242                 if (retval != ERROR_OK)
 243                         return retval;
 244         }
 245         else
 246         {
 247                 /* "MRS r0, CPSR" or "MRS r0, SPSR"
 248                  * then move r0 to DCCTX
 249                  */
 250                 retval = cortex_a8_exec_opcode(target, ARMV4_5_MRS(0, reg & 1), &dscr);
 251                 if (retval != ERROR_OK)
 252                         return retval;
 253                 retval = cortex_a8_exec_opcode(target,
 254                                 ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
 255                                 &dscr);
 256                 if (retval != ERROR_OK)
 257                         return retval;
 258         }
 259
 260         /* Wait for DTRRXfull then read DTRRTX */
 261         long long then = timeval_ms();
 262         while ((dscr & DSCR_DTR_TX_FULL) == 0)
 263         {
 264                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 265                                 armv7a->debug_base + CPUDBG_DSCR, &dscr);
 266                 if (retval != ERROR_OK)
 267                         return retval;
 268                 if (timeval_ms() > then + 1000)
 269                 {
 270                         LOG_ERROR("Timeout waiting for cortex_a8_exec_opcode");
 271                         return ERROR_FAIL;
 272                 }
 273         }
 274
 275         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 276                         armv7a->debug_base + CPUDBG_DTRTX, value);
 277         LOG_DEBUG("read DCC 0x%08" PRIx32, *value);
 278
 279         return retval;
 280 }
 281
 282 static int cortex_a8_dap_write_coreregister_u32(struct target *target,
 283                 uint32_t value, int regnum)
 284 {
 285         int retval = ERROR_OK;
 286         uint8_t Rd = regnum&0xFF;
 287         uint32_t dscr;
 288         struct armv7a_common *armv7a = target_to_armv7a(target);
 289         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 290
 291         LOG_DEBUG("register %i, value 0x%08" PRIx32, regnum, value);
 292
 293         /* Check that DCCRX is not full */
 294         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 295                                 armv7a->debug_base + CPUDBG_DSCR, &dscr);
 296         if (retval != ERROR_OK)
 297                 return retval;
 298         if (dscr & DSCR_DTR_RX_FULL)
 299         {
 300                 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
 301                 /* Clear DCCRX with MRC(p14, 0, Rd, c0, c5, 0), opcode  0xEE100E15 */
 302                 retval = cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
 303                                 &dscr);
 304                 if (retval != ERROR_OK)
 305                         return retval;
 306         }
 307
 308         if (Rd > 17)
 309                 return retval;
 310
 311         /* Write DTRRX ... sets DSCR.DTRRXfull but exec_opcode() won't care */
 312         LOG_DEBUG("write DCC 0x%08" PRIx32, value);
 313         retval = mem_ap_sel_write_u32(swjdp, swjdp_debugap,
 314                         armv7a->debug_base + CPUDBG_DTRRX, value);
 315         if (retval != ERROR_OK)
 316                 return retval;
 317
 318         if (Rd < 15)
 319         {
 320                 /* DCCRX to Rn, "MRC p14, 0, Rn, c0, c5, 0", 0xEE10nE15 */
 321                 retval = cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, Rd, 0, 5, 0),
 322                                 &dscr);
 323
 324                 if (retval != ERROR_OK)
 325                         return retval;
 326         }
 327         else if (Rd == 15)
 328         {
 329                 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
 330                  * then "mov r15, r0"
 331                  */
 332                 retval = cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
 333                                 &dscr);
 334                 if (retval != ERROR_OK)
 335                         return retval;
 336                 retval = cortex_a8_exec_opcode(target, 0xE1A0F000, &dscr);
 337                 if (retval != ERROR_OK)
 338                         return retval;
 339         }
 340         else
 341         {
 342                 /* DCCRX to R0, "MRC p14, 0, R0, c0, c5, 0", 0xEE100E15
 343                  * then "MSR CPSR_cxsf, r0" or "MSR SPSR_cxsf, r0" (all fields)
 344                  */
 345                 retval = cortex_a8_exec_opcode(target, ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
 346                                 &dscr);
 347                 if (retval != ERROR_OK)
 348                         return retval;
 349                 retval = cortex_a8_exec_opcode(target, ARMV4_5_MSR_GP(0, 0xF, Rd & 1),
 350                                 &dscr);
 351                 if (retval != ERROR_OK)
 352                         return retval;
 353
 354                 /* "Prefetch flush" after modifying execution status in CPSR */
 355                 if (Rd == 16)
 356                 {
 357                         retval = cortex_a8_exec_opcode(target,
 358                                         ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
 359                                         &dscr);
 360                         if (retval != ERROR_OK)
 361                                 return retval;
 362                 }
 363         }
 364
 365         return retval;
 366 }
 367
 368 /* Write to memory mapped registers directly with no cache or mmu handling */
 369 static int cortex_a8_dap_write_memap_register_u32(struct target *target, uint32_t address, uint32_t value)
 370 {
 371         int retval;
 372         struct armv7a_common *armv7a = target_to_armv7a(target);
 373         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 374
 375         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap, address, value);
 376
 377         return retval;
 378 }
 379
 380 /*
 381  * Cortex-A8 implementation of Debug Programmer's Model
 382  *
 383  * NOTE the invariant:  these routines return with DSCR_INSTR_COMP set,
 384  * so there's no need to poll for it before executing an instruction.
 385  *
 386  * NOTE that in several of these cases the "stall" mode might be useful.
 387  * It'd let us queue a few operations together... prepare/finish might
 388  * be the places to enable/disable that mode.
 389  */
 390
 391 static inline struct cortex_a8_common *dpm_to_a8(struct arm_dpm *dpm)
 392 {
 393         return container_of(dpm, struct cortex_a8_common, armv7a_common.dpm);
 394 }
 395
 396 static int cortex_a8_write_dcc(struct cortex_a8_common *a8, uint32_t data)
 397 {
 398         LOG_DEBUG("write DCC 0x%08" PRIx32, data);
 399         return mem_ap_sel_write_u32(a8->armv7a_common.armv4_5_common.dap,
 400                         swjdp_debugap,a8->armv7a_common.debug_base + CPUDBG_DTRRX, data);
 401 }
 402
 403 static int cortex_a8_read_dcc(struct cortex_a8_common *a8, uint32_t *data,
 404                 uint32_t *dscr_p)
 405 {
 406         struct adiv5_dap *swjdp = a8->armv7a_common.armv4_5_common.dap;
 407         uint32_t dscr = DSCR_INSTR_COMP;
 408         int retval;
 409
 410         if (dscr_p)
 411                 dscr = *dscr_p;
 412
 413         /* Wait for DTRRXfull */
 414         long long then = timeval_ms();
 415         while ((dscr & DSCR_DTR_TX_FULL) == 0) {
 416                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 417                                 a8->armv7a_common.debug_base + CPUDBG_DSCR,
 418                                 &dscr);
 419                 if (retval != ERROR_OK)
 420                         return retval;
 421                 if (timeval_ms() > then + 1000)
 422                 {
 423                         LOG_ERROR("Timeout waiting for read dcc");
 424                         return ERROR_FAIL;
 425                 }
 426         }
 427
 428         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 429                         a8->armv7a_common.debug_base + CPUDBG_DTRTX, data);
 430         if (retval != ERROR_OK)
 431                 return retval;
 432         //LOG_DEBUG("read DCC 0x%08" PRIx32, *data);
 433
 434         if (dscr_p)
 435                 *dscr_p = dscr;
 436
 437         return retval;
 438 }
 439
 440 static int cortex_a8_dpm_prepare(struct arm_dpm *dpm)
 441 {
 442         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 443         struct adiv5_dap *swjdp = a8->armv7a_common.armv4_5_common.dap;
 444         uint32_t dscr;
 445         int retval;
 446
 447         /* set up invariant:  INSTR_COMP is set after ever DPM operation */
 448         long long then = timeval_ms();
 449         for (;;)
 450         {
 451                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 452                                 a8->armv7a_common.debug_base + CPUDBG_DSCR,
 453                                 &dscr);
 454                 if (retval != ERROR_OK)
 455                         return retval;
 456                 if ((dscr & DSCR_INSTR_COMP) != 0)
 457                         break;
 458                 if (timeval_ms() > then + 1000)
 459                 {
 460                         LOG_ERROR("Timeout waiting for dpm prepare");
 461                         return ERROR_FAIL;
 462                 }
 463         }
 464
 465         /* this "should never happen" ... */
 466         if (dscr & DSCR_DTR_RX_FULL) {
 467                 LOG_ERROR("DSCR_DTR_RX_FULL, dscr 0x%08" PRIx32, dscr);
 468                 /* Clear DCCRX */
 469                 retval = cortex_a8_exec_opcode(
 470                                 a8->armv7a_common.armv4_5_common.target,
 471                                 ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
 472                                 &dscr);
 473                 if (retval != ERROR_OK)
 474                         return retval;
 475         }
 476
 477         return retval;
 478 }
 479
 480 static int cortex_a8_dpm_finish(struct arm_dpm *dpm)
 481 {
