hw_breakpoint.c revision 0017ff42ac37ff6aeb87d0b006c5d32b9a39f5fc 
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License version 2 as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
9 * GNU General Public License for more details.
10 *
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
14 *
15 * Copyright (C) 2009, 2010 ARM Limited
16 *
17 * Author: Will Deacon <will.deacon@arm.com>
18 */
19
20/*
21 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
22 * using the CPU's debug registers.
23 */
24#define pr_fmt(fmt) "hw-breakpoint: " fmt
25
26#include <linux/errno.h>
27#include <linux/hardirq.h>
28#include <linux/perf_event.h>
29#include <linux/hw_breakpoint.h>
30#include <linux/smp.h>
31
32#include <asm/cacheflush.h>
33#include <asm/cputype.h>
34#include <asm/current.h>
35#include <asm/hw_breakpoint.h>
36#include <asm/kdebug.h>
37#include <asm/system.h>
38#include <asm/traps.h>
39
40/* Breakpoint currently in use for each BRP. */
41static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
42
43/* Watchpoint currently in use for each WRP. */
44static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]);
45
46/* Number of BRP/WRP registers on this CPU. */
47static int core_num_brps;
48static int core_num_reserved_brps;
49static int core_num_wrps;
50
51/* Debug architecture version. */
52static u8 debug_arch;
53
54/* Maximum supported watchpoint length. */
55static u8 max_watchpoint_len;
56
57#define READ_WB_REG_CASE(OP2, M, VAL)		\
58	case ((OP2 << 4) + M):			\
59		ARM_DBG_READ(c ## M, OP2, VAL); \
60		break
61
62#define WRITE_WB_REG_CASE(OP2, M, VAL)		\
63	case ((OP2 << 4) + M):			\
64		ARM_DBG_WRITE(c ## M, OP2, VAL);\
65		break
66
67#define GEN_READ_WB_REG_CASES(OP2, VAL)		\
68	READ_WB_REG_CASE(OP2, 0, VAL);		\
69	READ_WB_REG_CASE(OP2, 1, VAL);		\
70	READ_WB_REG_CASE(OP2, 2, VAL);		\
71	READ_WB_REG_CASE(OP2, 3, VAL);		\
72	READ_WB_REG_CASE(OP2, 4, VAL);		\
73	READ_WB_REG_CASE(OP2, 5, VAL);		\
74	READ_WB_REG_CASE(OP2, 6, VAL);		\
75	READ_WB_REG_CASE(OP2, 7, VAL);		\
76	READ_WB_REG_CASE(OP2, 8, VAL);		\
77	READ_WB_REG_CASE(OP2, 9, VAL);		\
78	READ_WB_REG_CASE(OP2, 10, VAL);		\
79	READ_WB_REG_CASE(OP2, 11, VAL);		\
80	READ_WB_REG_CASE(OP2, 12, VAL);		\
81	READ_WB_REG_CASE(OP2, 13, VAL);		\
82	READ_WB_REG_CASE(OP2, 14, VAL);		\
83	READ_WB_REG_CASE(OP2, 15, VAL)
84
85#define GEN_WRITE_WB_REG_CASES(OP2, VAL)	\
86	WRITE_WB_REG_CASE(OP2, 0, VAL);		\
87	WRITE_WB_REG_CASE(OP2, 1, VAL);		\
88	WRITE_WB_REG_CASE(OP2, 2, VAL);		\
89	WRITE_WB_REG_CASE(OP2, 3, VAL);		\
90	WRITE_WB_REG_CASE(OP2, 4, VAL);		\
91	WRITE_WB_REG_CASE(OP2, 5, VAL);		\
92	WRITE_WB_REG_CASE(OP2, 6, VAL);		\
93	WRITE_WB_REG_CASE(OP2, 7, VAL);		\
94	WRITE_WB_REG_CASE(OP2, 8, VAL);		\
95	WRITE_WB_REG_CASE(OP2, 9, VAL);		\
96	WRITE_WB_REG_CASE(OP2, 10, VAL);	\
