1 /* 2 * This program is free software; you can redistribute it and/or modify 3 * it under the terms of the GNU General Public License version 2 as 4 * published by the Free Software Foundation. 5 * 6 * This program is distributed in the hope that it will be useful, 7 * but WITHOUT ANY WARRANTY; without even the implied warranty of 8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 9 * GNU General Public License for more details. 10 * 11 * You should have received a copy of the GNU General Public License 12 * along with this program; if not, write to the Free Software 13 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 14 * 15 * Copyright (C) 2009, 2010 ARM Limited 16 * 17 * Author: Will Deacon <will.deacon@arm.com> 18 */ 19 20 /* 21 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility, 22 * using the CPU's debug registers. 23 */ 24 #define pr_fmt(fmt) "hw-breakpoint: " fmt 25 26 #include <linux/errno.h> 27 #include <linux/hardirq.h> 28 #include <linux/perf_event.h> 29 #include <linux/hw_breakpoint.h> 30 #include <linux/smp.h> 31 #include <linux/cpu_pm.h> 32 33 #include <asm/cacheflush.h> 34 #include <asm/cputype.h> 35 #include <asm/current.h> 36 #include <asm/hw_breakpoint.h> 37 #include <asm/kdebug.h> 38 #include <asm/traps.h> 39 #include <asm/hardware/coresight.h> 40 41 /* Breakpoint currently in use for each BRP. */ 42 static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]); 43 44 /* Watchpoint currently in use for each WRP. */ 45 static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]); 46 47 /* Number of BRP/WRP registers on this CPU. */ 48 static int core_num_brps; 49 static int core_num_wrps; 50 51 /* Debug architecture version. */ 52 static u8 debug_arch; 53 54 /* Does debug architecture support OS Save and Restore? */ 55 static bool has_ossr; 56 57 /* Maximum supported watchpoint length. */ 58 static u8 max_watchpoint_len; 59 60 #define READ_WB_REG_CASE(OP2, M, VAL) \ 61 case ((OP2 << 4) + M): \ 62 ARM_DBG_READ(c0, c ## M, OP2, VAL); \ 63 break 64 65 #define WRITE_WB_REG_CASE(OP2, M, VAL) \ 66 case ((OP2 << 4) + M): \ 67 ARM_DBG_WRITE(c0, c ## M, OP2, VAL); \ 68 break 69 70 #define GEN_READ_WB_REG_CASES(OP2, VAL) \ 71 READ_WB_REG_CASE(OP2, 0, VAL); \ 72 READ_WB_REG_CASE(OP2, 1, VAL); \ 73 READ_WB_REG_CASE(OP2, 2, VAL); \ 74 READ_WB_REG_CASE(OP2, 3, VAL); \ 75 READ_WB_REG_CASE(OP2, 4, VAL); \ 76 READ_WB_REG_CASE(OP2, 5, VAL); \ 77 READ_WB_REG_CASE(OP2, 6, VAL); \ 78 READ_WB_REG_CASE(OP2, 7, VAL); \ 79 READ_WB_REG_CASE(OP2, 8, VAL); \ 80 READ_WB_REG_CASE(OP2, 9, VAL); \ 81 READ_WB_REG_CASE(OP2, 10, VAL); \ 82 READ_WB_REG_CASE(OP2, 11, VAL); \ 83 READ_WB_REG_CASE(OP2, 12, VAL); \ 84 READ_WB_REG_CASE(OP2, 13, VAL); \ 85 READ_WB_REG_CASE(OP2, 14, VAL); \ 86 READ_WB_REG_CASE(OP2, 15, VAL) 87 88 #define GEN_WRITE_WB_REG_CASES(OP2, VAL) \ 89 WRITE_WB_REG_CASE(OP2, 0, VAL); \ 90 WRITE_WB_REG_CASE(OP2, 1, VAL); \ 91 WRITE_WB_REG_CASE(OP2, 2, VAL); \ 92 WRITE_WB_REG_CASE(OP2, 3, VAL); \ 93 WRITE_WB_REG_CASE(OP2, 4, VAL); \ 94 WRITE_WB_REG_CASE(OP2, 5, VAL); \ 95 WRITE_WB_REG_CASE(OP2, 6, VAL); \ 96 WRITE_WB_REG_CASE(OP2, 7, VAL); \ 97 WRITE_WB_REG_CASE(OP2, 8, VAL); \ 98 WRITE_WB_REG_CASE(OP2, 9, VAL); \ 99 WRITE_WB_REG_CASE(OP2, 10, VAL); \ 100 WRITE_WB_REG_CASE(OP2, 11, VAL); \ 101 WRITE_WB_REG_CASE(OP2, 12, VAL); \ 102 WRITE_WB_REG_CASE(OP2, 13, VAL); \ 103 WRITE_WB_REG_CASE(OP2, 14, VAL); \ 104 WRITE_WB_REG_CASE(OP2, 15, VAL) 105 106 static u32 read_wb_reg(int n) 107 { 108 u32 val = 0; 109 110 switch (n) { 111 GEN_READ_WB_REG_CASES(ARM_OP2_BVR, val); 112 GEN_READ_WB_REG_CASES(ARM_OP2_BCR, val); 113 GEN_READ_WB_REG_CASES(ARM_OP2_WVR, val); 114 GEN_READ_WB_REG_CASES(ARM_OP2_WCR, val); 115 default: 116 pr_warning("attempt to read from unknown breakpoint " 117 "register %d\n", n); 