xref: /openbmc/linux/arch/powerpc/kernel/hw_breakpoint.c (revision 2570a3719cd748899d9e9e8407eb0d9027df2a94) 
1 /*
2  * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
3  * using the CPU's debug registers. Derived from
4  * "arch/x86/kernel/hw_breakpoint.c"
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19  *
20  * Copyright 2010 IBM Corporation
21  * Author: K.Prasad <prasad@linux.vnet.ibm.com>
22  *
23  */
24 
25 #include <linux/hw_breakpoint.h>
26 #include <linux/notifier.h>
27 #include <linux/kprobes.h>
28 #include <linux/percpu.h>
29 #include <linux/kernel.h>
30 #include <linux/sched.h>
31 #include <linux/init.h>
32 #include <linux/smp.h>
33 
34 #include <asm/hw_breakpoint.h>
35 #include <asm/processor.h>
36 #include <asm/sstep.h>
37 #include <asm/uaccess.h>
38 
39 /*
40  * Stores the breakpoints currently in use on each breakpoint address
41  * register for every cpu
42  */
43 static DEFINE_PER_CPU(struct perf_event *, bp_per_reg);
44 
45 /*
46  * Returns total number of data or instruction breakpoints available.
47  */
48 int hw_breakpoint_slots(int type)
49 {
50 	if (type == TYPE_DATA)
51 		return HBP_NUM;
52 	return 0;		/* no instruction breakpoints available */
53 }
54 
55 /*
56  * Install a perf counter breakpoint.
57  *
58  * We seek a free debug address register and use it for this
59  * breakpoint.
60  *
61  * Atomic: we hold the counter->ctx->lock and we only handle variables
62  * and registers local to this cpu.
63  */
64 int arch_install_hw_breakpoint(struct perf_event *bp)
65 {
66 	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
67 	struct perf_event **slot = &__get_cpu_var(bp_per_reg);
68 
69 	*slot = bp;
70 
71 	/*
72 	 * Do not install DABR values if the instruction must be single-stepped.
73 	 * If so, DABR will be populated in single_step_dabr_instruction().
74 	 */
75 	if (current->thread.last_hit_ubp != bp)
76 		set_dabr(info->address | info->type | DABR_TRANSLATION, info->dabrx);
77 
78 	return 0;
79 }
80 
81 /*
82  * Uninstall the breakpoint contained in the given counter.
83  *
84  * First we search the debug address register it uses and then we disable
85  * it.
86  *
87  * Atomic: we hold the counter->ctx->lock and we only handle variables
88  * and registers local to this cpu.
89  */
90 void arch_uninstall_hw_breakpoint(struct perf_event *bp)
91 {
92 	struct perf_event **slot = &__get_cpu_var(bp_per_reg);
93 
94 	if (*slot != bp) {
95 		WARN_ONCE(1, "Can't find the breakpoint");
96 		return;
97 	}
98 
99 	*slot = NULL;
100 	set_dabr(0, 0);
101 }
102 
103 /*
104  * Perform cleanup of arch-specific counters during unregistration
105  * of the perf-event
106  */
107 void arch_unregister_hw_breakpoint(struct perf_event *bp)
108 {
109 	/*
110 	 * If the breakpoint is unregistered between a hw_breakpoint_handler()
111 	 * and the single_step_dabr_instruction(), then cleanup the breakpoint
112 	 * restoration variables to prevent dangling pointers.
113 	 */
114 	if (bp->ctx && bp->ctx->task)
115 		bp->ctx->task->thread.last_hit_ubp = NULL;
116 }
117 
118 /*
119  * Check for virtual address in kernel space.
