1 /* Support for MMIO probes.
2 * Benfit many code from kprobes
3 * (C) 2002 Louis Zhuang <louis.zhuang@intel.com>.
4 * 2007 Alexander Eichner
5 * 2008 Pekka Paalanen <pq@iki.fi>
8 #include <linux/list.h>
9 #include <linux/spinlock.h>
10 #include <linux/hash.h>
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/kernel.h>
14 #include <linux/uaccess.h>
15 #include <linux/ptrace.h>
16 #include <linux/preempt.h>
17 #include <linux/percpu.h>
18 #include <linux/kdebug.h>
19 #include <linux/mutex.h>
21 #include <asm/cacheflush.h>
22 #include <asm/tlbflush.h>
23 #include <linux/errno.h>
24 #include <asm/debugreg.h>
25 #include <linux/mmiotrace.h>
27 #define KMMIO_PAGE_HASH_BITS 4
28 #define KMMIO_PAGE_TABLE_SIZE (1 << KMMIO_PAGE_HASH_BITS)
30 struct kmmio_fault_page {
31 struct list_head list;
32 struct kmmio_fault_page *release_next;
33 unsigned long page; /* location of the fault page */
36 * Number of times this page has been registered as a part
37 * of a probe. If zero, page is disarmed and this may be freed.
38 * Used only by writers (RCU).
43 struct kmmio_delayed_release {
45 struct kmmio_fault_page *release_list;
48 struct kmmio_context {
49 struct kmmio_fault_page *fpage;
50 struct kmmio_probe *probe;
51 unsigned long saved_flags;
56 static DEFINE_SPINLOCK(kmmio_lock);
58 /* Protected by kmmio_lock */
59 unsigned int kmmio_count;
61 /* Read-protected by RCU, write-protected by kmmio_lock. */
62 static struct list_head kmmio_page_table[KMMIO_PAGE_TABLE_SIZE];
63 static LIST_HEAD(kmmio_probes);
65 static struct list_head *kmmio_page_list(unsigned long page)
67 return &kmmio_page_table[hash_long(page, KMMIO_PAGE_HASH_BITS)];
70 /* Accessed per-cpu */
71 static DEFINE_PER_CPU(struct kmmio_context, kmmio_ctx);
74 * this is basically a dynamic stabbing problem:
75 * Could use the existing prio tree code or
76 * Possible better implementations:
77 * The Interval Skip List: A Data Structure for Finding All Intervals That
78 * Overlap a Point (might be simple)
79 * Space Efficient Dynamic Stabbing with Fast Queries - Mikkel Thorup
81 /* Get the kmmio at this addr (if any). You must be holding RCU read lock. */
82 static struct kmmio_probe *get_kmmio_probe(unsigned long addr)
84 struct kmmio_probe *p;
85 list_for_each_entry_rcu(p, &kmmio_probes, list) {
86 if (addr >= p->addr && addr <= (p->addr + p->len))
92 /* You must be holding RCU read lock. */
93 static struct kmmio_fault_page *get_kmmio_fault_page(unsigned long page)
95 struct list_head *head;
96 struct kmmio_fault_page *p;
99 head = kmmio_page_list(page);
100 list_for_each_entry_rcu(p, head, list) {
107 static void set_page_present(unsigned long addr, bool present,
108 unsigned int *pglevel)
114 pte_t *pte = lookup_address(addr, &level);
117 pr_err("kmmio: no pte for page 0x%08lx\n", addr);
127 pmdval = pmd_val(*pmd) & ~_PAGE_PRESENT;
129 pmdval |= _PAGE_PRESENT;
130 set_pmd(pmd, __pmd(pmdval));
134 pteval = pte_val(*pte) & ~_PAGE_PRESENT;
136 pteval |= _PAGE_PRESENT;
137 set_pte_atomic(pte, __pte(pteval));
141 pr_err("kmmio: unexpected page level 0x%x.\n", level);
145 __flush_tlb_one(addr);
148 /** Mark the given page as not present. Access to it will trigger a fault. */
149 static void arm_kmmio_fault_page(unsigned long page, unsigned int *pglevel)
151 set_page_present(page & PAGE_MASK, false, pglevel);
154 /** Mark the given page as present. */
155 static void disarm_kmmio_fault_page(unsigned long page, unsigned int *pglevel)
157 set_page_present(page & PAGE_MASK, true, pglevel);
161 * This is being called from do_page_fault().
163 * We may be in an interrupt or a critical section. Also prefecthing may
164 * trigger a page fault. We may be in the middle of process switch.
165 * We cannot take any locks, because we could be executing especially
166 * within a kmmio critical section.
168 * Local interrupts are disabled, so preemption cannot happen.
169 * Do not enable interrupts, do not sleep, and watch out for other CPUs.
