hw_breakpoint.c revision 8fbf397c3389c1dedfa9ee412715046ab28fd82d 
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License version 2 as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
9 * GNU General Public License for more details.
10 *
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
14 *
15 * Copyright (C) 2009, 2010 ARM Limited
16 *
17 * Author: Will Deacon <will.deacon@arm.com>
18 */
19
20/*
21 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
22 * using the CPU's debug registers.
23 */
24#define pr_fmt(fmt) "hw-breakpoint: " fmt
25
26#include <linux/errno.h>
27#include <linux/hardirq.h>
28#include <linux/perf_event.h>
29#include <linux/hw_breakpoint.h>
30#include <linux/smp.h>
31
32#include <asm/cacheflush.h>
33#include <asm/cputype.h>
34#include <asm/current.h>
35#include <asm/hw_breakpoint.h>
36#include <asm/kdebug.h>
37#include <asm/system.h>
38#include <asm/traps.h>
39
40/* Breakpoint currently in use for each BRP. */
41static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
42
43/* Watchpoint currently in use for each WRP. */
44static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]);
45
46/* Number of BRP/WRP registers on this CPU. */
47static int core_num_brps;
48static int core_num_reserved_brps;
49static int core_num_wrps;
50
51/* Debug architecture version. */
52static u8 debug_arch;
53
54/* Maximum supported watchpoint length. */
55static u8 max_watchpoint_len;
56
57#define READ_WB_REG_CASE(OP2, M, VAL)		\
58	case ((OP2 << 4) + M):			\
59		ARM_DBG_READ(c ## M, OP2, VAL); \
60		break
61
62#define WRITE_WB_REG_CASE(OP2, M, VAL)		\
63	case ((OP2 << 4) + M):			\
64		ARM_DBG_WRITE(c ## M, OP2, VAL);\
65		break
66
67#define GEN_READ_WB_REG_CASES(OP2, VAL)		\
68	READ_WB_REG_CASE(OP2, 0, VAL);		\
69	READ_WB_REG_CASE(OP2, 1, VAL);		\
70	READ_WB_REG_CASE(OP2, 2, VAL);		\
71	READ_WB_REG_CASE(OP2, 3, VAL);		\
72	READ_WB_REG_CASE(OP2, 4, VAL);		\
73	READ_WB_REG_CASE(OP2, 5, VAL);		\
74	READ_WB_REG_CASE(OP2, 6, VAL);		\
75	READ_WB_REG_CASE(OP2, 7, VAL);		\
76	READ_WB_REG_CASE(OP2, 8, VAL);		\
77	READ_WB_REG_CASE(OP2, 9, VAL);		\
78	READ_WB_REG_CASE(OP2, 10, VAL);		\
79	READ_WB_REG_CASE(OP2, 11, VAL);		\
80	READ_WB_REG_CASE(OP2, 12, VAL);		\
81	READ_WB_REG_CASE(OP2, 13, VAL);		\
82	READ_WB_REG_CASE(OP2, 14, VAL);		\
83	READ_WB_REG_CASE(OP2, 15, VAL)
84
85#define GEN_WRITE_WB_REG_CASES(OP2, VAL)	\
86	WRITE_WB_REG_CASE(OP2, 0, VAL);		\
87	WRITE_WB_REG_CASE(OP2, 1, VAL);		\
88	WRITE_WB_REG_CASE(OP2, 2, VAL);		\
89	WRITE_WB_REG_CASE(OP2, 3, VAL);		\
90	WRITE_WB_REG_CASE(OP2, 4, VAL);		\
91	WRITE_WB_REG_CASE(OP2, 5, VAL);		\
92	WRITE_WB_REG_CASE(OP2, 6, VAL);		\
93	WRITE_WB_REG_CASE(OP2, 7, VAL);		\
94	WRITE_WB_REG_CASE(OP2, 8, VAL);		\
95	WRITE_WB_REG_CASE(OP2, 9, VAL);		\
96	WRITE_WB_REG_CASE(OP2, 10, VAL);	\
