xref: /openbmc/qemu/target/arm/gdbstub64.c (revision f81198ce)
1 /*
2  * ARM gdb server stub: AArch64 specific functions.
3  *
4  * Copyright (c) 2013 SUSE LINUX Products GmbH
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #include "qemu/osdep.h"
20 #include "qemu/log.h"
21 #include "cpu.h"
22 #include "internals.h"
23 #include "gdbstub/helpers.h"
24 #include "gdbstub/commands.h"
25 #include "tcg/mte_helper.h"
26 #if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX)
27 #include <sys/prctl.h>
28 #include "mte_user_helper.h"
29 #endif
30 
31 int aarch64_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n)
32 {
33     ARMCPU *cpu = ARM_CPU(cs);
34     CPUARMState *env = &cpu->env;
35 
36     if (n < 31) {
37         /* Core integer register.  */
38         return gdb_get_reg64(mem_buf, env->xregs[n]);
39     }
40     switch (n) {
41     case 31:
42         return gdb_get_reg64(mem_buf, env->xregs[31]);
43     case 32:
44         return gdb_get_reg64(mem_buf, env->pc);
45     case 33:
46         return gdb_get_reg32(mem_buf, pstate_read(env));
47     }
48     /* Unknown register.  */
49     return 0;
50 }
51 
52 int aarch64_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n)
53 {
54     ARMCPU *cpu = ARM_CPU(cs);
55     CPUARMState *env = &cpu->env;
56     uint64_t tmp;
57 
58     tmp = ldq_p(mem_buf);
59 
60     if (n < 31) {
61         /* Core integer register.  */
62         env->xregs[n] = tmp;
63         return 8;
64     }
65     switch (n) {
66     case 31:
67         env->xregs[31] = tmp;
68         return 8;
69     case 32:
70         env->pc = tmp;
71         return 8;
72     case 33:
73         /* CPSR */
74         pstate_write(env, tmp);
75         return 4;
76     }
77     /* Unknown register.  */
78     return 0;
79 }
80 
81 int aarch64_gdb_get_fpu_reg(CPUState *cs, GByteArray *buf, int reg)
82 {
83     ARMCPU *cpu = ARM_CPU(cs);
84     CPUARMState *env = &cpu->env;
85 
86     switch (reg) {
87     case 0 ... 31:
88     {
89         /* 128 bit FP register - quads are in LE order */
90         uint64_t *q = aa64_vfp_qreg(env, reg);
91         return gdb_get_reg128(buf, q[1], q[0]);
92     }
93     case 32:
94         /* FPSR */
95         return gdb_get_reg32(buf, vfp_get_fpsr(env));
96     case 33:
97         /* FPCR */
98         return gdb_get_reg32(buf, vfp_get_fpcr(env));
99     default:
100         return 0;
101     }
102 }
103 
104 int aarch64_gdb_set_fpu_reg(CPUState *cs, uint8_t *buf, int reg)
105 {
106     ARMCPU *cpu = ARM_CPU(cs);
107     CPUARMState *env = &cpu->env;
108 
109     switch (reg) {
110     case 0 ... 31:
111         /* 128 bit FP register */
112         {
113             uint64_t *q = aa64_vfp_qreg(env, reg);
114             q[0] = ldq_le_p(buf);
115             q[1] = ldq_le_p(buf + 8);
116             return 16;
117         }
118     case 32:
119         /* FPSR */
120         vfp_set_fpsr(env, ldl_p(buf));
121         return 4;
122     case 33:
123         /* FPCR */
124         vfp_set_fpcr(env, ldl_p(buf));
125         return 4;
126     default:
127         return 0;
128     }
129 }
130 
131 int aarch64_gdb_get_sve_reg(CPUState *cs, GByteArray *buf, int reg)
132 {
133     ARMCPU *cpu = ARM_CPU(cs);
134     CPUARMState *env = &cpu->env;
135 
136     switch (reg) {
137     /* The first 32 registers are the zregs */
138     case 0 ... 31:
139     {
140         int vq, len = 0;
141         for (vq = 0; vq < cpu->sve_max_vq; vq++) {
142             len += gdb_get_reg128(buf,
143                                   env->vfp.zregs[reg].d[vq * 2 + 1],
144                                   env->vfp.zregs[reg].d[vq * 2]);
145         }
146         return len;
147     }
148     case 32:
149         return gdb_get_reg32(buf, vfp_get_fpsr(env));
150     case 33:
151         return gdb_get_reg32(buf, vfp_get_fpcr(env));
152     /* then 16 predicates and the ffr */
153     case 34 ... 50:
154     {
155         int preg = reg - 34;
156         int vq, len = 0;
157         for (vq = 0; vq < cpu->sve_max_vq; vq = vq + 4) {
158             len += gdb_get_reg64(buf, env->vfp.pregs[preg].p[vq / 4]);
159         }
160         return len;
161     }
162     case 51:
163     {
164         /*
165          * We report in Vector Granules (VG) which is 64bit in a Z reg
166          * while the ZCR works in Vector Quads (VQ) which is 128bit chunks.