172 * Interrupts are disabled on entry as trap3 is an interrupt gate
173 * and they remain disabled thorough out this function.
175 int kmmio_handler(struct pt_regs *regs, unsigned long addr)
177 struct kmmio_context *ctx;
178 struct kmmio_fault_page *faultpage;
179 int ret = 0; /* default to fault not handled */
182 * Preemption is now disabled to prevent process switch during
183 * single stepping. We can only handle one active kmmio trace
184 * per cpu, so ensure that we finish it before something else
185 * gets to run. We also hold the RCU read lock over single
186 * stepping to avoid looking up the probe and kmmio_fault_page
192 faultpage = get_kmmio_fault_page(addr);
195 * Either this page fault is not caused by kmmio, or
196 * another CPU just pulled the kmmio probe from under
197 * our feet. The latter case should not be possible.
202 ctx = &get_cpu_var(kmmio_ctx);
204 disarm_kmmio_fault_page(faultpage->page, NULL);
205 if (addr == ctx->addr) {
207 * On SMP we sometimes get recursive probe hits on the
208 * same address. Context is already saved, fall out.
210 pr_debug("kmmio: duplicate probe hit on CPU %d, for "
211 "address 0x%08lx.\n",
212 smp_processor_id(), addr);
217 * Prevent overwriting already in-flight context.
218 * This should not happen, let's hope disarming at least
221 pr_emerg("kmmio: recursive probe hit on CPU %d, "
222 "for address 0x%08lx. Ignoring.\n",
223 smp_processor_id(), addr);
224 pr_emerg("kmmio: previous hit was at 0x%08lx.\n",
230 ctx->fpage = faultpage;
231 ctx->probe = get_kmmio_probe(addr);
232 ctx->saved_flags = (regs->flags & (X86_EFLAGS_TF | X86_EFLAGS_IF));
235 if (ctx->probe && ctx->probe->pre_handler)
236 ctx->probe->pre_handler(ctx->probe, regs, addr);
239 * Enable single-stepping and disable interrupts for the faulting
240 * context. Local interrupts must not get enabled during stepping.
242 regs->flags |= X86_EFLAGS_TF;
243 regs->flags &= ~X86_EFLAGS_IF;
245 /* Now we set present bit in PTE and single step. */
246 disarm_kmmio_fault_page(ctx->fpage->page, NULL);
249 * If another cpu accesses the same page while we are stepping,
250 * the access will not be caught. It will simply succeed and the
251 * only downside is we lose the event. If this becomes a problem,
252 * the user should drop to single cpu before tracing.
255 put_cpu_var(kmmio_ctx);
256 return 1; /* fault handled */
259 put_cpu_var(kmmio_ctx);
262 preempt_enable_no_resched();
267 * Interrupts are disabled on entry as trap1 is an interrupt gate
268 * and they remain disabled thorough out this function.
269 * This must always get called as the pair to kmmio_handler().
271 static int post_kmmio_handler(unsigned long condition, struct pt_regs *regs)
274 struct kmmio_context *ctx = &get_cpu_var(kmmio_ctx);
277 pr_debug("kmmio: spurious debug trap on CPU %d.\n",
282 if (ctx->probe && ctx->probe->post_handler)
283 ctx->probe->post_handler(ctx->probe, condition, regs);
285 arm_kmmio_fault_page(ctx->fpage->page, NULL);
287 regs->flags &= ~X86_EFLAGS_TF;
288 regs->flags |= ctx->saved_flags;
290 /* These were acquired in kmmio_handler(). */
294 preempt_enable_no_resched();
297 * if somebody else is singlestepping across a probe point, flags
298 * will have TF set, in which case, continue the remaining processing
299 * of do_debug, as if this is not a probe hit.
301 if (!(regs->flags & X86_EFLAGS_TF))
304 put_cpu_var(kmmio_ctx);
308 /* You must be holding kmmio_lock. */
309 static int add_kmmio_fault_page(unsigned long page)
311 struct kmmio_fault_page *f;
314 f = get_kmmio_fault_page(page);
317 arm_kmmio_fault_page(f->page, NULL);
322 f = kmalloc(sizeof(*f), GFP_ATOMIC);
328 list_add_rcu(&f->list, kmmio_page_list(f->page));
330 arm_kmmio_fault_page(f->page, NULL);
335 /* You must be holding kmmio_lock. */
336 static void release_kmmio_fault_page(unsigned long page,
337 struct kmmio_fault_page **release_list)
339 struct kmmio_fault_page *f;
342 f = get_kmmio_fault_page(page);
347 BUG_ON(f->count < 0);
349 disarm_kmmio_fault_page(f->page, NULL);
350 f->release_next = *release_list;
356 * With page-unaligned ioremaps, one or two armed pages may contain
357 * addresses from outside the intended mapping. Events for these addresses
358 * are currently silently dropped. The events may result only from programming
359 * mistakes by accessing addresses before the beginning or past the end of a
362 int register_kmmio_probe(struct kmmio_probe *p)
366 unsigned long size = 0;
367 const unsigned long size_lim = p->len + (p->addr & ~PAGE_MASK);
369 spin_lock_irqsave(&kmmio_lock, flags);
370 if (get_kmmio_probe(p->addr)) {
375 list_add_rcu(&p->list, &kmmio_probes);
376 while (size < size_lim) {
377 if (add_kmmio_fault_page(p->addr + size))
378 pr_err("kmmio: Unable to set page fault.\n");
382 spin_unlock_irqrestore(&kmmio_lock, flags);
384 * XXX: What should I do here?
