projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
perf/x86/intel: Re-organize code that implicitly enables LBR/PEBS
[deliverable/linux.git] / arch / x86 / kernel / cpu / perf_event_intel_lbr.c
CommitLineData
de0428a7
KW		 1#include <linux/perf_event.h>
2#include <linux/types.h>
3
4#include <asm/perf_event.h>
5#include <asm/msr.h>
3e702ff6 6#include <asm/insn.h>
de0428a7
KW		 7
8#include "perf_event.h"
caff2bef
PZ		 9
10enum {
11 LBR_FORMAT_32 = 0x00,
12 LBR_FORMAT_LIP = 0x01,
13 LBR_FORMAT_EIP = 0x02,
14 LBR_FORMAT_EIP_FLAGS = 0x03,
135c5612
AK		 15 LBR_FORMAT_EIP_FLAGS2 = 0x04,
16 LBR_FORMAT_MAX_KNOWN = LBR_FORMAT_EIP_FLAGS2,
17};
18
19static enum {
20 LBR_EIP_FLAGS = 1,
21 LBR_TSX = 2,
22} lbr_desc[LBR_FORMAT_MAX_KNOWN + 1] = {
23 [LBR_FORMAT_EIP_FLAGS] = LBR_EIP_FLAGS,
24 [LBR_FORMAT_EIP_FLAGS2] = LBR_EIP_FLAGS | LBR_TSX,
caff2bef
PZ		 25};
26
c5cc2cd9
SE		 27/*
28 * Intel LBR_SELECT bits
29 * Intel Vol3a, April 2011, Section 16.7 Table 16-10
30 *
31 * Hardware branch filter (not available on all CPUs)
32 */
33#define LBR_KERNEL_BIT 0 /* do not capture at ring0 */
34#define LBR_USER_BIT 1 /* do not capture at ring > 0 */
35#define LBR_JCC_BIT 2 /* do not capture conditional branches */
36#define LBR_REL_CALL_BIT 3 /* do not capture relative calls */
37#define LBR_IND_CALL_BIT 4 /* do not capture indirect calls */
38#define LBR_RETURN_BIT 5 /* do not capture near returns */
39#define LBR_IND_JMP_BIT 6 /* do not capture indirect jumps */
40#define LBR_REL_JMP_BIT 7 /* do not capture relative jumps */
41#define LBR_FAR_BIT 8 /* do not capture far branches */
e9d7f7cd 42#define LBR_CALL_STACK_BIT 9 /* enable call stack */
c5cc2cd9
SE		 43
44#define LBR_KERNEL (1 << LBR_KERNEL_BIT)
45#define LBR_USER (1 << LBR_USER_BIT)
46#define LBR_JCC (1 << LBR_JCC_BIT)
47#define LBR_REL_CALL (1 << LBR_REL_CALL_BIT)
48#define LBR_IND_CALL (1 << LBR_IND_CALL_BIT)
49#define LBR_RETURN (1 << LBR_RETURN_BIT)
50#define LBR_REL_JMP (1 << LBR_REL_JMP_BIT)
51#define LBR_IND_JMP (1 << LBR_IND_JMP_BIT)
52#define LBR_FAR (1 << LBR_FAR_BIT)
e9d7f7cd 53#define LBR_CALL_STACK (1 << LBR_CALL_STACK_BIT)
c5cc2cd9
SE		 54
55#define LBR_PLM (LBR_KERNEL | LBR_USER)
56
57#define LBR_SEL_MASK 0x1ff /* valid bits in LBR_SELECT */
58#define LBR_NOT_SUPP -1 /* LBR filter not supported */
59#define LBR_IGN 0 /* ignored */
60
61#define LBR_ANY \
62 (LBR_JCC |\
63 LBR_REL_CALL |\
64 LBR_IND_CALL |\
65 LBR_RETURN |\
66 LBR_REL_JMP |\
67 LBR_IND_JMP |\
68 LBR_FAR)
69
70#define LBR_FROM_FLAG_MISPRED (1ULL << 63)
135c5612
AK		 71#define LBR_FROM_FLAG_IN_TX (1ULL << 62)
72#define LBR_FROM_FLAG_ABORT (1ULL << 61)
c5cc2cd9 73
3e702ff6
SE		 74/*
75 * x86control flow change classification
76 * x86control flow changes include branches, interrupts, traps, faults
77 */
78enum {
e9d7f7cd
YZ		 79 X86_BR_NONE = 0, /* unknown */
80
81 X86_BR_USER = 1 << 0, /* branch target is user */
82 X86_BR_KERNEL = 1 << 1, /* branch target is kernel */
83
84 X86_BR_CALL = 1 << 2, /* call */
85 X86_BR_RET = 1 << 3, /* return */
86 X86_BR_SYSCALL = 1 << 4, /* syscall */
87 X86_BR_SYSRET = 1 << 5, /* syscall return */
88 X86_BR_INT = 1 << 6, /* sw interrupt */
89 X86_BR_IRET = 1 << 7, /* return from interrupt */
90 X86_BR_JCC = 1 << 8, /* conditional */
91 X86_BR_JMP = 1 << 9, /* jump */
92 X86_BR_IRQ = 1 << 10,/* hw interrupt or trap or fault */
93 X86_BR_IND_CALL = 1 << 11,/* indirect calls */
94 X86_BR_ABORT = 1 << 12,/* transaction abort */
95 X86_BR_IN_TX = 1 << 13,/* in transaction */
96 X86_BR_NO_TX = 1 << 14,/* not in transaction */
97 X86_BR_CALL_STACK = 1 << 15,/* call stack */
3e702ff6
SE		 98};
99
100#define X86_BR_PLM (X86_BR_USER | X86_BR_KERNEL)
135c5612 101#define X86_BR_ANYTX (X86_BR_NO_TX | X86_BR_IN_TX)
3e702ff6
SE		 102
103#define X86_BR_ANY \
104 (X86_BR_CALL |\
105 X86_BR_RET |\
106 X86_BR_SYSCALL |\
107 X86_BR_SYSRET |\
