hw_breakpoint.c revision b5d5b8f98641edac6641af9e19e933083ade603b 
1/*
2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License version 2 as
4 * published by the Free Software Foundation.
5 *
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
9 * GNU General Public License for more details.
10 *
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
14 *
15 * Copyright (C) 2009, 2010 ARM Limited
16 *
17 * Author: Will Deacon <will.deacon@arm.com>
18 */
19
20/*
21 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
22 * using the CPU's debug registers.
23 */
24#define pr_fmt(fmt) "hw-breakpoint: " fmt
25
26#include <linux/errno.h>
27#include <linux/hardirq.h>
28#include <linux/perf_event.h>
29#include <linux/hw_breakpoint.h>
30#include <linux/smp.h>
31
32#include <asm/cacheflush.h>
33#include <asm/cputype.h>
34#include <asm/current.h>
35#include <asm/hw_breakpoint.h>
36#include <asm/kdebug.h>
37#include <asm/system.h>
38#include <asm/traps.h>
39
40/* Breakpoint currently in use for each BRP. */
41static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
42
43/* Watchpoint currently in use for each WRP. */
44static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]);
45
46/* Number of BRP/WRP registers on this CPU. */
47static int core_num_brps;
48static int core_num_reserved_brps;
49static int core_num_wrps;
50
51/* Debug architecture version. */
52static u8 debug_arch;
53
54/* Maximum supported watchpoint length. */
55static u8 max_watchpoint_len;
56
57#define READ_WB_REG_CASE(OP2, M, VAL)		\
58	case ((OP2 << 4) + M):			\
59		ARM_DBG_READ(c ## M, OP2, VAL); \
60		break
61
62#define WRITE_WB_REG_CASE(OP2, M, VAL)		\
63	case ((OP2 << 4) + M):			\
64		ARM_DBG_WRITE(c ## M, OP2, VAL);\
65		break
66
67#define GEN_READ_WB_REG_CASES(OP2, VAL)		\
68	READ_WB_REG_CASE(OP2, 0, VAL);		\
69	READ_WB_REG_CASE(OP2, 1, VAL);		\
70	READ_WB_REG_CASE(OP2, 2, VAL);		\
71	READ_WB_REG_CASE(OP2, 3, VAL);		\
72	READ_WB_REG_CASE(OP2, 4, VAL);		\
73	READ_WB_REG_CASE(OP2, 5, VAL);		\
74	READ_WB_REG_CASE(OP2, 6, VAL);		\
75	READ_WB_REG_CASE(OP2, 7, VAL);		\
76	READ_WB_REG_CASE(OP2, 8, VAL);		\
77	READ_WB_REG_CASE(OP2, 9, VAL);		\
78	READ_WB_REG_CASE(OP2, 10, VAL);		\
79	READ_WB_REG_CASE(OP2, 11, VAL);		\
80	READ_WB_REG_CASE(OP2, 12, VAL);		\
81	READ_WB_REG_CASE(OP2, 13, VAL);		\
82	READ_WB_REG_CASE(OP2, 14, VAL);		\
83	READ_WB_REG_CASE(OP2, 15, VAL)
84
85#define GEN_WRITE_WB_REG_CASES(OP2, VAL)	\
86	WRITE_WB_REG_CASE(OP2, 0, VAL);		\
87	WRITE_WB_REG_CASE(OP2, 1, VAL);		\
88	WRITE_WB_REG_CASE(OP2, 2, VAL);		\
89	WRITE_WB_REG_CASE(OP2, 3, VAL);		\
90	WRITE_WB_REG_CASE(OP2, 4, VAL);		\
91	WRITE_WB_REG_CASE(OP2, 5, VAL);		\
92	WRITE_WB_REG_CASE(OP2, 6, VAL);		\
93	WRITE_WB_REG_CASE(OP2, 7, VAL);		\
94	WRITE_WB_REG_CASE(OP2, 8, VAL);		\
95	WRITE_WB_REG_CASE(OP2, 9, VAL);		\
96	WRITE_WB_REG_CASE(OP2, 10, VAL);	\
97	WRITE_WB_REG_CASE(OP2, 11, VAL);	\
98	WRITE_WB_REG_CASE(OP2, 12, VAL);	\
99	WRITE_WB_REG_CASE(OP2, 13, VAL);	\