118 } 119 120 return val; 121 } 122 123 static void write_wb_reg(int n, u32 val) 124 { 125 switch (n) { 126 GEN_WRITE_WB_REG_CASES(ARM_OP2_BVR, val); 127 GEN_WRITE_WB_REG_CASES(ARM_OP2_BCR, val); 128 GEN_WRITE_WB_REG_CASES(ARM_OP2_WVR, val); 129 GEN_WRITE_WB_REG_CASES(ARM_OP2_WCR, val); 130 default: 131 pr_warning("attempt to write to unknown breakpoint " 132 "register %d\n", n); 133 } 134 isb(); 135 } 136 137 /* Determine debug architecture. */ 138 static u8 get_debug_arch(void) 139 { 140 u32 didr; 141 142 /* Do we implement the extended CPUID interface? */ 143 if (((read_cpuid_id() >> 16) & 0xf) != 0xf) { 144 pr_warn_once("CPUID feature registers not supported. " 145 "Assuming v6 debug is present.\n"); 146 return ARM_DEBUG_ARCH_V6; 147 } 148 149 ARM_DBG_READ(c0, c0, 0, didr); 150 return (didr >> 16) & 0xf; 151 } 152 153 u8 arch_get_debug_arch(void) 154 { 155 return debug_arch; 156 } 157 158 static int debug_arch_supported(void) 159 { 160 u8 arch = get_debug_arch(); 161 162 /* We don't support the memory-mapped interface. */ 163 return (arch >= ARM_DEBUG_ARCH_V6 && arch <= ARM_DEBUG_ARCH_V7_ECP14) || 164 arch >= ARM_DEBUG_ARCH_V7_1; 165 } 166 167 /* Can we determine the watchpoint access type from the fsr? */ 168 static int debug_exception_updates_fsr(void) 169 { 170 return get_debug_arch() >= ARM_DEBUG_ARCH_V8; 171 } 172 173 /* Determine number of WRP registers available. */ 174 static int get_num_wrp_resources(void) 175 { 176 u32 didr; 177 ARM_DBG_READ(c0, c0, 0, didr); 178 return ((didr >> 28) & 0xf) + 1; 179 } 180 181 /* Determine number of BRP registers available. */ 182 static int get_num_brp_resources(void) 183 { 184 u32 didr; 185 ARM_DBG_READ(c0, c0, 0, didr); 186 return ((didr >> 24) & 0xf) + 1; 187 } 188 189 /* Does this core support mismatch breakpoints? */ 190 static int core_has_mismatch_brps(void) 191 { 192 return (get_debug_arch() >= ARM_DEBUG_ARCH_V7_ECP14 && 193 get_num_brp_resources() > 1); 194 } 195 196 /* Determine number of usable WRPs available. */ 197 static int get_num_wrps(void) 198 { 199 /* 200 * On debug architectures prior to 7.1, when a watchpoint fires, the 201 * only way to work out which watchpoint it was is by disassembling 202 * the faulting instruction and working out the address of the memory 203 * access. 204 * 205 * Furthermore, we can only do this if the watchpoint was precise 206 * since imprecise watchpoints prevent us from calculating register 207 * based addresses. 208 * 209 * Providing we have more than 1 breakpoint register, we only report 210 * a single watchpoint register for the time being. This way, we always 211 * know which watchpoint fired. In the future we can either add a 212 * disassembler and address generation emulator, or we can insert a 213 * check to see if the DFAR is set on watchpoint exception entry 214 * [the ARM ARM states that the DFAR is UNKNOWN, but experience shows 215 * that it is set on some implementations]. 216 */ 217 if (get_debug_arch() < ARM_DEBUG_ARCH_V7_1) 218 return 1; 219 220 return get_num_wrp_resources(); 221 } 222 223 /* Determine number of usable BRPs available. */ 224 static int get_num_brps(void) 225 { 226 int brps = get_num_brp_resources(); 227 return core_has_mismatch_brps() ? brps - 1 : brps; 228 } 229 230 /* 231 * In order to access the breakpoint/watchpoint control registers, 232 * we must be running in debug monitor mode. Unfortunately, we can 233 * be put into halting debug mode at any time by an external debugger 234 * but there is nothing we can do to prevent that. 235 */ 236 static int monitor_mode_enabled(void) 237 { 238 u32 dscr; 239 ARM_DBG_READ(c0, c1, 0, dscr); 240 return !!