97	WRITE_WB_REG_CASE(OP2, 11, VAL);	\
98	WRITE_WB_REG_CASE(OP2, 12, VAL);	\
99	WRITE_WB_REG_CASE(OP2, 13, VAL);	\
100	WRITE_WB_REG_CASE(OP2, 14, VAL);	\
101	WRITE_WB_REG_CASE(OP2, 15, VAL)
102
103static u32 read_wb_reg(int n)
104{
105	u32 val = 0;
106
107	switch (n) {
108	GEN_READ_WB_REG_CASES(ARM_OP2_BVR, val);
109	GEN_READ_WB_REG_CASES(ARM_OP2_BCR, val);
110	GEN_READ_WB_REG_CASES(ARM_OP2_WVR, val);
111	GEN_READ_WB_REG_CASES(ARM_OP2_WCR, val);
112	default:
113		pr_warning("attempt to read from unknown breakpoint "
114				"register %d\n", n);
115	}
116
117	return val;
118}
119
120static void write_wb_reg(int n, u32 val)
121{
122	switch (n) {
123	GEN_WRITE_WB_REG_CASES(ARM_OP2_BVR, val);
124	GEN_WRITE_WB_REG_CASES(ARM_OP2_BCR, val);
125	GEN_WRITE_WB_REG_CASES(ARM_OP2_WVR, val);
126	GEN_WRITE_WB_REG_CASES(ARM_OP2_WCR, val);
127	default:
128		pr_warning("attempt to write to unknown breakpoint "
129				"register %d\n", n);
130	}
131	isb();
132}
133
134/* Determine debug architecture. */
135static u8 get_debug_arch(void)
136{
137	u32 didr;
138
139	/* Do we implement the extended CPUID interface? */
140	if (((read_cpuid_id() >> 16) & 0xf) != 0xf) {
141		pr_warning("CPUID feature registers not supported. "
142				"Assuming v6 debug is present.\n");
143		return ARM_DEBUG_ARCH_V6;
144	}
145
146	ARM_DBG_READ(c0, 0, didr);
147	return (didr >> 16) & 0xf;
148}
149
150u8 arch_get_debug_arch(void)
151{
152	return debug_arch;
153}
154
155/* Determine number of BRP register available. */
156static int get_num_brp_resources(void)
157{
158	u32 didr;
159	ARM_DBG_READ(c0, 0, didr);
160	return ((didr >> 24) & 0xf) + 1;
161}
162
163/* Does this core support mismatch breakpoints? */
164static int core_has_mismatch_brps(void)
165{
166	return (get_debug_arch() >= ARM_DEBUG_ARCH_V7_ECP14 &&
167		get_num_brp_resources() > 1);
168}
169
170/* Determine number of usable WRPs available. */
171static int get_num_wrps(void)
172{
173	/*
174	 * FIXME: When a watchpoint fires, the only way to work out which
175	 * watchpoint it was is by disassembling the faulting instruction
176	 * and working out the address of the memory access.
177	 *
178	 * Furthermore, we can only do this if the watchpoint was precise
179	 * since imprecise watchpoints prevent us from calculating register
180	 * based addresses.
181	 *
182	 * Providing we have more than 1 breakpoint register, we only report
183	 * a single watchpoint register for the time being. This way, we always
184	 * know which watchpoint fired. In the future we can either add a
185	 * disassembler and address generation emulator, or we can insert a
186	 * check to see if the DFAR is set on watchpoint exception entry
187	 * [the ARM ARM states that the DFAR is UNKNOWN, but experience shows
188	 * that it is set on some implementations].