100	WRITE_WB_REG_CASE(OP2, 14, VAL);	\
101	WRITE_WB_REG_CASE(OP2, 15, VAL)
102
103static u32 read_wb_reg(int n)
104{
105	u32 val = 0;
106
107	switch (n) {
108	GEN_READ_WB_REG_CASES(ARM_OP2_BVR, val);
109	GEN_READ_WB_REG_CASES(ARM_OP2_BCR, val);
110	GEN_READ_WB_REG_CASES(ARM_OP2_WVR, val);
111	GEN_READ_WB_REG_CASES(ARM_OP2_WCR, val);
112	default:
113		pr_warning("attempt to read from unknown breakpoint "
114				"register %d\n", n);
115	}
116
117	return val;
118}
119
120static void write_wb_reg(int n, u32 val)
121{
122	switch (n) {
123	GEN_WRITE_WB_REG_CASES(ARM_OP2_BVR, val);
124	GEN_WRITE_WB_REG_CASES(ARM_OP2_BCR, val);
125	GEN_WRITE_WB_REG_CASES(ARM_OP2_WVR, val);
126	GEN_WRITE_WB_REG_CASES(ARM_OP2_WCR, val);
127	default:
128		pr_warning("attempt to write to unknown breakpoint "
129				"register %d\n", n);
130	}
131	isb();
132}
133
134/* Determine debug architecture. */
135static u8 get_debug_arch(void)
136{
137	u32 didr;
138
139	/* Do we implement the extended CPUID interface? */
140	if (WARN_ONCE((((read_cpuid_id() >> 16) & 0xf) != 0xf),
141	    "CPUID feature registers not supported. "
142	    "Assuming v6 debug is present.\n"))
143		return ARM_DEBUG_ARCH_V6;
144
145	ARM_DBG_READ(c0, 0, didr);
146	return (didr >> 16) & 0xf;
147}
148
149u8 arch_get_debug_arch(void)
150{
151	return debug_arch;
152}
153
154static int debug_arch_supported(void)
155{
156	u8 arch = get_debug_arch();
157
158	/* We don't support the memory-mapped interface. */
159	return (arch >= ARM_DEBUG_ARCH_V6 && arch <= ARM_DEBUG_ARCH_V7_ECP14) ||
160		arch >= ARM_DEBUG_ARCH_V7_1;
161}
162
163/* Determine number of BRP register available. */
164static int get_num_brp_resources(void)
165{
166	u32 didr;
167	ARM_DBG_READ(c0, 0, didr);
168	return ((didr >> 24) & 0xf) + 1;
169}
170
171/* Does this core support mismatch breakpoints? */
172static int core_has_mismatch_brps(void)
173{
174	return (get_debug_arch() >= ARM_DEBUG_ARCH_V7_ECP14 &&
175		get_num_brp_resources() > 1);
176}
177
178/* Determine number of usable WRPs available. */
179static int get_num_wrps(void)
180{
181	/*
182	 * FIXME: When a watchpoint fires, the only way to work out which
183	 * watchpoint it was is by disassembling the faulting instruction
184	 * and working out the address of the memory access.
185	 *
186	 * Furthermore, we can only do this if the watchpoint was precise
187	 * since imprecise watchpoints prevent us from calculating register
188	 * based addresses.
189	 *
190	 * Providing we have more than 1 breakpoint register, we only report
191	 * a single watchpoint register for the time being. This way, we always
192	 * know which watchpoint fired. In the future we can either add a
193	 * disassembler and address generation emulator, or we can insert a
194	 * check to see if the DFAR is set on watchpoint exception entry
195	 * [the ARM ARM states that the DFAR is UNKNOWN, but experience shows
196	 * that it is set on some implementations].