108 X86_BR_INT |\
109 X86_BR_IRET |\
110 X86_BR_JCC |\
111 X86_BR_JMP |\
112 X86_BR_IRQ |\
135c5612 113 X86_BR_ABORT |\
3e702ff6
SE		 114 X86_BR_IND_CALL)
115
116#define X86_BR_ALL (X86_BR_PLM | X86_BR_ANY)
117
118#define X86_BR_ANY_CALL \
119 (X86_BR_CALL |\
120 X86_BR_IND_CALL |\
121 X86_BR_SYSCALL |\
122 X86_BR_IRQ |\
123 X86_BR_INT)
124
125static void intel_pmu_lbr_filter(struct cpu_hw_events *cpuc);
126
caff2bef
PZ		 127/*
128 * We only support LBR implementations that have FREEZE_LBRS_ON_PMI
129 * otherwise it becomes near impossible to get a reliable stack.
130 */
131
caff2bef
PZ		 132static void __intel_pmu_lbr_enable(void)
133{
134 u64 debugctl;
89cbc767 135 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
60ce0fbd
SE		 136
137 if (cpuc->lbr_sel)
138 wrmsrl(MSR_LBR_SELECT, cpuc->lbr_sel->config);
caff2bef
PZ		 139
140 rdmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
7c5ecaf7 141 debugctl |= (DEBUGCTLMSR_LBR | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI);
caff2bef
PZ		 142 wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
143}
144
145static void __intel_pmu_lbr_disable(void)
146{
147 u64 debugctl;
148
149 rdmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
7c5ecaf7 150 debugctl &= ~(DEBUGCTLMSR_LBR | DEBUGCTLMSR_FREEZE_LBRS_ON_PMI);
caff2bef
PZ		 151 wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctl);
152}
153
154static void intel_pmu_lbr_reset_32(void)
155{
156 int i;
157
158 for (i = 0; i < x86_pmu.lbr_nr; i++)
159 wrmsrl(x86_pmu.lbr_from + i, 0);
160}
161
162static void intel_pmu_lbr_reset_64(void)
163{
164 int i;
165
166 for (i = 0; i < x86_pmu.lbr_nr; i++) {
167 wrmsrl(x86_pmu.lbr_from + i, 0);
168 wrmsrl(x86_pmu.lbr_to + i, 0);
169 }
170}
171
de0428a7 172void intel_pmu_lbr_reset(void)
caff2bef 173{
74846d35
PZ		 174 if (!x86_pmu.lbr_nr)
175 return;
176
8db909a7 177 if (x86_pmu.intel_cap.lbr_format == LBR_FORMAT_32)
caff2bef
PZ		 178 intel_pmu_lbr_reset_32();
179 else
180 intel_pmu_lbr_reset_64();
181}
182
76cb2c61
YZ		 183/*
184 * TOS = most recently recorded branch
185 */
186static inline u64 intel_pmu_lbr_tos(void)
187{
188 u64 tos;
189
190 rdmsrl(x86_pmu.lbr_tos, tos);
191 return tos;
192}
193
194enum {
195 LBR_NONE,
196 LBR_VALID,
197};
198
199static void __intel_pmu_lbr_restore(struct x86_perf_task_context *task_ctx)
200{
201 int i;
202 unsigned lbr_idx, mask;
203 u64 tos;
204
205 if (task_ctx->lbr_callstack_users == 0 ||
206 task_ctx->lbr_stack_state == LBR_NONE) {
207 intel_pmu_lbr_reset();
208 return;
209 }
210
211 mask = x86_pmu.lbr_nr - 1;
212 tos = intel_pmu_lbr_tos();
213 for (i = 0; i < x86_pmu.lbr_nr; i++) {
214 lbr_idx = (tos - i) & mask;
215 wrmsrl(x86_pmu.lbr_from + lbr_idx, task_ctx->lbr_from[i]);
216 wrmsrl(x86_pmu.lbr_to + lbr_idx, task_ctx->lbr_to[i]);
217 }
218 task_ctx->lbr_stack_state = LBR_NONE;
219}
220
221static void __intel_pmu_lbr_save(struct x86_perf_task_context *task_ctx)
222{
223 int i;
224 unsigned lbr_idx, mask;
225 u64 tos;
226
227 if (task_ctx->lbr_callstack_users == 0) {
228 task_ctx->lbr_stack_state = LBR_NONE;
229 return;
230 }
231
232 mask = x86_pmu.lbr_nr - 1;
233 tos = intel_pmu_lbr_tos();
234 for (i = 0; i < x86_pmu.lbr_nr; i++) {
235 lbr_idx = (tos - i) & mask;
236 rdmsrl(x86_pmu.lbr_from + lbr_idx, task_ctx->lbr_from[i]);
237 rdmsrl(x86_pmu.lbr_to + lbr_idx, task_ctx->lbr_to[i]);
238 }
239 task_ctx->lbr_stack_state = LBR_VALID;
240}
241
2a0ad3b3
YZ		 242void intel_pmu_lbr_sched_task(struct perf_event_context *ctx, bool sched_in)
243{
244 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
76cb2c61 245 struct x86_perf_task_context *task_ctx;
2a0ad3b3
YZ		 246
247 if (!x86_pmu.lbr_nr)
248 return;
249
76cb2c61
YZ		 250 /*
251 * If LBR callstack feature is enabled and the stack was saved when
252 * the task was scheduled out, restore the stack. Otherwise flush
253 * the LBR stack.
