1 // SPDX-License-Identifier: GPL-2.0-only
4 * Copyright (C) 2009, 2010 ARM Limited
6 * Author: Will Deacon <will.deacon@arm.com>
10 * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
11 * using the CPU's debug registers.
13 #define pr_fmt(fmt) "hw-breakpoint: " fmt
15 #include <linux/errno.h>
16 #include <linux/hardirq.h>
17 #include <linux/perf_event.h>
18 #include <linux/hw_breakpoint.h>
19 #include <linux/smp.h>
20 #include <linux/cfi.h>
21 #include <linux/cpu_pm.h>
22 #include <linux/coresight.h>
24 #include <asm/cacheflush.h>
25 #include <asm/cputype.h>
26 #include <asm/current.h>
27 #include <asm/hw_breakpoint.h>
28 #include <asm/traps.h>
30 /* Breakpoint currently in use for each BRP. */
31 static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
33 /* Watchpoint currently in use for each WRP. */
34 static DEFINE_PER_CPU(struct perf_event *, wp_on_reg[ARM_MAX_WRP]);
36 /* Number of BRP/WRP registers on this CPU. */
37 static int core_num_brps __ro_after_init;
38 static int core_num_wrps __ro_after_init;
40 /* Debug architecture version. */
41 static u8 debug_arch __ro_after_init;
43 /* Does debug architecture support OS Save and Restore? */
44 static bool has_ossr __ro_after_init;
46 /* Maximum supported watchpoint length. */
47 static u8 max_watchpoint_len __ro_after_init;
49 #define READ_WB_REG_CASE(OP2, M, VAL) \
50 case ((OP2 << 4) + M): \
51 ARM_DBG_READ(c0, c ## M, OP2, VAL); \
54 #define WRITE_WB_REG_CASE(OP2, M, VAL) \
55 case ((OP2 << 4) + M): \
56 ARM_DBG_WRITE(c0, c ## M, OP2, VAL); \
59 #define GEN_READ_WB_REG_CASES(OP2, VAL) \
60 READ_WB_REG_CASE(OP2, 0, VAL); \
61 READ_WB_REG_CASE(OP2, 1, VAL); \
62 READ_WB_REG_CASE(OP2, 2, VAL); \
63 READ_WB_REG_CASE(OP2, 3, VAL); \
64 READ_WB_REG_CASE(OP2, 4, VAL); \
65 READ_WB_REG_CASE(OP2, 5, VAL); \
66 READ_WB_REG_CASE(OP2, 6, VAL); \
67 READ_WB_REG_CASE(OP2, 7, VAL); \
68 READ_WB_REG_CASE(OP2, 8, VAL); \
69 READ_WB_REG_CASE(OP2, 9, VAL); \
70 READ_WB_REG_CASE(OP2, 10, VAL); \
71 READ_WB_REG_CASE(OP2, 11, VAL); \
72 READ_WB_REG_CASE(OP2, 12, VAL); \
73 READ_WB_REG_CASE(OP2, 13, VAL); \
74 READ_WB_REG_CASE(OP2, 14, VAL); \
75 READ_WB_REG_CASE(OP2, 15, VAL)
77 #define GEN_WRITE_WB_REG_CASES(OP2, VAL) \
78 WRITE_WB_REG_CASE(OP2, 0, VAL); \
79 WRITE_WB_REG_CASE(OP2, 1, VAL); \
80 WRITE_WB_REG_CASE(OP2, 2, VAL); \
81 WRITE_WB_REG_CASE(OP2, 3, VAL); \
82 WRITE_WB_REG_CASE(OP2, 4, VAL); \
83 WRITE_WB_REG_CASE(OP2, 5, VAL); \
84 WRITE_WB_REG_CASE(OP2, 6, VAL); \
85 WRITE_WB_REG_CASE(OP2, 7, VAL); \
86 WRITE_WB_REG_CASE(OP2, 8, VAL); \
87 WRITE_WB_REG_CASE(OP2, 9, VAL); \
88 WRITE_WB_REG_CASE(OP2, 10, VAL); \
89 WRITE_WB_REG_CASE(OP2, 11, VAL); \
90 WRITE_WB_REG_CASE(OP2, 12, VAL); \
91 WRITE_WB_REG_CASE(OP2, 13, VAL); \
92 WRITE_WB_REG_CASE(OP2, 14, VAL); \
93 WRITE_WB_REG_CASE(OP2, 15, VAL)
95 static u32 read_wb_reg(int n)
100 GEN_READ_WB_REG_CASES(ARM_OP2_BVR, val);
101 GEN_READ_WB_REG_CASES(ARM_OP2_BCR, val);
102 GEN_READ_WB_REG_CASES(ARM_OP2_WVR, val);
103 GEN_READ_WB_REG_CASES(ARM_OP2_WCR, val);
105 pr_warn("attempt to read from unknown breakpoint register %d\n",