197	 */
198
199#if 0
200	int wrps;
201	u32 didr;
202	ARM_DBG_READ(c0, 0, didr);
203	wrps = ((didr >> 28) & 0xf) + 1;
204#endif
205	int wrps = 1;
206
207	if (core_has_mismatch_brps() && wrps >= get_num_brp_resources())
208		wrps = get_num_brp_resources() - 1;
209
210	return wrps;
211}
212
213/* We reserve one breakpoint for each watchpoint. */
214static int get_num_reserved_brps(void)
215{
216	if (core_has_mismatch_brps())
217		return get_num_wrps();
218	return 0;
219}
220
221/* Determine number of usable BRPs available. */
222static int get_num_brps(void)
223{
224	int brps = get_num_brp_resources();
225	if (core_has_mismatch_brps())
226		brps -= get_num_reserved_brps();
227	return brps;
228}
229
230/*
231 * In order to access the breakpoint/watchpoint control registers,
232 * we must be running in debug monitor mode. Unfortunately, we can
233 * be put into halting debug mode at any time by an external debugger
234 * but there is nothing we can do to prevent that.
235 */
236static int enable_monitor_mode(void)
237{
238	u32 dscr;
239	int ret = 0;
240
241	ARM_DBG_READ(c1, 0, dscr);
242
243	/* Ensure that halting mode is disabled. */
244	if (WARN_ONCE(dscr & ARM_DSCR_HDBGEN,
245			"halting debug mode enabled. Unable to access hardware resources.\n")) {
246		ret = -EPERM;
247		goto out;
248	}
249
250	/* If monitor mode is already enabled, just return. */
251	if (dscr & ARM_DSCR_MDBGEN)
252		goto out;
253
254	/* Write to the corresponding DSCR. */
255	switch (get_debug_arch()) {
256	case ARM_DEBUG_ARCH_V6:
257	case ARM_DEBUG_ARCH_V6_1:
258		ARM_DBG_WRITE(c1, 0, (dscr | ARM_DSCR_MDBGEN));
259		break;
260	case ARM_DEBUG_ARCH_V7_ECP14:
261	case ARM_DEBUG_ARCH_V7_1:
262		ARM_DBG_WRITE(c2, 2, (dscr | ARM_DSCR_MDBGEN));
263		break;
264	default:
265		ret = -ENODEV;
266		goto out;
267	}
268
269	/* Check that the write made it through. */
270	ARM_DBG_READ(c1, 0, dscr);
271	if (!(dscr & ARM_DSCR_MDBGEN))
272		ret = -EPERM;
273
274out:
275	return ret;
276}
277
278int hw_breakpoint_slots(int type)
279{
280	if (!debug_arch_supported())
281		return 0;
282
283	/*
284	 * We can be called early, so don't rely on
285	 * our static variables being initialised.
286	 */
287	switch (type) {
288	case TYPE_INST:
289		return get_num_brps();
290	case TYPE_DATA:
291		return get_num_wrps();
292	default:
293		pr_warning("unknown slot type: %d\n", type);
294		return 0;
295	}
296}
297
298/*
299 * Check if 8-bit byte-address select is available.
300 * This clobbers WRP 0.
301 */
302static u8 get_max_wp_len(void)
303{
304	u32 ctrl_reg;
305	struct arch_hw_breakpoint_ctrl ctrl;
306	u8 size = 4;
307
308	if (debug_arch < ARM_DEBUG_ARCH_V7_ECP14)
309		goto out;
310
311	memset(&ctrl, 0, sizeof(ctrl));
312	ctrl.len = ARM_BREAKPOINT_LEN_8;
313	ctrl_reg = encode_ctrl_reg(ctrl);
314
315	write_wb_reg(ARM_BASE_WVR, 0);
316	write_wb_reg(ARM_BASE_WCR, ctrl_reg);
317	if ((read_wb_reg(ARM_BASE_WCR) & ctrl_reg) == ctrl_reg)
318		size = 8;
319
320out:
321	return size;
322}
323
324u8 arch_get_max_wp_len(void)
325{
326	return max_watchpoint_len;
327}
328
329/*
330 * Install a perf counter breakpoint.