254 */
255 task_ctx = ctx ? ctx->task_ctx_data : NULL;
256 if (task_ctx) {
257 if (sched_in) {
258 __intel_pmu_lbr_restore(task_ctx);
259 cpuc->lbr_context = ctx;
260 } else {
261 __intel_pmu_lbr_save(task_ctx);
262 }
263 return;
264 }
265
2a0ad3b3
YZ		 266 /*
267 * When sampling the branck stack in system-wide, it may be
268 * necessary to flush the stack on context switch. This happens
269 * when the branch stack does not tag its entries with the pid
270 * of the current task. Otherwise it becomes impossible to
271 * associate a branch entry with a task. This ambiguity is more
272 * likely to appear when the branch stack supports priv level
273 * filtering and the user sets it to monitor only at the user
274 * level (which could be a useful measurement in system-wide
275 * mode). In that case, the risk is high of having a branch
276 * stack with branch from multiple tasks.
277 */
278 if (sched_in) {
279 intel_pmu_lbr_reset();
280 cpuc->lbr_context = ctx;
281 }
282}
283
63f0c1d8
YZ		 284static inline bool branch_user_callstack(unsigned br_sel)
285{
286 return (br_sel & X86_BR_USER) && (br_sel & X86_BR_CALL_STACK);
287}
288
de0428a7 289void intel_pmu_lbr_enable(struct perf_event *event)
caff2bef 290{
89cbc767 291 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
63f0c1d8 292 struct x86_perf_task_context *task_ctx;
caff2bef
PZ		 293
294 if (!x86_pmu.lbr_nr)
295 return;
296
caff2bef 297 /*
b83a46e7
PZ		 298 * Reset the LBR stack if we changed task context to
299 * avoid data leaks.
caff2bef 300 */
b83a46e7 301 if (event->ctx->task && cpuc->lbr_context != event->ctx) {
caff2bef
PZ		 302 intel_pmu_lbr_reset();
303 cpuc->lbr_context = event->ctx;
304 }
3e702ff6 305 cpuc->br_sel = event->hw.branch_reg.reg;
caff2bef 306
63f0c1d8
YZ		 307 if (branch_user_callstack(cpuc->br_sel) && event->ctx &&
308 event->ctx->task_ctx_data) {
309 task_ctx = event->ctx->task_ctx_data;
310 task_ctx->lbr_callstack_users++;
311 }
312
caff2bef 313 cpuc->lbr_users++;
2a0ad3b3 314 perf_sched_cb_inc(event->ctx->pmu);
caff2bef
PZ		 315}
316
de0428a7 317void intel_pmu_lbr_disable(struct perf_event *event)
caff2bef 318{
89cbc767 319 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
63f0c1d8 320 struct x86_perf_task_context *task_ctx;
caff2bef
PZ		 321
322 if (!x86_pmu.lbr_nr)
323 return;
324
63f0c1d8
YZ		 325 if (branch_user_callstack(cpuc->br_sel) && event->ctx &&
326 event->ctx->task_ctx_data) {
327 task_ctx = event->ctx->task_ctx_data;
328 task_ctx->lbr_callstack_users--;
329 }
330
caff2bef 331 cpuc->lbr_users--;
b83a46e7 332 WARN_ON_ONCE(cpuc->lbr_users < 0);
2a0ad3b3 333 perf_sched_cb_dec(event->ctx->pmu);
2df202bf 334
60ce0fbd 335 if (cpuc->enabled && !cpuc->lbr_users) {
2df202bf 336 __intel_pmu_lbr_disable();
60ce0fbd
SE		 337 /* avoid stale pointer */
338 cpuc->lbr_context = NULL;
339 }
caff2bef
PZ		 340}
341
de0428a7 342void intel_pmu_lbr_enable_all(void)
caff2bef 343{
89cbc767 344 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
caff2bef
PZ		 345
346 if (cpuc->lbr_users)
347 __intel_pmu_lbr_enable();
348}
349
de0428a7 350void intel_pmu_lbr_disable_all(void)
caff2bef 351{
89cbc767 352 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
caff2bef
PZ		 353
354 if (cpuc->lbr_users)
355 __intel_pmu_lbr_disable();
356}
357
caff2bef
PZ		 358static void intel_pmu_lbr_read_32(struct cpu_hw_events *cpuc)
359{
360 unsigned long mask = x86_pmu.lbr_nr - 1;
361 u64 tos = intel_pmu_lbr_tos();
362 int i;
363
63fb3f9b 364 for (i = 0; i < x86_pmu.lbr_nr; i++) {
caff2bef
PZ		 365 unsigned long lbr_idx = (tos - i) & mask;
366 union {
367 struct {
368 u32 from;
369 u32 to;
370 };
371 u64 lbr;
372 } msr_lastbranch;
373
374 rdmsrl(x86_pmu.lbr_from + lbr_idx, msr_lastbranch.lbr);
375
bce38cd5
SE		 376 cpuc->lbr_entries[i].from = msr_lastbranch.from;
377 cpuc->lbr_entries[i].to = msr_lastbranch.to;
378 cpuc->lbr_entries[i].mispred = 0;
379 cpuc->lbr_entries[i].predicted = 0;
380 cpuc->lbr_entries[i].reserved = 0;
caff2bef
PZ		 381 }
382 cpuc->lbr_stack.nr = i;
383}
384
caff2bef
PZ		 385/*
386 * Due to lack of segmentation in Linux the effective address (offset)
387 * is the same as the linear address, allowing us to merge the LIP and EIP
388 * LBR formats.
