2 * Routines providing a simple monitor for use on the PowerMac.
4 * Copyright (C) 1996-2005 Paul Mackerras.
5 * Copyright (C) 2001 PPC64 Team, IBM Corp
6 * Copyrignt (C) 2006 Michael Ellerman, IBM Corp
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
13 #include <linux/errno.h>
14 #include <linux/sched.h>
15 #include <linux/smp.h>
17 #include <linux/reboot.h>
18 #include <linux/delay.h>
19 #include <linux/kallsyms.h>
20 #include <linux/cpumask.h>
21 #include <linux/export.h>
22 #include <linux/sysrq.h>
23 #include <linux/interrupt.h>
24 #include <linux/irq.h>
25 #include <linux/bug.h>
27 #include <asm/ptrace.h>
28 #include <asm/string.h>
30 #include <asm/machdep.h>
32 #include <asm/processor.h>
33 #include <asm/pgtable.h>
35 #include <asm/mmu_context.h>
36 #include <asm/cputable.h>
38 #include <asm/sstep.h>
39 #include <asm/irq_regs.h>
41 #include <asm/spu_priv1.h>
42 #include <asm/firmware.h>
43 #include <asm/setjmp.h>
47 #include <asm/hvcall.h>
54 #define scanhex xmon_scanhex
55 #define skipbl xmon_skipbl
58 static cpumask_t cpus_in_xmon = CPU_MASK_NONE;
59 static unsigned long xmon_taken = 1;
60 static int xmon_owner;
62 #endif /* CONFIG_SMP */
64 static unsigned long in_xmon __read_mostly = 0;
66 static unsigned long adrs;
68 #define MAX_DUMP (128 * 1024)
69 static unsigned long ndump = 64;
70 static unsigned long nidump = 16;
71 static unsigned long ncsum = 4096;
73 static char tmpstr[128];
75 static long bus_error_jmp[JMP_BUF_LEN];
76 static int catch_memory_errors;
77 static long *xmon_fault_jmp[NR_CPUS];
79 /* Breakpoint stuff */
81 unsigned long address;
82 unsigned int instr[2];
88 /* Bits in bpt.enabled */
89 #define BP_IABR_TE 1 /* IABR translation enabled */
95 static struct bpt bpts[NBPTS];
96 static struct bpt dabr;
97 static struct bpt *iabr;
98 static unsigned bpinstr = 0x7fe00008; /* trap */
100 #define BP_NUM(bp) ((bp) - bpts + 1)
103 static int cmds(struct pt_regs *);
104 static int mread(unsigned long, void *, int);
105 static int mwrite(unsigned long, void *, int);
106 static int handle_fault(struct pt_regs *);
107 static void byterev(unsigned char *, int);
108 static void memex(void);
109 static int bsesc(void);
110 static void dump(void);
111 static void prdump(unsigned long, long);
112 static int ppc_inst_dump(unsigned long, long, int);
113 static void dump_log_buf(void);
114 static void backtrace(struct pt_regs *);
115 static void excprint(struct pt_regs *);
116 static void prregs(struct pt_regs *);
117 static void memops(int);
118 static void memlocate(void);
119 static void memzcan(void);
120 static void memdiffs(unsigned char *, unsigned char *, unsigned, unsigned);
122 int scanhex(unsigned long *valp);
123 static void scannl(void);
124 static int hexdigit(int);
125 void getstring(char *, int);
126 static void flush_input(void);
127 static int inchar(void);
128 static void take_input(char *);
129 static unsigned long read_spr(int);
130 static void write_spr(int, unsigned long);
131 static void super_regs(void);
132 static void remove_bpts(void);
133 static void insert_bpts(void);
134 static void remove_cpu_bpts(void);
135 static void insert_cpu_bpts(void);
136 static struct bpt *at_breakpoint(unsigned long pc);
137 static struct bpt *in_breakpoint_table(unsigned long pc, unsigned long *offp);
138 static int do_step(struct pt_regs *);
139 static void bpt_cmds(void);
140 static void cacheflush(void);
141 static int cpu_cmd(void);
142 static void csum(void);
143 static void bootcmds(void);
144 static void proccall(void);
145 void dump_segments(void);
146 static void symbol_lookup(void);
147 static void xmon_show_stack(unsigned long sp, unsigned long lr,
149 static void xmon_print_symbol(unsigned long address, const char *mid,
151 static const char *getvecname(unsigned long vec);
153 static int do_spu_cmd(void);
156 static void dump_tlb_44x(void);
158 #ifdef CONFIG_PPC_BOOK3E
159 static void dump_tlb_book3e(void);
162 static int xmon_no_auto_backtrace;
164 extern void xmon_enter(void);
165 extern void xmon_leave(void);
169 #define REGS_PER_LINE 4
170 #define LAST_VOLATILE 13
173 #define REGS_PER_LINE 8
174 #define LAST_VOLATILE 12
177 #define GETWORD(v) (((v)[0] << 24) + ((v)[1] << 16) + ((v)[2] << 8) + (v)[3])
179 #define isxdigit(c) (('0' <= (c) && (c) <= '9') \
180 || ('a' <= (c) && (c) <= 'f') \
181 || ('A' <= (c) && (c) <= 'F'))
182 #define isalnum(c) (('0' <= (c) && (c) <= '9') \
183 || ('a' <= (c) && (c) <= 'z') \
184 || ('A' <= (c) && (c) <= 'Z'))
185 #define isspace(c) (c == ' ' || c == '\t' || c == 10 || c == 13 || c == 0)
187 static char *help_string = "\
189 b show breakpoints\n\
190 bd set data breakpoint\n\
191 bi set instruction breakpoint\n\
192 bc clear breakpoint\n"
195 c print cpus stopped in xmon\n\
196 c# try to switch to cpu number h (in hex)\n"
201 di dump instructions\n\
202 df dump float values\n\
203 dd dump double values\n\
204 dl dump the kernel log buffer\n\
205 dr dump stream of raw bytes\n\
206 e print exception information\n\
208 la lookup symbol+offset of specified address\n\
209 ls lookup address of specified symbol\n\
210 m examine/change memory\n\
211 mm move a block of memory\n\
212 ms set a block of memory\n\
213 md compare two blocks of memory\n\
214 ml locate a block of memory\n\
215 mz zero a block of memory\n\
216 mi show information about memory allocation\n\
217 p call a procedure\n\
220 #ifdef CONFIG_SPU_BASE
221 " ss stop execution on all spus\n\
222 sr restore execution on stopped spus\n\
223 sf # dump spu fields for spu # (in hex)\n\
224 sd # dump spu local store for spu # (in hex)\n\
225 sdi # disassemble spu local store for spu # (in hex)\n"
227 " S print special registers\n\
229 x exit monitor and recover\n\
230 X exit monitor and dont recover\n"
231 #if defined(CONFIG_PPC64) && !defined(CONFIG_PPC_BOOK3E)
232 " u dump segment table or SLB\n"
233 #elif defined(CONFIG_PPC_STD_MMU_32)
234 " u dump segment registers\n"
235 #elif defined(CONFIG_44x) || defined(CONFIG_PPC_BOOK3E)
243 static struct pt_regs *xmon_regs;
245 static inline void sync(void)
247 asm volatile("sync; isync");
250 static inline void store_inst(void *p)
252 asm volatile ("dcbst 0,%0; sync; icbi 0,%0; isync" : : "r" (p));
255 static inline void cflush(void *p)
257 asm volatile ("dcbf 0,%0; icbi 0,%0" : : "r" (p));
260 static inline void cinval(void *p)
262 asm volatile ("dcbi 0,%0; icbi 0,%0" : : "r" (p));
266 * Disable surveillance (the service processor watchdog function)
267 * while we are in xmon.
268 * XXX we should re-enable it when we leave. :)
270 #define SURVEILLANCE_TOKEN 9000
272 static inline void disable_surveillance(void)
274 #ifdef CONFIG_PPC_PSERIES
275 /* Since this can't be a module, args should end up below 4GB. */
276 static struct rtas_args args;
279 * At this point we have got all the cpus we can into
280 * xmon, so there is hopefully no other cpu calling RTAS
281 * at the moment, even though we don't take rtas.lock.
282 * If we did try to take rtas.lock there would be a
283 * real possibility of deadlock.
