Now that the funny PABT-behaviour is found to be (probably) caused ny debug state, I'd like to exit debug state before return from PABT exception. The ARM v7-A/R ARM says that I should write RRQ to DBGDRCR, but it seems that in Cortex-A7 it's not accessible via CP14.
It should be accessible via memory-mapped registers, and the manual gives the offset, but offset from what?
I understood that the register offset is the register number multiplied by four, so for DBGDRCR the offset would be 36*4 = 144 (0x90).
In the TRM it says:
Table 10-26 Address mapping for debug trace components Address range Componenta 0x00000 - 0x00FFF ROM table 0x01000 - 0x0FFFF Reserved 0x10000 - 0x10FFF CPU 0 Debug 0x11000 - 0x11FFF CPU 0 PMU 0x12000 - 0x12FFF CPU 1 Debug 0x13000 - 0x13FFF CPU 1 PMU 0x14000 - 0x14FFF CPU 2 Debug 0x15000 - 0x15FFF CPU 2 PMU 0x16000 - 0x16FFF CPU 3 debug
Table 10-26 Address mapping for debug trace components
Address range Componenta
0x00000 - 0x00FFF ROM table
0x01000 - 0x0FFFF Reserved
0x10000 - 0x10FFF CPU 0 Debug
0x11000 - 0x11FFF CPU 0 PMU
0x12000 - 0x12FFF CPU 1 Debug
0x13000 - 0x13FFF CPU 1 PMU
0x14000 - 0x14FFF CPU 2 Debug
0x15000 - 0x15FFF CPU 2 PMU
0x16000 - 0x16FFF CPU 3 debug
Are these too offsets from somewhere, or absolute addresses?
Do I write to DBGDRCR by just writing the value into address 0x100090 (core 0, assuming not locked)?
Or do I need to calculate the register address from the contents of DBGDRAR?
And what's the ROM table?
I think it's because when something simple doesn't seem to work, you just add little something to check... and that's when such bugs get introduced...
Mine was obviously a copy-paste - didn't pay too much attention... and it bit me.