hw_breakpoint.c revision 7e20269647169e7ea08a62bdc4979a3ba32e615c 
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License version 2 as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
9 * GNU General Public License for more details.
10 *
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
14 *
15 * Copyright (C) 2009, 2010 ARM Limited
16 *
17 * Author: Will Deacon <will.deacon@arm.com>
18 */
19
20/*
21 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
22 * using the CPU's debug registers.
23 */
24#define pr_fmt(fmt) "hw-breakpoint: " fmt
25
26#include <linux/errno.h>
27#include <linux/hardirq.h>
28#include <linux/perf_event.h>
29#include <linux/hw_breakpoint.h>
30#include <linux/smp.h>
31
32#include <asm/cacheflush.h>
33#include <asm/cputype.h>
34#include <asm/current.h>
35#include <asm/hw_breakpoint.h>
36#include <asm/kdebug.h>
37#include <asm/system.h>
38#include <asm/traps.h>
39
40/* Breakpoint currently in use for each BRP. */
41static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
42
43/* Watchpoint currently in use for each WRP. */
44static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]);
45
46/* Number of BRP/WRP registers on this CPU. */
47static int core_num_brps;
48static int core_num_wrps;
49
50/* Debug architecture version. */
51static u8 debug_arch;
52
53/* Maximum supported watchpoint length. */
54static u8 max_watchpoint_len;
55
56/* Determine number of BRP registers available. */
57static int get_num_brps(void)
58{
59	u32 didr;
60	ARM_DBG_READ(c0, 0, didr);
61	return ((didr >> 24) & 0xf) + 1;
62}
63
64/* Determine number of WRP registers available. */
65static int get_num_wrps(void)
66{
67	/*
68	 * FIXME: When a watchpoint fires, the only way to work out which
69	 * watchpoint it was is by disassembling the faulting instruction
70	 * and working out the address of the memory access.
71	 *
72	 * Furthermore, we can only do this if the watchpoint was precise
73	 * since imprecise watchpoints prevent us from calculating register
74	 * based addresses.
75	 *
76	 * For the time being, we only report 1 watchpoint register so we
77	 * always know which watchpoint fired. In the future we can either
78	 * add a disassembler and address generation emulator, or we can
79	 * insert a check to see if the DFAR is set on watchpoint exception
80	 * entry [the ARM ARM states that the DFAR is UNKNOWN, but
81	 * experience shows that it is set on some implementations].
82	 */
83
84#if 0
85	u32 didr, wrps;
86	ARM_DBG_READ(c0, 0, didr);
87	return ((didr >> 28) & 0xf) + 1;
88#endif
89
90	return 1;
91}
92
93int hw_breakpoint_slots(int type)
94{
95	/*
96	 * We can be called early, so don't rely on
97	 * our static variables being initialised.
98	 */
99	switch (type) {
100	case TYPE_INST:
101		return get_num_brps();
102	case TYPE_DATA:
103		return get_num_wrps();
104	default:
105		pr_warning("unknown slot type: %d\n", type);
106		return 0;
107	}
108}
109
110/* Determine debug architecture. */
111static u8 get_debug_arch(void)
112{
113	u32 didr;
114
115	/* Do we implement the extended CPUID interface? */
116	if (((read_cpuid_id() >> 16) & 0xf) != 0xf) {
117		pr_warning("CPUID feature registers not supported. "
118				"Assuming v6 debug is present.\n");