285 args.token = rtas_token("set-indicator");
286 if (args.token == RTAS_UNKNOWN_SERVICE)
290 args.rets = &args.args[3];
291 args.args[0] = SURVEILLANCE_TOKEN;
294 enter_rtas(__pa(&args));
295 #endif /* CONFIG_PPC_PSERIES */
299 static int xmon_speaker;
301 static void get_output_lock(void)
303 int me = smp_processor_id() + 0x100;
304 int last_speaker = 0, prev;
307 if (xmon_speaker == me)
310 if (xmon_speaker == 0) {
311 last_speaker = cmpxchg(&xmon_speaker, 0, me);
312 if (last_speaker == 0)
316 while (xmon_speaker == last_speaker) {
319 /* hostile takeover */
320 prev = cmpxchg(&xmon_speaker, last_speaker, me);
321 if (prev == last_speaker)
328 static void release_output_lock(void)
333 int cpus_are_in_xmon(void)
335 return !cpumask_empty(&cpus_in_xmon);
339 static inline int unrecoverable_excp(struct pt_regs *regs)
341 #if defined(CONFIG_4xx) || defined(CONFIG_PPC_BOOK3E)
342 /* We have no MSR_RI bit on 4xx or Book3e, so we simply return false */
345 return ((regs->msr & MSR_RI) == 0);
349 static int xmon_core(struct pt_regs *regs, int fromipi)
353 long recurse_jmp[JMP_BUF_LEN];
354 unsigned long offset;
359 unsigned long timeout;
362 local_irq_save(flags);
364 bp = in_breakpoint_table(regs->nip, &offset);
366 regs->nip = bp->address + offset;
367 atomic_dec(&bp->ref_count);
373 cpu = smp_processor_id();
374 if (cpumask_test_cpu(cpu, &cpus_in_xmon)) {
377 printf("cpu 0x%x: Exception %lx %s in xmon, "
378 "returning to main loop\n",
379 cpu, regs->trap, getvecname(TRAP(regs)));
380 release_output_lock();
381 longjmp(xmon_fault_jmp[cpu], 1);
384 if (setjmp(recurse_jmp) != 0) {
385 if (!in_xmon || !xmon_gate) {
387 printf("xmon: WARNING: bad recursive fault "
388 "on cpu 0x%x\n", cpu);
389 release_output_lock();
392 secondary = !(xmon_taken && cpu == xmon_owner);
396 xmon_fault_jmp[cpu] = recurse_jmp;
397 cpumask_set_cpu(cpu, &cpus_in_xmon);
400 if ((regs->msr & (MSR_IR|MSR_PR|MSR_64BIT)) == (MSR_IR|MSR_64BIT))
401 bp = at_breakpoint(regs->nip);
402 if (bp || unrecoverable_excp(regs))
409 printf("cpu 0x%x stopped at breakpoint 0x%x (",
411 xmon_print_symbol(regs->nip, " ", ")\n");
413 if (unrecoverable_excp(regs))
414 printf("WARNING: exception is not recoverable, "
416 release_output_lock();
421 while (secondary && !xmon_gate) {
425 secondary = test_and_set_bit(0, &in_xmon);
430 if (!secondary && !xmon_gate) {
431 /* we are the first cpu to come in */
432 /* interrupt other cpu(s) */
433 int ncpus = num_online_cpus();
438 smp_send_debugger_break();
439 /* wait for other cpus to come in */
440 for (timeout = 100000000; timeout != 0; --timeout) {
441 if (cpumask_weight(&cpus_in_xmon) >= ncpus)
447 disable_surveillance();
448 /* for breakpoint or single step, print the current instr. */
449 if (bp || TRAP(regs) == 0xd00)
450 ppc_inst_dump(regs->nip, 1, 0);
451 printf("enter ? for help\n");
460 if (cpu == xmon_owner) {
461 if (!test_and_set_bit(0, &xmon_taken)) {
466 while (cpu == xmon_owner)
480 /* have switched to some other cpu */
485 cpumask_clear_cpu(cpu, &cpus_in_xmon);
486 xmon_fault_jmp[cpu] = NULL;
488 /* UP is simple... */
490 printf("Exception %lx %s in xmon, returning to main loop\n",
491 regs->trap, getvecname(TRAP(regs)));
492 longjmp(xmon_fault_jmp[0], 1);
494 if (setjmp(recurse_jmp) == 0) {
495 xmon_fault_jmp[0] = recurse_jmp;
499 bp = at_breakpoint(regs->nip);
501 printf("Stopped at breakpoint %x (", BP_NUM(bp));
502 xmon_print_symbol(regs->nip, " ", ")\n");
504 if (unrecoverable_excp(regs))
505 printf("WARNING: exception is not recoverable, "
508 disable_surveillance();
509 /* for breakpoint or single step, print the current instr. */
510 if (bp || TRAP(regs) == 0xd00)
511 ppc_inst_dump(regs->nip, 1, 0);
512 printf("enter ? for help\n");
522 if (regs->msr & MSR_DE) {
523 bp = at_breakpoint(regs->nip);
525 regs->nip = (unsigned long) &bp->instr[0];
526 atomic_inc(&bp->ref_count);
530 if ((regs->msr & (MSR_IR|MSR_PR|MSR_64BIT)) == (MSR_IR|MSR_64BIT)) {
531 bp = at_breakpoint(regs->nip);
533 int stepped = emulate_step(regs, bp->instr[0]);
535 regs->nip = (unsigned long) &bp->instr[0];
536 atomic_inc(&bp->ref_count);
537 } else if (stepped < 0) {
538 printf("Couldn't single-step %s instruction\n",
539 (IS_RFID(bp->instr[0])? "rfid": "mtmsrd"));
546 local_irq_restore(flags);
548 return cmd != 'X' && cmd != EOF;
551 int xmon(struct pt_regs *excp)
556 ppc_save_regs(®s);
560 return xmon_core(excp, 0);
564 irqreturn_t xmon_irq(int irq, void *d)
567 local_irq_save(flags);
568 printf("Keyboard interrupt\n");
569 xmon(get_irq_regs());
570 local_irq_restore(flags);
574 static int xmon_bpt(struct pt_regs *regs)
577 unsigned long offset;
579 if ((regs->msr & (MSR_IR|MSR_PR|MSR_64BIT)) != (MSR_IR|MSR_64BIT))
582 /* Are we at the trap at bp->instr[1] for some bp? */
583 bp = in_breakpoint_table(regs->nip, &offset);
584 if (bp != NULL && offset == 4) {
585 regs->nip = bp->address + 4;
586 atomic_dec(&bp->ref_count);
590 /* Are we at a breakpoint? */
591 bp = at_breakpoint(regs->nip);
600 static int xmon_sstep(struct pt_regs *regs)
608 static int xmon_dabr_match(struct pt_regs *regs)
610 if ((regs->msr & (MSR_IR|MSR_PR|MSR_64BIT)) != (MSR_IR|MSR_64BIT))
612 if (dabr.enabled == 0)
618 static int xmon_iabr_match(struct pt_regs *regs)
620 if ((regs->msr & (MSR_IR|MSR_PR|MSR_64BIT)) != (MSR_IR|MSR_64BIT))
628 static int xmon_ipi(struct pt_regs *regs)
631 if (in_xmon && !cpumask_test_cpu(smp_processor_id(), &cpus_in_xmon))
637 static int xmon_fault_handler(struct pt_regs *regs)
640 unsigned long offset;
642 if (in_xmon && catch_memory_errors)
643 handle_fault(regs); /* doesn't return */
645 if ((regs->msr & (MSR_IR|MSR_PR|MSR_64BIT)) == (MSR_IR|MSR_64BIT)) {
646 bp = in_breakpoint_table(regs->nip, &offset);
648 regs->nip = bp->address + offset;
649 atomic_dec(&bp->ref_count);
656 static struct bpt *at_breakpoint(unsigned long pc)
662 for (i = 0; i < NBPTS; ++i, ++bp)
663 if (bp->enabled && pc == bp->address)
668 static struct bpt *in_breakpoint_table(unsigned long nip, unsigned long *offp)
672 off = nip - (unsigned long) bpts;
673 if (off >= sizeof(bpts))
675 off %= sizeof(struct bpt);
676 if (off != offsetof(struct bpt, instr[0])
677 && off != offsetof(struct bpt, instr[1]))
679 *offp = off - offsetof(struct bpt, instr[0]);
680 return (struct bpt *) (nip - off);
683 static struct bpt *new_breakpoint(unsigned long a)
688 bp = at_breakpoint(a);
692 for (bp = bpts; bp < &bpts[NBPTS]; ++bp) {
693 if (!bp->enabled && atomic_read(&bp->ref_count) == 0) {
695 bp->instr[1] = bpinstr;
696 store_inst(&bp->instr[1]);
701 printf("Sorry, no free breakpoints. Please clear one first.\n");
705 static void insert_bpts(void)
711 for (i = 0; i < NBPTS; ++i, ++bp) {
712 if ((bp->enabled & (BP_TRAP|BP_IABR)) == 0)
714 if (mread(bp->address, &bp->instr[0], 4) != 4) {
715 printf("Couldn't read instruction at %lx, "
716 "disabling breakpoint there\n", bp->address);
720 if (IS_MTMSRD(bp->instr[0]) || IS_RFID(bp->instr[0])) {
721 printf("Breakpoint at %lx is on an mtmsrd or rfid "
722 "instruction, disabling it\n", bp->address);
726 store_inst(&bp->instr[0]);
727 if (bp->enabled & BP_IABR)
729 if (mwrite(bp->address, &bpinstr, 4) != 4) {
730 printf("Couldn't write instruction at %lx, "
731 "disabling breakpoint there\n", bp->address);
732 bp->enabled &= ~BP_TRAP;
735 store_inst((void *)bp->address);
739 static void insert_cpu_bpts(void)
742 set_dabr(dabr.address | (dabr.enabled & 7));
743 if (iabr && cpu_has_feature(CPU_FTR_IABR))
744 mtspr(SPRN_IABR, iabr->address
745 | (iabr->enabled & (BP_IABR|BP_IABR_TE)));
748 static void remove_bpts(void)
755 for (i = 0; i < NBPTS; ++i, ++bp) {
756 if ((bp->enabled & (BP_TRAP|BP_IABR)) != BP_TRAP)
758 if (mread(bp->address, &instr, 4) == 4
760 && mwrite(bp->address, &bp->instr, 4) != 4)
761 printf("Couldn't remove breakpoint at %lx\n",
764 store_inst((void *)bp->address);
768 static void remove_cpu_bpts(void)
771 if (cpu_has_feature(CPU_FTR_IABR))
775 /* Command interpreting routine */
776 static char *last_cmd;
779 cmds(struct pt_regs *excp)
786 if (!xmon_no_auto_backtrace) {
787 xmon_no_auto_backtrace = 1;
788 xmon_show_stack(excp->gpr[1], excp->link, excp->nip);
793 printf("%x:", smp_processor_id());
794 #endif /* CONFIG_SMP */
800 if (last_cmd == NULL)
802 take_input(last_cmd);
836 prregs(excp); /* print regs */
851 if (do_spu_cmd() == 0)
860 printf(" <no input ...>\n");
864 xmon_puts(help_string);
