From: Cornelia Huck <cornelia.huck@de.ibm.com>
To: peter.maydell@linaro.org
Cc: borntraeger@de.ibm.com, agraf@suse.de, jfrei@linux.vnet.ibm.com,
qemu-devel@nongnu.org,
David Hildenbrand <dahi@linux.vnet.ibm.com>,
Cornelia Huck <cornelia.huck@de.ibm.com>
Subject: [Qemu-devel] [PULL 09/38] s390x/kvm: 2 byte software breakpoint support
Date: Tue, 6 Sep 2016 09:46:41 +0200 [thread overview]
Message-ID: <20160906074710.13495-10-cornelia.huck@de.ibm.com> (raw)
In-Reply-To: <20160906074710.13495-1-cornelia.huck@de.ibm.com>
From: David Hildenbrand <dahi@linux.vnet.ibm.com>
Diag 501 (4 bytes) was used until now for software breakpoints on s390.
As instructions on s390 might be 2 bytes long, temporarily overwriting them
with 4 bytes is evil and can result in very strange guest behaviour.
We make use of invalid instruction 0x0000 as new sw breakpoint instruction.
We have to enable interception of that instruction in KVM using a
capability.
If no software breakpoint has been inserted at the reported position, an
operation exception has to be injected into the guest. Otherwise a
breakpoint has been hit and the pc has to be rewound.
If KVM doesn't yet support interception of instruction 0x0000 the
existing mechanism exploiting diag 501 is used. To keep overhead low,
interception of instruction 0x0000 will only be enabled if sw breakpoints
are really used.
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
target-s390x/cpu.h | 2 ++
target-s390x/kvm.c | 50 ++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 42 insertions(+), 10 deletions(-)
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index c216bda..eeff1b0 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -394,6 +394,8 @@ static inline void cpu_get_tb_cpu_state(CPUS390XState* env, target_ulong *pc,
((env->psw.mask & PSW_MASK_32) ? FLAG_MASK_32 : 0);
}
+#define MAX_ILEN 6
+
/* While the PoO talks about ILC (a number between 1-3) what is actually
stored in LowCore is shifted left one bit (an even between 2-6). As
this is the actual length of the insn and therefore more useful, that
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 80ac621..4341d54 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -109,6 +109,7 @@
#define ICPT_WAITPSW 0x1c
#define ICPT_SOFT_INTERCEPT 0x24
#define ICPT_CPU_STOP 0x28
+#define ICPT_OPEREXC 0x2c
#define ICPT_IO 0x40
#define NR_LOCAL_IRQS 32
@@ -665,16 +666,37 @@ static void *legacy_s390_alloc(size_t size, uint64_t *align)
return mem == MAP_FAILED ? NULL : mem;
}
-/* DIAG 501 is used for sw breakpoints */
-static const uint8_t diag_501[] = {0x83, 0x24, 0x05, 0x01};
+static uint8_t const *sw_bp_inst;
+static uint8_t sw_bp_ilen;
+
+static void determine_sw_breakpoint_instr(void)
+{
+ /* DIAG 501 is used for sw breakpoints with old kernels */
+ static const uint8_t diag_501[] = {0x83, 0x24, 0x05, 0x01};
+ /* Instruction 0x0000 is used for sw breakpoints with recent kernels */
+ static const uint8_t instr_0x0000[] = {0x00, 0x00};
+
+ if (sw_bp_inst) {
+ return;
+ }
+ if (kvm_vm_enable_cap(kvm_state, KVM_CAP_S390_USER_INSTR0, 0)) {
+ sw_bp_inst = diag_501;
+ sw_bp_ilen = sizeof(diag_501);
+ DPRINTF("KVM: will use 4-byte sw breakpoints.\n");
+ } else {
+ sw_bp_inst = instr_0x0000;
+ sw_bp_ilen = sizeof(instr_0x0000);
+ DPRINTF("KVM: will use 2-byte sw breakpoints.\n");
+ }
+}
int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
{
+ determine_sw_breakpoint_instr();
if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn,
- sizeof(diag_501), 0) ||
- cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)diag_501,
- sizeof(diag_501), 1)) {
+ sw_bp_ilen, 0) ||
+ cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)sw_bp_inst, sw_bp_ilen, 1)) {
return -EINVAL;
}
return 0;
@@ -682,14 +704,14 @@ int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp)
{
- uint8_t t[sizeof(diag_501)];
+ uint8_t t[MAX_ILEN];
- if (cpu_memory_rw_debug(cs, bp->pc, t, sizeof(diag_501), 0)) {
+ if (cpu_memory_rw_debug(cs, bp->pc, t, sw_bp_ilen, 0)) {
return -EINVAL;
- } else if (memcmp(t, diag_501, sizeof(diag_501))) {
+ } else if (memcmp(t, sw_bp_inst, sw_bp_ilen)) {
return -EINVAL;
} else if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn,
- sizeof(diag_501), 1)) {
+ sw_bp_ilen, 1)) {
return -EINVAL;
}
@@ -1310,7 +1332,7 @@ static int handle_sw_breakpoint(S390CPU *cpu, struct kvm_run *run)
cpu_synchronize_state(CPU(cpu));
- pc = env->psw.addr - 4;
+ pc = env->psw.addr - sw_bp_ilen;
if (kvm_find_sw_breakpoint(CPU(cpu), pc)) {
env->psw.addr = pc;
return EXCP_DEBUG;
@@ -1864,6 +1886,14 @@ static int handle_intercept(S390CPU *cpu)
cpu->env.sigp_order = 0;
r = EXCP_HALTED;
break;
+ case ICPT_OPEREXC:
+ /* currently only instr 0x0000 after enabled via capability */
+ r = handle_sw_breakpoint(cpu, run);
+ if (r == -ENOENT) {
+ enter_pgmcheck(cpu, PGM_OPERATION);
+ r = 0;
+ }
+ break;
case ICPT_SOFT_INTERCEPT:
fprintf(stderr, "KVM unimplemented icpt SOFT\n");
exit(1);
--
2.9.3
next prev parent reply other threads:[~2016-09-06 7:47 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-06 7:46 [Qemu-devel] [PULL 00/38] First set of s390x patches for 2.8 Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 01/38] s390x: add compat machine " Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 02/38] s390x/pci: return directly if create zpci failed Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 03/38] s390x/pci: assert zpci always existing Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 04/38] s390/sclp: cache the sclp device Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 05/38] s390x: wrap flic savevm calls into vmstate Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 06/38] s390x/ioinst: advertise fcs facility Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 07/38] s390x/css: handle cssid 255 correctly Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 08/38] linux-headers: update Cornelia Huck
2016-09-06 7:46 ` Cornelia Huck [this message]
2016-09-06 7:46 ` [Qemu-devel] [PULL 10/38] qmp: details about CPU definitions in query-cpu-definitions Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 11/38] s390x/cpumodel: "host" and "qemu" as CPU subclasses Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 12/38] s390x/cpumodel: expose CPU class properties Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 13/38] s390x/cpumodel: introduce CPU features Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 14/38] s390x/cpumodel: generate CPU feature lists for CPU models Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 15/38] s390x/cpumodel: generate CPU feature group lists Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 16/38] s390x/cpumodel: introduce CPU feature group definitions Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 17/38] s390x/cpumodel: register defined CPU models as subclasses Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 18/38] s390x/cpumodel: store the CPU model in the CPU instance Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 19/38] s390x/cpumodel: expose features and feature groups as properties Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 20/38] s390x/cpumodel: let the CPU model handle feature checks Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 21/38] s390x/cpumodel: check and apply the CPU model Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 22/38] s390x/sclp: factor out preparation of cpu entries Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 23/38] s390x/sclp: introduce sclp feature blocks Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 24/38] s390x/sclp: indicate sclp features Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 25/38] s390x/sclp: propagate the ibc val (lowest and unblocked ibc) Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 26/38] s390x/sclp: propagate the mha via sclp Cornelia Huck
2016-09-06 7:46 ` [Qemu-devel] [PULL 27/38] s390x/sclp: propagate hmfai Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 28/38] s390x/kvm: allow runtime-instrumentation for "none" machine Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 29/38] s390x/kvm: implement CPU model support Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 30/38] s390x/kvm: disable host model for problematic compat machines Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 31/38] s390x/kvm: let the CPU model control CMM(A) Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 32/38] s390x/kvm: don't enable key wrapping if msa3 is disabled Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 33/38] qmp: add QMP interface "query-cpu-model-expansion" Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 34/38] qmp: add QMP interface "query-cpu-model-comparison" Cornelia Huck
2016-09-08 14:12 ` Eric Blake
2016-09-09 7:39 ` Christian Borntraeger
2016-09-06 7:47 ` [Qemu-devel] [PULL 35/38] qmp: add QMP interface "query-cpu-model-baseline" Cornelia Huck
2016-09-08 14:15 ` Eric Blake
2016-09-06 7:47 ` [Qemu-devel] [PULL 36/38] s390x/cpumodel: implement QMP interface "query-cpu-model-expansion" Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 37/38] s390x/cpumodel: implement QMP interface "query-cpu-model-comparison" Cornelia Huck
2016-09-06 7:47 ` [Qemu-devel] [PULL 38/38] s390x/cpumodel: implement QMP interface "query-cpu-model-baseline" Cornelia Huck
2016-09-06 8:48 ` [Qemu-devel] [PULL 00/38] First set of s390x patches for 2.8 no-reply
2016-09-06 14:32 ` Peter Maydell
2016-09-06 14:49 ` Cornelia Huck
2016-09-06 15:04 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160906074710.13495-10-cornelia.huck@de.ibm.com \
--to=cornelia.huck@de.ibm.com \
--cc=agraf@suse.de \
--cc=borntraeger@de.ibm.com \
--cc=dahi@linux.vnet.ibm.com \
--cc=jfrei@linux.vnet.ibm.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).