119		return ARM_DEBUG_ARCH_V6;
120	}
121
122	ARM_DBG_READ(c0, 0, didr);
123	return (didr >> 16) & 0xf;
124}
125
126/* Does this core support mismatch breakpoints? */
127static int core_has_mismatch_bps(void)
128{
129	return debug_arch >= ARM_DEBUG_ARCH_V7_ECP14 && core_num_brps > 1;
130}
131
132u8 arch_get_debug_arch(void)
133{
134	return debug_arch;
135}
136
137#define READ_WB_REG_CASE(OP2, M, VAL)		\
138	case ((OP2 << 4) + M):			\
139		ARM_DBG_READ(c ## M, OP2, VAL); \
140		break
141
142#define WRITE_WB_REG_CASE(OP2, M, VAL)		\
143	case ((OP2 << 4) + M):			\
144		ARM_DBG_WRITE(c ## M, OP2, VAL);\
145		break
146
147#define GEN_READ_WB_REG_CASES(OP2, VAL)		\
148	READ_WB_REG_CASE(OP2, 0, VAL);		\
149	READ_WB_REG_CASE(OP2, 1, VAL);		\
150	READ_WB_REG_CASE(OP2, 2, VAL);		\
151	READ_WB_REG_CASE(OP2, 3, VAL);		\
152	READ_WB_REG_CASE(OP2, 4, VAL);		\
153	READ_WB_REG_CASE(OP2, 5, VAL);		\
154	READ_WB_REG_CASE(OP2, 6, VAL);		\
155	READ_WB_REG_CASE(OP2, 7, VAL);		\
156	READ_WB_REG_CASE(OP2, 8, VAL);		\
157	READ_WB_REG_CASE(OP2, 9, VAL);		\
158	READ_WB_REG_CASE(OP2, 10, VAL);		\
159	READ_WB_REG_CASE(OP2, 11, VAL);		\
160	READ_WB_REG_CASE(OP2, 12, VAL);		\
161	READ_WB_REG_CASE(OP2, 13, VAL);		\
162	READ_WB_REG_CASE(OP2, 14, VAL);		\
163	READ_WB_REG_CASE(OP2, 15, VAL)
164
165#define GEN_WRITE_WB_REG_CASES(OP2, VAL)	\
166	WRITE_WB_REG_CASE(OP2, 0, VAL);		\
167	WRITE_WB_REG_CASE(OP2, 1, VAL);		\
168	WRITE_WB_REG_CASE(OP2, 2, VAL);		\
169	WRITE_WB_REG_CASE(OP2, 3, VAL);		\
170	WRITE_WB_REG_CASE(OP2, 4, VAL);		\
171	WRITE_WB_REG_CASE(OP2, 5, VAL);		\
172	WRITE_WB_REG_CASE(OP2, 6, VAL);		\
173	WRITE_WB_REG_CASE(OP2, 7, VAL);		\
174	WRITE_WB_REG_CASE(OP2, 8, VAL);		\
175	WRITE_WB_REG_CASE(OP2, 9, VAL);		\
176	WRITE_WB_REG_CASE(OP2, 10, VAL);	\
177	WRITE_WB_REG_CASE(OP2, 11, VAL);	\
178	WRITE_WB_REG_CASE(OP2, 12, VAL);	\
179	WRITE_WB_REG_CASE(OP2, 13, VAL);	\
180	WRITE_WB_REG_CASE(OP2, 14, VAL);	\
181	WRITE_WB_REG_CASE(OP2, 15, VAL)
182
183static u32 read_wb_reg(int n)
184{
185	u32 val = 0;
186
187	switch (n) {
188	GEN_READ_WB_REG_CASES(ARM_OP2_BVR, val);
189	GEN_READ_WB_REG_CASES(ARM_OP2_BCR, val);
190	GEN_READ_WB_REG_CASES(ARM_OP2_WVR, val);
191	GEN_READ_WB_REG_CASES(ARM_OP2_WCR, val);
192	default:
193		pr_warning("attempt to read from unknown breakpoint "
194				"register %d\n", n);
195	}
196
197	return val;
198}
199
200static void write_wb_reg(int n, u32 val)
201{
202	switch (n) {
203	GEN_WRITE_WB_REG_CASES(ARM_OP2_BVR, val);
204	GEN_WRITE_WB_REG_CASES(ARM_OP2_BCR, val);
205	GEN_WRITE_WB_REG_CASES(ARM_OP2_WVR, val);
206	GEN_WRITE_WB_REG_CASES(ARM_OP2_WCR, val);
207	default:
208		pr_warning("attempt to write to unknown breakpoint "
209				"register %d\n", n);
210	}
211	isb();
212}
213
214/*
215 * In order to access the breakpoint/watchpoint control registers,
216 * we must be running in debug monitor mode. Unfortunately, we can
217 * be put into halting debug mode at any time by an external debugger
218 * but there is nothing we can do to prevent that.
219 */
220static int enable_monitor_mode(void)
221{
222	u32 dscr;
223	int ret = 0;
224
225	ARM_DBG_READ(c1, 0, dscr);
226
227	/* Ensure that halting mode is disabled. */
228	if (WARN_ONCE(dscr & ARM_DSCR_HDBGEN, "halting debug mode enabled."