189	 */
190
191#if 0
192	int wrps;
193	u32 didr;
194	ARM_DBG_READ(c0, 0, didr);
195	wrps = ((didr >> 28) & 0xf) + 1;
196#endif
197	int wrps = 1;
198
199	if (core_has_mismatch_brps() && wrps >= get_num_brp_resources())
200		wrps = get_num_brp_resources() - 1;
201
202	return wrps;
203}
204
205/* We reserve one breakpoint for each watchpoint. */
206static int get_num_reserved_brps(void)
207{
208	if (core_has_mismatch_brps())
209		return get_num_wrps();
210	return 0;
211}
212
213/* Determine number of usable BRPs available. */
214static int get_num_brps(void)
215{
216	int brps = get_num_brp_resources();
217	if (core_has_mismatch_brps())
218		brps -= get_num_reserved_brps();
219	return brps;
220}
221
222int hw_breakpoint_slots(int type)
223{
224	/*
225	 * We can be called early, so don't rely on
226	 * our static variables being initialised.
227	 */
228	switch (type) {
229	case TYPE_INST:
230		return get_num_brps();
231	case TYPE_DATA:
232		return get_num_wrps();
233	default:
234		pr_warning("unknown slot type: %d\n", type);
235		return 0;
236	}
237}
238
239/*
240 * In order to access the breakpoint/watchpoint control registers,
241 * we must be running in debug monitor mode. Unfortunately, we can
242 * be put into halting debug mode at any time by an external debugger
243 * but there is nothing we can do to prevent that.
244 */
245static int enable_monitor_mode(void)
246{
247	u32 dscr;
248	int ret = 0;
249
250	ARM_DBG_READ(c1, 0, dscr);
251
252	/* Ensure that halting mode is disabled. */
253	if (WARN_ONCE(dscr & ARM_DSCR_HDBGEN, "halting debug mode enabled."
254				"Unable to access hardware resources.")) {
255		ret = -EPERM;
256		goto out;
257	}
258
259	/* Write to the corresponding DSCR. */
260	switch (debug_arch) {
261	case ARM_DEBUG_ARCH_V6:
262	case ARM_DEBUG_ARCH_V6_1:
263		ARM_DBG_WRITE(c1, 0, (dscr | ARM_DSCR_MDBGEN));
264		break;
265	case ARM_DEBUG_ARCH_V7_ECP14:
266		ARM_DBG_WRITE(c2, 2, (dscr | ARM_DSCR_MDBGEN));
267		break;
268	default:
269		ret = -ENODEV;
270		goto out;
271	}
272
273	/* Check that the write made it through. */
274	ARM_DBG_READ(c1, 0, dscr);
275	if (WARN_ONCE(!(dscr & ARM_DSCR_MDBGEN),
276				"failed to enable monitor mode.")) {
277		ret = -EPERM;
278	}
279
280out:
281	return ret;
282}
283
284/*
285 * Check if 8-bit byte-address select is available.
286 * This clobbers WRP 0.
287 */
288static u8 get_max_wp_len(void)
289{
290	u32 ctrl_reg;
291	struct arch_hw_breakpoint_ctrl ctrl;
292	u8 size = 4;
293
294	if (debug_arch < ARM_DEBUG_ARCH_V7_ECP14)
295		goto out;
296
297	if (enable_monitor_mode())
298		goto out;
299
300	memset(&ctrl, 0, sizeof(ctrl));
301	ctrl.len = ARM_BREAKPOINT_LEN_8;
302	ctrl_reg = encode_ctrl_reg(ctrl);
303
304	write_wb_reg(ARM_BASE_WVR, 0);
305	write_wb_reg(ARM_BASE_WCR, ctrl_reg);
306	if ((read_wb_reg(ARM_BASE_WCR) & ctrl_reg) == ctrl_reg)
307		size = 8;
308
309out:
310	return size;
311}
312
313u8 arch_get_max_wp_len(void)
314{
315	return max_watchpoint_len;
316}
317
318/*
319 * Handler for reactivating a suspended watchpoint when the single
320 * step `mismatch' breakpoint is triggered.
