1 /* 2 * ARM gdb server stub: AArch64 specific functions. 3 * 4 * Copyright (c) 2013 SUSE LINUX Products GmbH 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 */ 19 #include "qemu/osdep.h" 20 #include "qemu/log.h" 21 #include "cpu.h" 22 #include "internals.h" 23 #include "gdbstub/helpers.h" 24 #include "gdbstub/commands.h" 25 #include "tcg/mte_helper.h" 26 #if defined(CONFIG_USER_ONLY) && defined(CONFIG_LINUX) 27 #include <sys/prctl.h> 28 #include "mte_user_helper.h" 29 #endif 30 #ifdef CONFIG_TCG 31 #include "accel/tcg/cpu-mmu-index.h" 32 #endif 33 34 int aarch64_cpu_gdb_read_register(CPUState *cs, GByteArray *mem_buf, int n) 35 { 36 ARMCPU *cpu = ARM_CPU(cs); 37 CPUARMState *env = &cpu->env; 38 39 if (n < 31) { 40 /* Core integer register. */ 41 return gdb_get_reg64(mem_buf, env->xregs[n]); 42 } 43 switch (n) { 44 case 31: 45 return gdb_get_reg64(mem_buf, env->xregs[31]); 46 case 32: 47 return gdb_get_reg64(mem_buf, env->pc); 48 case 33: 49 return gdb_get_reg32(mem_buf, pstate_read(env)); 50 } 51 /* Unknown register. */ 52 return 0; 53 } 54 55 int aarch64_cpu_gdb_write_register(CPUState *cs, uint8_t *mem_buf, int n) 56 { 57 ARMCPU *cpu = ARM_CPU(cs); 58 CPUARMState *env = &cpu->env; 59 uint64_t tmp; 60 61 tmp = ldq_p(mem_buf); 62 63 if (n < 31) { 64 /* Core integer register. */ 65 env->xregs[n] = tmp; 66 return 8; 67 } 68 switch (n) { 69 case 31: 70 env->xregs[31] = tmp; 71 return 8; 72 case 32: 73 env->pc = tmp; 74 return 8; 75 case 33: 76 /* CPSR */ 77 pstate_write(env, tmp); 78 return 4; 79 } 80 /* Unknown register. */ 81 return 0; 82 } 83 84 int aarch64_gdb_get_fpu_reg(CPUState *cs, GByteArray *buf, int reg) 85 { 86 ARMCPU *cpu = ARM_CPU(cs); 87 CPUARMState *env = &cpu->env; 88 89 switch (reg) { 90 case 0 ... 31: 91 { 92 /* 128 bit FP register - quads are in LE order */ 93 uint64_t *q = aa64_vfp_qreg(env, reg); 94 return gdb_get_reg128(buf, q[1], q[0]); 95 } 96 case 32: 97 /* FPSR */ 98 return gdb_get_reg32(buf, vfp_get_fpsr(env)); 99 case 33: 100 /* FPCR */ 101 return gdb_get_reg32(buf, vfp_get_fpcr(env)); 102 default: 103 return 0; 104 } 105 } 106 107 int aarch64_gdb_set_fpu_reg(CPUState *cs, uint8_t *buf, int reg) 108 { 109 ARMCPU *cpu = ARM_CPU(cs); 110 CPUARMState *env = &cpu->env; 111 112 switch (reg) { 113 case 0 ... 31: 114 /* 128 bit FP register */ 115 { 116 uint64_t *q = aa64_vfp_qreg(env, reg); 117 q[0] = ldq_le_p(buf); 118 q[1] = ldq_le_p(buf + 8); 119 return 16; 120 } 121 case 32: 122 /* FPSR */ 123 vfp_set_fpsr(env, ldl_p(buf)); 124 return 4; 125 case 33: 126 /* FPCR */ 127 vfp_set_fpcr(env, ldl_p(buf)); 128 return 4; 129 default: 130 return 0; 131 } 132 } 133 134 int aarch64_gdb_get_sve_reg(CPUState *cs, GByteArray *buf, int reg) 135 { 136 ARMCPU *cpu = ARM_CPU(cs); 137 CPUARMState *env = &cpu->env; 138 139 switch (reg) { 140 /* The first 32 registers are the zregs */ 141 case 0 ... 31: 142 { 143 int vq, len = 0; 144 for (vq = 0; vq < cpu->sve_max_vq; vq++) { 145 len += gdb_get_reg128(buf, 146 env->vfp.zregs[reg].d[vq * 2 + 1], 147 env->vfp.zregs[reg].d[vq * 2]); 148 } 149 return len; 150 } 151 case 32: 152 return gdb_get_reg32(buf, vfp_get_fpsr(env)); 153 case 33: 154 return gdb_get_reg32(buf, vfp_get_fpcr(env)); 155 /* then 16 predicates and the ffr */ 156 case 34 ... 