229				"Unable to access hardware resources.")) {
230		ret = -EPERM;
231		goto out;
232	}
233
234	/* Write to the corresponding DSCR. */
235	switch (debug_arch) {
236	case ARM_DEBUG_ARCH_V6:
237	case ARM_DEBUG_ARCH_V6_1:
238		ARM_DBG_WRITE(c1, 0, (dscr | ARM_DSCR_MDBGEN));
239		break;
240	case ARM_DEBUG_ARCH_V7_ECP14:
241		ARM_DBG_WRITE(c2, 2, (dscr | ARM_DSCR_MDBGEN));
242		break;
243	default:
244		ret = -ENODEV;
245		goto out;
246	}
247
248	/* Check that the write made it through. */
249	ARM_DBG_READ(c1, 0, dscr);
250	if (WARN_ONCE(!(dscr & ARM_DSCR_MDBGEN),
251				"failed to enable monitor mode.")) {
252		ret = -EPERM;
253	}
254
255out:
256	return ret;
257}
258
259/*
260 * Check if 8-bit byte-address select is available.
261 * This clobbers WRP 0.
262 */
263static u8 get_max_wp_len(void)
264{
265	u32 ctrl_reg;
266	struct arch_hw_breakpoint_ctrl ctrl;
267	u8 size = 4;
268
269	if (debug_arch < ARM_DEBUG_ARCH_V7_ECP14)
270		goto out;
271
272	if (enable_monitor_mode())
273		goto out;
274
275	memset(&ctrl, 0, sizeof(ctrl));
276	ctrl.len = ARM_BREAKPOINT_LEN_8;
277	ctrl_reg = encode_ctrl_reg(ctrl);
278
279	write_wb_reg(ARM_BASE_WVR, 0);
280	write_wb_reg(ARM_BASE_WCR, ctrl_reg);
281	if ((read_wb_reg(ARM_BASE_WCR) & ctrl_reg) == ctrl_reg)
282		size = 8;
283
284out:
285	return size;
286}
287
288u8 arch_get_max_wp_len(void)
289{
290	return max_watchpoint_len;
291}
292
293/*
294 * Handler for reactivating a suspended watchpoint when the single
295 * step `mismatch' breakpoint is triggered.
296 */
297static void wp_single_step_handler(struct perf_event *bp, int unused,
298				   struct perf_sample_data *data,
299				   struct pt_regs *regs)
300{
301	perf_event_enable(counter_arch_bp(bp)->suspended_wp);
302	unregister_hw_breakpoint(bp);
303}
304
305static int bp_is_single_step(struct perf_event *bp)
306{
307	return bp->overflow_handler == wp_single_step_handler;
308}
309
310/*
311 * Install a perf counter breakpoint.
312 */
313int arch_install_hw_breakpoint(struct perf_event *bp)
314{
315	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
316	struct perf_event **slot, **slots;
317	int i, max_slots, ctrl_base, val_base, ret = 0;
318
319	/* Ensure that we are in monitor mode and halting mode is disabled. */
320	ret = enable_monitor_mode();
321	if (ret)
322		goto out;
323
324	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
325		/* Breakpoint */
326		ctrl_base = ARM_BASE_BCR;
327		val_base = ARM_BASE_BVR;
328		slots = __get_cpu_var(bp_on_reg);
329		max_slots = core_num_brps - 1;
330
331		if (bp_is_single_step(bp)) {
332			info->ctrl.mismatch = 1;
333			i = max_slots;
334			slots[i] = bp;
335			goto setup;
336		}
337	} else {
338		/* Watchpoint */
339		ctrl_base = ARM_BASE_WCR;
340		val_base = ARM_BASE_WVR;
341		slots = __get_cpu_var(wp_on_reg);
342		max_slots = core_num_wrps;
343	}
344
345	for (i = 0; i < max_slots; ++i) {
346		slot = &slots[i];
347
348		if (!*slot) {
349			*slot = bp;
350			break;
351		}
352	}
353
354	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot")) {
355		ret = -EBUSY;
356		goto out;
357	}
358
359setup:
360	/* Setup the address register. */
