Cody P Schafer [Wed, 7 Mar 2018 16:27:02 +0000 (11:27 -0500)]
helper/types: cast to uint32_t,uint16_t to avoid UB by shifting int too far
Without this, we have some types promoted to `int` when they need to be
`unsigned int`.
Here's some ubsan output hitting this:
Unfortunately, what happens is that things get promoted to `int`, but
need to be `unsigned int`. Here's the ubsan output:
src/helper/types.h:126:65: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
#0 0x55978a612060 in le_to_h_u32 src/helper/types.h:126
#1 0x55978a61ff9e in stlink_usb_read_reg src/jtag/drivers/stlink_usb.c:1539
#2 0x55978a8cfd45 in adapter_load_core_reg_u32 src/target/hla_target.c:67
#3 0x55978a9f48e3 in armv7m_read_core_reg src/target/armv7m.c:236
#4 0x55978a8d24fc in adapter_load_context src/target/hla_target.c:372
#5 0x55978a8d261b in adapter_debug_entry src/target/hla_target.c:396
#6 0x55978a8d3123 in adapter_poll src/target/hla_target.c:457
#7 0x55978a528357 in target_poll src/target/target.c:535
#8 0x55978a539fd4 in target_wait_state src/target/target.c:2914
#9 0x55978a556e20 in jim_target_wait_state src/target/target.c:5256
#10 0x55978a5cca62 in command_unknown src/helper/command.c:1030
#11 0x55978aaed894 in JimInvokeCommand /home/cody/d/openocd-code/jimtcl/jim.c:10364
Change-Id: I24f6abfd26b6980100657397d69c84f2b80a005a Signed-off-by: Cody P Schafer <openocd@codyps.com>
Reviewed-on: http://openocd.zylin.com/4455 Reviewed-by: Tomas Vanek <vanekt@fbl.cz> Tested-by: jenkins Reviewed-by: Christopher Head <chead@zaber.com>
armv7a: cache ttbcr and ttb0/1 on debug state entry
Instead of re-reading ttbcr and ttb0/1 whenever a virt2phys translation
is done, cache the values once when entering debug state. Use the cached
values in armv7a_mmu_translate_va().
Omair Javaid [Thu, 15 Feb 2018 22:08:51 +0000 (03:08 +0500)]
Support for Arm VFP v3 registers read/write
This patch adds support in openOCD to read/write Arm vector/floating
point registers. This is compatible with Arm vfp v3 target xml in GDB.
Please refer to binutils-gdb/gdb/features/arm/arm-vfpv3.xml
Omair Javaid [Mon, 5 Mar 2018 11:25:21 +0000 (16:25 +0500)]
Support for AArch32 SIMD/Floating-point registers
This patch adds support for read/write of SIMD and floating-point register in AArch32 mode.
This patch is tested using Raspberry Pi3 halted in AArch32 mode with FP/SIMD enabled.
Software need to make sure floating-point and SIMD unit is enabled.
Omair Javaid [Sun, 21 Jan 2018 22:26:01 +0000 (03:26 +0500)]
Support AArch64 SIMD/FP registers read/write
This patch adds support in openOCD to read/write AArch64 SIMD/FP registers.
This patch depends on a previous patch which adds support to generation
of target xml by openOCD with nested architecture defined types. AArch64
SIMD/FP registers assumes various types and to support all types we
implement them as architecture defined type aarch64v which in turn
consists of various architecture defined types. This is compatible with
AArch64-FPU target xml in GDB. Please refer to
binutils-gdb/gdb/features/aarch64-fpu.xml
Omair Javaid [Sun, 21 Jan 2018 21:57:19 +0000 (02:57 +0500)]
Allow generation of nested target defined types in gdb target xml
This patch adds support to generate multiple nested architecture defined
data types in gdb target xml generated by openOCD. Architecture defined
structs, unions, vectors nested in one or more architecture defined
types can be generated now.