(dscr & ARM_DSCR_MDBGEN); 241 } 242 243 static int enable_monitor_mode(void) 244 { 245 u32 dscr; 246 ARM_DBG_READ(c0, c1, 0, dscr); 247 248 /* If monitor mode is already enabled, just return. */ 249 if (dscr & ARM_DSCR_MDBGEN) 250 goto out; 251 252 /* Write to the corresponding DSCR. */ 253 switch (get_debug_arch()) { 254 case ARM_DEBUG_ARCH_V6: 255 case ARM_DEBUG_ARCH_V6_1: 256 ARM_DBG_WRITE(c0, c1, 0, (dscr | ARM_DSCR_MDBGEN)); 257 break; 258 case ARM_DEBUG_ARCH_V7_ECP14: 259 case ARM_DEBUG_ARCH_V7_1: 260 case ARM_DEBUG_ARCH_V8: 261 ARM_DBG_WRITE(c0, c2, 2, (dscr | ARM_DSCR_MDBGEN)); 262 isb(); 263 break; 264 default: 265 return -ENODEV; 266 } 267 268 /* Check that the write made it through. */ 269 ARM_DBG_READ(c0, c1, 0, dscr); 270 if (!(dscr & ARM_DSCR_MDBGEN)) { 271 pr_warn_once("Failed to enable monitor mode on CPU %d.\n", 272 smp_processor_id()); 273 return -EPERM; 274 } 275 276 out: 277 return 0; 278 } 279 280 int hw_breakpoint_slots(int type) 281 { 282 if (!debug_arch_supported()) 283 return 0; 284 285 /* 286 * We can be called early, so don't rely on 287 * our static variables being initialised. 288 */ 289 switch (type) { 290 case TYPE_INST: 291 return get_num_brps(); 292 case TYPE_DATA: 293 return get_num_wrps(); 294 default: 295 pr_warning("unknown slot type: %d\n", type); 296 return 0; 297 } 298 } 299 300 /* 301 * Check if 8-bit byte-address select is available. 302 * This clobbers WRP 0. 303 */ 304 static u8 get_max_wp_len(void) 305 { 306 u32 ctrl_reg; 307 struct arch_hw_breakpoint_ctrl ctrl; 308 u8 size = 4; 309 310 if (debug_arch < ARM_DEBUG_ARCH_V7_ECP14) 311 goto out; 312 313 memset(&ctrl, 0, sizeof(ctrl)); 314 ctrl.len = ARM_BREAKPOINT_LEN_8; 315 ctrl_reg = encode_ctrl_reg(ctrl); 316 317 write_wb_reg(ARM_BASE_WVR, 0); 318 write_wb_reg(ARM_BASE_WCR, ctrl_reg); 319 if ((read_wb_reg(ARM_BASE_WCR) & ctrl_reg) == ctrl_reg) 320 size = 8; 321 322 out: 323 return size; 324 } 325 326 u8 arch_get_max_wp_len(void) 327 { 328 return max_watchpoint_len; 329 } 330 331 /* 332 * Install a perf counter breakpoint. 333 */ 334 int arch_install_hw_breakpoint(struct perf_event *bp) 335 { 336 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 337 struct perf_event **slot, **slots; 338 int i, max_slots, ctrl_base, val_base; 339 u32 addr, ctrl; 340 341 addr = info->address; 342 ctrl = encode_ctrl_reg(info->ctrl) | 0x1; 343 344 if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) { 345 /* Breakpoint */ 346 ctrl_base = ARM_BASE_BCR; 347 val_base = ARM_BASE_BVR; 348 slots = this_cpu_ptr(bp_on_reg); 349 max_slots = core_num_brps; 350 } else { 351 /* Watchpoint */ 352 ctrl_base = ARM_BASE_WCR; 353 val_base = ARM_BASE_WVR; 354 slots = this_cpu_ptr(wp_on_reg); 355 max_slots = core_num_wrps; 356 } 357 358 for (i = 0; i < max_slots; ++i) { 359 slot = &slots[i]; 360 361 if (!*slot) { 362 *slot = bp; 363 break; 364 } 365 } 366 367 if (i == max_slots) { 368 pr_warning("Can't find any breakpoint slot\n"); 369 return -EBUSY; 370 } 371 372 /* Override the breakpoint data with the step data. */ 373 if (info->step_ctrl.enabled) { 374 addr = info->trigger & ~0x3; 375 ctrl = encode_ctrl_reg(info->step_ctrl); 376 if (info->ctrl.type != ARM_BREAKPOINT_EXECUTE) { 377 i = 0; 378 ctrl_base = ARM_BASE_BCR + core_num_brps; 379 val_base = ARM_BASE_BVR + core_num_brps; 380 } 381 } 382 383 /* Setup the address register. */ 384 write_wb_reg(val_base + i, addr); 385 386 /* Setup the control register. */ 387 write_wb_reg(ctrl_base + i, ctrl); 388 return 0; 389 } 390 391 void arch_uninstall_hw_breakpoint(struct perf_event *bp) 392 { 393 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 394 struct perf_event **slot, **slots; 395 int i, max_slots, base; 396 397 if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) { 398 /* Breakpoint */ 399 base = ARM_BASE_BCR; 400 slots = this_cpu_ptr(bp_on_reg); 401 max_slots = core_num_brps; 402 } else { 403 /* Watchpoint */ 404 base = ARM_BASE_WCR; 405 slots = this_cpu_ptr(wp_on_reg); 406 max_slots = core_num_wrps; 407 } 408 409 /* Remove the breakpoint. */ 410 for (i = 0; i < max_slots; ++i) { 411 slot = &slots[i]; 412 413 if (*slot == bp) { 414 *slot = NULL; 415 break; 416 } 417 } 418 419 if (i == max_slots) { 420 pr_warning("Can't find any breakpoint slot\n"); 421 return; 422 } 423 424 /* Ensure that we disable the mismatch breakpoint. */ 425 if (info->ctrl.type != ARM_BREAKPOINT_EXECUTE && 426 info->step_ctrl.enabled) { 427 i = 0; 428 base = ARM_BASE_BCR + core_num_brps; 429 } 430 431 /* Reset the control register. */ 432 write_wb_reg(base + i, 0); 433 } 434 435 static int get_hbp_len(u8 hbp_len) 436 { 437 unsigned int len_in_bytes = 0; 438 439 switch (hbp_len) { 440 case ARM_BREAKPOINT_LEN_1: 441 len_in_bytes = 1; 442 break; 443 case ARM_BREAKPOINT_LEN_2: 444 len_in_bytes = 2; 445 break; 446 case ARM_BREAKPOINT_LEN_4: 447 len_in_bytes = 4; 448 break; 449 case ARM_BREAKPOINT_LEN_8: 450 len_in_bytes = 8; 451 break; 452 } 453 454 return len_in_bytes; 455 } 456 457 /* 458 * Check whether bp virtual address is in kernel space. 459 */ 460 int arch_check_bp_in_kernelspace(struct perf_event *bp) 461 { 462 unsigned int len; 463 unsigned long va; 464 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 465 466 va = info->address; 467 len = get_hbp_len(info->ctrl.len); 468 469 return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE); 470 } 471 472 /* 473 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl. 474 * Hopefully this will disappear when ptrace can bypass the conversion 475 * to generic breakpoint descriptions. 476 */ 477 int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl, 478 int *gen_len, int *gen_type) 479 { 480 /* Type */ 481 switch (ctrl.type) { 482 case ARM_BREAKPOINT_EXECUTE: 483 *gen_type = HW_BREAKPOINT_X; 484 break; 485 case ARM_BREAKPOINT_LOAD: 486 *gen_type = HW_BREAKPOINT_R; 487 break; 488 case ARM_BREAKPOINT_STORE: 489 *gen_type = HW_BREAKPOINT_W; 490 break; 491 case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE: 492 *gen_type = HW_BREAKPOINT_RW; 493 break; 494 default: 495 return -EINVAL; 496 } 497 498 /* Len */ 499 switch (ctrl.len) { 500 case ARM_BREAKPOINT_LEN_1: 501 *gen_len = HW_BREAKPOINT_LEN_1; 502 break; 503 case ARM_BREAKPOINT_LEN_2: 504 *gen_len = HW_BREAKPOINT_LEN_2; 505 break; 506 case ARM_BREAKPOINT_LEN_4: 507 *gen_len = HW_BREAKPOINT_LEN_4; 508 break; 509 case ARM_BREAKPOINT_LEN_8: 510 *gen_len = HW_BREAKPOINT_LEN_8; 511 break; 512 default: 513 return -EINVAL; 514 } 515 516 return 0; 517 } 518 519 /* 520 * Construct an arch_hw_breakpoint from a perf_event. 521 */ 522 static int arch_build_bp_info(struct perf_event *bp) 523 { 524 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 525 526 /* Type */ 527 switch (bp->attr.bp_type) { 528 case HW_BREAKPOINT_X: 529 info->ctrl.type = ARM_BREAKPOINT_EXECUTE; 530 break; 531 case HW_BREAKPOINT_R: 532 info->ctrl.type = ARM_BREAKPOINT_LOAD; 533 break; 534 case HW_BREAKPOINT_W: 535 info->ctrl.type = ARM_BREAKPOINT_STORE; 536 break; 537 case HW_BREAKPOINT_RW: 538 info->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE; 539 break; 540 default: 541 return -EINVAL; 542 } 543 544 /* Len */ 545 switch (bp->attr.bp_len) { 546 case HW_BREAKPOINT_LEN_1: 547 info->ctrl.len = ARM_BREAKPOINT_LEN_1; 548 break; 549 case HW_BREAKPOINT_LEN_2: 550 info->ctrl.len = ARM_BREAKPOINT_LEN_2; 551 break; 552 case HW_BREAKPOINT_LEN_4: 553 info->ctrl.len = ARM_BREAKPOINT_LEN_4; 554 break; 555 case HW_BREAKPOINT_LEN_8: 556 info->ctrl.len = ARM_BREAKPOINT_LEN_8; 557 if ((info->ctrl.type != ARM_BREAKPOINT_EXECUTE) 558 && max_watchpoint_len >= 8) 559 break; 560 default: 561 return -EINVAL; 562 } 563 564 /* 565 * Breakpoints must be of length 2 (thumb) or 4 (ARM) bytes. 