321 */
322static void wp_single_step_handler(struct perf_event *bp, int unused,
323				   struct perf_sample_data *data,
324				   struct pt_regs *regs)
325{
326	perf_event_enable(counter_arch_bp(bp)->suspended_wp);
327	unregister_hw_breakpoint(bp);
328}
329
330static int bp_is_single_step(struct perf_event *bp)
331{
332	return bp->overflow_handler == wp_single_step_handler;
333}
334
335/*
336 * Install a perf counter breakpoint.
337 */
338int arch_install_hw_breakpoint(struct perf_event *bp)
339{
340	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
341	struct perf_event **slot, **slots;
342	int i, max_slots, ctrl_base, val_base, ret = 0;
343
344	/* Ensure that we are in monitor mode and halting mode is disabled. */
345	ret = enable_monitor_mode();
346	if (ret)
347		goto out;
348
349	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
350		/* Breakpoint */
351		ctrl_base = ARM_BASE_BCR;
352		val_base = ARM_BASE_BVR;
353		slots = __get_cpu_var(bp_on_reg);
354		max_slots = core_num_brps;
355
356		if (bp_is_single_step(bp)) {
357			info->ctrl.mismatch = 1;
358			i = max_slots;
359			slots[i] = bp;
360			goto setup;
361		}
362	} else {
363		/* Watchpoint */
364		ctrl_base = ARM_BASE_WCR;
365		val_base = ARM_BASE_WVR;
366		slots = __get_cpu_var(wp_on_reg);
367		max_slots = core_num_wrps;
368	}
369
370	for (i = 0; i < max_slots; ++i) {
371		slot = &slots[i];
372
373		if (!*slot) {
374			*slot = bp;
375			break;
376		}
377	}
378
379	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot")) {
380		ret = -EBUSY;
381		goto out;
382	}
383
384setup:
385	/* Setup the address register. */
386	write_wb_reg(val_base + i, info->address);
387
388	/* Setup the control register. */
389	write_wb_reg(ctrl_base + i, encode_ctrl_reg(info->ctrl) | 0x1);
390
391out:
392	return ret;
393}
394
395void arch_uninstall_hw_breakpoint(struct perf_event *bp)
396{
397	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
398	struct perf_event **slot, **slots;
399	int i, max_slots, base;
400
401	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
402		/* Breakpoint */
403		base = ARM_BASE_BCR;
404		slots = __get_cpu_var(bp_on_reg);
405		max_slots = core_num_brps;
406
407		if (bp_is_single_step(bp)) {
408			i = max_slots;
409			slots[i] = NULL;
410			goto reset;
411		}
412	} else {
413		/* Watchpoint */
414		base = ARM_BASE_WCR;
415		slots = __get_cpu_var(wp_on_reg);
416		max_slots = core_num_wrps;
417	}
418
419	/* Remove the breakpoint. */
420	for (i = 0; i < max_slots; ++i) {
421		slot = &slots[i];
422
423		if (*slot == bp) {
424			*slot = NULL;
425			break;
426		}
427	}
428
429	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot"))
430		return;
431
432reset:
433	/* Reset the control register. */
434	write_wb_reg(base + i, 0);
435}
436
437static int get_hbp_len(u8 hbp_len)
438{
439	unsigned int len_in_bytes = 0;
440
441	switch (hbp_len) {
442	case ARM_BREAKPOINT_LEN_1:
443		len_in_bytes = 1;
444		break;
445	case ARM_BREAKPOINT_LEN_2:
446		len_in_bytes = 2;
447		break;
448	case ARM_BREAKPOINT_LEN_4:
449		len_in_bytes = 4;
450		break;
451	case ARM_BREAKPOINT_LEN_8:
452		len_in_bytes = 8;
453		break;
454	}
455
456	return len_in_bytes;
457}
458
459/*
460 * Check whether bp virtual address is in kernel space.
