]> git.proxmox.com Git - mirror_ubuntu-focal-kernel.git/blob - arch/arm64/kernel/hw_breakpoint.c
projects / mirror_ubuntu-focal-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234
[mirror_ubuntu-focal-kernel.git] / arch / arm64 / kernel / hw_breakpoint.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
4 * using the CPU's debug registers.
5 *
6 * Copyright (C) 2012 ARM Limited
7 * Author: Will Deacon <will.deacon@arm.com>
8 */
9
10 #define pr_fmt(fmt) "hw-breakpoint: " fmt
11
12 #include <linux/compat.h>
13 #include <linux/cpu_pm.h>
14 #include <linux/errno.h>
15 #include <linux/hw_breakpoint.h>
16 #include <linux/kprobes.h>
17 #include <linux/perf_event.h>
18 #include <linux/ptrace.h>
19 #include <linux/smp.h>
20 #include <linux/uaccess.h>
21
22 #include <asm/current.h>
23 #include <asm/debug-monitors.h>
24 #include <asm/hw_breakpoint.h>
25 #include <asm/traps.h>
26 #include <asm/cputype.h>
27 #include <asm/system_misc.h>
28
29 /* Breakpoint currently in use for each BRP. */
30 static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
31
32 /* Watchpoint currently in use for each WRP. */
33 static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]);
34
35 /* Currently stepping a per-CPU kernel breakpoint. */
36 static DEFINE_PER_CPU(int, stepping_kernel_bp);
37
38 /* Number of BRP/WRP registers on this CPU. */
39 static int core_num_brps;
40 static int core_num_wrps;
41
42 int hw_breakpoint_slots(int type)
43 {
44 /*
45 * We can be called early, so don't rely on
46 * our static variables being initialised.
47 */
48 switch (type) {
49 case TYPE_INST:
50 return get_num_brps();
51 case TYPE_DATA:
52 return get_num_wrps();
53 default:
54 pr_warning("unknown slot type: %d\n", type);
55 return 0;
56 }
57 }
58
59 #define READ_WB_REG_CASE(OFF, N, REG, VAL) \
60 case (OFF + N): \
61 AARCH64_DBG_READ(N, REG, VAL); \
62 break
63
64 #define WRITE_WB_REG_CASE(OFF, N, REG, VAL) \
65 case (OFF + N): \
66 AARCH64_DBG_WRITE(N, REG, VAL); \
67 break
68
69 #define GEN_READ_WB_REG_CASES(OFF, REG, VAL) \
70 READ_WB_REG_CASE(OFF, 0, REG, VAL); \
71 READ_WB_REG_CASE(OFF, 1, REG, VAL); \
72 READ_WB_REG_CASE(OFF, 2, REG, VAL); \
73 READ_WB_REG_CASE(OFF, 3, REG, VAL); \
74 READ_WB_REG_CASE(OFF, 4, REG, VAL); \
75 READ_WB_REG_CASE(OFF, 5, REG, VAL); \
76 READ_WB_REG_CASE(OFF, 6, REG, VAL); \
77 READ_WB_REG_CASE(OFF, 7, REG, VAL); \
78 READ_WB_REG_CASE(OFF, 8, REG, VAL); \
79 READ_WB_REG_CASE(OFF, 9, REG, VAL); \
80 READ_WB_REG_CASE(OFF, 10, REG, VAL); \
81 READ_WB_REG_CASE(OFF, 11, REG, VAL); \
82 READ_WB_REG_CASE(OFF, 12, REG, VAL); \
83 READ_WB_REG_CASE(OFF, 13, REG, VAL); \
84 READ_WB_REG_CASE(OFF, 14, REG, VAL); \
85 READ_WB_REG_CASE(OFF, 15, REG, VAL)
86
87 #define GEN_WRITE_WB_REG_CASES(OFF, REG, VAL) \
88 WRITE_WB_REG_CASE(OFF, 0, REG, VAL); \
