2 * This program is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or
5 * (at your option) any later version.
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
16 * Copyright (C) IBM Corporation, 2005
17 * Jeff Muizelaar, 2006, 2007
18 * Pekka Paalanen, 2008 <pq@iki.fi>
20 * Derived from the read-mod example from relay-examples by Tom Zanussi.
24 #include <linux/module.h>
25 #include <linux/relay.h>
26 #include <linux/debugfs.h>
27 #include <linux/proc_fs.h>
29 #include <linux/version.h>
30 #include <linux/kallsyms.h>
31 #include <asm/pgtable.h>
32 #include <linux/mmiotrace.h>
33 #include <asm/e820.h> /* for ISA_START_ADDRESS */
34 #include <asm/atomic.h>
35 #include <linux/percpu.h>
39 #define NAME "mmiotrace: "
41 /* This app's relay channel files will appear in /debug/mmio-trace */
42 static const char APP_DIR[] = "mmio-trace";
43 /* the marker injection file in /debug/APP_DIR */
44 static const char MARKER_FILE[] = "mmio-marker";
49 enum reason_type type;
54 struct list_head list;
55 struct kmmio_probe probe;
60 static const size_t subbuf_size = 256*1024;
62 /* Accessed per-cpu. */
63 static DEFINE_PER_CPU(struct trap_reason, pf_reason);
64 static DEFINE_PER_CPU(struct mm_io_header_rw, cpu_trace);
66 /* Access to this is not per-cpu. */
67 static DEFINE_PER_CPU(atomic_t, dropped);
69 static struct dentry *dir;
70 static struct dentry *enabled_file;
71 static struct dentry *marker_file;
73 static DEFINE_MUTEX(mmiotrace_mutex);
74 static DEFINE_SPINLOCK(trace_lock);
75 static atomic_t mmiotrace_enabled;
76 static LIST_HEAD(trace_list); /* struct remap_trace */
77 static struct rchan *chan;
80 * Locking in this file:
81 * - mmiotrace_mutex enforces enable/disable_mmiotrace() critical sections.
82 * - mmiotrace_enabled may be modified only when holding mmiotrace_mutex
84 * - Routines depending on is_enabled() must take trace_lock.
85 * - trace_list users must hold trace_lock.
86 * - is_enabled() guarantees that chan is valid.
87 * - pre/post callbacks assume the effect of is_enabled() being true.
90 /* module parameters */
91 static unsigned int n_subbufs = 32*4;
92 static unsigned long filter_offset;
93 static int nommiotrace;
96 static int enable_now;
98 module_param(n_subbufs, uint, 0);
99 module_param(filter_offset, ulong, 0);
100 module_param(nommiotrace, bool, 0);
101 module_param(ISA_trace, bool, 0);
102 module_param(trace_pc, bool, 0);
103 module_param(enable_now, bool, 0);
105 MODULE_PARM_DESC(n_subbufs, "Number of 256kB buffers, default 128.");
106 MODULE_PARM_DESC(filter_offset, "Start address of traced mappings.");
107 MODULE_PARM_DESC(nommiotrace, "Disable actual MMIO tracing.");
108 MODULE_PARM_DESC(ISA_trace, "Do not exclude the low ISA range.");
109 MODULE_PARM_DESC(trace_pc, "Record address of faulting instructions.");
110 MODULE_PARM_DESC(enable_now, "Start mmiotracing immediately on module load.");
112 static bool is_enabled(void)
114 return atomic_read(&mmiotrace_enabled);
117 static void record_timestamp(struct mm_io_header *header)
121 getnstimeofday(&now);
122 header->sec = now.tv_sec;
123 header->nsec = now.tv_nsec;
127 * Write callback for the debugfs entry:
128 * Read a marker and write it to the mmio trace log
130 static ssize_t write_marker(struct file *file, const char __user *buffer,
131 size_t count, loff_t *ppos)
134 struct mm_io_header *headp;
135 ssize_t len = (count > 65535) ? 65535 : count;
137 event = kzalloc(sizeof(*headp) + len, GFP_KERNEL);
141 headp = (struct mm_io_header *)event;
142 headp->type = MMIO_MAGIC | (MMIO_MARKER << MMIO_OPCODE_SHIFT);
143 headp->data_len = len;
144 record_timestamp(headp);
146 if (copy_from_user(event + sizeof(*headp), buffer, len)) {
151 spin_lock_irq(&trace_lock);
153 relay_write(chan, event, sizeof(*headp) + len);
156 spin_unlock_irq(&trace_lock);
161 static void print_pte(unsigned long address)
164 pte_t *pte = lookup_address(address, &level);
167 pr_err(NAME "Error in %s: no pte for page 0x%08lx\n",
172 if (level == PG_LEVEL_2M) {
173 pr_emerg(NAME "4MB pages are not currently supported: "
174 "0x%08lx\n", address);
177 pr_info(NAME "pte for 0x%lx: 0x%lx 0x%lx\n", address, pte_val(*pte),
178 pte_val(*pte) & _PAGE_PRESENT);
182 * For some reason the pre/post pairs have been called in an
183 * unmatched order. Report and die.