566 * Watchpoints can be of length 1, 2, 4 or 8 bytes if supported 567 * by the hardware and must be aligned to the appropriate number of 568 * bytes. 569 */ 570 if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE && 571 info->ctrl.len != ARM_BREAKPOINT_LEN_2 && 572 info->ctrl.len != ARM_BREAKPOINT_LEN_4) 573 return -EINVAL; 574 575 /* Address */ 576 info->address = bp->attr.bp_addr; 577 578 /* Privilege */ 579 info->ctrl.privilege = ARM_BREAKPOINT_USER; 580 if (arch_check_bp_in_kernelspace(bp)) 581 info->ctrl.privilege |= ARM_BREAKPOINT_PRIV; 582 583 /* Enabled? */ 584 info->ctrl.enabled = !bp->attr.disabled; 585 586 /* Mismatch */ 587 info->ctrl.mismatch = 0; 588 589 return 0; 590 } 591 592 /* 593 * Validate the arch-specific HW Breakpoint register settings. 594 */ 595 int arch_validate_hwbkpt_settings(struct perf_event *bp) 596 { 597 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 598 int ret = 0; 599 u32 offset, alignment_mask = 0x3; 600 601 /* Ensure that we are in monitor debug mode. */ 602 if (!monitor_mode_enabled()) 603 return -ENODEV; 604 605 /* Build the arch_hw_breakpoint. */ 606 ret = arch_build_bp_info(bp); 607 if (ret) 608 goto out; 609 610 /* Check address alignment. */ 611 if (info->ctrl.len == ARM_BREAKPOINT_LEN_8) 612 alignment_mask = 0x7; 613 offset = info->address & alignment_mask; 614 switch (offset) { 615 case 0: 616 /* Aligned */ 617 break; 618 case 1: 619 case 2: 620 /* Allow halfword watchpoints and breakpoints. */ 621 if (info->ctrl.len == ARM_BREAKPOINT_LEN_2) 622 break; 623 case 3: 624 /* Allow single byte watchpoint. */ 625 if (info->ctrl.len == ARM_BREAKPOINT_LEN_1) 626 break; 627 default: 628 ret = -EINVAL; 629 goto out; 630 } 631 632 info->address &= ~alignment_mask; 633 info->ctrl.len <<= offset; 634 635 if (!bp->overflow_handler) { 636 /* 637 * Mismatch breakpoints are required for single-stepping 638 * breakpoints. 639 */ 640 if (!core_has_mismatch_brps()) 641 return -EINVAL; 642 643 /* We don't allow mismatch breakpoints in kernel space. */ 644 if (arch_check_bp_in_kernelspace(bp)) 645 return -EPERM; 646 647 /* 648 * Per-cpu breakpoints are not supported by our stepping 649 * mechanism. 650 */ 651 if (!bp->hw.bp_target) 652 return -EINVAL; 653 654 /* 655 * We only support specific access types if the fsr 656 * reports them. 657 */ 658 if (!debug_exception_updates_fsr() && 659 (info->ctrl.type == ARM_BREAKPOINT_LOAD || 660 info->ctrl.type == ARM_BREAKPOINT_STORE)) 661 return -EINVAL; 662 } 663 664 out: 665 return ret; 666 } 667 668 /* 669 * Enable/disable single-stepping over the breakpoint bp at address addr. 670 */ 671 static void enable_single_step(struct perf_event *bp, u32 addr) 672 { 673 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 674 675 arch_uninstall_hw_breakpoint(bp); 676 info->step_ctrl.mismatch = 1; 677 info->step_ctrl.len = ARM_BREAKPOINT_LEN_4; 678 info->step_ctrl.type = ARM_BREAKPOINT_EXECUTE; 679 info->step_ctrl.privilege = info->ctrl.privilege; 680 info->step_ctrl.enabled = 1; 681 info->trigger = addr; 682 arch_install_hw_breakpoint(bp); 683 } 684 685 static void disable_single_step(struct perf_event *bp) 686 { 687 arch_uninstall_hw_breakpoint(bp); 688 counter_arch_bp(bp)->step_ctrl.enabled = 0; 689 arch_install_hw_breakpoint(bp); 690 } 691 692 static void watchpoint_handler(unsigned long addr, unsigned int fsr, 693 struct pt_regs *regs) 694 { 695 int i, access; 696 u32 val, ctrl_reg, alignment_mask; 697 struct perf_event *wp, **slots; 698 struct arch_hw_breakpoint *info; 699 struct arch_hw_breakpoint_ctrl ctrl; 700 701 slots = this_cpu_ptr(wp_on_reg); 702 703 for (i = 0; i < core_num_wrps; ++i) { 704 rcu_read_lock(); 705 706 wp = slots[i]; 707 708 if (wp == NULL) 709 goto unlock; 710 711 info = counter_arch_bp(wp); 712 /* 713 * The DFAR is an unknown value on debug architectures prior 714 * to 7.1. Since we only allow a single watchpoint on these 715 * older CPUs, we can set the trigger to the lowest possible 716 * faulting address. 