2 * Copyright (c) 2014 The FreeBSD Foundation
4 * This software was developed by Semihalf under
5 * the sponsorship of the FreeBSD Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
35 #include <sys/param.h>
36 #include <sys/types.h>
40 #include <sys/systm.h>
41 #include <sys/sysent.h>
43 #include <machine/armreg.h>
44 #include <machine/cpu.h>
45 #include <machine/debug_monitor.h>
46 #include <machine/kdb.h>
47 #include <machine/pcb.h>
51 #include <ddb/db_sym.h>
55 DBG_TYPE_BREAKPOINT = 0,
56 DBG_TYPE_WATCHPOINT = 1,
59 static int dbg_watchpoint_num;
60 static int dbg_breakpoint_num;
61 static struct debug_monitor_state kernel_monitor = {
62 .dbg_flags = DBGMON_KERNEL
65 /* Called from the exception handlers */
66 void dbg_monitor_enter(struct thread *);
67 void dbg_monitor_exit(struct thread *, struct trapframe *);
69 /* Watchpoints/breakpoints control register bitfields */
70 #define DBG_WATCH_CTRL_LEN_1 (0x1 << 5)
71 #define DBG_WATCH_CTRL_LEN_2 (0x3 << 5)
72 #define DBG_WATCH_CTRL_LEN_4 (0xf << 5)
73 #define DBG_WATCH_CTRL_LEN_8 (0xff << 5)
74 #define DBG_WATCH_CTRL_LEN_MASK(x) ((x) & (0xff << 5))
75 #define DBG_WATCH_CTRL_EXEC (0x0 << 3)
76 #define DBG_WATCH_CTRL_LOAD (0x1 << 3)
77 #define DBG_WATCH_CTRL_STORE (0x2 << 3)
78 #define DBG_WATCH_CTRL_ACCESS_MASK(x) ((x) & (0x3 << 3))
80 /* Common for breakpoint and watchpoint */
81 #define DBG_WB_CTRL_EL1 (0x1 << 1)
82 #define DBG_WB_CTRL_EL0 (0x2 << 1)
83 #define DBG_WB_CTRL_ELX_MASK(x) ((x) & (0x3 << 1))
84 #define DBG_WB_CTRL_E (0x1 << 0)
86 #define DBG_REG_BASE_BVR 0
87 #define DBG_REG_BASE_BCR (DBG_REG_BASE_BVR + 16)
88 #define DBG_REG_BASE_WVR (DBG_REG_BASE_BCR + 16)
89 #define DBG_REG_BASE_WCR (DBG_REG_BASE_WVR + 16)
91 /* Watchpoint/breakpoint helpers */
92 #define DBG_WB_WVR "wvr"
93 #define DBG_WB_WCR "wcr"
94 #define DBG_WB_BVR "bvr"
95 #define DBG_WB_BCR "bcr"
97 #define DBG_WB_READ(reg, num, val) do { \
98 __asm __volatile("mrs %0, dbg" reg #num "_el1" : "=r" (val)); \
101 #define DBG_WB_WRITE(reg, num, val) do { \
102 __asm __volatile("msr dbg" reg #num "_el1, %0" :: "r" (val)); \
105 #define READ_WB_REG_CASE(reg, num, offset, val) \
106 case (num + offset): \
107 DBG_WB_READ(reg, num, val); \
110 #define WRITE_WB_REG_CASE(reg, num, offset, val) \
111 case (num + offset): \
112 DBG_WB_WRITE(reg, num, val); \
115 #define SWITCH_CASES_READ_WB_REG(reg, offset, val) \
116 READ_WB_REG_CASE(reg, 0, offset, val); \
117 READ_WB_REG_CASE(reg, 1, offset, val); \
118 READ_WB_REG_CASE(reg, 2, offset, val); \
119 READ_WB_REG_CASE(reg, 3, offset, val); \