882 #ifdef CONFIG_PPC_STD_MMU
886 #elif defined(CONFIG_4xx)
890 #elif defined(CONFIG_PPC_BOOK3E)
896 printf("Unrecognized command: ");
898 if (' ' < cmd && cmd <= '~')
901 printf("\\x%x", cmd);
903 } while (cmd != '\n');
904 printf(" (type ? for help)\n");
911 static int do_step(struct pt_regs *regs)
914 mtspr(SPRN_DBCR0, mfspr(SPRN_DBCR0) | DBCR0_IC | DBCR0_IDM);
919 * Step a single instruction.
920 * Some instructions we emulate, others we execute with MSR_SE set.
922 static int do_step(struct pt_regs *regs)
927 /* check we are in 64-bit kernel mode, translation enabled */
928 if ((regs->msr & (MSR_64BIT|MSR_PR|MSR_IR)) == (MSR_64BIT|MSR_IR)) {
929 if (mread(regs->nip, &instr, 4) == 4) {
930 stepped = emulate_step(regs, instr);
932 printf("Couldn't single-step %s instruction\n",
933 (IS_RFID(instr)? "rfid": "mtmsrd"));
937 regs->trap = 0xd00 | (regs->trap & 1);
938 printf("stepped to ");
939 xmon_print_symbol(regs->nip, " ", "\n");
940 ppc_inst_dump(regs->nip, 1, 0);
950 static void bootcmds(void)
956 ppc_md.restart(NULL);
963 static int cpu_cmd(void)
970 if (!scanhex(&cpu)) {
971 /* print cpus waiting or in xmon */
972 printf("cpus stopped:");
974 for (cpu = 0; cpu < NR_CPUS; ++cpu) {
975 if (cpumask_test_cpu(cpu, &cpus_in_xmon)) {
981 printf("-%x", cpu - 1);
986 printf("-%x", NR_CPUS - 1);
990 /* try to switch to cpu specified */
991 if (!cpumask_test_cpu(cpu, &cpus_in_xmon)) {
992 printf("cpu 0x%x isn't in xmon\n", cpu);
999 while (!xmon_taken) {
1000 if (--timeout == 0) {
1001 if (test_and_set_bit(0, &xmon_taken))
1003 /* take control back */
1005 xmon_owner = smp_processor_id();
1006 printf("cpu %u didn't take control\n", cpu);
1014 #endif /* CONFIG_SMP */
1017 static unsigned short fcstab[256] = {
1018 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
1019 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
1020 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
1021 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
1022 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
1023 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
1024 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
1025 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
1026 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
1027 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
1028 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
1029 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
1030 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
1031 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
1032 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
1033 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
1034 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
1035 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
1036 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
1037 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
1038 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
1039 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
1040 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
1041 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
1042 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
1043 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
1044 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
1045 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
1046 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
1047 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
1048 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
1049 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
1052 #define FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
1061 if (!scanhex(&adrs))
1063 if (!scanhex(&ncsum))
1066 for (i = 0; i < ncsum; ++i) {
1067 if (mread(adrs+i, &v, 1) == 0) {
1068 printf("csum stopped at %x\n", adrs+i);
1073 printf("%x\n", fcs);
1077 * Check if this is a suitable place to put a breakpoint.
1079 static long check_bp_loc(unsigned long addr)
1084 if (!is_kernel_addr(addr)) {
1085 printf("Breakpoints may only be placed at kernel addresses\n");
1088 if (!mread(addr, &instr, sizeof(instr))) {
1089 printf("Can't read instruction at address %lx\n", addr);
1092 if (IS_MTMSRD(instr) || IS_RFID(instr)) {
1093 printf("Breakpoints may not be placed on mtmsrd or rfid "
1100 static char *breakpoint_help_string =
1101 "Breakpoint command usage:\n"
1102 "b show breakpoints\n"
1103 "b <addr> [cnt] set breakpoint at given instr addr\n"
1104 "bc clear all breakpoints\n"
1105 "bc <n/addr> clear breakpoint number n or at addr\n"
1106 "bi <addr> [cnt] set hardware instr breakpoint (POWER3/RS64 only)\n"
1107 "bd <addr> [cnt] set hardware data breakpoint\n"
1117 const char badaddr[] = "Only kernel addresses are permitted "
1118 "for breakpoints\n";
1123 case 'd': /* bd - hardware data breakpoint */
1128 else if (cmd == 'w')
1134 if (scanhex(&dabr.address)) {
1135 if (!is_kernel_addr(dabr.address)) {
1140 dabr.enabled = mode | BP_DABR;
1144 case 'i': /* bi - hardware instr breakpoint */
1145 if (!cpu_has_feature(CPU_FTR_IABR)) {
1146 printf("Hardware instruction breakpoint "
1147 "not supported on this cpu\n");
1151 iabr->enabled &= ~(BP_IABR | BP_IABR_TE);
1156 if (!check_bp_loc(a))
1158 bp = new_breakpoint(a);
1160 bp->enabled |= BP_IABR | BP_IABR_TE;
1168 /* clear all breakpoints */
1169 for (i = 0; i < NBPTS; ++i)
1170 bpts[i].enabled = 0;
1173 printf("All breakpoints cleared\n");
1177 if (a <= NBPTS && a >= 1) {
1178 /* assume a breakpoint number */
1179 bp = &bpts[a-1]; /* bp nums are 1 based */
1181 /* assume a breakpoint address */
1182 bp = at_breakpoint(a);
1184 printf("No breakpoint at %x\n", a);
1189 printf("Cleared breakpoint %x (", BP_NUM(bp));
1190 xmon_print_symbol(bp->address, " ", ")\n");
1198 printf(breakpoint_help_string);
1203 /* print all breakpoints */
1204 printf(" type address\n");
1206 printf(" data "REG" [", dabr.address);
1207 if (dabr.enabled & 1)
1209 if (dabr.enabled & 2)
1213 for (bp = bpts; bp < &bpts[NBPTS]; ++bp) {
1216 printf("%2x %s ", BP_NUM(bp),
1217 (bp->enabled & BP_IABR)? "inst": "trap");
1218 xmon_print_symbol(bp->address, " ", "\n");
1223 if (!check_bp_loc(a))
1225 bp = new_breakpoint(a);
1227 bp->enabled |= BP_TRAP;
1232 /* Very cheap human name for vector lookup. */
1234 const char *getvecname(unsigned long vec)
1239 case 0x100: ret = "(System Reset)"; break;
1240 case 0x200: ret = "(Machine Check)"; break;
1241 case 0x300: ret = "(Data Access)"; break;
1242 case 0x380: ret = "(Data SLB Access)"; break;
1243 case 0x400: ret = "(Instruction Access)"; break;
1244 case 0x480: ret = "(Instruction SLB Access)"; break;
1245 case 0x500: ret = "(Hardware Interrupt)"; break;
1246 case 0x600: ret = "(Alignment)"; break;
1247 case 0x700: ret = "(Program Check)"; break;
1248 case 0x800: ret = "(FPU Unavailable)"; break;
1249 case 0x900: ret = "(Decrementer)"; break;
1250 case 0xc00: ret = "(System Call)"; break;
1251 case 0xd00: ret = "(Single Step)"; break;
1252 case 0xf00: ret = "(Performance Monitor)"; break;
1253 case 0xf20: ret = "(Altivec Unavailable)"; break;
1254 case 0x1300: ret = "(Instruction Breakpoint)"; break;
1260 static void get_function_bounds(unsigned long pc, unsigned long *startp,
1261 unsigned long *endp)
1263 unsigned long size, offset;
1266 *startp = *endp = 0;
1269 if (setjmp(bus_error_jmp) == 0) {
1270 catch_memory_errors = 1;
1272 name = kallsyms_lookup(pc, &size, &offset, NULL, tmpstr);
1274 *startp = pc - offset;
1275 *endp = pc - offset + size;
1279 catch_memory_errors = 0;
1282 static int xmon_depth_to_print = 64;
1284 #define LRSAVE_OFFSET (STACK_FRAME_LR_SAVE * sizeof(unsigned long))
1285 #define MARKER_OFFSET (STACK_FRAME_MARKER * sizeof(unsigned long))
1287 #ifdef __powerpc64__
1288 #define REGS_OFFSET 0x70
1290 #define REGS_OFFSET 16
1293 static void xmon_show_stack(unsigned long sp, unsigned long lr,
1297 unsigned long newsp;
1298 unsigned long marker;
1300 struct pt_regs regs;
1303 if (sp < PAGE_OFFSET) {
1305 printf("SP (%lx) is in userspace\n", sp);
1309 if (!mread(sp + LRSAVE_OFFSET, &ip, sizeof(unsigned long))
1310 || !mread(sp, &newsp, sizeof(unsigned long))) {
1311 printf("Couldn't read stack frame at %lx\n", sp);
1316 * For the first stack frame, try to work out if
1317 * LR and/or the saved LR value in the bottommost
1318 * stack frame are valid.