112 static void write_wb_reg(int n, u32 val)
115 GEN_WRITE_WB_REG_CASES(ARM_OP2_BVR, val);
116 GEN_WRITE_WB_REG_CASES(ARM_OP2_BCR, val);
117 GEN_WRITE_WB_REG_CASES(ARM_OP2_WVR, val);
118 GEN_WRITE_WB_REG_CASES(ARM_OP2_WCR, val);
120 pr_warn("attempt to write to unknown breakpoint register %d\n",
126 /* Determine debug architecture. */
127 static u8 get_debug_arch(void)
131 /* Do we implement the extended CPUID interface? */
132 if (((read_cpuid_id() >> 16) & 0xf) != 0xf) {
133 pr_warn_once("CPUID feature registers not supported. "
134 "Assuming v6 debug is present.\n");
135 return ARM_DEBUG_ARCH_V6;
138 ARM_DBG_READ(c0, c0, 0, didr);
139 return (didr >> 16) & 0xf;
142 u8 arch_get_debug_arch(void)
147 static int debug_arch_supported(void)
149 u8 arch = get_debug_arch();
151 /* We don't support the memory-mapped interface. */
152 return (arch >= ARM_DEBUG_ARCH_V6 && arch <= ARM_DEBUG_ARCH_V7_ECP14) ||
153 arch >= ARM_DEBUG_ARCH_V7_1;
156 /* Can we determine the watchpoint access type from the fsr? */
157 static int debug_exception_updates_fsr(void)
159 return get_debug_arch() >= ARM_DEBUG_ARCH_V8;
162 /* Determine number of WRP registers available. */
163 static int get_num_wrp_resources(void)
166 ARM_DBG_READ(c0, c0, 0, didr);
167 return ((didr >> 28) & 0xf) + 1;
170 /* Determine number of BRP registers available. */
171 static int get_num_brp_resources(void)
174 ARM_DBG_READ(c0, c0, 0, didr);
175 return ((didr >> 24) & 0xf) + 1;
178 /* Does this core support mismatch breakpoints? */
179 static int core_has_mismatch_brps(void)
181 return (get_debug_arch() >= ARM_DEBUG_ARCH_V7_ECP14 &&
182 get_num_brp_resources() > 1);
185 /* Determine number of usable WRPs available. */
186 static int get_num_wrps(void)
189 * On debug architectures prior to 7.1, when a watchpoint fires, the
190 * only way to work out which watchpoint it was is by disassembling
191 * the faulting instruction and working out the address of the memory
194 * Furthermore, we can only do this if the watchpoint was precise
195 * since imprecise watchpoints prevent us from calculating register
198 * Providing we have more than 1 breakpoint register, we only report
199 * a single watchpoint register for the time being. This way, we always
200 * know which watchpoint fired. In the future we can either add a
201 * disassembler and address generation emulator, or we can insert a
202 * check to see if the DFAR is set on watchpoint exception entry
203 * [the ARM ARM states that the DFAR is UNKNOWN, but experience shows
204 * that it is set on some implementations].
206 if (get_debug_arch() < ARM_DEBUG_ARCH_V7_1)
209 return get_num_wrp_resources();
212 /* Determine number of usable BRPs available. */
213 static int get_num_brps(void)
215 int brps = get_num_brp_resources();
216 return core_has_mismatch_brps() ? brps - 1 : brps;
220 * In order to access the breakpoint/watchpoint control registers,
221 * we must be running in debug monitor mode. Unfortunately, we can
222 * be put into halting debug mode at any time by an external debugger
223 * but there is nothing we can do to prevent that.