461 */
462int arch_check_bp_in_kernelspace(struct perf_event *bp)
463{
464	unsigned int len;
465	unsigned long va;
466	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
467
468	va = info->address;
469	len = get_hbp_len(info->ctrl.len);
470
471	return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
472}
473
474/*
475 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl.
476 * Hopefully this will disappear when ptrace can bypass the conversion
477 * to generic breakpoint descriptions.
478 */
479int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl,
480			   int *gen_len, int *gen_type)
481{
482	/* Type */
483	switch (ctrl.type) {
484	case ARM_BREAKPOINT_EXECUTE:
485		*gen_type = HW_BREAKPOINT_X;
486		break;
487	case ARM_BREAKPOINT_LOAD:
488		*gen_type = HW_BREAKPOINT_R;
489		break;
490	case ARM_BREAKPOINT_STORE:
491		*gen_type = HW_BREAKPOINT_W;
492		break;
493	case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE:
494		*gen_type = HW_BREAKPOINT_RW;
495		break;
496	default:
497		return -EINVAL;
498	}
499
500	/* Len */
501	switch (ctrl.len) {
502	case ARM_BREAKPOINT_LEN_1:
503		*gen_len = HW_BREAKPOINT_LEN_1;
504		break;
505	case ARM_BREAKPOINT_LEN_2:
506		*gen_len = HW_BREAKPOINT_LEN_2;
507		break;
508	case ARM_BREAKPOINT_LEN_4:
509		*gen_len = HW_BREAKPOINT_LEN_4;
510		break;
511	case ARM_BREAKPOINT_LEN_8:
512		*gen_len = HW_BREAKPOINT_LEN_8;
513		break;
514	default:
515		return -EINVAL;
516	}
517
518	return 0;
519}
520
521/*
522 * Construct an arch_hw_breakpoint from a perf_event.
523 */
524static int arch_build_bp_info(struct perf_event *bp)
525{
526	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
527
528	/* Type */
529	switch (bp->attr.bp_type) {
530	case HW_BREAKPOINT_X:
531		info->ctrl.type = ARM_BREAKPOINT_EXECUTE;
532		break;
533	case HW_BREAKPOINT_R:
534		info->ctrl.type = ARM_BREAKPOINT_LOAD;
535		break;
536	case HW_BREAKPOINT_W:
537		info->ctrl.type = ARM_BREAKPOINT_STORE;
538		break;
539	case HW_BREAKPOINT_RW:
540		info->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE;
541		break;
542	default:
543		return -EINVAL;
544	}
545
546	/* Len */
547	switch (bp->attr.bp_len) {
548	case HW_BREAKPOINT_LEN_1:
549		info->ctrl.len = ARM_BREAKPOINT_LEN_1;
550		break;
551	case HW_BREAKPOINT_LEN_2:
552		info->ctrl.len = ARM_BREAKPOINT_LEN_2;
553		break;
554	case HW_BREAKPOINT_LEN_4:
555		info->ctrl.len = ARM_BREAKPOINT_LEN_4;
556		break;
557	case HW_BREAKPOINT_LEN_8:
558		info->ctrl.len = ARM_BREAKPOINT_LEN_8;
559		if ((info->ctrl.type != ARM_BREAKPOINT_EXECUTE)
560			&& max_watchpoint_len >= 8)
561			break;
562	default:
563		return -EINVAL;
564	}
565
566	/*
567	 * Breakpoints must be of length 2 (thumb) or 4 (ARM) bytes.
568	 * Watchpoints can be of length 1, 2, 4 or 8 bytes if supported
569	 * by the hardware and must be aligned to the appropriate number of
570	 * bytes.
