1*a88b5ba8SSam Ravnborg /* arch/sparc64/kernel/kprobes.c 2*a88b5ba8SSam Ravnborg * 3*a88b5ba8SSam Ravnborg * Copyright (C) 2004 David S. Miller <davem@davemloft.net> 4*a88b5ba8SSam Ravnborg */ 5*a88b5ba8SSam Ravnborg 6*a88b5ba8SSam Ravnborg #include <linux/kernel.h> 7*a88b5ba8SSam Ravnborg #include <linux/kprobes.h> 8*a88b5ba8SSam Ravnborg #include <linux/module.h> 9*a88b5ba8SSam Ravnborg #include <linux/kdebug.h> 10*a88b5ba8SSam Ravnborg #include <asm/signal.h> 11*a88b5ba8SSam Ravnborg #include <asm/cacheflush.h> 12*a88b5ba8SSam Ravnborg #include <asm/uaccess.h> 13*a88b5ba8SSam Ravnborg 14*a88b5ba8SSam Ravnborg /* We do not have hardware single-stepping on sparc64. 15*a88b5ba8SSam Ravnborg * So we implement software single-stepping with breakpoint 16*a88b5ba8SSam Ravnborg * traps. The top-level scheme is similar to that used 17*a88b5ba8SSam Ravnborg * in the x86 kprobes implementation. 18*a88b5ba8SSam Ravnborg * 19*a88b5ba8SSam Ravnborg * In the kprobe->ainsn.insn[] array we store the original 20*a88b5ba8SSam Ravnborg * instruction at index zero and a break instruction at 21*a88b5ba8SSam Ravnborg * index one. 22*a88b5ba8SSam Ravnborg * 23*a88b5ba8SSam Ravnborg * When we hit a kprobe we: 24*a88b5ba8SSam Ravnborg * - Run the pre-handler 25*a88b5ba8SSam Ravnborg * - Remember "regs->tnpc" and interrupt level stored in 26*a88b5ba8SSam Ravnborg * "regs->tstate" so we can restore them later 27*a88b5ba8SSam Ravnborg * - Disable PIL interrupts 28*a88b5ba8SSam Ravnborg * - Set regs->tpc to point to kprobe->ainsn.insn[0] 29*a88b5ba8SSam Ravnborg * - Set regs->tnpc to point to kprobe->ainsn.insn[1] 30*a88b5ba8SSam Ravnborg * - Mark that we are actively in a kprobe 31*a88b5ba8SSam Ravnborg * 32*a88b5ba8SSam Ravnborg * At this point we wait for the second breakpoint at 33*a88b5ba8SSam Ravnborg * kprobe->ainsn.insn[1] to hit. When it does we: 34*a88b5ba8SSam Ravnborg * - Run the post-handler 35*a88b5ba8SSam Ravnborg * - Set regs->tpc to "remembered" regs->tnpc stored above, 36*a88b5ba8SSam Ravnborg * restore the PIL interrupt level in "regs->tstate" as well 37*a88b5ba8SSam Ravnborg * - Make any adjustments necessary to regs->tnpc in order 38*a88b5ba8SSam Ravnborg * to handle relative branches correctly. See below. 39*a88b5ba8SSam Ravnborg * - Mark that we are no longer actively in a kprobe. 40*a88b5ba8SSam Ravnborg */ 41*a88b5ba8SSam Ravnborg 42*a88b5ba8SSam Ravnborg DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; 43*a88b5ba8SSam Ravnborg DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); 44*a88b5ba8SSam Ravnborg 45*a88b5ba8SSam Ravnborg struct kretprobe_blackpoint kretprobe_blacklist[] = {{NULL, NULL}}; 46*a88b5ba8SSam Ravnborg 47*a88b5ba8SSam Ravnborg int __kprobes arch_prepare_kprobe(struct kprobe *p) 48*a88b5ba8SSam Ravnborg { 49*a88b5ba8SSam Ravnborg p->ainsn.insn[0] = *p->addr; 50*a88b5ba8SSam Ravnborg flushi(&p->ainsn.insn[0]); 51*a88b5ba8SSam Ravnborg 52*a88b5ba8SSam Ravnborg p->ainsn.insn[1] = BREAKPOINT_INSTRUCTION_2; 53*a88b5ba8SSam Ravnborg flushi(&p->ainsn.insn[1]); 54*a88b5ba8SSam Ravnborg 55*a88b5ba8SSam Ravnborg p->opcode = *p->addr; 56*a88b5ba8SSam Ravnborg return 0; 57*a88b5ba8SSam Ravnborg } 58*a88b5ba8SSam Ravnborg 59*a88b5ba8SSam Ravnborg void __kprobes arch_arm_kprobe(struct kprobe *p) 60*a88b5ba8SSam Ravnborg { 61*a88b5ba8SSam Ravnborg *p->addr = BREAKPOINT_INSTRUCTION; 62*a88b5ba8SSam Ravnborg flushi(p->addr); 63*a88b5ba8SSam Ravnborg } 64*a88b5ba8SSam Ravnborg 65*a88b5ba8SSam Ravnborg void __kprobes arch_disarm_kprobe(struct kprobe *p) 66*a88b5ba8SSam Ravnborg { 67*a88b5ba8SSam Ravnborg *p->addr = p->opcode; 68*a88b5ba8SSam Ravnborg flushi(p->addr); 69*a88b5ba8SSam Ravnborg } 70*a88b5ba8SSam Ravnborg 71*a88b5ba8SSam Ravnborg static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb) 72*a88b5ba8SSam