225 static int monitor_mode_enabled(void)
228 ARM_DBG_READ(c0, c1, 0, dscr);
229 return !!(dscr & ARM_DSCR_MDBGEN);
232 static int enable_monitor_mode(void)
235 ARM_DBG_READ(c0, c1, 0, dscr);
237 /* If monitor mode is already enabled, just return. */
238 if (dscr & ARM_DSCR_MDBGEN)
241 /* Write to the corresponding DSCR. */
242 switch (get_debug_arch()) {
243 case ARM_DEBUG_ARCH_V6:
244 case ARM_DEBUG_ARCH_V6_1:
245 ARM_DBG_WRITE(c0, c1, 0, (dscr | ARM_DSCR_MDBGEN));
247 case ARM_DEBUG_ARCH_V7_ECP14:
248 case ARM_DEBUG_ARCH_V7_1:
249 case ARM_DEBUG_ARCH_V8:
250 case ARM_DEBUG_ARCH_V8_1:
251 case ARM_DEBUG_ARCH_V8_2:
252 case ARM_DEBUG_ARCH_V8_4:
253 ARM_DBG_WRITE(c0, c2, 2, (dscr | ARM_DSCR_MDBGEN));
260 /* Check that the write made it through. */
261 ARM_DBG_READ(c0, c1, 0, dscr);
262 if (!(dscr & ARM_DSCR_MDBGEN)) {
263 pr_warn_once("Failed to enable monitor mode on CPU %d.\n",
272 int hw_breakpoint_slots(int type)
274 if (!debug_arch_supported())
278 * We can be called early, so don't rely on
279 * our static variables being initialised.
283 return get_num_brps();
285 return get_num_wrps();
287 pr_warn("unknown slot type: %d\n", type);
293 * Check if 8-bit byte-address select is available.
294 * This clobbers WRP 0.
296 static u8 get_max_wp_len(void)
299 struct arch_hw_breakpoint_ctrl ctrl;
302 if (debug_arch < ARM_DEBUG_ARCH_V7_ECP14)
305 memset(&ctrl, 0, sizeof(ctrl));
306 ctrl.len = ARM_BREAKPOINT_LEN_8;
307 ctrl_reg = encode_ctrl_reg(ctrl);
309 write_wb_reg(ARM_BASE_WVR, 0);
310 write_wb_reg(ARM_BASE_WCR, ctrl_reg);
311 if ((read_wb_reg(ARM_BASE_WCR) & ctrl_reg) == ctrl_reg)
318 u8 arch_get_max_wp_len(void)
320 return max_watchpoint_len;
324 * Install a perf counter breakpoint.
326 int arch_install_hw_breakpoint(struct perf_event *bp)
328 struct arch_hw_breakpoint *info = counter_arch_bp(bp);
329 struct perf_event **slot, **slots;
330 int i, max_slots, ctrl_base, val_base;
333 addr = info->address;
334 ctrl = encode_ctrl_reg(info->ctrl) | 0x1;
336 if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
338 ctrl_base = ARM_BASE_BCR;
339 val_base = ARM_BASE_BVR;
340 slots = this_cpu_ptr(bp_on_reg);
341 max_slots = core_num_brps;
344 ctrl_base = ARM_BASE_WCR;
345 val_base = ARM_BASE_WVR;
346 slots = this_cpu_ptr(wp_on_reg);
347 max_slots = core_num_wrps;
350 for (i = 0; i < max_slots; ++i) {
359 if (i == max_slots) {
360 pr_warn("Can't find any breakpoint slot\n");
364 /* Override the breakpoint data with the step data. */
365 if (info->step_ctrl.enabled) {
366 addr = info->trigger & ~0x3;
367 ctrl = encode_ctrl_reg(info->step_ctrl);
368 if (info->ctrl.type != ARM_BREAKPOINT_EXECUTE) {
370 ctrl_base = ARM_BASE_BCR + core_num_brps;
371 val_base = ARM_BASE_BVR + core_num_brps;
375 /* Setup the address register. */
376 write_wb_reg(val_base + i, addr);
378 /* Setup the control register. */
379 write_wb_reg(ctrl_base + i, ctrl);
383 void arch_uninstall_hw_breakpoint(struct perf_event *bp)
385 struct arch_hw_breakpoint *info = counter_arch_bp(bp);
386 struct perf_event **slot, **slots;
387 int i, max_slots, base;
389 if (info->ctrl.type == ARM_BREAKPOINT_EXECUTE) {
392 slots = this_cpu_ptr(bp_on_reg);
393 max_slots = core_num_brps;
397 slots = this_cpu_ptr(wp_on_reg);
398 max_slots = core_num_wrps;
401 /* Remove the breakpoint. */
402 for (i = 0; i < max_slots; ++i) {
411 if (i == max_slots) {
412 pr_warn("Can't find any breakpoint slot\n");
416 /* Ensure that we disable the mismatch breakpoint. */
417 if (info->ctrl.type != ARM_BREAKPOINT_EXECUTE &&
418 info->step_ctrl.enabled) {
420 base = ARM_BASE_BCR + core_num_brps;
423 /* Reset the control register. */
424 write_wb_reg(base + i, 0);
427 static int get_hbp_len(u8 hbp_len)
429 unsigned int len_in_bytes = 0;
432 case ARM_BREAKPOINT_LEN_1:
435 case ARM_BREAKPOINT_LEN_2:
438 case ARM_BREAKPOINT_LEN_4:
441 case ARM_BREAKPOINT_LEN_8:
450 * Check whether bp virtual address is in kernel space.