Marc Schink [Sat, 7 Jan 2017 16:43:49 +0000 (17:43 +0100)]
server/server: Remove all connections on shutdown
This patch fixes a memory leak in the internal server. Steps for
reproduction:
* valgrind --leak-check=full --show-reachable=yes ./build/src/openocd
* Establish more than one connection to OpenOCD (e.g. telnet)
* Shutdown OpenOCD
* Check for memory leaks in add_connection()
Change-Id: I0ae6fcf2918fd9bdec350446d3e26742d08ff698 Signed-off-by: Marc Schink <openocd-dev@marcschink.de>
Reviewed-on: http://openocd.zylin.com/4053 Tested-by: jenkins Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Luca Dariz [Fri, 9 Feb 2018 15:58:25 +0000 (16:58 +0100)]
Fix ChibiOS FPU detection.
This is needed for Cortex-M7 devices, which have newer FPU.
This issue caused the registry integrity check to fail if FPU was enabled.
Currently the code must use FPUv4_SP anyway, since other configurations are not
supported by ChibiOS.
Change-Id: Ie8a2cb8282ccff6c2a3eb0ffeaddaf149d55d685 Signed-off-by: Luca Dariz <luca.dariz@gmail.com>
Reviewed-on: http://openocd.zylin.com/4398 Tested-by: jenkins Reviewed-by: Karl Palsson <karlp@tweak.net.au> Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Tomas Vanek [Tue, 21 Nov 2017 21:57:39 +0000 (22:57 +0100)]
target: use correct target in target-prefixed commands and event handlers
This change contains an alternative to Matthias Welwarsky's #4130
(target-prefixed commands) and to #4293 (event handlers).
get_current_target() must retrieve the target associated to the current
command. If no target associated, the current target of the command
context is used as a fallback.
Many Tcl event handlers work with the current target as if it were
the target issuing the event.
current_target in command_context is a number and has to be converted
to a pointer in every get_current_target() call.
The solution:
- Replace current_target in command_context by a target pointer
- Add another target pointer current_target_override
- get_current_target() returns current_target_override if set, otherwise
current_target
- Save, set and restore current_target_override to the current prefix
in run_command()
- Save, set and restore current_target_override to the event invoking
target in target_handle_event()
While on it use calloc when allocating a new command_context.
A previous fix avoiding multiple calls to the
rtos_create function had a side effect if rtos
support was configured explicitly. It affected
all rtos' that rely on symbol resolution from
gdb.
Tomas Vanek [Fri, 23 Feb 2018 18:27:28 +0000 (19:27 +0100)]
gdb_server: run control fixes for vCont
this patch contains several changes to run control and state
handling together with gdb:
- graceful handling of target/gdb desync on resume, step and halt
- a default gdb-attach event executing the "halt" command, to meet gdb
expectation of target state when it attaches
- call target_poll() after Ctrl-C command from gdb
- call target_poll() after resume and step through a vCont packet
- fix log message forwarding on vCont stepping, also move an aarch64
log message from INFO to DEBUG level to prevent messing up the gdb
console during source-line stepping
- fix oversight in vCont support that messes up breakpoint handling
during stepping
Christopher Head [Mon, 26 Feb 2018 22:51:35 +0000 (14:51 -0800)]
Fix incorrect comment
target_start_algorithm does not download the algorithm. It only starts
it. It expects someone else to have already written the algorithm code
into the proper location before calling it.
Change-Id: I5e04406eed0ebb1c23e550dbf8d9f1204c432603 Signed-off-by: Christopher Head <chead@zaber.com>
Reviewed-on: http://openocd.zylin.com/4435 Tested-by: jenkins Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Tomas Vanek [Thu, 8 Feb 2018 13:44:10 +0000 (14:44 +0100)]
flash/nor/core: fix Segmentation fault during flash write of bad formed img
flash_write_unlock() sorts sections by base address but does not check
if they overlap. In case of overlapped sections an item of padding[]
array can get negative and padding loop writes out of allocated buffer.
How to replicate: cat two copies of an ihex file to one file and try
to flash it.
Check for overlapped sections and abort write in such case.