389 */
390static void intel_pmu_lbr_read_64(struct cpu_hw_events *cpuc)
391{
392 unsigned long mask = x86_pmu.lbr_nr - 1;
8db909a7 393 int lbr_format = x86_pmu.intel_cap.lbr_format;
caff2bef
PZ		 394 u64 tos = intel_pmu_lbr_tos();
395 int i;
b7af41a1 396 int out = 0;
caff2bef 397
63fb3f9b 398 for (i = 0; i < x86_pmu.lbr_nr; i++) {
caff2bef 399 unsigned long lbr_idx = (tos - i) & mask;
135c5612
AK		 400 u64 from, to, mis = 0, pred = 0, in_tx = 0, abort = 0;
401 int skip = 0;
402 int lbr_flags = lbr_desc[lbr_format];
caff2bef
PZ		 403
404 rdmsrl(x86_pmu.lbr_from + lbr_idx, from);
405 rdmsrl(x86_pmu.lbr_to + lbr_idx, to);
406
135c5612 407 if (lbr_flags & LBR_EIP_FLAGS) {
bce38cd5
SE		 408 mis = !!(from & LBR_FROM_FLAG_MISPRED);
409 pred = !mis;
135c5612
AK		 410 skip = 1;
411 }
412 if (lbr_flags & LBR_TSX) {
413 in_tx = !!(from & LBR_FROM_FLAG_IN_TX);
414 abort = !!(from & LBR_FROM_FLAG_ABORT);
415 skip = 3;
caff2bef 416 }
135c5612 417 from = (u64)((((s64)from) << skip) >> skip);
caff2bef 418
b7af41a1
AK		 419 /*
420 * Some CPUs report duplicated abort records,
421 * with the second entry not having an abort bit set.
422 * Skip them here. This loop runs backwards,
423 * so we need to undo the previous record.
424 * If the abort just happened outside the window
425 * the extra entry cannot be removed.
426 */
427 if (abort && x86_pmu.lbr_double_abort && out > 0)
428 out--;
429
430 cpuc->lbr_entries[out].from = from;
431 cpuc->lbr_entries[out].to = to;
432 cpuc->lbr_entries[out].mispred = mis;
433 cpuc->lbr_entries[out].predicted = pred;
434 cpuc->lbr_entries[out].in_tx = in_tx;
435 cpuc->lbr_entries[out].abort = abort;
436 cpuc->lbr_entries[out].reserved = 0;
437 out++;
caff2bef 438 }
b7af41a1 439 cpuc->lbr_stack.nr = out;
caff2bef
PZ		 440}
441
de0428a7 442void intel_pmu_lbr_read(void)
caff2bef 443{
89cbc767 444 struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events);
caff2bef
PZ		 445
446 if (!cpuc->lbr_users)
447 return;
448
8db909a7 449 if (x86_pmu.intel_cap.lbr_format == LBR_FORMAT_32)
caff2bef
PZ		 450 intel_pmu_lbr_read_32(cpuc);
451 else
452 intel_pmu_lbr_read_64(cpuc);
3e702ff6
SE		 453
454 intel_pmu_lbr_filter(cpuc);
455}
456
457/*
458 * SW filter is used:
459 * - in case there is no HW filter
460 * - in case the HW filter has errata or limitations
461 */
e9d7f7cd 462static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event)
3e702ff6
SE		 463{
464 u64 br_type = event->attr.branch_sample_type;
465 int mask = 0;
466
467 if (br_type & PERF_SAMPLE_BRANCH_USER)
468 mask |= X86_BR_USER;
469
2b923c8f 470 if (br_type & PERF_SAMPLE_BRANCH_KERNEL)
3e702ff6
SE		 471 mask |= X86_BR_KERNEL;
472
473 /* we ignore BRANCH_HV here */
474
475 if (br_type & PERF_SAMPLE_BRANCH_ANY)
476 mask |= X86_BR_ANY;
477
478 if (br_type & PERF_SAMPLE_BRANCH_ANY_CALL)
479 mask |= X86_BR_ANY_CALL;
480
481 if (br_type & PERF_SAMPLE_BRANCH_ANY_RETURN)
482 mask |= X86_BR_RET | X86_BR_IRET | X86_BR_SYSRET;
483
484 if (br_type & PERF_SAMPLE_BRANCH_IND_CALL)
485 mask |= X86_BR_IND_CALL;
135c5612
AK		 486
487 if (br_type & PERF_SAMPLE_BRANCH_ABORT_TX)
488 mask |= X86_BR_ABORT;
489
490 if (br_type & PERF_SAMPLE_BRANCH_IN_TX)
491 mask |= X86_BR_IN_TX;
492
493 if (br_type & PERF_SAMPLE_BRANCH_NO_TX)
494 mask |= X86_BR_NO_TX;
495
37548914
AK		 496 if (br_type & PERF_SAMPLE_BRANCH_COND)
497 mask |= X86_BR_JCC;
498
e9d7f7cd