 482         /* REVISIT what could be done here? */
 483         return ERROR_OK;
 484 }
 485
 486 static int cortex_a8_instr_write_data_dcc(struct arm_dpm *dpm,
 487                 uint32_t opcode, uint32_t data)
 488 {
 489         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 490         int retval;
 491         uint32_t dscr = DSCR_INSTR_COMP;
 492
 493         retval = cortex_a8_write_dcc(a8, data);
 494         if (retval != ERROR_OK)
 495                 return retval;
 496
 497         return cortex_a8_exec_opcode(
 498                         a8->armv7a_common.armv4_5_common.target,
 499                         opcode,
 500                         &dscr);
 501 }
 502
 503 static int cortex_a8_instr_write_data_r0(struct arm_dpm *dpm,
 504                 uint32_t opcode, uint32_t data)
 505 {
 506         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 507         uint32_t dscr = DSCR_INSTR_COMP;
 508         int retval;
 509
 510         retval = cortex_a8_write_dcc(a8, data);
 511         if (retval != ERROR_OK)
 512                 return retval;
 513
 514         /* DCCRX to R0, "MCR p14, 0, R0, c0, c5, 0", 0xEE000E15 */
 515         retval = cortex_a8_exec_opcode(
 516                         a8->armv7a_common.armv4_5_common.target,
 517                         ARMV4_5_MRC(14, 0, 0, 0, 5, 0),
 518                         &dscr);
 519         if (retval != ERROR_OK)
 520                 return retval;
 521
 522         /* then the opcode, taking data from R0 */
 523         retval = cortex_a8_exec_opcode(
 524                         a8->armv7a_common.armv4_5_common.target,
 525                         opcode,
 526                         &dscr);
 527
 528         return retval;
 529 }
 530
 531 static int cortex_a8_instr_cpsr_sync(struct arm_dpm *dpm)
 532 {
 533         struct target *target = dpm->arm->target;
 534         uint32_t dscr = DSCR_INSTR_COMP;
 535
 536         /* "Prefetch flush" after modifying execution status in CPSR */
 537         return cortex_a8_exec_opcode(target,
 538                         ARMV4_5_MCR(15, 0, 0, 7, 5, 4),
 539                         &dscr);
 540 }
 541
 542 static int cortex_a8_instr_read_data_dcc(struct arm_dpm *dpm,
 543                 uint32_t opcode, uint32_t *data)
 544 {
 545         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 546         int retval;
 547         uint32_t dscr = DSCR_INSTR_COMP;
 548
 549         /* the opcode, writing data to DCC */
 550         retval = cortex_a8_exec_opcode(
 551                         a8->armv7a_common.armv4_5_common.target,
 552                         opcode,
 553                         &dscr);
 554         if (retval != ERROR_OK)
 555                 return retval;
 556
 557         return cortex_a8_read_dcc(a8, data, &dscr);
 558 }
 559
 560
 561 static int cortex_a8_instr_read_data_r0(struct arm_dpm *dpm,
 562                 uint32_t opcode, uint32_t *data)
 563 {
 564         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 565         uint32_t dscr = DSCR_INSTR_COMP;
 566         int retval;
 567
 568         /* the opcode, writing data to R0 */
 569         retval = cortex_a8_exec_opcode(
 570                         a8->armv7a_common.armv4_5_common.target,
 571                         opcode,
 572                         &dscr);
 573         if (retval != ERROR_OK)
 574                 return retval;
 575
 576         /* write R0 to DCC */
 577         retval = cortex_a8_exec_opcode(
 578                         a8->armv7a_common.armv4_5_common.target,
 579                         ARMV4_5_MCR(14, 0, 0, 0, 5, 0),
 580                         &dscr);
 581         if (retval != ERROR_OK)
 582                 return retval;
 583
 584         return cortex_a8_read_dcc(a8, data, &dscr);
 585 }
 586
 587 static int cortex_a8_bpwp_enable(struct arm_dpm *dpm, unsigned index_t,
 588                 uint32_t addr, uint32_t control)
 589 {
 590         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 591         uint32_t vr = a8->armv7a_common.debug_base;
 592         uint32_t cr = a8->armv7a_common.debug_base;
 593         int retval;
 594
 595         switch (index_t) {
 596         case 0 ... 15:          /* breakpoints */
 597                 vr += CPUDBG_BVR_BASE;
 598                 cr += CPUDBG_BCR_BASE;
 599                 break;
 600         case 16 ... 31:         /* watchpoints */
 601                 vr += CPUDBG_WVR_BASE;
 602                 cr += CPUDBG_WCR_BASE;
 603                 index_t -= 16;
 604                 break;
 605         default:
 606                 return ERROR_FAIL;
 607         }
 608         vr += 4 * index_t;
 609         cr += 4 * index_t;
 610
 611         LOG_DEBUG("A8: bpwp enable, vr %08x cr %08x",
 612                         (unsigned) vr, (unsigned) cr);
 613
 614         retval = cortex_a8_dap_write_memap_register_u32(dpm->arm->target,
 615                         vr, addr);
 616         if (retval != ERROR_OK)
 617                 return retval;
 618         retval = cortex_a8_dap_write_memap_register_u32(dpm->arm->target,
 619                         cr, control);
 620         return retval;
 621 }
 622
 623 static int cortex_a8_bpwp_disable(struct arm_dpm *dpm, unsigned index_t)
 624 {
 625         struct cortex_a8_common *a8 = dpm_to_a8(dpm);
 626         uint32_t cr;
 627
 628         switch (index_t) {
 629         case 0 ... 15:
 630                 cr = a8->armv7a_common.debug_base + CPUDBG_BCR_BASE;
 631                 break;
 632         case 16 ... 31:
 633                 cr = a8->armv7a_common.debug_base + CPUDBG_WCR_BASE;
 634                 index_t -= 16;
 635                 break;
 636         default:
 637                 return ERROR_FAIL;
 638         }
 639         cr += 4 * index_t;
 640
 641         LOG_DEBUG("A8: bpwp disable, cr %08x", (unsigned) cr);
 642
 643         /* clear control register */
 644         return cortex_a8_dap_write_memap_register_u32(dpm->arm->target, cr, 0);
 645 }
 646
 647 static int cortex_a8_dpm_setup(struct cortex_a8_common *a8, uint32_t didr)
 648 {
 649         struct arm_dpm *dpm = &a8->armv7a_common.dpm;
 650         int retval;
 651
 652         dpm->arm = &a8->armv7a_common.armv4_5_common;
 653         dpm->didr = didr;
 654
 655         dpm->prepare = cortex_a8_dpm_prepare;
 656         dpm->finish = cortex_a8_dpm_finish;
 657
 658         dpm->instr_write_data_dcc = cortex_a8_instr_write_data_dcc;
 659         dpm->instr_write_data_r0 = cortex_a8_instr_write_data_r0;
 660         dpm->instr_cpsr_sync = cortex_a8_instr_cpsr_sync;
 661
 662         dpm->instr_read_data_dcc = cortex_a8_instr_read_data_dcc;
 663         dpm->instr_read_data_r0 = cortex_a8_instr_read_data_r0;
 664
 665         dpm->bpwp_enable = cortex_a8_bpwp_enable;
 666         dpm->bpwp_disable = cortex_a8_bpwp_disable;
 667
 668         retval = arm_dpm_setup(dpm);
 669         if (retval == ERROR_OK)
 670                 retval = arm_dpm_initialize(dpm);
 671
 672         return retval;
 673 }
 674
 675
 676 /*
 677  * Cortex-A8 Run control
 678  */
 679
 680 static int cortex_a8_poll(struct target *target)
 681 {
 682         int retval = ERROR_OK;
 683         uint32_t dscr;
 684         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
 685         struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
 686         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 687         enum target_state prev_target_state = target->state;
 688
 689         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 690                         armv7a->debug_base + CPUDBG_DSCR, &dscr);
 691         if (retval != ERROR_OK)
 692         {
 693                 return retval;
 694         }
 695         cortex_a8->cpudbg_dscr = dscr;
 696
 697         if (DSCR_RUN_MODE(dscr) == (DSCR_CORE_HALTED | DSCR_CORE_RESTARTED))
 698         {
 699                 if (prev_target_state != TARGET_HALTED)
 700                 {
 701                         /* We have a halting debug event */
 702                         LOG_DEBUG("Target halted");
 703                         target->state = TARGET_HALTED;
 704                         if ((prev_target_state == TARGET_RUNNING)
 705                                         || (prev_target_state == TARGET_RESET))
 706                         {
 707                                 retval = cortex_a8_debug_entry(target);
 708                                 if (retval != ERROR_OK)
 709                                         return retval;
 710
 711                                 target_call_event_callbacks(target,
 712                                                 TARGET_EVENT_HALTED);
 713                         }
 714                         if (prev_target_state == TARGET_DEBUG_RUNNING)
 715                         {
 716                                 LOG_DEBUG(" ");
 717
 718                                 retval = cortex_a8_debug_entry(target);
 719                                 if (retval != ERROR_OK)
 720                                         return retval;
 721
 722                                 target_call_event_callbacks(target,
 723                                                 TARGET_EVENT_DEBUG_HALTED);
 724                         }
 725                 }
 726         }
 727         else if (DSCR_RUN_MODE(dscr) == DSCR_CORE_RESTARTED)
 728         {
 729                 target->state = TARGET_RUNNING;
 730         }
 731         else
 732         {
 733                 LOG_DEBUG("Unknown target state dscr = 0x%08" PRIx32, dscr);
 734                 target->state = TARGET_UNKNOWN;
 735         }
 736
 737         return retval;
 738 }
 739
 740 static int cortex_a8_halt(struct target *target)
 741 {
 742         int retval = ERROR_OK;
 743         uint32_t dscr;
 744         struct armv7a_common *armv7a = target_to_armv7a(target);
 745         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 746
 747         /*
 748          * Tell the core to be halted by writing DRCR with 0x1
 749          * and then wait for the core to be halted.