50: 157 { 158 int preg = reg - 34; 159 int vq, len = 0; 160 for (vq = 0; vq < cpu->sve_max_vq; vq = vq + 4) { 161 len += gdb_get_reg64(buf, env->vfp.pregs[preg].p[vq / 4]); 162 } 163 return len; 164 } 165 case 51: 166 { 167 /* 168 * We report in Vector Granules (VG) which is 64bit in a Z reg 169 * while the ZCR works in Vector Quads (VQ) which is 128bit chunks. 170 */ 171 int vq = sve_vqm1_for_el(env, arm_current_el(env)) + 1; 172 return gdb_get_reg64(buf, vq * 2); 173 } 174 default: 175 /* gdbstub asked for something out our range */ 176 qemu_log_mask(LOG_UNIMP, "%s: out of range register %d", __func__, reg); 177 break; 178 } 179 180 return 0; 181 } 182 183 int aarch64_gdb_set_sve_reg(CPUState *cs, uint8_t *buf, int reg) 184 { 185 ARMCPU *cpu = ARM_CPU(cs); 186 CPUARMState *env = &cpu->env; 187 188 /* The first 32 registers are the zregs */ 189 switch (reg) { 190 /* The first 32 registers are the zregs */ 191 case 0 ... 31: 192 { 193 int vq, len = 0; 194 uint64_t *p = (uint64_t *) buf; 195 for (vq = 0; vq < cpu->sve_max_vq; vq++) { 196 env->vfp.zregs[reg].d[vq * 2 + 1] = *p++; 197 env->vfp.zregs[reg].d[vq * 2] = *p++; 198 len += 16; 199 } 200 return len; 201 } 202 case 32: 203 vfp_set_fpsr(env, *(uint32_t *)buf); 204 return 4; 205 case 33: 206 vfp_set_fpcr(env, *(uint32_t *)buf); 207 return 4; 208 case 34 ... 50: 209 { 210 int preg = reg - 34; 211 int vq, len = 0; 212 uint64_t *p = (uint64_t *) buf; 213 for (vq = 0; vq < cpu->sve_max_vq; vq = vq + 4) { 214 env->vfp.pregs[preg].p[vq / 4] = *p++; 215 len += 8; 216 } 217 return len; 218 } 219 case 51: 220 /* cannot set vg via gdbstub */ 221 return 0; 222 default: 223 /* gdbstub asked for something out our range */ 224 break; 225 } 226 227 return 0; 228 } 229 230 int aarch64_gdb_get_pauth_reg(CPUState *cs, GByteArray *buf, int reg) 231 { 232 ARMCPU *cpu = ARM_CPU(cs); 233 CPUARMState *env = &cpu->env; 234 235 switch (reg) { 236 case 0: /* pauth_dmask */ 237 case 1: /* pauth_cmask */ 238 case 2: /* pauth_dmask_high */ 239 case 3: /* pauth_cmask_high */ 240 /* 241 * Note that older versions of this feature only contained 242 * pauth_{d,c}mask, for use with Linux user processes, and 243 * thus exclusively in the low half of the address space. 244 * 245 * To support system mode, and to debug kernels, two new regs 246 * were added to cover the high half of the address space. 247 * For the purpose of pauth_ptr_mask, we can use any well-formed 248 * address within the address space half -- here, 0 and -1. 249 */ 250 { 251 bool is_data = !(reg & 1); 252 bool is_high = reg & 2; 253 ARMMMUIdx mmu_idx = arm_stage1_mmu_idx(env); 254 ARMVAParameters param; 255 256 param = aa64_va_parameters(env, -is_high, mmu_idx, is_data, false); 257 return gdb_get_reg64(buf, pauth_ptr_mask(param)); 258 } 259 default: 260 return 0; 261 } 262 } 263 264 int aarch64_gdb_set_pauth_reg(CPUState *cs, uint8_t *buf, int reg) 265 { 266 /* All pseudo registers are read-only. */ 267 return 0; 268 } 269 270 static void output_vector_union_type(GDBFeatureBuilder *builder, int reg_width, 271 const char *name) 272 { 273 struct TypeSize { 274 const char *gdb_type; 275 short size; 276 char sz, suffix; 277 }; 278 279 static const struct TypeSize vec_lanes[] = { 280 /* quads */ 281 { "uint128", 