Ravnborg { 73*a88b5ba8SSam Ravnborg kcb->prev_kprobe.kp = kprobe_running(); 74*a88b5ba8SSam Ravnborg kcb->prev_kprobe.status = kcb->kprobe_status; 75*a88b5ba8SSam Ravnborg kcb->prev_kprobe.orig_tnpc = kcb->kprobe_orig_tnpc; 76*a88b5ba8SSam Ravnborg kcb->prev_kprobe.orig_tstate_pil = kcb->kprobe_orig_tstate_pil; 77*a88b5ba8SSam Ravnborg } 78*a88b5ba8SSam Ravnborg 79*a88b5ba8SSam Ravnborg static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb) 80*a88b5ba8SSam Ravnborg { 81*a88b5ba8SSam Ravnborg __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp; 82*a88b5ba8SSam Ravnborg kcb->kprobe_status = kcb->prev_kprobe.status; 83*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tnpc = kcb->prev_kprobe.orig_tnpc; 84*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tstate_pil = kcb->prev_kprobe.orig_tstate_pil; 85*a88b5ba8SSam Ravnborg } 86*a88b5ba8SSam Ravnborg 87*a88b5ba8SSam Ravnborg static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs, 88*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb) 89*a88b5ba8SSam Ravnborg { 90*a88b5ba8SSam Ravnborg __get_cpu_var(current_kprobe) = p; 91*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tnpc = regs->tnpc; 92*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tstate_pil = (regs->tstate & TSTATE_PIL); 93*a88b5ba8SSam Ravnborg } 94*a88b5ba8SSam Ravnborg 95*a88b5ba8SSam Ravnborg static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs, 96*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb) 97*a88b5ba8SSam Ravnborg { 98*a88b5ba8SSam Ravnborg regs->tstate |= TSTATE_PIL; 99*a88b5ba8SSam Ravnborg 100*a88b5ba8SSam Ravnborg /*single step inline, if it a breakpoint instruction*/ 101*a88b5ba8SSam Ravnborg if (p->opcode == BREAKPOINT_INSTRUCTION) { 102*a88b5ba8SSam Ravnborg regs->tpc = (unsigned long) p->addr; 103*a88b5ba8SSam Ravnborg regs->tnpc = kcb->kprobe_orig_tnpc; 104*a88b5ba8SSam Ravnborg } else { 105*a88b5ba8SSam Ravnborg regs->tpc = (unsigned long) &p->ainsn.insn[0]; 106*a88b5ba8SSam Ravnborg regs->tnpc = (unsigned long) &p->ainsn.insn[1]; 107*a88b5ba8SSam Ravnborg } 108*a88b5ba8SSam Ravnborg } 109*a88b5ba8SSam Ravnborg 110*a88b5ba8SSam Ravnborg static int __kprobes kprobe_handler(struct pt_regs *regs) 111*a88b5ba8SSam Ravnborg { 112*a88b5ba8SSam Ravnborg struct kprobe *p; 113*a88b5ba8SSam Ravnborg void *addr = (void *) regs->tpc; 114*a88b5ba8SSam Ravnborg int ret = 0; 115*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb; 116*a88b5ba8SSam Ravnborg 117*a88b5ba8SSam Ravnborg /* 118*a88b5ba8SSam Ravnborg * We don't want to be preempted for the entire 119*a88b5ba8SSam Ravnborg * duration of kprobe processing 120*a88b5ba8SSam Ravnborg */ 121*a88b5ba8SSam Ravnborg preempt_disable(); 122*a88b5ba8SSam Ravnborg kcb = get_kprobe_ctlblk(); 123*a88b5ba8SSam Ravnborg 124*a88b5ba8SSam Ravnborg if (kprobe_running()) { 125*a88b5ba8SSam Ravnborg p = get_kprobe(addr); 126*a88b5ba8SSam Ravnborg if (p) { 127*a88b5ba8SSam Ravnborg if (kcb->kprobe_status == KPROBE_HIT_SS) { 128*a88b5ba8SSam Ravnborg regs->tstate = ((regs->tstate & ~TSTATE_PIL) | 129*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tstate_pil); 130*a88b5ba8SSam Ravnborg goto no_kprobe; 131*a88b5ba8SSam Ravnborg } 132*a88b5ba8SSam Ravnborg /* We have reentered the kprobe_handler(), since 133*a88b5ba8SSam Ravnborg * another probe was hit while within the handler. 134*a88b5ba8SSam Ravnborg * We here save the original kprobes variables and 135*a88b5ba8SSam Ravnborg * just single step on the instruction of the new probe 136*a88b5ba8SSam Ravnborg * without calling any user handlers. 