452 int arch_check_bp_in_kernelspace(struct arch_hw_breakpoint *hw)
458 len = get_hbp_len(hw->ctrl.len);
460 return (va >= TASK_SIZE) && ((va + len - 1) >= TASK_SIZE);
464 * Extract generic type and length encodings from an arch_hw_breakpoint_ctrl.
465 * Hopefully this will disappear when ptrace can bypass the conversion
466 * to generic breakpoint descriptions.
468 int arch_bp_generic_fields(struct arch_hw_breakpoint_ctrl ctrl,
469 int *gen_len, int *gen_type)
473 case ARM_BREAKPOINT_EXECUTE:
474 *gen_type = HW_BREAKPOINT_X;
476 case ARM_BREAKPOINT_LOAD:
477 *gen_type = HW_BREAKPOINT_R;
479 case ARM_BREAKPOINT_STORE:
480 *gen_type = HW_BREAKPOINT_W;
482 case ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE:
483 *gen_type = HW_BREAKPOINT_RW;
491 case ARM_BREAKPOINT_LEN_1:
492 *gen_len = HW_BREAKPOINT_LEN_1;
494 case ARM_BREAKPOINT_LEN_2:
495 *gen_len = HW_BREAKPOINT_LEN_2;
497 case ARM_BREAKPOINT_LEN_4:
498 *gen_len = HW_BREAKPOINT_LEN_4;
500 case ARM_BREAKPOINT_LEN_8:
501 *gen_len = HW_BREAKPOINT_LEN_8;
511 * Construct an arch_hw_breakpoint from a perf_event.
513 static int arch_build_bp_info(struct perf_event *bp,
514 const struct perf_event_attr *attr,
515 struct arch_hw_breakpoint *hw)
518 switch (attr->bp_type) {
519 case HW_BREAKPOINT_X:
520 hw->ctrl.type = ARM_BREAKPOINT_EXECUTE;
522 case HW_BREAKPOINT_R:
523 hw->ctrl.type = ARM_BREAKPOINT_LOAD;
525 case HW_BREAKPOINT_W:
526 hw->ctrl.type = ARM_BREAKPOINT_STORE;
528 case HW_BREAKPOINT_RW:
529 hw->ctrl.type = ARM_BREAKPOINT_LOAD | ARM_BREAKPOINT_STORE;
536 switch (attr->bp_len) {
537 case HW_BREAKPOINT_LEN_1:
538 hw->ctrl.len = ARM_BREAKPOINT_LEN_1;
540 case HW_BREAKPOINT_LEN_2:
541 hw->ctrl.len = ARM_BREAKPOINT_LEN_2;
543 case HW_BREAKPOINT_LEN_4:
544 hw->ctrl.len = ARM_BREAKPOINT_LEN_4;
546 case HW_BREAKPOINT_LEN_8:
547 hw->ctrl.len = ARM_BREAKPOINT_LEN_8;
548 if ((hw->ctrl.type != ARM_BREAKPOINT_EXECUTE)
549 && max_watchpoint_len >= 8)
557 * Breakpoints must be of length 2 (thumb) or 4 (ARM) bytes.
558 * Watchpoints can be of length 1, 2, 4 or 8 bytes if supported
559 * by the hardware and must be aligned to the appropriate number of
562 if (hw->ctrl.type == ARM_BREAKPOINT_EXECUTE &&
563 hw->ctrl.len != ARM_BREAKPOINT_LEN_2 &&
564 hw->ctrl.len != ARM_BREAKPOINT_LEN_4)
568 hw->address = attr->bp_addr;
571 hw->ctrl.privilege = ARM_BREAKPOINT_USER;
572 if (arch_check_bp_in_kernelspace(hw))
573 hw->ctrl.privilege |= ARM_BREAKPOINT_PRIV;
576 hw->ctrl.enabled = !attr->disabled;
579 hw->ctrl.mismatch = 0;
585 * Validate the arch-specific HW Breakpoint register settings.