1320 if ((pc | lr) != 0) {
1321 unsigned long fnstart, fnend;
1322 unsigned long nextip;
1325 get_function_bounds(pc, &fnstart, &fnend);
1328 mread(newsp + LRSAVE_OFFSET, &nextip,
1329 sizeof(unsigned long));
1331 if (lr < PAGE_OFFSET
1332 || (fnstart <= lr && lr < fnend))
1334 } else if (lr == nextip) {
1336 } else if (lr >= PAGE_OFFSET
1337 && !(fnstart <= lr && lr < fnend)) {
1338 printf("[link register ] ");
1339 xmon_print_symbol(lr, " ", "\n");
1342 printf("["REG"] ", sp);
1343 xmon_print_symbol(ip, " ", " (unreliable)\n");
1348 printf("["REG"] ", sp);
1349 xmon_print_symbol(ip, " ", "\n");
1352 /* Look for "regshere" marker to see if this is
1353 an exception frame. */
1354 if (mread(sp + MARKER_OFFSET, &marker, sizeof(unsigned long))
1355 && marker == STACK_FRAME_REGS_MARKER) {
1356 if (mread(sp + REGS_OFFSET, ®s, sizeof(regs))
1358 printf("Couldn't read registers at %lx\n",
1362 printf("--- Exception: %lx %s at ", regs.trap,
1363 getvecname(TRAP(®s)));
1366 xmon_print_symbol(pc, " ", "\n");
1373 } while (count++ < xmon_depth_to_print);
1376 static void backtrace(struct pt_regs *excp)
1381 xmon_show_stack(sp, 0, 0);
1383 xmon_show_stack(excp->gpr[1], excp->link, excp->nip);
1387 static void print_bug_trap(struct pt_regs *regs)
1390 const struct bug_entry *bug;
1393 if (regs->msr & MSR_PR)
1394 return; /* not in kernel */
1395 addr = regs->nip; /* address of trap instruction */
1396 if (addr < PAGE_OFFSET)
1398 bug = find_bug(regs->nip);
1401 if (is_warning_bug(bug))
1404 #ifdef CONFIG_DEBUG_BUGVERBOSE
1405 printf("kernel BUG at %s:%u!\n",
1406 bug->file, bug->line);
1408 printf("kernel BUG at %p!\n", (void *)bug->bug_addr);
1410 #endif /* CONFIG_BUG */
1413 static void excprint(struct pt_regs *fp)
1418 printf("cpu 0x%x: ", smp_processor_id());
1419 #endif /* CONFIG_SMP */
1422 printf("Vector: %lx %s at [%lx]\n", fp->trap, getvecname(trap), fp);
1424 xmon_print_symbol(fp->nip, ": ", "\n");
1426 printf(" lr: ", fp->link);
1427 xmon_print_symbol(fp->link, ": ", "\n");
1429 printf(" sp: %lx\n", fp->gpr[1]);
1430 printf(" msr: %lx\n", fp->msr);
1432 if (trap == 0x300 || trap == 0x380 || trap == 0x600) {
1433 printf(" dar: %lx\n", fp->dar);
1435 printf(" dsisr: %lx\n", fp->dsisr);
1438 printf(" current = 0x%lx\n", current);
1440 printf(" paca = 0x%lx\t softe: %d\t irq_happened: 0x%02x\n",
1441 local_paca, local_paca->soft_enabled, local_paca->irq_happened);
1444 printf(" pid = %ld, comm = %s\n",
1445 current->pid, current->comm);
1452 static void prregs(struct pt_regs *fp)
1456 struct pt_regs regs;
1458 if (scanhex(&base)) {
1459 if (setjmp(bus_error_jmp) == 0) {
1460 catch_memory_errors = 1;
1462 regs = *(struct pt_regs *)base;
1466 catch_memory_errors = 0;
1467 printf("*** Error reading registers from "REG"\n",
1471 catch_memory_errors = 0;
1476 if (FULL_REGS(fp)) {
1477 for (n = 0; n < 16; ++n)
1478 printf("R%.2ld = "REG" R%.2ld = "REG"\n",
1479 n, fp->gpr[n], n+16, fp->gpr[n+16]);
1481 for (n = 0; n < 7; ++n)
1482 printf("R%.2ld = "REG" R%.2ld = "REG"\n",
1483 n, fp->gpr[n], n+7, fp->gpr[n+7]);
1486 for (n = 0; n < 32; ++n) {
1487 printf("R%.2d = %.8x%s", n, fp->gpr[n],
1488 (n & 3) == 3? "\n": " ");
1489 if (n == 12 && !FULL_REGS(fp)) {
1496 xmon_print_symbol(fp->nip, " ", "\n");
1497 if (TRAP(fp) != 0xc00 && cpu_has_feature(CPU_FTR_CFAR)) {
1499 xmon_print_symbol(fp->orig_gpr3, " ", "\n");
1502 xmon_print_symbol(fp->link, " ", "\n");
1503 printf("msr = "REG" cr = %.8lx\n", fp->msr, fp->ccr);
1504 printf("ctr = "REG" xer = "REG" trap = %4lx\n",
1505 fp->ctr, fp->xer, fp->trap);
1507 if (trap == 0x300 || trap == 0x380 || trap == 0x600)
1508 printf("dar = "REG" dsisr = %.8lx\n", fp->dar, fp->dsisr);
1511 static void cacheflush(void)
1514 unsigned long nflush;
1519 scanhex((void *)&adrs);
1524 nflush = (nflush + L1_CACHE_BYTES - 1) / L1_CACHE_BYTES;
1525 if (setjmp(bus_error_jmp) == 0) {
1526 catch_memory_errors = 1;
1530 for (; nflush > 0; --nflush, adrs += L1_CACHE_BYTES)
1531 cflush((void *) adrs);
1533 for (; nflush > 0; --nflush, adrs += L1_CACHE_BYTES)
1534 cinval((void *) adrs);
1537 /* wait a little while to see if we get a machine check */
1540 catch_memory_errors = 0;
1543 static unsigned long
1546 unsigned int instrs[2];
1547 unsigned long (*code)(void);
1548 unsigned long ret = -1UL;
1550 unsigned long opd[3];
1552 opd[0] = (unsigned long)instrs;
1555 code = (unsigned long (*)(void)) opd;
1557 code = (unsigned long (*)(void)) instrs;
1560 /* mfspr r3,n; blr */
1561 instrs[0] = 0x7c6002a6 + ((n & 0x1F) << 16) + ((n & 0x3e0) << 6);
1562 instrs[1] = 0x4e800020;
1564 store_inst(instrs+1);
1566 if (setjmp(bus_error_jmp) == 0) {
1567 catch_memory_errors = 1;
1573 /* wait a little while to see if we get a machine check */
1582 write_spr(int n, unsigned long val)
1584 unsigned int instrs[2];
1585 unsigned long (*code)(unsigned long);
1587 unsigned long opd[3];
1589 opd[0] = (unsigned long)instrs;
1592 code = (unsigned long (*)(unsigned long)) opd;
1594 code = (unsigned long (*)(unsigned long)) instrs;
1597 instrs[0] = 0x7c6003a6 + ((n & 0x1F) << 16) + ((n & 0x3e0) << 6);
1598 instrs[1] = 0x4e800020;
1600 store_inst(instrs+1);
1602 if (setjmp(bus_error_jmp) == 0) {
1603 catch_memory_errors = 1;
1609 /* wait a little while to see if we get a machine check */
1615 static unsigned long regno;
1616 extern char exc_prolog;
1617 extern char dec_exc;
1619 static void super_regs(void)
1626 unsigned long sp, toc;
1627 asm("mr %0,1" : "=r" (sp) :);
1628 asm("mr %0,2" : "=r" (toc) :);
1630 printf("msr = "REG" sprg0= "REG"\n",
1631 mfmsr(), mfspr(SPRN_SPRG0));
1632 printf("pvr = "REG" sprg1= "REG"\n",
1633 mfspr(SPRN_PVR), mfspr(SPRN_SPRG1));
1634 printf("dec = "REG" sprg2= "REG"\n",
1635 mfspr(SPRN_DEC), mfspr(SPRN_SPRG2));
1636 printf("sp = "REG" sprg3= "REG"\n", sp, mfspr(SPRN_SPRG3));
