xref: /openbmc/linux/arch/riscv/kernel/probes/kprobes.c (revision 8ffdff6a)
1 // SPDX-License-Identifier: GPL-2.0+
2 
3 #include <linux/kprobes.h>
4 #include <linux/extable.h>
5 #include <linux/slab.h>
6 #include <linux/stop_machine.h>
7 #include <asm/ptrace.h>
8 #include <linux/uaccess.h>
9 #include <asm/sections.h>
10 #include <asm/cacheflush.h>
11 #include <asm/bug.h>
12 #include <asm/patch.h>
13 
14 #include "decode-insn.h"
15 
16 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
17 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
18 
19 static void __kprobes
20 post_kprobe_handler(struct kprobe_ctlblk *, struct pt_regs *);
21 
22 static void __kprobes arch_prepare_ss_slot(struct kprobe *p)
23 {
24 	unsigned long offset = GET_INSN_LENGTH(p->opcode);
25 
26 	p->ainsn.api.restore = (unsigned long)p->addr + offset;
27 
28 	patch_text(p->ainsn.api.insn, p->opcode);
29 	patch_text((void *)((unsigned long)(p->ainsn.api.insn) + offset),
30 		   __BUG_INSN_32);
31 }
32 
33 static void __kprobes arch_prepare_simulate(struct kprobe *p)
34 {
35 	p->ainsn.api.restore = 0;
36 }
37 
38 static void __kprobes arch_simulate_insn(struct kprobe *p, struct pt_regs *regs)
39 {
40 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
41 
42 	if (p->ainsn.api.handler)
43 		p->ainsn.api.handler((u32)p->opcode,
44 					(unsigned long)p->addr, regs);
45 
46 	post_kprobe_handler(kcb, regs);
47 }
48 
49 int __kprobes arch_prepare_kprobe(struct kprobe *p)
50 {
51 	unsigned long probe_addr = (unsigned long)p->addr;
52 
53 	if (probe_addr & 0x1) {
54 		pr_warn("Address not aligned.\n");
55 
56 		return -EINVAL;
57 	}
58 
59 	/* copy instruction */
60 	p->opcode = *p->addr;
61 
62 	/* decode instruction */
63 	switch (riscv_probe_decode_insn(p->addr, &p->ainsn.api)) {
64 	case INSN_REJECTED:	/* insn not supported */
65 		return -EINVAL;
66 
67 	case INSN_GOOD_NO_SLOT:	/* insn need simulation */
68 		p->ainsn.api.insn = NULL;
69 		break;
70 
71 	case INSN_GOOD:	/* instruction uses slot */
72 		p->ainsn.api.insn = get_insn_slot();
73 		if (!p->ainsn.api.insn)
74 			return -ENOMEM;
75 		break;
76 	}
77 
78 	/* prepare the instruction */
79 	if (p->ainsn.api.insn)
80 		arch_prepare_ss_slot(p);
81 	else
82 		arch_prepare_simulate(p);
83 
84 	return 0;
85 }
86 
87 /* install breakpoint in text */
88 void __kprobes arch_arm_kprobe(struct kprobe *p)
89 {
90 	if ((p->opcode & __INSN_LENGTH_MASK) == __INSN_LENGTH_32)
91 		patch_text(p->addr, __BUG_INSN_32);
92 	else
93 		patch_text(p->addr, __BUG_INSN_16);
94 }
95 
96 /* remove breakpoint from text */
97 void __kprobes arch_disarm_kprobe(struct kprobe *p)
98 {
99 	patch_text(p->addr, p->opcode);
100 }
101 
102 void __kprobes arch_remove_kprobe(struct kprobe *p)
103 {
104 }
105 
106 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
107 {
108 	kcb->prev_kprobe.kp = kprobe_running();
109 	kcb->prev_kprobe.status = kcb->kprobe_status;
110 }
111 
112 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
113 {
114 	__this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
115 	kcb->kprobe_status = kcb->prev_kprobe.status;
116 }
117 
118 static void __kprobes set_current_kprobe(struct kprobe *p)
119 {
120 	__this_cpu_write(current_kprobe, p);
121 }
122 
123 /*
124  * Interrupts need to be disabled before single-step mode is set, and not
125  * reenabled until after single-step mode ends.
126  * Without disabling interrupt on local CPU, there is a chance of
127  * interrupt occurrence in the period of exception return and  start of
128  * out-of-line single-step, that result in wrongly single stepping
129  * into the interrupt handler.