128, 'q', 'u' }, 282 { "int128", 128, 'q', 's' }, 283 /* 64 bit */ 284 { "ieee_double", 64, 'd', 'f' }, 285 { "uint64", 64, 'd', 'u' }, 286 { "int64", 64, 'd', 's' }, 287 /* 32 bit */ 288 { "ieee_single", 32, 's', 'f' }, 289 { "uint32", 32, 's', 'u' }, 290 { "int32", 32, 's', 's' }, 291 /* 16 bit */ 292 { "ieee_half", 16, 'h', 'f' }, 293 { "uint16", 16, 'h', 'u' }, 294 { "int16", 16, 'h', 's' }, 295 /* bytes */ 296 { "uint8", 8, 'b', 'u' }, 297 { "int8", 8, 'b', 's' }, 298 }; 299 300 static const char suf[] = { 'b', 'h', 's', 'd', 'q' }; 301 int i, j; 302 303 /* First define types and totals in a whole VL */ 304 for (i = 0; i < ARRAY_SIZE(vec_lanes); i++) { 305 gdb_feature_builder_append_tag( 306 builder, "<vector id=\"%s%c%c\" type=\"%s\" count=\"%d\"/>", 307 name, vec_lanes[i].sz, vec_lanes[i].suffix, 308 vec_lanes[i].gdb_type, reg_width / vec_lanes[i].size); 309 } 310 311 /* 312 * Now define a union for each size group containing unsigned and 313 * signed and potentially float versions of each size from 128 to 314 * 8 bits. 315 */ 316 for (i = 0; i < ARRAY_SIZE(suf); i++) { 317 int bits = 8 << i; 318 319 gdb_feature_builder_append_tag(builder, "<union id=\"%sn%c\">", 320 name, suf[i]); 321 for (j = 0; j < ARRAY_SIZE(vec_lanes); j++) { 322 if (vec_lanes[j].size == bits) { 323 gdb_feature_builder_append_tag( 324 builder, "<field name=\"%c\" type=\"%s%c%c\"/>", 325 vec_lanes[j].suffix, name, 326 vec_lanes[j].sz, vec_lanes[j].suffix); 327 } 328 } 329 gdb_feature_builder_append_tag(builder, "</union>"); 330 } 331 332 /* And now the final union of unions */ 333 gdb_feature_builder_append_tag(builder, "<union id=\"%s\">", name); 334 for (i = ARRAY_SIZE(suf) - 1; i >= 0; i--) { 335 gdb_feature_builder_append_tag(builder, 336 "<field name=\"%c\" type=\"%sn%c\"/>", 337 suf[i], name, suf[i]); 338 } 339 gdb_feature_builder_append_tag(builder, "</union>"); 340 } 341 342 GDBFeature *arm_gen_dynamic_svereg_feature(CPUState *cs, int base_reg) 343 { 344 ARMCPU *cpu = ARM_CPU(cs); 345 int reg_width = cpu->sve_max_vq * 128; 346 int pred_width = cpu->sve_max_vq * 16; 347 GDBFeatureBuilder builder; 348 char *name; 349 int reg = 0; 350 int i; 351 352 gdb_feature_builder_init(&builder, &cpu->dyn_svereg_feature.desc, 353 "org.gnu.gdb.aarch64.sve", "sve-registers.xml", 354 base_reg); 355 356 /* Create the vector union type. */ 357 output_vector_union_type(&builder, reg_width, "svev"); 358 359 /* Create the predicate vector type. */ 360 gdb_feature_builder_append_tag( 361 &builder, "<vector id=\"svep\" type=\"uint8\" count=\"%d\"/>", 362 pred_width / 8); 363 364 /* Define the vector registers. */ 365 for (i = 0; i < 32; i++) { 366 name = g_strdup_printf("z%d", i); 367 gdb_feature_builder_append_reg(&builder, name, reg_width, reg++, 368 "svev", NULL); 369 } 370 371 /* fpscr & status registers */ 372 gdb_feature_builder_append_reg(&builder, "fpsr", 32, reg++, 373 "int", "float"); 374 gdb_feature_builder_append_reg(&builder, "fpcr", 32, reg++, 375 "int", "float"); 376 377 /* Define the predicate registers. */ 378 for (i = 0; i < 16; i++) { 379 name = g_strdup_printf("p%d", i); 380 gdb_feature_builder_append_reg(&builder, name, pred_width, reg++, 381 "svep", NULL); 382 } 383 gdb_feature_builder_append_reg(&builder, "ffr", pred_width, reg++, 