 750          */
 751         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
 752                         armv7a->debug_base + CPUDBG_DRCR, DRCR_HALT);
 753         if (retval != ERROR_OK)
 754                 return retval;
 755
 756         /*
 757          * enter halting debug mode
 758          */
 759         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 760                                 armv7a->debug_base + CPUDBG_DSCR, &dscr);
 761         if (retval != ERROR_OK)
 762                 return retval;
 763
 764         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
 765                 armv7a->debug_base + CPUDBG_DSCR, dscr | DSCR_HALT_DBG_MODE);
 766         if (retval != ERROR_OK)
 767                 return retval;
 768
 769         long long then = timeval_ms();
 770         for (;;)
 771         {
 772                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 773                         armv7a->debug_base + CPUDBG_DSCR, &dscr);
 774                 if (retval != ERROR_OK)
 775                         return retval;
 776                 if ((dscr & DSCR_CORE_HALTED) != 0)
 777                 {
 778                         break;
 779                 }
 780                 if (timeval_ms() > then + 1000)
 781                 {
 782                         LOG_ERROR("Timeout waiting for halt");
 783                         return ERROR_FAIL;
 784                 }
 785         }
 786
 787         target->debug_reason = DBG_REASON_DBGRQ;
 788
 789         return ERROR_OK;
 790 }
 791
 792 static int cortex_a8_resume(struct target *target, int current,
 793                 uint32_t address, int handle_breakpoints, int debug_execution)
 794 {
 795         struct armv7a_common *armv7a = target_to_armv7a(target);
 796         struct arm *armv4_5 = &armv7a->armv4_5_common;
 797         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 798         int retval;
 799
 800 //      struct breakpoint *breakpoint = NULL;
 801         uint32_t resume_pc, dscr;
 802
 803         if (!debug_execution)
 804                 target_free_all_working_areas(target);
 805
 806 #if 0
 807         if (debug_execution)
 808         {
 809                 /* Disable interrupts */
 810                 /* We disable interrupts in the PRIMASK register instead of
 811                  * masking with C_MASKINTS,
 812                  * This is probably the same issue as Cortex-M3 Errata 377493:
 813                  * C_MASKINTS in parallel with disabled interrupts can cause
 814                  * local faults to not be taken. */
 815                 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_PRIMASK].value, 0, 32, 1);
 816                 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].dirty = 1;
 817                 armv7m->core_cache->reg_list[ARMV7M_PRIMASK].valid = 1;
 818
 819                 /* Make sure we are in Thumb mode */
 820                 buf_set_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32,
 821                         buf_get_u32(armv7m->core_cache->reg_list[ARMV7M_xPSR].value, 0, 32) | (1 << 24));
 822                 armv7m->core_cache->reg_list[ARMV7M_xPSR].dirty = 1;
 823                 armv7m->core_cache->reg_list[ARMV7M_xPSR].valid = 1;
 824         }
 825 #endif
 826
 827         /* current = 1: continue on current pc, otherwise continue at <address> */
 828         resume_pc = buf_get_u32(armv4_5->pc->value, 0, 32);
 829         if (!current)
 830                 resume_pc = address;
 831
 832         /* Make sure that the Armv7 gdb thumb fixups does not
 833          * kill the return address
 834          */
 835         switch (armv4_5->core_state)
 836         {
 837         case ARM_STATE_ARM:
 838                 resume_pc &= 0xFFFFFFFC;
 839                 break;
 840         case ARM_STATE_THUMB:
 841         case ARM_STATE_THUMB_EE:
 842                 /* When the return address is loaded into PC
 843                  * bit 0 must be 1 to stay in Thumb state
 844                  */
 845                 resume_pc |= 0x1;
 846                 break;
 847         case ARM_STATE_JAZELLE:
 848                 LOG_ERROR("How do I resume into Jazelle state??");
 849                 return ERROR_FAIL;
 850         }
 851         LOG_DEBUG("resume pc = 0x%08" PRIx32, resume_pc);
 852         buf_set_u32(armv4_5->pc->value, 0, 32, resume_pc);
 853         armv4_5->pc->dirty = 1;
 854         armv4_5->pc->valid = 1;
 855
 856         retval = cortex_a8_restore_context(target, handle_breakpoints);
 857         if (retval != ERROR_OK)
 858                 return retval;
 859
 860 #if 0
 861         /* the front-end may request us not to handle breakpoints */
 862         if (handle_breakpoints)
 863         {
 864                 /* Single step past breakpoint at current address */
 865                 if ((breakpoint = breakpoint_find(target, resume_pc)))
 866                 {
 867                         LOG_DEBUG("unset breakpoint at 0x%8.8x", breakpoint->address);
 868                         cortex_m3_unset_breakpoint(target, breakpoint);
 869                         cortex_m3_single_step_core(target);
 870                         cortex_m3_set_breakpoint(target, breakpoint);
 871                 }
 872         }
 873
 874 #endif
 875
 876         /*
 877          * Restart core and wait for it to be started.  Clear ITRen and sticky
 878          * exception flags: see ARMv7 ARM, C5.9.
 879          *
 880          * REVISIT: for single stepping, we probably want to
 881          * disable IRQs by default, with optional override...
 882          */
 883
 884         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 885                         armv7a->debug_base + CPUDBG_DSCR, &dscr);
 886         if (retval != ERROR_OK)
 887                 return retval;
 888
 889         if ((dscr & DSCR_INSTR_COMP) == 0)
 890                 LOG_ERROR("DSCR InstrCompl must be set before leaving debug!");
 891
 892         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
 893                 armv7a->debug_base + CPUDBG_DSCR, dscr & ~DSCR_ITR_EN);
 894         if (retval != ERROR_OK)
 895                 return retval;
 896
 897         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
 898                         armv7a->debug_base + CPUDBG_DRCR, DRCR_RESTART | DRCR_CLEAR_EXCEPTIONS);
 899         if (retval != ERROR_OK)
 900                 return retval;
 901
 902         long long then = timeval_ms();
 903         for (;;)
 904         {
 905                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 906                         armv7a->debug_base + CPUDBG_DSCR, &dscr);
 907                 if (retval != ERROR_OK)
 908                         return retval;
 909                 if ((dscr & DSCR_CORE_RESTARTED) != 0)
 910                         break;
 911                 if (timeval_ms() > then + 1000)
 912                 {
 913                         LOG_ERROR("Timeout waiting for resume");
 914                         return ERROR_FAIL;
 915                 }
 916         }
 917
 918         target->debug_reason = DBG_REASON_NOTHALTED;
 919         target->state = TARGET_RUNNING;
 920
 921         /* registers are now invalid */
 922         register_cache_invalidate(armv4_5->core_cache);
 923
 924         if (!debug_execution)
 925         {
 926                 target->state = TARGET_RUNNING;
 927                 target_call_event_callbacks(target, TARGET_EVENT_RESUMED);
 928                 LOG_DEBUG("target resumed at 0x%" PRIx32, resume_pc);
 929         }
 930         else
 931         {
 932                 target->state = TARGET_DEBUG_RUNNING;
 933                 target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED);
 934                 LOG_DEBUG("target debug resumed at 0x%" PRIx32, resume_pc);
 935         }
 936
 937         return ERROR_OK;
 938 }
 939
 940 static int cortex_a8_debug_entry(struct target *target)
 941 {
 942         int i;
 943         uint32_t regfile[16], cpsr, dscr;
 944         int retval = ERROR_OK;
 945         struct working_area *regfile_working_area = NULL;
 946         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
 947         struct armv7a_common *armv7a = target_to_armv7a(target);
 948         struct arm *armv4_5 = &armv7a->armv4_5_common;
 949         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
 950         struct reg *reg;
 951
 952         LOG_DEBUG("dscr = 0x%08" PRIx32, cortex_a8->cpudbg_dscr);
 953
 954         /* REVISIT surely we should not re-read DSCR !! */
 955         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 956                                 armv7a->debug_base + CPUDBG_DSCR, &dscr);
 957         if (retval != ERROR_OK)
 958                 return retval;
 959
 960         /* REVISIT see A8 TRM 12.11.4 steps 2..3 -- make sure that any
 961          * imprecise data aborts get discarded by issuing a Data
 962          * Synchronization Barrier:  ARMV4_5_MCR(15, 0, 0, 7, 10, 4).
