1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (C) 2007 Alan Stern
4  * Copyright (C) IBM Corporation, 2009
5  * Copyright (C) 2009, Frederic Weisbecker <fweisbec@gmail.com>
6  *
7  * Thanks to Ingo Molnar for his many suggestions.
8  *
9  * Authors: Alan Stern <stern@rowland.harvard.edu>
10  *          K.Prasad <prasad@linux.vnet.ibm.com>
11  *          Frederic Weisbecker <fweisbec@gmail.com>
12  */
13 
14 /*
15  * HW_breakpoint: a unified kernel/user-space hardware breakpoint facility,
16  * using the CPU's debug registers.
17  * This file contains the arch-independent routines.
18  */
19 
20 #include <linux/hw_breakpoint.h>
21 
22 #include <linux/atomic.h>
23 #include <linux/bug.h>
24 #include <linux/cpu.h>
25 #include <linux/export.h>
26 #include <linux/init.h>
27 #include <linux/irqflags.h>
28 #include <linux/kdebug.h>
29 #include <linux/kernel.h>
30 #include <linux/mutex.h>
31 #include <linux/notifier.h>
32 #include <linux/percpu-rwsem.h>
33 #include <linux/percpu.h>
34 #include <linux/rhashtable.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 
38 /*
39  * Datastructure to track the total uses of N slots across tasks or CPUs;
40  * bp_slots_histogram::count[N] is the number of assigned N+1 breakpoint slots.
41  */
42 struct bp_slots_histogram {
43 #ifdef hw_breakpoint_slots
44 	atomic_t count[hw_breakpoint_slots(0)];
45 #else
46 	atomic_t *count;
47 #endif
48 };
49 
50 /*
51  * Per-CPU constraints data.
52  */
53 struct bp_cpuinfo {
54 	/* Number of pinned CPU breakpoints in a CPU. */
55 	unsigned int			cpu_pinned;
56 	/* Histogram of pinned task breakpoints in a CPU. */
57 	struct bp_slots_histogram	tsk_pinned;
58 };
59 
60 static DEFINE_PER_CPU(struct bp_cpuinfo, bp_cpuinfo[TYPE_MAX]);
61 
get_bp_info(int cpu,enum bp_type_idx type)62 static struct bp_cpuinfo *get_bp_info(int cpu, enum bp_type_idx type)
63 {
64 	return per_cpu_ptr(bp_cpuinfo + type, cpu);
65 }
66 
67 /* Number of pinned CPU breakpoints globally. */
68 static struct bp_slots_histogram cpu_pinned[TYPE_MAX];
69 /* Number of pinned CPU-independent task breakpoints. */
70 static struct bp_slots_histogram tsk_pinned_all[TYPE_MAX];
71 
72 /* Keep track of the breakpoints attached to tasks */
73 static struct rhltable task_bps_ht;
74 static const struct rhashtable_params task_bps_ht_params = {
75 	.head_offset = offsetof(struct hw_perf_event, bp_list),
76 	.key_offset = offsetof(struct hw_perf_event, target),
77 	.key_len = sizeof_field(struct hw_perf_event, target),
78 	.automatic_shrinking = true,
79 };
80 
81 static bool constraints_initialized __ro_after_init;
82 
83 /*
84  * Synchronizes accesses to the per-CPU constraints; the locking rules are:
85  *
86  *  1. Atomic updates to bp_cpuinfo::tsk_pinned only require a held read-lock
87  *     (due to bp_slots_histogram::count being atomic, no update are lost).
88  *
89  *  2. Holding a write-lock is required for computations that require a
90  *     stable snapshot of all bp_cpuinfo::tsk_pinned.
91  *
92  *  3. In all other cases, non-atomic accesses require the appropriately held
93  *     lock (read-lock for read-only accesses; write-lock for reads/writes).
94  */
95 DEFINE_STATIC_PERCPU_RWSEM(bp_cpuinfo_sem);
96 
97 /*
98  * Return mutex to serialize accesses to per-task lists in task_bps_ht. Since
99  * rhltable synchronizes concurrent insertions/deletions, independent tasks may
100  * insert/delete concurrently; therefore, a mutex per task is sufficient.
101  *
102  * Uses task_struct::perf_event_mutex, to avoid extending task_struct with a
103  * hw_breakpoint-only mutex, which may be infrequently used. The caveat here is
104  * that hw_breakpoint may contend with per-task perf event list management. The
105  * assumption is that perf usecases involving hw_breakpoints are very unlikely
106  * to result in unnecessary contention.
107  */
get_task_bps_mutex(struct perf_event * bp)108 static inline struct mutex *get_task_bps_mutex(struct perf_event *bp)
109 {
110 	struct task_struct *tsk = bp->hw.target;
111 
112 	return tsk ? &tsk->perf_event_mutex : NULL;
113 }
114 
bp_constraints_lock(struct perf_event * bp)115 static struct mutex *bp_constraints_lock(struct perf_event *bp)
116 {
117 	struct mutex *tsk_mtx = get_task_bps_mutex(bp);
118 
119 	if (tsk_mtx) {
120 		/*
121 		 * Fully analogous to the perf_try_init_event() nesting
122 		 * argument in the comment near perf_event_ctx_lock_nested();
123 		 * this child->perf_event_mutex cannot ever deadlock against
124 		 * the parent->perf_event_mutex usage from
125 		 * perf_event_task_{en,dis}able().