331 */
332int arch_install_hw_breakpoint(struct perf_event *bp)
333{
334	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
335	struct perf_event **slot, **slots;
336	int i, max_slots, ctrl_base, val_base, ret = 0;
337	u32 addr, ctrl;
338
339	/* Ensure that we are in monitor mode and halting mode is disabled. */
340	ret = enable_monitor_mode();
341	if (ret)
342		goto out;
343
344	addr = info->address;
345	ctrl = encode_ctrl_reg(info->ctrl) | 0x1;
346
347	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
348		/* Breakpoint */
349		ctrl_base = ARM_BASE_BCR;
350		val_base = ARM_BASE_BVR;
351		slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
352		max_slots = core_num_brps;
353		if (info->step_ctrl.enabled) {
354			/* Override the breakpoint data with the step data. */
355			addr = info->trigger & ~0x3;
356			ctrl = encode_ctrl_reg(info->step_ctrl);
357		}
358	} else {
359		/* Watchpoint */
360		if (info->step_ctrl.enabled) {
361			/* Install into the reserved breakpoint region. */
362			ctrl_base = ARM_BASE_BCR + core_num_brps;
363			val_base = ARM_BASE_BVR + core_num_brps;
364			/* Override the watchpoint data with the step data. */
365			addr = info->trigger & ~0x3;
366			ctrl = encode_ctrl_reg(info->step_ctrl);
367		} else {
368			ctrl_base = ARM_BASE_WCR;
369			val_base = ARM_BASE_WVR;
370		}
371		slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
372		max_slots = core_num_wrps;
373	}
374
375	for (i = 0; i < max_slots; ++i) {
376		slot = &slots[i];
377
378		if (!*slot) {
379			*slot = bp;
380			break;
381		}
382	}
383
384	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot\n")) {
385		ret = -EBUSY;
386		goto out;
387	}
388
389	/* Setup the address register. */
390	write_wb_reg(val_base + i, addr);
391
392	/* Setup the control register. */
393	write_wb_reg(ctrl_base + i, ctrl);
394
395out:
396	return ret;
397}
398
399void arch_uninstall_hw_breakpoint(struct perf_event *bp)
400{
401	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
402	struct perf_event **slot, **slots;
403	int i, max_slots, base;
404
405	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
406		/* Breakpoint */
407		base = ARM_BASE_BCR;
408		slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
409		max_slots = core_num_brps;
410	} else {
411		/* Watchpoint */
412		if (info->step_ctrl.enabled)
413			base = ARM_BASE_BCR + core_num_brps;
414		else
415			base = ARM_BASE_WCR;
416		slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
417		max_slots = core_num_wrps;
418	}
419
420	/* Remove the breakpoint. */
421	for (i = 0; i < max_slots; ++i) {
422		slot = &slots[i];
423
424		if (*slot == bp) {
425			*slot = NULL;
426			break;
427		}
428	}
429
430	if (WARN_ONCE(i == max_slots, "Can't find any breakpoint slot\n"))
431		return;
432
433	/* Reset the control register. */
434	write_wb_reg(base + i, 0);
435}
436
437static int get_hbp_len(u8 hbp_len)
438{
439	unsigned int len_in_bytes = 0;
440
441	switch (hbp_len) {
442	case ARM_BREAKPOINT_LEN_1:
443		len_in_bytes = 1;
444		break;
445	case ARM_BREAKPOINT_LEN_2:
446		len_in_bytes = 2;
447		break;
448	case ARM_BREAKPOINT_LEN_4:
449		len_in_bytes = 4;
450		break;
451	case ARM_BREAKPOINT_LEN_8:
452		len_in_bytes = 8;
453		break;
454	}
455
456	return len_in_bytes;
457}
458
459/*
460 * Check whether bp virtual address is in kernel space.
461 */
462int arch_check_bp_in_kernelspace(struct perf_event *bp)
463{
464	unsigned int len;
465	unsigned long va;
466	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
467
468	va = info->address;
469	len = get_hbp_len(info->ctrl.len);
470
471	return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
472}
473
474/*
475 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl.
476 * Hopefully this will disappear when ptrace can bypass the conversion
477 * to generic breakpoint descriptions.