185 static void die_kmmio_nesting_error(struct pt_regs *regs, unsigned long addr)
187 const struct trap_reason *my_reason = &get_cpu_var(pf_reason);
188 pr_emerg(NAME "unexpected fault for address: 0x%08lx, "
189 "last fault for address: 0x%08lx\n",
190 addr, my_reason->addr);
192 print_symbol(KERN_EMERG "faulting IP is at %s\n", regs->ip);
193 print_symbol(KERN_EMERG "last faulting IP was at %s\n", my_reason->ip);
195 pr_emerg("eax: %08lx ebx: %08lx ecx: %08lx edx: %08lx\n",
196 regs->ax, regs->bx, regs->cx, regs->dx);
197 pr_emerg("esi: %08lx edi: %08lx ebp: %08lx esp: %08lx\n",
198 regs->si, regs->di, regs->bp, regs->sp);
200 pr_emerg("rax: %016lx rcx: %016lx rdx: %016lx\n",
201 regs->ax, regs->cx, regs->dx);
202 pr_emerg("rsi: %016lx rdi: %016lx rbp: %016lx rsp: %016lx\n",
203 regs->si, regs->di, regs->bp, regs->sp);
205 put_cpu_var(pf_reason);
209 static void pre(struct kmmio_probe *p, struct pt_regs *regs,
212 struct trap_reason *my_reason = &get_cpu_var(pf_reason);
213 struct mm_io_header_rw *my_trace = &get_cpu_var(cpu_trace);
214 const unsigned long instptr = instruction_pointer(regs);
215 const enum reason_type type = get_ins_type(instptr);
217 /* it doesn't make sense to have more than one active trace per cpu */
218 if (my_reason->active_traces)
219 die_kmmio_nesting_error(regs, addr);
221 my_reason->active_traces++;
223 my_reason->type = type;
224 my_reason->addr = addr;
225 my_reason->ip = instptr;
227 my_trace->header.type = MMIO_MAGIC;
228 my_trace->header.pid = 0;
229 my_trace->header.data_len = sizeof(struct mm_io_rw);
230 my_trace->rw.address = addr;
232 * struct remap_trace *trace = p->user_data;
233 * phys = addr - trace->probe.addr + trace->phys;
237 * Only record the program counter when requested.
238 * It may taint clean-room reverse engineering.
241 my_trace->rw.pc = instptr;
245 record_timestamp(&my_trace->header);
249 my_trace->header.type |=
250 (MMIO_READ << MMIO_OPCODE_SHIFT) |
251 (get_ins_mem_width(instptr) << MMIO_WIDTH_SHIFT);
254 my_trace->header.type |=
255 (MMIO_WRITE << MMIO_OPCODE_SHIFT) |
256 (get_ins_mem_width(instptr) << MMIO_WIDTH_SHIFT);
257 my_trace->rw.value = get_ins_reg_val(instptr, regs);
260 my_trace->header.type |=
261 (MMIO_WRITE << MMIO_OPCODE_SHIFT) |
262 (get_ins_mem_width(instptr) << MMIO_WIDTH_SHIFT);
263 my_trace->rw.value = get_ins_imm_val(instptr);
267 unsigned char *ip = (unsigned char *)instptr;
268 my_trace->header.type |=
269 (MMIO_UNKNOWN_OP << MMIO_OPCODE_SHIFT);
270 my_trace->rw.value = (*ip) << 16 | *(ip + 1) << 8 |
274 put_cpu_var(cpu_trace);
275 put_cpu_var(pf_reason);
278 static void post(struct kmmio_probe *p, unsigned long condition,
279 struct pt_regs *regs)
281 struct trap_reason *my_reason = &get_cpu_var(pf_reason);
282 struct mm_io_header_rw *my_trace = &get_cpu_var(cpu_trace);
284 /* this should always return the active_trace count to 0 */
285 my_reason->active_traces--;
286 if (my_reason->active_traces) {
287 pr_emerg(NAME "unexpected post handler");
291 switch (my_reason->type) {
293 my_trace->rw.value = get_ins_reg_val(my_reason->ip, regs);
298 relay_write(chan, my_trace, sizeof(*my_trace));
299 put_cpu_var(cpu_trace);
300 put_cpu_var(pf_reason);
304 * subbuf_start() relay callback.