Change-Id: I43eee7dc290a8d18faa59567b2118b88ad4bedca Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4397 Tested-by: jenkins Reviewed-by: Andreas Bolsch <hyphen0break@gmail.com>
rtos: run rtos create hook only once on autodetect
Whenever a "qSymbol" from gdb is received, the rtos "create"
function was called. Make sure this happens only once and only
if rtos autodetection is used.
The RTOS handlers present OS threads to gdb but the openocd
target layer only knows about CPU cores (hardware threads).
This patch allows closing this gap inside the RTOS handler.
The default implementation just returns the current core, but
a RTOS handler can provide its own function that associates a
an OS thread with a core.
cortex_a: fix handling of Thumb-2 32bit breakpoints
When debugging Thumb-2 code, Gdb will at times send a
breakpoint packet 'Z0,<addr>,3', the number 3 denoting that
the instruction to break on is 32 bits long. Handle this by
replacing it with two consecutive 16bit Thumb BKPTs and make
sure to save and restore the full, original 32bit
instruction.
Note that this fix is only applicable if you debug a bare-metal program
(like the linux kernel) with the 'wrong' gdb, e.g. use an
"arm-linux" gdb instead of an "arm-eabi" gdb. But since most people
may not know about the subtle differences between gdb configurations
regarding thumb2 breakpoints it's still valid.
The ICEPick-D jtag router has core control registers
that provide the same (or similar) functionality as
the tap control register, for individual cores
accessible through the same tap (e.g. through a DAP).
Core control registers are located at address "0x60 +
core-id" of the ROUTER address space (IR=ROUTER).
It is sometimes helpful or even necessary to modify the
core control register. This patch renames the
"icepick_d_coreid" function to the more appropriate
"icepick_d_core_control" and adds a "value" argument
that allows writing of arbitrary value.
"icepick_d_tapenable" is extended by an optional value
argument so that core control can be written as the tap
is enabled.
Jonas Norling [Tue, 17 Oct 2017 06:57:06 +0000 (08:57 +0200)]
efm32: Refactor EFM32 chip family data, add more chips
Add support for more EFM32/EFR32 Series 1 families. The family IDs
come from the DEVICE_FAMILY list in the EFM32GG11 reference manual,
which is the most up to date source I could find. Register locations
have been checked against SiLab's header files.
No datasheets or headers were available for EFR32MG2, EFR32xG14 and
EFM32TG11B, so they are just assumed to follow the pattern. EFM32GG11B
has the MSC registers on a different address compared to other chips.
This commit attempts not to change current behavior when detecting
chips. One detail that has changed is that PAGE_SIZE is read before
applying the workaround for old Giant and Leopard Gecko revisions, but
this is believed to be OK because the register exists but just has an
invalid value in it.
The manuals disagree on which of 120 and 121 is WG, so this commit
leaves it as is.
Change-Id: Ia152b0b9e323defc5158cb02d9a6b04a27008f2a Signed-off-by: Jonas Norling <jonas.norling@cyanconnode.com>
Reviewed-on: http://openocd.zylin.com/4263 Tested-by: jenkins Reviewed-by: Tomas Vanek <vanekt@fbl.cz> Reviewed-by: Fredrik Hederstierna <fredrik@hederstierna.com>
Andreas Bolsch [Sat, 28 Oct 2017 17:39:35 +0000 (19:39 +0200)]
Handle improperly build image files gracefully
Images build improperly (by simply concatenating separate images) were accepted,
but anything after the first end-of-file record *silently* ignored. Now emit warning
for intel and motorola images upon non-whitespace after first end-of-file record but
continue reading anyway.
ST ships some images broken that way in their CubeMX packages ...
Change-Id: I0c5d08fa90070fed11fb805c5f0dc39817048176 Signed-off-by: Andreas Bolsch <hyphen0break@gmail.com>
Reviewed-on: http://openocd.zylin.com/4281 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com> Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Tomas Vanek [Fri, 26 Aug 2016 19:03:27 +0000 (21:03 +0200)]
psoc4: update for 4x00BLE, L, M, S and PRoC BLE devices
Flash ROM API command PSOC4_CMD_SET_IMO48 is now optional on new devices.
