1 /* 2 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility, 3 * using the CPU's debug registers. Derived from 4 * "arch/x86/kernel/hw_breakpoint.c" 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 * 20 * Copyright 2010 IBM Corporation 21 * Author: K.Prasad <prasad@linux.vnet.ibm.com> 22 * 23 */ 24 25 #include <linux/hw_breakpoint.h> 26 #include <linux/notifier.h> 27 #include <linux/kprobes.h> 28 #include <linux/percpu.h> 29 #include <linux/kernel.h> 30 #include <linux/sched.h> 31 #include <linux/init.h> 32 #include <linux/smp.h> 33 34 #include <asm/hw_breakpoint.h> 35 #include <asm/processor.h> 36 #include <asm/sstep.h> 37 #include <asm/uaccess.h> 38 39 /* 40 * Stores the breakpoints currently in use on each breakpoint address 41 * register for every cpu 42 */ 43 static DEFINE_PER_CPU(struct perf_event *, bp_per_reg); 44 45 /* 46 * Returns total number of data or instruction breakpoints available. 47 */ 48 int hw_breakpoint_slots(int type) 49 { 50 if (type == TYPE_DATA) 51 return HBP_NUM; 52 return 0; /* no instruction breakpoints available */ 53 } 54 55 /* 56 * Install a perf counter breakpoint. 57 * 58 * We seek a free debug address register and use it for this 59 * breakpoint. 60 * 61 * Atomic: we hold the counter->ctx->lock and we only handle variables 62 * and registers local to this cpu. 63 */ 64 int arch_install_hw_breakpoint(struct perf_event *bp) 65 { 66 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 67 struct perf_event **slot = &__get_cpu_var(bp_per_reg); 68 69 *slot = bp; 70 71 /* 72 * Do not install DABR values if the instruction must be single-stepped. 73 * If so, DABR will be populated in single_step_dabr_instruction(). 74 */ 75 if (current->thread.last_hit_ubp != bp) 76 set_dabr(info->address | info->type | DABR_TRANSLATION); 77 78 return 0; 79 } 80 81 /* 82 * Uninstall the breakpoint contained in the given counter. 83 * 84 * First we search the debug address register it uses and then we disable 85 * it. 86 * 87 * Atomic: we hold the counter->ctx->lock and we only handle variables 88 * and registers local to this cpu. 89 */ 90 void arch_uninstall_hw_breakpoint(struct perf_event *bp) 91 { 92 struct perf_event **slot = &__get_cpu_var(bp_per_reg); 93 94 if (*slot != bp) { 95 WARN_ONCE(1, "Can't find the breakpoint"); 96 return; 97 } 98 99 *slot = NULL; 100 set_dabr(0); 101 } 102 103 /* 104 * Perform cleanup of arch-specific counters during unregistration 105 * of the perf-event 106 */ 107 void arch_unregister_hw_breakpoint(struct perf_event *bp) 108 { 109 /* 110 * If the breakpoint is unregistered between a hw_breakpoint_handler() 111 * and the single_step_dabr_instruction(), then cleanup the breakpoint 112 * restoration variables to prevent dangling pointers. 113 */ 114 if (bp->ctx && bp->ctx->task) 115 bp->ctx->task->thread.last_hit_ubp = NULL; 116 } 117 118 /* 119 * Check for virtual address in kernel space. 120 */ 121 int arch_check_bp_in_kernelspace(struct perf_event *bp) 122 { 123 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 124 125 return is_kernel_addr(info->address); 126 } 127 128 int arch_bp_generic_fields(int type, int *gen_bp_type) 129 { 130 switch (type) { 131 case DABR_DATA_READ: 132 *gen_bp_type = HW_BREAKPOINT_R; 133 break; 134 case DABR_DATA_WRITE: 135 *gen_bp_type = HW_BREAKPOINT_W; 136 break; 137 case (DABR_DATA_WRITE | DABR_DATA_READ): 138 *gen_bp_type = (HW_BREAKPOINT_W | HW_BREAKPOINT_R); 139 break; 140 default: 141 return -EINVAL; 142 } 143 return 0; 144 } 145 146 /* 147 * Validate the arch-specific HW Breakpoint register settings 148 */ 149 int arch_validate_hwbkpt_settings(struct perf_event *bp) 150 { 151 int ret = -EINVAL; 152 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 153 154 if (!bp) 155 return ret; 156 157 switch (bp->attr.bp_type) { 158 case HW_BREAKPOINT_R: 159 info->type = DABR_DATA_READ; 160 break; 161 case HW_BREAKPOINT_W: 162 info->type = DABR_DATA_WRITE; 163 break; 164 case HW_BREAKPOINT_R | HW_BREAKPOINT_W: 165 info->type = (DABR_DATA_READ | DABR_DATA_WRITE); 166 break; 167 default: 168 return ret; 169 } 170 171 info->address = bp->attr.bp_addr; 172 info->len = bp->attr.bp_len; 173 174 /* 175 * Since breakpoint length can be a maximum of HW_BREAKPOINT_LEN(8) 176 * and breakpoint addresses are aligned to nearest double-word 177 * HW_BREAKPOINT_ALIGN by rounding off to the lower address, the 178 * 'symbolsize' should satisfy the check below. 179 */ 180 if (info->len > 181 (HW_BREAKPOINT_LEN - (info->address & HW_BREAKPOINT_ALIGN))) 182 return -EINVAL; 183 return 0; 184 } 185 186 /* 187 * Restores the breakpoint on the debug registers. 188 * Invoke this function if it is known that the execution context is 189 * about to change to cause loss of MSR_SE settings. 