126 		 *
127 		 * Specifically, inherited events will never occur on
128 		 * ->perf_event_list.
129 		 */
130 		mutex_lock_nested(tsk_mtx, SINGLE_DEPTH_NESTING);
131 		percpu_down_read(&bp_cpuinfo_sem);
132 	} else {
133 		percpu_down_write(&bp_cpuinfo_sem);
134 	}
135 
136 	return tsk_mtx;
137 }
138 
bp_constraints_unlock(struct mutex * tsk_mtx)139 static void bp_constraints_unlock(struct mutex *tsk_mtx)
140 {
141 	if (tsk_mtx) {
142 		percpu_up_read(&bp_cpuinfo_sem);
143 		mutex_unlock(tsk_mtx);
144 	} else {
145 		percpu_up_write(&bp_cpuinfo_sem);
146 	}
147 }
148 
bp_constraints_is_locked(struct perf_event * bp)149 static bool bp_constraints_is_locked(struct perf_event *bp)
150 {
151 	struct mutex *tsk_mtx = get_task_bps_mutex(bp);
152 
153 	return percpu_is_write_locked(&bp_cpuinfo_sem) ||
154 	       (tsk_mtx ? mutex_is_locked(tsk_mtx) :
155 			  percpu_is_read_locked(&bp_cpuinfo_sem));
156 }
157 
assert_bp_constraints_lock_held(struct perf_event * bp)158 static inline void assert_bp_constraints_lock_held(struct perf_event *bp)
159 {
160 	struct mutex *tsk_mtx = get_task_bps_mutex(bp);
161 
162 	if (tsk_mtx)
163 		lockdep_assert_held(tsk_mtx);
164 	lockdep_assert_held(&bp_cpuinfo_sem);
165 }
166 
167 #ifdef hw_breakpoint_slots
168 /*
169  * Number of breakpoint slots is constant, and the same for all types.
170  */
171 static_assert(hw_breakpoint_slots(TYPE_INST) == hw_breakpoint_slots(TYPE_DATA));
hw_breakpoint_slots_cached(int type)172 static inline int hw_breakpoint_slots_cached(int type)	{ return hw_breakpoint_slots(type); }
init_breakpoint_slots(void)173 static inline int init_breakpoint_slots(void)		{ return 0; }
174 #else
175 /*
176  * Dynamic number of breakpoint slots.
177  */
178 static int __nr_bp_slots[TYPE_MAX] __ro_after_init;
179 
hw_breakpoint_slots_cached(int type)180 static inline int hw_breakpoint_slots_cached(int type)
181 {
182 	return __nr_bp_slots[type];
183 }
184 
185 static __init bool
bp_slots_histogram_alloc(struct bp_slots_histogram * hist,enum bp_type_idx type)186 bp_slots_histogram_alloc(struct bp_slots_histogram *hist, enum bp_type_idx type)
187 {
188 	hist->count = kcalloc(hw_breakpoint_slots_cached(type), sizeof(*hist->count), GFP_KERNEL);
189 	return hist->count;
190 }
191 
bp_slots_histogram_free(struct bp_slots_histogram * hist)192 static __init void bp_slots_histogram_free(struct bp_slots_histogram *hist)
193 {
194 	kfree(hist->count);
195 }
196 
init_breakpoint_slots(void)197 static __init int init_breakpoint_slots(void)
198 {
199 	int i, cpu, err_cpu;
200 
201 	for (i = 0; i < TYPE_MAX; i++)
202 		__nr_bp_slots[i] = hw_breakpoint_slots(i);
203 
204 	for_each_possible_cpu(cpu) {
205 		for (i = 0; i < TYPE_MAX; i++) {
206 			struct bp_cpuinfo *info = get_bp_info(cpu, i);
207 
208 			if (!bp_slots_histogram_alloc(&info->tsk_pinned, i))
209 				goto err;
210 		}
211 	}
212 	for (i = 0; i < TYPE_MAX; i++) {
213 		if (!bp_slots_histogram_alloc(&cpu_pinned[i], i))
214 			goto err;
215 		if (!bp_slots_histogram_alloc(&tsk_pinned_all[i], i))
216 			goto err;
217 	}
218 
219 	return 0;
220 err:
221 	for_each_possible_cpu(err_cpu) {
222 		for (i = 0; i < TYPE_MAX; i++)
223 			bp_slots_histogram_free(&get_bp_info(err_cpu, i)->tsk_pinned);
224 		if (err_cpu == cpu)
225 			break;
226 	}
227 	for (i = 0; i < TYPE_MAX; i++) {
228 		bp_slots_histogram_free(&cpu_pinned[i]);
229 		bp_slots_histogram_free(&tsk_pinned_all[i]);
230 	}
231 
232 	return -ENOMEM;
233 }
234 #endif
235 
236 static inline void
bp_slots_histogram_add(struct bp_slots_histogram * hist,int old,int val)237 bp_slots_histogram_add(struct bp_slots_histogram *hist, int old, int val)
238 {
239 	const int old_idx = old - 1;
240 	const int new_idx = old_idx + val;
241 
242 	if (old_idx >= 0)
243 		WARN_ON(atomic_dec_return_relaxed(&hist->count[old_idx]) < 0);
244 	if (new_idx >= 0)
245 		WARN_ON(atomic_inc_return_relaxed(&hist->count[new_idx]) < 0);
246 }
247 
248 static int