571	 */
572	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE &&
573	    info->ctrl.len != ARM_BREAKPOINT_LEN_2 &&
574	    info->ctrl.len != ARM_BREAKPOINT_LEN_4)
575		return -EINVAL;
576
577	/* Address */
578	info->address = bp->attr.bp_addr;
579
580	/* Privilege */
581	info->ctrl.privilege = ARM_BREAKPOINT_USER;
582	if (arch_check_bp_in_kernelspace(bp) && !bp_is_single_step(bp))
583		info->ctrl.privilege |= ARM_BREAKPOINT_PRIV;
584
585	/* Enabled? */
586	info->ctrl.enabled = !bp->attr.disabled;
587
588	/* Mismatch */
589	info->ctrl.mismatch = 0;
590
591	return 0;
592}
593
594/*
595 * Validate the arch-specific HW Breakpoint register settings.
596 */
597int arch_validate_hwbkpt_settings(struct perf_event *bp)
598{
599	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
600	int ret = 0;
601	u32 offset, alignment_mask = 0x3;
602
603	/* Build the arch_hw_breakpoint. */
604	ret = arch_build_bp_info(bp);
605	if (ret)
606		goto out;
607
608	/* Check address alignment. */
609	if (info->ctrl.len == ARM_BREAKPOINT_LEN_8)
610		alignment_mask = 0x7;
611	offset = info->address & alignment_mask;
612	switch (offset) {
613	case 0:
614		/* Aligned */
615		break;
616	case 1:
617		/* Allow single byte watchpoint. */
618		if (info->ctrl.len == ARM_BREAKPOINT_LEN_1)
619			break;
620	case 2:
621		/* Allow halfword watchpoints and breakpoints. */
622		if (info->ctrl.len == ARM_BREAKPOINT_LEN_2)
623			break;
624	default:
625		ret = -EINVAL;
626		goto out;
627	}
628
629	info->address &= ~alignment_mask;
630	info->ctrl.len <<= offset;
631
632	/*
633	 * Currently we rely on an overflow handler to take
634	 * care of single-stepping the breakpoint when it fires.
635	 * In the case of userspace breakpoints on a core with V7 debug,
636	 * we can use the mismatch feature as a poor-man's hardware single-step.
637	 */
638	if (WARN_ONCE(!bp->overflow_handler &&
639		(arch_check_bp_in_kernelspace(bp) || !core_has_mismatch_brps()),
640			"overflow handler required but none found")) {
641		ret = -EINVAL;
642	}
643out:
644	return ret;
645}
646
647static void update_mismatch_flag(int idx, int flag)
648{
649	struct perf_event *bp = __get_cpu_var(bp_on_reg[idx]);
650	struct arch_hw_breakpoint *info;
651
652	if (bp == NULL)
653		return;
654
655	info = counter_arch_bp(bp);
656
657	/* Update the mismatch field to enter/exit `single-step' mode */
658	if (!bp->overflow_handler && info->ctrl.mismatch != flag) {
659		info->ctrl.mismatch = flag;
660		write_wb_reg(ARM_BASE_BCR + idx, encode_ctrl_reg(info->ctrl) | 0x1);
661	}
662}
663
664static void watchpoint_handler(unsigned long unknown, struct pt_regs *regs)
665{
666	int i;
667	struct perf_event *bp, **slots = __get_cpu_var(wp_on_reg);
668	struct arch_hw_breakpoint *info;
669	struct perf_event_attr attr;
670
671	/* Without a disassembler, we can only handle 1 watchpoint. */
672	BUG_ON(core_num_wrps > 1);
673
674	hw_breakpoint_init(&attr);
675	attr.bp_addr	= regs->ARM_pc & ~0x3;
676	attr.bp_len	= HW_BREAKPOINT_LEN_4;
677	attr.bp_type	= HW_BREAKPOINT_X;
678
679	for (i = 0; i < core_num_wrps; ++i) {
680		rcu_read_lock();
681
682		if (slots[i] == NULL) {
683			rcu_read_unlock();
684			continue;
685		}
686
687		/*
688		 * The DFAR is an unknown value. Since we only allow a
689		 * single watchpoint, we can set the trigger to the lowest
690		 * possible faulting address.