306 * Defined so that we know when events are dropped due to the buffer-full
309 static int subbuf_start_handler(struct rchan_buf *buf, void *subbuf,
310 void *prev_subbuf, size_t prev_padding)
312 unsigned int cpu = buf->cpu;
313 atomic_t *drop = &per_cpu(dropped, cpu);
315 if (relay_buf_full(buf)) {
316 if (atomic_inc_return(drop) == 1)
317 pr_err(NAME "cpu %d buffer full!\n", cpu);
320 count = atomic_read(drop);
322 pr_err(NAME "cpu %d buffer no longer full, missed %d events.\n",
324 atomic_sub(count, drop);
330 static struct file_operations mmio_fops = {
331 .owner = THIS_MODULE,
334 /* file_create() callback. Creates relay file in debugfs. */
335 static struct dentry *create_buf_file_handler(const char *filename,
336 struct dentry *parent,
338 struct rchan_buf *buf,
341 struct dentry *buf_file;
343 mmio_fops.read = relay_file_operations.read;
344 mmio_fops.open = relay_file_operations.open;
345 mmio_fops.poll = relay_file_operations.poll;
346 mmio_fops.mmap = relay_file_operations.mmap;
347 mmio_fops.release = relay_file_operations.release;
348 mmio_fops.splice_read = relay_file_operations.splice_read;
350 buf_file = debugfs_create_file(filename, mode, parent, buf,
356 /* file_remove() default callback. Removes relay file in debugfs. */
357 static int remove_buf_file_handler(struct dentry *dentry)
359 debugfs_remove(dentry);
363 static struct rchan_callbacks relay_callbacks = {
364 .subbuf_start = subbuf_start_handler,
365 .create_buf_file = create_buf_file_handler,
366 .remove_buf_file = remove_buf_file_handler,
369 static void ioremap_trace_core(unsigned long offset, unsigned long size,
372 static atomic_t next_id;
373 struct remap_trace *trace = kmalloc(sizeof(*trace), GFP_KERNEL);
374 struct mm_io_header_map event = {
377 (MMIO_PROBE << MMIO_OPCODE_SHIFT),
381 .data_len = sizeof(struct mm_io_map)
385 .addr = (unsigned long)addr,
390 record_timestamp(&event.header);
393 pr_err(NAME "kmalloc failed in ioremap\n");
397 *trace = (struct remap_trace) {
399 .addr = (unsigned long)addr,
402 .post_handler = post,
406 .id = atomic_inc_return(&next_id)
409 spin_lock_irq(&trace_lock);
413 relay_write(chan, &event, sizeof(event));
414 list_add_tail(&trace->list, &trace_list);
416 register_kmmio_probe(&trace->probe);
419 spin_unlock_irq(&trace_lock);
423 mmiotrace_ioremap(unsigned long offset, unsigned long size, void __iomem *addr)
425 if (!is_enabled()) /* recheck and proper locking in *_core() */
428 pr_debug(NAME "ioremap_*(0x%lx, 0x%lx) = %p\n", offset, size, addr);
429 if ((filter_offset) && (offset != filter_offset))
431 ioremap_trace_core(offset, size, addr);
434 static void iounmap_trace_core(volatile void __iomem *addr)
436 struct mm_io_header_map event = {
439 (MMIO_UNPROBE << MMIO_OPCODE_SHIFT),
443 .data_len = sizeof(struct mm_io_map)
447 .addr = (unsigned long)addr,
452 struct remap_trace *trace;
453 struct remap_trace *tmp;
454 struct remap_trace *found_trace = NULL;
456 pr_debug(NAME "Unmapping %p.\n", addr);
457 record_timestamp(&event.header);
459 spin_lock_irq(&trace_lock);
463 list_for_each_entry_safe(trace, tmp, &trace_list, list) {
464 if ((unsigned long)addr == trace->probe.addr) {
466 unregister_kmmio_probe(&trace->probe);
467 list_del(&trace->list);
472 relay_write(chan, &event, sizeof(event));
475 spin_unlock_irq(&trace_lock);
477 synchronize_rcu(); /* unregister_kmmio_probe() requirement */
482 void mmiotrace_iounmap(volatile void __iomem *addr)
485 if (is_enabled()) /* recheck and proper locking in *_core() */
486 iounmap_trace_core(addr);
489 static void clear_trace_list(void)
491 struct remap_trace *trace;
492 struct remap_trace *tmp;
495 * No locking required, because the caller ensures we are in a
496 * critical section via mutex, and is_enabled() is false,
497 * i.e. nothing can traverse or modify this list.
