1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * several functions that help interpret ARC instructions 4 * used for unaligned accesses, kprobes and kgdb 5 * 6 * Copyright (C) 2004, 2007-2010, 2011-2012 Synopsys, Inc. (www.synopsys.com) 7 */ 8 9 #include <linux/types.h> 10 #include <linux/kprobes.h> 11 #include <linux/slab.h> 12 #include <linux/uaccess.h> 13 #include <asm/disasm.h> 14 15 #if defined(CONFIG_KGDB) || defined(CONFIG_ARC_EMUL_UNALIGNED) || \ 16 defined(CONFIG_KPROBES) 17 18 /* disasm_instr: Analyses instruction at addr, stores 19 * findings in *state 20 */ 21 void __kprobes disasm_instr(unsigned long addr, struct disasm_state *state, 22 int userspace, struct pt_regs *regs, struct callee_regs *cregs) 23 { 24 int fieldA = 0; 25 int fieldC = 0, fieldCisReg = 0; 26 uint16_t word1 = 0, word0 = 0; 27 int subopcode, is_linked, op_format; 28 uint16_t *ins_ptr; 29 uint16_t ins_buf[4]; 30 int bytes_not_copied = 0; 31 32 memset(state, 0, sizeof(struct disasm_state)); 33 34 /* This fetches the upper part of the 32 bit instruction 35 * in both the cases of Little Endian or Big Endian configurations. */ 36 if (userspace) { 37 bytes_not_copied = copy_from_user(ins_buf, 38 (const void __user *) addr, 8); 39 if (bytes_not_copied > 6) 40 goto fault; 41 ins_ptr = ins_buf; 42 } else { 43 ins_ptr = (uint16_t *) addr; 44 } 45 46 word1 = *((uint16_t *)addr); 47 48 state->major_opcode = (word1 >> 11) & 0x1F; 49 50 /* Check if the instruction is 32 bit or 16 bit instruction */ 51 if (state->major_opcode < 0x0B) { 52 if (bytes_not_copied > 4) 53 goto fault; 54 state->instr_len = 4; 55 word0 = *((uint16_t *)(addr+2)); 56 state->words[0] = (word1 << 16) | word0; 57 } else { 58 state->instr_len = 2; 59 state->words[0] = word1; 60 } 61 62 /* Read the second word in case of limm */ 63 word1 = *((uint16_t *)(addr + state->instr_len)); 64 word0 = *((uint16_t *)(addr + state->instr_len + 2)); 65 state->words[1] = (word1 << 16) | word0; 66 67 switch (state->major_opcode) { 68 case op_Bcc: 69 state->is_branch = 1; 70 71 /* unconditional branch s25, conditional branch s21 */ 72 fieldA = (IS_BIT(state->words[0], 16)) ? 73 FIELD_s25(state->words[0]) : 74 FIELD_s21(state->words[0]); 75 76 state->delay_slot = IS_BIT(state->words[0], 5); 77 state->target = fieldA + (addr & ~0x3); 78 state->flow = direct_jump; 79 break; 80 81 case op_BLcc: 82 if (IS_BIT(state->words[0], 16)) { 83 /* Branch and Link*/ 84 /* unconditional branch s25, conditional branch s21 */ 85 fieldA = (IS_BIT(state->words[0], 17)) ? 