bp_slots_histogram_max(struct bp_slots_histogram * hist,enum bp_type_idx type)249 bp_slots_histogram_max(struct bp_slots_histogram *hist, enum bp_type_idx type)
250 {
251 	for (int i = hw_breakpoint_slots_cached(type) - 1; i >= 0; i--) {
252 		const int count = atomic_read(&hist->count[i]);
253 
254 		/* Catch unexpected writers; we want a stable snapshot. */
255 		ASSERT_EXCLUSIVE_WRITER(hist->count[i]);
256 		if (count > 0)
257 			return i + 1;
258 		WARN(count < 0, "inconsistent breakpoint slots histogram");
259 	}
260 
261 	return 0;
262 }
263 
264 static int
bp_slots_histogram_max_merge(struct bp_slots_histogram * hist1,struct bp_slots_histogram * hist2,enum bp_type_idx type)265 bp_slots_histogram_max_merge(struct bp_slots_histogram *hist1, struct bp_slots_histogram *hist2,
266 			     enum bp_type_idx type)
267 {
268 	for (int i = hw_breakpoint_slots_cached(type) - 1; i >= 0; i--) {
269 		const int count1 = atomic_read(&hist1->count[i]);
270 		const int count2 = atomic_read(&hist2->count[i]);
271 
272 		/* Catch unexpected writers; we want a stable snapshot. */
273 		ASSERT_EXCLUSIVE_WRITER(hist1->count[i]);
274 		ASSERT_EXCLUSIVE_WRITER(hist2->count[i]);
275 		if (count1 + count2 > 0)
276 			return i + 1;
277 		WARN(count1 < 0, "inconsistent breakpoint slots histogram");
278 		WARN(count2 < 0, "inconsistent breakpoint slots histogram");
279 	}
280 
281 	return 0;
282 }
283 
284 #ifndef hw_breakpoint_weight
hw_breakpoint_weight(struct perf_event * bp)285 static inline int hw_breakpoint_weight(struct perf_event *bp)
286 {
287 	return 1;
288 }
289 #endif
290 
find_slot_idx(u64 bp_type)291 static inline enum bp_type_idx find_slot_idx(u64 bp_type)
292 {
293 	if (bp_type & HW_BREAKPOINT_RW)
294 		return TYPE_DATA;
295 
296 	return TYPE_INST;
297 }
298 
299 /*
300  * Return the maximum number of pinned breakpoints a task has in this CPU.
301  */
max_task_bp_pinned(int cpu,enum bp_type_idx type)302 static unsigned int max_task_bp_pinned(int cpu, enum bp_type_idx type)
303 {
304 	struct bp_slots_histogram *tsk_pinned = &get_bp_info(cpu, type)->tsk_pinned;
305 
306 	/*
307 	 * At this point we want to have acquired the bp_cpuinfo_sem as a
308 	 * writer to ensure that there are no concurrent writers in
309 	 * toggle_bp_task_slot() to tsk_pinned, and we get a stable snapshot.
310 	 */
311 	lockdep_assert_held_write(&bp_cpuinfo_sem);
312 	return bp_slots_histogram_max_merge(tsk_pinned, &tsk_pinned_all[type], type);
313 }
314 
315 /*
316  * Count the number of breakpoints of the same type and same task.
317  * The given event must be not on the list.
318  *
319  * If @cpu is -1, but the result of task_bp_pinned() is not CPU-independent,
320  * returns a negative value.
321  */
task_bp_pinned(int cpu,struct perf_event * bp,enum bp_type_idx type)322 static int task_bp_pinned(int cpu, struct perf_event *bp, enum bp_type_idx type)
323 {
324 	struct rhlist_head *head, *pos;
325 	struct perf_event *iter;
326 	int count = 0;
327 
328 	/*
329 	 * We need a stable snapshot of the per-task breakpoint list.
330 	 */
331 	assert_bp_constraints_lock_held(bp);
332 
333 	rcu_read_lock();
334 	head = rhltable_lookup(&task_bps_ht, &bp->hw.target, task_bps_ht_params);
335 	if (!head)
336 		goto out;
337 
338 	rhl_for_each_entry_rcu(iter, pos, head, hw.bp_list) {
339 		if (find_slot_idx(iter->attr.bp_type) != type)
340 			continue;
341 
342 		if (iter->cpu >= 0) {
343 			if (cpu == -1) {
344 				count = -1;
345 				goto out;
346 			} else if (cpu != iter->cpu)
347 				continue;
348 		}
349 
350 		count += hw_breakpoint_weight(iter);
351 	}
352 
353 out:
354 	rcu_read_unlock();
355 	return count;
356 }
357 
cpumask_of_bp(struct perf_event * bp)358 static const struct cpumask *cpumask_of_bp(struct perf_event *bp)
359 {
360 	if (bp->cpu >= 0)
361 		return cpumask_of(bp->cpu);
362 	return cpu_possible_mask;
363 }
364 
365 /*
366  * Returns the max pinned breakpoint slots in a given
367  * CPU (cpu > -1) or across all of them (cpu = -1).