691		 */
692		info = counter_arch_bp(slots[i]);
693		info->trigger = slots[i]->attr.bp_addr;
694		pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
695		perf_bp_event(slots[i], regs);
696
697		/*
698		 * If no overflow handler is present, insert a temporary
699		 * mismatch breakpoint so we can single-step over the
700		 * watchpoint trigger.
701		 */
702		if (!slots[i]->overflow_handler) {
703			bp = register_user_hw_breakpoint(&attr,
704							 wp_single_step_handler,
705							 current);
706			counter_arch_bp(bp)->suspended_wp = slots[i];
707			perf_event_disable(slots[i]);
708		}
709
710		rcu_read_unlock();
711	}
712}
713
714static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
715{
716	int i;
717	int mismatch;
718	u32 ctrl_reg, val, addr;
719	struct perf_event *bp, **slots = __get_cpu_var(bp_on_reg);
720	struct arch_hw_breakpoint *info;
721	struct arch_hw_breakpoint_ctrl ctrl;
722
723	/* The exception entry code places the amended lr in the PC. */
724	addr = regs->ARM_pc;
725
726	for (i = 0; i < core_num_brps + core_num_reserved_brps; ++i) {
727		rcu_read_lock();
728
729		bp = slots[i];
730
731		if (bp == NULL) {
732			rcu_read_unlock();
733			continue;
734		}
735
736		mismatch = 0;
737
738		/* Check if the breakpoint value matches. */
739		val = read_wb_reg(ARM_BASE_BVR + i);
740		if (val != (addr & ~0x3))
741			goto unlock;
742
743		/* Possible match, check the byte address select to confirm. */
744		ctrl_reg = read_wb_reg(ARM_BASE_BCR + i);
745		decode_ctrl_reg(ctrl_reg, &ctrl);
746		if ((1 << (addr & 0x3)) & ctrl.len) {
747			mismatch = 1;
748			info = counter_arch_bp(bp);
749			info->trigger = addr;
750		}
751
752unlock:
753		if ((mismatch && !info->ctrl.mismatch) || bp_is_single_step(bp)) {
754			pr_debug("breakpoint fired: address = 0x%x\n", addr);
755			perf_bp_event(bp, regs);
756		}
757
758		update_mismatch_flag(i, mismatch);
759		rcu_read_unlock();
760	}
761}
762
763/*
764 * Called from either the Data Abort Handler [watchpoint] or the
765 * Prefetch Abort Handler [breakpoint] with preemption disabled.
766 */
767static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr,
768				 struct pt_regs *regs)
769{
770	int ret = 0;
771	u32 dscr;
772
773	/* We must be called with preemption disabled. */
774	WARN_ON(preemptible());
775
776	/* We only handle watchpoints and hardware breakpoints. */
777	ARM_DBG_READ(c1, 0, dscr);
778
779	/* Perform perf callbacks. */
780	switch (ARM_DSCR_MOE(dscr)) {
781	case ARM_ENTRY_BREAKPOINT:
782		breakpoint_handler(addr, regs);
783		break;
784	case ARM_ENTRY_ASYNC_WATCHPOINT:
785		WARN(1, "Asynchronous watchpoint exception taken. Debugging results may be unreliable\n");
786	case ARM_ENTRY_SYNC_WATCHPOINT:
787		watchpoint_handler(addr, regs);
788		break;
789	default:
790		ret = 1; /* Unhandled fault. */
791	}
792
793	/*
794	 * Re-enable preemption after it was disabled in the
795	 * low-level exception handling code.
796	 */
797	preempt_enable();
798
799	return ret;
800}
801
802/*
803 * One-time initialisation.
804 */
805static void reset_ctrl_regs(void *unused)
806{
807	int i;
808
809	/*
810	 * v7 debug contains save and restore registers so that debug state
811	 * can be maintained across low-power modes without leaving
812	 * the debug logic powered up. It is IMPLEMENTATION DEFINED whether
813	 * we can write to the debug registers out of reset, so we must
814	 * unlock the OS Lock Access Register to avoid taking undefined
815	 * instruction exceptions later on.