137*a88b5ba8SSam Ravnborg */ 138*a88b5ba8SSam Ravnborg save_previous_kprobe(kcb); 139*a88b5ba8SSam Ravnborg set_current_kprobe(p, regs, kcb); 140*a88b5ba8SSam Ravnborg kprobes_inc_nmissed_count(p); 141*a88b5ba8SSam Ravnborg kcb->kprobe_status = KPROBE_REENTER; 142*a88b5ba8SSam Ravnborg prepare_singlestep(p, regs, kcb); 143*a88b5ba8SSam Ravnborg return 1; 144*a88b5ba8SSam Ravnborg } else { 145*a88b5ba8SSam Ravnborg if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) { 146*a88b5ba8SSam Ravnborg /* The breakpoint instruction was removed by 147*a88b5ba8SSam Ravnborg * another cpu right after we hit, no further 148*a88b5ba8SSam Ravnborg * handling of this interrupt is appropriate 149*a88b5ba8SSam Ravnborg */ 150*a88b5ba8SSam Ravnborg ret = 1; 151*a88b5ba8SSam Ravnborg goto no_kprobe; 152*a88b5ba8SSam Ravnborg } 153*a88b5ba8SSam Ravnborg p = __get_cpu_var(current_kprobe); 154*a88b5ba8SSam Ravnborg if (p->break_handler && p->break_handler(p, regs)) 155*a88b5ba8SSam Ravnborg goto ss_probe; 156*a88b5ba8SSam Ravnborg } 157*a88b5ba8SSam Ravnborg goto no_kprobe; 158*a88b5ba8SSam Ravnborg } 159*a88b5ba8SSam Ravnborg 160*a88b5ba8SSam Ravnborg p = get_kprobe(addr); 161*a88b5ba8SSam Ravnborg if (!p) { 162*a88b5ba8SSam Ravnborg if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) { 163*a88b5ba8SSam Ravnborg /* 164*a88b5ba8SSam Ravnborg * The breakpoint instruction was removed right 165*a88b5ba8SSam Ravnborg * after we hit it. Another cpu has removed 166*a88b5ba8SSam Ravnborg * either a probepoint or a debugger breakpoint 167*a88b5ba8SSam Ravnborg * at this address. In either case, no further 168*a88b5ba8SSam Ravnborg * handling of this interrupt is appropriate. 169*a88b5ba8SSam Ravnborg */ 170*a88b5ba8SSam Ravnborg ret = 1; 171*a88b5ba8SSam Ravnborg } 172*a88b5ba8SSam Ravnborg /* Not one of ours: let kernel handle it */ 173*a88b5ba8SSam Ravnborg goto no_kprobe; 174*a88b5ba8SSam Ravnborg } 175*a88b5ba8SSam Ravnborg 176*a88b5ba8SSam Ravnborg set_current_kprobe(p, regs, kcb); 177*a88b5ba8SSam Ravnborg kcb->kprobe_status = KPROBE_HIT_ACTIVE; 178*a88b5ba8SSam Ravnborg if (p->pre_handler && p->pre_handler(p, regs)) 179*a88b5ba8SSam Ravnborg return 1; 180*a88b5ba8SSam Ravnborg 181*a88b5ba8SSam Ravnborg ss_probe: 182*a88b5ba8SSam Ravnborg prepare_singlestep(p, regs, kcb); 183*a88b5ba8SSam Ravnborg kcb->kprobe_status = KPROBE_HIT_SS; 184*a88b5ba8SSam Ravnborg return 1; 185*a88b5ba8SSam Ravnborg 186*a88b5ba8SSam Ravnborg no_kprobe: 187*a88b5ba8SSam Ravnborg preempt_enable_no_resched(); 188*a88b5ba8SSam Ravnborg return ret; 189*a88b5ba8SSam Ravnborg } 190*a88b5ba8SSam Ravnborg 191*a88b5ba8SSam Ravnborg /* If INSN is a relative control transfer instruction, 192*a88b5ba8SSam Ravnborg * return the corrected branch destination value. 193*a88b5ba8SSam Ravnborg * 194*a88b5ba8SSam Ravnborg * regs->tpc and regs->tnpc still hold the values of the 195*a88b5ba8SSam Ravnborg * program counters at the time of trap due to the execution 196*a88b5ba8SSam Ravnborg * of the BREAKPOINT_INSTRUCTION_2 at p->ainsn.insn[1] 197*a88b5ba8SSam Ravnborg * 198*a88b5ba8SSam Ravnborg */ 199*a88b5ba8SSam Ravnborg static unsigned long __kprobes relbranch_fixup(u32 insn, struct kprobe *p, 200*a88b5ba8SSam Ravnborg struct pt_regs *regs) 201*a88b5ba8SSam Ravnborg { 202*a88b5ba8SSam Ravnborg unsigned long real_pc = (unsigned long) p->addr; 203*a88b5ba8SSam Ravnborg 204*a88b5ba8SSam Ravnborg /* Branch not taken, no mods necessary. */ 205*a88b5ba8SSam Ravnborg if (regs->tnpc == regs->tpc + 0x4UL) 206*a88b5ba8SSam Ravnborg return real_pc + 0x8UL; 207*a88b5ba8SSam Ravnborg 208*a88b5ba8SSam Ravnborg /* The three cases are call, branch w/prediction, 209*a88b5ba8SSam Ravnborg * and traditional branch. 210*a88b5ba8SSam Ravnborg */ 211*a88b5ba8SSam Ravnborg if ((insn & 0xc0000000) == 0x40000000 || 212*a88b5ba8SSam Ravnborg (insn & 0xc1c00000) == 0x00400000 || 213*a88b5ba8SSam Ravnborg (insn & 0xc1c00000) == 0x00800000) { 214*a88b5ba8SSam Ravnborg unsigned long ainsn_addr; 215*a88b5ba8SSam Ravnborg 216*a88b5ba8SSam Ravnborg ainsn_addr = (unsigned long) &p->ainsn.insn[0]; 217*a88b5ba8SSam Ravnborg 218*a88b5ba8SSam Ravnborg /* The instruction did all the work for us 219*a88b5ba8SSam Ravnborg * already, just apply the offset to the correct 220*a88b5ba8SSam Ravnborg * instruction location. 