1 // SPDX-License-Identifier: GPL-2.0+ 2 3 #include <linux/kprobes.h> 4 #include <linux/extable.h> 5 #include <linux/slab.h> 6 #include <linux/stop_machine.h> 7 #include <asm/ptrace.h> 8 #include <linux/uaccess.h> 9 #include <asm/sections.h> 10 #include <asm/cacheflush.h> 11 #include <asm/bug.h> 12 #include <asm/patch.h> 13 14 #include "decode-insn.h" 15 16 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; 17 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); 18 19 static void __kprobes 20 post_kprobe_handler(struct kprobe_ctlblk *, struct pt_regs *); 21 22 static void __kprobes arch_prepare_ss_slot(struct kprobe *p) 23 { 24 unsigned long offset = GET_INSN_LENGTH(p->opcode); 25 26 p->ainsn.api.restore = (unsigned long)p->addr + offset; 27 28 patch_text(p->ainsn.api.insn, p->opcode); 29 patch_text((void *)((unsigned long)(p->ainsn.api.insn) + offset), 30 __BUG_INSN_32); 31 } 32 33 static void __kprobes arch_prepare_simulate(struct kprobe *p) 34 { 35 p->ainsn.api.restore = 0; 36 } 37 38 static void __kprobes arch_simulate_insn(struct kprobe *p, struct pt_regs *regs) 39 { 40 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 41 42 if (p->ainsn.api.handler) 43 p->ainsn.api.handler((u32)p->opcode, 44 (unsigned long)p->addr, regs); 45 46 post_kprobe_handler(kcb, regs); 47 } 48 49 int __kprobes arch_prepare_kprobe(struct kprobe *p) 50 { 51 unsigned long probe_addr = (unsigned long)p->addr; 52 53 if (probe_addr & 0x1) { 54 pr_warn("Address not aligned.\n"); 55 56 return -EINVAL; 57 } 58 59 /* copy instruction */ 60 p->opcode = *p->addr; 61 62 /* decode instruction */ 63 switch (riscv_probe_decode_insn(p->addr, &p->ainsn.api)) { 64 case INSN_REJECTED: /* insn not supported */ 65 return -EINVAL; 66 67 case INSN_GOOD_NO_SLOT: /* insn need simulation */ 68 p->ainsn.api.insn = NULL; 69 break; 70 71 case INSN_GOOD: /* instruction uses slot */ 72 p->ainsn.api.insn = get_insn_slot(); 73 if (!p->ainsn.api.insn) 74 return -ENOMEM; 75 break; 76 } 77 78 /* prepare the instruction */ 79 if (p->ainsn.api.insn) 80 arch_prepare_ss_slot(p); 81 else 82 arch_prepare_simulate(p); 83 84 return 0; 85 } 86 87 /* install breakpoint in text */ 88 void __kprobes arch_arm_kprobe(struct kprobe *p) 89 { 90 if ((p->opcode & __INSN_LENGTH_MASK) == __INSN_LENGTH_32) 91 patch_text(p->addr, __BUG_INSN_32); 92 else 93 patch_text(p->addr, __BUG_INSN_16); 94 } 95 96 /* remove breakpoint from text */ 97 void __kprobes arch_disarm_kprobe(struct kprobe *p) 98 { 99 patch_text(p->addr, p->opcode); 100 } 101 102 void __kprobes arch_remove_kprobe(struct kprobe *p) 103 { 104 } 105 106 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb) 107 { 108 kcb->prev_kprobe.kp = kprobe_running(); 109 kcb->prev_kprobe.status = kcb->kprobe_status; 110 } 111 112 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb) 113 { 114 __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp); 115 kcb->kprobe_status = kcb->prev_kprobe.status; 116 } 117 118 static void __kprobes set_current_kprobe(struct kprobe *p) 119 { 120 __this_cpu_write(current_kprobe, p); 121 } 122 123 /* 124 * Interrupts need to be disabled before single-step mode is set, and not 125 * reenabled until after single-step mode ends. 126 * Without disabling interrupt on local CPU, there is a chance of 127 * interrupt occurrence in the period of exception return and start of 128 * out-of-line single-step, that result in wrongly single stepping 129 * into the interrupt handler. 