97	WRITE_WB_REG_CASE(OP2, 11, VAL);	\
98	WRITE_WB_REG_CASE(OP2, 12, VAL);	\
99	WRITE_WB_REG_CASE(OP2, 13, VAL);	\
100	WRITE_WB_REG_CASE(OP2, 14, VAL);	\
101	WRITE_WB_REG_CASE(OP2, 15, VAL)
102
103static u32 read_wb_reg(int n)
104{
105	u32 val = 0;
106
107	switch (n) {
108	GEN_READ_WB_REG_CASES(ARM_OP2_BVR, val);
109	GEN_READ_WB_REG_CASES(ARM_OP2_BCR, val);
110	GEN_READ_WB_REG_CASES(ARM_OP2_WVR, val);
111	GEN_READ_WB_REG_CASES(ARM_OP2_WCR, val);
112	default:
113		pr_warning("attempt to read from unknown breakpoint "
114				"register %d\n", n);
115	}
116
117	return val;
118}
119
120static void write_wb_reg(int n, u32 val)
121{
122	switch (n) {
123	GEN_WRITE_WB_REG_CASES(ARM_OP2_BVR, val);
124	GEN_WRITE_WB_REG_CASES(ARM_OP2_BCR, val);
125	GEN_WRITE_WB_REG_CASES(ARM_OP2_WVR, val);
126	GEN_WRITE_WB_REG_CASES(ARM_OP2_WCR, val);
127	default:
128		pr_warning("attempt to write to unknown breakpoint "
129				"register %d\n", n);
130	}
131	isb();
132}
133
134/* Determine debug architecture. */
135static u8 get_debug_arch(void)
136{
137	u32 didr;
138
139	/* Do we implement the extended CPUID interface? */
140	if (((read_cpuid_id() >> 16) & 0xf) != 0xf) {
141		pr_warning("CPUID feature registers not supported. "
142				"Assuming v6 debug is present.\n");
143		return ARM_DEBUG_ARCH_V6;
144	}
145
146	ARM_DBG_READ(c0, 0, didr);
147	return (didr >> 16) & 0xf;
148}
149
150u8 arch_get_debug_arch(void)
151{
152	return debug_arch;
153}
154
155/* Determine number of BRP register available. */
156static int get_num_brp_resources(void)
157{
158	u32 didr;
159	ARM_DBG_READ(c0, 0, didr);
160	return ((didr >> 24) & 0xf) + 1;
161}
162
163/* Does this core support mismatch breakpoints? */
164static int core_has_mismatch_brps(void)
165{
166	return (get_debug_arch() >= ARM_DEBUG_ARCH_V7_ECP14 &&
167		get_num_brp_resources() > 1);
168}
169
170/* Determine number of usable WRPs available. */
171static int get_num_wrps(void)
172{
173	/*
174	 * FIXME: When a watchpoint fires, the only way to work out which
175	 * watchpoint it was is by disassembling the faulting instruction
176	 * and working out the address of the memory access.
177	 *
178	 * Furthermore, we can only do this if the watchpoint was precise
179	 * since imprecise watchpoints prevent us from calculating register
180	 * based addresses.
181	 *
182	 * Providing we have more than 1 breakpoint register, we only report
183	 * a single watchpoint register for the time being. This way, we always
184	 * know which watchpoint fired. In the future we can either add a
185	 * disassembler and address generation emulator, or we can insert a
186	 * check to see if the DFAR is set on watchpoint exception entry
187	 * [the ARM ARM states that the DFAR is UNKNOWN, but experience shows
188	 * that it is set on some implementations].