717 */ 718 if (debug_arch < ARM_DEBUG_ARCH_V7_1) { 719 BUG_ON(i > 0); 720 info->trigger = wp->attr.bp_addr; 721 } else { 722 if (info->ctrl.len == ARM_BREAKPOINT_LEN_8) 723 alignment_mask = 0x7; 724 else 725 alignment_mask = 0x3; 726 727 /* Check if the watchpoint value matches. */ 728 val = read_wb_reg(ARM_BASE_WVR + i); 729 if (val != (addr & ~alignment_mask)) 730 goto unlock; 731 732 /* Possible match, check the byte address select. */ 733 ctrl_reg = read_wb_reg(ARM_BASE_WCR + i); 734 decode_ctrl_reg(ctrl_reg, &ctrl); 735 if (!((1 << (addr & alignment_mask)) & ctrl.len)) 736 goto unlock; 737 738 /* Check that the access type matches. */ 739 if (debug_exception_updates_fsr()) { 740 access = (fsr & ARM_FSR_ACCESS_MASK) ? 741 HW_BREAKPOINT_W : HW_BREAKPOINT_R; 742 if (!(access & hw_breakpoint_type(wp))) 743 goto unlock; 744 } 745 746 /* We have a winner. */ 747 info->trigger = addr; 748 } 749 750 pr_debug("watchpoint fired: address = 0x%x\n", info->trigger); 751 perf_bp_event(wp, regs); 752 753 /* 754 * If no overflow handler is present, insert a temporary 755 * mismatch breakpoint so we can single-step over the 756 * watchpoint trigger. 757 */ 758 if (!wp->overflow_handler) 759 enable_single_step(wp, instruction_pointer(regs)); 760 761 unlock: 762 rcu_read_unlock(); 763 } 764 } 765 766 static void watchpoint_single_step_handler(unsigned long pc) 767 { 768 int i; 769 struct perf_event *wp, **slots; 770 struct arch_hw_breakpoint *info; 771 772 slots = this_cpu_ptr(wp_on_reg); 773 774 for (i = 0; i < core_num_wrps; ++i) { 775 rcu_read_lock(); 776 777 wp = slots[i]; 778 779 if (wp == NULL) 780 goto unlock; 781 782 info = counter_arch_bp(wp); 783 if (!info->step_ctrl.enabled) 784 goto unlock; 785 786 /* 787 * Restore the original watchpoint if we've completed the 788 * single-step. 789 */ 790 if (info->trigger != pc) 791 disable_single_step(wp); 792 793 unlock: 794 rcu_read_unlock(); 795 } 796 } 797 798 static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs) 799 { 800 int i; 801 u32 ctrl_reg, val, addr; 802 struct perf_event *bp, **slots; 803 struct arch_hw_breakpoint *info; 804 struct arch_hw_breakpoint_ctrl ctrl; 805 806 slots = this_cpu_ptr(bp_on_reg); 807 808 /* The exception entry code places the amended lr in the PC. */ 809 addr = regs->ARM_pc; 810 811 /* Check the currently installed breakpoints first. */ 812 for (i = 0; i < core_num_brps; ++i) { 813 rcu_read_lock(); 814 815 bp = slots[i]; 816 817 if (bp == NULL) 818 goto unlock; 819 820 info = counter_arch_bp(bp); 821 822 /* Check if the breakpoint value matches. */ 823 val = read_wb_reg(ARM_BASE_BVR + i); 824 if (val != (addr & ~0x3)) 825 goto mismatch; 826 827 /* Possible match, check the byte address select to confirm. */ 828 ctrl_reg = read_wb_reg(ARM_BASE_BCR + i); 829 decode_ctrl_reg(ctrl_reg, &ctrl); 830 if ((1 << (addr & 0x3)) & ctrl.len) { 831 info->trigger = addr; 832 pr_debug("breakpoint fired: address = 0x%x\n", addr); 833 perf_bp_event(bp, regs); 834 if (!bp->overflow_handler) 835 enable_single_step(bp, addr); 836 goto unlock; 837 } 838 839 mismatch: 840 /* If we're stepping a breakpoint, it can now be restored. */ 841 if (info->step_ctrl.enabled) 842 disable_single_step(bp); 843 unlock: 844 rcu_read_unlock(); 845 } 846 847 /* Handle any pending watchpoint single-step breakpoints. */ 848 watchpoint_single_step_handler(addr); 849 } 850 851 /* 852 * Called from either the Data Abort Handler [watchpoint] or the 853 * Prefetch Abort Handler [breakpoint] with interrupts disabled. 