368  */
369 static int
max_bp_pinned_slots(struct perf_event * bp,enum bp_type_idx type)370 max_bp_pinned_slots(struct perf_event *bp, enum bp_type_idx type)
371 {
372 	const struct cpumask *cpumask = cpumask_of_bp(bp);
373 	int pinned_slots = 0;
374 	int cpu;
375 
376 	if (bp->hw.target && bp->cpu < 0) {
377 		int max_pinned = task_bp_pinned(-1, bp, type);
378 
379 		if (max_pinned >= 0) {
380 			/*
381 			 * Fast path: task_bp_pinned() is CPU-independent and
382 			 * returns the same value for any CPU.
383 			 */
384 			max_pinned += bp_slots_histogram_max(&cpu_pinned[type], type);
385 			return max_pinned;
386 		}
387 	}
388 
389 	for_each_cpu(cpu, cpumask) {
390 		struct bp_cpuinfo *info = get_bp_info(cpu, type);
391 		int nr;
392 
393 		nr = info->cpu_pinned;
394 		if (!bp->hw.target)
395 			nr += max_task_bp_pinned(cpu, type);
396 		else
397 			nr += task_bp_pinned(cpu, bp, type);
398 
399 		pinned_slots = max(nr, pinned_slots);
400 	}
401 
402 	return pinned_slots;
403 }
404 
405 /*
406  * Add/remove the given breakpoint in our constraint table
407  */
408 static int
toggle_bp_slot(struct perf_event * bp,bool enable,enum bp_type_idx type,int weight)409 toggle_bp_slot(struct perf_event *bp, bool enable, enum bp_type_idx type, int weight)
410 {
411 	int cpu, next_tsk_pinned;
412 
413 	if (!enable)
414 		weight = -weight;
415 
416 	if (!bp->hw.target) {
417 		/*
418 		 * Update the pinned CPU slots, in per-CPU bp_cpuinfo and in the
419 		 * global histogram.
420 		 */
421 		struct bp_cpuinfo *info = get_bp_info(bp->cpu, type);
422 
423 		lockdep_assert_held_write(&bp_cpuinfo_sem);
424 		bp_slots_histogram_add(&cpu_pinned[type], info->cpu_pinned, weight);
425 		info->cpu_pinned += weight;
426 		return 0;
427 	}
428 
429 	/*
430 	 * If bp->hw.target, tsk_pinned is only modified, but not used
431 	 * otherwise. We can permit concurrent updates as long as there are no
432 	 * other uses: having acquired bp_cpuinfo_sem as a reader allows
433 	 * concurrent updates here. Uses of tsk_pinned will require acquiring
434 	 * bp_cpuinfo_sem as a writer to stabilize tsk_pinned's value.
435 	 */
436 	lockdep_assert_held_read(&bp_cpuinfo_sem);
437 
438 	/*
439 	 * Update the pinned task slots, in per-CPU bp_cpuinfo and in the global
440 	 * histogram. We need to take care of 4 cases:
441 	 *
442 	 *  1. This breakpoint targets all CPUs (cpu < 0), and there may only
443 	 *     exist other task breakpoints targeting all CPUs. In this case we
444 	 *     can simply update the global slots histogram.
445 	 *
446 	 *  2. This breakpoint targets a specific CPU (cpu >= 0), but there may
447 	 *     only exist other task breakpoints targeting all CPUs.
448 	 *
449 	 *     a. On enable: remove the existing breakpoints from the global
450 	 *        slots histogram and use the per-CPU histogram.
451 	 *
452 	 *     b. On disable: re-insert the existing breakpoints into the global
453 	 *        slots histogram and remove from per-CPU histogram.
454 	 *
455 	 *  3. Some other existing task breakpoints target specific CPUs. Only
456 	 *     update the per-CPU slots histogram.
457 	 */
458 
459 	if (!enable) {
460 		/*
461 		 * Remove before updating histograms so we can determine if this
462 		 * was the last task breakpoint for a specific CPU.
463 		 */
464 		int ret = rhltable_remove(&task_bps_ht, &bp->hw.bp_list, task_bps_ht_params);
465 
466 		if (ret)
467 			return ret;
468 	}
469 	/*
470 	 * Note: If !enable, next_tsk_pinned will not count the to-be-removed breakpoint.