120  */
121 int arch_check_bp_in_kernelspace(struct perf_event *bp)
122 {
123 	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
124 
125 	return is_kernel_addr(info->address);
126 }
127 
128 int arch_bp_generic_fields(int type, int *gen_bp_type)
129 {
130 	switch (type) {
131 	case DABR_DATA_READ:
132 		*gen_bp_type = HW_BREAKPOINT_R;
133 		break;
134 	case DABR_DATA_WRITE:
135 		*gen_bp_type = HW_BREAKPOINT_W;
136 		break;
137 	case (DABR_DATA_WRITE | DABR_DATA_READ):
138 		*gen_bp_type = (HW_BREAKPOINT_W | HW_BREAKPOINT_R);
139 		break;
140 	default:
141 		return -EINVAL;
142 	}
143 	return 0;
144 }
145 
146 /*
147  * Validate the arch-specific HW Breakpoint register settings
148  */
149 int arch_validate_hwbkpt_settings(struct perf_event *bp)
150 {
151 	int ret = -EINVAL;
152 	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
153 
154 	if (!bp)
155 		return ret;
156 
157 	switch (bp->attr.bp_type) {
158 	case HW_BREAKPOINT_R:
159 		info->type = DABR_DATA_READ;
160 		break;
161 	case HW_BREAKPOINT_W:
162 		info->type = DABR_DATA_WRITE;
163 		break;
164 	case HW_BREAKPOINT_R | HW_BREAKPOINT_W:
165 		info->type = (DABR_DATA_READ | DABR_DATA_WRITE);
166 		break;
167 	default:
168 		return ret;
169 	}
170 
171 	info->address = bp->attr.bp_addr;
172 	info->len = bp->attr.bp_len;
173 	info->dabrx = DABRX_ALL;
174 	if (bp->attr.exclude_user)
175 		info->dabrx &= ~DABRX_USER;
176 	if (bp->attr.exclude_kernel)
177 		info->dabrx &= ~DABRX_KERNEL;
178 	if (bp->attr.exclude_hv)
179 		info->dabrx &= ~DABRX_HYP;
180 
181 	/*
182 	 * Since breakpoint length can be a maximum of HW_BREAKPOINT_LEN(8)
183 	 * and breakpoint addresses are aligned to nearest double-word
184 	 * HW_BREAKPOINT_ALIGN by rounding off to the lower address, the
185 	 * 'symbolsize' should satisfy the check below.
186 	 */
187 	if (info->len >
188 	    (HW_BREAKPOINT_LEN - (info->address & HW_BREAKPOINT_ALIGN)))
189 		return -EINVAL;
190 	return 0;
191 }
192 
193 /*
194  * Restores the breakpoint on the debug registers.
195  * Invoke this function if it is known that the execution context is
196  * about to change to cause loss of MSR_SE settings.
197  */
198 void thread_change_pc(struct task_struct *tsk, struct pt_regs *regs)
199 {
200 	struct arch_hw_breakpoint *info;
201 
202 	if (likely(!tsk->thread.last_hit_ubp))
203 		return;
204 
205 	info = counter_arch_bp(tsk->thread.last_hit_ubp);
206 	regs->msr &= ~MSR_SE;
207 	set_dabr(info->address | info->type | DABR_TRANSLATION, info->dabrx);
208 	tsk->thread.last_hit_ubp = NULL;
209 }
210 
211 /*
212  * Handle debug exception notifications.
213  */
214 int __kprobes hw_breakpoint_handler(struct die_args *args)
215 {
216 	int rc = NOTIFY_STOP;
217 	struct perf_event *bp;
218 	struct pt_regs *regs = args->regs;
219 	int stepped = 1;
220 	struct arch_hw_breakpoint *info;
221 	unsigned int instr;
222 	unsigned long dar = regs->dar;
223 
224 	/* Disable breakpoints during exception handling */
225 	set_dabr(0, 0);
226 
227 	/*
228 	 * The counter may be concurrently released but that can only
229 	 * occur from a call_rcu() path. We can then safely fetch
230 	 * the breakpoint, use its callback, touch its counter
231 	 * while we are in an rcu_read_lock() path.
232 	 */
233 	rcu_read_lock();
234 
235 	bp = __get_cpu_var(bp_per_reg);
236 	if (!bp)
237 		goto out;
238 	info = counter_arch_bp(bp);
239 
240 	/*
241 	 * Return early after invoking user-callback function without restoring
242 	 * DABR if the breakpoint is from ptrace which always operates in
243 	 * one-shot mode. The ptrace-ed process will receive the SIGTRAP signal
244 	 * generated in do_dabr().