89 WRITE_WB_REG_CASE(OFF, 1, REG, VAL); \
90 WRITE_WB_REG_CASE(OFF, 2, REG, VAL); \
91 WRITE_WB_REG_CASE(OFF, 3, REG, VAL); \
92 WRITE_WB_REG_CASE(OFF, 4, REG, VAL); \
93 WRITE_WB_REG_CASE(OFF, 5, REG, VAL); \
94 WRITE_WB_REG_CASE(OFF, 6, REG, VAL); \
95 WRITE_WB_REG_CASE(OFF, 7, REG, VAL); \
96 WRITE_WB_REG_CASE(OFF, 8, REG, VAL); \
97 WRITE_WB_REG_CASE(OFF, 9, REG, VAL); \
98 WRITE_WB_REG_CASE(OFF, 10, REG, VAL); \
99 WRITE_WB_REG_CASE(OFF, 11, REG, VAL); \
100 WRITE_WB_REG_CASE(OFF, 12, REG, VAL); \
101 WRITE_WB_REG_CASE(OFF, 13, REG, VAL); \
102 WRITE_WB_REG_CASE(OFF, 14, REG, VAL); \
103 WRITE_WB_REG_CASE(OFF, 15, REG, VAL)
104
105 static u64 read_wb_reg(int reg, int n)
106 {
107 u64 val = 0;
108
109 switch (reg + n) {
110 GEN_READ_WB_REG_CASES(AARCH64_DBG_REG_BVR, AARCH64_DBG_REG_NAME_BVR, val);
111 GEN_READ_WB_REG_CASES(AARCH64_DBG_REG_BCR, AARCH64_DBG_REG_NAME_BCR, val);
112 GEN_READ_WB_REG_CASES(AARCH64_DBG_REG_WVR, AARCH64_DBG_REG_NAME_WVR, val);
113 GEN_READ_WB_REG_CASES(AARCH64_DBG_REG_WCR, AARCH64_DBG_REG_NAME_WCR, val);
114 default:
115 pr_warning("attempt to read from unknown breakpoint register %d\n", n);
116 }
117
118 return val;
119 }
120 NOKPROBE_SYMBOL(read_wb_reg);
121
122 static void write_wb_reg(int reg, int n, u64 val)
123 {
124 switch (reg + n) {
125 GEN_WRITE_WB_REG_CASES(AARCH64_DBG_REG_BVR, AARCH64_DBG_REG_NAME_BVR, val);
126 GEN_WRITE_WB_REG_CASES(AARCH64_DBG_REG_BCR, AARCH64_DBG_REG_NAME_BCR, val);
127 GEN_WRITE_WB_REG_CASES(AARCH64_DBG_REG_WVR, AARCH64_DBG_REG_NAME_WVR, val);
128 GEN_WRITE_WB_REG_CASES(AARCH64_DBG_REG_WCR, AARCH64_DBG_REG_NAME_WCR, val);
129 default:
130 pr_warning("attempt to write to unknown breakpoint register %d\n", n);
131 }
132 isb();
133 }
134 NOKPROBE_SYMBOL(write_wb_reg);
135
136 /*
137 * Convert a breakpoint privilege level to the corresponding exception
138 * level.
139 */
140 static enum dbg_active_el debug_exception_level(int privilege)
141 {
142 switch (privilege) {
143 case AARCH64_BREAKPOINT_EL0:
144 return DBG_ACTIVE_EL0;
145 case AARCH64_BREAKPOINT_EL1:
146 return DBG_ACTIVE_EL1;
147 default:
148 pr_warning("invalid breakpoint privilege level %d\n", privilege);
149 return -EINVAL;
150 }
151 }
152 NOKPROBE_SYMBOL(debug_exception_level);
153
154 enum hw_breakpoint_ops {
155 HW_BREAKPOINT_INSTALL,
156 HW_BREAKPOINT_UNINSTALL,
157 HW_BREAKPOINT_RESTORE
158 };
159
160 static int is_compat_bp(struct perf_event *bp)
161 {
162 struct task_struct *tsk = bp->hw.target;
163
164 /*
165 * tsk can be NULL for per-cpu (non-ptrace) breakpoints.
166 * In this case, use the native interface, since we don't have
167 * the notion of a "compat CPU" and could end up relying on
168 * deprecated behaviour if we use unaligned watchpoints in
169 * AArch64 state.