498 * Caller also ensures is_enabled() cannot change.
500 list_for_each_entry(trace, &trace_list, list) {
501 pr_notice(NAME "purging non-iounmapped "
502 "trace @0x%08lx, size 0x%lx.\n",
503 trace->probe.addr, trace->probe.len);
505 unregister_kmmio_probe(&trace->probe);
507 synchronize_rcu(); /* unregister_kmmio_probe() requirement */
509 list_for_each_entry_safe(trace, tmp, &trace_list, list) {
510 list_del(&trace->list);
515 static ssize_t read_enabled_file_bool(struct file *file,
516 char __user *user_buf, size_t count, loff_t *ppos)
526 return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
529 static void enable_mmiotrace(void);
530 static void disable_mmiotrace(void);
532 static ssize_t write_enabled_file_bool(struct file *file,
533 const char __user *user_buf, size_t count, loff_t *ppos)
536 int buf_size = min(count, (sizeof(buf)-1));
538 if (copy_from_user(buf, user_buf, buf_size))
557 /* this ripped from kernel/kprobes.c */
558 static struct file_operations fops_enabled = {
559 .owner = THIS_MODULE,
560 .read = read_enabled_file_bool,
561 .write = write_enabled_file_bool
564 static struct file_operations fops_marker = {
565 .owner = THIS_MODULE,
566 .write = write_marker
569 static void enable_mmiotrace(void)
571 mutex_lock(&mmiotrace_mutex);
575 chan = relay_open("cpu", dir, subbuf_size, n_subbufs,
576 &relay_callbacks, NULL);
578 pr_err(NAME "relay app channel creation failed.\n");
584 marker_file = debugfs_create_file("marker", 0660, dir, NULL,
587 pr_err(NAME "marker file creation failed.\n");
590 pr_info(NAME "MMIO tracing disabled.\n");
592 pr_warning(NAME "Warning! low ISA range will be traced.\n");
593 spin_lock_irq(&trace_lock);
594 atomic_inc(&mmiotrace_enabled);
595 spin_unlock_irq(&trace_lock);
596 pr_info(NAME "enabled.\n");
598 mutex_unlock(&mmiotrace_mutex);
601 static void disable_mmiotrace(void)
603 mutex_lock(&mmiotrace_mutex);
607 spin_lock_irq(&trace_lock);
608 atomic_dec(&mmiotrace_enabled);
609 BUG_ON(is_enabled());
610 spin_unlock_irq(&trace_lock);
612 clear_trace_list(); /* guarantees: no more kmmio callbacks */
615 debugfs_remove(marker_file);
623 pr_info(NAME "disabled.\n");
625 mutex_unlock(&mmiotrace_mutex);
628 static int __init init(void)
630 pr_debug(NAME "load...\n");
634 dir = debugfs_create_dir(APP_DIR, NULL);
636 pr_err(NAME "Couldn't create relay app directory.\n");
640 enabled_file = debugfs_create_file("enabled", 0600, dir, NULL,
643 pr_err(NAME "Couldn't create enabled file.\n");
654 static void __exit cleanup(void)
656 pr_debug(NAME "unload...\n");
658 debugfs_remove(enabled_file);
665 module_exit(cleanup);
666 MODULE_LICENSE("GPL");
projects / linux-2.6 / blob