dev/hwt/hwt.c

*df114daeSRuslan Bukin/*-
*df114daeSRuslan Bukin * SPDX-License-Identifier: BSD-2-Clause
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * Copyright (c) 2023-2025 Ruslan Bukin <br@bsdpad.com>
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * This work was supported by Innovate UK project 105694, "Digital Security
*df114daeSRuslan Bukin * by Design (DSbD) Technology Platform Prototype".
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * Redistribution and use in source and binary forms, with or without
*df114daeSRuslan Bukin * modification, are permitted provided that the following conditions
*df114daeSRuslan Bukin * are met:
*df114daeSRuslan Bukin * 1. Redistributions of source code must retain the above copyright
*df114daeSRuslan Bukin *    notice, this list of conditions and the following disclaimer.
*df114daeSRuslan Bukin * 2. Redistributions in binary form must reproduce the above copyright
*df114daeSRuslan Bukin *    notice, this list of conditions and the following disclaimer in the
*df114daeSRuslan Bukin *    documentation and/or other materials provided with the distribution.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
*df114daeSRuslan Bukin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
*df114daeSRuslan Bukin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
*df114daeSRuslan Bukin * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
*df114daeSRuslan Bukin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
*df114daeSRuslan Bukin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
*df114daeSRuslan Bukin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
*df114daeSRuslan Bukin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
*df114daeSRuslan Bukin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
*df114daeSRuslan Bukin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
*df114daeSRuslan Bukin * SUCH DAMAGE.
*df114daeSRuslan Bukin */
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin/*
*df114daeSRuslan Bukin * Hardware Tracing framework.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin *    The framework manages hardware tracing units that collect information
*df114daeSRuslan Bukin * about software execution and store it as events in highly compressed format
*df114daeSRuslan Bukin * into DRAM. The events cover information about control flow changes of a
*df114daeSRuslan Bukin * program, whether branches taken or not, exceptions taken, timing information,
*df114daeSRuslan Bukin * cycles elapsed and more. That allows us to restore entire program flow of a
*df114daeSRuslan Bukin * given application without performance impact.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * Design overview.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin *    The framework provides character devices for mmap(2) and ioctl(2) system
*df114daeSRuslan Bukin * calls to allow user to manage CPU (hardware) tracing units.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * /dev/hwt:
*df114daeSRuslan Bukin *    .ioctl:
*df114daeSRuslan Bukin *        hwt_ioctl():
*df114daeSRuslan Bukin *               a) HWT_IOC_ALLOC
*df114daeSRuslan Bukin *                  Allocates kernel tracing context CTX based on requested mode
*df114daeSRuslan Bukin *                  of operation. Verifies the information that comes with the
*df114daeSRuslan Bukin *                  request (pid, cpus), allocates unique ID for the context.
*df114daeSRuslan Bukin *                  Creates a new character device for CTX management.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * /dev/hwt_%d[_%d], ident[, thread_id]
*df114daeSRuslan Bukin *    .mmap
*df114daeSRuslan Bukin *        Maps tracing buffers of the corresponding thread to userspace.
*df114daeSRuslan Bukin *    .ioctl
*df114daeSRuslan Bukin *        hwt_thread_ioctl():
*df114daeSRuslan Bukin *               a) HWT_IOC_START
*df114daeSRuslan Bukin *                  Enables tracing unit for a given context.
*df114daeSRuslan Bukin *               b) HWT_IOC_RECORD_GET
*df114daeSRuslan Bukin *                  Transfers (small) record entries collected during program
*df114daeSRuslan Bukin *                  execution for a given context to userspace, such as mmaping
*df114daeSRuslan Bukin *                  tables of executable and dynamic libraries, interpreter,
*df114daeSRuslan Bukin *                  kernel mappings, tid of threads created, etc.
*df114daeSRuslan Bukin *               c) HWT_IOC_SET_CONFIG
*df114daeSRuslan Bukin *                  Allows to specify backend-specific configuration of the
*df114daeSRuslan Bukin *                  trace unit.
*df114daeSRuslan Bukin *               d) HWT_IOC_WAKEUP
*df114daeSRuslan Bukin *                  Wakes up a thread that is currently sleeping.
*df114daeSRuslan Bukin *               e) HWT_IOC_BUFPTR_GET
*df114daeSRuslan Bukin *                  Transfers current hardware pointer in the filling buffer
*df114daeSRuslan Bukin *                  to the userspace.
*df114daeSRuslan Bukin *               f) HWT_IOC_SVC_BUF
*df114daeSRuslan Bukin *                  To avoid data loss, userspace may notify kernel it has
*df114daeSRuslan Bukin *                  copied out the given buffer, so kernel is ok to overwrite
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * HWT context lifecycle in THREAD mode of operation:
*df114daeSRuslan Bukin * 1. User invokes HWT_IOC_ALLOC ioctl with information about pid to trace and
*df114daeSRuslan Bukin *    size of the buffers for the trace data to allocate.