YZ		 499 if (br_type & PERF_SAMPLE_BRANCH_CALL_STACK) {
500 if (!x86_pmu_has_lbr_callstack())
501 return -EOPNOTSUPP;
502 if (mask & ~(X86_BR_USER | X86_BR_KERNEL))
503 return -EINVAL;
504 mask |= X86_BR_CALL | X86_BR_IND_CALL | X86_BR_RET |
505 X86_BR_CALL_STACK;
506 }
507
3e702ff6
SE		 508 /*
509 * stash actual user request into reg, it may
510 * be used by fixup code for some CPU
511 */
512 event->hw.branch_reg.reg = mask;
e9d7f7cd 513 return 0;
caff2bef
PZ		 514}
515
60ce0fbd
SE		 516/*
517 * setup the HW LBR filter
518 * Used only when available, may not be enough to disambiguate
519 * all branches, may need the help of the SW filter
520 */
521static int intel_pmu_setup_hw_lbr_filter(struct perf_event *event)
522{
523 struct hw_perf_event_extra *reg;
524 u64 br_type = event->attr.branch_sample_type;
27ac905b
YZ		 525 u64 mask = 0, v;
526 int i;
60ce0fbd 527
27ac905b
YZ		 528 for (i = 0; i < PERF_SAMPLE_BRANCH_SELECT_MAP_SIZE; i++) {
529 if (!(br_type & (1ULL << i)))
60ce0fbd
SE		 530 continue;
531
27ac905b 532 v = x86_pmu.lbr_sel_map[i];
60ce0fbd
SE		 533 if (v == LBR_NOT_SUPP)
534 return -EOPNOTSUPP;
60ce0fbd 535
3e702ff6
SE		 536 if (v != LBR_IGN)
537 mask |= v;
60ce0fbd
SE		 538 }
539 reg = &event->hw.branch_reg;
540 reg->idx = EXTRA_REG_LBR;
541
e9d7f7cd
YZ		 542 /*
543 * The first 9 bits (LBR_SEL_MASK) in LBR_SELECT operate
544 * in suppress mode. So LBR_SELECT should be set to
545 * (~mask & LBR_SEL_MASK) | (mask & ~LBR_SEL_MASK)
546 */
547 reg->config = mask ^ x86_pmu.lbr_sel_mask;
60ce0fbd
SE		 548
549 return 0;
550}
551
60ce0fbd
SE		 552int intel_pmu_setup_lbr_filter(struct perf_event *event)
553{
3e702ff6 554 int ret = 0;
60ce0fbd
SE		 555
556 /*
557 * no LBR on this PMU
558 */
559 if (!x86_pmu.lbr_nr)
560 return -EOPNOTSUPP;
561
562 /*
3e702ff6 563 * setup SW LBR filter
60ce0fbd 564 */
e9d7f7cd
YZ		 565 ret = intel_pmu_setup_sw_lbr_filter(event);
566 if (ret)
567 return ret;
3e702ff6
SE		 568
569 /*
570 * setup HW LBR filter, if any
571 */
572 if (x86_pmu.lbr_sel_map)
573 ret = intel_pmu_setup_hw_lbr_filter(event);
574
575 return ret;
576}
577
578/*
579 * return the type of control flow change at address "from"
580 * intruction is not necessarily a branch (in case of interrupt).
581 *
582 * The branch type returned also includes the priv level of the
583 * target of the control flow change (X86_BR_USER, X86_BR_KERNEL).
584 *
585 * If a branch type is unknown OR the instruction cannot be
586 * decoded (e.g., text page not present), then X86_BR_NONE is
587 * returned.
588 */
135c5612 589static int branch_type(unsigned long from, unsigned long to, int abort)
3e702ff6
SE		 590{
591 struct insn insn;
592 void *addr;
6ba48ff4 593 int bytes_read, bytes_left;
3e702ff6
SE		 594 int ret = X86_BR_NONE;
595 int ext, to_plm, from_plm;
596 u8 buf[MAX_INSN_SIZE];
597 int is64 = 0;
598
599 to_plm = kernel_ip(to) ? X86_BR_KERNEL : X86_BR_USER;
600 from_plm = kernel_ip(from) ? X86_BR_KERNEL : X86_BR_USER;
601
602 /*
603 * maybe zero if lbr did not fill up after a reset by the time
604 * we get a PMU interrupt
605 */
606 if (from == 0 || to == 0)
607 return X86_BR_NONE;
608
135c5612
AK		 609 if (abort)
610 return X86_BR_ABORT | to_plm;
611
3e702ff6
SE		 612 if (from_plm == X86_BR_USER) {
613 /*
614 * can happen if measuring at the user level only
615 * and we interrupt in a kernel thread, e.g., idle.