587 int hw_breakpoint_arch_parse(struct perf_event *bp,
588 const struct perf_event_attr *attr,
589 struct arch_hw_breakpoint *hw)
592 u32 offset, alignment_mask = 0x3;
594 /* Ensure that we are in monitor debug mode. */
595 if (!monitor_mode_enabled())
598 /* Build the arch_hw_breakpoint. */
599 ret = arch_build_bp_info(bp, attr, hw);
603 /* Check address alignment. */
604 if (hw->ctrl.len == ARM_BREAKPOINT_LEN_8)
605 alignment_mask = 0x7;
606 offset = hw->address & alignment_mask;
613 /* Allow halfword watchpoints and breakpoints. */
614 if (hw->ctrl.len == ARM_BREAKPOINT_LEN_2)
618 /* Allow single byte watchpoint. */
619 if (hw->ctrl.len == ARM_BREAKPOINT_LEN_1)
627 hw->address &= ~alignment_mask;
628 hw->ctrl.len <<= offset;
630 if (is_default_overflow_handler(bp)) {
632 * Mismatch breakpoints are required for single-stepping
635 if (!core_has_mismatch_brps())
638 /* We don't allow mismatch breakpoints in kernel space. */
639 if (arch_check_bp_in_kernelspace(hw))
643 * Per-cpu breakpoints are not supported by our stepping
650 * We only support specific access types if the fsr
653 if (!debug_exception_updates_fsr() &&
654 (hw->ctrl.type == ARM_BREAKPOINT_LOAD ||
655 hw->ctrl.type == ARM_BREAKPOINT_STORE))
664 * Enable/disable single-stepping over the breakpoint bp at address addr.
666 static void enable_single_step(struct perf_event *bp, u32 addr)
668 struct arch_hw_breakpoint *info = counter_arch_bp(bp);
670 arch_uninstall_hw_breakpoint(bp);
671 info->step_ctrl.mismatch = 1;
672 info->step_ctrl.len = ARM_BREAKPOINT_LEN_4;
673 info->step_ctrl.type = ARM_BREAKPOINT_EXECUTE;
674 info->step_ctrl.privilege = info->ctrl.privilege;
675 info->step_ctrl.enabled = 1;
676 info->trigger = addr;
677 arch_install_hw_breakpoint(bp);
680 static void disable_single_step(struct perf_event *bp)
682 arch_uninstall_hw_breakpoint(bp);
683 counter_arch_bp(bp)->step_ctrl.enabled = 0;
684 arch_install_hw_breakpoint(bp);
688 * Arm32 hardware does not always report a watchpoint hit address that matches
689 * one of the watchpoints set. It can also report an address "near" the
690 * watchpoint if a single instruction access both watched and unwatched
691 * addresses. There is no straight-forward way, short of disassembling the
692 * offending instruction, to map that address back to the watchpoint. This
693 * function computes the distance of the memory access from the watchpoint as a
694 * heuristic for the likelyhood that a given access triggered the watchpoint.
696 * See this same function in the arm64 platform code, which has the same
699 * The function returns the distance of the address from the bytes watched by
700 * the watchpoint. In case of an exact match, it returns 0.
702 static u32 get_distance_from_watchpoint(unsigned long addr, u32 val,
703 struct arch_hw_breakpoint_ctrl *ctrl)
708 lens = __ffs(ctrl->len);
709 lene = __fls(ctrl->len);
712 wp_high = val + lene;
714 return wp_low - addr;
715 else if (addr > wp_high)
716 return addr - wp_high;
721 static int watchpoint_fault_on_uaccess(struct pt_regs *regs,
722 struct arch_hw_breakpoint *info)
724 return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER;
727 static void watchpoint_handler(unsigned long addr, unsigned int fsr,
728 struct pt_regs *regs)
730 int i, access, closest_match = 0;
731 u32 min_dist = -1, dist;
733 struct perf_event *wp, **slots;
734 struct arch_hw_breakpoint *info;
735 struct arch_hw_breakpoint_ctrl ctrl;
737 slots = this_cpu_ptr(wp_on_reg);
740 * Find all watchpoints that match the reported address. If no exact
741 * match is found. Attribute the hit to the closest watchpoint.
744 for (i = 0; i < core_num_wrps; ++i) {
750 * The DFAR is an unknown value on debug architectures prior
751 * to 7.1. Since we only allow a single watchpoint on these
752 * older CPUs, we can set the trigger to the lowest possible
755 if (debug_arch < ARM_DEBUG_ARCH_V7_1) {
757 info = counter_arch_bp(wp);
758 info->trigger = wp->attr.bp_addr;
760 /* Check that the access type matches. */
761 if (debug_exception_updates_fsr()) {
762 access = (fsr & ARM_FSR_ACCESS_MASK) ?