 963          */
 964
 965         /* Enable the ITR execution once we are in debug mode */
 966         dscr |= DSCR_ITR_EN;
 967         retval = mem_ap_sel_write_atomic_u32(swjdp, swjdp_debugap,
 968                         armv7a->debug_base + CPUDBG_DSCR, dscr);
 969         if (retval != ERROR_OK)
 970                 return retval;
 971
 972         /* Examine debug reason */
 973         arm_dpm_report_dscr(&armv7a->dpm, cortex_a8->cpudbg_dscr);
 974
 975         /* save address of instruction that triggered the watchpoint? */
 976         if (target->debug_reason == DBG_REASON_WATCHPOINT) {
 977                 uint32_t wfar;
 978
 979                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
 980                                 armv7a->debug_base + CPUDBG_WFAR,
 981                                 &wfar);
 982                 if (retval != ERROR_OK)
 983                         return retval;
 984                 arm_dpm_report_wfar(&armv7a->dpm, wfar);
 985         }
 986
 987         /* REVISIT fast_reg_read is never set ... */
 988
 989         /* Examine target state and mode */
 990         if (cortex_a8->fast_reg_read)
 991                 target_alloc_working_area(target, 64, &regfile_working_area);
 992
 993         /* First load register acessible through core debug port*/
 994         if (!regfile_working_area)
 995         {
 996                 retval = arm_dpm_read_current_registers(&armv7a->dpm);
 997         }
 998         else
 999         {
1000                 retval = cortex_a8_read_regs_through_mem(target,
1001                                 regfile_working_area->address, regfile);
1002
1003                 target_free_working_area(target, regfile_working_area);
1004                 if (retval != ERROR_OK)
1005                 {
1006                         return retval;
1007                 }
1008
1009                 /* read Current PSR */
1010                 retval = cortex_a8_dap_read_coreregister_u32(target, &cpsr, 16);
1011                 if (retval != ERROR_OK)
1012                         return retval;
1013
1014                 LOG_DEBUG("cpsr: %8.8" PRIx32, cpsr);
1015
1016                 arm_set_cpsr(armv4_5, cpsr);
1017
1018                 /* update cache */
1019                 for (i = 0; i <= ARM_PC; i++)
1020                 {
1021                         reg = arm_reg_current(armv4_5, i);
1022
1023                         buf_set_u32(reg->value, 0, 32, regfile[i]);
1024                         reg->valid = 1;
1025                         reg->dirty = 0;
1026                 }
1027
1028                 /* Fixup PC Resume Address */
1029                 if (cpsr & (1 << 5))
1030                 {
1031                         // T bit set for Thumb or ThumbEE state
1032                         regfile[ARM_PC] -= 4;
1033                 }
1034                 else
1035                 {
1036                         // ARM state
1037                         regfile[ARM_PC] -= 8;
1038                 }
1039
1040                 reg = armv4_5->pc;
1041                 buf_set_u32(reg->value, 0, 32, regfile[ARM_PC]);
1042                 reg->dirty = reg->valid;
1043         }
1044
1045 #if 0
1046 /* TODO, Move this */
1047         uint32_t cp15_control_register, cp15_cacr, cp15_nacr;
1048         cortex_a8_read_cp(target, &cp15_control_register, 15, 0, 1, 0, 0);
1049         LOG_DEBUG("cp15_control_register = 0x%08x", cp15_control_register);
1050
1051         cortex_a8_read_cp(target, &cp15_cacr, 15, 0, 1, 0, 2);
1052         LOG_DEBUG("cp15 Coprocessor Access Control Register = 0x%08x", cp15_cacr);
1053
1054         cortex_a8_read_cp(target, &cp15_nacr, 15, 0, 1, 1, 2);
1055         LOG_DEBUG("cp15 Nonsecure Access Control Register = 0x%08x", cp15_nacr);
1056 #endif
1057
1058         /* Are we in an exception handler */
1059 //      armv4_5->exception_number = 0;
1060         if (armv7a->post_debug_entry)
1061         {
1062                 retval = armv7a->post_debug_entry(target);
1063                 if (retval != ERROR_OK)
1064                         return retval;
1065         }
1066
1067         return retval;
1068 }
1069
1070 static int cortex_a8_post_debug_entry(struct target *target)
1071 {
1072         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1073         struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1074         int retval;
1075
1076         /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
1077         retval = armv7a->armv4_5_common.mrc(target, 15,
1078                         0, 0,   /* op1, op2 */
1079                         1, 0,   /* CRn, CRm */
1080                         &cortex_a8->cp15_control_reg);
1081         if (retval != ERROR_OK)
1082                 return retval;
1083         LOG_DEBUG("cp15_control_reg: %8.8" PRIx32, cortex_a8->cp15_control_reg);
1084
1085         if (armv7a->armv4_5_mmu.armv4_5_cache.ctype == -1)
1086         {
1087                 uint32_t cache_type_reg;
1088
1089                 /* MRC p15,0,<Rt>,c0,c0,1 ; Read CP15 Cache Type Register */
1090                 retval = armv7a->armv4_5_common.mrc(target, 15,
1091                                 0, 1,   /* op1, op2 */
1092                                 0, 0,   /* CRn, CRm */
1093                                 &cache_type_reg);
1094                 if (retval != ERROR_OK)
1095                         return retval;
1096                 LOG_DEBUG("cp15 cache type: %8.8x", (unsigned) cache_type_reg);
1097
1098                 /* FIXME the armv4_4 cache info DOES NOT APPLY to Cortex-A8 */
1099                 armv4_5_identify_cache(cache_type_reg,
1100                                 &armv7a->armv4_5_mmu.armv4_5_cache);
1101         }
1102
1103         armv7a->armv4_5_mmu.mmu_enabled =
1104                         (cortex_a8->cp15_control_reg & 0x1U) ? 1 : 0;
1105         armv7a->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled =
1106                         (cortex_a8->cp15_control_reg & 0x4U) ? 1 : 0;
1107         armv7a->armv4_5_mmu.armv4_5_cache.i_cache_enabled =
1108                         (cortex_a8->cp15_control_reg & 0x1000U) ? 1 : 0;
1109
1110         return ERROR_OK;
1111 }
1112
1113 static int cortex_a8_step(struct target *target, int current, uint32_t address,
1114                 int handle_breakpoints)
1115 {
1116         struct armv7a_common *armv7a = target_to_armv7a(target);
1117         struct arm *armv4_5 = &armv7a->armv4_5_common;
1118         struct breakpoint *breakpoint = NULL;
1119         struct breakpoint stepbreakpoint;
1120         struct reg *r;
1121         int retval;
1122
1123         if (target->state != TARGET_HALTED)
1124         {
1125                 LOG_WARNING("target not halted");
1126                 return ERROR_TARGET_NOT_HALTED;
1127         }
1128
1129         /* current = 1: continue on current pc, otherwise continue at <address> */
1130         r = armv4_5->pc;
1131         if (!current)
1132         {
1133                 buf_set_u32(r->value, 0, 32, address);
1134         }
1135         else
1136         {
1137                 address = buf_get_u32(r->value, 0, 32);
1138         }
1139
1140         /* The front-end may request us not to handle breakpoints.
1141          * But since Cortex-A8 uses breakpoint for single step,
1142          * we MUST handle breakpoints.
1143          */
1144         handle_breakpoints = 1;
1145         if (handle_breakpoints) {
1146                 breakpoint = breakpoint_find(target, address);
1147                 if (breakpoint)
1148                         cortex_a8_unset_breakpoint(target, breakpoint);
1149         }
1150
1151         /* Setup single step breakpoint */
1152         stepbreakpoint.address = address;
1153         stepbreakpoint.length = (armv4_5->core_state == ARM_STATE_THUMB)
1154                         ? 2 : 4;
1155         stepbreakpoint.type = BKPT_HARD;
1156         stepbreakpoint.set = 0;
1157
1158         /* Break on IVA mismatch */
1159         cortex_a8_set_breakpoint(target, &stepbreakpoint, 0x04);
1160
1161         target->debug_reason = DBG_REASON_SINGLESTEP;
1162
1163         retval = cortex_a8_resume(target, 1, address, 0, 0);
1164         if (retval != ERROR_OK)
1165                 return retval;
1166
1167         long long then = timeval_ms();
1168         while (target->state != TARGET_HALTED)
1169         {
1170                 retval = cortex_a8_poll(target);
1171                 if (retval != ERROR_OK)
1172                         return retval;
1173                 if (timeval_ms() > then + 1000)
1174                 {
1175                         LOG_ERROR("timeout waiting for target halt");
1176                         return ERROR_FAIL;
1177                 }
1178         }
1179
1180         cortex_a8_unset_breakpoint(target, &stepbreakpoint);
1181
1182         target->debug_reason = DBG_REASON_BREAKPOINT;
1183
1184         if (breakpoint)
1185                 cortex_a8_set_breakpoint(target, breakpoint, 0);
1186
1187         if (target->state != TARGET_HALTED)
1188                 LOG_DEBUG("target stepped");
1189
1190         return ERROR_OK;
1191 }
1192
1193 static int cortex_a8_restore_context(struct target *target, bool bpwp)
1194 {
1195         struct armv7a_common *armv7a = target_to_armv7a(target);
1196
1197         LOG_DEBUG(" ");
1198
1199         if (armv7a->pre_restore_context)
1200                 armv7a->pre_restore_context(target);
1201
1202         return arm_dpm_write_dirty_registers(&armv7a->dpm, bpwp);
1203 }
1204
1205
1206 /*
1207  * Cortex-A8 Breakpoint and watchpoint functions
1208  */
1209
1210 /* Setup hardware Breakpoint Register Pair */
1211 static int cortex_a8_set_breakpoint(struct target *target,
1212                 struct breakpoint *breakpoint, uint8_t matchmode)
1213 {
1214         int retval;
1215         int brp_i=0;
1216         uint32_t control;
1217         uint8_t byte_addr_select = 0x0F;
1218         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1219         struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1220         struct cortex_a8_brp * brp_list = cortex_a8->brp_list;
1221
1222         if (breakpoint->set)
1223         {
1224                 LOG_WARNING("breakpoint already set");
1225                 return ERROR_OK;
1226         }
1227
1228         if (breakpoint->type == BKPT_HARD)
1229         {
1230                 while (brp_list[brp_i].used && (brp_i < cortex_a8->brp_num))
1231                         brp_i++ ;
1232                 if (brp_i >= cortex_a8->brp_num)
1233                 {
1234                         LOG_ERROR("ERROR Can not find free Breakpoint Register Pair");
1235                         return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1236                 }
1237                 breakpoint->set = brp_i + 1;
1238                 if (breakpoint->length == 2)
1239                 {
1240                         byte_addr_select = (3 << (breakpoint->address & 0x02));
1241                 }
1242                 control = ((matchmode & 0x7) << 20)
1243                                 | (byte_addr_select << 5)
1244                                 | (3 << 1) | 1;
1245                 brp_list[brp_i].used = 1;
1246                 brp_list[brp_i].value = (breakpoint->address & 0xFFFFFFFC);
1247                 brp_list[brp_i].control = control;
1248                 retval = cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1249                                 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1250                                 brp_list[brp_i].value);