616 */
617 if (!current->mm)
618 return X86_BR_NONE;
619
620 /* may fail if text not present */
6ba48ff4
DH		 621 bytes_left = copy_from_user_nmi(buf, (void __user *)from,
622 MAX_INSN_SIZE);
623 bytes_read = MAX_INSN_SIZE - bytes_left;
624 if (!bytes_read)
3e702ff6
SE		 625 return X86_BR_NONE;
626
627 addr = buf;
6e15eb3b
PZ		 628 } else {
629 /*
630 * The LBR logs any address in the IP, even if the IP just
631 * faulted. This means userspace can control the from address.
632 * Ensure we don't blindy read any address by validating it is
633 * a known text address.
634 */
6ba48ff4 635 if (kernel_text_address(from)) {
6e15eb3b 636 addr = (void *)from;
6ba48ff4
DH		 637 /*
638 * Assume we can get the maximum possible size
639 * when grabbing kernel data. This is not
640 * _strictly_ true since we could possibly be
641 * executing up next to a memory hole, but
642 * it is very unlikely to be a problem.
643 */
644 bytes_read = MAX_INSN_SIZE;
645 } else {
6e15eb3b 646 return X86_BR_NONE;
6ba48ff4 647 }
6e15eb3b 648 }
3e702ff6
SE		 649
650 /*
651 * decoder needs to know the ABI especially
652 * on 64-bit systems running 32-bit apps
653 */
654#ifdef CONFIG_X86_64
655 is64 = kernel_ip((unsigned long)addr) || !test_thread_flag(TIF_IA32);
656#endif
6ba48ff4 657 insn_init(&insn, addr, bytes_read, is64);
3e702ff6 658 insn_get_opcode(&insn);
6ba48ff4
DH		 659 if (!insn.opcode.got)
660 return X86_BR_ABORT;
3e702ff6
SE		 661
662 switch (insn.opcode.bytes[0]) {
663 case 0xf:
664 switch (insn.opcode.bytes[1]) {
665 case 0x05: /* syscall */
666 case 0x34: /* sysenter */
667 ret = X86_BR_SYSCALL;
668 break;
669 case 0x07: /* sysret */
670 case 0x35: /* sysexit */
671 ret = X86_BR_SYSRET;
672 break;
673 case 0x80 ... 0x8f: /* conditional */
674 ret = X86_BR_JCC;
675 break;
676 default:
677 ret = X86_BR_NONE;
678 }
679 break;
680 case 0x70 ... 0x7f: /* conditional */
681 ret = X86_BR_JCC;
682 break;
683 case 0xc2: /* near ret */
684 case 0xc3: /* near ret */
685 case 0xca: /* far ret */
686 case 0xcb: /* far ret */
687 ret = X86_BR_RET;
688 break;
689 case 0xcf: /* iret */
690 ret = X86_BR_IRET;
691 break;
692 case 0xcc ... 0xce: /* int */
693 ret = X86_BR_INT;
694 break;
695 case 0xe8: /* call near rel */
696 case 0x9a: /* call far absolute */
697 ret = X86_BR_CALL;
698 break;
699 case 0xe0 ... 0xe3: /* loop jmp */
700 ret = X86_BR_JCC;
701 break;
702 case 0xe9 ... 0xeb: /* jmp */
703 ret = X86_BR_JMP;
704 break;
705 case 0xff: /* call near absolute, call far absolute ind */
706 insn_get_modrm(&insn);
707 ext = (insn.modrm.bytes[0] >> 3) & 0x7;
708 switch (ext) {
709 case 2: /* near ind call */
710 case 3: /* far ind call */
711 ret = X86_BR_IND_CALL;
712 break;
713 case 4:
714 case 5:
715 ret = X86_BR_JMP;
716 break;
717 }
718 break;
719 default:
720 ret = X86_BR_NONE;
60ce0fbd
SE		 721 }
722 /*
3e702ff6
SE		 723 * interrupts, traps, faults (and thus ring transition) may
724 * occur on any instructions. Thus, to classify them correctly,
725 * we need to first look at the from and to priv levels. If they
726 * are different and to is in the kernel, then it indicates
727 * a ring transition. If the from instruction is not a ring
728 * transition instr (syscall, systenter, int), then it means
729 * it was a irq, trap or fault.
730 *
731 * we have no way of detecting kernel to kernel faults.
732 */
733 if (from_plm == X86_BR_USER && to_plm == X86_BR_KERNEL
734 && ret != X86_BR_SYSCALL && ret != X86_BR_INT)
735 ret = X86_BR_IRQ;
736
737 /*
738 * branch priv level determined by target as
739 * is done by HW when LBR_SELECT is implemented
60ce0fbd 740 */
3e702ff6
SE		 741 if (ret != X86_BR_NONE)
742 ret |= to_plm;
60ce0fbd 743
3e702ff6
SE		 744 return ret;
745}
746
747/*
748 * implement actual branch filter based on user demand.