1637 printf("toc = "REG" dar = "REG"\n", toc, mfspr(SPRN_DAR));
1638 #ifdef CONFIG_PPC_ISERIES
1639 if (firmware_has_feature(FW_FEATURE_ISERIES)) {
1640 struct paca_struct *ptrPaca;
1641 struct lppaca *ptrLpPaca;
1643 /* Dump out relevant Paca data areas. */
1645 ptrPaca = local_paca;
1647 printf(" Local Processor Control Area (LpPaca): \n");
1648 ptrLpPaca = ptrPaca->lppaca_ptr;
1649 printf(" Saved Srr0=%.16lx Saved Srr1=%.16lx \n",
1650 ptrLpPaca->saved_srr0, ptrLpPaca->saved_srr1);
1651 printf(" Saved Gpr3=%.16lx Saved Gpr4=%.16lx \n",
1652 ptrLpPaca->saved_gpr3, ptrLpPaca->saved_gpr4);
1653 printf(" Saved Gpr5=%.16lx \n",
1654 ptrLpPaca->gpr5_dword.saved_gpr5);
1664 val = read_spr(regno);
1666 write_spr(regno, val);
1669 printf("spr %lx = %lx\n", regno, read_spr(regno));
1676 * Stuff for reading and writing memory safely
1679 mread(unsigned long adrs, void *buf, int size)
1685 if (setjmp(bus_error_jmp) == 0) {
1686 catch_memory_errors = 1;
1692 *(u16 *)q = *(u16 *)p;
1695 *(u32 *)q = *(u32 *)p;
1698 *(u64 *)q = *(u64 *)p;
1701 for( ; n < size; ++n) {
1707 /* wait a little while to see if we get a machine check */
1711 catch_memory_errors = 0;
1716 mwrite(unsigned long adrs, void *buf, int size)
1722 if (setjmp(bus_error_jmp) == 0) {
1723 catch_memory_errors = 1;
1729 *(u16 *)p = *(u16 *)q;
1732 *(u32 *)p = *(u32 *)q;
1735 *(u64 *)p = *(u64 *)q;
1738 for ( ; n < size; ++n) {
1744 /* wait a little while to see if we get a machine check */
1748 printf("*** Error writing address %x\n", adrs + n);
1750 catch_memory_errors = 0;
1754 static int fault_type;
1755 static int fault_except;
1756 static char *fault_chars[] = { "--", "**", "##" };
1758 static int handle_fault(struct pt_regs *regs)
1760 fault_except = TRAP(regs);
1761 switch (TRAP(regs)) {
1773 longjmp(bus_error_jmp, 1);
1778 #define SWAP(a, b, t) ((t) = (a), (a) = (b), (b) = (t))
1781 byterev(unsigned char *val, int size)
1787 SWAP(val[0], val[1], t);
1790 SWAP(val[0], val[3], t);
1791 SWAP(val[1], val[2], t);
1793 case 8: /* is there really any use for this? */
1794 SWAP(val[0], val[7], t);
1795 SWAP(val[1], val[6], t);
1796 SWAP(val[2], val[5], t);
1797 SWAP(val[3], val[4], t);
1805 static char *memex_help_string =
1806 "Memory examine command usage:\n"
1807 "m [addr] [flags] examine/change memory\n"
1808 " addr is optional. will start where left off.\n"
1809 " flags may include chars from this set:\n"
1810 " b modify by bytes (default)\n"
1811 " w modify by words (2 byte)\n"
1812 " l modify by longs (4 byte)\n"
1813 " d modify by doubleword (8 byte)\n"
1814 " r toggle reverse byte order mode\n"
1815 " n do not read memory (for i/o spaces)\n"
1816 " . ok to read (default)\n"
1817 "NOTE: flags are saved as defaults\n"
1820 static char *memex_subcmd_help_string =
1821 "Memory examine subcommands:\n"
1822 " hexval write this val to current location\n"
1823 " 'string' write chars from string to this location\n"
1824 " ' increment address\n"
1825 " ^ decrement address\n"
1826 " / increment addr by 0x10. //=0x100, ///=0x1000, etc\n"
1827 " \\ decrement addr by 0x10. \\\\=0x100, \\\\\\=0x1000, etc\n"
1828 " ` clear no-read flag\n"
1829 " ; stay at this addr\n"
1830 " v change to byte mode\n"
1831 " w change to word (2 byte) mode\n"
1832 " l change to long (4 byte) mode\n"
1833 " u change to doubleword (8 byte) mode\n"
1834 " m addr change current addr\n"
1835 " n toggle no-read flag\n"
1836 " r toggle byte reverse flag\n"
1837 " < count back up count bytes\n"
1838 " > count skip forward count bytes\n"
1839 " x exit this mode\n"
1845 int cmd, inc, i, nslash;
1847 unsigned char val[16];
1849 scanhex((void *)&adrs);
1852 printf(memex_help_string);
1858 while ((cmd = skipbl()) != '\n') {
1860 case 'b': size = 1; break;
1861 case 'w': size = 2; break;
1862 case 'l': size = 4; break;
1863 case 'd': size = 8; break;
1864 case 'r': brev = !brev; break;
1865 case 'n': mnoread = 1; break;
1866 case '.': mnoread = 0; break;
1875 n = mread(adrs, val, size);
1876 printf(REG"%c", adrs, brev? 'r': ' ');
1881 for (i = 0; i < n; ++i)
1882 printf("%.2x", val[i]);
1883 for (; i < size; ++i)
1884 printf("%s", fault_chars[fault_type]);
1891 for (i = 0; i < size; ++i)
1892 val[i] = n >> (i * 8);
1895 mwrite(adrs, val, size);
1908 else if( n == '\'' )
1910 for (i = 0; i < size; ++i)
1911 val[i] = n >> (i * 8);
1914 mwrite(adrs, val, size);
1951 adrs -= 1 << nslash;
1955 adrs += 1 << nslash;
1959 adrs += 1 << -nslash;
1963 adrs -= 1 << -nslash;
1966 scanhex((void *)&adrs);
1985 printf(memex_subcmd_help_string);
2000 case 'n': c = '\n'; break;
2001 case 'r': c = '\r'; break;
2002 case 'b': c = '\b'; break;
2003 case 't': c = '\t'; break;
2008 static void xmon_rawdump (unsigned long adrs, long ndump)
2011 unsigned char temp[16];
2013 for (n = ndump; n > 0;) {
2015 nr = mread(adrs, temp, r);
2017 for (m = 0; m < r; ++m) {
2019 printf("%.2x", temp[m]);
2021 printf("%s", fault_chars[fault_type]);
2030 #define isxdigit(c) (('0' <= (c) && (c) <= '9') \
2031 || ('a' <= (c) && (c) <= 'f') \
2032 || ('A' <= (c) && (c) <= 'F'))
2039 if ((isxdigit(c) && c != 'f' && c != 'd') || c == '\n')
2041 scanhex((void *)&adrs);
2048 else if (nidump > MAX_DUMP)
2050 adrs += ppc_inst_dump(adrs, nidump, 1);
2052 } else if (c == 'l') {
2054 } else if (c == 'r') {
2058 xmon_rawdump(adrs, ndump);
2065 else if (ndump > MAX_DUMP)
2067 prdump(adrs, ndump);
2074 prdump(unsigned long adrs, long ndump)
2076 long n, m, c, r, nr;
2077 unsigned char temp[16];
2079 for (n = ndump; n > 0;) {
2083 nr = mread(adrs, temp, r);
2085 for (m = 0; m < r; ++m) {
2086 if ((m & (sizeof(long) - 1)) == 0 && m > 0)
2089 printf("%.2x", temp[m]);
2091 printf("%s", fault_chars[fault_type]);
2093 for (; m < 16; ++m) {
2094 if ((m & (sizeof(long) - 1)) == 0)