189	 */
190
191#if 0
192	int wrps;
193	u32 didr;
194	ARM_DBG_READ(c0, 0, didr);
195	wrps = ((didr >> 28) & 0xf) + 1;
196#endif
197	int wrps = 1;
198
199	if (core_has_mismatch_brps() && wrps >= get_num_brp_resources())
200		wrps = get_num_brp_resources() - 1;
201
202	return wrps;
203}
204
205/* We reserve one breakpoint for each watchpoint. */
206static int get_num_reserved_brps(void)
207{
208	if (core_has_mismatch_brps())
209		return get_num_wrps();
210	return 0;
211}
212
213/* Determine number of usable BRPs available. */
214static int get_num_brps(void)
215{
216	int brps = get_num_brp_resources();
217	if (core_has_mismatch_brps())
218		brps -= get_num_reserved_brps();
219	return brps;
220}
221
222/*
223 * In order to access the breakpoint/watchpoint control registers,
224 * we must be running in debug monitor mode. Unfortunately, we can
225 * be put into halting debug mode at any time by an external debugger
226 * but there is nothing we can do to prevent that.
227 */
228static int enable_monitor_mode(void)
229{
230	u32 dscr;
231	int ret = 0;
232
233	ARM_DBG_READ(c1, 0, dscr);
234
235	/* Ensure that halting mode is disabled. */
236	if (WARN_ONCE(dscr & ARM_DSCR_HDBGEN, "halting debug mode enabled."
237				"Unable to access hardware resources.")) {
238		ret = -EPERM;
239		goto out;
240	}
241
242	/* If monitor mode is already enabled, just return. */
243	if (dscr & ARM_DSCR_MDBGEN)
244		goto out;
245
246	/* Write to the corresponding DSCR. */
247	switch (get_debug_arch()) {
248	case ARM_DEBUG_ARCH_V6:
249	case ARM_DEBUG_ARCH_V6_1:
250		ARM_DBG_WRITE(c1, 0, (dscr | ARM_DSCR_MDBGEN));
251		break;
252	case ARM_DEBUG_ARCH_V7_ECP14:
253		ARM_DBG_WRITE(c2, 2, (dscr | ARM_DSCR_MDBGEN));
254		break;
255	default:
256		ret = -ENODEV;
257		goto out;
258	}
259
260	/* Check that the write made it through. */
261	ARM_DBG_READ(c1, 0, dscr);
262	if (!(dscr & ARM_DSCR_MDBGEN))
263		ret = -EPERM;
264
265out:
266	return ret;
267}
268
269int hw_breakpoint_slots(int type)
270{
271	/*
272	 * We can be called early, so don't rely on
273	 * our static variables being initialised.
274	 */
275	switch (type) {
276	case TYPE_INST:
277		return get_num_brps();
278	case TYPE_DATA:
279		return get_num_wrps();
280	default:
281		pr_warning("unknown slot type: %d\n", type);
282		return 0;
283	}
284}
285
286/*
287 * Check if 8-bit byte-address select is available.
288 * This clobbers WRP 0.
289 */
290static u8 get_max_wp_len(void)
291{
292	u32 ctrl_reg;
293	struct arch_hw_breakpoint_ctrl ctrl;
294	u8 size = 4;
295
296	if (debug_arch < ARM_DEBUG_ARCH_V7_ECP14)
297		goto out;
298
299	memset(&ctrl, 0, sizeof(ctrl));
300	ctrl.len = ARM_BREAKPOINT_LEN_8;
301	ctrl_reg = encode_ctrl_reg(ctrl);
302
303	write_wb_reg(ARM_BASE_WVR, 0);
304	write_wb_reg(ARM_BASE_WCR, ctrl_reg);
305	if ((read_wb_reg(ARM_BASE_WCR) & ctrl_reg) == ctrl_reg)
306		size = 8;
307
308out:
309	return size;
310}
311
312u8 arch_get_max_wp_len(void)
313{
314	return max_watchpoint_len;
315}
316
317/*
318 * Install a perf counter breakpoint.