763 HW_BREAKPOINT_W : HW_BREAKPOINT_R;
764 if (!(access & hw_breakpoint_type(wp)))
768 val = read_wb_reg(ARM_BASE_WVR + i);
769 ctrl_reg = read_wb_reg(ARM_BASE_WCR + i);
770 decode_ctrl_reg(ctrl_reg, &ctrl);
771 dist = get_distance_from_watchpoint(addr, val, &ctrl);
772 if (dist < min_dist) {
776 /* Is this an exact match? */
780 /* We have a winner. */
781 info = counter_arch_bp(wp);
782 info->trigger = addr;
785 pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
788 * If we triggered a user watchpoint from a uaccess routine,
789 * then handle the stepping ourselves since userspace really
790 * can't help us with this.
792 if (watchpoint_fault_on_uaccess(regs, info))
795 perf_bp_event(wp, regs);
798 * Defer stepping to the overflow handler if one is installed.
799 * Otherwise, insert a temporary mismatch breakpoint so that
800 * we can single-step over the watchpoint trigger.
802 if (!is_default_overflow_handler(wp))
805 enable_single_step(wp, instruction_pointer(regs));
808 if (min_dist > 0 && min_dist != -1) {
809 /* No exact match found. */
810 wp = slots[closest_match];
811 info = counter_arch_bp(wp);
812 info->trigger = addr;
813 pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
814 perf_bp_event(wp, regs);
815 if (is_default_overflow_handler(wp))
816 enable_single_step(wp, instruction_pointer(regs));
822 static void watchpoint_single_step_handler(unsigned long pc)
825 struct perf_event *wp, **slots;
826 struct arch_hw_breakpoint *info;
828 slots = this_cpu_ptr(wp_on_reg);
830 for (i = 0; i < core_num_wrps; ++i) {
838 info = counter_arch_bp(wp);
839 if (!info->step_ctrl.enabled)
843 * Restore the original watchpoint if we've completed the
846 if (info->trigger != pc)
847 disable_single_step(wp);
854 static void breakpoint_handler(unsigned long unknown, struct pt_regs *regs)
857 u32 ctrl_reg, val, addr;
858 struct perf_event *bp, **slots;
859 struct arch_hw_breakpoint *info;
860 struct arch_hw_breakpoint_ctrl ctrl;
862 slots = this_cpu_ptr(bp_on_reg);
864 /* The exception entry code places the amended lr in the PC. */
867 /* Check the currently installed breakpoints first. */
868 for (i = 0; i < core_num_brps; ++i) {
876 info = counter_arch_bp(bp);
878 /* Check if the breakpoint value matches. */
879 val = read_wb_reg(ARM_BASE_BVR + i);
880 if (val != (addr & ~0x3))
883 /* Possible match, check the byte address select to confirm. */
884 ctrl_reg = read_wb_reg(ARM_BASE_BCR + i);
885 decode_ctrl_reg(ctrl_reg, &ctrl);
886 if ((1 << (addr & 0x3)) & ctrl.len) {
887 info->trigger = addr;
888 pr_debug("breakpoint fired: address = 0x%x\n", addr);
889 perf_bp_event(bp, regs);
890 if (is_default_overflow_handler(bp))
891 enable_single_step(bp, addr);
896 /* If we're stepping a breakpoint, it can now be restored. */
897 if (info->step_ctrl.enabled)
898 disable_single_step(bp);
903 /* Handle any pending watchpoint single-step breakpoints. */
904 watchpoint_single_step_handler(addr);
907 #ifdef CONFIG_CFI_CLANG
908 static void hw_breakpoint_cfi_handler(struct pt_regs *regs)
911 * TODO: implementing target and type to pass to CFI using the more
912 * elaborate report_cfi_failure() requires compiler work. To be able
913 * to properly extract target information the compiler needs to
914 * emit a stable instructions sequence for the CFI checks so we can
915 * decode the instructions preceding the trap and figure out which
916 * registers were used.
919 switch (report_cfi_failure_noaddr(regs, instruction_pointer(regs))) {
920 case BUG_TRAP_TYPE_BUG:
921 die("Oops - CFI", regs, 0);
923 case BUG_TRAP_TYPE_WARN:
924 /* Skip the breaking instruction */
925 instruction_pointer(regs) += 4;
928 die("Unknown CFI error", regs, 0);
933 static void hw_breakpoint_cfi_handler(struct pt_regs *regs)
939 * Called from either the Data Abort Handler [watchpoint] or the
940 * Prefetch Abort Handler [breakpoint] with interrupts disabled.