384 "svep", "vector"); 385 386 /* Define the vector length pseudo-register. */ 387 gdb_feature_builder_append_reg(&builder, "vg", 64, reg++, "int", NULL); 388 389 gdb_feature_builder_end(&builder); 390 391 return &cpu->dyn_svereg_feature.desc; 392 } 393 394 #ifdef CONFIG_USER_ONLY 395 int aarch64_gdb_get_tag_ctl_reg(CPUState *cs, GByteArray *buf, int reg) 396 { 397 ARMCPU *cpu = ARM_CPU(cs); 398 CPUARMState *env = &cpu->env; 399 uint64_t tcf0; 400 401 assert(reg == 0); 402 403 tcf0 = extract64(env->cp15.sctlr_el[1], 38, 2); 404 405 return gdb_get_reg64(buf, tcf0); 406 } 407 408 int aarch64_gdb_set_tag_ctl_reg(CPUState *cs, uint8_t *buf, int reg) 409 { 410 #if defined(CONFIG_LINUX) 411 ARMCPU *cpu = ARM_CPU(cs); 412 CPUARMState *env = &cpu->env; 413 414 uint8_t tcf; 415 416 assert(reg == 0); 417 418 tcf = *buf << PR_MTE_TCF_SHIFT; 419 420 if (!tcf) { 421 return 0; 422 } 423 424 /* 425 * 'tag_ctl' register is actually a "pseudo-register" provided by GDB to 426 * expose options regarding the type of MTE fault that can be controlled at 427 * runtime. 428 */ 429 arm_set_mte_tcf0(env, tcf); 430 431 return 1; 432 #else 433 return 0; 434 #endif 435 } 436 #endif /* CONFIG_USER_ONLY */ 437 438 #ifdef CONFIG_TCG 439 static void handle_q_memtag(GArray *params, void *user_ctx) 440 { 441 ARMCPU *cpu = ARM_CPU(user_ctx); 442 CPUARMState *env = &cpu->env; 443 uint32_t mmu_index; 444 445 uint64_t addr = gdb_get_cmd_param(params, 0)->val_ull; 446 uint64_t len = gdb_get_cmd_param(params, 1)->val_ul; 447 int type = gdb_get_cmd_param(params, 2)->val_ul; 448 449 uint8_t *tags; 450 uint8_t addr_tag; 451 452 g_autoptr(GString) str_buf = g_string_new(NULL); 453 454 /* 455 * GDB does not query multiple tags for a memory range on remote targets, so 456 * that's not supported either by gdbstub. 457 */ 458 if (len != 1) { 459 gdb_put_packet("E02"); 460 } 461 462 /* GDB never queries a tag different from an allocation tag (type 1). */ 463 if (type != 1) { 464 gdb_put_packet("E03"); 465 } 466 467 /* Find out the current translation regime for probe. */ 468 mmu_index = cpu_mmu_index(env_cpu(env), false); 469 /* Note that tags are packed here (2 tags packed in one byte). */ 470 tags = allocation_tag_mem_probe(env, mmu_index, addr, MMU_DATA_LOAD, 1, 471 MMU_DATA_LOAD, true, 0); 472 if (!tags) { 473 /* Address is not in a tagged region. */ 474 gdb_put_packet("E04"); 475 return; 476 } 477 478 /* Unpack tag from byte. */ 479 addr_tag = load_tag1(addr, tags); 480 g_string_printf(str_buf, "m%.2x", addr_tag); 481 482 gdb_put_packet(str_buf->str); 483 } 484 485 static void handle_q_isaddresstagged(GArray *params, void *user_ctx) 486 { 487 ARMCPU *cpu = ARM_CPU(user_ctx); 488 CPUARMState *env = &cpu->env; 489 uint32_t mmu_index; 490 491 uint64_t addr = gdb_get_cmd_param(params, 0)->val_ull; 492 493 uint8_t *tags; 494 const char *reply; 495 496 /* Find out the current translation regime for probe. */ 497 mmu_index = cpu_mmu_index(env_cpu(env), false); 498 tags = allocation_tag_mem_probe(env, mmu_index, addr, MMU_DATA_LOAD, 1, 499 MMU_DATA_LOAD, true, 0); 500 reply = tags ? "01" : "00"; 501 502 gdb_put_packet(reply); 503 } 504 505 static void handle_Q_memtag(GArray *params, void *user_ctx) 506 { 507 ARMCPU *cpu = ARM_CPU(user_ctx); 