221*a88b5ba8SSam Ravnborg */ 222*a88b5ba8SSam Ravnborg return (real_pc + (regs->tnpc - ainsn_addr)); 223*a88b5ba8SSam Ravnborg } 224*a88b5ba8SSam Ravnborg 225*a88b5ba8SSam Ravnborg /* It is jmpl or some other absolute PC modification instruction, 226*a88b5ba8SSam Ravnborg * leave NPC as-is. 227*a88b5ba8SSam Ravnborg */ 228*a88b5ba8SSam Ravnborg return regs->tnpc; 229*a88b5ba8SSam Ravnborg } 230*a88b5ba8SSam Ravnborg 231*a88b5ba8SSam Ravnborg /* If INSN is an instruction which writes it's PC location 232*a88b5ba8SSam Ravnborg * into a destination register, fix that up. 233*a88b5ba8SSam Ravnborg */ 234*a88b5ba8SSam Ravnborg static void __kprobes retpc_fixup(struct pt_regs *regs, u32 insn, 235*a88b5ba8SSam Ravnborg unsigned long real_pc) 236*a88b5ba8SSam Ravnborg { 237*a88b5ba8SSam Ravnborg unsigned long *slot = NULL; 238*a88b5ba8SSam Ravnborg 239*a88b5ba8SSam Ravnborg /* Simplest case is 'call', which always uses %o7 */ 240*a88b5ba8SSam Ravnborg if ((insn & 0xc0000000) == 0x40000000) { 241*a88b5ba8SSam Ravnborg slot = ®s->u_regs[UREG_I7]; 242*a88b5ba8SSam Ravnborg } 243*a88b5ba8SSam Ravnborg 244*a88b5ba8SSam Ravnborg /* 'jmpl' encodes the register inside of the opcode */ 245*a88b5ba8SSam Ravnborg if ((insn & 0xc1f80000) == 0x81c00000) { 246*a88b5ba8SSam Ravnborg unsigned long rd = ((insn >> 25) & 0x1f); 247*a88b5ba8SSam Ravnborg 248*a88b5ba8SSam Ravnborg if (rd <= 15) { 249*a88b5ba8SSam Ravnborg slot = ®s->u_regs[rd]; 250*a88b5ba8SSam Ravnborg } else { 251*a88b5ba8SSam Ravnborg /* Hard case, it goes onto the stack. */ 252*a88b5ba8SSam Ravnborg flushw_all(); 253*a88b5ba8SSam Ravnborg 254*a88b5ba8SSam Ravnborg rd -= 16; 255*a88b5ba8SSam Ravnborg slot = (unsigned long *) 256*a88b5ba8SSam Ravnborg (regs->u_regs[UREG_FP] + STACK_BIAS); 257*a88b5ba8SSam Ravnborg slot += rd; 258*a88b5ba8SSam Ravnborg } 259*a88b5ba8SSam Ravnborg } 260*a88b5ba8SSam Ravnborg if (slot != NULL) 261*a88b5ba8SSam Ravnborg *slot = real_pc; 262*a88b5ba8SSam Ravnborg } 263*a88b5ba8SSam Ravnborg 264*a88b5ba8SSam Ravnborg /* 265*a88b5ba8SSam Ravnborg * Called after single-stepping. p->addr is the address of the 266*a88b5ba8SSam Ravnborg * instruction which has been replaced by the breakpoint 267*a88b5ba8SSam Ravnborg * instruction. To avoid the SMP problems that can occur when we 268*a88b5ba8SSam Ravnborg * temporarily put back the original opcode to single-step, we 269*a88b5ba8SSam Ravnborg * single-stepped a copy of the instruction. The address of this 270*a88b5ba8SSam Ravnborg * copy is &p->ainsn.insn[0]. 271*a88b5ba8SSam Ravnborg * 272*a88b5ba8SSam Ravnborg * This function prepares to return from the post-single-step 273*a88b5ba8SSam Ravnborg * breakpoint trap. 274*a88b5ba8SSam Ravnborg */ 275*a88b5ba8SSam Ravnborg static void __kprobes resume_execution(struct kprobe *p, 276*a88b5ba8SSam Ravnborg struct pt_regs *regs, struct kprobe_ctlblk *kcb) 277*a88b5ba8SSam Ravnborg { 278*a88b5ba8SSam Ravnborg u32 insn = p->ainsn.insn[0]; 279*a88b5ba8SSam Ravnborg 280*a88b5ba8SSam Ravnborg regs->tnpc = relbranch_fixup(insn, p, regs); 281*a88b5ba8SSam Ravnborg 282*a88b5ba8SSam Ravnborg /* This assignment must occur after relbranch_fixup() */ 283*a88b5ba8SSam Ravnborg regs->tpc = kcb->kprobe_orig_tnpc; 284*a88b5ba8SSam Ravnborg 285*a88b5ba8SSam Ravnborg retpc_fixup(regs, insn, (unsigned long) p->addr); 286*a88b5ba8SSam Ravnborg 287*a88b5ba8SSam Ravnborg regs->tstate = ((regs->tstate & ~TSTATE_PIL) | 288*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tstate_pil); 289*a88b5ba8SSam Ravnborg } 290*a88b5ba8SSam Ravnborg 