319 */
320int arch_install_hw_breakpoint(struct perf_event *bp)
321{
322	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
323	struct perf_event **slot, **slots;
324	int i, max_slots, ctrl_base, val_base, ret = 0;
325	u32 addr, ctrl;
326
327	/* Ensure that we are in monitor mode and halting mode is disabled. */
328	ret = enable_monitor_mode();
329	if (ret)
330		goto out;
331
332	addr = info->address;
333	ctrl = encode_ctrl_reg(info->ctrl) | 0x1;
334
335	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
336		/* Breakpoint */
337		ctrl_base = ARM_BASE_BCR;
338		val_base = ARM_BASE_BVR;
339		slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
340		max_slots = core_num_brps;
341		if (info->step_ctrl.enabled) {
342			/* Override the breakpoint data with the step data. */
343			addr = info->trigger & ~0x3;
344			ctrl = encode_ctrl_reg(info->step_ctrl);
345		}
346	} else {
347		/* Watchpoint */
348		if (info->step_ctrl.enabled) {
349			/* Install into the reserved breakpoint region. */
350			ctrl_base = ARM_BASE_BCR + core_num_brps;
351			val_base = ARM_BASE_BVR + core_num_brps;
352			/* Override the watchpoint data with the step data. */
353			addr = info->trigger & ~0x3;
354			ctrl = encode_ctrl_reg(info->step_ctrl);
355		} else {
356			ctrl_base = ARM_BASE_WCR;
357			val_base = ARM_BASE_WVR;
358		}
359		slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
360		max_slots = core_num_wrps;
361	}
362
363	for (i = 0; i < max_slots; ++i) {
364		slot = &slots[i];
365
366		if (!*slot) {
367			*slot = bp;
368			break;
369		}
370	}
371
372	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot")) {
373		ret = -EBUSY;
374		goto out;
375	}
376
377	/* Setup the address register. */
378	write_wb_reg(val_base + i, addr);
379
380	/* Setup the control register. */
381	write_wb_reg(ctrl_base + i, ctrl);
382
383out:
384	return ret;
385}
386
387void arch_uninstall_hw_breakpoint(struct perf_event *bp)
388{
389	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
390	struct perf_event **slot, **slots;
391	int i, max_slots, base;
392
393	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
394		/* Breakpoint */
395		base = ARM_BASE_BCR;
396		slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
397		max_slots = core_num_brps;
398	} else {
399		/* Watchpoint */
400		if (info->step_ctrl.enabled)
401			base = ARM_BASE_BCR + core_num_brps;
402		else
403			base = ARM_BASE_WCR;
404		slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
405		max_slots = core_num_wrps;
406	}
407
408	/* Remove the breakpoint. */
409	for (i = 0; i < max_slots; ++i) {
410		slot = &slots[i];
411
412		if (*slot == bp) {
413			*slot = NULL;
414			break;
415		}
416	}
417
418	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot"))
419		return;
420
421	/* Reset the control register. */
422	write_wb_reg(base + i, 0);
423}
424
425static int get_hbp_len(u8 hbp_len)
426{
427	unsigned int len_in_bytes = 0;
428
429	switch (hbp_len) {
430	case ARM_BREAKPOINT_LEN_1:
431		len_in_bytes = 1;
432		break;
433	case ARM_BREAKPOINT_LEN_2:
434		len_in_bytes = 2;
435		break;
436	case ARM_BREAKPOINT_LEN_4:
437		len_in_bytes = 4;
438		break;
439	case ARM_BREAKPOINT_LEN_8:
440		len_in_bytes = 8;
441		break;
442	}
443
444	return len_in_bytes;
445}
446
447/*
448 * Check whether bp virtual address is in kernel space.
449 */
450int arch_check_bp_in_kernelspace(struct perf_event *bp)
451{
452	unsigned int len;
453	unsigned long va;
454	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
455
456	va = info->address;
457	len = get_hbp_len(info->ctrl.len);
458
459	return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
460}
461
462/*
463 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl.
464 * Hopefully this will disappear when ptrace can bypass the conversion
465 * to generic breakpoint descriptions.