2099 for (m = 0; m < r; ++m) {
2102 putchar(' ' <= c && c <= '~'? c: '.');
2115 typedef int (*instruction_dump_func)(unsigned long inst, unsigned long addr);
2118 generic_inst_dump(unsigned long adr, long count, int praddr,
2119 instruction_dump_func dump_func)
2122 unsigned long first_adr;
2123 unsigned long inst, last_inst = 0;
2124 unsigned char val[4];
2127 for (first_adr = adr; count > 0; --count, adr += 4) {
2128 nr = mread(adr, val, 4);
2131 const char *x = fault_chars[fault_type];
2132 printf(REG" %s%s%s%s\n", adr, x, x, x, x);
2136 inst = GETWORD(val);
2137 if (adr > first_adr && inst == last_inst) {
2147 printf(REG" %.8x", adr, inst);
2149 dump_func(inst, adr);
2152 return adr - first_adr;
2156 ppc_inst_dump(unsigned long adr, long count, int praddr)
2158 return generic_inst_dump(adr, count, praddr, print_insn_powerpc);
2162 print_address(unsigned long addr)
2164 xmon_print_symbol(addr, "\t# ", "");
2170 const unsigned long size = 128;
2171 unsigned long end, addr;
2172 unsigned char buf[size + 1];
2177 if (setjmp(bus_error_jmp) != 0) {
2178 printf("Unable to lookup symbol __log_buf!\n");
2182 catch_memory_errors = 1;
2184 addr = kallsyms_lookup_name("__log_buf");
2187 printf("Symbol __log_buf not found!\n");
2189 end = addr + (1 << CONFIG_LOG_BUF_SHIFT);
2190 while (addr < end) {
2191 if (! mread(addr, buf, size)) {
2192 printf("Can't read memory at address 0x%lx\n", addr);
2198 if (strlen(buf) < size)
2206 /* wait a little while to see if we get a machine check */
2208 catch_memory_errors = 0;
2212 * Memory operations - move, set, print differences
2214 static unsigned long mdest; /* destination address */
2215 static unsigned long msrc; /* source address */
2216 static unsigned long mval; /* byte value to set memory to */
2217 static unsigned long mcount; /* # bytes to affect */
2218 static unsigned long mdiffs; /* max # differences to print */
2223 scanhex((void *)&mdest);
2224 if( termch != '\n' )
2226 scanhex((void *)(cmd == 's'? &mval: &msrc));
2227 if( termch != '\n' )
2229 scanhex((void *)&mcount);
2232 memmove((void *)mdest, (void *)msrc, mcount);
2235 memset((void *)mdest, mval, mcount);
2238 if( termch != '\n' )
2240 scanhex((void *)&mdiffs);
2241 memdiffs((unsigned char *)mdest, (unsigned char *)msrc, mcount, mdiffs);
2247 memdiffs(unsigned char *p1, unsigned char *p2, unsigned nb, unsigned maxpr)
2252 for( n = nb; n > 0; --n )
2253 if( *p1++ != *p2++ )
2254 if( ++prt <= maxpr )
2255 printf("%.16x %.2x # %.16x %.2x\n", p1 - 1,
2256 p1[-1], p2 - 1, p2[-1]);
2258 printf("Total of %d differences\n", prt);
2261 static unsigned mend;
2262 static unsigned mask;
2268 unsigned char val[4];
2271 scanhex((void *)&mdest);
2272 if (termch != '\n') {
2274 scanhex((void *)&mend);
2275 if (termch != '\n') {
2277 scanhex((void *)&mval);
2279 if (termch != '\n') termch = 0;
2280 scanhex((void *)&mask);
2284 for (a = mdest; a < mend; a += 4) {
2285 if (mread(a, val, 4) == 4
2286 && ((GETWORD(val) ^ mval) & mask) == 0) {
2287 printf("%.16x: %.16x\n", a, GETWORD(val));
2294 static unsigned long mskip = 0x1000;
2295 static unsigned long mlim = 0xffffffff;
2305 if (termch != '\n') termch = 0;
2307 if (termch != '\n') termch = 0;
2310 for (a = mdest; a < mlim; a += mskip) {
2311 ok = mread(a, &v, 1);
2313 printf("%.8x .. ", a);
2314 } else if (!ok && ook)
2315 printf("%.8x\n", a - mskip);
2321 printf("%.8x\n", a - mskip);
2324 static void proccall(void)
2326 unsigned long args[8];
2329 typedef unsigned long (*callfunc_t)(unsigned long, unsigned long,
2330 unsigned long, unsigned long, unsigned long,
2331 unsigned long, unsigned long, unsigned long);
2334 if (!scanhex(&adrs))
2338 for (i = 0; i < 8; ++i)
2340 for (i = 0; i < 8; ++i) {
2341 if (!scanhex(&args[i]) || termch == '\n')
2345 func = (callfunc_t) adrs;
2347 if (setjmp(bus_error_jmp) == 0) {
2348 catch_memory_errors = 1;
2350 ret = func(args[0], args[1], args[2], args[3],
2351 args[4], args[5], args[6], args[7]);
2353 printf("return value is %x\n", ret);
2355 printf("*** %x exception occurred\n", fault_except);
2357 catch_memory_errors = 0;
2360 /* Input scanning routines */
2371 while( c == ' ' || c == '\t' )
2377 static char *regnames[N_PTREGS] = {
2378 "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
2379 "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15",
2380 "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
2381 "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31",
2382 "pc", "msr", "or3", "ctr", "lr", "xer", "ccr",
2388 "trap", "dar", "dsisr", "res"
2392 scanhex(unsigned long *vp)
2399 /* parse register name */
2403 for (i = 0; i < sizeof(regname) - 1; ++i) {
2412 for (i = 0; i < N_PTREGS; ++i) {
2413 if (strcmp(regnames[i], regname) == 0) {
2414 if (xmon_regs == NULL) {
2415 printf("regs not available\n");
2418 *vp = ((unsigned long *)xmon_regs)[i];
2422 printf("invalid register name '%%%s'\n", regname);
2426 /* skip leading "0x" if any */
2440 } else if (c == '$') {
2442 for (i=0; i<63; i++) {
2452 if (setjmp(bus_error_jmp) == 0) {
2453 catch_memory_errors = 1;
2455 *vp = kallsyms_lookup_name(tmpstr);
2458 catch_memory_errors = 0;
2460 printf("unknown symbol '%s'\n", tmpstr);
2493 static int hexdigit(int c)
2495 if( '0' <= c && c <= '9' )
2497 if( 'A' <= c && c <= 'F' )
2498 return c - ('A' - 10);
2499 if( 'a' <= c && c <= 'f' )
2500 return c - ('a' - 10);
2505 getstring(char *s, int size)
2516 } while( c != ' ' && c != '\t' && c != '\n' );
2521 static char line[256];
2522 static char *lineptr;
2533 if (lineptr == NULL || *lineptr == 0) {
2534 if (xmon_gets(line, sizeof(line)) == NULL) {
2544 take_input(char *str)
2553 int type = inchar();
2555 static char tmp[64];
2560 xmon_print_symbol(addr, ": ", "\n");
2565 if (setjmp(bus_error_jmp) == 0) {
2566 catch_memory_errors = 1;