167          */
168         int vq = sve_vqm1_for_el(env, arm_current_el(env)) + 1;
169         return gdb_get_reg64(buf, vq * 2);
170     }
171     default:
172         /* gdbstub asked for something out our range */
173         qemu_log_mask(LOG_UNIMP, "%s: out of range register %d", __func__, reg);
174         break;
175     }
176 
177     return 0;
178 }
179 
180 int aarch64_gdb_set_sve_reg(CPUState *cs, uint8_t *buf, int reg)
181 {
182     ARMCPU *cpu = ARM_CPU(cs);
183     CPUARMState *env = &cpu->env;
184 
185     /* The first 32 registers are the zregs */
186     switch (reg) {
187     /* The first 32 registers are the zregs */
188     case 0 ... 31:
189     {
190         int vq, len = 0;
191         uint64_t *p = (uint64_t *) buf;
192         for (vq = 0; vq < cpu->sve_max_vq; vq++) {
193             env->vfp.zregs[reg].d[vq * 2 + 1] = *p++;
194             env->vfp.zregs[reg].d[vq * 2] = *p++;
195             len += 16;
196         }
197         return len;
198     }
199     case 32:
200         vfp_set_fpsr(env, *(uint32_t *)buf);
201         return 4;
202     case 33:
203         vfp_set_fpcr(env, *(uint32_t *)buf);
204         return 4;
205     case 34 ... 50:
206     {
207         int preg = reg - 34;
208         int vq, len = 0;
209         uint64_t *p = (uint64_t *) buf;
210         for (vq = 0; vq < cpu->sve_max_vq; vq = vq + 4) {
211             env->vfp.pregs[preg].p[vq / 4] = *p++;
212             len += 8;
213         }
214         return len;
215     }
216     case 51:
217         /* cannot set vg via gdbstub */
218         return 0;
219     default:
220         /* gdbstub asked for something out our range */
221         break;
222     }
223 
224     return 0;
225 }
226 
227 int aarch64_gdb_get_pauth_reg(CPUState *cs, GByteArray *buf, int reg)
228 {
229     ARMCPU *cpu = ARM_CPU(cs);
230     CPUARMState *env = &cpu->env;
231 
232     switch (reg) {
233     case 0: /* pauth_dmask */
234     case 1: /* pauth_cmask */
235     case 2: /* pauth_dmask_high */
236     case 3: /* pauth_cmask_high */
237         /*
238          * Note that older versions of this feature only contained
239          * pauth_{d,c}mask, for use with Linux user processes, and
240          * thus exclusively in the low half of the address space.
241          *
242          * To support system mode, and to debug kernels, two new regs
243          * were added to cover the high half of the address space.
244          * For the purpose of pauth_ptr_mask, we can use any well-formed
245          * address within the address space half -- here, 0 and -1.