749 * Hardware may not exactly satisfy that request, thus
750 * we need to inspect opcodes. Mismatched branches are
751 * discarded. Therefore, the number of branches returned
752 * in PERF_SAMPLE_BRANCH_STACK sample may vary.
753 */
754static void
755intel_pmu_lbr_filter(struct cpu_hw_events *cpuc)
756{
757 u64 from, to;
758 int br_sel = cpuc->br_sel;
759 int i, j, type;
760 bool compress = false;
761
762 /* if sampling all branches, then nothing to filter */
763 if ((br_sel & X86_BR_ALL) == X86_BR_ALL)
764 return;
765
766 for (i = 0; i < cpuc->lbr_stack.nr; i++) {
767
768 from = cpuc->lbr_entries[i].from;
769 to = cpuc->lbr_entries[i].to;
770
135c5612
AK		 771 type = branch_type(from, to, cpuc->lbr_entries[i].abort);
772 if (type != X86_BR_NONE && (br_sel & X86_BR_ANYTX)) {
773 if (cpuc->lbr_entries[i].in_tx)
774 type |= X86_BR_IN_TX;
775 else
776 type |= X86_BR_NO_TX;
777 }
3e702ff6
SE		 778
779 /* if type does not correspond, then discard */
780 if (type == X86_BR_NONE || (br_sel & type) != type) {
781 cpuc->lbr_entries[i].from = 0;
782 compress = true;
783 }
784 }
785
786 if (!compress)
787 return;
788
789 /* remove all entries with from=0 */
790 for (i = 0; i < cpuc->lbr_stack.nr; ) {
791 if (!cpuc->lbr_entries[i].from) {
792 j = i;
793 while (++j < cpuc->lbr_stack.nr)
794 cpuc->lbr_entries[j-1] = cpuc->lbr_entries[j];
795 cpuc->lbr_stack.nr--;
796 if (!cpuc->lbr_entries[i].from)
797 continue;
798 }
799 i++;
800 }
60ce0fbd
SE		 801}
802
c5cc2cd9
SE		 803/*
804 * Map interface branch filters onto LBR filters
805 */
27ac905b
YZ		 806static const int nhm_lbr_sel_map[PERF_SAMPLE_BRANCH_SELECT_MAP_SIZE] = {
807 [PERF_SAMPLE_BRANCH_ANY_SHIFT] = LBR_ANY,
808 [PERF_SAMPLE_BRANCH_USER_SHIFT] = LBR_USER,
809 [PERF_SAMPLE_BRANCH_KERNEL_SHIFT] = LBR_KERNEL,
810 [PERF_SAMPLE_BRANCH_HV_SHIFT] = LBR_IGN,
811 [PERF_SAMPLE_BRANCH_ANY_RETURN_SHIFT] = LBR_RETURN | LBR_REL_JMP
812 | LBR_IND_JMP | LBR_FAR,
c5cc2cd9
SE		 813 /*
814 * NHM/WSM erratum: must include REL_JMP+IND_JMP to get CALL branches
815 */
27ac905b 816 [PERF_SAMPLE_BRANCH_ANY_CALL_SHIFT] =
c5cc2cd9
SE		 817 LBR_REL_CALL | LBR_IND_CALL | LBR_REL_JMP | LBR_IND_JMP | LBR_FAR,
818 /*
819 * NHM/WSM erratum: must include IND_JMP to capture IND_CALL
820 */
27ac905b
YZ		 821 [PERF_SAMPLE_BRANCH_IND_CALL_SHIFT] = LBR_IND_CALL | LBR_IND_JMP,
822 [PERF_SAMPLE_BRANCH_COND_SHIFT] = LBR_JCC,
c5cc2cd9
SE		 823};
824
27ac905b
YZ		 825static const int snb_lbr_sel_map[PERF_SAMPLE_BRANCH_SELECT_MAP_SIZE] = {
826 [PERF_SAMPLE_BRANCH_ANY_SHIFT] = LBR_ANY,
827 [PERF_SAMPLE_BRANCH_USER_SHIFT] = LBR_USER,
828 [PERF_SAMPLE_BRANCH_KERNEL_SHIFT] = LBR_KERNEL,
829 [PERF_SAMPLE_BRANCH_HV_SHIFT] = LBR_IGN,
830 [PERF_SAMPLE_BRANCH_ANY_RETURN_SHIFT] = LBR_RETURN | LBR_FAR,
831 [PERF_SAMPLE_BRANCH_ANY_CALL_SHIFT] = LBR_REL_CALL | LBR_IND_CALL
832 | LBR_FAR,
833 [PERF_SAMPLE_BRANCH_IND_CALL_SHIFT] = LBR_IND_CALL,
834 [PERF_SAMPLE_BRANCH_COND_SHIFT] = LBR_JCC,
c5cc2cd9
SE		 835};
836
e9d7f7cd
YZ		 837static const int hsw_lbr_sel_map[PERF_SAMPLE_BRANCH_SELECT_MAP_SIZE] = {
838 [PERF_SAMPLE_BRANCH_ANY_SHIFT] = LBR_ANY,
839 [PERF_SAMPLE_BRANCH_USER_SHIFT] = LBR_USER,
840 [PERF_SAMPLE_BRANCH_KERNEL_SHIFT] = LBR_KERNEL,