471 	 */
472 	next_tsk_pinned = task_bp_pinned(-1, bp, type);
473 
474 	if (next_tsk_pinned >= 0) {
475 		if (bp->cpu < 0) { /* Case 1: fast path */
476 			if (!enable)
477 				next_tsk_pinned += hw_breakpoint_weight(bp);
478 			bp_slots_histogram_add(&tsk_pinned_all[type], next_tsk_pinned, weight);
479 		} else if (enable) { /* Case 2.a: slow path */
480 			/* Add existing to per-CPU histograms. */
481 			for_each_possible_cpu(cpu) {
482 				bp_slots_histogram_add(&get_bp_info(cpu, type)->tsk_pinned,
483 						       0, next_tsk_pinned);
484 			}
485 			/* Add this first CPU-pinned task breakpoint. */
486 			bp_slots_histogram_add(&get_bp_info(bp->cpu, type)->tsk_pinned,
487 					       next_tsk_pinned, weight);
488 			/* Rebalance global task pinned histogram. */
489 			bp_slots_histogram_add(&tsk_pinned_all[type], next_tsk_pinned,
490 					       -next_tsk_pinned);
491 		} else { /* Case 2.b: slow path */
492 			/* Remove this last CPU-pinned task breakpoint. */
493 			bp_slots_histogram_add(&get_bp_info(bp->cpu, type)->tsk_pinned,
494 					       next_tsk_pinned + hw_breakpoint_weight(bp), weight);
495 			/* Remove all from per-CPU histograms. */
496 			for_each_possible_cpu(cpu) {
497 				bp_slots_histogram_add(&get_bp_info(cpu, type)->tsk_pinned,
498 						       next_tsk_pinned, -next_tsk_pinned);
499 			}
500 			/* Rebalance global task pinned histogram. */
501 			bp_slots_histogram_add(&tsk_pinned_all[type], 0, next_tsk_pinned);
502 		}
503 	} else { /* Case 3: slow path */
504 		const struct cpumask *cpumask = cpumask_of_bp(bp);
505 
506 		for_each_cpu(cpu, cpumask) {
507 			next_tsk_pinned = task_bp_pinned(cpu, bp, type);
508 			if (!enable)
509 				next_tsk_pinned += hw_breakpoint_weight(bp);
510 			bp_slots_histogram_add(&get_bp_info(cpu, type)->tsk_pinned,
511 					       next_tsk_pinned, weight);
512 		}
513 	}
514 
515 	/*
516 	 * Readers want a stable snapshot of the per-task breakpoint list.
517 	 */
518 	assert_bp_constraints_lock_held(bp);
519 
520 	if (enable)
521 		return rhltable_insert(&task_bps_ht, &bp->hw.bp_list, task_bps_ht_params);
522 
523 	return 0;
524 }
525 
526 /*
527  * Constraints to check before allowing this new breakpoint counter.
528  *
529  * Note: Flexible breakpoints are currently unimplemented, but outlined in the
530  * below algorithm for completeness.  The implementation treats flexible as
531  * pinned due to no guarantee that we currently always schedule flexible events
532  * before a pinned event in a same CPU.
533  *
534  *  == Non-pinned counter == (Considered as pinned for now)
535  *
536  *   - If attached to a single cpu, check:
537  *
538  *       (per_cpu(info->flexible, cpu) || (per_cpu(info->cpu_pinned, cpu)
539  *           + max(per_cpu(info->tsk_pinned, cpu)))) < HBP_NUM
540  *
541  *       -> If there are already non-pinned counters in this cpu, it means
542  *          there is already a free slot for them.
543  *          Otherwise, we check that the maximum number of per task
544  *          breakpoints (for this cpu) plus the number of per cpu breakpoint
545  *          (for this cpu) doesn't cover every registers.
546  *
547  *   - If attached to every cpus, check:
548  *
549  *       (per_cpu(info->flexible, *) || (max(per_cpu(info->cpu_pinned, *))
550  *           + max(per_cpu(info->tsk_pinned, *)))) < HBP_NUM
551  *
552  *       -> This is roughly the same, except we check the number of per cpu
553  *          bp for every cpu and we keep the max one. Same for the per tasks
554  *          breakpoints.
555  *
556  *
557  * == Pinned counter ==
558  *
559  *   - If attached to a single cpu, check:
560  *
561  *       ((per_cpu(info->flexible, cpu) > 1) + per_cpu(info->cpu_pinned, cpu)
562  *            + max(per_cpu(info->tsk_pinned, cpu))) < HBP_NUM
563  *
564  *       -> Same checks as before. But now the info->flexible, if any, must keep
565  *          one register at least (or they will never be fed).
566  *
567  *   - If attached to every cpus, check:
568  *
569  *       ((per_cpu(info->flexible, *) > 1) + max(per_cpu(info->cpu_pinned, *))
570  *            + max(per_cpu(info->tsk_pinned, *))) < HBP_NUM
571  */
__reserve_bp_slot(struct perf_event * bp,u64 bp_type)572 static int __reserve_bp_slot(struct perf_event *bp, u64 bp_type)
573 {
574 	enum bp_type_idx type;
575 	int max_pinned_slots;
576 	int weight;
577 
578 	/* We couldn't initialize breakpoint constraints on boot */
579 	if (!constraints_initialized)
580 		return -ENOMEM;
581 
582 	/* Basic checks */
583 	if (bp_type == HW_BREAKPOINT_EMPTY ||
584 	    bp_type == HW_BREAKPOINT_INVALID)
585 		return -EINVAL;
586 
587 	type = find_slot_idx(bp_type);
588 	weight = hw_breakpoint_weight(bp);
589 
590 	/* Check if this new breakpoint can be satisfied across all CPUs. */
591 	max_pinned_slots = max_bp_pinned_slots(bp, type) + weight;
592 	if (max_pinned_slots > hw_breakpoint_slots_cached(type))
593 		return -ENOSPC;
594 
595 	return toggle_bp_slot(bp, true, type, weight);
596 }
597 
reserve_bp_slot(struct perf_event * bp)598 int reserve_bp_slot(struct perf_event *bp)
599 {
600 	struct mutex *mtx = bp_constraints_lock(bp);
601 	int ret = __reserve_bp_slot(bp, bp->attr.bp_type);
602 
603 	bp_constraints_unlock(mtx);
604 	return ret;
605 }
606 
__release_bp_slot(struct perf_event * bp,u64 bp_type)607 static void __release_bp_slot(struct perf_event *bp, u64 bp_type)
608 {
609 	enum bp_type_idx type;
610 	int weight;
611 
612 	type = find_slot_idx(bp_type);
613 	weight = hw_breakpoint_weight(bp);
614 	WARN_ON(toggle_bp_slot(bp, false, type, weight));
615 }
616 
release_bp_slot(struct perf_event * bp)617 void release_bp_slot(struct perf_event *bp)
618 {
619 	struct mutex *mtx = bp_constraints_lock(bp);
620 
621 	__release_bp_slot(bp, bp->attr.bp_type);
622 	bp_constraints_unlock(mtx);
623 }
624 
__modify_bp_slot(struct perf_event * bp,u64 old_type,u64 new_type)625 static int __modify_bp_slot(struct perf_event *bp, u64 old_type, u64 new_type)
626 {
627 	int err;
628 
629 	__release_bp_slot(bp, old_type);
630 
631 	err = __reserve_bp_slot(bp, new_type);
632 	if (err) {
633 		/*
634 		 * Reserve the old_type slot back in case
635 		 * there's no space for the new type.