361	write_wb_reg(val_base + i, info->address);
362
363	/* Setup the control register. */
364	write_wb_reg(ctrl_base + i, encode_ctrl_reg(info->ctrl) | 0x1);
365
366out:
367	return ret;
368}
369
370void arch_uninstall_hw_breakpoint(struct perf_event *bp)
371{
372	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
373	struct perf_event **slot, **slots;
374	int i, max_slots, base;
375
376	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
377		/* Breakpoint */
378		base = ARM_BASE_BCR;
379		slots = __get_cpu_var(bp_on_reg);
380		max_slots = core_num_brps - 1;
381
382		if (bp_is_single_step(bp)) {
383			i = max_slots;
384			slots[i] = NULL;
385			goto reset;
386		}
387	} else {
388		/* Watchpoint */
389		base = ARM_BASE_WCR;
390		slots = __get_cpu_var(wp_on_reg);
391		max_slots = core_num_wrps;
392	}
393
394	/* Remove the breakpoint. */
395	for (i = 0; i < max_slots; ++i) {
396		slot = &slots[i];
397
398		if (*slot == bp) {
399			*slot = NULL;
400			break;
401		}
402	}
403
404	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot"))
405		return;
406
407reset:
408	/* Reset the control register. */
409	write_wb_reg(base + i, 0);
410}
411
412static int get_hbp_len(u8 hbp_len)
413{
414	unsigned int len_in_bytes = 0;
415
416	switch (hbp_len) {
417	case ARM_BREAKPOINT_LEN_1:
418		len_in_bytes = 1;
419		break;
420	case ARM_BREAKPOINT_LEN_2:
421		len_in_bytes = 2;
422		break;
423	case ARM_BREAKPOINT_LEN_4:
424		len_in_bytes = 4;
425		break;
426	case ARM_BREAKPOINT_LEN_8:
427		len_in_bytes = 8;
428		break;
429	}
430
431	return len_in_bytes;
432}
433
434/*
435 * Check whether bp virtual address is in kernel space.
436 */
437int arch_check_bp_in_kernelspace(struct perf_event *bp)
438{
439	unsigned int len;
440	unsigned long va;
441	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
442
443	va = info->address;
444	len = get_hbp_len(info->ctrl.len);
445
446	return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
447}
448
449/*
450 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl.
451 * Hopefully this will disappear when ptrace can bypass the conversion
452 * to generic breakpoint descriptions.
453 */
454int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl,
455			   int *gen_len, int *gen_type)
456{
457	/* Type */
458	switch (ctrl.type) {
459	case ARM_BREAKPOINT_EXECUTE:
460		*gen_type = HW_BREAKPOINT_X;
461		break;
462	case ARM_BREAKPOINT_LOAD:
463		*gen_type = HW_BREAKPOINT_R;
464		break;
465	case ARM_BREAKPOINT_STORE:
466		*gen_type = HW_BREAKPOINT_W;
467		break;
468	case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE:
469		*gen_type = HW_BREAKPOINT_RW;
470		break;
471	default:
472		return -EINVAL;
473	}
474
475	/* Len */
476	switch (ctrl.len) {
477	case ARM_BREAKPOINT_LEN_1:
478		*gen_len = HW_BREAKPOINT_LEN_1;
479		break;
480	case ARM_BREAKPOINT_LEN_2:
481		*gen_len = HW_BREAKPOINT_LEN_2;
482		break;
483	case ARM_BREAKPOINT_LEN_4:
484		*gen_len = HW_BREAKPOINT_LEN_4;
485		break;
486	case ARM_BREAKPOINT_LEN_8:
487		*gen_len = HW_BREAKPOINT_LEN_8;
488		break;
489	default:
490		return -EINVAL;
491	}
492
493	return 0;
494}
495
496/*
497 * Construct an arch_hw_breakpoint from a perf_event.