841 [PERF_SAMPLE_BRANCH_HV_SHIFT] = LBR_IGN,
842 [PERF_SAMPLE_BRANCH_ANY_RETURN_SHIFT] = LBR_RETURN | LBR_FAR,
843 [PERF_SAMPLE_BRANCH_ANY_CALL_SHIFT] = LBR_REL_CALL | LBR_IND_CALL
844 | LBR_FAR,
845 [PERF_SAMPLE_BRANCH_IND_CALL_SHIFT] = LBR_IND_CALL,
846 [PERF_SAMPLE_BRANCH_COND_SHIFT] = LBR_JCC,
847 [PERF_SAMPLE_BRANCH_CALL_STACK_SHIFT] = LBR_REL_CALL | LBR_IND_CALL
848 | LBR_RETURN | LBR_CALL_STACK,
849};
850
c5cc2cd9 851/* core */
066ce64c 852void __init intel_pmu_lbr_init_core(void)
caff2bef 853{
caff2bef 854 x86_pmu.lbr_nr = 4;
225ce539
SE		 855 x86_pmu.lbr_tos = MSR_LBR_TOS;
856 x86_pmu.lbr_from = MSR_LBR_CORE_FROM;
857 x86_pmu.lbr_to = MSR_LBR_CORE_TO;
c5cc2cd9 858
3e702ff6
SE		 859 /*
860 * SW branch filter usage:
861 * - compensate for lack of HW filter
862 */
c5cc2cd9 863 pr_cont("4-deep LBR, ");
caff2bef
PZ		 864}
865
c5cc2cd9 866/* nehalem/westmere */
066ce64c 867void __init intel_pmu_lbr_init_nhm(void)
caff2bef 868{
caff2bef 869 x86_pmu.lbr_nr = 16;
225ce539
SE		 870 x86_pmu.lbr_tos = MSR_LBR_TOS;
871 x86_pmu.lbr_from = MSR_LBR_NHM_FROM;
872 x86_pmu.lbr_to = MSR_LBR_NHM_TO;
c5cc2cd9
SE		 873
874 x86_pmu.lbr_sel_mask = LBR_SEL_MASK;
875 x86_pmu.lbr_sel_map = nhm_lbr_sel_map;
876
3e702ff6
SE		 877 /*
878 * SW branch filter usage:
879 * - workaround LBR_SEL errata (see above)
880 * - support syscall, sysret capture.
881 * That requires LBR_FAR but that means far
882 * jmp need to be filtered out
883 */
c5cc2cd9 884 pr_cont("16-deep LBR, ");
caff2bef
PZ		 885}
886
c5cc2cd9 887/* sandy bridge */
066ce64c 888void __init intel_pmu_lbr_init_snb(void)
c5cc2cd9
SE		 889{
890 x86_pmu.lbr_nr = 16;
891 x86_pmu.lbr_tos = MSR_LBR_TOS;
892 x86_pmu.lbr_from = MSR_LBR_NHM_FROM;
893 x86_pmu.lbr_to = MSR_LBR_NHM_TO;
894
895 x86_pmu.lbr_sel_mask = LBR_SEL_MASK;
896 x86_pmu.lbr_sel_map = snb_lbr_sel_map;
897
3e702ff6
SE		 898 /*
899 * SW branch filter usage:
900 * - support syscall, sysret capture.
901 * That requires LBR_FAR but that means far
902 * jmp need to be filtered out
903 */
c5cc2cd9
SE		 904 pr_cont("16-deep LBR, ");
905}
906
e9d7f7cd
YZ		 907/* haswell */
908void intel_pmu_lbr_init_hsw(void)
909{
910 x86_pmu.lbr_nr = 16;
911 x86_pmu.lbr_tos = MSR_LBR_TOS;
912 x86_pmu.lbr_from = MSR_LBR_NHM_FROM;
913 x86_pmu.lbr_to = MSR_LBR_NHM_TO;
914
915 x86_pmu.lbr_sel_mask = LBR_SEL_MASK;
916 x86_pmu.lbr_sel_map = hsw_lbr_sel_map;
917
918 pr_cont("16-deep LBR, ");
919}
920
c5cc2cd9 921/* atom */
066ce64c 922void __init intel_pmu_lbr_init_atom(void)
caff2bef 923{
88c9a65e
SE		 924 /*
925 * only models starting at stepping 10 seems
926 * to have an operational LBR which can freeze
927 * on PMU interrupt
928 */
3ec18cd8
SE		 929 if (boot_cpu_data.x86_model == 28
930 && boot_cpu_data.x86_mask < 10) {
88c9a65e
SE		 931 pr_cont("LBR disabled due to erratum");
932 return;
933 }
934
caff2bef 935 x86_pmu.lbr_nr = 8;
225ce539
SE		 936 x86_pmu.lbr_tos = MSR_LBR_TOS;
937 x86_pmu.lbr_from = MSR_LBR_CORE_FROM;
938 x86_pmu.lbr_to = MSR_LBR_CORE_TO;
c5cc2cd9 939
3e702ff6
SE		 940 /*
941 * SW branch filter usage:
942 * - compensate for lack of HW filter
943 */
c5cc2cd9 944 pr_cont("8-deep LBR, ");
caff2bef 945}
Linux kernel - Deliverables
This page took 0.301969 seconds and 5 git commands to generate.