From dc3f87a715649da5a5e68d1267b91b20ff7e7647 Mon Sep 17 00:00:00 2001 From: TuxSH <1922548+TuxSH@users.noreply.github.com> Date: Tue, 6 Aug 2019 06:09:51 +0200 Subject: [PATCH] thermosphere: add actual breakpoint code --- thermosphere/src/arm.h | 2 +- thermosphere/src/arm.s | 43 ------- thermosphere/src/breakpoints.c | 114 ++++++++++++++++- thermosphere/src/breakpoints.h | 15 ++- .../src/breakpoints_watchpoints_common.h | 89 +++++++++++++ .../breakpoints_watchpoints_save_restore.h | 24 ++++ .../breakpoints_watchpoints_save_restore.s | 118 ++++++++++++++++++ thermosphere/src/core_ctx.h | 2 +- thermosphere/src/main.c | 6 +- thermosphere/src/watchpoints.c | 24 ++-- thermosphere/src/watchpoints.h | 15 ++- 11 files changed, 388 insertions(+), 64 deletions(-) create mode 100644 thermosphere/src/breakpoints_watchpoints_common.h create mode 100644 thermosphere/src/breakpoints_watchpoints_save_restore.h create mode 100644 thermosphere/src/breakpoints_watchpoints_save_restore.s diff --git a/thermosphere/src/arm.h b/thermosphere/src/arm.h index 5d88a5b35..993aac94a 100644 --- a/thermosphere/src/arm.h +++ b/thermosphere/src/arm.h @@ -14,5 +14,5 @@ void invalidate_icache_all(void); void set_memory_registers_enable_mmu(uintptr_t ttbr0, u64 tcr, u64 mair); void set_memory_registers_enable_stage2(uintptr_t vttbr, u64 vtcr); -void initBreakpointRegs(size_t num); +void reloadBreakpointRegs(size_t num); void initWatchpointRegs(size_t num); diff --git a/thermosphere/src/arm.s b/thermosphere/src/arm.s index 587d58724..c5b59b9ca 100644 --- a/thermosphere/src/arm.s +++ b/thermosphere/src/arm.s @@ -262,46 +262,3 @@ set_memory_registers_enable_stage2: isb ret - - -// Precondition: x0 <= 16 -.section .text.initBreakpointRegs, "ax", %progbits -.type initBreakpointRegs, %function -.global initBreakpointRegs -initBreakpointRegs: - // x0 = number - adr x16, 1f - mov x1, #(16 * 8) - sub x0, x1, x0,lsl #3 - add x16, x16, x0 - br x16 - - 1: - .irp count, 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 - msr dbgbcr\count\()_el1, xzr - msr dbgbvr\count\()_el1, xzr - .endr - dsb sy - isb - ret - -// Precondition: x0 <= 16 -.section .text.initBreakpointRegs, "ax", %progbits -.type initWatchpointRegs, %function -.global initWatchpointRegs -initWatchpointRegs: - // x0 = number - adr x16, 1f - mov x1, #(16 * 8) - sub x0, x1, x0,lsl #3 - add x16, x16, x0 - br x16 - - 1: - .irp count, 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 - msr dbgwcr\count\()_el1, xzr - msr dbgwvr\count\()_el1, xzr - .endr - dsb sy - isb - ret diff --git a/thermosphere/src/breakpoints.c b/thermosphere/src/breakpoints.c index 5efb71a83..94e03a199 100644 --- a/thermosphere/src/breakpoints.c +++ b/thermosphere/src/breakpoints.c @@ -14,16 +14,118 @@ * along with this program. If not, see . */ +#include #include "breakpoints.h" +#include "breakpoints_watchpoints_save_restore.h" #include "utils.h" #include "sysreg.h" #include "arm.h" -void enableAndResetBreakpoints(void) -{ - SET_SYSREG(mdscr_el1, GET_SYSREG(mdscr_el1) | MDSCR_EL1_MDE); +BreakpointManager g_breakpointManager = {0}; - // 20 for watchpoints - size_t num = ((GET_SYSREG(id_aa64dfr0_el1) >> 12) & 0xF) + 1; - initBreakpointRegs(num); +// Init the structure (already in BSS, so already zero-initialized) and load the registers +void initBreakpoints(void) +{ + recursiveSpinlockLock(&g_breakpointManager.lock); + + if (currentCoreCtx->isBootCore && !currentCoreCtx->warmboot) { + size_t num = ((GET_SYSREG(id_aa64dfr0_el1) >> 12) & 0xF) + 1; + g_breakpointManager.maxBreakpoints = (u32)num; + g_breakpointManager.allocationBitmap = BIT(num) - 