170 */
171 return tsk && is_compat_thread(task_thread_info(tsk));
172 }
173
174 /**
175 * hw_breakpoint_slot_setup - Find and setup a perf slot according to
176 * operations
177 *
178 * @slots: pointer to array of slots
179 * @max_slots: max number of slots
180 * @bp: perf_event to setup
181 * @ops: operation to be carried out on the slot
182 *
183 * Return:
184 * slot index on success
185 * -ENOSPC if no slot is available/matches
186 * -EINVAL on wrong operations parameter
187 */
188 static int hw_breakpoint_slot_setup(struct perf_event **slots, int max_slots,
189 struct perf_event *bp,
190 enum hw_breakpoint_ops ops)
191 {
192 int i;
193 struct perf_event **slot;
194
195 for (i = 0; i < max_slots; ++i) {
196 slot = &slots[i];
197 switch (ops) {
198 case HW_BREAKPOINT_INSTALL:
199 if (!*slot) {
200 *slot = bp;
201 return i;
202 }
203 break;
204 case HW_BREAKPOINT_UNINSTALL:
205 if (*slot == bp) {
206 *slot = NULL;
207 return i;
208 }
209 break;
210 case HW_BREAKPOINT_RESTORE:
211 if (*slot == bp)
212 return i;
213 break;
214 default:
215 pr_warn_once("Unhandled hw breakpoint ops %d\n", ops);
216 return -EINVAL;
217 }
218 }
219 return -ENOSPC;
220 }
221
222 static int hw_breakpoint_control(struct perf_event *bp,
223 enum hw_breakpoint_ops ops)
224 {
225 struct arch_hw_breakpoint *info = counter_arch_bp(bp);
226 struct perf_event **slots;
227 struct debug_info *debug_info = &current->thread.debug;
228 int i, max_slots, ctrl_reg, val_reg, reg_enable;
229 enum dbg_active_el dbg_el = debug_exception_level(info->ctrl.privilege);
230 u32 ctrl;
231
232 if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
233 /* Breakpoint */
234 ctrl_reg = AARCH64_DBG_REG_BCR;
235 val_reg = AARCH64_DBG_REG_BVR;
236 slots = this_cpu_ptr(bp_on_reg);
237 max_slots = core_num_brps;
238 reg_enable = !debug_info->bps_disabled;
239 } else {
240 /* Watchpoint */
241 ctrl_reg = AARCH64_DBG_REG_WCR;
242 val_reg = AARCH64_DBG_REG_WVR;
243 slots = this_cpu_ptr(wp_on_reg);
244 max_slots = core_num_wrps;
245 reg_enable = !debug_info->wps_disabled;
246 }
247
248 i = hw_breakpoint_slot_setup(slots, max_slots, bp, ops);
249
250 if (WARN_ONCE(i < 0, "Can't find any breakpoint slot"))
251 return i;
252
253 switch (ops) {
254 case HW_BREAKPOINT_INSTALL:
255 /*
256 * Ensure debug monitors are enabled at the correct exception
257 * level.
258 */
259 enable_debug_monitors(dbg_el);
260 /* Fall through */
261 case HW_BREAKPOINT_RESTORE:
262 /* Setup the address register. */
263 write_wb_reg(val_reg, i, info->address);
264
265 /* Setup the control register. */
266 ctrl = encode_ctrl_reg(info->ctrl);
267 write_wb_reg(ctrl_reg, i,
268 reg_enable ? ctrl | 0x1 : ctrl & ~0x1);
269 break;
270 case HW_BREAKPOINT_UNINSTALL:
271 /* Reset the control register. */
272 write_wb_reg(ctrl_reg, i, 0);
273
274 /*
275 * Release the debug monitors for the correct exception
276 * level.
277 */
278 disable_debug_monitors(dbg_el);
279 break;
280 }
281
282 return 0;
283 }
284
285 /*
286 * Install a perf counter breakpoint.
287 */
288 int arch_install_hw_breakpoint(struct perf_event *bp)
289 {
290 return hw_breakpoint_control(bp, HW_BREAKPOINT_INSTALL);
291 }
292
293 void arch_uninstall_hw_breakpoint(struct perf_event *bp)
294 {
295 hw_breakpoint_control(bp, HW_BREAKPOINT_UNINSTALL);
296 }
297
298 static int get_hbp_len(u8 hbp_len)
299 {
300 unsigned int len_in_bytes = 0;
301
302 switch (hbp_len) {
303 case ARM_BREAKPOINT_LEN_1:
304 len_in_bytes = 1;
305 break;
306 case ARM_BREAKPOINT_LEN_2:
307 len_in_bytes = 2;
308 break;
309 case ARM_BREAKPOINT_LEN_3:
310 len_in_bytes = 3;
311 break;
312 case ARM_BREAKPOINT_LEN_4:
313 len_in_bytes = 4;
314 break;
315 case ARM_BREAKPOINT_LEN_5:
316 len_in_bytes = 5;
317 break;
318 case ARM_BREAKPOINT_LEN_6:
319 len_in_bytes = 6;
320 break;
321 case ARM_BREAKPOINT_LEN_7:
322 len_in_bytes = 7;
323 break;
324 case ARM_BREAKPOINT_LEN_8:
325 len_in_bytes = 8;
326 break;
327 }
328
329 return len_in_bytes;
330 }
331
332 /*
333 * Check whether bp virtual address is in kernel space.
334 */
335 int arch_check_bp_in_kernelspace(struct arch_hw_breakpoint *hw)
336 {
337 unsigned int len;
338 unsigned long va;
339
340 va = hw->address;
341 len = get_hbp_len(hw->ctrl.len);
342
343 return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
344 }
345
346 /*
347 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl.
348 * Hopefully this will disappear when ptrace can bypass the conversion
349 * to generic breakpoint descriptions.
