1 // SPDX-License-Identifier: GPL-2.0
3 * kvm guest debug support
5 * Copyright IBM Corp. 2014
7 * Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
9 #include <linux/kvm_host.h>
10 #include <linux/errno.h>
15 * Extends the address range given by *start and *stop to include the address
16 * range starting with estart and the length len. Takes care of overflowing
17 * intervals and tries to minimize the overall interval size.
19 static void extend_address_range(u64
*start
, u64
*stop
, u64 estart
, int len
)
30 /* 0-0 range represents "not set" */
31 if ((*start
== 0) && (*stop
== 0)) {
34 } else if (*start
<= *stop
) {
35 /* increase the existing range */
41 /* "overflowing" interval, whereby *stop > *start */
42 if (estart
<= *stop
) {
45 } else if (estop
> *start
) {
49 /* minimize the range */
50 else if ((estop
- *stop
) < (*start
- estart
))
57 #define MAX_INST_SIZE 6
59 static void enable_all_hw_bp(struct kvm_vcpu
*vcpu
)
61 unsigned long start
, len
;
62 u64
*cr9
= &vcpu
->arch
.sie_block
->gcr
[9];
63 u64
*cr10
= &vcpu
->arch
.sie_block
->gcr
[10];
64 u64
*cr11
= &vcpu
->arch
.sie_block
->gcr
[11];
67 if (vcpu
->arch
.guestdbg
.nr_hw_bp
<= 0 ||
68 vcpu
->arch
.guestdbg
.hw_bp_info
== NULL
)
72 * If the guest is not interested in branching events, we can safely
73 * limit them to the PER address range.
75 if (!(*cr9
& PER_EVENT_BRANCH
))
76 *cr9
|= PER_CONTROL_BRANCH_ADDRESS
;
77 *cr9
|= PER_EVENT_IFETCH
| PER_EVENT_BRANCH
;
79 for (i
= 0; i
< vcpu
->arch
.guestdbg
.nr_hw_bp
; i
++) {
80 start
= vcpu
->arch
.guestdbg
.hw_bp_info
[i
].addr
;
81 len
= vcpu
->arch
.guestdbg
.hw_bp_info
[i
].len
;
84 * The instruction in front of the desired bp has to
85 * report instruction-fetching events
87 if (start
< MAX_INST_SIZE
) {
91 start
-= MAX_INST_SIZE
;
95 extend_address_range(cr10
, cr11
, start
, len
);
99 static void enable_all_hw_wp(struct kvm_vcpu
*vcpu
)
101 unsigned long start
, len
;
102 u64
*cr9
= &vcpu
->arch
.sie_block
->gcr
[9];
103 u64
*cr10
= &vcpu
->arch
.sie_block
->gcr
[10];
104 u64
*cr11
= &vcpu
->arch
.sie_block
->gcr
[11];
107 if (vcpu
->arch
.guestdbg
.nr_hw_wp
<= 0 ||
108 vcpu
->arch
.guestdbg
.hw_wp_info
== NULL
)
111 /* if host uses storage alternation for special address
112 * spaces, enable all events and give all to the guest */
113 if (*cr9
& PER_EVENT_STORE
&& *cr9
& PER_CONTROL_ALTERATION
) {
114 *cr9
&= ~PER_CONTROL_ALTERATION
