1 /* 2 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility, 3 * using the CPU's debug registers. Derived from 4 * "arch/x86/kernel/hw_breakpoint.c" 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 * GNU General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 19 * 20 * Copyright 2010 IBM Corporation 21 * Author: K.Prasad <prasad@linux.vnet.ibm.com> 22 * 23 */ 24 25 #include <linux/hw_breakpoint.h> 26 #include <linux/notifier.h> 27 #include <linux/kprobes.h> 28 #include <linux/percpu.h> 29 #include <linux/kernel.h> 30 #include <linux/sched.h> 31 #include <linux/smp.h> 32 33 #include <asm/hw_breakpoint.h> 34 #include <asm/processor.h> 35 #include <asm/sstep.h> 36 #include <asm/debug.h> 37 #include <linux/uaccess.h> 38 39 /* 40 * Stores the breakpoints currently in use on each breakpoint address 41 * register for every cpu 42 */ 43 static DEFINE_PER_CPU(struct perf_event *, bp_per_reg); 44 45 /* 46 * Returns total number of data or instruction breakpoints available. 47 */ 48 int hw_breakpoint_slots(int type) 49 { 50 if (type == TYPE_DATA) 51 return HBP_NUM; 52 return 0; /* no instruction breakpoints available */ 53 } 54 55 /* 56 * Install a perf counter breakpoint. 57 * 58 * We seek a free debug address register and use it for this 59 * breakpoint. 60 * 61 * Atomic: we hold the counter->ctx->lock and we only handle variables 62 * and registers local to this cpu. 63 */ 64 int arch_install_hw_breakpoint(struct perf_event *bp) 65 { 66 struct arch_hw_breakpoint *info = counter_arch_bp(bp); 67 struct perf_event **slot = this_cpu_ptr(&bp_per_reg); 68 69 *slot = bp; 70 71 /* 72 * Do not install DABR values if the instruction must be single-stepped. 73 * If so, DABR will be populated in single_step_dabr_instruction(). 74 */ 75 if (current->thread.last_hit_ubp != bp) 76 __set_breakpoint(info); 77 78 return 0; 79 } 80 81 /* 82 * Uninstall the breakpoint contained in the given counter. 83 * 84 * First we search the debug address register it uses and then we disable 85 * it. 86 * 87 * Atomic: we hold the counter->ctx->lock and we only handle variables 88 * and registers local to this cpu. 89 */ 90 void arch_uninstall_hw_breakpoint(struct perf_event *bp) 91 { 92 struct perf_event **slot = this_cpu_ptr(&bp_per_reg); 93 94 if (*slot != bp) { 95 WARN_ONCE(1, "Can't find the breakpoint"); 96 return; 97 } 98 99 *slot = NULL; 100 hw_breakpoint_disable(); 101 } 102 103 /* 104 * Perform cleanup of arch-specific counters during unregistration 105 * of the perf-event 106 */ 107 void arch_unregister_hw_breakpoint(struct perf_event *bp) 108 { 109 /* 110 * If the breakpoint is unregistered between a hw_breakpoint_handler() 111 * and the single_step_dabr_instruction(), then cleanup the breakpoint 112 * restoration variables to prevent dangling pointers. 113 * FIXME, this should not be using bp->ctx at all! Sayeth peterz. 114 */ 115 if (bp->ctx && bp->ctx->task && bp->ctx->task != ((void *)-1L)) 116 bp->ctx->task->thread.last_hit_ubp = NULL; 117 } 118 119 /* 120 * Check for virtual address in kernel space. 