466 */
467int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl,
468			   int *gen_len, int *gen_type)
469{
470	/* Type */
471	switch (ctrl.type) {
472	case ARM_BREAKPOINT_EXECUTE:
473		*gen_type = HW_BREAKPOINT_X;
474		break;
475	case ARM_BREAKPOINT_LOAD:
476		*gen_type = HW_BREAKPOINT_R;
477		break;
478	case ARM_BREAKPOINT_STORE:
479		*gen_type = HW_BREAKPOINT_W;
480		break;
481	case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE:
482		*gen_type = HW_BREAKPOINT_RW;
483		break;
484	default:
485		return -EINVAL;
486	}
487
488	/* Len */
489	switch (ctrl.len) {
490	case ARM_BREAKPOINT_LEN_1:
491		*gen_len = HW_BREAKPOINT_LEN_1;
492		break;
493	case ARM_BREAKPOINT_LEN_2:
494		*gen_len = HW_BREAKPOINT_LEN_2;
495		break;
496	case ARM_BREAKPOINT_LEN_4:
497		*gen_len = HW_BREAKPOINT_LEN_4;
498		break;
499	case ARM_BREAKPOINT_LEN_8:
500		*gen_len = HW_BREAKPOINT_LEN_8;
501		break;
502	default:
503		return -EINVAL;
504	}
505
506	return 0;
507}
508
509/*
510 * Construct an arch_hw_breakpoint from a perf_event.
511 */
512static int arch_build_bp_info(struct perf_event *bp)
513{
514	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
515
516	/* Type */
517	switch (bp->attr.bp_type) {
518	case HW_BREAKPOINT_X:
519		info->ctrl.type = ARM_BREAKPOINT_EXECUTE;
520		break;
521	case HW_BREAKPOINT_R:
522		info->ctrl.type = ARM_BREAKPOINT_LOAD;
523		break;
524	case HW_BREAKPOINT_W:
525		info->ctrl.type = ARM_BREAKPOINT_STORE;
526		break;
527	case HW_BREAKPOINT_RW:
528		info->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE;
529		break;
530	default:
531		return -EINVAL;
532	}
533
534	/* Len */
535	switch (bp->attr.bp_len) {
536	case HW_BREAKPOINT_LEN_1:
537		info->ctrl.len = ARM_BREAKPOINT_LEN_1;
538		break;
539	case HW_BREAKPOINT_LEN_2:
540		info->ctrl.len = ARM_BREAKPOINT_LEN_2;
541		break;
542	case HW_BREAKPOINT_LEN_4:
543		info->ctrl.len = ARM_BREAKPOINT_LEN_4;
544		break;
545	case HW_BREAKPOINT_LEN_8:
546		info->ctrl.len = ARM_BREAKPOINT_LEN_8;
547		if ((info->ctrl.type != ARM_BREAKPOINT_EXECUTE)
548			&& max_watchpoint_len >= 8)
549			break;
550	default:
551		return -EINVAL;
552	}
553
554	/*
555	 * Breakpoints must be of length 2 (thumb) or 4 (ARM) bytes.
556	 * Watchpoints can be of length 1, 2, 4 or 8 bytes if supported
557	 * by the hardware and must be aligned to the appropriate number of
558	 * bytes.
559	 */
560	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE &&
561	    info->ctrl.len != ARM_BREAKPOINT_LEN_2 &&
562	    info->ctrl.len != ARM_BREAKPOINT_LEN_4)
563		return -EINVAL;
564
565	/* Address */
566	info->address = bp->attr.bp_addr;
567
568	/* Privilege */
569	info->ctrl.privilege = ARM_BREAKPOINT_USER;
570	if (arch_check_bp_in_kernelspace(bp))
571		info->ctrl.privilege |= ARM_BREAKPOINT_PRIV;
572
573	/* Enabled? */
574	info->ctrl.enabled = !bp->attr.disabled;
575
576	/* Mismatch */
577	info->ctrl.mismatch = 0;
578
579	return 0;
580}
581
582/*
583 * Validate the arch-specific HW Breakpoint register settings.