;
118 *cr9
&= ~PER_CONTROL_ALTERATION
;
119 *cr9
|= PER_EVENT_STORE
;
121 for (i
= 0; i
< vcpu
->arch
.guestdbg
.nr_hw_wp
; i
++) {
122 start
= vcpu
->arch
.guestdbg
.hw_wp_info
[i
].addr
;
123 len
= vcpu
->arch
.guestdbg
.hw_wp_info
[i
].len
;
125 extend_address_range(cr10
, cr11
, start
, len
);
130 void kvm_s390_backup_guest_per_regs(struct kvm_vcpu
*vcpu
)
132 vcpu
->arch
.guestdbg
.cr0
= vcpu
->arch
.sie_block
->gcr
[0];
133 vcpu
->arch
.guestdbg
.cr9
= vcpu
->arch
.sie_block
->gcr
[9];
134 vcpu
->arch
.guestdbg
.cr10
= vcpu
->arch
.sie_block
->gcr
[10];
135 vcpu
->arch
.guestdbg
.cr11
= vcpu
->arch
.sie_block
->gcr
[11];
138 void kvm_s390_restore_guest_per_regs(struct kvm_vcpu
*vcpu
)
140 vcpu
->arch
.sie_block
->gcr
[0] = vcpu
->arch
.guestdbg
.cr0
;
141 vcpu
->arch
.sie_block
->gcr
[9] = vcpu
->arch
.guestdbg
.cr9
;
142 vcpu
->arch
.sie_block
->gcr
[10] = vcpu
->arch
.guestdbg
.cr10
;
143 vcpu
->arch
.sie_block
->gcr
[11] = vcpu
->arch
.guestdbg
.cr11
;
146 void kvm_s390_patch_guest_per_regs(struct kvm_vcpu
*vcpu
)
149 * TODO: if guest psw has per enabled, otherwise 0s!
150 * This reduces the amount of reported events.
151 * Need to intercept all psw changes!
154 if (guestdbg_sstep_enabled(vcpu
)) {
155 /* disable timer (clock-comparator) interrupts */
156 vcpu
->arch
.sie_block
->gcr
[0] &= ~CR0_CLOCK_COMPARATOR_SUBMASK
;
157 vcpu
->arch
.sie_block
->gcr
[9] |= PER_EVENT_IFETCH
;
158 vcpu
->arch
.sie_block
->gcr
[10] = 0;
159 vcpu
->arch
.sie_block
->gcr
[11] = -1UL;
162 if (guestdbg_hw_bp_enabled(vcpu
)) {
163 enable_all_hw_bp(vcpu
);
164 enable_all_hw_wp(vcpu
);
167 /* TODO: Instruction-fetching-nullification not allowed for now */
168 if (vcpu
->arch
.sie_block
->gcr
[9] & PER_EVENT_NULLIFICATION
)
169 vcpu
->arch
.sie_block
->gcr
[9] &= ~PER_EVENT_NULLIFICATION
;
172 #define MAX_WP_SIZE 100
174 static int __import_wp_info(struct kvm_vcpu
*vcpu
,
175 struct kvm_hw_breakpoint
*bp_data
,
176 struct kvm_hw_wp_info_arch
*wp_info
)
179 wp_info
->len
= bp_data
->len
;
180 wp_info
->addr
= bp_data
->addr
;
181 wp_info
->phys_addr
= bp_data
->phys_addr
;
182 wp_info
->old_data
= NULL
;
184 if (wp_info
->len
< 0 || wp_info
->len
> MAX_WP_SIZE
)
187 wp_info
->old_data
= kmalloc(bp_data
->len
, GFP_KERNEL_ACCOUNT
);
188 if (!wp_info
->old_data
)
190 /* try to backup the original value */
191 ret
= read_guest_abs(vcpu
, wp_info
->phys_addr