854 */ 855 static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr, 856 struct pt_regs *regs) 857 { 858 int ret = 0; 859 u32 dscr; 860 861 preempt_disable(); 862 863 if (interrupts_enabled(regs)) 864 local_irq_enable(); 865 866 /* We only handle watchpoints and hardware breakpoints. */ 867 ARM_DBG_READ(c0, c1, 0, dscr); 868 869 /* Perform perf callbacks. */ 870 switch (ARM_DSCR_MOE(dscr)) { 871 case ARM_ENTRY_BREAKPOINT: 872 breakpoint_handler(addr, regs); 873 break; 874 case ARM_ENTRY_ASYNC_WATCHPOINT: 875 WARN(1, "Asynchronous watchpoint exception taken. Debugging results may be unreliable\n"); 876 case ARM_ENTRY_SYNC_WATCHPOINT: 877 watchpoint_handler(addr, fsr, regs); 878 break; 879 default: 880 ret = 1; /* Unhandled fault. */ 881 } 882 883 preempt_enable(); 884 885 return ret; 886 } 887 888 /* 889 * One-time initialisation. 890 */ 891 static cpumask_t debug_err_mask; 892 893 static int debug_reg_trap(struct pt_regs *regs, unsigned int instr) 894 { 895 int cpu = smp_processor_id(); 896 897 pr_warning("Debug register access (0x%x) caused undefined instruction on CPU %d\n", 898 instr, cpu); 899 900 /* Set the error flag for this CPU and skip the faulting instruction. */ 901 cpumask_set_cpu(cpu, &debug_err_mask); 902 instruction_pointer(regs) += 4; 903 return 0; 904 } 905 906 static struct undef_hook debug_reg_hook = { 907 .instr_mask = 0x0fe80f10, 908 .instr_val = 0x0e000e10, 909 .fn = debug_reg_trap, 910 }; 911 912 /* Does this core support OS Save and Restore? */ 913 static bool core_has_os_save_restore(void) 914 { 915 u32 oslsr; 916 917 switch (get_debug_arch()) { 918 case ARM_DEBUG_ARCH_V7_1: 919 return true; 920 case ARM_DEBUG_ARCH_V7_ECP14: 921 ARM_DBG_READ(c1, c1, 4, oslsr); 922 if (oslsr & ARM_OSLSR_OSLM0) 923 return true; 924 default: 925 return false; 926 } 927 } 928 929 static void reset_ctrl_regs(void *unused) 930 { 931 int i, raw_num_brps, err = 0, cpu = smp_processor_id(); 932 u32 val; 933 934 /* 935 * v7 debug contains save and restore registers so that debug state 936 * can be maintained across low-power modes without leaving the debug 937 * logic powered up. It is IMPLEMENTATION DEFINED whether we can access 938 * the debug registers out of reset, so we must unlock the OS Lock 939 * Access Register to avoid taking undefined instruction exceptions 940 * later on. 941 */ 942 switch (debug_arch) { 943 case ARM_DEBUG_ARCH_V6: 944 case ARM_DEBUG_ARCH_V6_1: 945 /* ARMv6 cores clear the registers out of reset. */ 946 goto out_mdbgen; 947 case ARM_DEBUG_ARCH_V7_ECP14: 948 /* 949 * Ensure sticky power-down is clear (i.e. debug logic is 950 * powered up). 951 */ 952 ARM_DBG_READ(c1, c5, 4, val); 953 if ((val & 0x1) == 0) 954 err = -EPERM; 955 956 if (!has_ossr) 957 goto clear_vcr; 958 break; 959 case ARM_DEBUG_ARCH_V7_1: 960 /* 961 * Ensure the OS double lock is clear. 962 */ 963 ARM_DBG_READ(c1, c3, 4, val); 964 if ((val & 0x1) == 1) 965 err = -EPERM; 966 break; 967 } 968 969 if (err) { 970 pr_warn_once("CPU %d debug is powered down!\n", cpu); 971 cpumask_or(&debug_err_mask, &debug_err_mask, cpumask_of(cpu)); 972 return; 973 } 974 975 /* 976 * Unconditionally clear the OS lock by writing a value 977 * other than CS_LAR_KEY to the access register. 978 */ 979 ARM_DBG_WRITE(c1, c0, 4, ~CS_LAR_KEY); 980 isb(); 981 982 /* 983 * Clear any configured vector-catch events before 984 * enabling monitor mode. 985 */ 986 clear_vcr: 987 ARM_DBG_WRITE(c0, c7, 0, 0); 988 isb(); 989 990 if (cpumask_intersects(&debug_err_mask, cpumask_of(cpu))) { 991 pr_warn_once("CPU %d failed to disable vector catch\n", cpu); 992 return; 993 } 994 995 /* 996 * The control/value register pairs are UNKNOWN out of reset so 997 * clear them to avoid spurious debug events. 