584 */
585int arch_validate_hwbkpt_settings(struct perf_event *bp)
586{
587	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
588	int ret = 0;
589	u32 offset, alignment_mask = 0x3;
590
591	/* Build the arch_hw_breakpoint. */
592	ret = arch_build_bp_info(bp);
593	if (ret)
594		goto out;
595
596	/* Check address alignment. */
597	if (info->ctrl.len == ARM_BREAKPOINT_LEN_8)
598		alignment_mask = 0x7;
599	offset = info->address & alignment_mask;
600	switch (offset) {
601	case 0:
602		/* Aligned */
603		break;
604	case 1:
605		/* Allow single byte watchpoint. */
606		if (info->ctrl.len == ARM_BREAKPOINT_LEN_1)
607			break;
608	case 2:
609		/* Allow halfword watchpoints and breakpoints. */
610		if (info->ctrl.len == ARM_BREAKPOINT_LEN_2)
611			break;
612	default:
613		ret = -EINVAL;
614		goto out;
615	}
616
617	info->address &= ~alignment_mask;
618	info->ctrl.len <<= offset;
619
620	/*
621	 * Currently we rely on an overflow handler to take
622	 * care of single-stepping the breakpoint when it fires.
623	 * In the case of userspace breakpoints on a core with V7 debug,
624	 * we can use the mismatch feature as a poor-man's hardware
625	 * single-step, but this only works for per-task breakpoints.
626	 */
627	if (WARN_ONCE(!bp->overflow_handler &&
628		(arch_check_bp_in_kernelspace(bp) || !core_has_mismatch_brps()
629		 || !bp->hw.bp_target),
630			"overflow handler required but none found")) {
631		ret = -EINVAL;
632	}
633out:
634	return ret;
635}
636
637/*
638 * Enable/disable single-stepping over the breakpoint bp at address addr.
639 */
640static void enable_single_step(struct perf_event *bp, u32 addr)
641{
642	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
643
644	arch_uninstall_hw_breakpoint(bp);
645	info->step_ctrl.mismatch  = 1;
646	info->step_ctrl.len	  = ARM_BREAKPOINT_LEN_4;
647	info->step_ctrl.type	  = ARM_BREAKPOINT_EXECUTE;
648	info->step_ctrl.privilege = info->ctrl.privilege;
649	info->step_ctrl.enabled	  = 1;
650	info->trigger		  = addr;
651	arch_install_hw_breakpoint(bp);
652}
653
654static void disable_single_step(struct perf_event *bp)
655{
656	arch_uninstall_hw_breakpoint(bp);
657	counter_arch_bp(bp)->step_ctrl.enabled = 0;
658	arch_install_hw_breakpoint(bp);
659}
660
661static void watchpoint_handler(unsigned long unknown, struct pt_regs *regs)
662{
663	int i;
664	struct perf_event *wp, **slots;
665	struct arch_hw_breakpoint *info;
666
667	slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
668
669	/* Without a disassembler, we can only handle 1 watchpoint. */
670	BUG_ON(core_num_wrps > 1);
671
672	for (i = 0; i < core_num_wrps; ++i) {
673		rcu_read_lock();
674
675		wp = slots[i];
676
677		if (wp == NULL) {
678			rcu_read_unlock();
679			continue;
680		}
681
682		/*
683		 * The DFAR is an unknown value. Since we only allow a
684		 * single watchpoint, we can set the trigger to the lowest
685		 * possible faulting address.
686		 */
687		info = counter_arch_bp(wp);
688		info->trigger = wp->attr.bp_addr;
689		pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
690		perf_bp_event(wp, regs);
691
692		/*
693		 * If no overflow handler is present, insert a temporary
694		 * mismatch breakpoint so we can single-step over the
695		 * watchpoint trigger.