130 */ 131 static void __kprobes kprobes_save_local_irqflag(struct kprobe_ctlblk *kcb, 132 struct pt_regs *regs) 133 { 134 kcb->saved_status = regs->status; 135 regs->status &= ~SR_SPIE; 136 } 137 138 static void __kprobes kprobes_restore_local_irqflag(struct kprobe_ctlblk *kcb, 139 struct pt_regs *regs) 140 { 141 regs->status = kcb->saved_status; 142 } 143 144 static void __kprobes 145 set_ss_context(struct kprobe_ctlblk *kcb, unsigned long addr, struct kprobe *p) 146 { 147 unsigned long offset = GET_INSN_LENGTH(p->opcode); 148 149 kcb->ss_ctx.ss_pending = true; 150 kcb->ss_ctx.match_addr = addr + offset; 151 } 152 153 static void __kprobes clear_ss_context(struct kprobe_ctlblk *kcb) 154 { 155 kcb->ss_ctx.ss_pending = false; 156 kcb->ss_ctx.match_addr = 0; 157 } 158 159 static void __kprobes setup_singlestep(struct kprobe *p, 160 struct pt_regs *regs, 161 struct kprobe_ctlblk *kcb, int reenter) 162 { 163 unsigned long slot; 164 165 if (reenter) { 166 save_previous_kprobe(kcb); 167 set_current_kprobe(p); 168 kcb->kprobe_status = KPROBE_REENTER; 169 } else { 170 kcb->kprobe_status = KPROBE_HIT_SS; 171 } 172 173 if (p->ainsn.api.insn) { 174 /* prepare for single stepping */ 175 slot = (unsigned long)p->ainsn.api.insn; 176 177 set_ss_context(kcb, slot, p); /* mark pending ss */ 178 179 /* IRQs and single stepping do not mix well. */ 180 kprobes_save_local_irqflag(kcb, regs); 181 182 instruction_pointer_set(regs, slot); 183 } else { 184 /* insn simulation */ 185 arch_simulate_insn(p, regs); 186 } 187 } 188 189 static int __kprobes reenter_kprobe(struct kprobe *p, 190 struct pt_regs *regs, 191 struct kprobe_ctlblk *kcb) 192 { 193 switch (kcb->kprobe_status) { 194 case KPROBE_HIT_SSDONE: 195 case KPROBE_HIT_ACTIVE: 196 kprobes_inc_nmissed_count(p); 197 setup_singlestep(p, regs, kcb, 1); 198 break; 199 case KPROBE_HIT_SS: 200 case KPROBE_REENTER: 201 pr_warn("Unrecoverable kprobe detected.\n"); 202 dump_kprobe(p); 203 BUG(); 204 break; 205 default: 206 WARN_ON(1); 207 return 0; 208 } 209 210 return 1; 211 } 212 213 static void __kprobes 214 post_kprobe_handler(struct kprobe_ctlblk *kcb, struct pt_regs *regs) 215 { 216 struct kprobe *cur = kprobe_running(); 217 218 if (!cur) 219 return; 220 221 /* return addr restore if non-branching insn */ 222 if (cur->ainsn.api.restore != 0) 223 regs->epc = cur->ainsn.api.restore; 224 225 /* restore back original saved kprobe variables and continue */ 226 if (kcb->kprobe_status == KPROBE_REENTER) { 227 restore_previous_kprobe(kcb); 228 return; 229 } 230 231 /* call post handler */ 232 kcb->kprobe_status = KPROBE_HIT_SSDONE; 233 if (cur->post_handler) { 234 /* post_handler can hit breakpoint and single step 235 * again, so we enable D-flag for recursive exception. 236 */ 237 cur->post_handler(cur, regs, 0); 238 } 239 240 reset_current_kprobe(); 241 } 242 243 int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int trapnr) 244 { 245 struct kprobe *cur = kprobe_running(); 246 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 247 248 switch (kcb->kprobe_status) { 249 case KPROBE_HIT_SS: 250 case KPROBE_REENTER: 251 /* 252 * We are here because the instruction being single 253 * stepped caused a page fault. We reset the current 254 * kprobe and the ip points back to the probe address 255 * and allow the page fault handler to continue as a 256 * normal page fault. 257 */ 258 regs->epc = (unsigned long) cur->addr; 259 if (!instruction_pointer(regs)) 260 BUG(); 261 262 if (kcb->kprobe_status == KPROBE_REENTER) 263 restore_previous_kprobe(kcb); 264 else 265 reset_current_kprobe(); 266 267 break; 268 case KPROBE_HIT_ACTIVE: 269 case KPROBE_HIT_SSDONE: 270 /* 271 * We increment the nmissed count for accounting, 272 * we can also use npre/npostfault count for accounting 273 * these specific fault cases. 