2568 addr = kallsyms_lookup_name(tmp);
2570 printf("%s: %lx\n", tmp, addr);
2572 printf("Symbol '%s' not found.\n", tmp);
2575 catch_memory_errors = 0;
2582 /* Print an address in numeric and symbolic form (if possible) */
2583 static void xmon_print_symbol(unsigned long address, const char *mid,
2587 const char *name = NULL;
2588 unsigned long offset, size;
2590 printf(REG, address);
2591 if (setjmp(bus_error_jmp) == 0) {
2592 catch_memory_errors = 1;
2594 name = kallsyms_lookup(address, &size, &offset, &modname,
2597 /* wait a little while to see if we get a machine check */
2601 catch_memory_errors = 0;
2604 printf("%s%s+%#lx/%#lx", mid, name, offset, size);
2606 printf(" [%s]", modname);
2608 printf("%s", after);
2611 #ifdef CONFIG_PPC_BOOK3S_64
2612 static void dump_slb(void)
2615 unsigned long esid,vsid,valid;
2618 printf("SLB contents of cpu %x\n", smp_processor_id());
2620 for (i = 0; i < mmu_slb_size; i++) {
2621 asm volatile("slbmfee %0,%1" : "=r" (esid) : "r" (i));
2622 asm volatile("slbmfev %0,%1" : "=r" (vsid) : "r" (i));
2623 valid = (esid & SLB_ESID_V);
2624 if (valid | esid | vsid) {
2625 printf("%02d %016lx %016lx", i, esid, vsid);
2627 llp = vsid & SLB_VSID_LLP;
2628 if (vsid & SLB_VSID_B_1T) {
2629 printf(" 1T ESID=%9lx VSID=%13lx LLP:%3lx \n",
2631 (vsid & ~SLB_VSID_B) >> SLB_VSID_SHIFT_1T,
2634 printf(" 256M ESID=%9lx VSID=%13lx LLP:%3lx \n",
2636 (vsid & ~SLB_VSID_B) >> SLB_VSID_SHIFT,
2645 static void dump_stab(void)
2648 unsigned long *tmp = (unsigned long *)local_paca->stab_addr;
2650 printf("Segment table contents of cpu %x\n", smp_processor_id());
2652 for (i = 0; i < PAGE_SIZE/16; i++) {
2659 printf("%03d %016lx ", i, a);
2660 printf("%016lx\n", b);
2665 void dump_segments(void)
2667 if (mmu_has_feature(MMU_FTR_SLB))
2674 #ifdef CONFIG_PPC_STD_MMU_32
2675 void dump_segments(void)
2680 for (i = 0; i < 16; ++i)
2681 printf(" %x", mfsrin(i));
2687 static void dump_tlb_44x(void)
2691 for (i = 0; i < PPC44x_TLB_SIZE; i++) {
2692 unsigned long w0,w1,w2;
2693 asm volatile("tlbre %0,%1,0" : "=r" (w0) : "r" (i));
2694 asm volatile("tlbre %0,%1,1" : "=r" (w1) : "r" (i));
2695 asm volatile("tlbre %0,%1,2" : "=r" (w2) : "r" (i));
2696 printf("[%02x] %08x %08x %08x ", i, w0, w1, w2);
2697 if (w0 & PPC44x_TLB_VALID) {
2698 printf("V %08x -> %01x%08x %c%c%c%c%c",
2699 w0 & PPC44x_TLB_EPN_MASK,
2700 w1 & PPC44x_TLB_ERPN_MASK,
2701 w1 & PPC44x_TLB_RPN_MASK,
2702 (w2 & PPC44x_TLB_W) ? 'W' : 'w',
2703 (w2 & PPC44x_TLB_I) ? 'I' : 'i',
2704 (w2 & PPC44x_TLB_M) ? 'M' : 'm',
2705 (w2 & PPC44x_TLB_G) ? 'G' : 'g',
2706 (w2 & PPC44x_TLB_E) ? 'E' : 'e');
2711 #endif /* CONFIG_44x */
2713 #ifdef CONFIG_PPC_BOOK3E
2714 static void dump_tlb_book3e(void)
2716 u32 mmucfg, pidmask, lpidmask;
2718 int i, tlb, ntlbs, pidsz, lpidsz, rasz, lrat = 0;
2720 static const char *pgsz_names[] = {
2755 /* Gather some infos about the MMU */
2756 mmucfg = mfspr(SPRN_MMUCFG);
2757 mmu_version = (mmucfg & 3) + 1;
2758 ntlbs = ((mmucfg >> 2) & 3) + 1;
2759 pidsz = ((mmucfg >> 6) & 0x1f) + 1;
2760 lpidsz = (mmucfg >> 24) & 0xf;
2761 rasz = (mmucfg >> 16) & 0x7f;
2762 if ((mmu_version > 1) && (mmucfg & 0x10000))
2764 printf("Book3E MMU MAV=%d.0,%d TLBs,%d-bit PID,%d-bit LPID,%d-bit RA\n",
2765 mmu_version, ntlbs, pidsz, lpidsz, rasz);
2766 pidmask = (1ul << pidsz) - 1;
2767 lpidmask = (1ul << lpidsz) - 1;
2768 ramask = (1ull << rasz) - 1;
2770 for (tlb = 0; tlb < ntlbs; tlb++) {
2772 int nent, assoc, new_cc = 1;
2773 printf("TLB %d:\n------\n", tlb);
2776 tlbcfg = mfspr(SPRN_TLB0CFG);
2779 tlbcfg = mfspr(SPRN_TLB1CFG);
2782 tlbcfg = mfspr(SPRN_TLB2CFG);
2785 tlbcfg = mfspr(SPRN_TLB3CFG);
2788 printf("Unsupported TLB number !\n");
2791 nent = tlbcfg & 0xfff;
2792 assoc = (tlbcfg >> 24) & 0xff;
2793 for (i = 0; i < nent; i++) {
2794 u32 mas0 = MAS0_TLBSEL(tlb);
2795 u32 mas1 = MAS1_TSIZE(BOOK3E_PAGESZ_4K);
2798 int esel = i, cc = i;
2806 mas0 |= MAS0_ESEL(esel);
2807 mtspr(SPRN_MAS0, mas0);
2808 mtspr(SPRN_MAS1, mas1);
2809 mtspr(SPRN_MAS2, mas2);
2810 asm volatile("tlbre 0,0,0" : : : "memory");
2811 mas1 = mfspr(SPRN_MAS1);
2812 mas2 = mfspr(SPRN_MAS2);
2813 mas7_mas3 = mfspr(SPRN_MAS7_MAS3);
2814 if (assoc && (i % assoc) == 0)
2816 if (!(mas1 & MAS1_VALID))
2819 printf("%04x- ", i);
2821 printf("%04x-%c", cc, 'A' + esel);
2823 printf(" |%c", 'A' + esel);
2825 printf(" %016llx %04x %s %c%c AS%c",
2827 (mas1 >> 16) & 0x3fff,
2828 pgsz_names[(mas1 >> 7) & 0x1f],
2829 mas1 & MAS1_IND ? 'I' : ' ',
2830 mas1 & MAS1_IPROT ? 'P' : ' ',
2831 mas1 & MAS1_TS ? '1' : '0');
2832 printf(" %c%c%c%c%c%c%c",
2833 mas2 & MAS2_X0 ? 'a' : ' ',
2834 mas2 & MAS2_X1 ? 'v' : ' ',
2835 mas2 & MAS2_W ? 'w' : ' ',
2836 mas2 & MAS2_I ? 'i' : ' ',
2837 mas2 & MAS2_M ? 'm' : ' ',
2838 mas2 & MAS2_G ? 'g' : ' ',
2839 mas2 & MAS2_E ? 'e' : ' ');
2840 printf(" %016llx", mas7_mas3 & ramask & ~0x7ffull);
2841 if (mas1 & MAS1_IND)
2843 pgsz_names[(mas7_mas3 >> 1) & 0x1f]);
2845 printf(" U%c%c%c S%c%c%c\n",
2846 mas7_mas3 & MAS3_UX ? 'x' : ' ',
2847 mas7_mas3 & MAS3_UW ? 'w' : ' ',
2848 mas7_mas3 & MAS3_UR ? 'r' : ' ',
2849 mas7_mas3 & MAS3_SX ? 'x' : ' ',
2850 mas7_mas3 & MAS3_SW ? 'w' : ' ',
2851 mas7_mas3 & MAS3_SR ? 'r' : ' ');
2855 #endif /* CONFIG_PPC_BOOK3E */
2857 static void xmon_init(int enable)
2859 #ifdef CONFIG_PPC_ISERIES
2860 if (firmware_has_feature(FW_FEATURE_ISERIES))
2865 __debugger_ipi = xmon_ipi;
2866 __debugger_bpt = xmon_bpt;
2867 __debugger_sstep = xmon_sstep;
2868 __debugger_iabr_match = xmon_iabr_match;
2869 __debugger_dabr_match = xmon_dabr_match;
2870 __debugger_fault_handler = xmon_fault_handler;
2873 __debugger_ipi = NULL;
2874 __debugger_bpt = NULL;
2875 __debugger_sstep = NULL;
2876 __debugger_iabr_match = NULL;
2877 __debugger_dabr_match = NULL;
2878 __debugger_fault_handler = NULL;