478 */
479int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl,
480			   int *gen_len, int *gen_type)
481{
482	/* Type */
483	switch (ctrl.type) {
484	case ARM_BREAKPOINT_EXECUTE:
485		*gen_type = HW_BREAKPOINT_X;
486		break;
487	case ARM_BREAKPOINT_LOAD:
488		*gen_type = HW_BREAKPOINT_R;
489		break;
490	case ARM_BREAKPOINT_STORE:
491		*gen_type = HW_BREAKPOINT_W;
492		break;
493	case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE:
494		*gen_type = HW_BREAKPOINT_RW;
495		break;
496	default:
497		return -EINVAL;
498	}
499
500	/* Len */
501	switch (ctrl.len) {
502	case ARM_BREAKPOINT_LEN_1:
503		*gen_len = HW_BREAKPOINT_LEN_1;
504		break;
505	case ARM_BREAKPOINT_LEN_2:
506		*gen_len = HW_BREAKPOINT_LEN_2;
507		break;
508	case ARM_BREAKPOINT_LEN_4:
509		*gen_len = HW_BREAKPOINT_LEN_4;
510		break;
511	case ARM_BREAKPOINT_LEN_8:
512		*gen_len = HW_BREAKPOINT_LEN_8;
513		break;
514	default:
515		return -EINVAL;
516	}
517
518	return 0;
519}
520
521/*
522 * Construct an arch_hw_breakpoint from a perf_event.
523 */
524static int arch_build_bp_info(struct perf_event *bp)
525{
526	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
527
528	/* Type */
529	switch (bp->attr.bp_type) {
530	case HW_BREAKPOINT_X:
531		info->ctrl.type = ARM_BREAKPOINT_EXECUTE;
532		break;
533	case HW_BREAKPOINT_R:
534		info->ctrl.type = ARM_BREAKPOINT_LOAD;
535		break;
536	case HW_BREAKPOINT_W:
537		info->ctrl.type = ARM_BREAKPOINT_STORE;
538		break;
539	case HW_BREAKPOINT_RW:
540		info->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE;
541		break;
542	default:
543		return -EINVAL;
544	}
545
546	/* Len */
547	switch (bp->attr.bp_len) {
548	case HW_BREAKPOINT_LEN_1:
549		info->ctrl.len = ARM_BREAKPOINT_LEN_1;
550		break;
551	case HW_BREAKPOINT_LEN_2:
552		info->ctrl.len = ARM_BREAKPOINT_LEN_2;
553		break;
554	case HW_BREAKPOINT_LEN_4:
555		info->ctrl.len = ARM_BREAKPOINT_LEN_4;
556		break;
557	case HW_BREAKPOINT_LEN_8:
558		info->ctrl.len = ARM_BREAKPOINT_LEN_8;
559		if ((info->ctrl.type != ARM_BREAKPOINT_EXECUTE)
560			&& max_watchpoint_len >= 8)
561			break;
562	default:
563		return -EINVAL;
564	}
565
566	/*
567	 * Breakpoints must be of length 2 (thumb) or 4 (ARM) bytes.
568	 * Watchpoints can be of length 1, 2, 4 or 8 bytes if supported
569	 * by the hardware and must be aligned to the appropriate number of
570	 * bytes.
571	 */
572	if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE &&
573	    info->ctrl.len != ARM_BREAKPOINT_LEN_2 &&
574	    info->ctrl.len != ARM_BREAKPOINT_LEN_4)
575		return -EINVAL;
576
577	/* Address */
578	info->address = bp->attr.bp_addr;
579
580	/* Privilege */
581	info->ctrl.privilege = ARM_BREAKPOINT_USER;
582	if (arch_check_bp_in_kernelspace(bp))
583		info->ctrl.privilege |= ARM_BREAKPOINT_PRIV;
584
585	/* Enabled? */
586	info->ctrl.enabled = !bp->attr.disabled;
587
588	/* Mismatch */
589	info->ctrl.mismatch = 0;
590
591	return 0;
592}
593
594/*
595 * Validate the arch-specific HW Breakpoint register settings.
596 */
597int arch_validate_hwbkpt_settings(struct perf_event *bp)
598{
599	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
600	int ret = 0;
601	u32 offset, alignment_mask = 0x3;
602
603	/* Build the arch_hw_breakpoint. */
604	ret = arch_build_bp_info(bp);
605	if (ret)
606		goto out;
607
608	/* Check address alignment. */
609	if (info->ctrl.len == ARM_BREAKPOINT_LEN_8)
610		alignment_mask = 0x7;
611	offset = info->address & alignment_mask;
612	switch (offset) {
613	case 0:
614		/* Aligned */
615		break;
616	case 1:
617		/* Allow single byte watchpoint. */
618		if (info->ctrl.len == ARM_BREAKPOINT_LEN_1)
619			break;
620	case 2:
621		/* Allow halfword watchpoints and breakpoints. */
622		if (info->ctrl.len == ARM_BREAKPOINT_LEN_2)
623			break;
624	default:
625		ret = -EINVAL;
626		goto out;
627	}
628
629	info->address &= ~alignment_mask;
630	info->ctrl.len <<= offset;
631
632	/*
633	 * Currently we rely on an overflow handler to take
634	 * care of single-stepping the breakpoint when it fires.