246          */
247         {
248             bool is_data = !(reg & 1);
249             bool is_high = reg & 2;
250             ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env);
251             ARMVAParameters param;
252 
253             param = aa64_va_parameters(env, -is_high, mmu_idx, is_data, false);
254             return gdb_get_reg64(buf, pauth_ptr_mask(param));
255         }
256     default:
257         return 0;
258     }
259 }
260 
261 int aarch64_gdb_set_pauth_reg(CPUState *cs, uint8_t *buf, int reg)
262 {
263     /* All pseudo registers are read-only. */
264     return 0;
265 }
266 
267 static void output_vector_union_type(GDBFeatureBuilder *builder, int reg_width,
268                                      const char *name)
269 {
270     struct TypeSize {
271         const char *gdb_type;
272         short size;
273         char sz, suffix;
274     };
275 
276     static const struct TypeSize vec_lanes[] = {
277         /* quads */
278         { "uint128", 128, 'q', 'u' },
279         { "int128", 128, 'q', 's' },
280         /* 64 bit */
281         { "ieee_double", 64, 'd', 'f' },
282         { "uint64", 64, 'd', 'u' },
283         { "int64", 64, 'd', 's' },
284         /* 32 bit */
285         { "ieee_single", 32, 's', 'f' },
286         { "uint32", 32, 's', 'u' },
287         { "int32", 32, 's', 's' },
288         /* 16 bit */
289         { "ieee_half", 16, 'h', 'f' },
290         { "uint16", 16, 'h', 'u' },
291         { "int16", 16, 'h', 's' },
292         /* bytes */
293         { "uint8", 8, 'b', 'u' },
294         { "int8", 8, 'b', 's' },
295     };
296 
297     static const char suf[] = { 'b', 'h', 's', 'd', 'q' };
298     int i, j;
299 
300     /* First define types and totals in a whole VL */
301     for (i = 0; i < ARRAY_SIZE(vec_lanes); i++) {
302         gdb_feature_builder_append_tag(
303             builder, "<vector id=\"%s%c%c\" type=\"%s\" count=\"%d\"/>",
304             name, vec_lanes[i].sz, vec_lanes[i].suffix,
305             vec_lanes[i].gdb_type, reg_width / vec_lanes[i].size);
306     }
307 
308     /*
309      * Now define a union for each size group containing unsigned and
310      * signed and potentially float versions of each size from 128 to
311      * 8 bits.
312      */
313     for (i = 0; i < ARRAY_SIZE(suf); i++) {
314         int bits = 8 << i;
315 
316         gdb_feature_builder_append_tag(builder, "<union id=\"%sn%c\">",
317                                        name, suf[i]);
318         for (j = 0; j < ARRAY_SIZE(vec_lanes); j++) {
319             if (vec_lanes[j].size == bits) {
320                 gdb_feature_builder_append_tag(
321                     builder, "<field name=\"%c\" type=\"%s%c%c\"/>",
322                     vec_lanes[j].suffix, name,
323                     vec_lanes[j].sz, vec_lanes[j].suffix);
324             }
325         }
326         gdb_feature_builder_append_tag(builder, "</union>");
327     }
328 
329     /* And now the final union of unions */
330     gdb_feature_builder_append_tag(builder, "<union id=\"%s\">", name);
331     for (i = ARRAY_SIZE(suf) - 1; i >= 0; i--) {
332         gdb_feature_builder_append_tag(builder,
333                                        "<field name=\"%c\" type=\"%sn%c\"/>",
334                                        suf[i], name, suf[i]);
335     }
336     gdb_feature_builder_append_tag(builder, "</union>");
337 }
338 
339 GDBFeature *arm_gen_dynamic_svereg_feature(CPUState *cs, int base_reg)
340 {
341     ARMCPU *cpu = ARM_CPU(cs);
342     int reg_width = cpu->sve_max_vq * 128;
343     int pred_width = cpu->sve_max_vq * 16;
344     GDBFeatureBuilder builder;
345     char *name;
346     int reg = 0;
347     int i;
348 
349     gdb_feature_builder_init(&builder, &cpu->dyn_svereg_feature.desc,
350                              "org.gnu.gdb.aarch64.sve", "sve-registers.xml",
351                              base_reg);
352 
353     /* Create the vector union type. */
354     output_vector_union_type(&builder, reg_width, "svev");
355 
356     /* Create the predicate vector type. */
357     gdb_feature_builder_append_tag(
358         &builder, "<vector id=\"svep\" type=\"uint8\" count=\"%d\"/>",
359         pred_width / 8);
360 
361     /* Define the vector registers. */
362     for (i = 0; i < 32; i++) {
363         name = g_strdup_printf("z%d", i);
364         gdb_feature_builder_append_reg(&builder, name, reg_width, reg++,
365                                        "svev", NULL);