Also code tidy up:
- improved system ROM call error detection
- probe does not require the target to be halted
- default_padded_value and erased_value set to 0
- fixed endianess problem in flash write and protection setting
- removed fancy chip detection table as it would be updated too often
- psoc4 flash_autoerase is now on by default to ease programming
psoc4.cfg distinguishes chip family and uses either proprietary acquire
function of a KitProg adapter or TEST_MODE workaround to "reset halt"
Change-Id: I2c75ec46ed0a95e09274fad70b62d6eed7b9ecdf Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/3807 Tested-by: jenkins Reviewed-by: David Girault <david.f.girault@gmail.com>
Tomas Vanek [Mon, 30 Oct 2017 16:59:06 +0000 (17:59 +0100)]
flash/nor/at91samd: add SAM R30 family
Microchip SAM R30 consist of a MCU SAM L21 and a radio.
Similarly SAM R21 = SAM D21 + radio. Therefore SAM R devices
was incorporated into SAM D21 and L21 device groups.
Change-Id: I3448d784cae888070b57c2f504583760ddffc97f Suggested-by: Martin Deicke <martin.deicke@an-solutions.de> Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4282 Tested-by: jenkins
Tim Newsome [Wed, 13 Dec 2017 21:13:22 +0000 (13:13 -0800)]
Add read buffer to bitbang, improving performance.
Previously for every bit scanned OpenOCD would write the bit, wait for
that bit to be scanned, and then read the result. This involves at least
2 context switches. Most of the time the next bit scanned does not
depend on the last bit we read, so with a buffer we now write a bunch of
bits to be scanned all at once, and then we wait for them all to be
scanned and have a result.
This reduces the time for one testcase where OpenOCD connects to a
simulator from 12.30s to 5.35s!
Christopher Head [Wed, 24 Jan 2018 22:35:40 +0000 (14:35 -0800)]
Use timeval helpers
Some of these changes actually fix broken comparisons which could
occasionally fail. Others just clean up the code and make it more clear.
Change-Id: I6c398bdc45fa0d2716f48a74822457d1351f81a5 Signed-off-by: Christopher Head <chead@zaber.com>
Reviewed-on: http://openocd.zylin.com/4380 Tested-by: jenkins Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Christopher Head [Wed, 24 Jan 2018 22:22:37 +0000 (14:22 -0800)]
Add timeval_compare helper function
Change-Id: Id75727a150912ff778a4fa32ad56467da33a6324 Signed-off-by: Christopher Head <chead@zaber.com>
Reviewed-on: http://openocd.zylin.com/4379 Tested-by: jenkins Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Tomas Vanek [Wed, 6 Sep 2017 20:34:14 +0000 (22:34 +0200)]
flash Kinetis: make FCF protection more user friendly
The Flash Configuration Field on Kinetis devices requires protection
because it is located in program flash space (at 0x400) and writing
an improper data to it may permanently lock the device. Even an erased
flash sector containing FCF engages security lock (not permanent one)
on the next reset or power cycle.
'kinetis fcf_source protection' mode was introduced in the change #3562.
Flash driver in this mode sets FCF immediately after sector erase to
prevent unintentional security lock. To do so the driver needs to know
FCF values before flash image data is actually processed. Flash
protection bits are available in bank structure, FOPT can be set by
'kinetis fopt' command and securing device by FSEC is not supported.
Nevertheless an inexperienced user flashed the device using an image
with FCF values different from those set in OpenOCD config and
concluded programming did not work as some verify errors showed.
This change tries to write maximum possible from image data
retaining FCF protection.
Check FCF in programmed data and report if some field differs from
values set by OpenOCD flash block protection and 'kinetis fopt' command.
Warn user about verify errors caused by FCF protection.
On devices with ECC flash (K26, K66 and KV5x) it is impossible to change
already programmed FCF - it would result in an ECC error. As FCF was
written just after erase in 'kinetis fcf_source protection' mode
the warning issued during flash write is the only possible action.