121 */ 122 int arch_check_bp_in_kernelspace(struct arch_hw_breakpoint *hw) 123 { 124 return is_kernel_addr(hw->address); 125 } 126 127 int arch_bp_generic_fields(int type, int *gen_bp_type) 128 { 129 *gen_bp_type = 0; 130 if (type & HW_BRK_TYPE_READ) 131 *gen_bp_type |= HW_BREAKPOINT_R; 132 if (type & HW_BRK_TYPE_WRITE) 133 *gen_bp_type |= HW_BREAKPOINT_W; 134 if (*gen_bp_type == 0) 135 return -EINVAL; 136 return 0; 137 } 138 139 /* 140 * Validate the arch-specific HW Breakpoint register settings 141 */ 142 int hw_breakpoint_arch_parse(struct perf_event *bp, 143 const struct perf_event_attr *attr, 144 struct arch_hw_breakpoint *hw) 145 { 146 int ret = -EINVAL, length_max; 147 148 if (!bp) 149 return ret; 150 151 hw->type = HW_BRK_TYPE_TRANSLATE; 152 if (attr->bp_type & HW_BREAKPOINT_R) 153 hw->type |= HW_BRK_TYPE_READ; 154 if (attr->bp_type & HW_BREAKPOINT_W) 155 hw->type |= HW_BRK_TYPE_WRITE; 156 if (hw->type == HW_BRK_TYPE_TRANSLATE) 157 /* must set alteast read or write */ 158 return ret; 159 if (!attr->exclude_user) 160 hw->type |= HW_BRK_TYPE_USER; 161 if (!attr->exclude_kernel) 162 hw->type |= HW_BRK_TYPE_KERNEL; 163 if (!attr->exclude_hv) 164 hw->type |= HW_BRK_TYPE_HYP; 165 hw->address = attr->bp_addr; 166 hw->len = attr->bp_len; 167 168 /* 169 * Since breakpoint length can be a maximum of HW_BREAKPOINT_LEN(8) 170 * and breakpoint addresses are aligned to nearest double-word 171 * HW_BREAKPOINT_ALIGN by rounding off to the lower address, the 172 * 'symbolsize' should satisfy the check below. 173 */ 174 if (!ppc_breakpoint_available()) 175 return -ENODEV; 176 length_max = 8; /* DABR */ 177 if (cpu_has_feature(CPU_FTR_DAWR)) { 178 length_max = 512 ; /* 64 doublewords */ 179 /* DAWR region can't cross 512 boundary */ 180 if ((attr->bp_addr >> 9) != 181 ((attr->bp_addr + attr->bp_len - 1) >> 9)) 182 return -EINVAL; 183 } 184 if (hw->len > 185 (length_max - (hw->address & HW_BREAKPOINT_ALIGN))) 186 return -EINVAL; 187 return 0; 188 } 189 190 /* 191 * Restores the breakpoint on the debug registers. 192 * Invoke this function if it is known that the execution context is 193 * about to change to cause loss of MSR_SE settings. 194 */ 195 void thread_change_pc(struct task_struct *tsk, struct pt_regs *regs) 196 { 197 struct arch_hw_breakpoint *info; 198 199 if (likely(!tsk->thread.last_hit_ubp)) 200 return; 201 202 info = counter_arch_bp(tsk->thread.last_hit_ubp); 203 regs->msr &= ~MSR_SE; 204 __set_breakpoint(info); 205 tsk->thread.last_hit_ubp = NULL; 206 } 207 208 /* 209 * Handle debug exception notifications. 210 */ 211 int hw_breakpoint_handler(struct die_args *args) 212 { 213 int rc = NOTIFY_STOP; 214 struct perf_event *bp; 215 struct pt_regs *regs = args->regs; 216 #ifndef CONFIG_PPC_8xx 217 int stepped = 1; 218 unsigned int instr; 219 #endif 220 struct arch_hw_breakpoint *info; 221 unsigned long dar = regs->dar; 222 223 /* Disable breakpoints during exception handling */ 224 hw_breakpoint_disable(); 225 226 /* 227 * The counter may be concurrently released but that can only 228 * occur from a call_rcu() path. We can then safely fetch 229 * the breakpoint, use its callback, touch its counter 230 * while we are in an rcu_read_lock() path. 231 */ 232 rcu_read_lock(); 233 234 bp = __this_cpu_read(bp_per_reg); 235 if (!bp) { 236 rc = NOTIFY_DONE; 237 goto out; 238 } 239 info = counter_arch_bp(bp); 240 241 /* 242 * Return early after invoking user-callback function without restoring 243 * DABR if the breakpoint is from ptrace which always operates in 244 * one-shot mode. The ptrace-ed process will receive the SIGTRAP signal 245 * generated in do_dabr(). 