635	 * In the case of userspace breakpoints on a core with V7 debug,
636	 * we can use the mismatch feature as a poor-man's hardware
637	 * single-step, but this only works for per-task breakpoints.
638	 */
639	if (WARN_ONCE(!bp->overflow_handler &&
640		(arch_check_bp_in_kernelspace(bp) || !core_has_mismatch_brps()
641		 || !bp->hw.bp_target),
642			"overflow handler required but none found\n")) {
643		ret = -EINVAL;
644	}
645out:
646	return ret;
647}
648
649/*
650 * Enable/disable single-stepping over the breakpoint bp at address addr.
651 */
652static void enable_single_step(struct perf_event *bp, u32 addr)
653{
654	struct arch_hw_breakpoint *info = counter_arch_bp(bp);
655
656	arch_uninstall_hw_breakpoint(bp);
657	info->step_ctrl.mismatch  = 1;
658	info->step_ctrl.len	  = ARM_BREAKPOINT_LEN_4;
659	info->step_ctrl.type	  = ARM_BREAKPOINT_EXECUTE;
660	info->step_ctrl.privilege = info->ctrl.privilege;
661	info->step_ctrl.enabled	  = 1;
662	info->trigger		  = addr;
663	arch_install_hw_breakpoint(bp);
664}
665
666static void disable_single_step(struct perf_event *bp)
667{
668	arch_uninstall_hw_breakpoint(bp);
669	counter_arch_bp(bp)->step_ctrl.enabled = 0;
670	arch_install_hw_breakpoint(bp);
671}
672
673static void watchpoint_handler(unsigned long unknown, struct pt_regs *regs)
674{
675	int i;
676	struct perf_event *wp, **slots;
677	struct arch_hw_breakpoint *info;
678
679	slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
680
681	/* Without a disassembler, we can only handle 1 watchpoint. */
682	BUG_ON(core_num_wrps > 1);
683
684	for (i = 0; i < core_num_wrps; ++i) {
685		rcu_read_lock();
686
687		wp = slots[i];
688
689		if (wp == NULL) {
690			rcu_read_unlock();
691			continue;
692		}
693
694		/*
695		 * The DFAR is an unknown value. Since we only allow a
696		 * single watchpoint, we can set the trigger to the lowest
697		 * possible faulting address.
698		 */
699		info = counter_arch_bp(wp);
700		info->trigger = wp->attr.bp_addr;
701		pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
702		perf_bp_event(wp, regs);
703
704		/*
705		 * If no overflow handler is present, insert a temporary
706		 * mismatch breakpoint so we can single-step over the
707		 * watchpoint trigger.
708		 */
709		if (!wp->overflow_handler)
710			enable_single_step(wp, instruction_pointer(regs));
711
712		rcu_read_unlock();
713	}
714}
715
716static void watchpoint_single_step_handler(unsigned long pc)
717{
718	int i;
719	struct perf_event *wp, **slots;
720	struct arch_hw_breakpoint *info;
721
722	slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
723
724	for (i = 0; i < core_num_reserved_brps; ++i) {
725		rcu_read_lock();
726
727		wp = slots[i];
728
729		if (wp == NULL)
730			goto unlock;
731
732		info = counter_arch_bp(wp);
733		if (!info->step_ctrl.enabled)
734			goto unlock;
735
736		/*
737		 * Restore the original watchpoint if we've completed the
738		 * single-step.