350 */
351 int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl,
352 int *gen_len, int *gen_type, int *offset)
353 {
354 /* Type */
355 switch (ctrl.type) {
356 case ARM_BREAKPOINT_EXECUTE:
357 *gen_type = HW_BREAKPOINT_X;
358 break;
359 case ARM_BREAKPOINT_LOAD:
360 *gen_type = HW_BREAKPOINT_R;
361 break;
362 case ARM_BREAKPOINT_STORE:
363 *gen_type = HW_BREAKPOINT_W;
364 break;
365 case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE:
366 *gen_type = HW_BREAKPOINT_RW;
367 break;
368 default:
369 return -EINVAL;
370 }
371
372 if (!ctrl.len)
373 return -EINVAL;
374 *offset = __ffs(ctrl.len);
375
376 /* Len */
377 switch (ctrl.len >> *offset) {
378 case ARM_BREAKPOINT_LEN_1:
379 *gen_len = HW_BREAKPOINT_LEN_1;
380 break;
381 case ARM_BREAKPOINT_LEN_2:
382 *gen_len = HW_BREAKPOINT_LEN_2;
383 break;
384 case ARM_BREAKPOINT_LEN_3:
385 *gen_len = HW_BREAKPOINT_LEN_3;
386 break;
387 case ARM_BREAKPOINT_LEN_4:
388 *gen_len = HW_BREAKPOINT_LEN_4;
389 break;
390 case ARM_BREAKPOINT_LEN_5:
391 *gen_len = HW_BREAKPOINT_LEN_5;
392 break;
393 case ARM_BREAKPOINT_LEN_6:
394 *gen_len = HW_BREAKPOINT_LEN_6;
395 break;
396 case ARM_BREAKPOINT_LEN_7:
397 *gen_len = HW_BREAKPOINT_LEN_7;
398 break;
399 case ARM_BREAKPOINT_LEN_8:
400 *gen_len = HW_BREAKPOINT_LEN_8;
401 break;
402 default:
403 return -EINVAL;
404 }
405
406 return 0;
407 }
408
409 /*
410 * Construct an arch_hw_breakpoint from a perf_event.
411 */
412 static int arch_build_bp_info(struct perf_event *bp,
413 const struct perf_event_attr *attr,
414 struct arch_hw_breakpoint *hw)
415 {
416 /* Type */
417 switch (attr->bp_type) {
418 case HW_BREAKPOINT_X:
419 hw->ctrl.type = ARM_BREAKPOINT_EXECUTE;
420 break;
421 case HW_BREAKPOINT_R:
422 hw->ctrl.type = ARM_BREAKPOINT_LOAD;
423 break;
424 case HW_BREAKPOINT_W:
425 hw->ctrl.type = ARM_BREAKPOINT_STORE;
426 break;
427 case HW_BREAKPOINT_RW:
428 hw->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE;
429 break;
430 default:
431 return -EINVAL;
432 }
433
434 /* Len */
435 switch (attr->bp_len) {
436 case HW_BREAKPOINT_LEN_1:
437 hw->ctrl.len = ARM_BREAKPOINT_LEN_1;
438 break;
439 case HW_BREAKPOINT_LEN_2:
440 hw->ctrl.len = ARM_BREAKPOINT_LEN_2;
441 break;
442 case HW_BREAKPOINT_LEN_3:
443 hw->ctrl.len = ARM_BREAKPOINT_LEN_3;
444 break;
445 case HW_BREAKPOINT_LEN_4:
446 hw->ctrl.len = ARM_BREAKPOINT_LEN_4;
447 break;
448 case HW_BREAKPOINT_LEN_5:
449 hw->ctrl.len = ARM_BREAKPOINT_LEN_5;
450 break;
451 case HW_BREAKPOINT_LEN_6:
452 hw->ctrl.len = ARM_BREAKPOINT_LEN_6;
453 break;
454 case HW_BREAKPOINT_LEN_7:
455 hw->ctrl.len = ARM_BREAKPOINT_LEN_7;
456 break;
457 case HW_BREAKPOINT_LEN_8:
458 hw->ctrl.len = ARM_BREAKPOINT_LEN_8;
459 break;
460 default:
461 return -EINVAL;
462 }
463
464 /*
465 * On AArch64, we only permit breakpoints of length 4, whereas
466 * AArch32 also requires breakpoints of length 2 for Thumb.
467 * Watchpoints can be of length 1, 2, 4 or 8 bytes.
468 */
469 if (hw->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
470 if (is_compat_bp(bp)) {
471 if (hw->ctrl.len != ARM_BREAKPOINT_LEN_2 &&
472 hw->ctrl.len != ARM_BREAKPOINT_LEN_4)
473 return -EINVAL;
474 } else if (hw->ctrl.len != ARM_BREAKPOINT_LEN_4) {
475 /*
476 * FIXME: Some tools (I'm looking at you perf) assume
477 * that breakpoints should be sizeof(long). This
478 * is nonsense. For now, we fix up the parameter
479 * but we should probably return -EINVAL instead.