636 		 *
637 		 * This must succeed, because we just released
638 		 * the old_type slot in the __release_bp_slot
639 		 * call above. If not, something is broken.
640 		 */
641 		WARN_ON(__reserve_bp_slot(bp, old_type));
642 	}
643 
644 	return err;
645 }
646 
modify_bp_slot(struct perf_event * bp,u64 old_type,u64 new_type)647 static int modify_bp_slot(struct perf_event *bp, u64 old_type, u64 new_type)
648 {
649 	struct mutex *mtx = bp_constraints_lock(bp);
650 	int ret = __modify_bp_slot(bp, old_type, new_type);
651 
652 	bp_constraints_unlock(mtx);
653 	return ret;
654 }
655 
656 /*
657  * Allow the kernel debugger to reserve breakpoint slots without
658  * taking a lock using the dbg_* variant of for the reserve and
659  * release breakpoint slots.
660  */
dbg_reserve_bp_slot(struct perf_event * bp)661 int dbg_reserve_bp_slot(struct perf_event *bp)
662 {
663 	int ret;
664 
665 	if (bp_constraints_is_locked(bp))
666 		return -1;
667 
668 	/* Locks aren't held; disable lockdep assert checking. */
669 	lockdep_off();
670 	ret = __reserve_bp_slot(bp, bp->attr.bp_type);
671 	lockdep_on();
672 
673 	return ret;
674 }
675 
dbg_release_bp_slot(struct perf_event * bp)676 int dbg_release_bp_slot(struct perf_event *bp)
677 {
678 	if (bp_constraints_is_locked(bp))
679 		return -1;
680 
681 	/* Locks aren't held; disable lockdep assert checking. */
682 	lockdep_off();
683 	__release_bp_slot(bp, bp->attr.bp_type);
684 	lockdep_on();
685 
686 	return 0;
687 }
688 
hw_breakpoint_parse(struct perf_event * bp,const struct perf_event_attr * attr,struct arch_hw_breakpoint * hw)689 static int hw_breakpoint_parse(struct perf_event *bp,
690 			       const struct perf_event_attr *attr,
691 			       struct arch_hw_breakpoint *hw)
692 {
693 	int err;
694 
695 	err = hw_breakpoint_arch_parse(bp, attr, hw);
696 	if (err)
697 		return err;
698 
699 	if (arch_check_bp_in_kernelspace(hw)) {
700 		if (attr->exclude_kernel)
701 			return -EINVAL;
702 		/*
703 		 * Don't let unprivileged users set a breakpoint in the trap
704 		 * path to avoid trap recursion attacks.