1251                 if (retval != ERROR_OK)
1252                         return retval;
1253                 retval = cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1254                                 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1255                                 brp_list[brp_i].control);
1256                 if (retval != ERROR_OK)
1257                         return retval;
1258                 LOG_DEBUG("brp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1259                                 brp_list[brp_i].control,
1260                                 brp_list[brp_i].value);
1261         }
1262         else if (breakpoint->type == BKPT_SOFT)
1263         {
1264                 uint8_t code[4];
1265                 if (breakpoint->length == 2)
1266                 {
1267                         buf_set_u32(code, 0, 32, ARMV5_T_BKPT(0x11));
1268                 }
1269                 else
1270                 {
1271                         buf_set_u32(code, 0, 32, ARMV5_BKPT(0x11));
1272                 }
1273                 retval = target->type->read_memory(target,
1274                                 breakpoint->address & 0xFFFFFFFE,
1275                                 breakpoint->length, 1,
1276                                 breakpoint->orig_instr);
1277                 if (retval != ERROR_OK)
1278                         return retval;
1279                 retval = target->type->write_memory(target,
1280                                 breakpoint->address & 0xFFFFFFFE,
1281                                 breakpoint->length, 1, code);
1282                 if (retval != ERROR_OK)
1283                         return retval;
1284                 breakpoint->set = 0x11; /* Any nice value but 0 */
1285         }
1286
1287         return ERROR_OK;
1288 }
1289
1290 static int cortex_a8_unset_breakpoint(struct target *target, struct breakpoint *breakpoint)
1291 {
1292         int retval;
1293         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1294         struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1295         struct cortex_a8_brp * brp_list = cortex_a8->brp_list;
1296
1297         if (!breakpoint->set)
1298         {
1299                 LOG_WARNING("breakpoint not set");
1300                 return ERROR_OK;
1301         }
1302
1303         if (breakpoint->type == BKPT_HARD)
1304         {
1305                 int brp_i = breakpoint->set - 1;
1306                 if ((brp_i < 0) || (brp_i >= cortex_a8->brp_num))
1307                 {
1308                         LOG_DEBUG("Invalid BRP number in breakpoint");
1309                         return ERROR_OK;
1310                 }
1311                 LOG_DEBUG("rbp %i control 0x%0" PRIx32 " value 0x%0" PRIx32, brp_i,
1312                                 brp_list[brp_i].control, brp_list[brp_i].value);
1313                 brp_list[brp_i].used = 0;
1314                 brp_list[brp_i].value = 0;
1315                 brp_list[brp_i].control = 0;
1316                 retval = cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1317                                 + CPUDBG_BCR_BASE + 4 * brp_list[brp_i].BRPn,
1318                                 brp_list[brp_i].control);
1319                 if (retval != ERROR_OK)
1320                         return retval;
1321                 retval = cortex_a8_dap_write_memap_register_u32(target, armv7a->debug_base
1322                                 + CPUDBG_BVR_BASE + 4 * brp_list[brp_i].BRPn,
1323                                 brp_list[brp_i].value);
1324                 if (retval != ERROR_OK)
1325                         return retval;
1326         }
1327         else
1328         {
1329                 /* restore original instruction (kept in target endianness) */
1330                 if (breakpoint->length == 4)
1331                 {
1332                         retval = target->type->write_memory(target,
1333                                         breakpoint->address & 0xFFFFFFFE,
1334                                         4, 1, breakpoint->orig_instr);
1335                         if (retval != ERROR_OK)
1336                                 return retval;
1337                 }
1338                 else
1339                 {
1340                         retval = target->type->write_memory(target,
1341                                         breakpoint->address & 0xFFFFFFFE,
1342                                         2, 1, breakpoint->orig_instr);
1343                         if (retval != ERROR_OK)
1344                                 return retval;
1345                 }
1346         }
1347         breakpoint->set = 0;
1348
1349         return ERROR_OK;
1350 }
1351
1352 static int cortex_a8_add_breakpoint(struct target *target,
1353                 struct breakpoint *breakpoint)
1354 {
1355         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1356
1357         if ((breakpoint->type == BKPT_HARD) && (cortex_a8->brp_num_available < 1))
1358         {
1359                 LOG_INFO("no hardware breakpoint available");
1360                 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
1361         }
1362
1363         if (breakpoint->type == BKPT_HARD)
1364                 cortex_a8->brp_num_available--;
1365
1366         return cortex_a8_set_breakpoint(target, breakpoint, 0x00); /* Exact match */
1367 }
1368
1369 static int cortex_a8_remove_breakpoint(struct target *target, struct breakpoint *breakpoint)
1370 {
1371         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1372
1373 #if 0
1374 /* It is perfectly possible to remove breakpoints while the target is running */
1375         if (target->state != TARGET_HALTED)
1376         {
1377                 LOG_WARNING("target not halted");
1378                 return ERROR_TARGET_NOT_HALTED;
1379         }
1380 #endif
1381
1382         if (breakpoint->set)
1383         {
1384                 cortex_a8_unset_breakpoint(target, breakpoint);
1385                 if (breakpoint->type == BKPT_HARD)
1386                         cortex_a8->brp_num_available++ ;
1387         }
1388
1389
1390         return ERROR_OK;
1391 }
1392
1393
1394
1395 /*
1396  * Cortex-A8 Reset functions
1397  */
1398
1399 static int cortex_a8_assert_reset(struct target *target)
1400 {
1401         struct armv7a_common *armv7a = target_to_armv7a(target);
1402
1403         LOG_DEBUG(" ");
1404
1405         /* FIXME when halt is requested, make it work somehow... */
1406
1407         /* Issue some kind of warm reset. */
1408         if (target_has_event_action(target, TARGET_EVENT_RESET_ASSERT)) {
1409                 target_handle_event(target, TARGET_EVENT_RESET_ASSERT);
1410         } else if (jtag_get_reset_config() & RESET_HAS_SRST) {
1411                 /* REVISIT handle "pulls" cases, if there's
1412                  * hardware that needs them to work.
1413                  */
1414                 jtag_add_reset(0, 1);
1415         } else {
1416                 LOG_ERROR("%s: how to reset?", target_name(target));
1417                 return ERROR_FAIL;
1418         }
1419
1420         /* registers are now invalid */
1421         register_cache_invalidate(armv7a->armv4_5_common.core_cache);
1422
1423         target->state = TARGET_RESET;
1424
1425         return ERROR_OK;
1426 }
1427
1428 static int cortex_a8_deassert_reset(struct target *target)
1429 {
1430         int retval;
1431
1432         LOG_DEBUG(" ");
1433
1434         /* be certain SRST is off */
1435         jtag_add_reset(0, 0);
1436
1437         retval = cortex_a8_poll(target);
1438         if (retval != ERROR_OK)
1439                 return retval;
1440
1441         if (target->reset_halt) {
1442                 if (target->state != TARGET_HALTED) {
1443                         LOG_WARNING("%s: ran after reset and before halt ...",
1444                                         target_name(target));
1445                         if ((retval = target_halt(target)) != ERROR_OK)
1446                                 return retval;
1447                 }
1448         }
1449
1450         return ERROR_OK;
1451 }
1452
1453 static int cortex_a8_write_apb_ab_memory(struct target *target,
1454                 uint32_t address, uint32_t size,
1455                 uint32_t count, const uint8_t *buffer)
1456 {
1457         int retval = ERROR_INVALID_ARGUMENTS;
1458         struct armv7a_common *armv7a = target_to_armv7a(target);
1459         struct arm *armv4_5 = &armv7a->armv4_5_common;
1460         int nbytes = count * size;
1461         uint32_t data;
1462         struct reg *reg;
1463
1464         if (target->state != TARGET_HALTED)
1465         {
1466                 LOG_WARNING("target not halted");
1467                 return ERROR_TARGET_NOT_HALTED;
1468         }
1469         reg = arm_reg_current(armv4_5, 0);
1470         reg->dirty = 1;
1471         reg = arm_reg_current(armv4_5, 1);
1472         reg->dirty = 1;
1473         retval = cortex_a8_dap_write_coreregister_u32(target, address, 0);
1474         if (retval != ERROR_OK)
1475                 return retval;
1476
1477         while (nbytes > 0) {
1478                 data = *buffer++;
1479                 retval = cortex_a8_dap_write_coreregister_u32(target, data, 1);
1480                 if (retval != ERROR_OK)
1481                         return retval;
1482
1483                 /* execute instruction STRB r1, [r0], 1 (0xe4c01001) */
1484                 retval = cortex_a8_exec_opcode(target, ARMV4_5_STRB_IP(1, 0) , NULL);
1485                 if (retval != ERROR_OK)
1486                         return retval;
1487                 --nbytes;
1488         }
1489         return retval;
1490 }
1491
1492
1493 static int cortex_a8_read_apb_ab_memory(struct target *target,
1494                 uint32_t address, uint32_t size,
1495                 uint32_t count, uint8_t *buffer)
1496 {
1497         int retval = ERROR_INVALID_ARGUMENTS;
1498         struct armv7a_common *armv7a = target_to_armv7a(target);
1499         struct arm *armv4_5 = &armv7a->armv4_5_common;
1500         /* read memory through APB-AP */
1501         int nbytes = count * size;
1502         uint32_t data;
1503         struct reg *reg;
1504
1505         if (target->state != TARGET_HALTED)
1506         {
1507                 LOG_WARNING("target not halted");
1508                 return ERROR_TARGET_NOT_HALTED;
1509         }
1510
1511         reg = arm_reg_current(armv4_5, 0);
1512         reg->dirty = 1;
1513         reg = arm_reg_current(armv4_5, 1);
1514         reg->dirty = 1;
1515
1516         retval = cortex_a8_dap_write_coreregister_u32(target, address, 0);
1517         if (retval != ERROR_OK)
1518                 return retval;
1519
1520         while (nbytes > 0) {
1521
1522
1523                 /* execute instruction LDRB r1, [r0], 1 (0xe4d01001) */
1524                 retval = cortex_a8_exec_opcode(target, ARMV4_5_LDRB_IP(1, 0) , NULL);
1525                 if (retval != ERROR_OK)
1526                         return retval;
1527
1528                 retval = cortex_a8_dap_read_coreregister_u32(target, &data, 1);
1529                 if (retval != ERROR_OK)
1530                         return retval;
1531
1532                 *buffer++ = data;
1533                 --nbytes;
1534
1535         }
1536         return retval;
1537 }
1538
1539
1540
1541 /*
1542  * Cortex-A8 Memory access
1543  *
1544  * This is same Cortex M3 but we must also use the correct
1545  * ap number for every access.