480 */
481 hw->ctrl.len = ARM_BREAKPOINT_LEN_4;
482 }
483 }
484
485 /* Address */
486 hw->address = attr->bp_addr;
487
488 /*
489 * Privilege
490 * Note that we disallow combined EL0/EL1 breakpoints because
491 * that would complicate the stepping code.
492 */
493 if (arch_check_bp_in_kernelspace(hw))
494 hw->ctrl.privilege = AARCH64_BREAKPOINT_EL1;
495 else
496 hw->ctrl.privilege = AARCH64_BREAKPOINT_EL0;
497
498 /* Enabled? */
499 hw->ctrl.enabled = !attr->disabled;
500
501 return 0;
502 }
503
504 /*
505 * Validate the arch-specific HW Breakpoint register settings.
506 */
507 int hw_breakpoint_arch_parse(struct perf_event *bp,
508 const struct perf_event_attr *attr,
509 struct arch_hw_breakpoint *hw)
510 {
511 int ret;
512 u64 alignment_mask, offset;
513
514 /* Build the arch_hw_breakpoint. */
515 ret = arch_build_bp_info(bp, attr, hw);
516 if (ret)
517 return ret;
518
519 /*
520 * Check address alignment.
521 * We don't do any clever alignment correction for watchpoints
522 * because using 64-bit unaligned addresses is deprecated for
523 * AArch64.
524 *
525 * AArch32 tasks expect some simple alignment fixups, so emulate
526 * that here.
527 */
528 if (is_compat_bp(bp)) {
529 if (hw->ctrl.len == ARM_BREAKPOINT_LEN_8)
530 alignment_mask = 0x7;
531 else
532 alignment_mask = 0x3;
533 offset = hw->address & alignment_mask;
534 switch (offset) {
535 case 0:
536 /* Aligned */
537 break;
538 case 1:
539 /* Allow single byte watchpoint. */
540 if (hw->ctrl.len == ARM_BREAKPOINT_LEN_1)
541 break;
542 case 2:
543 /* Allow halfword watchpoints and breakpoints. */
544 if (hw->ctrl.len == ARM_BREAKPOINT_LEN_2)
545 break;
546 default:
547 return -EINVAL;
548 }
549 } else {
550 if (hw->ctrl.type == ARM_BREAKPOINT_EXECUTE)
551 alignment_mask = 0x3;
552 else
553 alignment_mask = 0x7;
554 offset = hw->address & alignment_mask;
555 }
556
557 hw->address &= ~alignment_mask;
558 hw->ctrl.len <<= offset;
559
560 /*
561 * Disallow per-task kernel breakpoints since these would
562 * complicate the stepping code.
563 */
564 if (hw->ctrl.privilege == AARCH64_BREAKPOINT_EL1 && bp->hw.target)
565 return -EINVAL;
566
567 return 0;
568 }
569
570 /*
571 * Enable/disable all of the breakpoints active at the specified
572 * exception level at the register level.
573 * This is used when single-stepping after a breakpoint exception.
574 */
575 static void toggle_bp_registers(int reg, enum dbg_active_el el, int enable)
576 {
577 int i, max_slots, privilege;
578 u32 ctrl;
579 struct perf_event **slots;
580
581 switch (reg) {
582 case AARCH64_DBG_REG_BCR:
583 slots = this_cpu_ptr(bp_on_reg);
584 max_slots = core_num_brps;
585 break;
586 case AARCH64_DBG_REG_WCR:
587 slots = this_cpu_ptr(wp_on_reg);
588 max_slots = core_num_wrps;
589 break;
590 default:
591 return;
592 }
593
594 for (i = 0; i < max_slots; ++i) {
595 if (!slots[i])
596 continue;
597
598 privilege = counter_arch_bp(slots[i])->ctrl.privilege;
599 if (debug_exception_level(privilege) != el)
600 continue;
601
602 ctrl = read_wb_reg(reg, i);
603 if (enable)
604 ctrl |= 0x1;
605 else
606 ctrl &= ~0x1;
607 write_wb_reg(reg, i, ctrl);
608 }
609 }
610 NOKPROBE_SYMBOL(toggle_bp_registers);
611
612 /*
613 * Debug exception handlers.