291*a88b5ba8SSam Ravnborg static int __kprobes post_kprobe_handler(struct pt_regs *regs) 292*a88b5ba8SSam Ravnborg { 293*a88b5ba8SSam Ravnborg struct kprobe *cur = kprobe_running(); 294*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 295*a88b5ba8SSam Ravnborg 296*a88b5ba8SSam Ravnborg if (!cur) 297*a88b5ba8SSam Ravnborg return 0; 298*a88b5ba8SSam Ravnborg 299*a88b5ba8SSam Ravnborg if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) { 300*a88b5ba8SSam Ravnborg kcb->kprobe_status = KPROBE_HIT_SSDONE; 301*a88b5ba8SSam Ravnborg cur->post_handler(cur, regs, 0); 302*a88b5ba8SSam Ravnborg } 303*a88b5ba8SSam Ravnborg 304*a88b5ba8SSam Ravnborg resume_execution(cur, regs, kcb); 305*a88b5ba8SSam Ravnborg 306*a88b5ba8SSam Ravnborg /*Restore back the original saved kprobes variables and continue. */ 307*a88b5ba8SSam Ravnborg if (kcb->kprobe_status == KPROBE_REENTER) { 308*a88b5ba8SSam Ravnborg restore_previous_kprobe(kcb); 309*a88b5ba8SSam Ravnborg goto out; 310*a88b5ba8SSam Ravnborg } 311*a88b5ba8SSam Ravnborg reset_current_kprobe(); 312*a88b5ba8SSam Ravnborg out: 313*a88b5ba8SSam Ravnborg preempt_enable_no_resched(); 314*a88b5ba8SSam Ravnborg 315*a88b5ba8SSam Ravnborg return 1; 316*a88b5ba8SSam Ravnborg } 317*a88b5ba8SSam Ravnborg 318*a88b5ba8SSam Ravnborg int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr) 319*a88b5ba8SSam Ravnborg { 320*a88b5ba8SSam Ravnborg struct kprobe *cur = kprobe_running(); 321*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 322*a88b5ba8SSam Ravnborg const struct exception_table_entry *entry; 323*a88b5ba8SSam Ravnborg 324*a88b5ba8SSam Ravnborg switch(kcb->kprobe_status) { 325*a88b5ba8SSam Ravnborg case KPROBE_HIT_SS: 326*a88b5ba8SSam Ravnborg case KPROBE_REENTER: 327*a88b5ba8SSam Ravnborg /* 328*a88b5ba8SSam Ravnborg * We are here because the instruction being single 329*a88b5ba8SSam Ravnborg * stepped caused a page fault. We reset the current 330*a88b5ba8SSam Ravnborg * kprobe and the tpc points back to the probe address 331*a88b5ba8SSam Ravnborg * and allow the page fault handler to continue as a 332*a88b5ba8SSam Ravnborg * normal page fault. 333*a88b5ba8SSam Ravnborg */ 334*a88b5ba8SSam Ravnborg regs->tpc = (unsigned long)cur->addr; 335*a88b5ba8SSam Ravnborg regs->tnpc = kcb->kprobe_orig_tnpc; 336*a88b5ba8SSam Ravnborg regs->tstate = ((regs->tstate & ~TSTATE_PIL) | 337*a88b5ba8SSam Ravnborg kcb->kprobe_orig_tstate_pil); 338*a88b5ba8SSam Ravnborg if (kcb->kprobe_status == KPROBE_REENTER) 339*a88b5ba8SSam Ravnborg restore_previous_kprobe(kcb); 340*a88b5ba8SSam Ravnborg else 341*a88b5ba8SSam Ravnborg reset_current_kprobe(); 342*a88b5ba8SSam Ravnborg preempt_enable_no_resched(); 343*a88b5ba8SSam Ravnborg break; 344*a88b5ba8SSam Ravnborg case KPROBE_HIT_ACTIVE: 345*a88b5ba8SSam Ravnborg case KPROBE_HIT_SSDONE: 346*a88b5ba8SSam Ravnborg /* 347*a88b5ba8SSam Ravnborg * We increment the nmissed count for accounting, 348*a88b5ba8SSam Ravnborg * we can also use npre/npostfault count for accouting 349*a88b5ba8SSam Ravnborg * these specific fault cases. 350*a88b5ba8SSam Ravnborg */ 351*a88b5ba8SSam Ravnborg kprobes_inc_nmissed_count(cur); 352*a88b5ba8SSam Ravnborg 353*a88b5ba8SSam Ravnborg /* 354*a88b5ba8SSam Ravnborg * We come here because instructions in the pre/post 355*a88b5ba8SSam Ravnborg * handler caused the page_fault, this could happen 356*a88b5ba8SSam Ravnborg * if handler tries to access user space by 357*a88b5ba8SSam Ravnborg * copy_from_user(), get_user() etc. Let the 358*a88b5ba8SSam Ravnborg * user-specified handler try to fix it first. 