739		 */
740		if (info->trigger != pc)
741			disable_single_step(wp);
742
743unlock:
744		rcu_read_unlock();
745	}
746}
747
748static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
749{
750	int i;
751	u32 ctrl_reg, val, addr;
752	struct perf_event *bp, **slots;
753	struct arch_hw_breakpoint *info;
754	struct arch_hw_breakpoint_ctrl ctrl;
755
756	slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
757
758	/* The exception entry code places the amended lr in the PC. */
759	addr = regs->ARM_pc;
760
761	/* Check the currently installed breakpoints first. */
762	for (i = 0; i < core_num_brps; ++i) {
763		rcu_read_lock();
764
765		bp = slots[i];
766
767		if (bp == NULL)
768			goto unlock;
769
770		info = counter_arch_bp(bp);
771
772		/* Check if the breakpoint value matches. */
773		val = read_wb_reg(ARM_BASE_BVR + i);
774		if (val != (addr & ~0x3))
775			goto mismatch;
776
777		/* Possible match, check the byte address select to confirm. */
778		ctrl_reg = read_wb_reg(ARM_BASE_BCR + i);
779		decode_ctrl_reg(ctrl_reg, &ctrl);
780		if ((1 << (addr & 0x3)) & ctrl.len) {
781			info->trigger = addr;
782			pr_debug("breakpoint fired: address = 0x%x\n", addr);
783			perf_bp_event(bp, regs);
784			if (!bp->overflow_handler)
785				enable_single_step(bp, addr);
786			goto unlock;
787		}
788
789mismatch:
790		/* If we're stepping a breakpoint, it can now be restored. */
791		if (info->step_ctrl.enabled)
792			disable_single_step(bp);
793unlock:
794		rcu_read_unlock();
795	}
796
797	/* Handle any pending watchpoint single-step breakpoints. */
798	watchpoint_single_step_handler(addr);
799}
800
801/*
802 * Called from either the Data Abort Handler [watchpoint] or the
803 * Prefetch Abort Handler [breakpoint] with interrupts disabled.
804 */
805static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr,
806				 struct pt_regs *regs)
807{
808	int ret = 0;
809	u32 dscr;
810
811	preempt_disable();
812
813	if (interrupts_enabled(regs))
814		local_irq_enable();
815
816	/* We only handle watchpoints and hardware breakpoints. */
817	ARM_DBG_READ(c1, 0, dscr);
818
819	/* Perform perf callbacks. */
820	switch (ARM_DSCR_MOE(dscr)) {
821	case ARM_ENTRY_BREAKPOINT:
822		breakpoint_handler(addr, regs);
823		break;
824	case ARM_ENTRY_ASYNC_WATCHPOINT:
825		WARN(1, "Asynchronous watchpoint exception taken. Debugging results may be unreliable\n");
826	case ARM_ENTRY_SYNC_WATCHPOINT:
827		watchpoint_handler(addr, regs);
828		break;
829	default:
830		ret = 1; /* Unhandled fault. */
831	}
832
833	preempt_enable();
834
835	return ret;
836}
837
838/*
839 * One-time initialisation.
840 */
841static void reset_ctrl_regs(void *info)
842{
843	int i, err = 0, cpu = smp_processor_id();
844	u32 dbg_power;
845	cpumask_t *cpumask = info;
846
847	/*
848	 * v7 debug contains save and restore registers so that debug state
849	 * can be maintained across low-power modes without leaving the debug
850	 * logic powered up. It is IMPLEMENTATION DEFINED whether we can access
851	 * the debug registers out of reset, so we must unlock the OS Lock
852	 * Access Register to avoid taking undefined instruction exceptions
853	 * later on.
854	 */
855	switch (debug_arch) {
856	case ARM_DEBUG_ARCH_V7_ECP14:
857		/*
858		 * Ensure sticky power-down is clear (i.e. debug logic is
859		 * powered up).
860		 */
861		asm volatile("mrc p14, 0, %0, c1, c5, 4" : "=r" (dbg_power));
862		if ((dbg_power & 0x1) == 0)
863			err = -EPERM;
864		break;
865	case ARM_DEBUG_ARCH_V7_1:
866		/*
867		 * Ensure the OS double lock is clear.
868		 */
869		asm volatile("mrc p14, 0, %0, c1, c3, 4" : "=r" (dbg_power));
870		if ((dbg_power & 0x1) == 1)
871			err = -EPERM;
872		break;
873	}
874
875	if (err) {
876		pr_warning("CPU %d debug is powered down!\n", cpu);
877		cpumask_or(cpumask, cpumask, cpumask_of(cpu));
878		return;
879	}
880
881	/*
882	 * Unconditionally clear the lock by writing a value
883	 * other than 0xC5ACCE55 to the access register.