998 */ 999 raw_num_brps = get_num_brp_resources(); 1000 for (i = 0; i < raw_num_brps; ++i) { 1001 write_wb_reg(ARM_BASE_BCR + i, 0UL); 1002 write_wb_reg(ARM_BASE_BVR + i, 0UL); 1003 } 1004 1005 for (i = 0; i < core_num_wrps; ++i) { 1006 write_wb_reg(ARM_BASE_WCR + i, 0UL); 1007 write_wb_reg(ARM_BASE_WVR + i, 0UL); 1008 } 1009 1010 if (cpumask_intersects(&debug_err_mask, cpumask_of(cpu))) { 1011 pr_warn_once("CPU %d failed to clear debug register pairs\n", cpu); 1012 return; 1013 } 1014 1015 /* 1016 * Have a crack at enabling monitor mode. We don't actually need 1017 * it yet, but reporting an error early is useful if it fails. 1018 */ 1019 out_mdbgen: 1020 if (enable_monitor_mode()) 1021 cpumask_or(&debug_err_mask, &debug_err_mask, cpumask_of(cpu)); 1022 } 1023 1024 static int dbg_reset_notify(struct notifier_block *self, 1025 unsigned long action, void *cpu) 1026 { 1027 if ((action & ~CPU_TASKS_FROZEN) == CPU_ONLINE) 1028 smp_call_function_single((int)cpu, reset_ctrl_regs, NULL, 1); 1029 1030 return NOTIFY_OK; 1031 } 1032 1033 static struct notifier_block dbg_reset_nb = { 1034 .notifier_call = dbg_reset_notify, 1035 }; 1036 1037 #ifdef CONFIG_CPU_PM 1038 static int dbg_cpu_pm_notify(struct notifier_block *self, unsigned long action, 1039 void *v) 1040 { 1041 if (action == CPU_PM_EXIT) 1042 reset_ctrl_regs(NULL); 1043 1044 return NOTIFY_OK; 1045 } 1046 1047 static struct notifier_block dbg_cpu_pm_nb = { 1048 .notifier_call = dbg_cpu_pm_notify, 1049 }; 1050 1051 static void __init pm_init(void) 1052 { 1053 cpu_pm_register_notifier(&dbg_cpu_pm_nb); 1054 } 1055 #else 1056 static inline void pm_init(void) 1057 { 1058 } 1059 #endif 1060 1061 static int __init arch_hw_breakpoint_init(void) 1062 { 1063 debug_arch = get_debug_arch(); 1064 1065 if (!debug_arch_supported()) { 1066 pr_info("debug architecture 0x%x unsupported.\n", debug_arch); 1067 return 0; 1068 } 1069 1070 has_ossr = core_has_os_save_restore(); 1071 1072 /* Determine how many BRPs/WRPs are available. */ 1073 core_num_brps = get_num_brps(); 1074 core_num_wrps = get_num_wrps(); 1075 1076 cpu_notifier_register_begin(); 1077 1078 /* 1079 * We need to tread carefully here because DBGSWENABLE may be 1080 * driven low on this core and there isn't an architected way to 1081 * determine that. 1082 */ 1083 register_undef_hook(&debug_reg_hook); 1084 1085 /* 1086 * Reset the breakpoint resources. We assume that a halting 1087 * debugger will leave the world in a nice state for us. 1088 */ 1089 on_each_cpu(reset_ctrl_regs, NULL, 1); 1090 unregister_undef_hook(&debug_reg_hook); 1091 if (!cpumask_empty(&debug_err_mask)) { 1092 core_num_brps = 0; 1093 core_num_wrps = 0; 1094 cpu_notifier_register_done(); 1095 return 0; 1096 } 1097 1098 pr_info("found %d " "%s" "breakpoint and %d watchpoint registers.\n", 1099 core_num_brps, core_has_mismatch_brps() ? "(+1 reserved) " : 1100 "", core_num_wrps); 1101 1102 /* Work out the maximum supported watchpoint length. */ 1103 max_watchpoint_len = get_max_wp_len(); 1104 pr_info("maximum watchpoint size is %u bytes.\n", 1105 max_watchpoint_len); 1106 1107 /* Register debug fault handler. */ 1108 hook_fault_code(FAULT_CODE_DEBUG, hw_breakpoint_pending, SIGTRAP, 1109 TRAP_HWBKPT, "watchpoint debug exception"); 1110 hook_ifault_code(FAULT_CODE_DEBUG, hw_breakpoint_pending, SIGTRAP, 1111 TRAP_HWBKPT, "breakpoint debug exception"); 1112 1113 /* Register hotplug and PM notifiers. */ 1114 __register_cpu_notifier(&dbg_reset_nb); 1115 1116 cpu_notifier_register_done(); 1117 1118 pm_init(); 1119 return 0; 1120 } 1121 arch_initcall(arch_hw_breakpoint_init); 1122 1123 void hw_breakpoint_pmu_read(struct perf_event *bp) 1124 { 1125 } 1126 1127 /* 1128 * Dummy function to register with die_notifier. 1129 */ 1130 int hw_breakpoint_exceptions_notify(struct notifier_block *unused, 1131 unsigned long val, void *data) 1132 { 1133 return NOTIFY_DONE; 1134 } 1135