942 static int hw_breakpoint_pending(unsigned long addr, unsigned int fsr,
943 struct pt_regs *regs)
950 if (interrupts_enabled(regs))
953 /* We only handle watchpoints and hardware breakpoints. */
954 ARM_DBG_READ(c0, c1, 0, dscr);
956 /* Perform perf callbacks. */
957 switch (ARM_DSCR_MOE(dscr)) {
958 case ARM_ENTRY_BREAKPOINT:
959 breakpoint_handler(addr, regs);
961 case ARM_ENTRY_ASYNC_WATCHPOINT:
962 WARN(1, "Asynchronous watchpoint exception taken. Debugging results may be unreliable\n");
964 case ARM_ENTRY_SYNC_WATCHPOINT:
965 watchpoint_handler(addr, fsr, regs);
967 case ARM_ENTRY_CFI_BREAKPOINT:
968 hw_breakpoint_cfi_handler(regs);
971 ret = 1; /* Unhandled fault. */
979 #ifdef CONFIG_ARM_ERRATA_764319
980 static int oslsr_fault;
982 static int debug_oslsr_trap(struct pt_regs *regs, unsigned int instr)
985 instruction_pointer(regs) += 4;
989 static struct undef_hook debug_oslsr_hook = {
990 .instr_mask = 0xffffffff,
991 .instr_val = 0xee115e91,
992 .fn = debug_oslsr_trap,
997 * One-time initialisation.
999 static cpumask_t debug_err_mask;
1001 static int debug_reg_trap(struct pt_regs *regs, unsigned int instr)
1003 int cpu = smp_processor_id();
1005 pr_warn("Debug register access (0x%x) caused undefined instruction on CPU %d\n",
1008 /* Set the error flag for this CPU and skip the faulting instruction. */
1009 cpumask_set_cpu(cpu, &debug_err_mask);
1010 instruction_pointer(regs) += 4;
1014 static struct undef_hook debug_reg_hook = {
1015 .instr_mask = 0x0fe80f10,
1016 .instr_val = 0x0e000e10,
1017 .fn = debug_reg_trap,
1020 /* Does this core support OS Save and Restore? */
1021 static bool core_has_os_save_restore(void)
1025 switch (get_debug_arch()) {
1026 case ARM_DEBUG_ARCH_V7_1:
1028 case ARM_DEBUG_ARCH_V7_ECP14:
1029 #ifdef CONFIG_ARM_ERRATA_764319
1031 register_undef_hook(&debug_oslsr_hook);
1032 ARM_DBG_READ(c1, c1, 4, oslsr);
1033 unregister_undef_hook(&debug_oslsr_hook);
1037 ARM_DBG_READ(c1, c1, 4, oslsr);
1039 if (oslsr & ARM_OSLSR_OSLM0)
1047 static void reset_ctrl_regs(unsigned int cpu)
1049 int i, raw_num_brps, err = 0;
1053 * v7 debug contains save and restore registers so that debug state
1054 * can be maintained across low-power modes without leaving the debug
1055 * logic powered up. It is IMPLEMENTATION DEFINED whether we can access
1056 * the debug registers out of reset, so we must unlock the OS Lock
1057 * Access Register to avoid taking undefined instruction exceptions
1060 switch (debug_arch) {
1061 case ARM_DEBUG_ARCH_V6:
1062 case ARM_DEBUG_ARCH_V6_1:
1063 /* ARMv6 cores clear the registers out of reset. */
1065 case ARM_DEBUG_ARCH_V7_ECP14:
1067 * Ensure sticky power-down is clear (i.e. debug logic is
1070 ARM_DBG_READ(c1, c5, 4, val);
1071 if ((val & 0x1) == 0)
1077 case ARM_DEBUG_ARCH_V7_1:
1079 * Ensure the OS double lock is clear.
1081 ARM_DBG_READ(c1, c3, 4, val);
1082 if ((val & 0x1) == 1)
1088 pr_warn_once("CPU %d debug is powered down!\n", cpu);
1089 cpumask_or(&debug_err_mask, &debug_err_mask, cpumask_of(cpu));
1094 * Unconditionally clear the OS lock by writing a value
1095 * other than CS_LAR_KEY to the access register.
1097 ARM_DBG_WRITE(c1, c0, 4, ~CORESIGHT_UNLOCK);
1101 * Clear any configured vector-catch events before
1102 * enabling monitor mode.
1105 ARM_DBG_WRITE(c0, c7, 0, 0);
1108 if (cpumask_intersects(&debug_err_mask, cpumask_of(cpu))) {
1109 pr_warn_once("CPU %d failed to disable vector catch\n", cpu);
1114 * The control/value register pairs are UNKNOWN out of reset so
1115 * clear them to avoid spurious debug events.