*df114daeSRuslan Bukin *    Some architectures may have different tracing units supported, so user
*df114daeSRuslan Bukin *    also provides backend name to use for this context, e.g. "coresight".
*df114daeSRuslan Bukin * 2. Kernel allocates context, lookups the proc for the given pid. Then it
*df114daeSRuslan Bukin *    creates first hwt_thread in the context and allocates trace buffers for
*df114daeSRuslan Bukin *    it. Immediately, kernel initializes tracing backend.
*df114daeSRuslan Bukin *    Kernel creates character device and returns unique identificator of
*df114daeSRuslan Bukin *    trace context to the user.
*df114daeSRuslan Bukin * 3. To manage the new context, user opens the character device created.
*df114daeSRuslan Bukin *    User invokes HWT_IOC_START ioctl, kernel marks context as RUNNING.
*df114daeSRuslan Bukin *    At this point any HWT hook invocation by scheduler enables/disables
*df114daeSRuslan Bukin *    tracing for threads associated with the context (threads of the proc).
*df114daeSRuslan Bukin *    Any new threads creation (of the target proc) procedures will be invoking
*df114daeSRuslan Bukin *    corresponding hooks in HWT framework, so that new hwt_thread and buffers
*df114daeSRuslan Bukin *    allocated, character device for mmap(2) created on the fly.
*df114daeSRuslan Bukin * 4. User issues HWT_IOC_RECORD_GET ioctl to fetch information about mmaping
*df114daeSRuslan Bukin *    tables and threads created during application startup.
*df114daeSRuslan Bukin * 5. User mmaps tracing buffers of each thread to userspace (using
*df114daeSRuslan Bukin *    /dev/hwt_%d_%d % (ident, thread_id) character devices).
*df114daeSRuslan Bukin * 6. User can repeat 4 if expected thread is not yet created during target
*df114daeSRuslan Bukin *    application execution.
*df114daeSRuslan Bukin * 7. User issues HWT_IOC_BUFPTR_GET ioctl to get current filling level of the
*df114daeSRuslan Bukin *    hardware buffer of a given thread.
*df114daeSRuslan Bukin * 8. User invokes trace decoder library to process available data and see the
*df114daeSRuslan Bukin *    results in human readable form.
*df114daeSRuslan Bukin * 9. User repeats 7 if needed.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin * HWT context lifecycle in CPU mode of operation:
*df114daeSRuslan Bukin * 1. User invokes HWT_IOC_ALLOC ioctl providing a set of CPU to trace within
*df114daeSRuslan Bukin *    single CTX.
*df114daeSRuslan Bukin * 2. Kernel verifies the set of CPU and allocates tracing context, creates
*df114daeSRuslan Bukin *    a buffer for each CPU.
*df114daeSRuslan Bukin *    Kernel creates a character device for every CPU provided in the request.
*df114daeSRuslan Bukin *    Kernel initialized tracing backend.
*df114daeSRuslan Bukin * 3. User opens character devices of interest to map the buffers to userspace.
*df114daeSRuslan Bukin *    User can start tracing by invoking HWT_IOC_START on any of character
*df114daeSRuslan Bukin *    device within the context, entire context will be marked as RUNNING.
*df114daeSRuslan Bukin * 4. The rest is similar to the THREAD mode.
*df114daeSRuslan Bukin *
*df114daeSRuslan Bukin */
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin#include <sys/param.h>
*df114daeSRuslan Bukin#include <sys/conf.h>
*df114daeSRuslan Bukin#include <sys/eventhandler.h>
*df114daeSRuslan Bukin#include <sys/kernel.h>
*df114daeSRuslan Bukin#include <sys/module.h>
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin#include <dev/hwt/hwt_context.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_contexthash.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_thread.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_owner.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_ownerhash.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_backend.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_record.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_ioctl.h>
*df114daeSRuslan Bukin#include <dev/hwt/hwt_hook.h>
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin#define	HWT_DEBUG
*df114daeSRuslan Bukin#undef	HWT_DEBUG
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin#ifdef	HWT_DEBUG
*df114daeSRuslan Bukin#define	dprintf(fmt, ...)	printf(fmt, ##__VA_ARGS__)
*df114daeSRuslan Bukin#else
*df114daeSRuslan Bukin#define	dprintf(fmt, ...)