1; + } + + loadBreakpointRegs(g_breakpointManager.breakpoints, g_breakpointManager.maxBreakpoints); + + recursiveSpinlockUnlock(&g_breakpointManager.lock); } + +static DebugRegisterPair *allocateBreakpoint(void) +{ + u32 pos = __builtin_ffs(g_breakpointManager.allocationBitmap); + if (pos == 0) { + return NULL; + } else { + g_breakpointManager.allocationBitmap &= ~BIT(pos - 1); + return &g_breakpointManager.breakpoints[pos - 1]; + } +} + +static void freeBreakpoint(u32 pos) +{ + memset(&g_breakpointManager.breakpoints[pos], 0, sizeof(DebugRegisterPair)); + g_breakpointManager.allocationBitmap |= BIT(pos); +} + +static DebugRegisterPair *findBreakpoint(u64 addr) +{ + u16 bitmap = g_breakpointManager.allocationBitmap; + while (bitmap != 0) { + u32 pos = __builtin_ffs(bitmap); + if (pos == 0) { + return NULL; + } else { + bitmap &= ~BIT(pos - 1); + if (g_breakpointManager.breakpoints[pos - 1].vr == addr) { + return &g_breakpointManager.breakpoints[pos - 1]; + } + } + } + + return NULL; +} + +// Note: A32/T32/T16 support intentionnally left out +// Note: addresses are supposed to be well-formed regarding the sign extension bits + +bool addBreakpoint(u64 addr) +{ + recursiveSpinlockLock(&g_breakpointManager.lock); + + // Reject misaligned addresses + if (addr & 3) { + return false; + } + + // Breakpoint already added + if (findBreakpoint(addr) != NULL) { + return true; + } + + DebugRegisterPair *regs = allocateBreakpoint(); + regs->cr.bt = BreakpointType_AddressMatch; + regs->cr.linked = false; + + // NS EL1&0 only + regs->cr.hmc = DebugHmc_LowerEl; + regs->cr.ssc = DebugSsc_NonSecure; + regs->cr.pmc = DebugPmc_El1And0; + + regs->cr.bas = 0xF; + regs->cr.enabled = true; + + regs->vr = addr; + + recursiveSpinlockUnlock(&g_breakpointManager.lock); + + // TODO commit & broadcast + + return true; +} + +bool removeBreakpoint(u64 addr) +{ + recursiveSpinlockLock(&g_breakpointManager.lock); + + DebugRegisterPair *regs = findBreakpoint(addr); + + if (findBreakpoint(addr) == NULL) { + return false; + } + + freeBreakpoint(regs - &g_breakpointManager.breakpoints[0]); + recursiveSpinlockUnlock(&g_breakpointManager.lock); + + // TODO commit & broadcast + + return true; +} \ No newline at end of file diff --git a/thermosphere/src/breakpoints.h b/thermosphere/src/breakpoints.h index 1f8b888b0..c2d6cf34b 100644 --- a/thermosphere/src/breakpoints.h +++ b/thermosphere/src/breakpoints.h @@ -16,6 +16,17 @@ #pragma once -#include "types.h" +#include "breakpoints_watchpoints_common.h" +#include "spinlock.h" -void enableAndResetBreakpoints(void); +/// Structure to synchronize and keep track of breakpoints +typedef struct BreakpointManager { + DebugRegisterPair breakpoints[16]; + RecursiveSpinlock lock; + u32 maxBreakpoints; + u16 allocationBitmap; +} BreakpointManager; + +extern BreakpointManager g_breakpointManager; + +void initBreakpoints(void); diff --git a/thermosphere/src/breakpoints_watchpoints_common.h b/thermosphere/src/breakpoints_watchpoints_common.h new file mode 100644 index 000000000..36e4f3dc0 --- /dev/null +++ b/thermosphere/src/breakpoints_watchpoints_common.h @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2019 Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#pragma once + +#include "types.h" +#include "sysreg.h" + +/// BT[3:1] or res0. BT[0]/WT[0] is "is linked" +typedef enum BreakpointType { + BreakpointType_AddressMatch = 0, + BreakpointType_VheContextIdMatch = 1, + BreakpointType_ContextIdMatch = 3, + BreakpointType_VmidMatch = 4, + BreakpointType_VmidContextIdMatch = 5, + BreakpointType_VmidVheContextIdMatch = 6, + BreakpointType_FullVheContextIdMatch = 7, +} BreakpointType; + +// Note: some SSC HMC PMC combinations are invalid +// Refer to "Table D2-9 Summary of breakpoint