1117 raw_num_brps = get_num_brp_resources();
1118 for (i = 0; i < raw_num_brps; ++i) {
1119 write_wb_reg(ARM_BASE_BCR + i, 0UL);
1120 write_wb_reg(ARM_BASE_BVR + i, 0UL);
1123 for (i = 0; i < core_num_wrps; ++i) {
1124 write_wb_reg(ARM_BASE_WCR + i, 0UL);
1125 write_wb_reg(ARM_BASE_WVR + i, 0UL);
1128 if (cpumask_intersects(&debug_err_mask, cpumask_of(cpu))) {
1129 pr_warn_once("CPU %d failed to clear debug register pairs\n", cpu);
1134 * Have a crack at enabling monitor mode. We don't actually need
1135 * it yet, but reporting an error early is useful if it fails.
1138 if (enable_monitor_mode())
1139 cpumask_or(&debug_err_mask, &debug_err_mask, cpumask_of(cpu));
1142 static int dbg_reset_online(unsigned int cpu)
1144 local_irq_disable();
1145 reset_ctrl_regs(cpu);
1150 #ifdef CONFIG_CPU_PM
1151 static int dbg_cpu_pm_notify(struct notifier_block *self, unsigned long action,
1154 if (action == CPU_PM_EXIT)
1155 reset_ctrl_regs(smp_processor_id());
1160 static struct notifier_block dbg_cpu_pm_nb = {
1161 .notifier_call = dbg_cpu_pm_notify,
1164 static void __init pm_init(void)
1166 cpu_pm_register_notifier(&dbg_cpu_pm_nb);
1169 static inline void pm_init(void)
1174 static int __init arch_hw_breakpoint_init(void)
1178 debug_arch = get_debug_arch();
1180 if (!debug_arch_supported()) {
1181 pr_info("debug architecture 0x%x unsupported.\n", debug_arch);
1186 * Scorpion CPUs (at least those in APQ8060) seem to set DBGPRSR.SPD
1187 * whenever a WFI is issued, even if the core is not powered down, in
1188 * violation of the architecture. When DBGPRSR.SPD is set, accesses to
1189 * breakpoint and watchpoint registers are treated as undefined, so
1190 * this results in boot time and runtime failures when these are
1191 * accessed and we unexpectedly take a trap.
1193 * It's not clear if/how this can be worked around, so we blacklist
1194 * Scorpion CPUs to avoid these issues.
1196 if (read_cpuid_part() == ARM_CPU_PART_SCORPION) {
1197 pr_info("Scorpion CPU detected. Hardware breakpoints and watchpoints disabled\n");
1201 has_ossr = core_has_os_save_restore();
1203 /* Determine how many BRPs/WRPs are available. */
1204 core_num_brps = get_num_brps();
1205 core_num_wrps = get_num_wrps();
1208 * We need to tread carefully here because DBGSWENABLE may be
1209 * driven low on this core and there isn't an architected way to
1213 register_undef_hook(&debug_reg_hook);
1216 * Register CPU notifier which resets the breakpoint resources. We
1217 * assume that a halting debugger will leave the world in a nice state
1220 ret = cpuhp_setup_state_cpuslocked(CPUHP_AP_ONLINE_DYN,
1221 "arm/hw_breakpoint:online",
1222 dbg_reset_online, NULL);
1223 unregister_undef_hook(&debug_reg_hook);
1224 if (WARN_ON(ret < 0) || !cpumask_empty(&debug_err_mask)) {
1228 cpuhp_remove_state_nocalls_cpuslocked(ret);
1233 pr_info("found %d " "%s" "breakpoint and %d watchpoint registers.\n",
1234 core_num_brps, core_has_mismatch_brps() ? "(+1 reserved) " :
1237 /* Work out the maximum supported watchpoint length. */
1238 max_watchpoint_len = get_max_wp_len();
1239 pr_info("maximum watchpoint size is %u bytes.\n",
1240 max_watchpoint_len);
1242 /* Register debug fault handler. */
1243 hook_fault_code(FAULT_CODE_DEBUG, hw_breakpoint_pending, SIGTRAP,
1244 TRAP_HWBKPT, "watchpoint debug exception");
1245 hook_ifault_code(FAULT_CODE_DEBUG, hw_breakpoint_pending, SIGTRAP,
1246 TRAP_HWBKPT, "breakpoint debug exception");
1249 /* Register PM notifiers. */
1253 arch_initcall(arch_hw_breakpoint_init);
1255 void hw_breakpoint_pmu_read(struct perf_event *bp)
1260 * Dummy function to register with die_notifier.
1262 int hw_breakpoint_exceptions_notify(struct notifier_block *unused,
1263 unsigned long val, void *data)
git.samba.org / sfrench / cifs-2.6.git / blob