366     }
367 
368     /* fpscr & status registers */
369     gdb_feature_builder_append_reg(&builder, "fpsr", 32, reg++,
370                                    "int", "float");
371     gdb_feature_builder_append_reg(&builder, "fpcr", 32, reg++,
372                                    "int", "float");
373 
374     /* Define the predicate registers. */
375     for (i = 0; i < 16; i++) {
376         name = g_strdup_printf("p%d", i);
377         gdb_feature_builder_append_reg(&builder, name, pred_width, reg++,
378                                        "svep", NULL);
379     }
380     gdb_feature_builder_append_reg(&builder, "ffr", pred_width, reg++,
381                                    "svep", "vector");
382 
383     /* Define the vector length pseudo-register. */
384     gdb_feature_builder_append_reg(&builder, "vg", 64, reg++, "int", NULL);
385 
386     gdb_feature_builder_end(&builder);
387 
388     return &cpu->dyn_svereg_feature.desc;
389 }
390 
391 #ifdef CONFIG_USER_ONLY
392 int aarch64_gdb_get_tag_ctl_reg(CPUState *cs, GByteArray *buf, int reg)
393 {
394     ARMCPU *cpu = ARM_CPU(cs);
395     CPUARMState *env = &cpu->env;
396     uint64_t tcf0;
397 
398     assert(reg == 0);
399 
400     tcf0 = extract64(env->cp15.sctlr_el[1], 38, 2);
401 
402     return gdb_get_reg64(buf, tcf0);
403 }
404 
405 int aarch64_gdb_set_tag_ctl_reg(CPUState *cs, uint8_t *buf, int reg)
406 {
407     ARMCPU *cpu = ARM_CPU(cs);
408     CPUARMState *env = &cpu->env;
409 
410     uint8_t tcf;
411 
412     assert(reg == 0);
413 
414     tcf = *buf << PR_MTE_TCF_SHIFT;
415 
416     if (!tcf) {
417         return 0;
418     }
419 
420     /*
421      * 'tag_ctl' register is actually a "pseudo-register" provided by GDB to
422      * expose options regarding the type of MTE fault that can be controlled at
423      * runtime.
424      */
425     arm_set_mte_tcf0(env, tcf);
426 
427     return 1;
428 }
429 
430 static void handle_q_memtag(GArray *params, void *user_ctx)
431 {
432     ARMCPU *cpu = ARM_CPU(user_ctx);
433     CPUARMState *env = &cpu->env;
434 
435     uint64_t addr = gdb_get_cmd_param(params, 0)->val_ull;
436     uint64_t len = gdb_get_cmd_param(params, 1)->val_ul;
437     int type = gdb_get_cmd_param(params, 2)->val_ul;
438 
439     uint8_t *tags;
440     uint8_t addr_tag;
441 
442     g_autoptr(GString) str_buf = g_string_new(NULL);
443 
444     /*
445      * GDB does not query multiple tags for a memory range on remote targets, so
446      * that's not supported either by gdbstub.
447      */
448     if (len != 1) {
449         gdb_put_packet("E02");
450     }
451 
452     /* GDB never queries a tag different from an allocation tag (type 1). */
453     if (type != 1) {
454         gdb_put_packet("E03");
455     }
456 
457     /* Note that tags are packed here (2 tags packed in one byte). */
458     tags = allocation_tag_mem_probe(env, 0, addr, MMU_DATA_LOAD, 8 /* 64-bit */,
459                                     MMU_DATA_LOAD, true, 0);
460     if (!tags) {
461         /* Address is not in a tagged region. */
462         gdb_put_packet("E04");
463         return;
464     }
465 
466     /* Unpack tag from byte. */
467     addr_tag = load_tag1(addr, tags);
468     g_string_printf(str_buf, "m%.2x", addr_tag);
469 
470     gdb_put_packet(str_buf->str);
471 }
472 
473 static void handle_q_isaddresstagged(GArray *params, void *user_ctx)
474 {
475     ARMCPU *cpu = ARM_CPU(user_ctx);
476     CPUARMState *env = &cpu->env;
477 
478     uint64_t addr = gdb_get_cmd_param(params, 0)->val_ull;
479 
480     uint8_t *tags;
481     const char *reply;
482 
483     tags = allocation_tag_mem_probe(env, 0, addr, MMU_DATA_LOAD, 8 /* 64-bit */,
484                                     MMU_DATA_LOAD, true, 0);
485     reply = tags ? "01" : "00";
486 
487     gdb_put_packet(reply);
488 }
489 
490 static void handle_Q_memtag(GArray *params, void *user_ctx)
491 {
492     ARMCPU *cpu = ARM_CPU(user_ctx);
493     CPUARMState *env = &cpu->env;
494 
495     uint64_t start_addr = gdb_get_cmd_param(params, 0)->val_ull;
496     uint64_t len = gdb_get_cmd_param(params, 1)->val_ul;
497     int type = gdb_get_cmd_param(params, 2)->val_ul;
498     char const *new_tags_str = gdb_get_cmd_param(params, 3)->data;
499 
500     uint64_t end_addr;
501 
502     int num_new_tags;
503     uint8_t *tags;
504 
505     g_autoptr(GByteArray) new_tags = g_byte_array_new();
506 
507     /*
508      * Only the allocation tag (i.e. type 1) can be set at the stub side.