190 */ 191 void thread_change_pc(struct task_struct *tsk, struct pt_regs *regs) 192 { 193 struct arch_hw_breakpoint *info; 194 195 if (likely(!tsk->thread.last_hit_ubp)) 196 return; 197 198 info = counter_arch_bp(tsk->thread.last_hit_ubp); 199 regs->msr &= ~MSR_SE; 200 set_dabr(info->address | info->type | DABR_TRANSLATION); 201 tsk->thread.last_hit_ubp = NULL; 202 } 203 204 /* 205 * Handle debug exception notifications. 206 */ 207 int __kprobes hw_breakpoint_handler(struct die_args *args) 208 { 209 int rc = NOTIFY_STOP; 210 struct perf_event *bp; 211 struct pt_regs *regs = args->regs; 212 int stepped = 1; 213 struct arch_hw_breakpoint *info; 214 unsigned int instr; 215 unsigned long dar = regs->dar; 216 217 /* Disable breakpoints during exception handling */ 218 set_dabr(0); 219 220 /* 221 * The counter may be concurrently released but that can only 222 * occur from a call_rcu() path. We can then safely fetch 223 * the breakpoint, use its callback, touch its counter 224 * while we are in an rcu_read_lock() path. 225 */ 226 rcu_read_lock(); 227 228 bp = __get_cpu_var(bp_per_reg); 229 if (!bp) 230 goto out; 231 info = counter_arch_bp(bp); 232 233 /* 234 * Return early after invoking user-callback function without restoring 235 * DABR if the breakpoint is from ptrace which always operates in 236 * one-shot mode. The ptrace-ed process will receive the SIGTRAP signal 237 * generated in do_dabr(). 238 */ 239 if (bp->overflow_handler == ptrace_triggered) { 240 perf_bp_event(bp, regs); 241 rc = NOTIFY_DONE; 242 goto out; 243 } 244 245 /* 246 * Verify if dar lies within the address range occupied by the symbol 247 * being watched to filter extraneous exceptions. If it doesn't, 248 * we still need to single-step the instruction, but we don't 249 * generate an event. 250 */ 251 info->extraneous_interrupt = !((bp->attr.bp_addr <= dar) && 252 (dar - bp->attr.bp_addr < bp->attr.bp_len)); 253 254 /* Do not emulate user-space instructions, instead single-step them */ 255 if (user_mode(regs)) { 256 current->thread.last_hit_ubp = bp; 257 regs->msr |= MSR_SE; 258 goto out; 259 } 260 261 stepped = 0; 262 instr = 0; 263 if (!__get_user_inatomic(instr, (unsigned int *) regs->nip)) 264 stepped = emulate_step(regs, instr); 265 266 /* 267 * emulate_step() could not execute it. We've failed in reliably 268 * handling the hw-breakpoint. Unregister it and throw a warning 269 * message to let the user know about it. 270 */ 271 if (!stepped) { 272 WARN(1, "Unable to handle hardware breakpoint. Breakpoint at " 273 "0x%lx will be disabled.", info->address); 274 perf_event_disable(bp); 275 goto out; 276 } 277 /* 278 * As a policy, the callback is invoked in a 'trigger-after-execute' 279 * fashion 280 */ 281 if (!info->extraneous_interrupt) 282 perf_bp_event(bp, regs); 283 284 set_dabr(info->address | info->type | DABR_TRANSLATION); 285 out: 286 rcu_read_unlock(); 287 return rc; 288 } 289 290 /* 291 * Handle single-step exceptions following a DABR hit. 292 */ 293 int __kprobes single_step_dabr_instruction(struct die_args *args) 294 { 295 struct pt_regs *regs = args->regs; 296 struct perf_event *bp = NULL; 297 struct arch_hw_breakpoint *bp_info; 298 299 bp = current->thread.last_hit_ubp; 300 /* 301 * Check if we are single-stepping as a result of a 302 * previous HW Breakpoint exception 303 */ 304 if (!bp) 305 return NOTIFY_DONE; 306 307 bp_info = counter_arch_bp(bp); 308 309 /* 310 * We shall invoke the user-defined callback function in the single 311 * stepping handler to confirm to 'trigger-after-execute' semantics 312 */ 313 if (!bp_info->extraneous_interrupt) 314 perf_bp_event(bp, regs); 315 316 set_dabr(bp_info->address | bp_info->type | DABR_TRANSLATION); 317 current->thread.last_hit_ubp = NULL; 318 319 /* 320 * If the process was being single-stepped by ptrace, let the 321 * other single-step actions occur (e.g. generate SIGTRAP). 322 */ 323 if (test_thread_flag(TIF_SINGLESTEP)) 324 return NOTIFY_DONE; 325 326 return NOTIFY_STOP; 327 } 328 329 /* 330 * Handle debug exception notifications. 331 */ 332 int __kprobes hw_breakpoint_exceptions_notify( 333 struct notifier_block *unused, unsigned long val, void *data) 334 { 335 int ret = NOTIFY_DONE; 336 337 switch (val) { 338 case DIE_DABR_MATCH: 339 ret = hw_breakpoint_handler(data); 340 break; 341 case DIE_SSTEP: 342 ret = single_step_dabr_instruction(data); 343 break; 344 } 345 346 return ret; 347 } 348 349 /* 350 * Release the user breakpoints used by ptrace 351 */ 352 void flush_ptrace_hw_breakpoint(struct task_struct *tsk) 353 { 354 struct thread_struct *t = &tsk->thread; 355 356 unregister_hw_breakpoint(t->ptrace_bps[0]); 357 t->ptrace_bps[0] = NULL; 358 } 359 360 void hw_breakpoint_pmu_read(struct perf_event *bp) 361 { 362 /* TODO */ 363 } 364