On non-ECC flash devices use cumulative flash programming to
set FCF values requested in programmed image data.
Use FSEC from programmed data only if it does not request a secure
mode. Device can be secured only in 'kinetis fcf_source write' mode.
Use FOPT from programmed data if its value was not configured
in OpenOCD config by 'kinetis fopt' command.
Change-Id: If65fbbd7700069f57e4ae32234dce371bff93674 Signed-off-by: Tomas Vanek <vanekt@fbl.cz>
Reviewed-on: http://openocd.zylin.com/4228 Tested-by: jenkins Reviewed-by: Robert Foss <robert.foss@memcpy.io> Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Paul Fertser [Wed, 17 Jan 2018 14:31:58 +0000 (17:31 +0300)]
server: add safeguards against printing bogus port number
Clang static checker emits "Assigned value is garbage or undefined"
warning there as it can't prove that when the socket descriptor is
AF_INET/SOCK_STREAM and getsockname doesn't return an error, sin_port
is guaranteed to be filled in.
Pacify it by obvious means.
Change-Id: I43b5e5ceb41c07d523a81b34a25490c4c5f49a70 Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/4350 Tested-by: jenkins Reviewed-by: Tim Newsome <tim@sifive.com> Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
Don't use atomic dap operations when not necessary. Also remove
loop trying to set core power request, didn't find a platform
where it actually worked and it's slowing examination down.
Robert Jordens [Tue, 8 Aug 2017 16:16:35 +0000 (18:16 +0200)]
jtagspi: new protocol that includes transfer length
This commit contains a rewrite of the jtagspi protocol and covers both
changes in the jtagspi.c openocd driver and the bscan_spi
(xilinx_bscan_spi) proxy bitstreams. The changes are as follows:
1. Always perform IR scan to ensure proper clearing of BYPASSed DRs.
2. Insert alignment cycles for all BYPASSed TAPs:
The previous logic was erroneous. The delay in clock cyles from a bit
written to the jtag interface to a bit read by the jtag interface is:
* The number of BYPASSed TAPs before this (jtagspi) tap
* The length of the jtagspi data register (1)
* The number of BYPASSed TAPs before this one.
I.e. it is just the number of enabled TAPs. This also gets rid of the
configuration parameter DR_LENGTH.
3. Use marker bit to start spi transfer
If there are TAPs ahead of this one on the JTAG chain, and we are in
DR-SHIFT, there will be old bits toggled through first before the first
valid bit destined for the flash.
This delays the begin of the JTAGSPI transaction until the first high bit.
4. New jtagspi protocol
A JTAGSPI transfer now consists of:
* an arbitrary number of 0 bits (from BYPASS registers in front of the
JTAG2SPI DR)
* a marker bit (1) indicating the start of the JTAG2SPI transaction
* 32 bits (big endian) describing the length of the SPI transaction
* a number of SPI clock cycles (corresponding to 3.) with CS_N asserted
* an arbitrary number of cycles (to shift MISO/TDO data through
subsequent BYPASS registers)
5. xilinx_bscan_spi: clean up, add ultrascale
This is tested on the following configurations:
* KC705: XC7K325T
* Sayma AMC: XCKU040
* Sayma AMC + RTM): XCKU040 + XC7A15T, a board with integrated FTDI JTAG
adapter, SCANSTA JTAG router, a Xilinx Ultrascale XCKU040 and a Xilinx
Artix 7 15T. https://github.com/m-labs/sinara/wiki/Sayma
* Custom board with Lattice FPGA + XC7A35T
* CUstom board with 3x XCKU115-2FLVA1517E
Change-Id: I7361e9fb284ebb916302941735eebef3612aa103 Signed-off-by: Robert Jordens <jordens@gmail.com>
Reviewed-on: http://openocd.zylin.com/4236 Tested-by: jenkins Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Patrick Stewart [Wed, 27 Aug 2014 16:17:27 +0000 (17:17 +0100)]
ftdi swd: disable SWD output pin during input
* Disables the data output pin while SWD is reading, so that a simple FTDI
SWD interface can be made by connecting TCK to SWD_CLK and TDI+TDO directly
to SWDIO. Enabled by setting SWDIO_OE to 0.