120 READ_WB_REG_CASE(reg, 4, offset, val); \
121 READ_WB_REG_CASE(reg, 5, offset, val); \
122 READ_WB_REG_CASE(reg, 6, offset, val); \
123 READ_WB_REG_CASE(reg, 7, offset, val); \
124 READ_WB_REG_CASE(reg, 8, offset, val); \
125 READ_WB_REG_CASE(reg, 9, offset, val); \
126 READ_WB_REG_CASE(reg, 10, offset, val); \
127 READ_WB_REG_CASE(reg, 11, offset, val); \
128 READ_WB_REG_CASE(reg, 12, offset, val); \
129 READ_WB_REG_CASE(reg, 13, offset, val); \
130 READ_WB_REG_CASE(reg, 14, offset, val); \
131 READ_WB_REG_CASE(reg, 15, offset, val)
133 #define SWITCH_CASES_WRITE_WB_REG(reg, offset, val) \
134 WRITE_WB_REG_CASE(reg, 0, offset, val); \
135 WRITE_WB_REG_CASE(reg, 1, offset, val); \
136 WRITE_WB_REG_CASE(reg, 2, offset, val); \
137 WRITE_WB_REG_CASE(reg, 3, offset, val); \
138 WRITE_WB_REG_CASE(reg, 4, offset, val); \
139 WRITE_WB_REG_CASE(reg, 5, offset, val); \
140 WRITE_WB_REG_CASE(reg, 6, offset, val); \
141 WRITE_WB_REG_CASE(reg, 7, offset, val); \
142 WRITE_WB_REG_CASE(reg, 8, offset, val); \
143 WRITE_WB_REG_CASE(reg, 9, offset, val); \
144 WRITE_WB_REG_CASE(reg, 10, offset, val); \
145 WRITE_WB_REG_CASE(reg, 11, offset, val); \
146 WRITE_WB_REG_CASE(reg, 12, offset, val); \
147 WRITE_WB_REG_CASE(reg, 13, offset, val); \
148 WRITE_WB_REG_CASE(reg, 14, offset, val); \
149 WRITE_WB_REG_CASE(reg, 15, offset, val)
153 dbg_wb_read_reg(int reg, int n)
158 SWITCH_CASES_READ_WB_REG(DBG_WB_WVR, DBG_REG_BASE_WVR, val);
159 SWITCH_CASES_READ_WB_REG(DBG_WB_WCR, DBG_REG_BASE_WCR, val);
160 SWITCH_CASES_READ_WB_REG(DBG_WB_BVR, DBG_REG_BASE_BVR, val);
161 SWITCH_CASES_READ_WB_REG(DBG_WB_BCR, DBG_REG_BASE_BCR, val);
163 printf("trying to read from wrong debug register %d\n", n);
171 dbg_wb_write_reg(int reg, int n, uint64_t val)
174 SWITCH_CASES_WRITE_WB_REG(DBG_WB_WVR, DBG_REG_BASE_WVR, val);
175 SWITCH_CASES_WRITE_WB_REG(DBG_WB_WCR, DBG_REG_BASE_WCR, val);
176 SWITCH_CASES_WRITE_WB_REG(DBG_WB_BVR, DBG_REG_BASE_BVR, val);
177 SWITCH_CASES_WRITE_WB_REG(DBG_WB_BCR, DBG_REG_BASE_BCR, val);
179 printf("trying to write to wrong debug register %d\n", n);
185 #if defined(DDB) || defined(GDB)
187 kdb_cpu_set_singlestep(void)
190 KASSERT((READ_SPECIALREG(daif) & PSR_D) == PSR_D,
191 ("%s: debug exceptions are not masked", __func__));
193 kdb_frame->tf_spsr |= PSR_SS;
194 WRITE_SPECIALREG(mdscr_el1, READ_SPECIALREG(mdscr_el1) |
195 MDSCR_SS | MDSCR_KDE);
198 * Disable breakpoints and watchpoints, e.g. stepping
199 * over watched instruction will trigger break exception instead of
200 * single-step exception and locks CPU on that instruction for ever.