884	 */
885	asm volatile("mcr p14, 0, %0, c1, c0, 4" : : "r" (0));
886	isb();
887
888	/*
889	 * Clear any configured vector-catch events before
890	 * enabling monitor mode.
891	 */
892	asm volatile("mcr p14, 0, %0, c0, c7, 0" : : "r" (0));
893	isb();
894
895	if (enable_monitor_mode())
896		return;
897
898	/* We must also reset any reserved registers. */
899	for (i = 0; i < core_num_brps + core_num_reserved_brps; ++i) {
900		write_wb_reg(ARM_BASE_BCR + i, 0UL);
901		write_wb_reg(ARM_BASE_BVR + i, 0UL);
902	}
903
904	for (i = 0; i < core_num_wrps; ++i) {
905		write_wb_reg(ARM_BASE_WCR + i, 0UL);
906		write_wb_reg(ARM_BASE_WVR + i, 0UL);
907	}
908}
909
910static int __cpuinit dbg_reset_notify(struct notifier_block *self,
911				      unsigned long action, void *cpu)
912{
913	if (action == CPU_ONLINE)
914		smp_call_function_single((int)cpu, reset_ctrl_regs, NULL, 1);
915	return NOTIFY_OK;
916}
917
918static struct notifier_block __cpuinitdata dbg_reset_nb = {
919	.notifier_call = dbg_reset_notify,
920};
921
922static int __init arch_hw_breakpoint_init(void)
923{
924	u32 dscr;
925	cpumask_t cpumask = { CPU_BITS_NONE };
926
927	debug_arch = get_debug_arch();
928
929	if (!debug_arch_supported()) {
930		pr_info("debug architecture 0x%x unsupported.\n", debug_arch);
931		return 0;
932	}
933
934	/* Determine how many BRPs/WRPs are available. */
935	core_num_brps = get_num_brps();
936	core_num_reserved_brps = get_num_reserved_brps();
937	core_num_wrps = get_num_wrps();
938
939	pr_info("found %d breakpoint and %d watchpoint registers.\n",
940		core_num_brps + core_num_reserved_brps, core_num_wrps);
941
942	if (core_num_reserved_brps)
943		pr_info("%d breakpoint(s) reserved for watchpoint "
944				"single-step.\n", core_num_reserved_brps);
945
946	/*
947	 * Reset the breakpoint resources. We assume that a halting
948	 * debugger will leave the world in a nice state for us.
949	 */
950	on_each_cpu(reset_ctrl_regs, &cpumask, 1);
951	if (!cpumask_empty(&cpumask)) {
952		core_num_brps = 0;
953		core_num_reserved_brps = 0;
954		core_num_wrps = 0;
955		return 0;
956	}
957
958	ARM_DBG_READ(c1, 0, dscr);
959	if (dscr & ARM_DSCR_HDBGEN) {
960		max_watchpoint_len = 4;
961		pr_warning("halting debug mode enabled. Assuming maximum watchpoint size of %u bytes.\n",
962			   max_watchpoint_len);
963	} else {
964		/* Work out the maximum supported watchpoint length. */
965		max_watchpoint_len = get_max_wp_len();
966		pr_info("maximum watchpoint size is %u bytes.\n",
967				max_watchpoint_len);
968	}
969
970	/* Register debug fault handler. */
971	hook_fault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
972			"watchpoint debug exception");
973	hook_ifault_code(2, hw_breakpoint_pending, SIGTRAP, TRAP_HWBKPT,
974			"breakpoint debug exception");
975
976	/* Register hotplug notifier. */
977	register_cpu_notifier(&dbg_reset_nb);
978	return 0;
979}
980arch_initcall(arch_hw_breakpoint_init);
981
982void hw_breakpoint_pmu_read(struct perf_event *bp)
983{
984}
985
986/*
987 * Dummy function to register with die_notifier.
988 */
989int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
990					unsigned long val, void *data)
991{
992	return NOTIFY_DONE;
993}
994