86 (FIELD_s25(state->words[0]) & ~0x3) : 87 FIELD_s21(state->words[0]); 88 89 state->flow = direct_call; 90 } else { 91 /*Branch On Compare */ 92 fieldA = FIELD_s9(state->words[0]) & ~0x3; 93 state->flow = direct_jump; 94 } 95 96 state->delay_slot = IS_BIT(state->words[0], 5); 97 state->target = fieldA + (addr & ~0x3); 98 state->is_branch = 1; 99 break; 100 101 case op_LD: /* LD<zz> a,[b,s9] */ 102 state->write = 0; 103 state->di = BITS(state->words[0], 11, 11); 104 if (state->di) 105 break; 106 state->x = BITS(state->words[0], 6, 6); 107 state->zz = BITS(state->words[0], 7, 8); 108 state->aa = BITS(state->words[0], 9, 10); 109 state->wb_reg = FIELD_B(state->words[0]); 110 if (state->wb_reg == REG_LIMM) { 111 state->instr_len += 4; 112 state->aa = 0; 113 state->src1 = state->words[1]; 114 } else { 115 state->src1 = get_reg(state->wb_reg, regs, cregs); 116 } 117 state->src2 = FIELD_s9(state->words[0]); 118 state->dest = FIELD_A(state->words[0]); 119 state->pref = (state->dest == REG_LIMM); 120 break; 121 122 case op_ST: 123 state->write = 1; 124 state->di = BITS(state->words[0], 5, 5); 125 if (state->di) 126 break; 127 state->aa = BITS(state->words[0], 3, 4); 128 state->zz = BITS(state->words[0], 1, 2); 129 state->src1 = FIELD_C(state->words[0]); 130 if (state->src1 == REG_LIMM) { 131 state->instr_len += 4; 132 state->src1 = state->words[1]; 133 } else { 134 state->src1 = get_reg(state->src1, regs, cregs); 135 } 136 state->wb_reg = FIELD_B(state->words[0]); 137 if (state->wb_reg == REG_LIMM) { 138 state->aa = 0; 139 state->instr_len += 4; 140 state->src2 = state->words[1]; 141 } else { 142 state->src2 = get_reg(state->wb_reg, regs, cregs); 143 } 144 state->src3 = FIELD_s9(state->words[0]); 145 break; 146 147 case op_MAJOR_4: 148 subopcode = MINOR_OPCODE(state->words[0]); 149 switch (subopcode) { 150 case 32: /* Jcc */ 151 case 33: /* Jcc.D */ 152 case 34: /* JLcc */ 153 case 35: /* JLcc.D */ 154 is_linked = 0; 155 156 if (subopcode == 33 || subopcode == 35) 157 state->delay_slot = 1; 158 159 if (subopcode == 34 || subopcode == 35) 160 is_linked = 1; 161 162 fieldCisReg = 0; 163 op_format = BITS(state->words[0], 22, 23); 164 if (op_format == 0 || ((op_format == 3) && 165 (!IS_BIT(state->words[0], 5)))) { 166 fieldC = FIELD_C(state->words[0]); 167 168 if (fieldC == REG_LIMM) { 169 fieldC = state->words[1]; 170 state->instr_len += 4; 171 } else { 172 fieldCisReg = 1; 173 } 174 } else if (op_format == 1 || ((op_format == 3) 175 && (IS_BIT(state->words[0], 5)))) { 176 fieldC = FIELD_C(state->words[0]); 177 } else { 178 /* op_format == 2 */ 179 fieldC = FIELD_s12(state->words[0]); 180 } 181 182 if (!fieldCisReg) { 183 state->target = fieldC; 184 state->flow = is_linked ? 185 direct_call : direct_jump; 186 } else { 187 state->target = get_reg(fieldC, regs, cregs); 188 state->flow = is_linked ? 189 indirect_call : indirect_jump; 190 } 191 state->is_branch = 1; 192 break; 193 194 case 40: /* LPcc */ 195 if (BITS(state->words[0], 22, 23) == 3) { 196 /* Conditional LPcc u7 */ 197 fieldC = FIELD_C(state->words[0]); 198 199 fieldC = fieldC << 1; 200 fieldC += (addr & ~0x03); 201 state->is_branch = 1; 202 state->flow = direct_jump; 203 state->target = fieldC; 204 } 205 /* For Unconditional lp, next pc is the fall through 206 * which is updated */ 207 break; 208 209 case 48 ... 