Re: [UrJTAG-dev] UrJTAG segfault

[OB]

 Any idea?
 
 I haven't fooled with the ejtag stuff in urjtag, but I think you may
 be bumping up against MIPS addressing and the TLB.  It's not clear if
 you're supposed to provide a virtual address or a physical one with
 the detectflash command, in the old old openocd jtag code it used to
 depend on the bus driver.

This may not be related but I found out that with the trunk version of urjtag,
when ejtag_dma_bus_init() returns URJ_STATUS_FAIL, this is not taken into
account by the upper level layers.

So whenever an operation is attempt afterward, a null pointer is deferenced and
it segfault.

(Note: The root of the problem is a code block that had already been discussed:
 /* Wait until processor is in break */
 ejctrl-in-data[JtagBrk] = 0;
 do
 {
 urj_tap_chain_shift_data_registers (bus-chain, 1);
 timeout--;
 if (!timeout)
 break;
 }
 while (ejctrl-out-data[BrkSt] == 1);

: Some boxes need BrkSt to 0, some to 1. The doc says this bit should turn to
1, but on by box, it never does, without adverse effect.

I'm still investigating that.


 
 In MIPS virtual addresses the top 3 bits tell you what the rules are
 for the access.  0x1e00 virtual would fall into the user space
 which requires a TLB lookup.  The cpu core inside the part will throw
 an TLB exception if there's not hit in the TLB (which is by default
 uninitialized).
 
 0xbe00 is in the uncached, unmapped (no TLB) section called KSEG1.
  In KSEG1 the physical address is the same as the virtual address with
 the top 3 bits forced to 0.  The MIPS boot address is in KSEG1 @
 0xbfc0

Interesting... That means we *can* in fact reprogram the flash whenever the
bootloader is really, really ruined ?

I have a box that have this problem: the flash is fully empty, and I can't
detect it at all.
I'll try with the above address...

Thanks !



 --
 This SF.Net email is sponsored by the Verizon Developer Community
 Take advantage of Verizon's best-in-class app development support
 A streamlined, 14 day to market process makes app distribution fast and easy
 Join now and get one step closer to millions of Verizon customers
 http://p.sf.net/sfu/verizon-dev2dev 
 ___
 UrJTAG-development mailing list
 UrJTAG-development@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/urjtag-development
 


-- 
People in the embedded space don't do prototypes. They hack something until it
works, then it's done.
---
Always code as if the person who will maintain your code is a maniac serial
killer that knows where you live

--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
___
UrJTAG-development mailing list
UrJTAG-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/urjtag-development

Re: [UrJTAG-dev] UrJTAG segfault

[Tornado]

This may very well be an issue, however

My bcm4712 and detect follows, FYI this is a WRT54GS router bcm4712
processor. Ejtag features indicate dma capability, but it doesn't work
for me, at least yet :) I always use 0x1fc0 or 0x3fc0

registerBR   1
registerBSR  594 
registerDIR 32 
registerEJIMPCODE   32
registerEJADDRESS   32
registerEJDATA  32
registerEJCONTROL   32
registerEJALL   96
registerEJFASTDATA  33

instruction length 8

instruction EXTEST  BSR
instruction BYPASS  0001BR
instruction SAMPLE/PRELOAD  0010BSR
instruction IDCODE  0001DIR
instruction EJTAG_IMPCODE   0011EJIMPCODE
instruction EJTAG_ADDRESS   1000EJADDRESS
instruction EJTAG_DATA  1001EJDATA
instruction EJTAG_CONTROL   1010EJCONTROL
instruction EJTAG_ALL   1011EJALL
instruction EJTAGBOOT   1100BR
instruction NORMALBOOT  1101BR
#instructionEJTAG_FASTDATA  1110EJFASTDATA


endian little
initbus ejtag


UrJTAG 0.10 #1502
Copyright (C) 2002, 2003 ETC s.r.o.
Copyright (C) 2007, 2008, 2009 Kolja Waschk and the respective authors

UrJTAG is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
There is absolutely no warranty for UrJTAG.

WARNING: UrJTAG may damage your hardware!
Type quit to exit, help for help.

jtag cable wiggler parallel 0x378
Initializing parallel port at 0x378
jtag detect
IR length: 8
Chain length: 1
Device Id: 000101000111000100110111 (0x1471217F)
  Manufacturer: Broadcom
  Part(0): BCM4712
  Stepping: Ver 1
  Filename: /usr/local/share/urjtag/broadcom/bcm4712/bcm4712
ImpCode=100010010100 00800904
EJTAG version: = 2.0
EJTAG Implementation flags: R4k DMA MIPS32
Processor entered Debug Mode.
jtag detectflash 0x1fc0
Query identification string:
Primary Algorithm Command Set and Control Interface ID Code: 0x0001
(Intel/Sharp Extended Command Set)
Alternate Algorithm Command Set and Control Interface ID Code: 0x
(null)
Query system interface information:
Vcc Logic Supply Minimum Write/Erase or Write voltage: 2700 mV
Vcc Logic Supply Maximum Write/Erase or Write voltage: 3600 mV
Vpp [Programming] Supply Minimum Write/Erase voltage: 0 mV
Vpp [Programming] Supply Maximum Write/Erase voltage: 0 mV
Typical timeout per single byte/word program: 256 us
Typical timeout for maximum-size multi-byte program: 256 us
Typical timeout per individual block erase: 2048 ms
Typical timeout for full chip erase: 0 ms
Maximum timeout for byte/word program: 1024 us
Maximum timeout for multi-byte program: 1024 us
Maximum timeout per individual block erase: 16384 ms
Maximum timeout for chip erase: 0 ms
Device geometry definition:
Device Size: 8388608 B (8192 KiB, 8 MiB)
Flash Device Interface Code description: 0x0002 (x8/x16)
Maximum number of bytes in multi-byte program: 32
Number of Erase Block Regions within device: 1
Erase Block Region Information:
Region 0:
Erase Block Size: 131072 B (128 KiB)
Number of Erase Blocks: 64
jtag 


Regards,

Tornado


On Wed, 2009-12-23 at 09:38 +0100, OB wrote:
  Any idea?
  
  I haven't fooled with the ejtag stuff in urjtag, but I think you may
  be bumping up against MIPS addressing and the TLB.  It's not clear if
  you're supposed to provide a virtual address or a physical one with
  the detectflash command, in the old old openocd jtag code it used to
  depend on the bus driver.
 
 This may not be related but I found out that with the trunk version of urjtag,
 when ejtag_dma_bus_init() returns URJ_STATUS_FAIL, this is not taken into
 account by the upper level layers.
 
 So whenever an operation is attempt afterward, a null pointer is deferenced 
 and
 it segfault.
 
 (Note: The root of the problem is a code block that had already been 
 discussed:
  /* Wait until processor is in break */
  ejctrl-in-data[JtagBrk] = 0;
  do
  {
  urj_tap_chain_shift_data_registers (bus-chain, 1);
  timeout--;
  if (!timeout)
  break;
  }
  while (ejctrl-out-data[BrkSt] == 1);
 
 : Some boxes need BrkSt to 0, some to 1. The doc says this bit should turn to
 1, but on by box, it never does, without adverse effect.
 
 I'm still investigating that.
 
 
  
  In MIPS virtual addresses the top 3 bits tell you what the rules are
  for the access.  0x1e00 virtual would fall into the user space
  which requires a TLB lookup.  The cpu core