1546  */
1547
1548 static int cortex_a8_read_phys_memory(struct target *target,
1549                 uint32_t address, uint32_t size,
1550                 uint32_t count, uint8_t *buffer)
1551 {
1552         struct armv7a_common *armv7a = target_to_armv7a(target);
1553         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
1554         int retval = ERROR_INVALID_ARGUMENTS;
1555         uint8_t apsel = swjdp->apsel;
1556         LOG_DEBUG("Reading memory at real address 0x%x; size %d; count %d",
1557                         address, size, count);
1558
1559         if (count && buffer) {
1560
1561                 if ( apsel == swjdp_memoryap ) {
1562
1563                         /* read memory through AHB-AP */
1564
1565                         switch (size) {
1566                         case 4:
1567                                 retval = mem_ap_sel_read_buf_u32(swjdp, swjdp_memoryap,
1568                                                 buffer, 4 * count, address);
1569                                 break;
1570                         case 2:
1571                                 retval = mem_ap_sel_read_buf_u16(swjdp, swjdp_memoryap,
1572                                                 buffer, 2 * count, address);
1573                                 break;
1574                         case 1:
1575                                 retval = mem_ap_sel_read_buf_u8(swjdp, swjdp_memoryap,
1576                                                 buffer, count, address);
1577                                 break;
1578                         }
1579
1580                 } else {
1581
1582                         /* read memory through APB-AP */
1583                         int enabled = 0;
1584
1585                         retval = cortex_a8_mmu(target, &enabled);
1586                         if (retval != ERROR_OK)
1587                                 return retval;
1588
1589                         if (enabled)
1590                         {
1591                                 LOG_WARNING("Reading physical memory through \
1592                                                 APB with MMU enabled is not yet implemented");
1593                                 return ERROR_TARGET_FAILURE;
1594                         }
1595                         retval =  cortex_a8_read_apb_ab_memory(target, address, size, count, buffer);
1596                 }
1597         }
1598         return retval;
1599 }
1600
1601 static int cortex_a8_read_memory(struct target *target, uint32_t address,
1602                 uint32_t size, uint32_t count, uint8_t *buffer)
1603 {
1604         int enabled = 0;
1605         uint32_t virt, phys;
1606         int retval;
1607         struct armv7a_common *armv7a = target_to_armv7a(target);
1608         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
1609         uint8_t apsel = swjdp->apsel;
1610
1611         /* cortex_a8 handles unaligned memory access */
1612         LOG_DEBUG("Reading memory at address 0x%x; size %d; count %d", address,
1613                         size, count);
1614         if (apsel == swjdp_memoryap) {
1615                 retval = cortex_a8_mmu(target, &enabled);
1616                 if (retval != ERROR_OK)
1617                         return retval;
1618
1619                 if(enabled)
1620                 {
1621                         virt = address;
1622                         retval = cortex_a8_virt2phys(target, virt, &phys);
1623                         if (retval != ERROR_OK)
1624                                 return retval;
1625
1626                         LOG_DEBUG("Reading at virtual address. Translating v:0x%x to r:0x%x",
1627                                         virt, phys);
1628                         address = phys;
1629                 }
1630                 retval = cortex_a8_read_phys_memory(target, address, size, count, buffer);
1631         } else {
1632                 retval = cortex_a8_read_apb_ab_memory(target, address, size, count, buffer);
1633         }
1634         return retval;
1635 }
1636
1637 static int cortex_a8_write_phys_memory(struct target *target,
1638                 uint32_t address, uint32_t size,
1639                 uint32_t count, const uint8_t *buffer)
1640 {
1641         struct armv7a_common *armv7a = target_to_armv7a(target);
1642         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
1643         int retval = ERROR_INVALID_ARGUMENTS;
1644         uint8_t apsel = swjdp->apsel;
1645
1646         LOG_DEBUG("Writing memory to real address 0x%x; size %d; count %d", address,
1647                         size, count);
1648
1649         if (count && buffer) {
1650
1651                 if ( apsel == swjdp_memoryap ) {
1652
1653                         /* write memory through AHB-AP */
1654
1655                         switch (size) {
1656                                 case 4:
1657                                         retval = mem_ap_sel_write_buf_u32(swjdp, swjdp_memoryap,
1658                                                         buffer, 4 * count, address);
1659                                         break;
1660                                 case 2:
1661                                         retval = mem_ap_sel_write_buf_u16(swjdp, swjdp_memoryap,
1662                                                         buffer, 2 * count, address);
1663                                         break;
1664                                 case 1:
1665                                         retval = mem_ap_sel_write_buf_u8(swjdp, swjdp_memoryap,
1666                                                         buffer, count, address);
1667                                         break;
1668                         }
1669
1670                 } else {
1671
1672                         /* write memory through APB-AP */
1673                         int enabled = 0;
1674
1675                         retval = cortex_a8_mmu(target, &enabled);
1676                         if (retval != ERROR_OK)
1677                                 return retval;
1678
1679                         if (enabled)
1680                         {
1681                                 LOG_WARNING("Writing physical memory through APB with MMU" \
1682                                                 "enabled is not yet implemented");
1683                                 return ERROR_TARGET_FAILURE;
1684                         }
1685                         return cortex_a8_write_apb_ab_memory(target, address, size, count, buffer);
1686                 }
1687         }
1688
1689
1690         /* REVISIT this op is generic ARMv7-A/R stuff */
1691         if (retval == ERROR_OK && target->state == TARGET_HALTED)
1692         {
1693                 struct arm_dpm *dpm = armv7a->armv4_5_common.dpm;
1694
1695                 retval = dpm->prepare(dpm);
1696                 if (retval != ERROR_OK)
1697                         return retval;
1698
1699                 /* The Cache handling will NOT work with MMU active, the
1700                  * wrong addresses will be invalidated!
1701                  *
1702                  * For both ICache and DCache, walk all cache lines in the
1703                  * address range. Cortex-A8 has fixed 64 byte line length.
1704                  *
1705                  * REVISIT per ARMv7, these may trigger watchpoints ...
1706                  */
1707
1708                 /* invalidate I-Cache */
1709                 if (armv7a->armv4_5_mmu.armv4_5_cache.i_cache_enabled)
1710                 {
1711                         /* ICIMVAU - Invalidate Cache single entry
1712                          * with MVA to PoU
1713                          *      MCR p15, 0, r0, c7, c5, 1
1714                          */
1715                         for (uint32_t cacheline = address;
1716                                         cacheline < address + size * count;
1717                                         cacheline += 64) {
1718                                 retval = dpm->instr_write_data_r0(dpm,
1719                                                 ARMV4_5_MCR(15, 0, 0, 7, 5, 1),
1720                                                 cacheline);
1721                                 if (retval != ERROR_OK)
1722                                         return retval;
1723                         }
1724                 }
1725
1726                 /* invalidate D-Cache */
1727                 if (armv7a->armv4_5_mmu.armv4_5_cache.d_u_cache_enabled)
1728                 {
1729                         /* DCIMVAC - Invalidate data Cache line
1730                          * with MVA to PoC
1731                          *      MCR p15, 0, r0, c7, c6, 1
1732                          */
1733                         for (uint32_t cacheline = address;
1734                                         cacheline < address + size * count;
1735                                         cacheline += 64) {
1736                                 retval = dpm->instr_write_data_r0(dpm,
1737                                                 ARMV4_5_MCR(15, 0, 0, 7, 6, 1),
1738                                                 cacheline);
1739                                 if (retval != ERROR_OK)
1740                                         return retval;
1741                         }
1742                 }
1743
1744                 /* (void) */ dpm->finish(dpm);
1745         }
1746
1747         return retval;
1748 }
1749
1750 static int cortex_a8_write_memory(struct target *target, uint32_t address,
1751                 uint32_t size, uint32_t count, const uint8_t *buffer)
1752 {
1753         int enabled = 0;
1754         uint32_t virt, phys;
1755         int retval;
1756         struct armv7a_common *armv7a = target_to_armv7a(target);
1757         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
1758         uint8_t apsel = swjdp->apsel;
1759         /* cortex_a8 handles unaligned memory access */
1760         LOG_DEBUG("Reading memory at address 0x%x; size %d; count %d", address,
1761                         size, count);
1762         if (apsel == swjdp_memoryap) {
1763
1764                 LOG_DEBUG("Writing memory to address 0x%x; size %d; count %d", address, size, count);
1765                 retval = cortex_a8_mmu(target, &enabled);
1766                 if (retval != ERROR_OK)
