Kernel and hwpmc(4) support for callchain capture.

Sponsored by:	FreeBSD Foundation and Google Inc.

1 files changed, 191 insertions, 0 deletions

diff --git a/sys/dev/hwpmc/hwpmc_x86.c b/sys/dev/hwpmc/hwpmc_x86.c
index cb6db23..2fc7cd9 100644
--- a/sys/dev/hwpmc/hwpmc_x86.c
+++ b/sys/dev/hwpmc/hwpmc_x86.c
@@ -1,7 +1,11 @@
 /*-
  * Copyright (c) 2005, Joseph Koshy
+ * Copyright (c) 2007 The FreeBSD Foundation
  * All rights reserved.
  *
+ * Portions of this software were developed by A. Joseph Koshy under
+ * sponsorship from the FreeBSD Foundation and Google, Inc.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -30,12 +34,18 @@ __FBSDID("$FreeBSD$");
 #include <sys/param.h>
 #include <sys/bus.h>
 #include <sys/pmc.h>
+#include <sys/proc.h>
 #include <sys/systm.h>
 
+#include <machine/cpu.h>
 #include <machine/apicreg.h>
 #include <machine/pmc_mdep.h>
 #include <machine/md_var.h>
 
+#include <vm/vm.h>
+#include <vm/vm_param.h>
+#include <vm/pmap.h>
+
 extern volatile lapic_t *lapic;
 
 void
@@ -48,6 +58,187 @@ pmc_x86_lapic_enable_pmc_interrupt(void)
 	lapic->lvt_pcint = value;
 }
 