705 		 */
706 		if (!capable(CAP_SYS_ADMIN))
707 			return -EPERM;
708 	}
709 
710 	return 0;
711 }
712 
register_perf_hw_breakpoint(struct perf_event * bp)713 int register_perf_hw_breakpoint(struct perf_event *bp)
714 {
715 	struct arch_hw_breakpoint hw = { };
716 	int err;
717 
718 	err = reserve_bp_slot(bp);
719 	if (err)
720 		return err;
721 
722 	err = hw_breakpoint_parse(bp, &bp->attr, &hw);
723 	if (err) {
724 		release_bp_slot(bp);
725 		return err;
726 	}
727 
728 	bp->hw.info = hw;
729 
730 	return 0;
731 }
732 
733 /**
734  * register_user_hw_breakpoint - register a hardware breakpoint for user space
735  * @attr: breakpoint attributes
736  * @triggered: callback to trigger when we hit the breakpoint
737  * @context: context data could be used in the triggered callback
738  * @tsk: pointer to 'task_struct' of the process to which the address belongs
739  */
740 struct perf_event *
register_user_hw_breakpoint(struct perf_event_attr * attr,perf_overflow_handler_t triggered,void * context,struct task_struct * tsk)741 register_user_hw_breakpoint(struct perf_event_attr *attr,
742 			    perf_overflow_handler_t triggered,
743 			    void *context,
744 			    struct task_struct *tsk)
745 {
746 	return perf_event_create_kernel_counter(attr, -1, tsk, triggered,
747 						context);
748 }
749 EXPORT_SYMBOL_GPL(register_user_hw_breakpoint);
750 
hw_breakpoint_copy_attr(struct perf_event_attr * to,struct perf_event_attr * from)751 static void hw_breakpoint_copy_attr(struct perf_event_attr *to,
752 				    struct perf_event_attr *from)
753 {
754 	to->bp_addr = from->bp_addr;
755 	to->bp_type = from->bp_type;
756 	to->bp_len  = from->bp_len;
757 	to->disabled = from->disabled;
758 }
759 
760 int
modify_user_hw_breakpoint_check(struct perf_event * bp,struct perf_event_attr * attr,bool check)761 modify_user_hw_breakpoint_check(struct perf_event *bp, struct perf_event_attr *attr,
762 			        bool check)
763 {
764 	struct arch_hw_breakpoint hw = { };
765 	int err;
766 
767 	err = hw_breakpoint_parse(bp, attr, &hw);
768 	if (err)
769 		return err;
770 
771 	if (check) {
772 		struct perf_event_attr old_attr;
773 
774 		old_attr = bp->attr;
775 		hw_breakpoint_copy_attr(&old_attr, attr);
776 		if (memcmp(&old_attr, attr, sizeof(*attr)))
777 			return -EINVAL;
778 	}
779 
780 	if (bp->attr.bp_type != attr->bp_type) {
781 		err = modify_bp_slot(bp, bp->attr.bp_type, attr->bp_type);
782 		if (err)
783 			return err;
784 	}
785 
786 	hw_breakpoint_copy_attr(&bp->attr, attr);
787 	bp->hw.info = hw;
788 
789 	return 0;
790 }
791 
792 /**
793  * modify_user_hw_breakpoint - modify a user-space hardware breakpoint
794  * @bp: the breakpoint structure to modify
795  * @attr: new breakpoint attributes
796  */
modify_user_hw_breakpoint(struct perf_event * bp,struct perf_event_attr * attr)797 int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr)
798 {
799 	int err;
800 
801 	/*
802 	 * modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it
803 	 * will not be possible to raise IPIs that invoke __perf_event_disable.
804 	 * So call the function directly after making sure we are targeting the
805 	 * current task.
806 	 */
807 	if (irqs_disabled() && bp->ctx && bp->ctx->task == current)
808 		perf_event_disable_local(bp);
809 	else
810 		perf_event_disable(bp);
811 
812 	err = modify_user_hw_breakpoint_check(bp, attr, false);
813 
814 	if (!bp->attr.disabled)
815 		perf_event_enable(bp);
816 
817 	return err;
818 }
819 EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint);
820 
821 /**
822  * unregister_hw_breakpoint - unregister a user-space hardware breakpoint
823  * @bp: the breakpoint structure to unregister
824  */
unregister_hw_breakpoint(struct perf_event * bp)825 void unregister_hw_breakpoint(struct perf_event *bp)
826 {
827 	if (!bp)
828 		return;
829 	perf_event_release_kernel(bp);
830 }
831 EXPORT_SYMBOL_GPL(unregister_hw_breakpoint);
832 
833 /**
834  * register_wide_hw_breakpoint - register a wide breakpoint in the kernel
835  * @attr: breakpoint attributes
836  * @triggered: callback to trigger when we hit the breakpoint
837  * @context: context data could be used in the triggered callback
838  *
839  * @return a set of per_cpu pointers to perf events
840  */
841 struct perf_event * __percpu *
register_wide_hw_breakpoint(struct perf_event_attr * attr,perf_overflow_handler_t triggered,void * context)842 register_wide_hw_breakpoint(struct perf_event_attr *attr,
843 			    perf_overflow_handler_t triggered,
844 			    void *context)
845 {
846 	struct perf_event * __percpu *cpu_events, *bp;
847 	long err = 0;
848 	int cpu;
849 
850 	cpu_events = alloc_percpu(typeof(*cpu_events));
851 	if (!cpu_events)
852 		return (void __percpu __force *)ERR_PTR(-ENOMEM);
853 
854 	cpus_read_lock();
855 	for_each_online_cpu(cpu) {
856 		bp = perf_event_create_kernel_counter(attr, cpu, NULL,
857 						      triggered, context);
858 		if (IS_ERR(bp)) {
859 			err = PTR_ERR(bp);
860 			break;
861 		}
862 
863 		per_cpu(*cpu_events, cpu) = bp;
864 	}
865 	cpus_read_unlock();
866 
867 	if (likely(!err))
868 		return cpu_events;
869 
870 	unregister_wide_hw_breakpoint(cpu_events);
871 	return (void __percpu __force *)ERR_PTR(err);
872 }
873 EXPORT_SYMBOL_GPL(register_wide_hw_breakpoint);
874 
875 /**
876  * unregister_wide_hw_breakpoint - unregister a wide breakpoint in the kernel
877  * @cpu_events: the per cpu set of events to unregister
878  */
unregister_wide_hw_breakpoint(struct perf_event * __percpu * cpu_events)879 void unregister_wide_hw_breakpoint(struct perf_event * __percpu *cpu_events)
880 {
881 	int cpu;
882 
883 	for_each_possible_cpu(cpu)
884 		unregister_hw_breakpoint(per_cpu(*cpu_events, cpu));
885 
886 	free_percpu(cpu_events);
887 }
888 EXPORT_SYMBOL_GPL(unregister_wide_hw_breakpoint);
889 
890 /**
891  * hw_breakpoint_is_used - check if breakpoints are currently used
892  *
893  * Returns: true if breakpoints are used, false otherwise.