498 */
499static int arch_build_bp_info(struct perf_event *bp)
500{
501	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
502
503	/* Type */
504	switch (bp->attr.bp_type) {
505	case HW_BREAKPOINT_X:
506		info->ctrl.type = ARM_BREAKPOINT_EXECUTE;
507		break;
508	case HW_BREAKPOINT_R:
509		info->ctrl.type = ARM_BREAKPOINT_LOAD;
510		break;
511	case HW_BREAKPOINT_W:
512		info->ctrl.type = ARM_BREAKPOINT_STORE;
513		break;
514	case HW_BREAKPOINT_RW:
515		info->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE;
516		break;
517	default:
518		return -EINVAL;
519	}
520
521	/* Len */
522	switch (bp->attr.bp_len) {
523	case HW_BREAKPOINT_LEN_1:
524		info->ctrl.len = ARM_BREAKPOINT_LEN_1;
525		break;
526	case HW_BREAKPOINT_LEN_2:
527		info->ctrl.len = ARM_BREAKPOINT_LEN_2;
528		break;
529	case HW_BREAKPOINT_LEN_4:
530		info->ctrl.len = ARM_BREAKPOINT_LEN_4;
531		break;
532	case HW_BREAKPOINT_LEN_8:
533		info->ctrl.len = ARM_BREAKPOINT_LEN_8;
534		if ((info->ctrl.type != ARM_BREAKPOINT_EXECUTE)
535			&& max_watchpoint_len >= 8)
536			break;
537	default:
538		return -EINVAL;
539	}
540
541	/*
542	 * Breakpoints must be of length 2 (thumb) or 4 (ARM) bytes.
543	 * Watchpoints can be of length 1, 2, 4 or 8 bytes if supported
544	 * by the hardware and must be aligned to the appropriate number of
545	 * bytes.
546	 */
547	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE &&
548	    info->ctrl.len != ARM_BREAKPOINT_LEN_2 &&
549	    info->ctrl.len != ARM_BREAKPOINT_LEN_4)
550		return -EINVAL;
551
552	/* Address */
553	info->address = bp->attr.bp_addr;
554
555	/* Privilege */
556	info->ctrl.privilege = ARM_BREAKPOINT_USER;
557	if (arch_check_bp_in_kernelspace(bp) && !bp_is_single_step(bp))
558		info->ctrl.privilege |= ARM_BREAKPOINT_PRIV;
559
560	/* Enabled? */
561	info->ctrl.enabled = !bp->attr.disabled;
562
563	/* Mismatch */
564	info->ctrl.mismatch = 0;
565
566	return 0;
567}
568
569/*
570 * Validate the arch-specific HW Breakpoint register settings.
571 */
572int arch_validate_hwbkpt_settings(struct perf_event *bp)
573{
574	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
575	int ret = 0;
576	u32 offset, alignment_mask = 0x3;
577
578	/* Build the arch_hw_breakpoint. */
579	ret = arch_build_bp_info(bp);
580	if (ret)
581		goto out;
582
583	/* Check address alignment. */
584	if (info->ctrl.len == ARM_BREAKPOINT_LEN_8)
585		alignment_mask = 0x7;
586	offset = info->address & alignment_mask;
587	switch (offset) {
588	case 0:
589		/* Aligned */
590		break;
591	case 1:
592		/* Allow single byte watchpoint. */
593		if (info->ctrl.len == ARM_BREAKPOINT_LEN_1)
594			break;
595	case 2:
596		/* Allow halfword watchpoints and breakpoints. */
597		if (info->ctrl.len == ARM_BREAKPOINT_LEN_2)
598			break;
599	default:
600		ret = -EINVAL;
601		goto out;
602	}
603
604	info->address &= ~alignment_mask;
605	info->ctrl.len <<= offset;
606
607	/*
608	 * Currently we rely on an overflow handler to take
609	 * care of single-stepping the breakpoint when it fires.
610	 * In the case of userspace breakpoints on a core with V7 debug,
611	 * we can use the mismatch feature as a poor-man's hardware single-step.