359*a88b5ba8SSam Ravnborg */ 360*a88b5ba8SSam Ravnborg if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr)) 361*a88b5ba8SSam Ravnborg return 1; 362*a88b5ba8SSam Ravnborg 363*a88b5ba8SSam Ravnborg /* 364*a88b5ba8SSam Ravnborg * In case the user-specified fault handler returned 365*a88b5ba8SSam Ravnborg * zero, try to fix up. 366*a88b5ba8SSam Ravnborg */ 367*a88b5ba8SSam Ravnborg 368*a88b5ba8SSam Ravnborg entry = search_exception_tables(regs->tpc); 369*a88b5ba8SSam Ravnborg if (entry) { 370*a88b5ba8SSam Ravnborg regs->tpc = entry->fixup; 371*a88b5ba8SSam Ravnborg regs->tnpc = regs->tpc + 4; 372*a88b5ba8SSam Ravnborg return 1; 373*a88b5ba8SSam Ravnborg } 374*a88b5ba8SSam Ravnborg 375*a88b5ba8SSam Ravnborg /* 376*a88b5ba8SSam Ravnborg * fixup_exception() could not handle it, 377*a88b5ba8SSam Ravnborg * Let do_page_fault() fix it. 378*a88b5ba8SSam Ravnborg */ 379*a88b5ba8SSam Ravnborg break; 380*a88b5ba8SSam Ravnborg default: 381*a88b5ba8SSam Ravnborg break; 382*a88b5ba8SSam Ravnborg } 383*a88b5ba8SSam Ravnborg 384*a88b5ba8SSam Ravnborg return 0; 385*a88b5ba8SSam Ravnborg } 386*a88b5ba8SSam Ravnborg 387*a88b5ba8SSam Ravnborg /* 388*a88b5ba8SSam Ravnborg * Wrapper routine to for handling exceptions. 389*a88b5ba8SSam Ravnborg */ 390*a88b5ba8SSam Ravnborg int __kprobes kprobe_exceptions_notify(struct notifier_block *self, 391*a88b5ba8SSam Ravnborg unsigned long val, void *data) 392*a88b5ba8SSam Ravnborg { 393*a88b5ba8SSam Ravnborg struct die_args *args = (struct die_args *)data; 394*a88b5ba8SSam Ravnborg int ret = NOTIFY_DONE; 395*a88b5ba8SSam Ravnborg 396*a88b5ba8SSam Ravnborg if (args->regs && user_mode(args->regs)) 397*a88b5ba8SSam Ravnborg return ret; 398*a88b5ba8SSam Ravnborg 399*a88b5ba8SSam Ravnborg switch (val) { 400*a88b5ba8SSam Ravnborg case DIE_DEBUG: 401*a88b5ba8SSam Ravnborg if (kprobe_handler(args->regs)) 402*a88b5ba8SSam Ravnborg ret = NOTIFY_STOP; 403*a88b5ba8SSam Ravnborg break; 404*a88b5ba8SSam Ravnborg case DIE_DEBUG_2: 405*a88b5ba8SSam Ravnborg if (post_kprobe_handler(args->regs)) 406*a88b5ba8SSam Ravnborg ret = NOTIFY_STOP; 407*a88b5ba8SSam Ravnborg break; 408*a88b5ba8SSam Ravnborg default: 409*a88b5ba8SSam Ravnborg break; 410*a88b5ba8SSam Ravnborg } 411*a88b5ba8SSam Ravnborg return ret; 412*a88b5ba8SSam Ravnborg } 413*a88b5ba8SSam Ravnborg 414*a88b5ba8SSam Ravnborg asmlinkage void __kprobes kprobe_trap(unsigned long trap_level, 415*a88b5ba8SSam Ravnborg struct pt_regs *regs) 416*a88b5ba8SSam Ravnborg { 417*a88b5ba8SSam Ravnborg BUG_ON(trap_level != 0x170 && trap_level != 0x171); 418*a88b5ba8SSam Ravnborg 419*a88b5ba8SSam Ravnborg if (user_mode(regs)) { 420*a88b5ba8SSam Ravnborg local_irq_enable(); 421*a88b5ba8SSam Ravnborg bad_trap(regs, trap_level); 422*a88b5ba8SSam Ravnborg return; 423*a88b5ba8SSam Ravnborg } 424*a88b5ba8SSam Ravnborg 425*a88b5ba8SSam Ravnborg /* trap_level == 0x170 --> ta 0x70 426*a88b5ba8SSam Ravnborg * trap_level == 0x171 --> ta 0x71 427*a88b5ba8SSam Ravnborg */ 428*a88b5ba8SSam Ravnborg if (notify_die((trap_level == 0x170) ? DIE_DEBUG : DIE_DEBUG_2, 429*a88b5ba8SSam Ravnborg (trap_level == 0x170) ? "debug" : "debug_2", 430*a88b5ba8SSam Ravnborg regs, 0, trap_level, SIGTRAP) != NOTIFY_STOP) 431*a88b5ba8SSam Ravnborg bad_trap(regs, trap_level); 432*a88b5ba8SSam Ravnborg } 433*a88b5ba8SSam Ravnborg 434*a88b5ba8SSam Ravnborg /* Jprobes support. */ 435*a88b5ba8SSam Ravnborg int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs) 436*a88b5ba8SSam Ravnborg { 437*a88b5ba8SSam Ravnborg struct jprobe *jp = container_of(p, struct jprobe, kp); 438*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 439*a88b5ba8SSam Ravnborg 440*a88b5ba8SSam Ravnborg memcpy(&(kcb->jprobe_saved_regs), regs, sizeof(*regs)); 441*a88b5ba8SSam Ravnborg 442*a88b5ba8SSam Ravnborg regs->tpc = (unsigned long) jp->entry; 443*a88b5ba8SSam Ravnborg regs->tnpc = ((unsigned long) jp->entry) + 0x4UL; 444*a88b5ba8SSam Ravnborg regs->tstate |= TSTATE_PIL; 445*a88b5ba8SSam Ravnborg 446*a88b5ba8SSam Ravnborg return 1; 447*a88b5ba8SSam Ravnborg } 448*a88b5ba8SSam Ravnborg 449*a88b5ba8SSam