HMC, SSC, and PMC encodings" + +/// Debug Security State Control +typedef enum DebugSsc { + DebugSsc_Both = 0, + DebugSsc_NonSecure = 1, + DebugSsc_Secure = 2, + DebugSsc_SecureIfLowerOrBoth = 3, +} DebugSsc; + +/// Debug Higher Mode Control +typedef enum DebugHmc { + DebugHmc_LowerEl = 0, + DebugHmc_HigherEl = 1, +} DebugHmc; + +/// Debug Privilege Mode Control (called PAC for watchpoints) +typedef enum DebugPmc { + DebugPmc_NeitherEl1Nor0 = 0, + DebugPmc_El1 = 1, + DebugPmc_El0 = 2, + DebugPmc_El1And0 = 3, +} DebugPmc; + +typedef enum WatchpointLoadStoreControl { + WatchpointLoadStoreControl_Load = 0, + WatchpointLoadStoreControl_Store = 2, + WatchpointLoadStoreControl_LoadStore = 3, +} WatchpointLoadStoreControl; + +// bas only 4 bits for breakpoints, other bits res0. +// lsc, mask only for watchpoints, res0 for breakpoints +// bt only from breakpoints, res0 for watchpoints +typedef struct DebugControlRegister { + bool enabled : 1; + DebugPmc pmc : 2; + WatchpointLoadStoreControl lsc : 2; + u32 bas : 8; + DebugHmc hmc : 1; + DebugSsc ssc : 2; + u32 lbn : 4; + bool linked : 1; + BreakpointType bt : 3; + u32 mask : 5; + u64 res0 : 35; +} DebugControlRegister; + +typedef struct DebugRegisterPair { + DebugControlRegister cr; + u64 vr; +} DebugRegisterPair; + +static inline void enableBreakpointsAndWatchpoints(void) +{ + SET_SYSREG(mdscr_el1, GET_SYSREG(mdscr_el1) | MDSCR_EL1_MDE); +} \ No newline at end of file diff --git a/thermosphere/src/breakpoints_watchpoints_save_restore.h b/thermosphere/src/breakpoints_watchpoints_save_restore.h new file mode 100644 index 000000000..8ca0b12f7 --- /dev/null +++ b/thermosphere/src/breakpoints_watchpoints_save_restore.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2018-2019 Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#pragma once +#include "breakpoints_watchpoints_common.h" + +void loadBreakpointRegs(const DebugRegisterPair *regs, size_t num); +void saveBreakpointRegs(DebugRegisterPair *regs, size_t num); + +void loadWatchpointRegs(const DebugRegisterPair *regs, size_t num); +void saveWatchpointRegs(DebugRegisterPair *regs, size_t num); \ No newline at end of file diff --git a/thermosphere/src/breakpoints_watchpoints_save_restore.s b/thermosphere/src/breakpoints_watchpoints_save_restore.s new file mode 100644 index 000000000..e938d5948 --- /dev/null +++ b/thermosphere/src/breakpoints_watchpoints_save_restore.s @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2018-2019 Atmosphère-NX + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + + +// Precondition: x1 <= 16 +.section .text.loadBreakpointRegs, "ax", %progbits +.type loadBreakpointRegs, %function +.global loadBreakpointRegs +loadBreakpointRegs: + // x1 = number + adr x16, 1f + add x0, x0, #(16 * 8) + mov x4, #(16 * 12) + sub x4, x4, x1,lsl #3 + sub x4, x4, x1,lsl #2 + add x16, x16, x4 + br x16 + + 1: + .irp count, 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 + ldp x2, x3, [x0, #-0x10]! + msr dbgbcr\count\()_el1, x2 + msr dbgbvr\count\()_el1, x3 + .endr + dsb sy + isb + ret + +// Precondition: x1 <= 16 +.section .text.storeBreakpointRegs, "ax", %progbits +.type storeBreakpointRegs, %function +.global storBreakpointRegs +storeBreakpointRegs: + // x1 = number + dsb sy + isb + + adr x16, 1f + add x0, x0, #(16 * 8) + mov x4, #(16 * 12) + sub x4, x4, x1,lsl #3 + sub x4, x4, x1,lsl #2 + add x16, x16, x4 + br x16 + + 1: + .irp count, 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 + mrs x2, dbgbcr\count\()_el1 + mrs x3, dbgbvr\count\()_el1 + stp x2, x3, [x0, #-0x10]! + + .endr + ret + + +// Precondition: x1 <= 16 +.section .text.loadWatchpointRegs, "ax", %progbits +.type loadWatchpointRegs, %function +.global loadWatchpointRegs +loadWatchpointRegs: + // x1 = number + adr x16, 1f + add x0, x0, #(16 * 8) + mov x4, #(16 * 12) + sub x4, x4, x1,lsl #3 + sub x4, x4, x1,lsl #2 + add x16, x16, x4 + br x16 + + 1: + .irp count, 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 + ldp x2, x3, [x0, #-0x10]! + msr dbgwcr\count\()_el1, x2 + msr dbgwvr\count\()_el1, x3 + .endr + dsb sy + isb + ret + +// Precondition: x1 <= 16 +.section .text.storeWatchpointRegs, "ax", %progbits +.type storeWatchpointRegs, %function +.global storWatchpointRegs +storeWatchpointRegs: + // x1 = number + + dsb sy + isb + + adr x16, 1f + add x0, x0, #(16 * 8) + mov x4, #(16 * 12) + sub x4, x4, x1,lsl #3 + sub x4, x4, x1,lsl #2 + add x16, x16, x4 + br x16 + + 1: + .irp count, 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 + mrs x2, dbgwcr\count\()_el1 + mrs x3, dbgwvr\count\()_el1 + stp x2, x3, [x0, #-0x10]! + + .endr + ret diff --git a/thermosphere/src/core_ctx.h b/thermosphere/src/core_ctx.h index be3b1575c..2f73bc939 100644 --- a/thermosphere/src/core_ctx.h +++ b/thermosphere/src/core_ctx.h @@ -24,7 +24,7 @@ typedef struct CoreCtx { u64 scratch; // @0x18 u32 coreId; // @0x20 bool isBootCore; // @0x24 - //bool wasSingleStepping; // @0x25 (for pIRQ handler) + bool warmboot; // @0x25 } CoreCtx; extern CoreCtx g_coreCtxs[4]; diff --git a/thermosphere/src/main.c b/thermosphere/src/main.c index a0d71bc52..59687ad31 100644 --- a/thermosphere/src/main.c +++ b/thermosphere/src/main.c @@ -40,8 +40,10 @@ static void loadKernelViaSemihosting(void) void main(ExceptionStackFrame *frame) { enableTraps(); - enableAndResetBreakpoints(); - enableAndResetWatchpoints(); + enableBreakpointsAndWatchpoints(); + + initBreakpoints(); + initWatchpoints(); if (currentCoreCtx->isBootCore) { uartInit(115200); diff --git a/thermosphere/src/watchpoints.c b/thermosphere/src/watchpoints.c index 872de8922..32ca585fa 100644 --- a/thermosphere/src/watchpoints.c +++ b/thermosphere/src/watchpoints.c @@ -14,16 +14,26 @@ * along with this program. If not, see . */ -#include "breakpoints.h" +#include "watchpoints.h" +#include "breakpoints_watchpoints_save_restore.h" #include "utils.h" #include "sysreg.h" #include "arm.h" -void enableAndResetWatchpoints(void) -{ - SET_SYSREG(mdscr_el1, GET_SYSREG(mdscr_el1) | MDSCR_EL1_MDE); +WatchpointManager g_watchpointManager = {0}; - // 20 for watchpoints - size_t num = ((GET_SYSREG(id_aa64dfr0_el1) >> 12) & 0xF) + 1; - initBreakpointRegs(num); +// Init the structure (already in BSS, so already zero-initialized) and load the registers +void initWatchpoints(void) +{ + recursiveSpinlockLock(&g_watchpointManager.lock); + + if (currentCoreCtx->isBootCore && !currentCoreCtx->warmboot) { + size_t num = ((GET_SYSREG(id_aa64dfr0_el1) >> 12) & 0xF) + 1; + g_watchpointManager.maxWatchpoints = (u32)num; + g_watchpointManager.allocationBitmap = 0xFFFF; + } + + loadWatchpointRegs(g_watchpointManager.watchpoints, g_watchpointManager.maxWatchpoints); + + recursiveSpinlockUnlock(&g_watchpointManager.lock); } diff --git a/thermosphere/src/watchpoints.h b/thermosphere/src/watchpoints.h index d2c7de677..12a6a5e89 100644 --- a/thermosphere/src/watchpoints.h +++ b/thermosphere/src/watchpoints.h @@ -16,6 +16,17 @@ #pragma once -#include "types.h" +#include "breakpoints_watchpoints_common.h" +#include "spinlock.h" -void enableAndResetWatchpoints(void); +/// Structure to synchronize and keep track of watchpoints +typedef struct WatchpointManager { + DebugRegisterPair watchpoints[16]; + RecursiveSpinlock lock; + u32 maxWatchpoints; + u16 allocationBitmap; +} WatchpointManager; + +extern WatchpointManager g_watchpointManager; + +void initWatchpoints(void);