Dear all,
as part of my Bachelor's Thesis I'm trying to implement a single-stepping
functionality for Xen on ARMv7. My problem with this is, that I'm not able
to trigger a Hardware Breakpoint, which is configured to use Instruction
Address Mismatch and route the exception to Xen.
I took the x86 single_step implementation as a reference. To test my
implementation I extended the given "xen-access" tool test, in order to
forward the SS request from xen-access.c to ./xen/arch/arm/monitor.c to the
"arch_monitor_domctl_event" function (just like the x86 implementation)
There, I set the necessary registers according to the ARM Architectur
Manual (ARM DDI 0406C-b). My basic idea is to perform the following steps
(in this order):
1) Configure the system to route debug exceptions to Hyp Mode
2) Initialize one breakpoint for Address Mismatching in Non-Secure PL1/PL0
3) Define the "to be compared" address as "~0x3" (which is all 1s except
Bit[1:0])
4) Set the MDBGen to 1 in order to enable Monitor Debug Mode
To check whether or not my values are set in the registers I print every
value before and after manipulation to ensure that my values are adopted.
To access the registers I used the already defines Makros (DBGBCR0), but
for testing reasons I work with the general definition (e.g.
WRITE_SYSREG(#VALUE,p14,0,c0,c0,5) for DBGBCR0 ).
Preparation:
I ensured that the DBGen Signal is High, I checked the Debug Version which
is v7.1 (read from the DBGAUTHSTATUS). I also made sure that the underlying
system supports sufficient breakpoints.
These are the values I set in the different registers (in this order
again). Every bit that I don't mention is set to 0
- HDCR.{TDRA,TDOSA,TDA,TDE = 1}
which enables routing to Hyp. According to the ARM ARM setting
TDRA,TDOSA,TDA is required when setting TDE
- DBGBCR0.{BT=0b0100, SSC=0b01, PMC=0b11, E=0b1}= 0x404007
this should enable unlinked Address Musmatch, for Non-Secure PL0/1
- DBGBVR0.{IA = ~0x3}
which sets every bit to 1 (this address should never be reached as it is
mismatched)
- DBGDSCREXT.{MDBGen=1}
which enables Monitor Debug Mode
With the value set in HVBAR (hyp_traps_vector in
/xen/arch/arm/arm32/entry.S) the generated HypTrap (HypTrap instead of
PrefetchAbort because of the routing) should be handled in
do_trap_guest_sync. In this method the "hsr.ec" Bits should indicate a
PrefetchAbort exception (hsr.ec=0x20) whenever the Breakpoint triggers.
I added a simple if statement to print a string when such a exception was
thrown.
Unfortunately these prints are never generated, which indicates that either
I'm searching for the exception handling on the wrong location or my
breakpoints are not correctly configured.
To check if my configuration is wrong, I also tried the KDB configuration
for the DBGBCR (which is DBGBCR=0x4001E7 as far as I understood). But this
changed nothing in the behaviour.
As Hardware I tested my code with an Arndale as well as a Odroid XU board
(Exynos 5250).
It would be great if anyone, who has experience with the ARM architecture,
could help me in finding the missing information that is required to
successfully set up an address mismatch breakpoint and succesfully route
the associated exceptions to Xen.
Thank you in advance
Florian
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