614 */
615 static int breakpoint_handler(unsigned long unused, unsigned int esr,
616 struct pt_regs *regs)
617 {
618 int i, step = 0, *kernel_step;
619 u32 ctrl_reg;
620 u64 addr, val;
621 struct perf_event *bp, **slots;
622 struct debug_info *debug_info;
623 struct arch_hw_breakpoint_ctrl ctrl;
624
625 slots = this_cpu_ptr(bp_on_reg);
626 addr = instruction_pointer(regs);
627 debug_info = &current->thread.debug;
628
629 for (i = 0; i < core_num_brps; ++i) {
630 rcu_read_lock();
631
632 bp = slots[i];
633
634 if (bp == NULL)
635 goto unlock;
636
637 /* Check if the breakpoint value matches. */
638 val = read_wb_reg(AARCH64_DBG_REG_BVR, i);
639 if (val != (addr & ~0x3))
640 goto unlock;
641
642 /* Possible match, check the byte address select to confirm. */
643 ctrl_reg = read_wb_reg(AARCH64_DBG_REG_BCR, i);
644 decode_ctrl_reg(ctrl_reg, &ctrl);
645 if (!((1 << (addr & 0x3)) & ctrl.len))
646 goto unlock;
647
648 counter_arch_bp(bp)->trigger = addr;
649 perf_bp_event(bp, regs);
650
651 /* Do we need to handle the stepping? */
652 if (is_default_overflow_handler(bp))
653 step = 1;
654 unlock:
655 rcu_read_unlock();
656 }
657
658 if (!step)
659 return 0;
660
661 if (user_mode(regs)) {
662 debug_info->bps_disabled = 1;
663 toggle_bp_registers(AARCH64_DBG_REG_BCR, DBG_ACTIVE_EL0, 0);
664
665 /* If we're already stepping a watchpoint, just return. */
666 if (debug_info->wps_disabled)
667 return 0;
668
669 if (test_thread_flag(TIF_SINGLESTEP))
670 debug_info->suspended_step = 1;
671 else
672 user_enable_single_step(current);
673 } else {
674 toggle_bp_registers(AARCH64_DBG_REG_BCR, DBG_ACTIVE_EL1, 0);
675 kernel_step = this_cpu_ptr(&stepping_kernel_bp);
676
677 if (*kernel_step != ARM_KERNEL_STEP_NONE)
678 return 0;
679
680 if (kernel_active_single_step()) {
681 *kernel_step = ARM_KERNEL_STEP_SUSPEND;
682 } else {
683 *kernel_step = ARM_KERNEL_STEP_ACTIVE;
684 kernel_enable_single_step(regs);
685 }
686 }
687
688 return 0;
689 }
690 NOKPROBE_SYMBOL(breakpoint_handler);
691
692 /*
693 * Arm64 hardware does not always report a watchpoint hit address that matches
694 * one of the watchpoints set. It can also report an address "near" the
695 * watchpoint if a single instruction access both watched and unwatched
696 * addresses. There is no straight-forward way, short of disassembling the
697 * offending instruction, to map that address back to the watchpoint. This
698 * function computes the distance of the memory access from the watchpoint as a
699 * heuristic for the likelyhood that a given access triggered the watchpoint.
700 *
701 * See Section D2.10.5 "Determining the memory location that caused a Watchpoint
702 * exception" of ARMv8 Architecture Reference Manual for details.
703 *
704 * The function returns the distance of the address from the bytes watched by
705 * the watchpoint. In case of an exact match, it returns 0.
706 */
707 static u64 get_distance_from_watchpoint(unsigned long addr, u64 val,
708 struct arch_hw_breakpoint_ctrl *ctrl)
709 {
710 u64 wp_low, wp_high;
711 u32 lens, lene;
712
713 addr = untagged_addr(addr);
714
715 lens = __ffs(ctrl->len);
716 lene = __fls(ctrl->len);
717
718 wp_low = val + lens;
719 wp_high = val + lene;
720 if (addr < wp_low)
721 return wp_low - addr;
722 else if (addr > wp_high)
723 return addr - wp_high;
724 else
725 return 0;
726 }
727
728 static int watchpoint_handler(unsigned long addr, unsigned int esr,
729 struct pt_regs *regs)
730 {
731 int i, step = 0, *kernel_step, access, closest_match = 0;
732 u64 min_dist = -1, dist;
733 u32 ctrl_reg;
734 u64 val;
735 struct perf_event *wp, **slots;
736 struct debug_info *debug_info;
737 struct arch_hw_breakpoint *info;
738 struct arch_hw_breakpoint_ctrl ctrl;
739
740 slots = this_cpu_ptr(wp_on_reg);
741 debug_info = &current->thread.debug;
742
743 /*
744 * Find all watchpoints that match the reported address. If no exact
745 * match is found. Attribute the hit to the closest watchpoint.
746 */
747 rcu_read_lock();
748 for (i = 0; i < core_num_wrps; ++i) {
749 wp = slots[i];
750 if (wp == NULL)
751 continue;
752
753 /*
754 * Check that the access type matches.