202 if ((kernel_monitor.dbg_flags & DBGMON_ENABLED) != 0) {
203 WRITE_SPECIALREG(mdscr_el1,
204 READ_SPECIALREG(mdscr_el1) & ~MDSCR_MDE);
209 kdb_cpu_clear_singlestep(void)
212 KASSERT((READ_SPECIALREG(daif) & PSR_D) == PSR_D,
213 ("%s: debug exceptions are not masked", __func__));
215 WRITE_SPECIALREG(mdscr_el1, READ_SPECIALREG(mdscr_el1) &
216 ~(MDSCR_SS | MDSCR_KDE));
218 /* Restore breakpoints and watchpoints */
219 if ((kernel_monitor.dbg_flags & DBGMON_ENABLED) != 0) {
220 WRITE_SPECIALREG(mdscr_el1,
221 READ_SPECIALREG(mdscr_el1) | MDSCR_MDE);
223 if ((kernel_monitor.dbg_flags & DBGMON_KERNEL) != 0) {
224 WRITE_SPECIALREG(mdscr_el1,
225 READ_SPECIALREG(mdscr_el1) | MDSCR_KDE);
231 kdb_cpu_set_watchpoint(vm_offset_t addr, vm_size_t size, int access)
233 enum dbg_access_t dbg_access;
236 case KDB_DBG_ACCESS_R:
237 dbg_access = HW_BREAKPOINT_R;
239 case KDB_DBG_ACCESS_W:
240 dbg_access = HW_BREAKPOINT_W;
242 case KDB_DBG_ACCESS_RW:
243 dbg_access = HW_BREAKPOINT_RW;
249 return (dbg_setup_watchpoint(NULL, addr, size, dbg_access));
253 kdb_cpu_clr_watchpoint(vm_offset_t addr, vm_size_t size)
256 return (dbg_remove_watchpoint(NULL, addr, size));
258 #endif /* DDB || GDB */
262 dbg_watchtype_str(uint32_t type)
265 case DBG_WATCH_CTRL_EXEC:
267 case DBG_WATCH_CTRL_STORE:
269 case DBG_WATCH_CTRL_LOAD:
271 case DBG_WATCH_CTRL_LOAD | DBG_WATCH_CTRL_STORE:
272 return ("read/write");
279 dbg_watchtype_len(uint32_t len)
282 case DBG_WATCH_CTRL_LEN_1:
284 case DBG_WATCH_CTRL_LEN_2:
286 case DBG_WATCH_CTRL_LEN_4:
288 case DBG_WATCH_CTRL_LEN_8:
296 dbg_show_watchpoint(void)
298 uint32_t wcr, len, type;
302 db_printf("\nhardware watchpoints:\n");
303 db_printf(" watch status type len address symbol\n");
304 db_printf(" ----- -------- ---------- --- ------------------ ------------------\n");
305 for (i = 0; i < dbg_watchpoint_num; i++) {
306 wcr = dbg_wb_read_reg(DBG_REG_BASE_WCR, i);
307 if ((wcr & DBG_WB_CTRL_E) != 0) {
308 type = DBG_WATCH_CTRL_ACCESS_MASK(wcr);
309 len = DBG_WATCH_CTRL_LEN_MASK(wcr);
310 addr = dbg_wb_read_reg(DBG_REG_BASE_WVR, i);
311 db_printf(" %-5d %-8s %10s %3d 0x%16lx ",
312 i, "enabled", dbg_watchtype_str(type),
313 dbg_watchtype_len(len), addr);
314 db_printsym((db_addr_t)addr, DB_STGY_ANY);
317 db_printf(" %-5d disabled\n", i);
324 dbg_find_free_slot(struct debug_monitor_state *monitor, enum dbg_t type)
330 case DBG_TYPE_BREAKPOINT:
331 max = dbg_breakpoint_num;
332 reg = monitor->dbg_bcr;
334 case DBG_TYPE_WATCHPOINT:
335 max = dbg_watchpoint_num;
336 reg = monitor->dbg_wcr;
339 printf("Unsupported debug type\n");
343 for (i = 0; i < max; i++) {
344 if ((reg[i] & DBG_WB_CTRL_E) == 0)
352 dbg_find_slot(struct debug_monitor_state *monitor, enum dbg_t type,
355 uint64_t *reg_addr, *reg_ctrl;
359 case DBG_TYPE_BREAKPOINT:
360 max = dbg_breakpoint_num;
361 reg_addr = monitor->dbg_bvr;
362 reg_ctrl = monitor->dbg_bcr;
364 case DBG_TYPE_WATCHPOINT:
365 max = dbg_watchpoint_num;
366 reg_addr = monitor->dbg_wvr;
367 reg_ctrl = monitor->dbg_wcr;
370 printf("Unsupported debug type\n");
374 for (i = 0; i < max; i++) {
375 if (reg_addr[i] == addr &&