55: /* LD a,[b,c] */ 210 state->di = BITS(state->words[0], 15, 15); 211 if (state->di) 212 break; 213 state->x = BITS(state->words[0], 16, 16); 214 state->zz = BITS(state->words[0], 17, 18); 215 state->aa = BITS(state->words[0], 22, 23); 216 state->wb_reg = FIELD_B(state->words[0]); 217 if (state->wb_reg == REG_LIMM) { 218 state->instr_len += 4; 219 state->src1 = state->words[1]; 220 } else { 221 state->src1 = get_reg(state->wb_reg, regs, 222 cregs); 223 } 224 state->src2 = FIELD_C(state->words[0]); 225 if (state->src2 == REG_LIMM) { 226 state->instr_len += 4; 227 state->src2 = state->words[1]; 228 } else { 229 state->src2 = get_reg(state->src2, regs, 230 cregs); 231 } 232 state->dest = FIELD_A(state->words[0]); 233 if (state->dest == REG_LIMM) 234 state->pref = 1; 235 break; 236 237 case 10: /* MOV */ 238 /* still need to check for limm to extract instr len */ 239 /* MOV is special case because it only takes 2 args */ 240 switch (BITS(state->words[0], 22, 23)) { 241 case 0: /* OP a,b,c */ 242 if (FIELD_C(state->words[0]) == REG_LIMM) 243 state->instr_len += 4; 244 break; 245 case 1: /* OP a,b,u6 */ 246 break; 247 case 2: /* OP b,b,s12 */ 248 break; 249 case 3: /* OP.cc b,b,c/u6 */ 250 if ((!IS_BIT(state->words[0], 5)) && 251 (FIELD_C(state->words[0]) == REG_LIMM)) 252 state->instr_len += 4; 253 break; 254 } 255 break; 256 257 258 default: 259 /* Not a Load, Jump or Loop instruction */ 260 /* still need to check for limm to extract instr len */ 261 switch (BITS(state->words[0], 22, 23)) { 262 case 0: /* OP a,b,c */ 263 if ((FIELD_B(state->words[0]) == REG_LIMM) || 264 (FIELD_C(state->words[0]) == REG_LIMM)) 265 state->instr_len += 4; 266 break; 267 case 1: /* OP a,b,u6 */ 268 break; 269 case 2: /* OP b,b,s12 */ 270 break; 271 case 3: /* OP.cc b,b,c/u6 */ 272 if ((!IS_BIT(state->words[0], 5)) && 273 ((FIELD_B(state->words[0]) == REG_LIMM) || 274 (FIELD_C(state->words[0]) == REG_LIMM))) 275 state->instr_len += 4; 276 break; 277 } 278 break; 279 } 280 break; 281 282 /* 16 Bit Instructions */ 283 case op_LD_ADD: /* LD_S|LDB_S|LDW_S a,[b,c] */ 284 state->zz = BITS(state->words[0], 3, 4); 285 state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, cregs); 286 state->src2 = get_reg(FIELD_S_C(state->words[0]), regs, cregs); 287 state->dest = FIELD_S_A(state->words[0]); 288 break; 289 290 case op_ADD_MOV_CMP: 291 /* check for limm, ignore mov_s h,b (== mov_s 0,b) */ 292 if ((BITS(state->words[0], 3, 4) < 3) && 293 (FIELD_S_H(state->words[0]) == REG_LIMM)) 294 state->instr_len += 4; 295 break; 296 297 case op_S: 298 subopcode = BITS(state->words[0], 5, 7); 299 switch (subopcode) { 300 case 0: /* j_s */ 301 case 1: /* j_s.d */ 302 case 2: /* jl_s */ 303 case 3: /* jl_s.d */ 304 state->target = get_reg(FIELD_S_B(state->words[0]), 305 regs, cregs); 306 state->delay_slot = subopcode & 1; 307 state->flow = (subopcode >= 2) ? 