, wp_info
->old_data
,
194 kfree(wp_info
->old_data
);
195 wp_info
->old_data
= NULL
;
201 #define MAX_BP_COUNT 50
203 int kvm_s390_import_bp_data(struct kvm_vcpu
*vcpu
,
204 struct kvm_guest_debug
*dbg
)
206 int ret
= 0, nr_wp
= 0, nr_bp
= 0, i
;
207 struct kvm_hw_breakpoint
*bp_data
= NULL
;
208 struct kvm_hw_wp_info_arch
*wp_info
= NULL
;
209 struct kvm_hw_bp_info_arch
*bp_info
= NULL
;
211 if (dbg
->arch
.nr_hw_bp
<= 0 || !dbg
->arch
.hw_bp
)
213 else if (dbg
->arch
.nr_hw_bp
> MAX_BP_COUNT
)
216 bp_data
= memdup_user(dbg
->arch
.hw_bp
,
217 sizeof(*bp_data
) * dbg
->arch
.nr_hw_bp
);
219 return PTR_ERR(bp_data
);
221 for (i
= 0; i
< dbg
->arch
.nr_hw_bp
; i
++) {
222 switch (bp_data
[i
].type
) {
223 case KVM_HW_WP_WRITE
:
235 wp_info
= kmalloc_array(nr_wp
,
244 bp_info
= kmalloc_array(nr_bp
,
253 for (nr_wp
= 0, nr_bp
= 0, i
= 0; i
< dbg
->arch
.nr_hw_bp
; i
++) {
254 switch (bp_data
[i
].type
) {
255 case KVM_HW_WP_WRITE
:
256 ret
= __import_wp_info(vcpu
, &bp_data
[i
],
263 bp_info
[nr_bp
].len
= bp_data
[i
].len
;
264 bp_info
[nr_bp
].addr
= bp_data
[i
].addr
;
270 vcpu
->arch
.guestdbg
.nr_hw_bp
= nr_bp
;
271 vcpu
->arch
.guestdbg
.hw_bp_info
= bp_info
;
272 vcpu
->arch
.guestdbg
.nr_hw_wp
= nr_wp
;
273 vcpu
->arch
.guestdbg
.hw_wp_info
= wp_info
;
282 void kvm_s390_clear_bp_data(struct kvm_vcpu
*vcpu
)
285 struct kvm_hw_wp_info_arch
*hw_wp_info
= NULL
;
287 for (i
= 0; i
< vcpu
->arch
.guestdbg
.nr_hw_wp
; i
++) {
288 hw_wp_info
= &vcpu
->arch
.guestdbg
.hw_wp_info
[i
];
289 kfree(hw_wp_info
->old_data
);
290 hw_wp_info
->old_data
= NULL
;
292 kfree(vcpu
->arch
.guestdbg
.hw_wp_info
);
293 vcpu
->arch
.guestdbg
.hw_wp_info
= NULL
;
295 kfree(vcpu
->arch
.guestdbg
.hw_bp_info
);
296 vcpu
->arch
.guestdbg
.hw_bp_info
= NULL
;
298 vcpu
->arch
.guestdbg
.nr_hw_wp
= 0;
299 vcpu
->arch
.guestdbg
.nr_hw_bp
= 0;
302 static inline int in_addr_range(u64 addr
, u64 a
, u64 b
)
305 return (addr
>= a
) && (addr
<= b
);
307 /* "overflowing" interval */
308 return (addr
>= a
) || (addr
<= b
);
311 #define end_of_range(bp_info) (bp_info->addr + bp_info->len - 1)
313 static struct kvm_hw_bp_info_arch
*find_hw_bp(struct kvm_vcpu
*vcpu
,
316 struct kvm_hw_bp_info_arch
*bp_info
= vcpu
->arch
.guestdbg
.hw_bp_info
;
319 if (vcpu
->arch
.guestdbg
.nr_hw_bp
== 0)
322 for (i
= 0; i
< vcpu
->arch
.guestdbg
.nr_hw_bp
; i
++) {
323 /* addr is directly the start or in the range of a bp */