894  */
hw_breakpoint_is_used(void)895 bool hw_breakpoint_is_used(void)
896 {
897 	int cpu;
898 
899 	if (!constraints_initialized)
900 		return false;
901 
902 	for_each_possible_cpu(cpu) {
903 		for (int type = 0; type < TYPE_MAX; ++type) {
904 			struct bp_cpuinfo *info = get_bp_info(cpu, type);
905 
906 			if (info->cpu_pinned)
907 				return true;
908 
909 			for (int slot = 0; slot < hw_breakpoint_slots_cached(type); ++slot) {
910 				if (atomic_read(&info->tsk_pinned.count[slot]))
911 					return true;
912 			}
913 		}
914 	}
915 
916 	for (int type = 0; type < TYPE_MAX; ++type) {
917 		for (int slot = 0; slot < hw_breakpoint_slots_cached(type); ++slot) {
918 			/*
919 			 * Warn, because if there are CPU pinned counters,
920 			 * should never get here; bp_cpuinfo::cpu_pinned should
921 			 * be consistent with the global cpu_pinned histogram.
922 			 */
923 			if (WARN_ON(atomic_read(&cpu_pinned[type].count[slot])))
924 				return true;
925 
926 			if (atomic_read(&tsk_pinned_all[type].count[slot]))
927 				return true;
928 		}
929 	}
930 
931 	return false;
932 }
933 
934 static struct notifier_block hw_breakpoint_exceptions_nb = {
935 	.notifier_call = hw_breakpoint_exceptions_notify,
936 	/* we need to be notified first */
937 	.priority = 0x7fffffff
938 };
939 
bp_perf_event_destroy(struct perf_event * event)940 static void bp_perf_event_destroy(struct perf_event *event)
941 {
942 	release_bp_slot(event);
943 }
944 
hw_breakpoint_event_init(struct perf_event * bp)945 static int hw_breakpoint_event_init(struct perf_event *bp)
946 {
947 	int err;
948 
949 	if (bp->attr.type != PERF_TYPE_BREAKPOINT)
950 		return -ENOENT;
951 
952 	/*
953 	 * no branch sampling for breakpoint events
954 	 */
955 	if (has_branch_stack(bp))
956 		return -EOPNOTSUPP;
957 
958 	err = register_perf_hw_breakpoint(bp);
959 	if (err)
960 		return err;
961 
962 	bp->destroy = bp_perf_event_destroy;
963 
964 	return 0;
965 }
966 
hw_breakpoint_add(struct perf_event * bp,int flags)967 static int hw_breakpoint_add(struct perf_event *bp, int flags)
968 {
969 	if (!(flags & PERF_EF_START))
970 		bp->hw.state = PERF_HES_STOPPED;
971 
972 	if (is_sampling_event(bp)) {
973 		bp->hw.last_period = bp->hw.sample_period;
974 		perf_swevent_set_period(bp);
975 	}
976 
977 	return arch_install_hw_breakpoint(bp);
978 }
979 
hw_breakpoint_del(struct perf_event * bp,int flags)980 static void hw_breakpoint_del(struct perf_event *bp, int flags)
981 {
982 	arch_uninstall_hw_breakpoint(bp);
983 }
984 
hw_breakpoint_start(struct perf_event * bp,int flags)985 static void hw_breakpoint_start(struct perf_event *bp, int flags)
986 {
987 	bp->hw.state = 0;
988 }
989 
hw_breakpoint_stop(struct perf_event * bp,int flags)990 static void hw_breakpoint_stop(struct perf_event *bp, int flags)
991 {
992 	bp->hw.state = PERF_HES_STOPPED;
993 }
994 
995 static struct pmu perf_breakpoint = {
996 	.task_ctx_nr	= perf_sw_context, /* could eventually get its own */
997 
998 	.event_init	= hw_breakpoint_event_init,
999 	.add		= hw_breakpoint_add,
1000 	.del		= hw_breakpoint_del,
1001 	.start		= hw_breakpoint_start,
1002 	.stop		= hw_breakpoint_stop,
1003 	.read		= hw_breakpoint_pmu_read,
1004 };
1005 
init_hw_breakpoint(void)1006 int __init init_hw_breakpoint(void)
1007 {
1008 	int ret;
1009 
1010 	ret = rhltable_init(&task_bps_ht, &task_bps_ht_params);
1011 	if (ret)
1012 		return ret;
1013 
1014 	ret = init_breakpoint_slots();
1015 	if (ret)
1016 		return ret;
1017 
1018 	constraints_initialized = true;
1019 
1020 	perf_pmu_register(&perf_breakpoint, "breakpoint", PERF_TYPE_BREAKPOINT);
1021 
1022 	return register_die_notifier(&hw_breakpoint_exceptions_nb);
1023 }
1024