508 CPUARMState *env = &cpu->env; 509 uint32_t mmu_index; 510 511 uint64_t start_addr = gdb_get_cmd_param(params, 0)->val_ull; 512 uint64_t len = gdb_get_cmd_param(params, 1)->val_ul; 513 int type = gdb_get_cmd_param(params, 2)->val_ul; 514 char const *new_tags_str = gdb_get_cmd_param(params, 3)->data; 515 516 uint64_t end_addr; 517 518 int num_new_tags; 519 uint8_t *tags; 520 521 g_autoptr(GByteArray) new_tags = g_byte_array_new(); 522 523 /* 524 * Only the allocation tag (i.e. type 1) can be set at the stub side. 525 */ 526 if (type != 1) { 527 gdb_put_packet("E02"); 528 return; 529 } 530 531 end_addr = start_addr + (len - 1); /* 'len' is always >= 1 */ 532 /* Check if request's memory range does not cross page boundaries. */ 533 if ((start_addr ^ end_addr) & TARGET_PAGE_MASK) { 534 gdb_put_packet("E03"); 535 return; 536 } 537 538 /* 539 * Get all tags in the page starting from the tag of the start address. 540 * Note that there are two tags packed into a single byte here. 541 */ 542 /* Find out the current translation regime for probe. */ 543 mmu_index = cpu_mmu_index(env_cpu(env), false); 544 tags = allocation_tag_mem_probe(env, mmu_index, start_addr, MMU_DATA_STORE, 545 1, MMU_DATA_STORE, true, 0); 546 if (!tags) { 547 /* Address is not in a tagged region. */ 548 gdb_put_packet("E04"); 549 return; 550 } 551 552 /* Convert tags provided by GDB, 2 hex digits per tag. */ 553 num_new_tags = strlen(new_tags_str) / 2; 554 gdb_hextomem(new_tags, new_tags_str, num_new_tags); 555 556 uint64_t address = start_addr; 557 int new_tag_index = 0; 558 while (address <= end_addr) { 559 uint8_t new_tag; 560 int packed_index; 561 562 /* 563 * Find packed tag index from unpacked tag index. There are two tags 564 * in one packed index (one tag per nibble). 565 */ 566 packed_index = new_tag_index / 2; 567 568 new_tag = new_tags->data[new_tag_index % num_new_tags]; 569 store_tag1(address, tags + packed_index, new_tag); 570 571 address += TAG_GRANULE; 572 new_tag_index++; 573 } 574 575 gdb_put_packet("OK"); 576 } 577 578 enum Command { 579 qMemTags, 580 qIsAddressTagged, 581 QMemTags, 582 NUM_CMDS 583 }; 584 585 static const GdbCmdParseEntry cmd_handler_table[NUM_CMDS] = { 586 [qMemTags] = { 587 .handler = handle_q_memtag, 588 .cmd_startswith = true, 589 .cmd = "MemTags:", 590 .schema = "L,l:l0", 591 .need_cpu_context = true 592 }, 593 [qIsAddressTagged] = { 594 .handler = handle_q_isaddresstagged, 595 .cmd_startswith = true, 596 .cmd = "IsAddressTagged:", 597 .schema = "L0", 598 .need_cpu_context = true 599 }, 600 [QMemTags] = { 601 .handler = handle_Q_memtag, 602 .cmd_startswith = true, 603 .cmd = "MemTags:", 604 .schema = "L,l:l:s0", 605 .need_cpu_context = true 606 }, 607 }; 608 #endif /* CONFIG_TCG */ 609 610 void aarch64_cpu_register_gdb_commands(ARMCPU *cpu, GString *qsupported, 611 GPtrArray *qtable, GPtrArray *stable) 612 { 613 /* MTE */ 614 #ifdef CONFIG_TCG 615 if (cpu_isar_feature(aa64_mte, cpu)) { 616 g_string_append(qsupported, ";memory-tagging+"); 617 618 g_ptr_array_add(qtable, (gpointer) &cmd_handler_table[qMemTags]); 619 g_ptr_array_add(qtable, (gpointer) &cmd_handler_table[qIsAddressTagged]); 620 g_ptr_array_add(stable, (gpointer) &cmd_handler_table[QMemTags]); 621 } 622 #endif 623 } 624