308 direct_call : indirect_jump; 309 break; 310 case 7: 311 switch (BITS(state->words[0], 8, 10)) { 312 case 4: /* jeq_s [blink] */ 313 case 5: /* jne_s [blink] */ 314 case 6: /* j_s [blink] */ 315 case 7: /* j_s.d [blink] */ 316 state->delay_slot = (subopcode == 7); 317 state->flow = indirect_jump; 318 state->target = get_reg(31, regs, cregs); 319 default: 320 break; 321 } 322 default: 323 break; 324 } 325 break; 326 327 case op_LD_S: /* LD_S c, [b, u7] */ 328 state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, cregs); 329 state->src2 = FIELD_S_u7(state->words[0]); 330 state->dest = FIELD_S_C(state->words[0]); 331 break; 332 333 case op_LDB_S: 334 case op_STB_S: 335 /* no further handling required as byte accesses should not 336 * cause an unaligned access exception */ 337 state->zz = 1; 338 break; 339 340 case op_LDWX_S: /* LDWX_S c, [b, u6] */ 341 state->x = 1; 342 fallthrough; 343 344 case op_LDW_S: /* LDW_S c, [b, u6] */ 345 state->zz = 2; 346 state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, cregs); 347 state->src2 = FIELD_S_u6(state->words[0]); 348 state->dest = FIELD_S_C(state->words[0]); 349 break; 350 351 case op_ST_S: /* ST_S c, [b, u7] */ 352 state->write = 1; 353 state->src1 = get_reg(FIELD_S_C(state->words[0]), regs, cregs); 354 state->src2 = get_reg(FIELD_S_B(state->words[0]), regs, cregs); 355 state->src3 = FIELD_S_u7(state->words[0]); 356 break; 357 358 case op_STW_S: /* STW_S c,[b,u6] */ 359 state->write = 1; 360 state->zz = 2; 361 state->src1 = get_reg(FIELD_S_C(state->words[0]), regs, cregs); 362 state->src2 = get_reg(FIELD_S_B(state->words[0]), regs, cregs); 363 state->src3 = FIELD_S_u6(state->words[0]); 364 break; 365 366 case op_SP: /* LD_S|LDB_S b,[sp,u7], ST_S|STB_S b,[sp,u7] */ 367 /* note: we are ignoring possibility of: 368 * ADD_S, SUB_S, PUSH_S, POP_S as these should not 369 * cause unaliged exception anyway */ 370 state->write = BITS(state->words[0], 6, 6); 371 state->zz = BITS(state->words[0], 5, 5); 372 if (state->zz) 373 break; /* byte accesses should not come here */ 374 if (!state->write) { 375 state->src1 = get_reg(28, regs, cregs); 376 state->src2 = FIELD_S_u7(state->words[0]); 377 state->dest = FIELD_S_B(state->words[0]); 378 } else { 379 state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, 380 cregs); 381 state->src2 = get_reg(28, regs, cregs); 382 state->src3 = FIELD_S_u7(state->words[0]); 383 } 384 break; 385 386 case op_GP: /* LD_S|LDB_S|LDW_S r0,[gp,s11/s9/s10] */ 387 /* note: ADD_S r0, gp, s11 is ignored */ 388 state->zz = BITS(state->words[0], 9, 10); 389 state->src1 = get_reg(26, regs, cregs); 390 state->src2 = state->zz ? FIELD_S_s10(state->words[0]) : 391 FIELD_S_s11(state->words[0]); 392 state->dest = 0; 393 break; 394 395 case op_Pcl: /* LD_S b,[pcl,u10] */ 396 state->src1 = regs->ret & ~3; 397 state->src2 = FIELD_S_u10(state->words[0]); 398 state->dest = FIELD_S_B(state->words[0]); 399 break; 400 401 case op_BR_S: 402 state->target = FIELD_S_s8(state->words[0]) + (addr & ~0x03); 403 state->flow = direct_jump; 404 state->is_branch = 1; 405 break; 406 407 case op_B_S: 408 fieldA = (BITS(state->words[0], 9, 10) == 3) ? 