755 * 0 => load, otherwise => store
756 */
757 access = (esr & AARCH64_ESR_ACCESS_MASK) ? HW_BREAKPOINT_W :
758 HW_BREAKPOINT_R;
759 if (!(access & hw_breakpoint_type(wp)))
760 continue;
761
762 /* Check if the watchpoint value and byte select match. */
763 val = read_wb_reg(AARCH64_DBG_REG_WVR, i);
764 ctrl_reg = read_wb_reg(AARCH64_DBG_REG_WCR, i);
765 decode_ctrl_reg(ctrl_reg, &ctrl);
766 dist = get_distance_from_watchpoint(addr, val, &ctrl);
767 if (dist < min_dist) {
768 min_dist = dist;
769 closest_match = i;
770 }
771 /* Is this an exact match? */
772 if (dist != 0)
773 continue;
774
775 info = counter_arch_bp(wp);
776 info->trigger = addr;
777 perf_bp_event(wp, regs);
778
779 /* Do we need to handle the stepping? */
780 if (is_default_overflow_handler(wp))
781 step = 1;
782 }
783 if (min_dist > 0 && min_dist != -1) {
784 /* No exact match found. */
785 wp = slots[closest_match];
786 info = counter_arch_bp(wp);
787 info->trigger = addr;
788 perf_bp_event(wp, regs);
789
790 /* Do we need to handle the stepping? */
791 if (is_default_overflow_handler(wp))
792 step = 1;
793 }
794 rcu_read_unlock();
795
796 if (!step)
797 return 0;
798
799 /*
800 * We always disable EL0 watchpoints because the kernel can
801 * cause these to fire via an unprivileged access.
802 */
803 toggle_bp_registers(AARCH64_DBG_REG_WCR, DBG_ACTIVE_EL0, 0);
804
805 if (user_mode(regs)) {
806 debug_info->wps_disabled = 1;
807
808 /* If we're already stepping a breakpoint, just return. */
809 if (debug_info->bps_disabled)
810 return 0;
811
812 if (test_thread_flag(TIF_SINGLESTEP))
813 debug_info->suspended_step = 1;
814 else
815 user_enable_single_step(current);
816 } else {
817 toggle_bp_registers(AARCH64_DBG_REG_WCR, DBG_ACTIVE_EL1, 0);
818 kernel_step = this_cpu_ptr(&stepping_kernel_bp);
819
820 if (*kernel_step != ARM_KERNEL_STEP_NONE)
821 return 0;
822
823 if (kernel_active_single_step()) {
824 *kernel_step = ARM_KERNEL_STEP_SUSPEND;
825 } else {
826 *kernel_step = ARM_KERNEL_STEP_ACTIVE;
827 kernel_enable_single_step(regs);
828 }
829 }
830
831 return 0;
832 }
833 NOKPROBE_SYMBOL(watchpoint_handler);
834
835 /*
836 * Handle single-step exception.
837 */
838 int reinstall_suspended_bps(struct pt_regs *regs)
839 {
840 struct debug_info *debug_info = &current->thread.debug;
841 int handled_exception = 0, *kernel_step;
842
843 kernel_step = this_cpu_ptr(&stepping_kernel_bp);
844
845 /*
846 * Called from single-step exception handler.
847 * Return 0 if execution can resume, 1 if a SIGTRAP should be
848 * reported.
849 */
850 if (user_mode(regs)) {
851 if (debug_info->bps_disabled) {
852 debug_info->bps_disabled = 0;
853 toggle_bp_registers(AARCH64_DBG_REG_BCR, DBG_ACTIVE_EL0, 1);
854 handled_exception = 1;
855 }
856
857 if (debug_info->wps_disabled) {
858 debug_info->wps_disabled = 0;
859 toggle_bp_registers(AARCH64_DBG_REG_WCR, DBG_ACTIVE_EL0, 1);
860 handled_exception = 1;
861 }
862
863 if (handled_exception) {
864 if (debug_info->suspended_step) {
865 debug_info->suspended_step = 0;
866 /* Allow exception handling to fall-through. */
867 handled_exception = 0;
868 } else {
869 user_disable_single_step(current);
870 }
871 }
872 } else if (*kernel_step != ARM_KERNEL_STEP_NONE) {
873 toggle_bp_registers(AARCH64_DBG_REG_BCR, DBG_ACTIVE_EL1, 1);
874 toggle_bp_registers(AARCH64_DBG_REG_WCR, DBG_ACTIVE_EL1, 1);
875
876 if (!debug_info->wps_disabled)
877 toggle_bp_registers(AARCH64_DBG_REG_WCR, DBG_ACTIVE_EL0, 1);
878
879 if (*kernel_step != ARM_KERNEL_STEP_SUSPEND) {
880 kernel_disable_single_step();
881 handled_exception = 1;
882 } else {
883 handled_exception = 0;
884 }
885
886 *kernel_step = ARM_KERNEL_STEP_NONE;
887 }
888
889 return !handled_exception;
890 }
891 NOKPROBE_SYMBOL(reinstall_suspended_bps);
892
893 /*
894 * Context-switcher for restoring suspended breakpoints.
