[HOW TO USE HW BRP] 如何使用ARM hardware self debug tools monitor 内存寄存器被踩问题。

1.介绍 

ARM自带有HW debug功能，作用是在某个内存或者地址被读写时，可以触发异常，然后我们可以在异常中进行一些必要信息的打印，比如stack，这非常有利于debug内存，寄存器越界读写的问题。

aarch32 linux4.9

kernel 有breakpoint的編碼例項data_breakpoint.c

相關函式:

register_wide_hw_breakpoint //kernel space 地址

register_user_hw_breakpoint //user space 地址

breakpoint 與 watchpoint 的原理需要查閱armv7_architecture_reference_manual

watchpoint：If the cause of the debug exception is a Watchpoint debug event, then a Data Abort exception is generated

2.如何使用

在Linux kernel中已经为我们搭建好hw_breakpoint架构，但是default并没有开启，需要手动开启。

开启需要我们写一个内核model，call register_wide_hw_breakpoint API，当然，Linux的sample中也有例子是可以直接用的。

地址如下：https://code.woboq.org/linux/linux/samples/hw_breakpoint/data_breakpoint.c.html

code如下：

/*
 * data_breakpoint.c - Sample HW Breakpoint file to watch kernel data address
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * usage: insmod data_breakpoint.ko ksym=<ksym_name>
 *
 * This file is a kernel module that places a breakpoint over ksym_name kernel
 * variable using Hardware Breakpoint register. The corresponding handler which
 * prints a backtrace is invoked every time a write operation is performed on
 * that variable.
 *
 * Copyright (C) IBM Corporation, 2009
 *
 * Author: K.Prasad <prasad@linux.vnet.ibm.com>
 */
#include <linux/module.h>    /* Needed by all modules */
#include <linux/kernel.h>    /* Needed for KERN_INFO */
#include <linux/init.h>        /* Needed for the macros */
#include <linux/kallsyms.h>
#include <linux/perf_event.h>
#include <linux/hw_breakpoint.h>
struct perf_event * __percpu *sample_hbp;
static char ksym_name[KSYM_NAME_LEN] = "pid_max";
module_param_string(ksym, ksym_name, KSYM_NAME_LEN, S_IRUGO);
MODULE_PARM_DESC(ksym, "Kernel symbol to monitor; this module will report any"
            " write operations on the kernel symbol");
static void sample_hbp_handler(struct perf_event *bp,
                   struct perf_sample_data *data,
                   struct pt_regs *regs)
{
    printk(KERN_INFO "%s value is changed
", ksym_name);
    dump_stack();
    printk(KERN_INFO "Dump stack from sample_hbp_handler
");
}
static int __init hw_break_module_init(void)
{
    int ret;
    struct perf_event_attr attr;
    hw_breakpoint_init(&attr);
    attr.bp_addr = kallsyms_lookup_name(ksym_name);　　//输入sym，当此sym的地址被读写时，会执行sample_hbp_handler，打印调用栈
    attr.bp_len = HW_BREAKPOINT_LEN_4;
    attr.bp_type = HW_BREAKPOINT_W | HW_BREAKPOINT_R; //monitor R/W
    sample_hbp = register_wide_hw_breakpoint(&attr, sample_hbp_handler, NULL);
    if (IS_ERR((void __force *)sample_hbp)) {
        ret = PTR_ERR((void __force *)sample_hbp);
        goto fail;
    }
    printk(KERN_INFO "HW Breakpoint for %s write installed
", ksym_name);
    return 0;
fail:
    printk(KERN_INFO "Breakpoint registration failed
");
    return ret;
}
static void __exit hw_break_module_exit(void)
{
    unregister_wide_hw_breakpoint(sample_hbp);
    printk(KERN_INFO "HW Breakpoint for %s write uninstalled
", ksym_name);
}
module_init(hw_break_module_init);
module_exit(hw_break_module_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("K.Prasad");
MODULE_DESCRIPTION("ksym breakpoint");