274 */ 275 kprobes_inc_nmissed_count(cur); 276 277 /* 278 * We come here because instructions in the pre/post 279 * handler caused the page_fault, this could happen 280 * if handler tries to access user space by 281 * copy_from_user(), get_user() etc. Let the 282 * user-specified handler try to fix it first. 283 */ 284 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr)) 285 return 1; 286 287 /* 288 * In case the user-specified fault handler returned 289 * zero, try to fix up. 290 */ 291 if (fixup_exception(regs)) 292 return 1; 293 } 294 return 0; 295 } 296 297 bool __kprobes 298 kprobe_breakpoint_handler(struct pt_regs *regs) 299 { 300 struct kprobe *p, *cur_kprobe; 301 struct kprobe_ctlblk *kcb; 302 unsigned long addr = instruction_pointer(regs); 303 304 kcb = get_kprobe_ctlblk(); 305 cur_kprobe = kprobe_running(); 306 307 p = get_kprobe((kprobe_opcode_t *) addr); 308 309 if (p) { 310 if (cur_kprobe) { 311 if (reenter_kprobe(p, regs, kcb)) 312 return true; 313 } else { 314 /* Probe hit */ 315 set_current_kprobe(p); 316 kcb->kprobe_status = KPROBE_HIT_ACTIVE; 317 318 /* 319 * If we have no pre-handler or it returned 0, we 320 * continue with normal processing. If we have a 321 * pre-handler and it returned non-zero, it will 322 * modify the execution path and no need to single 323 * stepping. Let's just reset current kprobe and exit. 324 * 325 * pre_handler can hit a breakpoint and can step thru 326 * before return. 327 */ 328 if (!p->pre_handler || !p->pre_handler(p, regs)) 329 setup_singlestep(p, regs, kcb, 0); 330 else 331 reset_current_kprobe(); 332 } 333 return true; 334 } 335 336 /* 337 * The breakpoint instruction was removed right 338 * after we hit it. Another cpu has removed 339 * either a probepoint or a debugger breakpoint 340 * at this address. In either case, no further 341 * handling of this interrupt is appropriate. 342 * Return back to original instruction, and continue. 343 */ 344 return false; 345 } 346 347 bool __kprobes 348 kprobe_single_step_handler(struct pt_regs *regs) 349 { 350 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 351 352 if ((kcb->ss_ctx.ss_pending) 353 && (kcb->ss_ctx.match_addr == instruction_pointer(regs))) { 354 clear_ss_context(kcb); /* clear pending ss */ 355 356 kprobes_restore_local_irqflag(kcb, regs); 357 358 post_kprobe_handler(kcb, regs); 359 return true; 360 } 361 return false; 362 } 363 364 /* 365 * Provide a blacklist of symbols identifying ranges which cannot be kprobed. 366 * This blacklist is exposed to userspace via debugfs (kprobes/blacklist). 367 */ 368 int __init arch_populate_kprobe_blacklist(void) 369 { 370 int ret; 371 372 ret = kprobe_add_area_blacklist((unsigned long)__irqentry_text_start, 373 (unsigned long)__irqentry_text_end); 374 return ret; 375 } 376 377 void __kprobes __used *trampoline_probe_handler(struct pt_regs *regs) 378 { 379 return (void *)kretprobe_trampoline_handler(regs, &kretprobe_trampoline, NULL); 380 } 381 382 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, 383 struct pt_regs *regs) 384 { 385 ri->ret_addr = (kprobe_opcode_t *)regs->ra; 386 ri->fp = NULL; 387 regs->ra = (unsigned long) &kretprobe_trampoline; 388 } 389 390 int __kprobes arch_trampoline_kprobe(struct kprobe *p) 391 { 392 return 0; 393 } 394 395 int __init arch_init_kprobes(void) 396 { 397 return 0; 398 } 399