895 */
896 void hw_breakpoint_thread_switch(struct task_struct *next)
897 {
898 /*
899 * current next
900 * disabled: 0 0 => The usual case, NOTIFY_DONE
901 * 0 1 => Disable the registers
902 * 1 0 => Enable the registers
903 * 1 1 => NOTIFY_DONE. per-task bps will
904 * get taken care of by perf.
905 */
906
907 struct debug_info *current_debug_info, *next_debug_info;
908
909 current_debug_info = &current->thread.debug;
910 next_debug_info = &next->thread.debug;
911
912 /* Update breakpoints. */
913 if (current_debug_info->bps_disabled != next_debug_info->bps_disabled)
914 toggle_bp_registers(AARCH64_DBG_REG_BCR,
915 DBG_ACTIVE_EL0,
916 !next_debug_info->bps_disabled);
917
918 /* Update watchpoints. */
919 if (current_debug_info->wps_disabled != next_debug_info->wps_disabled)
920 toggle_bp_registers(AARCH64_DBG_REG_WCR,
921 DBG_ACTIVE_EL0,
922 !next_debug_info->wps_disabled);
923 }
924
925 /*
926 * CPU initialisation.
927 */
928 static int hw_breakpoint_reset(unsigned int cpu)
929 {
930 int i;
931 struct perf_event **slots;
932 /*
933 * When a CPU goes through cold-boot, it does not have any installed
934 * slot, so it is safe to share the same function for restoring and
935 * resetting breakpoints; when a CPU is hotplugged in, it goes
936 * through the slots, which are all empty, hence it just resets control
937 * and value for debug registers.
938 * When this function is triggered on warm-boot through a CPU PM
939 * notifier some slots might be initialized; if so they are
940 * reprogrammed according to the debug slots content.
941 */
942 for (slots = this_cpu_ptr(bp_on_reg), i = 0; i < core_num_brps; ++i) {
943 if (slots[i]) {
944 hw_breakpoint_control(slots[i], HW_BREAKPOINT_RESTORE);
945 } else {
946 write_wb_reg(AARCH64_DBG_REG_BCR, i, 0UL);
947 write_wb_reg(AARCH64_DBG_REG_BVR, i, 0UL);
948 }
949 }
950
951 for (slots = this_cpu_ptr(wp_on_reg), i = 0; i < core_num_wrps; ++i) {
952 if (slots[i]) {
953 hw_breakpoint_control(slots[i], HW_BREAKPOINT_RESTORE);
954 } else {
955 write_wb_reg(AARCH64_DBG_REG_WCR, i, 0UL);
956 write_wb_reg(AARCH64_DBG_REG_WVR, i, 0UL);
957 }
958 }
959
960 return 0;
961 }
962
963 #ifdef CONFIG_CPU_PM
964 extern void cpu_suspend_set_dbg_restorer(int (*hw_bp_restore)(unsigned int));
965 #else
966 static inline void cpu_suspend_set_dbg_restorer(int (*hw_bp_restore)(unsigned int))
967 {
968 }
969 #endif
970
971 /*
972 * One-time initialisation.
973 */
974 static int __init arch_hw_breakpoint_init(void)
975 {
976 int ret;
977
978 core_num_brps = get_num_brps();
979 core_num_wrps = get_num_wrps();
980
981 pr_info("found %d breakpoint and %d watchpoint registers.\n",
982 core_num_brps, core_num_wrps);
983
984 /* Register debug fault handlers. */
985 hook_debug_fault_code(DBG_ESR_EVT_HWBP, breakpoint_handler, SIGTRAP,
986 TRAP_HWBKPT, "hw-breakpoint handler");
987 hook_debug_fault_code(DBG_ESR_EVT_HWWP, watchpoint_handler, SIGTRAP,
988 TRAP_HWBKPT, "hw-watchpoint handler");
989
990 /*
991 * Reset the breakpoint resources. We assume that a halting
992 * debugger will leave the world in a nice state for us.
993 */
994 ret = cpuhp_setup_state(CPUHP_AP_PERF_ARM_HW_BREAKPOINT_STARTING,
995 "perf/arm64/hw_breakpoint:starting",
996 hw_breakpoint_reset, NULL);
997 if (ret)
998 pr_err("failed to register CPU hotplug notifier: %d\n", ret);
999
1000 /* Register cpu_suspend hw breakpoint restore hook */
1001 cpu_suspend_set_dbg_restorer(hw_breakpoint_reset);
1002
1003 return ret;
1004 }
1005 arch_initcall(arch_hw_breakpoint_init);
1006
1007 void hw_breakpoint_pmu_read(struct perf_event *bp)
1008 {
1009 }
1010
1011 /*
1012 * Dummy function to register with die_notifier.
1013 */
1014 int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
1015 unsigned long val, void *data)
1016 {
1017 return NOTIFY_DONE;
1018 }
Ubuntu Focal Linux kernel mirror