696		 */
697		if (!wp->overflow_handler)
698			enable_single_step(wp, instruction_pointer(regs));
699
700		rcu_read_unlock();
701	}
702}
703
704static void watchpoint_single_step_handler(unsigned long pc)
705{
706	int i;
707	struct perf_event *wp, **slots;
708	struct arch_hw_breakpoint *info;
709
710	slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
711
712	for (i = 0; i < core_num_reserved_brps; ++i) {
713		rcu_read_lock();
714
715		wp = slots[i];
716
717		if (wp == NULL)
718			goto unlock;
719
720		info = counter_arch_bp(wp);
721		if (!info->step_ctrl.enabled)
722			goto unlock;
723
724		/*
725		 * Restore the original watchpoint if we've completed the
726		 * single-step.
727		 */
728		if (info->trigger != pc)
729			disable_single_step(wp);
730
731unlock:
732		rcu_read_unlock();
733	}
734}
735
736static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
737{
738	int i;
739	u32 ctrl_reg, val, addr;
740	struct perf_event *bp, **slots;
741	struct arch_hw_breakpoint *info;
742	struct arch_hw_breakpoint_ctrl ctrl;
743
744	slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
745
746	/* The exception entry code places the amended lr in the PC. */
747	addr = regs->ARM_pc;
748
749	/* Check the currently installed breakpoints first. */
750	for (i = 0; i < core_num_brps; ++i) {
751		rcu_read_lock();
752
753		bp = slots[i];
754
755		if (bp == NULL)
756			goto unlock;
757
758		info = counter_arch_bp(bp);
759
760		/* Check if the breakpoint value matches. */
761		val = read_wb_reg(ARM_BASE_BVR + i);
762		if (val != (addr & ~0x3))
763			goto mismatch;
764
765		/* Possible match, check the byte address select to confirm. */
766		ctrl_reg = read_wb_reg(ARM_BASE_BCR + i);
767		decode_ctrl_reg(ctrl_reg, &ctrl);
768		if ((1 << (addr & 0x3)) & ctrl.len) {
769			info->trigger = addr;
770			pr_debug("breakpoint fired: address = 0x%x\n", addr);
771			perf_bp_event(bp, regs);
772			if (!bp->overflow_handler)
773				enable_single_step(bp, addr);
774			goto unlock;
775		}
776
777mismatch:
778		/* If we're stepping a breakpoint, it can now be restored. */
779		if (info->step_ctrl.enabled)
780			disable_single_step(bp);
781unlock:
782		rcu_read_unlock();
783	}
784
785	/* Handle any pending watchpoint single-step breakpoints. */
786	watchpoint_single_step_handler(addr);
787}
788
789/*
790 * Called from either the Data Abort Handler [watchpoint] or the
791 * Prefetch Abort Handler [breakpoint] with preemption disabled.
792 */
793static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr,
794				 struct pt_regs *regs)
795{
796	int ret = 0;
797	u32 dscr;
798
799	/* We must be called with preemption disabled. */
800	WARN_ON(preemptible());
801
802	/* We only handle watchpoints and hardware breakpoints. */
803	ARM_DBG_READ(c1, 0, dscr);
804
805	/* Perform perf callbacks. */
806	switch (ARM_DSCR_MOE(dscr)) {
807	case ARM_ENTRY_BREAKPOINT:
808		breakpoint_handler(addr, regs);
809		break;
810	case ARM_ENTRY_ASYNC_WATCHPOINT:
811		WARN(1, "Asynchronous watchpoint exception taken. Debugging results may be unreliable\n");
812	case ARM_ENTRY_SYNC_WATCHPOINT:
813		watchpoint_handler(addr, regs);
814		break;
815	default:
816		ret = 1; /* Unhandled fault. */
817	}
818
819	/*
820	 * Re-enable preemption after it was disabled in the
821	 * low-level exception handling code.
822	 */
823	preempt_enable();
824
825	return ret;
826}
827
828/*
829 * One-time initialisation.