245 	 */
246 	if (bp->overflow_handler == ptrace_triggered) {
247 		perf_bp_event(bp, regs);
248 		rc = NOTIFY_DONE;
249 		goto out;
250 	}
251 
252 	/*
253 	 * Verify if dar lies within the address range occupied by the symbol
254 	 * being watched to filter extraneous exceptions.  If it doesn't,
255 	 * we still need to single-step the instruction, but we don't
256 	 * generate an event.
257 	 */
258 	info->extraneous_interrupt = !((bp->attr.bp_addr <= dar) &&
259 			(dar - bp->attr.bp_addr < bp->attr.bp_len));
260 
261 	/* Do not emulate user-space instructions, instead single-step them */
262 	if (user_mode(regs)) {
263 		current->thread.last_hit_ubp = bp;
264 		regs->msr |= MSR_SE;
265 		goto out;
266 	}
267 
268 	stepped = 0;
269 	instr = 0;
270 	if (!__get_user_inatomic(instr, (unsigned int *) regs->nip))
271 		stepped = emulate_step(regs, instr);
272 
273 	/*
274 	 * emulate_step() could not execute it. We've failed in reliably
275 	 * handling the hw-breakpoint. Unregister it and throw a warning
276 	 * message to let the user know about it.
277 	 */
278 	if (!stepped) {
279 		WARN(1, "Unable to handle hardware breakpoint. Breakpoint at "
280 			"0x%lx will be disabled.", info->address);
281 		perf_event_disable(bp);
282 		goto out;
283 	}
284 	/*
285 	 * As a policy, the callback is invoked in a 'trigger-after-execute'
286 	 * fashion
287 	 */
288 	if (!info->extraneous_interrupt)
289 		perf_bp_event(bp, regs);
290 
291 	set_dabr(info->address | info->type | DABR_TRANSLATION, info->dabrx);
292 out:
293 	rcu_read_unlock();
294 	return rc;
295 }
296 
297 /*
298  * Handle single-step exceptions following a DABR hit.
299  */
300 int __kprobes single_step_dabr_instruction(struct die_args *args)
301 {
302 	struct pt_regs *regs = args->regs;
303 	struct perf_event *bp = NULL;
304 	struct arch_hw_breakpoint *info;
305 
306 	bp = current->thread.last_hit_ubp;
307 	/*
308 	 * Check if we are single-stepping as a result of a
309 	 * previous HW Breakpoint exception
310 	 */
311 	if (!bp)
312 		return NOTIFY_DONE;
313 
314 	info = counter_arch_bp(bp);
315 
316 	/*
317 	 * We shall invoke the user-defined callback function in the single
318 	 * stepping handler to confirm to 'trigger-after-execute' semantics
319 	 */
320 	if (!info->extraneous_interrupt)
321 		perf_bp_event(bp, regs);
322 
323 	set_dabr(info->address | info->type | DABR_TRANSLATION, info->dabrx);
324 	current->thread.last_hit_ubp = NULL;
325 
326 	/*
327 	 * If the process was being single-stepped by ptrace, let the
328 	 * other single-step actions occur (e.g. generate SIGTRAP).
329 	 */
330 	if (test_thread_flag(TIF_SINGLESTEP))
331 		return NOTIFY_DONE;
332 
333 	return NOTIFY_STOP;
334 }
335 
336 /*
337  * Handle debug exception notifications.
338  */
339 int __kprobes hw_breakpoint_exceptions_notify(
340 		struct notifier_block *unused, unsigned long val, void *data)
341 {
342 	int ret = NOTIFY_DONE;
343 
344 	switch (val) {
345 	case DIE_DABR_MATCH:
346 		ret = hw_breakpoint_handler(data);
347 		break;
348 	case DIE_SSTEP:
349 		ret = single_step_dabr_instruction(data);
350 		break;
351 	}
352 
353 	return ret;
354 }
355 
356 /*
357  * Release the user breakpoints used by ptrace
358  */
359 void flush_ptrace_hw_breakpoint(struct task_struct *tsk)
360 {
361 	struct thread_struct *t = &tsk->thread;
362 
363 	unregister_hw_breakpoint(t->ptrace_bps[0]);
364 	t->ptrace_bps[0] = NULL;
365 }
366 
367 void hw_breakpoint_pmu_read(struct perf_event *bp)
368 {
369 	/* TODO */
370 }
371