Ravnborg void __kprobes jprobe_return(void) 450*a88b5ba8SSam Ravnborg { 451*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 452*a88b5ba8SSam Ravnborg register unsigned long orig_fp asm("g1"); 453*a88b5ba8SSam Ravnborg 454*a88b5ba8SSam Ravnborg orig_fp = kcb->jprobe_saved_regs.u_regs[UREG_FP]; 455*a88b5ba8SSam Ravnborg __asm__ __volatile__("\n" 456*a88b5ba8SSam Ravnborg "1: cmp %%sp, %0\n\t" 457*a88b5ba8SSam Ravnborg "blu,a,pt %%xcc, 1b\n\t" 458*a88b5ba8SSam Ravnborg " restore\n\t" 459*a88b5ba8SSam Ravnborg ".globl jprobe_return_trap_instruction\n" 460*a88b5ba8SSam Ravnborg "jprobe_return_trap_instruction:\n\t" 461*a88b5ba8SSam Ravnborg "ta 0x70" 462*a88b5ba8SSam Ravnborg : /* no outputs */ 463*a88b5ba8SSam Ravnborg : "r" (orig_fp)); 464*a88b5ba8SSam Ravnborg } 465*a88b5ba8SSam Ravnborg 466*a88b5ba8SSam Ravnborg extern void jprobe_return_trap_instruction(void); 467*a88b5ba8SSam Ravnborg 468*a88b5ba8SSam Ravnborg int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs) 469*a88b5ba8SSam Ravnborg { 470*a88b5ba8SSam Ravnborg u32 *addr = (u32 *) regs->tpc; 471*a88b5ba8SSam Ravnborg struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 472*a88b5ba8SSam Ravnborg 473*a88b5ba8SSam Ravnborg if (addr == (u32 *) jprobe_return_trap_instruction) { 474*a88b5ba8SSam Ravnborg memcpy(regs, &(kcb->jprobe_saved_regs), sizeof(*regs)); 475*a88b5ba8SSam Ravnborg preempt_enable_no_resched(); 476*a88b5ba8SSam Ravnborg return 1; 477*a88b5ba8SSam Ravnborg } 478*a88b5ba8SSam Ravnborg return 0; 479*a88b5ba8SSam Ravnborg } 480*a88b5ba8SSam Ravnborg 481*a88b5ba8SSam Ravnborg /* The value stored in the return address register is actually 2 482*a88b5ba8SSam Ravnborg * instructions before where the callee will return to. 483*a88b5ba8SSam Ravnborg * Sequences usually look something like this 484*a88b5ba8SSam Ravnborg * 485*a88b5ba8SSam Ravnborg * call some_function <--- return register points here 486*a88b5ba8SSam Ravnborg * nop <--- call delay slot 487*a88b5ba8SSam Ravnborg * whatever <--- where callee returns to 488*a88b5ba8SSam Ravnborg * 489*a88b5ba8SSam Ravnborg * To keep trampoline_probe_handler logic simpler, we normalize the 490*a88b5ba8SSam Ravnborg * value kept in ri->ret_addr so we don't need to keep adjusting it 491*a88b5ba8SSam Ravnborg * back and forth. 492*a88b5ba8SSam Ravnborg */ 493*a88b5ba8SSam Ravnborg void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, 494*a88b5ba8SSam Ravnborg struct pt_regs *regs) 495*a88b5ba8SSam Ravnborg { 496*a88b5ba8SSam Ravnborg ri->ret_addr = (kprobe_opcode_t *)(regs->u_regs[UREG_RETPC] + 8); 497*a88b5ba8SSam Ravnborg 498*a88b5ba8SSam Ravnborg /* Replace the return addr with trampoline addr */ 499*a88b5ba8SSam Ravnborg regs->u_regs[UREG_RETPC] = 500*a88b5ba8SSam Ravnborg ((unsigned long)kretprobe_trampoline) - 8; 501*a88b5ba8SSam Ravnborg } 502*a88b5ba8SSam Ravnborg 503*a88b5ba8SSam Ravnborg /* 504*a88b5ba8SSam Ravnborg * Called when the probe at kretprobe trampoline is hit 505*a88b5ba8SSam Ravnborg */ 506*a88b5ba8SSam Ravnborg int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs) 507*a88b5ba8SSam Ravnborg { 508*a88b5ba8SSam Ravnborg struct kretprobe_instance *ri = NULL; 509*a88b5ba8SSam Ravnborg struct hlist_head *head, empty_rp; 510*a88b5ba8SSam Ravnborg struct hlist_node *node, *tmp; 511*a88b5ba8SSam Ravnborg unsigned long flags, orig_ret_address = 0; 512*a88b5ba8SSam Ravnborg unsigned long trampoline_address =(unsigned long)&kretprobe_trampoline; 513*a88b5ba8SSam Ravnborg 514*a88b5ba8SSam Ravnborg INIT_HLIST_HEAD(&empty_rp); 515*a88b5ba8SSam Ravnborg kretprobe_hash_lock(current, &head, &flags); 516*a88b5ba8SSam Ravnborg 517*a88b5ba8SSam Ravnborg /* 518*a88b5ba8SSam Ravnborg * It is possible to have multiple instances associated with a given 519*a88b5ba8SSam Ravnborg * task either because an multiple functions in the call path 520*a88b5ba8SSam Ravnborg * have a return probe installed on them, and/or more then one return 521*a88b5ba8SSam Ravnborg * return probe was registered for a target function. 