830 */
831static void reset_ctrl_regs(void *unused)
832{
833	int i;
834
835	/*
836	 * v7 debug contains save and restore registers so that debug state
837	 * can be maintained across low-power modes without leaving
838	 * the debug logic powered up. It is IMPLEMENTATION DEFINED whether
839	 * we can write to the debug registers out of reset, so we must
840	 * unlock the OS Lock Access Register to avoid taking undefined
841	 * instruction exceptions later on.
842	 */
843	if (debug_arch >= ARM_DEBUG_ARCH_V7_ECP14) {
844		/*
845		 * Unconditionally clear the lock by writing a value
846		 * other than 0xC5ACCE55 to the access register.
847		 */
848		asm volatile("mcr p14, 0, %0, c1, c0, 4" : : "r" (0));
849		isb();
850	}
851
852	if (enable_monitor_mode())
853		return;
854
855	/* We must also reset any reserved registers. */
856	for (i = 0; i < core_num_brps + core_num_reserved_brps; ++i) {
857		write_wb_reg(ARM_BASE_BCR + i, 0UL);
858		write_wb_reg(ARM_BASE_BVR + i, 0UL);
859	}
860
861	for (i = 0; i < core_num_wrps; ++i) {
862		write_wb_reg(ARM_BASE_WCR + i, 0UL);
863		write_wb_reg(ARM_BASE_WVR + i, 0UL);
864	}
865}
866
867static int __cpuinit dbg_reset_notify(struct notifier_block *self,
868				      unsigned long action, void *cpu)
869{
870	if (action == CPU_ONLINE)
871		smp_call_function_single((int)cpu, reset_ctrl_regs, NULL, 1);
872	return NOTIFY_OK;
873}
874
875static struct notifier_block __cpuinitdata dbg_reset_nb = {
876	.notifier_call = dbg_reset_notify,
877};
878
879static int __init arch_hw_breakpoint_init(void)
880{
881	u32 dscr;
882
883	debug_arch = get_debug_arch();
884
885	if (debug_arch > ARM_DEBUG_ARCH_V7_ECP14) {
886		pr_info("debug architecture 0x%x unsupported.\n", debug_arch);
887		return 0;
888	}
889
890	/* Determine how many BRPs/WRPs are available. */
891	core_num_brps = get_num_brps();
892	core_num_reserved_brps = get_num_reserved_brps();
893	core_num_wrps = get_num_wrps();
894
895	pr_info("found %d breakpoint and %d watchpoint registers.\n",
896		core_num_brps + core_num_reserved_brps, core_num_wrps);
897
898	if (core_num_reserved_brps)
899		pr_info("%d breakpoint(s) reserved for watchpoint "
900				"single-step.\n", core_num_reserved_brps);
901
902	ARM_DBG_READ(c1, 0, dscr);
903	if (dscr & ARM_DSCR_HDBGEN) {
904		pr_warning("halting debug mode enabled. Assuming maximum "
905				"watchpoint size of 4 bytes.");
906	} else {
907		/*
908		 * Reset the breakpoint resources. We assume that a halting
909		 * debugger will leave the world in a nice state for us.
910		 */
911		smp_call_function(reset_ctrl_regs, NULL, 1);
912		reset_ctrl_regs(NULL);
913
914		/* Work out the maximum supported watchpoint length. */
915		max_watchpoint_len = get_max_wp_len();
916		pr_info("maximum watchpoint size is %u bytes.\n",
917				max_watchpoint_len);
918	}
919
920	/* Register debug fault handler. */
921	hook_fault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
922			"watchpoint debug exception");
923	hook_ifault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
924			"breakpoint debug exception");
925
926	/* Register hotplug notifier. */
927	register_cpu_notifier(&dbg_reset_nb);
928	return 0;
929}
930arch_initcall(arch_hw_breakpoint_init);
931
932void hw_breakpoint_pmu_read(struct perf_event *bp)
933{
934}
935
936/*
937 * Dummy function to register with die_notifier.
938 */
939int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
940					unsigned long val, void *data)
941{
942	return NOTIFY_DONE;
943}
944