385 * Here was a call to global_flush_tlb(), but it does not exist
386 * anymore. It seems it's not needed after all.
390 EXPORT_SYMBOL(register_kmmio_probe);
392 static void rcu_free_kmmio_fault_pages(struct rcu_head *head)
394 struct kmmio_delayed_release *dr = container_of(
396 struct kmmio_delayed_release,
398 struct kmmio_fault_page *p = dr->release_list;
400 struct kmmio_fault_page *next = p->release_next;
408 static void remove_kmmio_fault_pages(struct rcu_head *head)
410 struct kmmio_delayed_release *dr = container_of(
412 struct kmmio_delayed_release,
414 struct kmmio_fault_page *p = dr->release_list;
415 struct kmmio_fault_page **prevp = &dr->release_list;
417 spin_lock_irqsave(&kmmio_lock, flags);
420 list_del_rcu(&p->list);
422 *prevp = p->release_next;
423 prevp = &p->release_next;
426 spin_unlock_irqrestore(&kmmio_lock, flags);
427 /* This is the real RCU destroy call. */
428 call_rcu(&dr->rcu, rcu_free_kmmio_fault_pages);
432 * Remove a kmmio probe. You have to synchronize_rcu() before you can be
433 * sure that the callbacks will not be called anymore. Only after that
434 * you may actually release your struct kmmio_probe.
436 * Unregistering a kmmio fault page has three steps:
437 * 1. release_kmmio_fault_page()
438 * Disarm the page, wait a grace period to let all faults finish.
439 * 2. remove_kmmio_fault_pages()
440 * Remove the pages from kmmio_page_table.
441 * 3. rcu_free_kmmio_fault_pages()
442 * Actally free the kmmio_fault_page structs as with RCU.
444 void unregister_kmmio_probe(struct kmmio_probe *p)
447 unsigned long size = 0;
448 const unsigned long size_lim = p->len + (p->addr & ~PAGE_MASK);
449 struct kmmio_fault_page *release_list = NULL;
450 struct kmmio_delayed_release *drelease;
452 spin_lock_irqsave(&kmmio_lock, flags);
453 while (size < size_lim) {
454 release_kmmio_fault_page(p->addr + size, &release_list);
457 list_del_rcu(&p->list);
459 spin_unlock_irqrestore(&kmmio_lock, flags);
461 drelease = kmalloc(sizeof(*drelease), GFP_ATOMIC);
463 pr_crit("kmmio: leaking kmmio_fault_page objects.\n");
466 drelease->release_list = release_list;
469 * This is not really RCU here. We have just disarmed a set of
470 * pages so that they cannot trigger page faults anymore. However,
471 * we cannot remove the pages from kmmio_page_table,
472 * because a probe hit might be in flight on another CPU. The
473 * pages are collected into a list, and they will be removed from
474 * kmmio_page_table when it is certain that no probe hit related to
475 * these pages can be in flight. RCU grace period sounds like a
478 * If we removed the pages too early, kmmio page fault handler might
479 * not find the respective kmmio_fault_page and determine it's not
480 * a kmmio fault, when it actually is. This would lead to madness.
482 call_rcu(&drelease->rcu, remove_kmmio_fault_pages);
484 EXPORT_SYMBOL(unregister_kmmio_probe);
486 static int kmmio_die_notifier(struct notifier_block *nb, unsigned long val,
489 struct die_args *arg = args;
491 if (val == DIE_DEBUG && (arg->err & DR_STEP))
492 if (post_kmmio_handler(arg->err, arg->regs) == 1)
498 static struct notifier_block nb_die = {
499 .notifier_call = kmmio_die_notifier
502 static int __init init_kmmio(void)
505 for (i = 0; i < KMMIO_PAGE_TABLE_SIZE; i++)
506 INIT_LIST_HEAD(&kmmio_page_table[i]);
507 return register_die_notifier(&nb_die);
509 fs_initcall(init_kmmio); /* should be before device_initcall() */
projects / linux-2.6 / blob