246 */ 247 if (bp->overflow_handler == ptrace_triggered) { 248 perf_bp_event(bp, regs); 249 rc = NOTIFY_DONE; 250 goto out; 251 } 252 253 /* 254 * Verify if dar lies within the address range occupied by the symbol 255 * being watched to filter extraneous exceptions. If it doesn't, 256 * we still need to single-step the instruction, but we don't 257 * generate an event. 258 */ 259 info->type &= ~HW_BRK_TYPE_EXTRANEOUS_IRQ; 260 if (!((bp->attr.bp_addr <= dar) && 261 (dar - bp->attr.bp_addr < bp->attr.bp_len))) 262 info->type |= HW_BRK_TYPE_EXTRANEOUS_IRQ; 263 264 #ifndef CONFIG_PPC_8xx 265 /* Do not emulate user-space instructions, instead single-step them */ 266 if (user_mode(regs)) { 267 current->thread.last_hit_ubp = bp; 268 regs->msr |= MSR_SE; 269 goto out; 270 } 271 272 stepped = 0; 273 instr = 0; 274 if (!__get_user_inatomic(instr, (unsigned int *) regs->nip)) 275 stepped = emulate_step(regs, instr); 276 277 /* 278 * emulate_step() could not execute it. We've failed in reliably 279 * handling the hw-breakpoint. Unregister it and throw a warning 280 * message to let the user know about it. 281 */ 282 if (!stepped) { 283 WARN(1, "Unable to handle hardware breakpoint. Breakpoint at " 284 "0x%lx will be disabled.", info->address); 285 perf_event_disable_inatomic(bp); 286 goto out; 287 } 288 #endif 289 /* 290 * As a policy, the callback is invoked in a 'trigger-after-execute' 291 * fashion 292 */ 293 if (!(info->type & HW_BRK_TYPE_EXTRANEOUS_IRQ)) 294 perf_bp_event(bp, regs); 295 296 __set_breakpoint(info); 297 out: 298 rcu_read_unlock(); 299 return rc; 300 } 301 NOKPROBE_SYMBOL(hw_breakpoint_handler); 302 303 /* 304 * Handle single-step exceptions following a DABR hit. 305 */ 306 static int single_step_dabr_instruction(struct die_args *args) 307 { 308 struct pt_regs *regs = args->regs; 309 struct perf_event *bp = NULL; 310 struct arch_hw_breakpoint *info; 311 312 bp = current->thread.last_hit_ubp; 313 /* 314 * Check if we are single-stepping as a result of a 315 * previous HW Breakpoint exception 316 */ 317 if (!bp) 318 return NOTIFY_DONE; 319 320 info = counter_arch_bp(bp); 321 322 /* 323 * We shall invoke the user-defined callback function in the single 324 * stepping handler to confirm to 'trigger-after-execute' semantics 325 */ 326 if (!(info->type & HW_BRK_TYPE_EXTRANEOUS_IRQ)) 327 perf_bp_event(bp, regs); 328 329 __set_breakpoint(info); 330 current->thread.last_hit_ubp = NULL; 331 332 /* 333 * If the process was being single-stepped by ptrace, let the 334 * other single-step actions occur (e.g. generate SIGTRAP). 335 */ 336 if (test_thread_flag(TIF_SINGLESTEP)) 337 return NOTIFY_DONE; 338 339 return NOTIFY_STOP; 340 } 341 NOKPROBE_SYMBOL(single_step_dabr_instruction); 342 343 /* 344 * Handle debug exception notifications. 345 */ 346 int hw_breakpoint_exceptions_notify( 347 struct notifier_block *unused, unsigned long val, void *data) 348 { 349 int ret = NOTIFY_DONE; 350 351 switch (val) { 352 case DIE_DABR_MATCH: 353 ret = hw_breakpoint_handler(data); 354 break; 355 case DIE_SSTEP: 356 ret = single_step_dabr_instruction(data); 357 break; 358 } 359 360 return ret; 361 } 362 NOKPROBE_SYMBOL(hw_breakpoint_exceptions_notify); 363 364 /* 365 * Release the user breakpoints used by ptrace 366 */ 367 void flush_ptrace_hw_breakpoint(struct task_struct *tsk) 368 { 369 struct thread_struct *t = &tsk->thread; 370 371 unregister_hw_breakpoint(t->ptrace_bps[0]); 372 t->ptrace_bps[0] = NULL; 373 } 374 375 void hw_breakpoint_pmu_read(struct perf_event *bp) 376 { 377 /* TODO */ 378 } 379