324 if (addr
== bp_info
->addr
)
326 if (bp_info
->len
> 0 &&
327 in_addr_range(addr
, bp_info
->addr
, end_of_range(bp_info
)))
338 static struct kvm_hw_wp_info_arch
*any_wp_changed(struct kvm_vcpu
*vcpu
)
341 struct kvm_hw_wp_info_arch
*wp_info
= NULL
;
344 if (vcpu
->arch
.guestdbg
.nr_hw_wp
== 0)
347 for (i
= 0; i
< vcpu
->arch
.guestdbg
.nr_hw_wp
; i
++) {
348 wp_info
= &vcpu
->arch
.guestdbg
.hw_wp_info
[i
];
349 if (!wp_info
|| !wp_info
->old_data
|| wp_info
->len
<= 0)
352 temp
= kmalloc(wp_info
->len
, GFP_KERNEL_ACCOUNT
);
356 /* refetch the wp data and compare it to the old value */
357 if (!read_guest_abs(vcpu
, wp_info
->phys_addr
, temp
,
359 if (memcmp(temp
, wp_info
->old_data
, wp_info
->len
)) {
371 void kvm_s390_prepare_debug_exit(struct kvm_vcpu
*vcpu
)
373 vcpu
->run
->exit_reason
= KVM_EXIT_DEBUG
;
374 vcpu
->guest_debug
&= ~KVM_GUESTDBG_EXIT_PENDING
;
377 #define PER_CODE_MASK (PER_EVENT_MASK >> 24)
378 #define PER_CODE_BRANCH (PER_EVENT_BRANCH >> 24)
379 #define PER_CODE_IFETCH (PER_EVENT_IFETCH >> 24)
380 #define PER_CODE_STORE (PER_EVENT_STORE >> 24)
381 #define PER_CODE_STORE_REAL (PER_EVENT_STORE_REAL >> 24)
383 #define per_bp_event(code) \
384 (code & (PER_CODE_IFETCH | PER_CODE_BRANCH))
385 #define per_write_wp_event(code) \
386 (code & (PER_CODE_STORE | PER_CODE_STORE_REAL))
388 static int debug_exit_required(struct kvm_vcpu
*vcpu
, u8 perc
,
389 unsigned long peraddr
)
391 struct kvm_debug_exit_arch
*debug_exit
= &vcpu
->run
->debug
.arch
;
392 struct kvm_hw_wp_info_arch
*wp_info
= NULL
;
393 struct kvm_hw_bp_info_arch
*bp_info
= NULL
;
394 unsigned long addr
= vcpu
->arch
.sie_block
->gpsw
.addr
;
396 if (guestdbg_hw_bp_enabled(vcpu
)) {
397 if (per_write_wp_event(perc
) &&
398 vcpu
->arch
.guestdbg
.nr_hw_wp
> 0) {
399 wp_info
= any_wp_changed(vcpu
);
401 debug_exit
->addr
= wp_info
->addr
;
402 debug_exit
->type
= KVM_HW_WP_WRITE
;
406 if (per_bp_event(perc
) &&
407 vcpu
->arch
.guestdbg
.nr_hw_bp
> 0) {
408 bp_info
= find_hw_bp(vcpu
, addr
);
409 /* remove duplicate events if PC==PER address */
410 if (bp_info
&& (addr
!= peraddr
)) {
411 debug_exit
->addr
= addr
;
412 debug_exit
->type
= KVM_HW_BP
;
413 vcpu
->arch
.guestdbg
.last_bp
= addr
;
416 /* breakpoint missed */
417 bp_info
= find_hw_bp(vcpu
, peraddr
);
418 if (bp_info
&& vcpu
->arch
.guestdbg
.last_bp
!= peraddr
) {
419 debug_exit