376 (reg_ctrl[i] & DBG_WB_CTRL_E) != 0)
384 dbg_setup_watchpoint(struct debug_monitor_state *monitor, vm_offset_t addr,
385 vm_size_t size, enum dbg_access_t access)
387 uint64_t wcr_size, wcr_priv, wcr_access;
391 monitor = &kernel_monitor;
393 i = dbg_find_free_slot(monitor, DBG_TYPE_WATCHPOINT);
395 printf("Can not find slot for watchpoint, max %d"
396 " watchpoints supported\n", dbg_watchpoint_num);
402 wcr_size = DBG_WATCH_CTRL_LEN_1;
405 wcr_size = DBG_WATCH_CTRL_LEN_2;
408 wcr_size = DBG_WATCH_CTRL_LEN_4;
411 wcr_size = DBG_WATCH_CTRL_LEN_8;
414 printf("Unsupported address size for watchpoint: %zu\n", size);
418 if ((monitor->dbg_flags & DBGMON_KERNEL) == 0)
419 wcr_priv = DBG_WB_CTRL_EL0;
421 wcr_priv = DBG_WB_CTRL_EL1;
424 case HW_BREAKPOINT_X:
425 wcr_access = DBG_WATCH_CTRL_EXEC;
427 case HW_BREAKPOINT_R:
428 wcr_access = DBG_WATCH_CTRL_LOAD;
430 case HW_BREAKPOINT_W:
431 wcr_access = DBG_WATCH_CTRL_STORE;
433 case HW_BREAKPOINT_RW:
434 wcr_access = DBG_WATCH_CTRL_LOAD | DBG_WATCH_CTRL_STORE;
437 printf("Unsupported access type for watchpoint: %d\n", access);
441 monitor->dbg_wvr[i] = addr;
442 monitor->dbg_wcr[i] = wcr_size | wcr_access | wcr_priv | DBG_WB_CTRL_E;
443 monitor->dbg_enable_count++;
444 monitor->dbg_flags |= DBGMON_ENABLED;
446 dbg_register_sync(monitor);
451 dbg_remove_watchpoint(struct debug_monitor_state *monitor, vm_offset_t addr,
457 monitor = &kernel_monitor;
459 i = dbg_find_slot(monitor, DBG_TYPE_WATCHPOINT, addr);
461 printf("Can not find watchpoint for address 0%lx\n", addr);
465 monitor->dbg_wvr[i] = 0;
466 monitor->dbg_wcr[i] = 0;
467 monitor->dbg_enable_count--;
468 if (monitor->dbg_enable_count == 0)
469 monitor->dbg_flags &= ~DBGMON_ENABLED;
471 dbg_register_sync(monitor);
476 dbg_register_sync(struct debug_monitor_state *monitor)
482 monitor = &kernel_monitor;
484 mdscr = READ_SPECIALREG(mdscr_el1);
485 if ((monitor->dbg_flags & DBGMON_ENABLED) == 0) {
486 mdscr &= ~(MDSCR_MDE | MDSCR_KDE);
488 for (i = 0; i < dbg_breakpoint_num; i++) {
489 dbg_wb_write_reg(DBG_REG_BASE_BCR, i,
490 monitor->dbg_bcr[i]);
491 dbg_wb_write_reg(DBG_REG_BASE_BVR, i,
492 monitor->dbg_bvr[i]);
495 for (i = 0; i < dbg_watchpoint_num; i++) {
496 dbg_wb_write_reg(DBG_REG_BASE_WCR, i,
497 monitor->dbg_wcr[i]);
498 dbg_wb_write_reg(DBG_REG_BASE_WVR, i,
499 monitor->dbg_wvr[i]);
502 if ((monitor->dbg_flags & DBGMON_KERNEL) == DBGMON_KERNEL)
505 WRITE_SPECIALREG(mdscr_el1, mdscr);
510 dbg_monitor_init(void)
515 /* Find out many breakpoints and watchpoints we can use */
516 aa64dfr0 = READ_SPECIALREG(id_aa64dfr0_el1);
517 dbg_watchpoint_num = ID_AA64DFR0_WRPs_VAL(aa64dfr0);
518 dbg_breakpoint_num = ID_AA64DFR0_BRPs_VAL(aa64dfr0);
520 if (bootverbose && PCPU_GET(cpuid) == 0) {
521 printf("%d watchpoints and %d breakpoints supported\n",
522 dbg_watchpoint_num, dbg_breakpoint_num);
526 * We have limited number of {watch,break}points, each consists of
528 * - wcr/bcr regsiter configurates corresponding {watch,break}point
530 * - wvr/bvr register keeps address we are hunting for
532 * Reset all breakpoints and watchpoints.
