xref: /qemu/system/watchpoint.c (revision 69c22481) 
1 /*
2  * CPU watchpoints
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 #include "qemu/main-loop.h"
22 #include "qemu/error-report.h"
23 #include "exec/exec-all.h"
24 #include "exec/translate-all.h"
25 #include "sysemu/tcg.h"
26 #include "sysemu/replay.h"
27 #include "hw/core/tcg-cpu-ops.h"
28 #include "hw/core/cpu.h"
29 
30 /* Add a watchpoint.  */
31 int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
32                           int flags, CPUWatchpoint **watchpoint)
33 {
34     CPUWatchpoint *wp;
35     vaddr in_page;
36 
37     /* forbid ranges which are empty or run off the end of the address space */
38     if (len == 0 || (addr + len - 1) < addr) {
39         error_report("tried to set invalid watchpoint at %"
40                      VADDR_PRIx ", len=%" VADDR_PRIu, addr, len);
41         return -EINVAL;
42     }
43     wp = g_malloc(sizeof(*wp));
44 
45     wp->vaddr = addr;
46     wp->len = len;
47     wp->flags = flags;
48 
49     /* keep all GDB-injected watchpoints in front */
50     if (flags & BP_GDB) {
51         QTAILQ_INSERT_HEAD(&cpu->watchpoints, wp, entry);
52     } else {
53         QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
54     }
55 
56     in_page = -(addr | TARGET_PAGE_MASK);
57     if (len <= in_page) {
58         tlb_flush_page(cpu, addr);
59     } else {
60         tlb_flush(cpu);
61     }
62 
63     if (watchpoint) {
64         *watchpoint = wp;
65     }
66     return 0;
67 }
68 
69 /* Remove a specific watchpoint.  */
70 int cpu_watchpoint_remove(CPUState *cpu, vaddr addr, vaddr len,
71                           int flags)
72 {
73     CPUWatchpoint *wp;
74 
75     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
76         if (addr == wp->vaddr && len == wp->len
77                 && flags == (wp->flags & ~BP_WATCHPOINT_HIT)) {
78             cpu_watchpoint_remove_by_ref(cpu, wp);
79             return 0;
80         }
81     }
82     return -ENOENT;
83 }
84 
85 /* Remove a specific watchpoint by reference.  */
86 void cpu_watchpoint_remove_by_ref(CPUState *cpu, CPUWatchpoint *watchpoint)
87 {
88     QTAILQ_REMOVE(&cpu->watchpoints, watchpoint, entry);
89 
90     tlb_flush_page(cpu, watchpoint->vaddr);
91 
92     g_free(watchpoint);
93 }
94 
95 /* Remove all matching watchpoints.  */
96 void cpu_watchpoint_remove_all(CPUState *cpu, int mask)
97 {
98     CPUWatchpoint *wp, *next;
99 
100     QTAILQ_FOREACH_SAFE(wp, &cpu->watchpoints, entry, next) {
101         if (wp->flags & mask) {
102             cpu_watchpoint_remove_by_ref(cpu, wp);
103         }
104     }
105 }
106 
107 #ifdef CONFIG_TCG
108 
109 /*
110  * Return true if this watchpoint address matches the specified
111  * access (ie the address range covered by the watchpoint overlaps
112  * partially or completely with the address range covered by the
113  * access).
114  */
115 static inline bool watchpoint_address_matches(CPUWatchpoint *wp,
116                                               vaddr addr, vaddr len)
117 {
118     /*
119      * We know the lengths are non-zero, but a little caution is
120      * required to avoid errors in the case where the range ends
121      * exactly at the top of the address space and so addr + len
122      * wraps round to zero.
123      */
124     vaddr wpend = wp->vaddr + wp->len - 1;
125     vaddr addrend = addr + len - 1;
126 
127     return !(addr > wpend || wp->vaddr > addrend);
128 }
129 
130 /* Return flags for watchpoints that match addr + prot.  */
131 int cpu_watchpoint_address_matches(CPUState *cpu, vaddr addr, vaddr len)
132 {
133     CPUWatchpoint *wp;
134     int ret = 0;
135 
136     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
137         if (watchpoint_address_matches(wp, addr, len)) {
138             ret |= wp->flags;
139         }
140     }
141     return ret;
142 }
143 
144 /* Generate a debug exception if a watchpoint has been hit.  */
145 void cpu_check_watchpoint(CPUState *cpu, vaddr addr, vaddr len,
146                           MemTxAttrs attrs, int flags, uintptr_t ra)
147 {
148     CPUClass *cc = CPU_GET_CLASS(cpu);
149     CPUWatchpoint *wp;
150 
151     assert(tcg_enabled());
152     if (cpu->watchpoint_hit) {
153         /*
154          * We re-entered the check after replacing the TB.
155          * Now raise the debug interrupt so that it will
156          * trigger after the current instruction.
157          */
158         qemu_mutex_lock_iothread();
159         cpu_interrupt(cpu, CPU_INTERRUPT_DEBUG);
160         qemu_mutex_unlock_iothread();
161         return;
162     }
163 
164     if (cc->tcg_ops->adjust_watchpoint_address) {
165         /* this is currently used only by ARM BE32 */
166         addr = cc->tcg_ops->adjust_watchpoint_address(cpu, addr, len);
167     }
168 
169     assert((flags & ~BP_MEM_ACCESS) == 0);
170     QTAILQ_FOREACH(wp, &cpu->watchpoints, entry) {
171         int hit_flags = wp->flags & flags;
172 
173         if (hit_flags && watchpoint_address_matches(wp, addr, len)) {
174             if (replay_running_debug()) {
175                 /*
176                  * replay_breakpoint reads icount.
177                  * Force recompile to succeed, because icount may
178                  * be read only at the end of the block.
179                  */
180                 if (!cpu->neg.can_do_io) {
181                     /* Force execution of one insn next time.  */
182                     cpu->cflags_next_tb = 1 | CF_NOIRQ | curr_cflags(cpu);
183                     cpu_loop_exit_restore(cpu, ra);
184                 }
185                 /*
186                  * Don't process the watchpoints when we are
187                  * in a reverse debugging operation.
188                  */
189                 replay_breakpoint();
190                 return;
191             }
192 
193             wp->flags |= hit_flags << BP_HIT_SHIFT;
194             wp->hitaddr = MAX(addr, wp->vaddr);
195             wp->hitattrs = attrs;
196 
197             if (wp->flags & BP_CPU
198                 && cc->tcg_ops->debug_check_watchpoint
199                 && !cc->tcg_ops->debug_check_watchpoint(cpu, wp)) {
200                 wp->flags &= ~BP_WATCHPOINT_HIT;
201                 continue;
202             }
203             cpu->watchpoint_hit = wp;
204 
205             mmap_lock();
206             /* This call also restores vCPU state */
207             tb_check_watchpoint(cpu, ra);
208             if (wp->flags & BP_STOP_BEFORE_ACCESS) {
209                 cpu->exception_index = EXCP_DEBUG;
210                 mmap_unlock();
211                 cpu_loop_exit(cpu);
212             } else {
213                 /* Force execution of one insn next time.  */
214                 cpu->cflags_next_tb = 1 | CF_NOIRQ | curr_cflags(cpu);
215                 mmap_unlock();
216                 cpu_loop_exit_noexc(cpu);
217             }
218         } else {
219             wp->flags &= ~BP_WATCHPOINT_HIT;
220         }
221     }
222 }
223 
224 #endif /* CONFIG_TCG */
225