2883 #ifdef CONFIG_MAGIC_SYSRQ
2884 static void sysrq_handle_xmon(int key)
2886 /* ensure xmon is enabled */
2888 debugger(get_irq_regs());
2891 static struct sysrq_key_op sysrq_xmon_op = {
2892 .handler = sysrq_handle_xmon,
2894 .action_msg = "Entering xmon",
2897 static int __init setup_xmon_sysrq(void)
2899 #ifdef CONFIG_PPC_ISERIES
2900 if (firmware_has_feature(FW_FEATURE_ISERIES))
2903 register_sysrq_key('x', &sysrq_xmon_op);
2906 __initcall(setup_xmon_sysrq);
2907 #endif /* CONFIG_MAGIC_SYSRQ */
2909 static int __initdata xmon_early, xmon_off;
2911 static int __init early_parse_xmon(char *p)
2913 if (!p || strncmp(p, "early", 5) == 0) {
2914 /* just "xmon" is equivalent to "xmon=early" */
2917 } else if (strncmp(p, "on", 2) == 0)
2919 else if (strncmp(p, "off", 3) == 0)
2921 else if (strncmp(p, "nobt", 4) == 0)
2922 xmon_no_auto_backtrace = 1;
2928 early_param("xmon", early_parse_xmon);
2930 void __init xmon_setup(void)
2932 #ifdef CONFIG_XMON_DEFAULT
2940 #ifdef CONFIG_SPU_BASE
2944 u64 saved_mfc_sr1_RW;
2945 u32 saved_spu_runcntl_RW;
2946 unsigned long dump_addr;
2950 #define XMON_NUM_SPUS 16 /* Enough for current hardware */
2952 static struct spu_info spu_info[XMON_NUM_SPUS];
2954 void xmon_register_spus(struct list_head *list)
2958 list_for_each_entry(spu, list, full_list) {
2959 if (spu->number >= XMON_NUM_SPUS) {
2964 spu_info[spu->number].spu = spu;
2965 spu_info[spu->number].stopped_ok = 0;
2966 spu_info[spu->number].dump_addr = (unsigned long)
2967 spu_info[spu->number].spu->local_store;
2971 static void stop_spus(void)
2977 for (i = 0; i < XMON_NUM_SPUS; i++) {
2978 if (!spu_info[i].spu)
2981 if (setjmp(bus_error_jmp) == 0) {
2982 catch_memory_errors = 1;
2985 spu = spu_info[i].spu;
2987 spu_info[i].saved_spu_runcntl_RW =
2988 in_be32(&spu->problem->spu_runcntl_RW);
2990 tmp = spu_mfc_sr1_get(spu);
2991 spu_info[i].saved_mfc_sr1_RW = tmp;
2993 tmp &= ~MFC_STATE1_MASTER_RUN_CONTROL_MASK;
2994 spu_mfc_sr1_set(spu, tmp);
2999 spu_info[i].stopped_ok = 1;
3001 printf("Stopped spu %.2d (was %s)\n", i,
3002 spu_info[i].saved_spu_runcntl_RW ?
3003 "running" : "stopped");
3005 catch_memory_errors = 0;
3006 printf("*** Error stopping spu %.2d\n", i);
3008 catch_memory_errors = 0;
3012 static void restart_spus(void)
3017 for (i = 0; i < XMON_NUM_SPUS; i++) {
3018 if (!spu_info[i].spu)
3021 if (!spu_info[i].stopped_ok) {
3022 printf("*** Error, spu %d was not successfully stopped"
3023 ", not restarting\n", i);
3027 if (setjmp(bus_error_jmp) == 0) {
3028 catch_memory_errors = 1;
3031 spu = spu_info[i].spu;
3032 spu_mfc_sr1_set(spu, spu_info[i].saved_mfc_sr1_RW);
3033 out_be32(&spu->problem->spu_runcntl_RW,
3034 spu_info[i].saved_spu_runcntl_RW);
3039 printf("Restarted spu %.2d\n", i);
3041 catch_memory_errors = 0;
3042 printf("*** Error restarting spu %.2d\n", i);
3044 catch_memory_errors = 0;
3048 #define DUMP_WIDTH 23
3049 #define DUMP_VALUE(format, field, value) \
3051 if (setjmp(bus_error_jmp) == 0) { \
3052 catch_memory_errors = 1; \
3054 printf(" %-*s = "format"\n", DUMP_WIDTH, \
3059 catch_memory_errors = 0; \
3060 printf(" %-*s = *** Error reading field.\n", \
3061 DUMP_WIDTH, #field); \
3063 catch_memory_errors = 0; \
3066 #define DUMP_FIELD(obj, format, field) \
3067 DUMP_VALUE(format, field, obj->field)
3069 static void dump_spu_fields(struct spu *spu)
3071 printf("Dumping spu fields at address %p:\n", spu);
3073 DUMP_FIELD(spu, "0x%x", number);
3074 DUMP_FIELD(spu, "%s", name);
3075 DUMP_FIELD(spu, "0x%lx", local_store_phys);
3076 DUMP_FIELD(spu, "0x%p", local_store);
3077 DUMP_FIELD(spu, "0x%lx", ls_size);
3078 DUMP_FIELD(spu, "0x%x", node);
3079 DUMP_FIELD(spu, "0x%lx", flags);
3080 DUMP_FIELD(spu, "%d", class_0_pending);
3081 DUMP_FIELD(spu, "0x%lx", class_0_dar);
3082 DUMP_FIELD(spu, "0x%lx", class_1_dar);
3083 DUMP_FIELD(spu, "0x%lx", class_1_dsisr);
3084 DUMP_FIELD(spu, "0x%lx", irqs[0]);
3085 DUMP_FIELD(spu, "0x%lx", irqs[1]);
3086 DUMP_FIELD(spu, "0x%lx", irqs[2]);
3087 DUMP_FIELD(spu, "0x%x", slb_replace);
3088 DUMP_FIELD(spu, "%d", pid);
3089 DUMP_FIELD(spu, "0x%p", mm);
3090 DUMP_FIELD(spu, "0x%p", ctx);
3091 DUMP_FIELD(spu, "0x%p", rq);
3092 DUMP_FIELD(spu, "0x%p", timestamp);
3093 DUMP_FIELD(spu, "0x%lx", problem_phys);
3094 DUMP_FIELD(spu, "0x%p", problem);
3095 DUMP_VALUE("0x%x", problem->spu_runcntl_RW,
3096 in_be32(&spu->problem->spu_runcntl_RW));
3097 DUMP_VALUE("0x%x", problem->spu_status_R,
3098 in_be32(&spu->problem->spu_status_R));
3099 DUMP_VALUE("0x%x", problem->spu_npc_RW,
3100 in_be32(&spu->problem->spu_npc_RW));
3101 DUMP_FIELD(spu, "0x%p", priv2);
3102 DUMP_FIELD(spu, "0x%p", pdata);
3106 spu_inst_dump(unsigned long adr, long count, int praddr)
3108 return generic_inst_dump(adr, count, praddr, print_insn_spu);
3111 static void dump_spu_ls(unsigned long num, int subcmd)
3113 unsigned long offset, addr, ls_addr;
3115 if (setjmp(bus_error_jmp) == 0) {
3116 catch_memory_errors = 1;
3118 ls_addr = (unsigned long)spu_info[num].spu->local_store;
3122 catch_memory_errors = 0;
3123 printf("*** Error: accessing spu info for spu %d\n", num);
3126 catch_memory_errors = 0;
3128 if (scanhex(&offset))
3129 addr = ls_addr + offset;
3131 addr = spu_info[num].dump_addr;
3133 if (addr >= ls_addr + LS_SIZE) {
3134 printf("*** Error: address outside of local store\n");
3140 addr += spu_inst_dump(addr, 16, 1);
3150 spu_info[num].dump_addr = addr;
3153 static int do_spu_cmd(void)
3155 static unsigned long num = 0;
3156 int cmd, subcmd = 0;
3168 if (isxdigit(subcmd) || subcmd == '\n')
3172 if (num >= XMON_NUM_SPUS || !spu_info[num].spu) {
3173 printf("*** Error: invalid spu number\n");
3179 dump_spu_fields(spu_info[num].spu);
3182 dump_spu_ls(num, subcmd);
3193 #else /* ! CONFIG_SPU_BASE */
3194 static int do_spu_cmd(void)