534 for (i = 0; i < dbg_watchpoint_num; i++) {
535 dbg_wb_write_reg(DBG_REG_BASE_WCR, i, 0);
536 dbg_wb_write_reg(DBG_REG_BASE_WVR, i, 0);
539 for (i = 0; i < dbg_breakpoint_num; i++) {
540 dbg_wb_write_reg(DBG_REG_BASE_BCR, i, 0);
541 dbg_wb_write_reg(DBG_REG_BASE_BVR, i, 0);
548 dbg_monitor_enter(struct thread *thread)
552 if ((kernel_monitor.dbg_flags & DBGMON_ENABLED) != 0) {
553 /* Install the kernel version of the registers */
554 dbg_register_sync(&kernel_monitor);
555 } else if ((thread->td_pcb->pcb_dbg_regs.dbg_flags & DBGMON_ENABLED) != 0) {
556 /* Disable the user breakpoints until we return to userspace */
557 for (i = 0; i < dbg_watchpoint_num; i++) {
558 dbg_wb_write_reg(DBG_REG_BASE_WCR, i, 0);
559 dbg_wb_write_reg(DBG_REG_BASE_WVR, i, 0);
562 for (i = 0; i < dbg_breakpoint_num; ++i) {
563 dbg_wb_write_reg(DBG_REG_BASE_BCR, i, 0);
564 dbg_wb_write_reg(DBG_REG_BASE_BVR, i, 0);
566 WRITE_SPECIALREG(mdscr_el1,
567 READ_SPECIALREG(mdscr_el1) & ~(MDSCR_MDE | MDSCR_KDE));
573 dbg_monitor_exit(struct thread *thread, struct trapframe *frame)
578 * PSR_D is an aarch64-only flag. On aarch32, it switches
579 * the processor to big-endian, so avoid setting it for
582 if (!(SV_PROC_FLAG(thread->td_proc, SV_ILP32)))
583 frame->tf_spsr |= PSR_D;
584 if ((thread->td_pcb->pcb_dbg_regs.dbg_flags & DBGMON_ENABLED) != 0) {
585 /* Install the thread's version of the registers */
586 dbg_register_sync(&thread->td_pcb->pcb_dbg_regs);
587 frame->tf_spsr &= ~PSR_D;
588 } else if ((kernel_monitor.dbg_flags & DBGMON_ENABLED) != 0) {
589 /* Disable the kernel breakpoints until we re-enter */
590 for (i = 0; i < dbg_watchpoint_num; i++) {
591 dbg_wb_write_reg(DBG_REG_BASE_WCR, i, 0);
592 dbg_wb_write_reg(DBG_REG_BASE_WVR, i, 0);
595 for (i = 0; i < dbg_breakpoint_num; ++i) {
596 dbg_wb_write_reg(DBG_REG_BASE_BCR, i, 0);
597 dbg_wb_write_reg(DBG_REG_BASE_BVR, i, 0);
599 WRITE_SPECIALREG(mdscr_el1,
600 READ_SPECIALREG(mdscr_el1) & ~(MDSCR_MDE | MDSCR_KDE));