612	 */
613	if (WARN_ONCE(!bp->overflow_handler &&
614		(arch_check_bp_in_kernelspace(bp) || !core_has_mismatch_bps()),
615			"overflow handler required but none found")) {
616		ret = -EINVAL;
617	}
618out:
619	return ret;
620}
621
622static void update_mismatch_flag(int idx, int flag)
623{
624	struct perf_event *bp = __get_cpu_var(bp_on_reg[idx]);
625	struct arch_hw_breakpoint *info;
626
627	if (bp == NULL)
628		return;
629
630	info = counter_arch_bp(bp);
631
632	/* Update the mismatch field to enter/exit `single-step' mode */
633	if (!bp->overflow_handler && info->ctrl.mismatch != flag) {
634		info->ctrl.mismatch = flag;
635		write_wb_reg(ARM_BASE_BCR + idx, encode_ctrl_reg(info->ctrl) | 0x1);
636	}
637}
638
639static void watchpoint_handler(unsigned long unknown, struct pt_regs *regs)
640{
641	int i;
642	struct perf_event *bp, **slots = __get_cpu_var(wp_on_reg);
643	struct arch_hw_breakpoint *info;
644	struct perf_event_attr attr;
645
646	/* Without a disassembler, we can only handle 1 watchpoint. */
647	BUG_ON(core_num_wrps > 1);
648
649	hw_breakpoint_init(&attr);
650	attr.bp_addr	= regs->ARM_pc & ~0x3;
651	attr.bp_len	= HW_BREAKPOINT_LEN_4;
652	attr.bp_type	= HW_BREAKPOINT_X;
653
654	for (i = 0; i < core_num_wrps; ++i) {
655		rcu_read_lock();
656
657		if (slots[i] == NULL) {
658			rcu_read_unlock();
659			continue;
660		}
661
662		/*
663		 * The DFAR is an unknown value. Since we only allow a
664		 * single watchpoint, we can set the trigger to the lowest
665		 * possible faulting address.
666		 */
667		info = counter_arch_bp(slots[i]);
668		info->trigger = slots[i]->attr.bp_addr;
669		pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
670		perf_bp_event(slots[i], regs);
671
672		/*
673		 * If no overflow handler is present, insert a temporary
674		 * mismatch breakpoint so we can single-step over the
675		 * watchpoint trigger.
676		 */
677		if (!slots[i]->overflow_handler) {
678			bp = register_user_hw_breakpoint(&attr,
679							 wp_single_step_handler,
680							 current);
681			counter_arch_bp(bp)->suspended_wp = slots[i];
682			perf_event_disable(slots[i]);
683		}
684
685		rcu_read_unlock();
686	}
687}
688
689static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
690{
691	int i;
692	int mismatch;
693	u32 ctrl_reg, val, addr;
694	struct perf_event *bp, **slots = __get_cpu_var(bp_on_reg);
695	struct arch_hw_breakpoint *info;
696	struct arch_hw_breakpoint_ctrl ctrl;
697
698	/* The exception entry code places the amended lr in the PC. */
699	addr = regs->ARM_pc;
700
701	for (i = 0; i < core_num_brps; ++i) {
702		rcu_read_lock();
703
704		bp = slots[i];
705
706		if (bp == NULL) {
707			rcu_read_unlock();
708			continue;
709		}
710
711		mismatch = 0;
712
713		/* Check if the breakpoint value matches. */
714		val = read_wb_reg(ARM_BASE_BVR + i);
715		if (val != (addr & ~0x3))
716			goto unlock;
717
718		/* Possible match, check the byte address select to confirm. */
719		ctrl_reg = read_wb_reg(ARM_BASE_BCR + i);
720		decode_ctrl_reg(ctrl_reg, &ctrl);
721		if ((1 << (addr & 0x3)) & ctrl.len) {
722			mismatch = 1;
723			info = counter_arch_bp(bp);
724			info->trigger = addr;
725		}
726
727unlock:
728		if ((mismatch && !info->ctrl.mismatch) || bp_is_single_step(bp)) {
729			pr_debug("breakpoint fired: address = 0x%x\n", addr);
730			perf_bp_event(bp, regs);
731		}
732
733		update_mismatch_flag(i, mismatch);
734		rcu_read_unlock();
735	}
736}
737
738/*
739 * Called from either the Data Abort Handler [watchpoint] or the
740 * Prefetch Abort Handler [breakpoint] with preemption disabled.
741 */
742static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr,
743				 struct pt_regs *regs)
744{
745	int ret = 0;
746	u32 dscr;
747
748	/* We must be called with preemption disabled. */
749	WARN_ON(preemptible());
750
751	/* We only handle watchpoints and hardware breakpoints. */
752	ARM_DBG_READ(c1, 0, dscr);
753
754	/* Perform perf callbacks. */
755	switch (ARM_DSCR_MOE(dscr)) {
756	case ARM_ENTRY_BREAKPOINT:
757		breakpoint_handler(addr, regs);
758		break;
759	case ARM_ENTRY_ASYNC_WATCHPOINT:
760		WARN(1, "Asynchronous watchpoint exception taken. Debugging results may be unreliable\n");
761	case ARM_ENTRY_SYNC_WATCHPOINT:
762		watchpoint_handler(addr, regs);
763		break;
764	default:
765		ret = 1; /* Unhandled fault. */
766	}
767
768	/*
769	 * Re-enable preemption after it was disabled in the
770	 * low-level exception handling code.