409 FIELD_S_s7(state->words[0]) : 410 FIELD_S_s10(state->words[0]); 411 state->target = fieldA + (addr & ~0x03); 412 state->flow = direct_jump; 413 state->is_branch = 1; 414 break; 415 416 case op_BL_S: 417 state->target = FIELD_S_s13(state->words[0]) + (addr & ~0x03); 418 state->flow = direct_call; 419 state->is_branch = 1; 420 break; 421 422 default: 423 break; 424 } 425 426 if (bytes_not_copied <= (8 - state->instr_len)) 427 return; 428 429 fault: state->fault = 1; 430 } 431 432 long __kprobes get_reg(int reg, struct pt_regs *regs, 433 struct callee_regs *cregs) 434 { 435 long *p; 436 437 if (reg <= 12) { 438 p = ®s->r0; 439 return p[-reg]; 440 } 441 442 if (cregs && (reg <= 25)) { 443 p = &cregs->r13; 444 return p[13-reg]; 445 } 446 447 if (reg == 26) 448 return regs->r26; 449 if (reg == 27) 450 return regs->fp; 451 if (reg == 28) 452 return regs->sp; 453 if (reg == 31) 454 return regs->blink; 455 456 return 0; 457 } 458 459 void __kprobes set_reg(int reg, long val, struct pt_regs *regs, 460 struct callee_regs *cregs) 461 { 462 long *p; 463 464 switch (reg) { 465 case 0 ... 12: 466 p = ®s->r0; 467 p[-reg] = val; 468 break; 469 case 13 ... 25: 470 if (cregs) { 471 p = &cregs->r13; 472 p[13-reg] = val; 473 } 474 break; 475 case 26: 476 regs->r26 = val; 477 break; 478 case 27: 479 regs->fp = val; 480 break; 481 case 28: 482 regs->sp = val; 483 break; 484 case 31: 485 regs->blink = val; 486 break; 487 default: 488 break; 489 } 490 } 491 492 /* 493 * Disassembles the insn at @pc and sets @next_pc to next PC (which could be 494 * @pc +2/4/6 (ARCompact ISA allows free intermixing of 16/32 bit insns). 495 * 496 * If @pc is a branch 497 * -@tgt_if_br is set to branch target. 498 * -If branch has delay slot, @next_pc updated with actual next PC. 499 */ 500 int __kprobes disasm_next_pc(unsigned long pc, struct pt_regs *regs, 501 struct callee_regs *cregs, 502 unsigned long *next_pc, unsigned long *tgt_if_br) 503 { 504 struct disasm_state instr; 505 506 memset(&instr, 0, sizeof(struct disasm_state)); 507 disasm_instr(pc, &instr, 0, regs, cregs); 508 509 *next_pc = pc + instr.instr_len; 510 511 /* Instruction with possible two targets branch, jump and loop */ 512 if (instr.is_branch) 513 *tgt_if_br = instr.target; 514 515 /* For the instructions with delay slots, the fall through is the 516 * instruction following the instruction in delay slot. 517 */ 518 if (instr.delay_slot) { 519 struct disasm_state instr_d; 520 521 disasm_instr(*next_pc, &instr_d, 0, regs, cregs); 522 523 *next_pc += instr_d.instr_len; 524 } 525 526 /* Zero Overhead Loop - end of the loop */ 527 if (!(regs->status32 & STATUS32_L) && (*next_pc == regs->lp_end) 528 && (regs->lp_count > 1)) { 529 *next_pc = regs->lp_start; 530 } 531 532 return instr.is_branch; 533 } 534 535 #endif /* CONFIG_KGDB || CONFIG_ARC_EMUL_UNALIGNED || CONFIG_KPROBES */ 536