->addr
= peraddr
;
420 debug_exit
->type
= KVM_HW_BP
;
425 if (guestdbg_sstep_enabled(vcpu
) && per_bp_event(perc
)) {
426 debug_exit
->addr
= addr
;
427 debug_exit
->type
= KVM_SINGLESTEP
;
436 static int per_fetched_addr(struct kvm_vcpu
*vcpu
, unsigned long *addr
)
442 if (vcpu
->arch
.sie_block
->icptcode
== ICPT_PROGI
) {
443 /* PER address references the fetched or the execute instr */
444 *addr
= vcpu
->arch
.sie_block
->peraddr
;
446 * Manually detect if we have an EXECUTE instruction. As
447 * instructions are always 2 byte aligned we can read the
448 * first two bytes unconditionally
450 rc
= read_guest_instr(vcpu
, *addr
, &opcode
, 2);
453 if (opcode
[0] >> 8 == 0x44)
455 if ((opcode
[0] & 0xff0f) == 0xc600)
458 /* instr was suppressed, calculate the responsible instr */
459 *addr
= __rewind_psw(vcpu
->arch
.sie_block
->gpsw
,
460 kvm_s390_get_ilen(vcpu
));
461 if (vcpu
->arch
.sie_block
->icptstatus
& 0x01) {
462 exec_ilen
= (vcpu
->arch
.sie_block
->icptstatus
& 0x60) >> 4;
469 /* read the complete EXECUTE instr to detect the fetched addr */
470 rc
= read_guest_instr(vcpu
, *addr
, &opcode
, exec_ilen
);
473 if (exec_ilen
== 6) {
474 /* EXECUTE RELATIVE LONG - RIL-b format */
475 s32 rl
= *((s32
*) (opcode
+ 1));
477 /* rl is a _signed_ 32 bit value specifying halfwords */
478 *addr
+= (u64
)(s64
) rl
* 2;
480 /* EXECUTE - RX-a format */
481 u32 base
= (opcode
[1] & 0xf000) >> 12;
482 u32 disp
= opcode
[1] & 0x0fff;
483 u32 index
= opcode
[0] & 0x000f;
485 *addr
= base
? vcpu
->run
->s
.regs
.gprs
[base
] : 0;
486 *addr
+= index
? vcpu
->run
->s
.regs
.gprs
[index
] : 0;
489 *addr
= kvm_s390_logical_to_effective(vcpu
, *addr
);
494 #define guest_per_enabled(vcpu) \
495 (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PER)
497 int kvm_s390_handle_per_ifetch_icpt(struct kvm_vcpu
*vcpu
)
499 const u64 cr10
= vcpu
->arch
.sie_block
->gcr
[10];
500 const u64 cr11
= vcpu
->arch
.sie_block
->gcr
[11];
501 const u8 ilen
= kvm_s390_get_ilen(vcpu
);
502 struct kvm_s390_pgm_info pgm_info
= {
504 .per_code
= PER_CODE_IFETCH
,
505 .per_address
= __rewind_psw(vcpu
->arch
.sie_block
->gpsw
, ilen
),
507 unsigned long fetched_addr
;
511 * The PSW points to the next instruction, therefore the intercepted
512 * instruction generated a PER i-fetch event. PER address therefore
513 * points at the previous PSW address (could be an EXECUTE function).