*df114daeSRuslan Bukin#endif
*df114daeSRuslan Bukin
*df114daeSRuslan Bukinstatic eventhandler_tag hwt_exit_tag;
*df114daeSRuslan Bukinstatic struct cdev *hwt_cdev;
*df114daeSRuslan Bukinstatic struct cdevsw hwt_cdevsw = {
*df114daeSRuslan Bukin	.d_version	= D_VERSION,
*df114daeSRuslan Bukin	.d_name		= "hwt",
*df114daeSRuslan Bukin	.d_mmap_single	= NULL,
*df114daeSRuslan Bukin	.d_ioctl	= hwt_ioctl
*df114daeSRuslan Bukin};
*df114daeSRuslan Bukin
*df114daeSRuslan Bukinstatic void
*df114daeSRuslan Bukinhwt_process_exit(void *arg __unused, struct proc *p)
*df114daeSRuslan Bukin{
*df114daeSRuslan Bukin	struct hwt_owner *ho;
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	/* Stop HWTs associated with exiting owner, if any. */
*df114daeSRuslan Bukin	ho = hwt_ownerhash_lookup(p);
*df114daeSRuslan Bukin	if (ho)
*df114daeSRuslan Bukin		hwt_owner_shutdown(ho);
*df114daeSRuslan Bukin}
*df114daeSRuslan Bukin
*df114daeSRuslan Bukinstatic int
*df114daeSRuslan Bukinhwt_load(void)
*df114daeSRuslan Bukin{
*df114daeSRuslan Bukin	struct make_dev_args args;
*df114daeSRuslan Bukin	int error;
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	make_dev_args_init(&args);
*df114daeSRuslan Bukin	args.mda_devsw = &hwt_cdevsw;
*df114daeSRuslan Bukin	args.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
*df114daeSRuslan Bukin	args.mda_uid = UID_ROOT;
*df114daeSRuslan Bukin	args.mda_gid = GID_WHEEL;
*df114daeSRuslan Bukin	args.mda_mode = 0660;
*df114daeSRuslan Bukin	args.mda_si_drv1 = NULL;
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	hwt_backend_load();
*df114daeSRuslan Bukin	hwt_ctx_load();
*df114daeSRuslan Bukin	hwt_contexthash_load();
*df114daeSRuslan Bukin	hwt_ownerhash_load();
*df114daeSRuslan Bukin	hwt_record_load();
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	error = make_dev_s(&args, &hwt_cdev, "hwt");
*df114daeSRuslan Bukin	if (error != 0)
*df114daeSRuslan Bukin		return (error);
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	hwt_exit_tag = EVENTHANDLER_REGISTER(process_exit, hwt_process_exit,
*df114daeSRuslan Bukin	    NULL, EVENTHANDLER_PRI_ANY);
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	hwt_hook_load();
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	return (0);
*df114daeSRuslan Bukin}
*df114daeSRuslan Bukin
*df114daeSRuslan Bukinstatic int
*df114daeSRuslan Bukinhwt_unload(void)
*df114daeSRuslan Bukin{
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	hwt_hook_unload();
*df114daeSRuslan Bukin	EVENTHANDLER_DEREGISTER(process_exit, hwt_exit_tag);
*df114daeSRuslan Bukin	destroy_dev(hwt_cdev);
*df114daeSRuslan Bukin	hwt_record_unload();
*df114daeSRuslan Bukin	hwt_ownerhash_unload();
*df114daeSRuslan Bukin	hwt_contexthash_unload();
*df114daeSRuslan Bukin	hwt_ctx_unload();
*df114daeSRuslan Bukin	hwt_backend_unload();
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	return (0);
*df114daeSRuslan Bukin}
*df114daeSRuslan Bukin
*df114daeSRuslan Bukinstatic int
*df114daeSRuslan Bukinhwt_modevent(module_t mod, int type, void *data)
*df114daeSRuslan Bukin{
*df114daeSRuslan Bukin	int error;
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	switch (type) {
*df114daeSRuslan Bukin	case MOD_LOAD:
*df114daeSRuslan Bukin		error = hwt_load();
*df114daeSRuslan Bukin		break;
*df114daeSRuslan Bukin	case MOD_UNLOAD:
*df114daeSRuslan Bukin		error = hwt_unload();
*df114daeSRuslan Bukin		break;
*df114daeSRuslan Bukin	default:
*df114daeSRuslan Bukin		error = 0;
*df114daeSRuslan Bukin		break;
*df114daeSRuslan Bukin	}
*df114daeSRuslan Bukin
*df114daeSRuslan Bukin	return (error);
*df114daeSRuslan Bukin}
*df114daeSRuslan Bukin
*df114daeSRuslan Bukinstatic moduledata_t hwt_mod = {
*df114daeSRuslan Bukin	"hwt",
*df114daeSRuslan Bukin	hwt_modevent,
*df114daeSRuslan Bukin	NULL
*df114daeSRuslan Bukin};
*df114daeSRuslan Bukin
*df114daeSRuslan BukinDECLARE_MODULE(hwt, hwt_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
*df114daeSRuslan BukinMODULE_VERSION(hwt, 1);