From patchwork Fri Sep 12 13:23:44 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 37313 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-lb0-f200.google.com (mail-lb0-f200.google.com [209.85.217.200]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 54A3820F2E for ; Fri, 12 Sep 2014 13:31:55 +0000 (UTC) Received: by mail-lb0-f200.google.com with SMTP id v6sf486013lbi.3 for ; Fri, 12 Sep 2014 06:31:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:date :message-id:in-reply-to:references:subject:precedence:list-id :list-unsubscribe:list-archive:list-post:list-help:list-subscribe :errors-to:sender:x-original-sender :x-original-authentication-results:mailing-list; bh=injybQ5ZmcqjDmVSgN3GgxfEKng4FY3Ew0eYFAfxNXg=; b=mn9LSkP58nWvYiX7AOZ6/duQdqGm5HToOng6PUN7UKSdKkPL3XQfb6wEfekw3NcMme rEqye+r0fI7ZXZZrijR7OSmiSAhGEHFup9xsw0BHW+yOXLKT92RpL6gzRNxLkDK6NZX2 CmzL0G8Q41TyKqti6Av5BnlKz735Hljmany02pjgWqJmIdbHFjWQ0VLdrdgyGXz/sKca 7dFZFza74bd2g2FyKss2VwPX8jMHehKgx+F++GHB3a6T98ik1eXH/cGm2xLVOCS5eToG +JCEe52RoqUvKqIon2TouSMmQStEIlBv7VnjqIEsNAAQk8N4f1Q9OgQA26jyPJuClkOX cPPQ== X-Gm-Message-State: ALoCoQlx1llwI4TksbVPf0HzAugUOwoqbIqb/gtY0clnqMGaiOQi19g/eOohCr8cZzzJdtRYQutw X-Received: by 10.152.3.134 with SMTP id c6mr2275966lac.5.1410528714160; Fri, 12 Sep 2014 06:31:54 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.42.132 with SMTP id o4ls168839lal.21.gmail; Fri, 12 Sep 2014 06:31:53 -0700 (PDT) X-Received: by 10.112.125.132 with SMTP id mq4mr8197462lbb.103.1410528713925; Fri, 12 Sep 2014 06:31:53 -0700 (PDT) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx.google.com with ESMTPS id u14si6553821lal.70.2014.09.12.06.31.53 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 12 Sep 2014 06:31:53 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.54 as permitted sender) client-ip=209.85.215.54; Received: by mail-la0-f54.google.com with SMTP id ge10so959452lab.13 for ; Fri, 12 Sep 2014 06:31:53 -0700 (PDT) X-Received: by 10.152.204.231 with SMTP id lb7mr7311360lac.44.1410528713797; Fri, 12 Sep 2014 06:31:53 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.141.42 with SMTP id rl10csp732012lbb; Fri, 12 Sep 2014 06:31:53 -0700 (PDT) X-Received: by 10.140.34.180 with SMTP id l49mr12475429qgl.72.1410528712447; Fri, 12 Sep 2014 06:31:52 -0700 (PDT) Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id lw9si5640092qcb.31.2014.09.12.06.31.51 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 12 Sep 2014 06:31:52 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Received: from localhost ([::1]:44973 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XSQx5-0003qa-Bd for patch@linaro.org; Fri, 12 Sep 2014 09:31:51 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56948) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XSQpY-0006px-HF for qemu-devel@nongnu.org; Fri, 12 Sep 2014 09:24:14 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XSQpR-0003yr-KJ for qemu-devel@nongnu.org; Fri, 12 Sep 2014 09:24:04 -0400 Received: from mnementh.archaic.org.uk ([81.2.115.146]:46961) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XSQpR-0003xi-CH for qemu-devel@nongnu.org; Fri, 12 Sep 2014 09:23:57 -0400 Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.80) (envelope-from ) id 1XSQpP-0003Xy-62 for qemu-devel@nongnu.org; Fri, 12 Sep 2014 14:23:55 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Fri, 12 Sep 2014 14:23:44 +0100 Message-Id: <1410528234-13545-14-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1410528234-13545-1-git-send-email-peter.maydell@linaro.org> References: <1410528234-13545-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 81.2.115.146 Subject: [Qemu-devel] [PULL 13/23] target-arm: Implement handling of fired watchpoints X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: peter.maydell@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.54 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Implement the ARM debug exception handler for dealing with fired watchpoints. Signed-off-by: Peter Maydell --- target-arm/cpu.c | 1 + target-arm/helper.c | 7 +- target-arm/internals.h | 9 +++ target-arm/op_helper.c | 188 +++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 204 insertions(+), 1 deletion(-) diff --git a/target-arm/cpu.c b/target-arm/cpu.c index 6c40ecd..7ea12bd 100644 --- a/target-arm/cpu.c +++ b/target-arm/cpu.c @@ -1065,6 +1065,7 @@ static void arm_cpu_class_init(ObjectClass *oc, void *data) #endif cc->gdb_num_core_regs = 26; cc->gdb_core_xml_file = "arm-core.xml"; + cc->debug_excp_handler = arm_debug_excp_handler; } static void cpu_register(const ARMCPUInfo *info) diff --git a/target-arm/helper.c b/target-arm/helper.c index 5fd5497..b0d2424 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -2399,14 +2399,18 @@ static void define_debug_regs(ARMCPU *cpu) * These are just dummy implementations for now. */ int i; - int wrps, brps; + int wrps, brps, ctx_cmps; ARMCPRegInfo dbgdidr = { .name = "DBGDIDR", .cp = 14, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 0, .access = PL0_R, .type = ARM_CP_CONST, .resetvalue = cpu->dbgdidr, }; + /* Note that all these register fields hold "number of Xs minus 1". */ brps = extract32(cpu->dbgdidr, 24, 4); wrps = extract32(cpu->dbgdidr, 28, 4); + ctx_cmps = extract32(cpu->dbgdidr, 20, 4); + + assert(ctx_cmps <= brps); /* The DBGDIDR and ID_AA64DFR0_EL1 define various properties * of the debug registers such as number of breakpoints; @@ -2415,6 +2419,7 @@ static void define_debug_regs(ARMCPU *cpu) if (arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) { assert(extract32(cpu->id_aa64dfr0, 12, 4) == brps); assert(extract32(cpu->id_aa64dfr0, 20, 4) == wrps); + assert(extract32(cpu->id_aa64dfr0, 28, 4) == ctx_cmps); } define_one_arm_cp_reg(cpu, &dbgdidr); diff --git a/target-arm/internals.h b/target-arm/internals.h index 1d788b0..64751a0 100644 --- a/target-arm/internals.h +++ b/target-arm/internals.h @@ -307,6 +307,12 @@ static inline uint32_t syn_swstep(int same_el, int isv, int ex) | (isv << 24) | (ex << 6) | 0x22; } +static inline uint32_t syn_watchpoint(int same_el, int cm, int wnr) +{ + return (EC_WATCHPOINT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT) + | (cm << 8) | (wnr << 6) | 0x22; +} + /* Update a QEMU watchpoint based on the information the guest has set in the * DBGWCR_EL1 and DBGWVR_EL1 registers. */ @@ -317,4 +323,7 @@ void hw_watchpoint_update(ARMCPU *cpu, int n); */ void hw_watchpoint_update_all(ARMCPU *cpu); +/* Callback function for when a watchpoint or breakpoint triggers. */ +void arm_debug_excp_handler(CPUState *cs); + #endif diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c index fe40358..b956216 100644 --- a/target-arm/op_helper.c +++ b/target-arm/op_helper.c @@ -456,6 +456,194 @@ illegal_return: } } +/* Return true if the linked breakpoint entry lbn passes its checks */ +static bool linked_bp_matches(ARMCPU *cpu, int lbn) +{ + CPUARMState *env = &cpu->env; + uint64_t bcr = env->cp15.dbgbcr[lbn]; + int brps = extract32(cpu->dbgdidr, 24, 4); + int ctx_cmps = extract32(cpu->dbgdidr, 20, 4); + int bt; + uint32_t contextidr; + + /* Links to unimplemented or non-context aware breakpoints are + * CONSTRAINED UNPREDICTABLE: either behave as if disabled, or + * as if linked to an UNKNOWN context-aware breakpoint (in which + * case DBGWCR_EL1.LBN must indicate that breakpoint). + * We choose the former. + */ + if (lbn > brps || lbn < (brps - ctx_cmps)) { + return false; + } + + bcr = env->cp15.dbgbcr[lbn]; + + if (extract64(bcr, 0, 1) == 0) { + /* Linked breakpoint disabled : generate no events */ + return false; + } + + bt = extract64(bcr, 20, 4); + + /* We match the whole register even if this is AArch32 using the + * short descriptor format (in which case it holds both PROCID and ASID), + * since we don't implement the optional v7 context ID masking. + */ + contextidr = extract64(env->cp15.contextidr_el1, 0, 32); + + switch (bt) { + case 3: /* linked context ID match */ + if (arm_current_pl(env) > 1) { + /* Context matches never fire in EL2 or (AArch64) EL3 */ + return false; + } + return (contextidr == extract64(env->cp15.dbgbvr[lbn], 0, 32)); + case 5: /* linked address mismatch (reserved in AArch64) */ + case 9: /* linked VMID match (reserved if no EL2) */ + case 11: /* linked context ID and VMID match (reserved if no EL2) */ + default: + /* Links to Unlinked context breakpoints must generate no + * events; we choose to do the same for reserved values too. + */ + return false; + } + + return false; +} + +static bool wp_matches(ARMCPU *cpu, int n) +{ + CPUARMState *env = &cpu->env; + uint64_t wcr = env->cp15.dbgwcr[n]; + int pac, hmc, ssc, wt, lbn; + /* TODO: check against CPU security state when we implement TrustZone */ + bool is_secure = false; + + if (!env->cpu_watchpoint[n] + || !(env->cpu_watchpoint[n]->flags & BP_WATCHPOINT_HIT)) { + return false; + } + + /* The WATCHPOINT_HIT flag guarantees us that the watchpoint is + * enabled and that the address and access type match; check the + * remaining fields, including linked breakpoints. + * Note that some combinations of {PAC, HMC SSC} are reserved and + * must act either like some valid combination or as if the watchpoint + * were disabled. We choose the former, and use this together with + * the fact that EL3 must always be Secure and EL2 must always be + * Non-Secure to simplify the code slightly compared to the full + * table in the ARM ARM. + */ + pac = extract64(wcr, 1, 2); + hmc = extract64(wcr, 13, 1); + ssc = extract64(wcr, 14, 2); + + switch (ssc) { + case 0: + break; + case 1: + case 3: + if (is_secure) { + return false; + } + break; + case 2: + if (!is_secure) { + return false; + } + break; + } + + /* TODO: this is not strictly correct because the LDRT/STRT/LDT/STT + * "unprivileged access" instructions should match watchpoints as if + * they were accesses done at EL0, even if the CPU is at EL1 or higher. + * Implementing this would require reworking the core watchpoint code + * to plumb the mmu_idx through to this point. Luckily Linux does not + * rely on this behaviour currently. + */ + switch (arm_current_pl(env)) { + case 3: + case 2: + if (!hmc) { + return false; + } + break; + case 1: + if (extract32(pac, 0, 1) == 0) { + return false; + } + break; + case 0: + if (extract32(pac, 1, 1) == 0) { + return false; + } + break; + default: + g_assert_not_reached(); + } + + wt = extract64(wcr, 20, 1); + lbn = extract64(wcr, 16, 4); + + if (wt && !linked_bp_matches(cpu, lbn)) { + return false; + } + + return true; +} + +static bool check_watchpoints(ARMCPU *cpu) +{ + CPUARMState *env = &cpu->env; + int n; + + /* If watchpoints are disabled globally or we can't take debug + * exceptions here then watchpoint firings are ignored. + */ + if (extract32(env->cp15.mdscr_el1, 15, 1) == 0 + || !arm_generate_debug_exceptions(env)) { + return false; + } + + for (n = 0; n < ARRAY_SIZE(env->cpu_watchpoint); n++) { + if (wp_matches(cpu, n)) { + return true; + } + } + return false; +} + +void arm_debug_excp_handler(CPUState *cs) +{ + /* Called by core code when a watchpoint or breakpoint fires; + * need to check which one and raise the appropriate exception. + */ + ARMCPU *cpu = ARM_CPU(cs); + CPUARMState *env = &cpu->env; + CPUWatchpoint *wp_hit = cs->watchpoint_hit; + + if (wp_hit) { + if (wp_hit->flags & BP_CPU) { + cs->watchpoint_hit = NULL; + if (check_watchpoints(cpu)) { + bool wnr = (wp_hit->flags & BP_WATCHPOINT_HIT_WRITE) != 0; + bool same_el = arm_debug_target_el(env) == arm_current_pl(env); + + env->exception.syndrome = syn_watchpoint(same_el, 0, wnr); + if (extended_addresses_enabled(env)) { + env->exception.fsr = (1 << 9) | 0x22; + } else { + env->exception.fsr = 0x2; + } + env->exception.vaddress = wp_hit->hitaddr; + raise_exception(env, EXCP_DATA_ABORT); + } else { + cpu_resume_from_signal(cs, NULL); + } + } + } +} + /* ??? Flag setting arithmetic is awkward because we need to do comparisons. The only way to do that in TCG is a conditional branch, which clobbers all our temporaries. For now implement these as helper functions. */