515 if (!guestdbg_enabled(vcpu
))
516 return kvm_s390_inject_prog_irq(vcpu
, &pgm_info
);
518 if (debug_exit_required(vcpu
, pgm_info
.per_code
, pgm_info
.per_address
))
519 vcpu
->guest_debug
|= KVM_GUESTDBG_EXIT_PENDING
;
521 if (!guest_per_enabled(vcpu
) ||
522 !(vcpu
->arch
.sie_block
->gcr
[9] & PER_EVENT_IFETCH
))
525 rc
= per_fetched_addr(vcpu
, &fetched_addr
);
529 /* instruction-fetching exceptions */
530 return kvm_s390_inject_program_int(vcpu
, PGM_ADDRESSING
);
532 if (in_addr_range(fetched_addr
, cr10
, cr11
))
533 return kvm_s390_inject_prog_irq(vcpu
, &pgm_info
);
537 static int filter_guest_per_event(struct kvm_vcpu
*vcpu
)
539 const u8 perc
= vcpu
->arch
.sie_block
->perc
;
540 u64 addr
= vcpu
->arch
.sie_block
->gpsw
.addr
;
541 u64 cr9
= vcpu
->arch
.sie_block
->gcr
[9];
542 u64 cr10
= vcpu
->arch
.sie_block
->gcr
[10];
543 u64 cr11
= vcpu
->arch
.sie_block
->gcr
[11];
544 /* filter all events, demanded by the guest */
545 u8 guest_perc
= perc
& (cr9
>> 24) & PER_CODE_MASK
;
546 unsigned long fetched_addr
;
549 if (!guest_per_enabled(vcpu
))
552 /* filter "successful-branching" events */
553 if (guest_perc
& PER_CODE_BRANCH
&&
554 cr9
& PER_CONTROL_BRANCH_ADDRESS
&&
555 !in_addr_range(addr
, cr10
, cr11
))
556 guest_perc
&= ~PER_CODE_BRANCH
;
558 /* filter "instruction-fetching" events */
559 if (guest_perc
& PER_CODE_IFETCH
) {
560 rc
= per_fetched_addr(vcpu
, &fetched_addr
);
564 * Don't inject an irq on exceptions. This would make handling
565 * on icpt code 8 very complex (as PSW was already rewound).
567 if (rc
|| !in_addr_range(fetched_addr
, cr10
, cr11
))
568 guest_perc
&= ~PER_CODE_IFETCH
;
571 /* All other PER events will be given to the guest */
572 /* TODO: Check altered address/address space */
574 vcpu
->arch
.sie_block
->perc
= guest_perc
;
577 vcpu
->arch
.sie_block
->iprcc
&= ~PGM_PER
;
581 #define pssec(vcpu) (vcpu->arch.sie_block->gcr[1] & _ASCE_SPACE_SWITCH)
582 #define hssec(vcpu) (vcpu->arch.sie_block->gcr[13] & _ASCE_SPACE_SWITCH)
583 #define old_ssec(vcpu) ((vcpu->arch.sie_block->tecmc >> 31) & 0x1)
584 #define old_as_is_home(vcpu) !(vcpu->arch.sie_block->tecmc & 0xffff)
586 int kvm_s390_handle_per_event(struct kvm_vcpu
*vcpu
)
590 if (debug_exit_required(vcpu
, vcpu
->arch
.sie_block
->perc
,
591 vcpu
->arch
.sie_block
->peraddr
))
592 vcpu
->guest_debug
|= KVM_GUESTDBG_EXIT_PENDING
;
594 rc
= filter_guest_per_event(vcpu
);
599 * Only RP, SAC, SACF, PT, PTI, PR, PC instructions can trigger
600 * a space-switch event. PER events enforce space-switch events
601 * for these instructions. So if no PER event for the guest is left,
602 * we might have to filter the space-switch element out, too.
604 if (vcpu
->arch
.sie_block
->iprcc
== PGM_SPACE_SWITCH
) {
605 vcpu
->arch
.sie_block
->iprcc
= 0;
606 new_as
= psw_bits(vcpu
->arch
.sie_block
->gpsw
).as
;
609 * If the AS changed from / to home, we had RP, SAC or SACF
610 * instruction. Check primary and home space-switch-event
611 * controls. (theoretically home -> home produced no event)
613 if (((new_as
== PSW_BITS_AS_HOME
) ^ old_as_is_home(vcpu
)) &&
614 (pssec(vcpu
) || hssec(vcpu
)))
615 vcpu
->arch
.sie_block
->iprcc
= PGM_SPACE_SWITCH
;
618 * PT, PTI, PR, PC instruction operate on primary AS only. Check
619 * if the primary-space-switch-event control was or got set.
621 if (new_as
== PSW_BITS_AS_PRIMARY
&& !old_as_is_home(vcpu
) &&
622 (pssec(vcpu
) || old_ssec(vcpu
)))
623 vcpu
->arch
.sie_block
->iprcc
= PGM_SPACE_SWITCH
;