1767                         return retval;
1768
1769                 if(enabled)
1770                 {
1771                         virt = address;
1772                         retval = cortex_a8_virt2phys(target, virt, &phys);
1773                         if (retval != ERROR_OK)
1774                                 return retval;
1775                         LOG_DEBUG("Writing to virtual address. Translating v:0x%x to r:0x%x", virt, phys);
1776                         address = phys;
1777                 }
1778
1779                 retval = cortex_a8_write_phys_memory(target, address, size,
1780                                 count, buffer);
1781         }
1782         else {
1783                 retval = cortex_a8_write_apb_ab_memory(target, address, size, count, buffer);
1784         }
1785     return retval;
1786 }
1787
1788 static int cortex_a8_bulk_write_memory(struct target *target, uint32_t address,
1789                 uint32_t count, const uint8_t *buffer)
1790 {
1791         return cortex_a8_write_memory(target, address, 4, count, buffer);
1792 }
1793
1794
1795 static int cortex_a8_handle_target_request(void *priv)
1796 {
1797         struct target *target = priv;
1798         struct armv7a_common *armv7a = target_to_armv7a(target);
1799         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
1800         int retval;
1801
1802         if (!target_was_examined(target))
1803                 return ERROR_OK;
1804         if (!target->dbg_msg_enabled)
1805                 return ERROR_OK;
1806
1807         if (target->state == TARGET_RUNNING)
1808         {
1809                 uint32_t request;
1810                 uint32_t dscr;
1811                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1812                                         armv7a->debug_base      + CPUDBG_DSCR, &dscr);
1813
1814                 /* check if we have data */
1815                 while ((dscr & DSCR_DTR_TX_FULL) && (retval==ERROR_OK))
1816                 {
1817                         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1818                                         armv7a->debug_base+ CPUDBG_DTRTX, &request);
1819                         if (retval == ERROR_OK)
1820                         {
1821                                 target_request(target, request);
1822                                 retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1823                                                 armv7a->debug_base+ CPUDBG_DSCR, &dscr);
1824                         }
1825                 }
1826         }
1827
1828         return ERROR_OK;
1829 }
1830
1831 /*
1832  * Cortex-A8 target information and configuration
1833  */
1834
1835 static int cortex_a8_examine_first(struct target *target)
1836 {
1837         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
1838         struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1839         struct adiv5_dap *swjdp = armv7a->armv4_5_common.dap;
1840         int i;
1841         int retval = ERROR_OK;
1842         uint32_t didr, ctypr, ttypr, cpuid;
1843
1844         /* We do one extra read to ensure DAP is configured,
1845          * we call ahbap_debugport_init(swjdp) instead
1846          */
1847         retval = ahbap_debugport_init(swjdp);
1848         if (retval != ERROR_OK)
1849                 return retval;
1850
1851         if (!target->dbgbase_set)
1852         {
1853                 uint32_t dbgbase;
1854                 /* Get ROM Table base */
1855                 uint32_t apid;
1856                 retval = dap_get_debugbase(swjdp, 1, &dbgbase, &apid);
1857                 if (retval != ERROR_OK)
1858                         return retval;
1859                 /* Lookup 0x15 -- Processor DAP */
1860                 retval = dap_lookup_cs_component(swjdp, 1, dbgbase, 0x15,
1861                                 &armv7a->debug_base);
1862                 if (retval != ERROR_OK)
1863                         return retval;
1864         }
1865     else
1866         {
1867                 armv7a->debug_base = target->dbgbase;
1868         }
1869
1870         retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1871                         armv7a->debug_base + CPUDBG_CPUID, &cpuid);
1872         if (retval != ERROR_OK)
1873                 return retval;
1874
1875         if ((retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1876                         armv7a->debug_base + CPUDBG_CPUID, &cpuid)) != ERROR_OK)
1877         {
1878                 LOG_DEBUG("Examine %s failed", "CPUID");
1879                 return retval;
1880         }
1881
1882         if ((retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1883                         armv7a->debug_base + CPUDBG_CTYPR, &ctypr)) != ERROR_OK)
1884         {
1885                 LOG_DEBUG("Examine %s failed", "CTYPR");
1886                 return retval;
1887         }
1888
1889         if ((retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1890                         armv7a->debug_base + CPUDBG_TTYPR, &ttypr)) != ERROR_OK)
1891         {
1892                 LOG_DEBUG("Examine %s failed", "TTYPR");
1893                 return retval;
1894         }
1895
1896         if ((retval = mem_ap_sel_read_atomic_u32(swjdp, swjdp_debugap,
1897                         armv7a->debug_base + CPUDBG_DIDR, &didr)) != ERROR_OK)
1898         {
1899                 LOG_DEBUG("Examine %s failed", "DIDR");
1900                 return retval;
1901         }
1902
1903         LOG_DEBUG("cpuid = 0x%08" PRIx32, cpuid);
1904         LOG_DEBUG("ctypr = 0x%08" PRIx32, ctypr);
1905         LOG_DEBUG("ttypr = 0x%08" PRIx32, ttypr);
1906         LOG_DEBUG("didr = 0x%08" PRIx32, didr);
1907
1908         armv7a->armv4_5_common.core_type = ARM_MODE_MON;
1909         retval = cortex_a8_dpm_setup(cortex_a8, didr);
1910         if (retval != ERROR_OK)
1911                 return retval;
1912
1913         /* Setup Breakpoint Register Pairs */
1914         cortex_a8->brp_num = ((didr >> 24) & 0x0F) + 1;
1915         cortex_a8->brp_num_context = ((didr >> 20) & 0x0F) + 1;
1916         cortex_a8->brp_num_available = cortex_a8->brp_num;
1917         cortex_a8->brp_list = calloc(cortex_a8->brp_num, sizeof(struct cortex_a8_brp));
1918 //      cortex_a8->brb_enabled = ????;
1919         for (i = 0; i < cortex_a8->brp_num; i++)
1920         {
1921                 cortex_a8->brp_list[i].used = 0;
1922                 if (i < (cortex_a8->brp_num-cortex_a8->brp_num_context))
1923                         cortex_a8->brp_list[i].type = BRP_NORMAL;
1924                 else
1925                         cortex_a8->brp_list[i].type = BRP_CONTEXT;
1926                 cortex_a8->brp_list[i].value = 0;
1927                 cortex_a8->brp_list[i].control = 0;
1928                 cortex_a8->brp_list[i].BRPn = i;
1929         }
1930
1931         LOG_DEBUG("Configured %i hw breakpoints", cortex_a8->brp_num);
1932
1933         target_set_examined(target);
1934         return ERROR_OK;
1935 }
1936
1937 static int cortex_a8_examine(struct target *target)
1938 {
1939         int retval = ERROR_OK;
1940
1941         /* don't re-probe hardware after each reset */
1942         if (!target_was_examined(target))
1943                 retval = cortex_a8_examine_first(target);
1944
1945         /* Configure core debug access */
1946         if (retval == ERROR_OK)
1947                 retval = cortex_a8_init_debug_access(target);
1948
1949         return retval;
1950 }
1951
1952 /*
1953  *      Cortex-A8 target creation and initialization
1954  */
1955
1956 static int cortex_a8_init_target(struct command_context *cmd_ctx,
1957                 struct target *target)
1958 {
1959         /* examine_first() does a bunch of this */
1960         return ERROR_OK;
1961 }
1962
1963 static int cortex_a8_init_arch_info(struct target *target,
1964                 struct cortex_a8_common *cortex_a8, struct jtag_tap *tap)
1965 {
1966         struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
1967         struct arm *armv4_5 = &armv7a->armv4_5_common;
1968         struct adiv5_dap *dap = &armv7a->dap;
1969
1970         armv7a->armv4_5_common.dap = dap;
1971
1972         /* Setup struct cortex_a8_common */
1973         cortex_a8->common_magic = CORTEX_A8_COMMON_MAGIC;
1974         /*  tap has no dap initialized */
1975         if (!tap->dap)
1976         {
1977         armv7a->armv4_5_common.dap = dap;
1978         /* Setup struct cortex_a8_common */
1979         armv4_5->arch_info = armv7a;
1980
1981         /* prepare JTAG information for the new target */
1982         cortex_a8->jtag_info.tap = tap;
1983         cortex_a8->jtag_info.scann_size = 4;
1984
1985         /* Leave (only) generic DAP stuff for debugport_init() */
1986         dap->jtag_info = &cortex_a8->jtag_info;
1987         dap->memaccess_tck = 80;
1988
1989         /* Number of bits for tar autoincrement, impl. dep. at least 10 */
1990         dap->tar_autoincr_block = (1 << 10);
1991         dap->memaccess_tck = 80;
1992         tap->dap = dap;
1993     }
1994         else
1995         armv7a->armv4_5_common.dap = tap->dap;
1996
1997         cortex_a8->fast_reg_read = 0;
1998
1999         /* Set default value */
2000         cortex_a8->current_address_mode = ARM_MODE_ANY;
2001
2002         /* register arch-specific functions */
2003         armv7a->examine_debug_reason = NULL;
2004
2005         armv7a->post_debug_entry = cortex_a8_post_debug_entry;
2006
2007         armv7a->pre_restore_context = NULL;
2008         armv7a->armv4_5_mmu.armv4_5_cache.ctype = -1;
2009         armv7a->armv4_5_mmu.get_ttb = cortex_a8_get_ttb;
2010         armv7a->armv4_5_mmu.read_memory = cortex_a8_read_phys_memory;
2011         armv7a->armv4_5_mmu.write_memory = cortex_a8_write_phys_memory;
2012         armv7a->armv4_5_mmu.disable_mmu_caches = cortex_a8_disable_mmu_caches;
2013         armv7a->armv4_5_mmu.enable_mmu_caches = cortex_a8_enable_mmu_caches;
2014         armv7a->armv4_5_mmu.has_tiny_pages = 1;
2015         armv7a->armv4_5_mmu.mmu_enabled = 0;
2016
2017
2018 //      arm7_9->handle_target_request = cortex_a8_handle_target_request;
2019
2020         /* REVISIT v7a setup should be in a v7a-specific routine */
2021         arm_init_arch_info(target, armv4_5);