+/*
+ * Attempt to walk a user call stack using a too-simple algorithm.
+ * In the general case we need unwind information associated with
+ * the executable to be able to walk the user stack.
+ *
+ * We are handed a trap frame laid down at the time the PMC interrupt
+ * was taken.  If the application is using frame pointers, the saved
+ * PC value could be:
+ * a. at the beginning of a function before the stack frame is laid
+ *    down,
+ * b. just before a 'ret', after the stack frame has been taken off,
+ * c. somewhere else in the function with a valid stack frame being
+ *    present,
+ *
+ * If the application is not using frame pointers, this algorithm will
+ * fail to yield an interesting call chain.
+ *
+ * TODO: figure out a way to use unwind information.
+ */
+
+int
+pmc_save_user_callchain(uintptr_t *cc, int nframes, struct trapframe *tf)
+{
+	int n;
+	uint32_t instr;
+	uintptr_t fp, oldfp, pc, r, sp;
+
+	KASSERT(TRAPF_USERMODE(tf), ("[x86,%d] Not a user trap frame tf=%p",
+	    __LINE__, (void *) tf));
+
+	pc = PMC_TRAPFRAME_TO_PC(tf);
+	oldfp = fp = PMC_TRAPFRAME_TO_FP(tf);
+	sp = PMC_TRAPFRAME_TO_SP(tf);
+
+	*cc++ = pc; n = 1;
+
+	r = fp + sizeof(uintptr_t); /* points to return address */
+
+	if (!PMC_IN_USERSPACE(pc))
+		return (n);
+
+	if (copyin((void *) pc, &instr, sizeof(instr)) != 0)
+		return (n);
+
+	if (PMC_AT_FUNCTION_PROLOGUE_PUSH_BP(instr) ||
+	    PMC_AT_FUNCTION_EPILOGUE_RET(instr)) { /* ret */
+		if (copyin((void *) sp, &pc, sizeof(pc)) != 0)
+			return (n);
+	} else if (PMC_AT_FUNCTION_PROLOGUE_MOV_SP_BP(instr)) {
+		sp += sizeof(uintptr_t);
+		if (copyin((void *) sp, &pc, sizeof(pc)) != 0)
+			return (n);
+	} else if (copyin((void *) r, &pc, sizeof(pc)) != 0 ||
+	    copyin((void *) fp, &fp, sizeof(fp) != 0))
+		return (n);
+
+	for (; n < nframes;) {
+		if (pc == 0 || !PMC_IN_USERSPACE(pc))
+			break;
+
+		*cc++ = pc; n++;
+
+		if (fp < oldfp)
+			break;
+
+		r = fp + sizeof(uintptr_t); /* address of return address */
+		oldfp = fp;
+
+		if (copyin((void *) r, &pc, sizeof(pc)) != 0 ||
+		    copyin((void *) fp, &fp, sizeof(fp)) != 0)
+			break;
+	}
+
+	return (n);
+}
+
+/*
+ * Walking the kernel call stack.
+ *
+ * We are handed the trap frame laid down at the time the PMC
+ * interrupt was taken.  The saved PC could be:
+ * a. in the lowlevel trap handler, meaning that there isn't a C stack
+ *    to traverse,
+ * b. at the beginning of a function before the stack frame is laid
+ *    down,
+ * c. just before a 'ret', after the stack frame has been taken off,
+ * d. somewhere else in a function with a valid stack frame being
+ *    present.
+ *
+ * In case (d), the previous frame pointer is at [%ebp]/[%rbp] and
+ * the return address is at [%ebp+4]/[%rbp+8].
+ *
+ * For cases (b) and (c), the return address is at [%esp]/[%rsp] and
+ * the frame pointer doesn't need to be changed when going up one
+ * level in the stack.
+ *
+ * For case (a), we check if the PC lies in low-level trap handling
+ * code, and if so we terminate our trace.
+ */
+
+int
+pmc_save_kernel_callchain(uintptr_t *cc, int nframes, struct trapframe *tf)
+{
+	int n;
+	uint32_t instr;
+	uintptr_t fp, pc, r, sp, stackstart, stackend;
+	struct thread *td;
+
+	KASSERT(TRAPF_USERMODE(tf) == 0,("[x86,%d] not a kernel backtrace",
+	    __LINE__));
+
+	pc = PMC_TRAPFRAME_TO_PC(tf);
+	fp = PMC_TRAPFRAME_TO_FP(tf);
+	sp = PMC_TRAPFRAME_TO_SP(tf);
+
+	*cc++ = pc;
+	r = fp + sizeof(uintptr_t); /* points to return address */
+
+	if ((td = curthread) == NULL)
+		return (1);
+
+	if (nframes <= 1)
+		return (1);
+
+	stackstart = (uintptr_t) td->td_kstack;
+	stackend = (uintptr_t) td->td_kstack + td->td_kstack_pages * PAGE_SIZE;
+
+	if (PMC_IN_TRAP_HANDLER(pc) ||
+	    !PMC_IN_KERNEL(pc) || !PMC_IN_KERNEL(r) ||
+	    !PMC_IN_KERNEL_STACK(sp, stackstart, stackend) ||
+	    !PMC_IN_KERNEL_STACK(fp, stackstart, stackend))
+		return (1);
+
+	instr = *(uint32_t *) pc;
+
+	/*
+	 * Determine whether the interrupted function was in the
+	 * processing of either laying down its stack frame or taking
+	 * it off.
+	 *
+	 * If we haven't started laying down a stack frame, or are
+	 * just about to return, then our caller's address is at
+	 * *sp, and we don't have a frame to unwind.
+	 */
+	if (PMC_AT_FUNCTION_PROLOGUE_PUSH_BP(instr) ||
+	    PMC_AT_FUNCTION_EPILOGUE_RET(instr))
+		pc = *(uintptr_t *) sp;
+	else if (PMC_AT_FUNCTION_PROLOGUE_MOV_SP_BP(instr)) {
+		/*
+		 * The code was midway through laying down a frame.
+		 * At this point sp[0] has a frame back pointer,
+		 * and the caller's address is therefore at sp[1].
+		 */
+		sp += sizeof(uintptr_t);
+		if (!PMC_IN_KERNEL_STACK(sp, stackstart, stackend))
+			return (1);
+		pc = *(uintptr_t *) sp;
+	} else {
+		/*
+		 * Not in the function prologue or epilogue.
+		 */
+		pc = *(uintptr_t *) r;
+		fp = *(uintptr_t *) fp;
+	}
+
+	for (n = 1; n < nframes; n++) {
+		*cc++ = pc;
+
+		if (PMC_IN_TRAP_HANDLER(pc))
+			break;
+
+		r = fp + sizeof(uintptr_t);
+		if (!PMC_IN_KERNEL_STACK(fp, stackstart, stackend) ||
+		    !PMC_IN_KERNEL(r))
+			break;
+		pc = *(uintptr_t *) r;
+		fp = *(uintptr_t *) fp;
+	}
+
+	return (n);
+}
 
 static struct pmc_mdep *
 pmc_intel_initialize(void)