509      */
510     if (type != 1) {
511         gdb_put_packet("E02");
512         return;
513     }
514 
515     end_addr = start_addr + (len - 1); /* 'len' is always >= 1 */
516     /* Check if request's memory range does not cross page boundaries. */
517     if ((start_addr ^ end_addr) & TARGET_PAGE_MASK) {
518         gdb_put_packet("E03");
519         return;
520     }
521 
522     /*
523      * Get all tags in the page starting from the tag of the start address.
524      * Note that there are two tags packed into a single byte here.
525      */
526     tags = allocation_tag_mem_probe(env, 0, start_addr, MMU_DATA_STORE,
527                                     8 /* 64-bit */, MMU_DATA_STORE, true, 0);
528     if (!tags) {
529         /* Address is not in a tagged region. */
530         gdb_put_packet("E04");
531         return;
532     }
533 
534     /* Convert tags provided by GDB, 2 hex digits per tag. */
535     num_new_tags = strlen(new_tags_str) / 2;
536     gdb_hextomem(new_tags, new_tags_str, num_new_tags);
537 
538     uint64_t address = start_addr;
539     int new_tag_index = 0;
540     while (address <= end_addr) {
541         uint8_t new_tag;
542         int packed_index;
543 
544         /*
545          * Find packed tag index from unpacked tag index. There are two tags
546          * in one packed index (one tag per nibble).
547          */
548         packed_index = new_tag_index / 2;
549 
550         new_tag = new_tags->data[new_tag_index % num_new_tags];
551         store_tag1(address, tags + packed_index, new_tag);
552 
553         address += TAG_GRANULE;
554         new_tag_index++;
555     }
556 
557     gdb_put_packet("OK");
558 }
559 
560 enum Command {
561     qMemTags,
562     qIsAddressTagged,
563     QMemTags,
564     NUM_CMDS
565 };
566 
567 static GdbCmdParseEntry cmd_handler_table[NUM_CMDS] = {
568     [qMemTags] = {
569         .handler = handle_q_memtag,
570         .cmd_startswith = true,
571         .cmd = "MemTags:",
572         .schema = "L,l:l0",
573         .need_cpu_context = true
574     },
575     [qIsAddressTagged] = {
576         .handler = handle_q_isaddresstagged,
577         .cmd_startswith = true,
578         .cmd = "IsAddressTagged:",
579         .schema = "L0",
580         .need_cpu_context = true
581     },
582     [QMemTags] = {
583         .handler = handle_Q_memtag,
584         .cmd_startswith = true,
585         .cmd = "MemTags:",
586         .schema = "L,l:l:s0",
587         .need_cpu_context = true
588     },
589 };
590 #endif /* CONFIG_USER_ONLY */
591 
592 void aarch64_cpu_register_gdb_commands(ARMCPU *cpu, GString *qsupported,
593                                        GArray *qtable, GArray *stable)
594 {
595 #ifdef CONFIG_USER_ONLY
596     /* MTE */
597     if (cpu_isar_feature(aa64_mte, cpu)) {
598         g_string_append(qsupported, ";memory-tagging+");
599 
600         g_array_append_val(qtable, cmd_handler_table[qMemTags]);
601         g_array_append_val(qtable, cmd_handler_table[qIsAddressTagged]);
602 
603         g_array_append_val(stable, cmd_handler_table[QMemTags]);
604     }
605 #endif
606 }
607