Change-Id: I7d3b71cf3f4eea163cb320aff69ed95d219190bd Signed-off-by: Patrick Stewart <patstew@gmail.com> Signed-off-by: Roger Lendenmann <roger.lendenmann@intel.com>
Reviewed-on: http://openocd.zylin.com/2274 Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com> Tested-by: jenkins
Tim Newsome [Tue, 26 Dec 2017 21:44:26 +0000 (13:44 -0800)]
Support listening on port 0.
When listening on port 0, the system will assign a random open port. We
use this to run multiple OpenOCD instances against multiple simulators
as part of regression testing. This mechanism means the various test
instances don't have to coordinate to ensure they don't reuse any ports.
The required changes are minimal:
1. Don't increment the port number when it's 0.
2. Print out which port was assigned by the system.
Change-Id: I404c801fc405e9d8eb8420562c02e78d4db6242f Signed-off-by: Tim Newsome <tim@sifive.com>
Reviewed-on: http://openocd.zylin.com/4316 Tested-by: jenkins Reviewed-by: Andreas Fritiofson <andreas.fritiofson@gmail.com>
Jiri Kastner [Mon, 16 Jan 2017 15:57:58 +0000 (16:57 +0100)]
ejtag: added missing instructions.
added missing instructions from latest available ejtag specification
(MD00047 v6.1 at time of writting) for trace control, fast data channel
and pcsample.
Karl Palsson [Fri, 8 Sep 2017 10:49:30 +0000 (10:49 +0000)]
hla_target: allow non-intrusive profiling on cortex-m
Leverages the existing work that added profiling via DWT_PCSR.
hla_target doesn't have direct access to the mem_ap for doing a bulk
repeated read, but simply reading the DWT_PCSR register repeatedly is
still ~2 order of magnitude faster than halt/resume.
Change-Id: Ibe451aa95143694398370fdad6939cfb6191d56f Signed-off-by: Karl Palsson <karlp@tweak.net.au>
Reviewed-on: http://openocd.zylin.com/4220 Tested-by: jenkins Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Simon Schubert [Fri, 1 Sep 2017 18:34:09 +0000 (20:34 +0200)]
cortex_m: add profiling function
Use DWT_PCSR if present (reads nonzero); otherwise do halt-and-sample pc.
Signed-off-by: Simon Schubert <2@0x2c.org>
Change-Id: Id2dc4665e5008cc497a2e6e6493522d038d5af42
Reviewed-on: http://openocd.zylin.com/4211 Tested-by: jenkins Reviewed-by: Karl Palsson <karlp@tweak.net.au> Reviewed-by: Christopher Head <chead@zaber.com> Reviewed-by: Paul Fertser <fercerpav@gmail.com>
When testing with Intel Galileo GEN2 I have noticed a few iterations
where probemode entry took a little longer. At most I had to read
tapstatus twice. This patch uses a loop of up to 100 iterations to
wait for tapstatus to update with PM entry results.
Change-Id: I1c87d7dde715255b3fd2460d299b9493218533fc Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Reviewed-on: http://openocd.zylin.com/4013 Tested-by: jenkins Reviewed-by: Paul Fertser <fercerpav@gmail.com>
Robert Jordens [Thu, 3 Aug 2017 14:25:13 +0000 (16:25 +0200)]
digilent_jtag_smt2_nc: add support
The Digilent SMT2 NC is nominally the connector-less version of the
SMT2. But neither the SMT2 configuration nor the HS3 configuration work
for on the Xilinx KCU105 board where the SMT2 NC is used.
Change-Id: Ieb27cbc6d8b0f9c64ef778e4e0c839acc85ec0ef Signed-off-by: Robert Jordens <jordens@gmail.com>
Reviewed-on: http://openocd.zylin.com/4187 Tested-by: jenkins Reviewed-by: Paul Fertser <fercerpav@gmail.com>