816	 */
817	if (debug_arch >= ARM_DEBUG_ARCH_V7_ECP14) {
818		/*
819		 * Unconditionally clear the lock by writing a value
820		 * other than 0xC5ACCE55 to the access register.
821		 */
822		asm volatile("mcr p14, 0, %0, c1, c0, 4" : : "r" (0));
823		isb();
824	}
825
826	if (enable_monitor_mode())
827		return;
828
829	/* We must also reset any reserved registers. */
830	for (i = 0; i < core_num_brps + core_num_reserved_brps; ++i) {
831		write_wb_reg(ARM_BASE_BCR + i, 0UL);
832		write_wb_reg(ARM_BASE_BVR + i, 0UL);
833	}
834
835	for (i = 0; i < core_num_wrps; ++i) {
836		write_wb_reg(ARM_BASE_WCR + i, 0UL);
837		write_wb_reg(ARM_BASE_WVR + i, 0UL);
838	}
839}
840
841static int __cpuinit dbg_reset_notify(struct notifier_block *self,
842				      unsigned long action, void *cpu)
843{
844	if (action == CPU_ONLINE)
845		smp_call_function_single((int)cpu, reset_ctrl_regs, NULL, 1);
846	return NOTIFY_OK;
847}
848
849static struct notifier_block __cpuinitdata dbg_reset_nb = {
850	.notifier_call = dbg_reset_notify,
851};
852
853static int __init arch_hw_breakpoint_init(void)
854{
855	int ret = 0;
856	u32 dscr;
857
858	debug_arch = get_debug_arch();
859
860	if (debug_arch > ARM_DEBUG_ARCH_V7_ECP14) {
861		pr_info("debug architecture 0x%x unsupported.\n", debug_arch);
862		ret = -ENODEV;
863		goto out;
864	}
865
866	/* Determine how many BRPs/WRPs are available. */
867	core_num_brps = get_num_brps();
868	core_num_reserved_brps = get_num_reserved_brps();
869	core_num_wrps = get_num_wrps();
870
871	pr_info("found %d breakpoint and %d watchpoint registers.\n",
872		core_num_brps + core_num_reserved_brps, core_num_wrps);
873
874	if (core_num_reserved_brps)
875		pr_info("%d breakpoint(s) reserved for watchpoint "
876				"single-step.\n", core_num_reserved_brps);
877
878	ARM_DBG_READ(c1, 0, dscr);
879	if (dscr & ARM_DSCR_HDBGEN) {
880		pr_warning("halting debug mode enabled. Assuming maximum "
881				"watchpoint size of 4 bytes.");
882	} else {
883		/*
884		 * Reset the breakpoint resources. We assume that a halting
885		 * debugger will leave the world in a nice state for us.
886		 */
887		smp_call_function(reset_ctrl_regs, NULL, 1);
888		reset_ctrl_regs(NULL);
889
890		/* Work out the maximum supported watchpoint length. */
891		max_watchpoint_len = get_max_wp_len();
892		pr_info("maximum watchpoint size is %u bytes.\n",
893				max_watchpoint_len);
894	}
895
896	/* Register debug fault handler. */
897	hook_fault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
898			"watchpoint debug exception");
899	hook_ifault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
900			"breakpoint debug exception");
901
902	/* Register hotplug notifier. */
903	register_cpu_notifier(&dbg_reset_nb);
904out:
905	return ret;
906}
907arch_initcall(arch_hw_breakpoint_init);
908
909void hw_breakpoint_pmu_read(struct perf_event *bp)
910{
911}
912
913/*
914 * Dummy function to register with die_notifier.
915 */
916int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
917					unsigned long val, void *data)
918{
919	return NOTIFY_DONE;
920}
921