771	 */
772	preempt_enable();
773
774	return ret;
775}
776
777/*
778 * One-time initialisation.
779 */
780static void reset_ctrl_regs(void *unused)
781{
782	int i;
783
784	/*
785	 * v7 debug contains save and restore registers so that debug state
786	 * can be maintained across low-power modes without leaving
787	 * the debug logic powered up. It is IMPLEMENTATION DEFINED whether
788	 * we can write to the debug registers out of reset, so we must
789	 * unlock the OS Lock Access Register to avoid taking undefined
790	 * instruction exceptions later on.
791	 */
792	if (debug_arch >= ARM_DEBUG_ARCH_V7_ECP14) {
793		/*
794		 * Unconditionally clear the lock by writing a value
795		 * other than 0xC5ACCE55 to the access register.
796		 */
797		asm volatile("mcr p14, 0, %0, c1, c0, 4" : : "r" (0));
798		isb();
799	}
800
801	if (enable_monitor_mode())
802		return;
803
804	for (i = 0; i < core_num_brps; ++i) {
805		write_wb_reg(ARM_BASE_BCR + i, 0UL);
806		write_wb_reg(ARM_BASE_BVR + i, 0UL);
807	}
808
809	for (i = 0; i < core_num_wrps; ++i) {
810		write_wb_reg(ARM_BASE_WCR + i, 0UL);
811		write_wb_reg(ARM_BASE_WVR + i, 0UL);
812	}
813}
814
815static int __cpuinit dbg_reset_notify(struct notifier_block *self,
816				      unsigned long action, void *cpu)
817{
818	if (action == CPU_ONLINE)
819		smp_call_function_single((int)cpu, reset_ctrl_regs, NULL, 1);
820	return NOTIFY_OK;
821}
822
823static struct notifier_block __cpuinitdata dbg_reset_nb = {
824	.notifier_call = dbg_reset_notify,
825};
826
827static int __init arch_hw_breakpoint_init(void)
828{
829	int ret = 0;
830	u32 dscr;
831
832	debug_arch = get_debug_arch();
833
834	if (debug_arch > ARM_DEBUG_ARCH_V7_ECP14) {
835		pr_info("debug architecture 0x%x unsupported.\n", debug_arch);
836		ret = -ENODEV;
837		goto out;
838	}
839
840	/* Determine how many BRPs/WRPs are available. */
841	core_num_brps = get_num_brps();
842	core_num_wrps = get_num_wrps();
843
844	pr_info("found %d breakpoint and %d watchpoint registers.\n",
845			core_num_brps, core_num_wrps);
846
847	if (core_has_mismatch_bps())
848		pr_info("1 breakpoint reserved for watchpoint single-step.\n");
849
850	ARM_DBG_READ(c1, 0, dscr);
851	if (dscr & ARM_DSCR_HDBGEN) {
852		pr_warning("halting debug mode enabled. Assuming maximum "
853				"watchpoint size of 4 bytes.");
854	} else {
855		/*
856		 * Reset the breakpoint resources. We assume that a halting
857		 * debugger will leave the world in a nice state for us.
858		 */
859		smp_call_function(reset_ctrl_regs, NULL, 1);
860		reset_ctrl_regs(NULL);
861
862		/* Work out the maximum supported watchpoint length. */
863		max_watchpoint_len = get_max_wp_len();
864		pr_info("maximum watchpoint size is %u bytes.\n",
865				max_watchpoint_len);
866	}
867
868	/* Register debug fault handler. */
869	hook_fault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
870			"watchpoint debug exception");
871	hook_ifault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
872			"breakpoint debug exception");
873
874	/* Register hotplug notifier. */
875	register_cpu_notifier(&dbg_reset_nb);
876out:
877	return ret;
878}
879arch_initcall(arch_hw_breakpoint_init);
880
881void hw_breakpoint_pmu_read(struct perf_event *bp)
882{
883}
884
885/*
886 * Dummy function to register with die_notifier.
887 */
888int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
889					unsigned long val, void *data)
890{
891	return NOTIFY_DONE;
892}
893