2022         armv7a->common_magic = ARMV7_COMMON_MAGIC;
2023
2024         target_register_timer_callback(cortex_a8_handle_target_request, 1, 1, target);
2025
2026         return ERROR_OK;
2027 }
2028
2029 static int cortex_a8_target_create(struct target *target, Jim_Interp *interp)
2030 {
2031         struct cortex_a8_common *cortex_a8 = calloc(1, sizeof(struct cortex_a8_common));
2032
2033         return cortex_a8_init_arch_info(target, cortex_a8, target->tap);
2034 }
2035
2036 static int cortex_a8_get_ttb(struct target *target, uint32_t *result)
2037 {
2038         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
2039     struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
2040     uint32_t ttb = 0, retval = ERROR_OK;
2041
2042     /* current_address_mode is set inside cortex_a8_virt2phys()
2043        where we can determine if address belongs to user or kernel */
2044     if(cortex_a8->current_address_mode == ARM_MODE_SVC)
2045     {
2046         /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
2047         retval = armv7a->armv4_5_common.mrc(target, 15,
2048                     0, 1,   /* op1, op2 */
2049                     2, 0,   /* CRn, CRm */
2050                     &ttb);
2051                 if (retval != ERROR_OK)
2052                         return retval;
2053     }
2054     else if(cortex_a8->current_address_mode == ARM_MODE_USR)
2055     {
2056         /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
2057         retval = armv7a->armv4_5_common.mrc(target, 15,
2058                     0, 0,   /* op1, op2 */
2059                     2, 0,   /* CRn, CRm */
2060                     &ttb);
2061                 if (retval != ERROR_OK)
2062                         return retval;
2063     }
2064     /* we don't know whose address is: user or kernel
2065        we assume that if we are in kernel mode then
2066        address belongs to kernel else if in user mode
2067        - to user */
2068     else if(armv7a->armv4_5_common.core_mode == ARM_MODE_SVC)
2069     {
2070         /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
2071         retval = armv7a->armv4_5_common.mrc(target, 15,
2072                     0, 1,   /* op1, op2 */
2073                     2, 0,   /* CRn, CRm */
2074                     &ttb);
2075                 if (retval != ERROR_OK)
2076                         return retval;
2077     }
2078     else if(armv7a->armv4_5_common.core_mode == ARM_MODE_USR)
2079     {
2080         /* MRC p15,0,<Rt>,c1,c0,0 ; Read CP15 System Control Register */
2081         retval = armv7a->armv4_5_common.mrc(target, 15,
2082                     0, 0,   /* op1, op2 */
2083                     2, 0,   /* CRn, CRm */
2084                     &ttb);
2085                 if (retval != ERROR_OK)
2086                         return retval;
2087     }
2088     /* finally we don't know whose ttb to use: user or kernel */
2089     else
2090         LOG_ERROR("Don't know how to get ttb for current mode!!!");
2091
2092     ttb &= 0xffffc000;
2093
2094     *result = ttb;
2095
2096     return ERROR_OK;
2097 }
2098
2099 static int cortex_a8_disable_mmu_caches(struct target *target, int mmu,
2100                 int d_u_cache, int i_cache)
2101 {
2102     struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
2103     struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
2104     uint32_t cp15_control;
2105     int retval;
2106
2107     /* read cp15 control register */
2108     retval = armv7a->armv4_5_common.mrc(target, 15,
2109                     0, 0,   /* op1, op2 */
2110                     1, 0,   /* CRn, CRm */
2111                     &cp15_control);
2112     if (retval != ERROR_OK)
2113         return retval;
2114
2115
2116     if (mmu)
2117             cp15_control &= ~0x1U;
2118
2119     if (d_u_cache)
2120             cp15_control &= ~0x4U;
2121
2122     if (i_cache)
2123             cp15_control &= ~0x1000U;
2124
2125     retval = armv7a->armv4_5_common.mcr(target, 15,
2126                     0, 0,   /* op1, op2 */
2127                     1, 0,   /* CRn, CRm */
2128                     cp15_control);
2129         return retval;
2130 }
2131
2132 static int cortex_a8_enable_mmu_caches(struct target *target, int mmu,
2133                 int d_u_cache, int i_cache)
2134 {
2135     struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
2136     struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
2137     uint32_t cp15_control;
2138     int retval;
2139
2140     /* read cp15 control register */
2141     retval = armv7a->armv4_5_common.mrc(target, 15,
2142                     0, 0,   /* op1, op2 */
2143                     1, 0,   /* CRn, CRm */
2144                     &cp15_control);
2145     if (retval != ERROR_OK)
2146         return retval;
2147
2148     if (mmu)
2149             cp15_control |= 0x1U;
2150
2151     if (d_u_cache)
2152             cp15_control |= 0x4U;
2153
2154     if (i_cache)
2155             cp15_control |= 0x1000U;
2156
2157     retval = armv7a->armv4_5_common.mcr(target, 15,
2158                     0, 0,   /* op1, op2 */
2159                     1, 0,   /* CRn, CRm */
2160                     cp15_control);
2161         return retval;
2162 }
2163
2164
2165 static int cortex_a8_mmu(struct target *target, int *enabled)
2166 {
2167         if (target->state != TARGET_HALTED) {
2168                 LOG_ERROR("%s: target not halted", __func__);
2169                 return ERROR_TARGET_INVALID;
2170         }
2171
2172         *enabled = target_to_cortex_a8(target)->armv7a_common.armv4_5_mmu.mmu_enabled;
2173         return ERROR_OK;
2174 }
2175
2176 static int cortex_a8_virt2phys(struct target *target,
2177                 uint32_t virt, uint32_t *phys)
2178 {
2179         uint32_t cb;
2180         struct cortex_a8_common *cortex_a8 = target_to_cortex_a8(target);
2181         // struct armv7a_common *armv7a = &cortex_a8->armv7a_common;
2182         struct armv7a_common *armv7a = target_to_armv7a(target);
2183
2184     /* We assume that virtual address is separated
2185        between user and kernel in Linux style:
2186        0x00000000-0xbfffffff - User space
2187        0xc0000000-0xffffffff - Kernel space */
2188     if( virt < 0xc0000000 ) /* Linux user space */
2189         cortex_a8->current_address_mode = ARM_MODE_USR;
2190     else /* Linux kernel */
2191         cortex_a8->current_address_mode = ARM_MODE_SVC;
2192         uint32_t ret;
2193         int retval = armv4_5_mmu_translate_va(target,
2194                         &armv7a->armv4_5_mmu, virt, &cb, &ret);
2195         if (retval != ERROR_OK)
2196                 return retval;
2197     /* Reset the flag. We don't want someone else to use it by error */
2198     cortex_a8->current_address_mode = ARM_MODE_ANY;
2199
2200         *phys = ret;
2201         return ERROR_OK;
2202 }
2203
2204 COMMAND_HANDLER(cortex_a8_handle_cache_info_command)
2205 {
2206         struct target *target = get_current_target(CMD_CTX);
2207         struct armv7a_common *armv7a = target_to_armv7a(target);
2208
2209         return armv4_5_handle_cache_info_command(CMD_CTX,
2210                         &armv7a->armv4_5_mmu.armv4_5_cache);
2211 }
2212
2213
2214 COMMAND_HANDLER(cortex_a8_handle_dbginit_command)
2215 {
2216         struct target *target = get_current_target(CMD_CTX);
2217         if (!target_was_examined(target))
2218         {
2219                 LOG_ERROR("target not examined yet");
2220                 return ERROR_FAIL;
2221         }
2222
2223         return cortex_a8_init_debug_access(target);
2224 }
2225
2226 static const struct command_registration cortex_a8_exec_command_handlers[] = {
2227         {
2228                 .name = "cache_info",
2229                 .handler = cortex_a8_handle_cache_info_command,
2230                 .mode = COMMAND_EXEC,
2231                 .help = "display information about target caches",
2232         },
2233         {
2234                 .name = "dbginit",
2235                 .handler = cortex_a8_handle_dbginit_command,
2236                 .mode = COMMAND_EXEC,
2237                 .help = "Initialize core debug",
2238         },
2239         COMMAND_REGISTRATION_DONE
2240 };
2241 static const struct command_registration cortex_a8_command_handlers[] = {
2242         {
2243                 .chain = arm_command_handlers,
2244         },
2245         {
2246                 .chain = armv7a_command_handlers,
2247         },
2248         {
2249                 .name = "cortex_a8",
2250                 .mode = COMMAND_ANY,
2251                 .help = "Cortex-A8 command group",
2252                 .chain = cortex_a8_exec_command_handlers,
2253         },
2254         COMMAND_REGISTRATION_DONE
2255 };
2256
2257 struct target_type cortexa8_target = {
2258         .name = "cortex_a8",
2259
2260         .poll = cortex_a8_poll,
2261         .arch_state = armv7a_arch_state,
2262
2263         .target_request_data = NULL,
2264
2265         .halt = cortex_a8_halt,
2266         .resume = cortex_a8_resume,
2267         .step = cortex_a8_step,
2268
2269         .assert_reset = cortex_a8_assert_reset,
2270         .deassert_reset = cortex_a8_deassert_reset,
2271         .soft_reset_halt = NULL,
2272
2273         /* REVISIT allow exporting VFP3 registers ... */
2274         .get_gdb_reg_list = arm_get_gdb_reg_list,
2275
2276         .read_memory = cortex_a8_read_memory,
2277         .write_memory = cortex_a8_write_memory,
2278         .bulk_write_memory = cortex_a8_bulk_write_memory,
2279
2280         .checksum_memory = arm_checksum_memory,
2281         .blank_check_memory = arm_blank_check_memory,
2282
2283         .run_algorithm = armv4_5_run_algorithm,
2284
2285         .add_breakpoint = cortex_a8_add_breakpoint,
2286         .remove_breakpoint = cortex_a8_remove_breakpoint,
2287         .add_watchpoint = NULL,
2288         .remove_watchpoint = NULL,
2289
2290         .commands = cortex_a8_command_handlers,
2291         .target_create = cortex_a8_target_create,
2292         .init_target = cortex_a8_init_target,
2293         .examine = cortex_a8_examine,
2294
2295         .read_phys_memory = cortex_a8_read_phys_memory,
2296         .write_phys_memory = cortex_a8_write_phys_memory,
2297         .mmu = cortex_a8_mmu,
2298         .virt2phys = cortex_a8_virt2phys,
2299
2300 };