522*a88b5ba8SSam Ravnborg * 523*a88b5ba8SSam Ravnborg * We can handle this because: 524*a88b5ba8SSam Ravnborg * - instances are always inserted at the head of the list 525*a88b5ba8SSam Ravnborg * - when multiple return probes are registered for the same 526*a88b5ba8SSam Ravnborg * function, the first instance's ret_addr will point to the 527*a88b5ba8SSam Ravnborg * real return address, and all the rest will point to 528*a88b5ba8SSam Ravnborg * kretprobe_trampoline 529*a88b5ba8SSam Ravnborg */ 530*a88b5ba8SSam Ravnborg hlist_for_each_entry_safe(ri, node, tmp, head, hlist) { 531*a88b5ba8SSam Ravnborg if (ri->task != current) 532*a88b5ba8SSam Ravnborg /* another task is sharing our hash bucket */ 533*a88b5ba8SSam Ravnborg continue; 534*a88b5ba8SSam Ravnborg 535*a88b5ba8SSam Ravnborg if (ri->rp && ri->rp->handler) 536*a88b5ba8SSam Ravnborg ri->rp->handler(ri, regs); 537*a88b5ba8SSam Ravnborg 538*a88b5ba8SSam Ravnborg orig_ret_address = (unsigned long)ri->ret_addr; 539*a88b5ba8SSam Ravnborg recycle_rp_inst(ri, &empty_rp); 540*a88b5ba8SSam Ravnborg 541*a88b5ba8SSam Ravnborg if (orig_ret_address != trampoline_address) 542*a88b5ba8SSam Ravnborg /* 543*a88b5ba8SSam Ravnborg * This is the real return address. Any other 544*a88b5ba8SSam Ravnborg * instances associated with this task are for 545*a88b5ba8SSam Ravnborg * other calls deeper on the call stack 546*a88b5ba8SSam Ravnborg */ 547*a88b5ba8SSam Ravnborg break; 548*a88b5ba8SSam Ravnborg } 549*a88b5ba8SSam Ravnborg 550*a88b5ba8SSam Ravnborg kretprobe_assert(ri, orig_ret_address, trampoline_address); 551*a88b5ba8SSam Ravnborg regs->tpc = orig_ret_address; 552*a88b5ba8SSam Ravnborg regs->tnpc = orig_ret_address + 4; 553*a88b5ba8SSam Ravnborg 554*a88b5ba8SSam Ravnborg reset_current_kprobe(); 555*a88b5ba8SSam Ravnborg kretprobe_hash_unlock(current, &flags); 556*a88b5ba8SSam Ravnborg preempt_enable_no_resched(); 557*a88b5ba8SSam Ravnborg 558*a88b5ba8SSam Ravnborg hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) { 559*a88b5ba8SSam Ravnborg hlist_del(&ri->hlist); 560*a88b5ba8SSam Ravnborg kfree(ri); 561*a88b5ba8SSam Ravnborg } 562*a88b5ba8SSam Ravnborg /* 563*a88b5ba8SSam Ravnborg * By returning a non-zero value, we are telling 564*a88b5ba8SSam Ravnborg * kprobe_handler() that we don't want the post_handler 565*a88b5ba8SSam Ravnborg * to run (and have re-enabled preemption) 566*a88b5ba8SSam Ravnborg */ 567*a88b5ba8SSam Ravnborg return 1; 568*a88b5ba8SSam Ravnborg } 569*a88b5ba8SSam Ravnborg 570*a88b5ba8SSam Ravnborg void kretprobe_trampoline_holder(void) 571*a88b5ba8SSam Ravnborg { 572*a88b5ba8SSam Ravnborg asm volatile(".global kretprobe_trampoline\n" 573*a88b5ba8SSam Ravnborg "kretprobe_trampoline:\n" 574*a88b5ba8SSam Ravnborg "\tnop\n" 575*a88b5ba8SSam Ravnborg "\tnop\n"); 576*a88b5ba8SSam Ravnborg } 577*a88b5ba8SSam Ravnborg static struct kprobe trampoline_p = { 578*a88b5ba8SSam Ravnborg .addr = (kprobe_opcode_t *) &kretprobe_trampoline, 579*a88b5ba8SSam Ravnborg .pre_handler = trampoline_probe_handler 580*a88b5ba8SSam Ravnborg }; 581*a88b5ba8SSam Ravnborg 582*a88b5ba8SSam Ravnborg int __init arch_init_kprobes(void) 583*a88b5ba8SSam Ravnborg { 584*a88b5ba8SSam Ravnborg return register_kprobe(&trampoline_p); 585*a88b5ba8SSam Ravnborg } 586*a88b5ba8SSam Ravnborg 587*a88b5ba8SSam Ravnborg int __kprobes arch_trampoline_kprobe(struct kprobe *p) 588*a88b5ba8SSam Ravnborg { 589*a88b5ba8SSam Ravnborg if (p->addr == (kprobe_opcode_t *)&kretprobe_trampoline) 590*a88b5ba8SSam Ravnborg return 1; 591*a88b5ba8SSam Ravnborg 592*a88b5ba8SSam Ravnborg return 0; 593*a88b5ba8SSam Ravnborg } 594