130  */
131 static void __kprobes kprobes_save_local_irqflag(struct kprobe_ctlblk *kcb,
132 						struct pt_regs *regs)
133 {
134 	kcb->saved_status = regs->status;
135 	regs->status &= ~SR_SPIE;
136 }
137 
138 static void __kprobes kprobes_restore_local_irqflag(struct kprobe_ctlblk *kcb,
139 						struct pt_regs *regs)
140 {
141 	regs->status = kcb->saved_status;
142 }
143 
144 static void __kprobes
145 set_ss_context(struct kprobe_ctlblk *kcb, unsigned long addr, struct kprobe *p)
146 {
147 	unsigned long offset = GET_INSN_LENGTH(p->opcode);
148 
149 	kcb->ss_ctx.ss_pending = true;
150 	kcb->ss_ctx.match_addr = addr + offset;
151 }
152 
153 static void __kprobes clear_ss_context(struct kprobe_ctlblk *kcb)
154 {
155 	kcb->ss_ctx.ss_pending = false;
156 	kcb->ss_ctx.match_addr = 0;
157 }
158 
159 static void __kprobes setup_singlestep(struct kprobe *p,
160 				       struct pt_regs *regs,
161 				       struct kprobe_ctlblk *kcb, int reenter)
162 {
163 	unsigned long slot;
164 
165 	if (reenter) {
166 		save_previous_kprobe(kcb);
167 		set_current_kprobe(p);
168 		kcb->kprobe_status = KPROBE_REENTER;
169 	} else {
170 		kcb->kprobe_status = KPROBE_HIT_SS;
171 	}
172 
173 	if (p->ainsn.api.insn) {
174 		/* prepare for single stepping */
175 		slot = (unsigned long)p->ainsn.api.insn;
176 
177 		set_ss_context(kcb, slot, p);	/* mark pending ss */
178 
179 		/* IRQs and single stepping do not mix well. */
180 		kprobes_save_local_irqflag(kcb, regs);
181 
182 		instruction_pointer_set(regs, slot);
183 	} else {
184 		/* insn simulation */
185 		arch_simulate_insn(p, regs);
186 	}
187 }
188 
189 static int __kprobes reenter_kprobe(struct kprobe *p,
190 				    struct pt_regs *regs,
191 				    struct kprobe_ctlblk *kcb)
192 {
193 	switch (kcb->kprobe_status) {
194 	case KPROBE_HIT_SSDONE:
195 	case KPROBE_HIT_ACTIVE:
196 		kprobes_inc_nmissed_count(p);
197 		setup_singlestep(p, regs, kcb, 1);
198 		break;
199 	case KPROBE_HIT_SS:
200 	case KPROBE_REENTER:
201 		pr_warn("Unrecoverable kprobe detected.\n");
202 		dump_kprobe(p);
203 		BUG();
204 		break;
205 	default:
206 		WARN_ON(1);
207 		return 0;
208 	}
209 
210 	return 1;
211 }
212 
213 static void __kprobes
214 post_kprobe_handler(struct kprobe_ctlblk *kcb, struct pt_regs *regs)
215 {
216 	struct kprobe *cur = kprobe_running();
217 
218 	if (!cur)
219 		return;
220 
221 	/* return addr restore if non-branching insn */
222 	if (cur->ainsn.api.restore != 0)
223 		regs->epc = cur->ainsn.api.restore;
224 
225 	/* restore back original saved kprobe variables and continue */
226 	if (kcb->kprobe_status == KPROBE_REENTER) {
227 		restore_previous_kprobe(kcb);
228 		return;
229 	}
230 
231 	/* call post handler */
232 	kcb->kprobe_status = KPROBE_HIT_SSDONE;
233 	if (cur->post_handler)	{
234 		/* post_handler can hit breakpoint and single step
235 		 * again, so we enable D-flag for recursive exception.
236 		 */
237 		cur->post_handler(cur, regs, 0);
238 	}
239 
240 	reset_current_kprobe();
241 }
242 
243 int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int trapnr)
244 {
245 	struct kprobe *cur = kprobe_running();
246 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
247 
248 	switch (kcb->kprobe_status) {
249 	case KPROBE_HIT_SS:
250 	case KPROBE_REENTER:
251 		/*
252 		 * We are here because the instruction being single
253 		 * stepped caused a page fault. We reset the current
254 		 * kprobe and the ip points back to the probe address
255 		 * and allow the page fault handler to continue as a
256 		 * normal page fault.
257 		 */
258 		regs->epc = (unsigned long) cur->addr;
259 		BUG_ON(!instruction_pointer(regs));
260 
261 		if (kcb->kprobe_status == KPROBE_REENTER)
262 			restore_previous_kprobe(kcb);
263 		else
264 			reset_current_kprobe();
265 
266 		break;
267 	case KPROBE_HIT_ACTIVE:
268 	case KPROBE_HIT_SSDONE:
269 		/*
270 		 * We increment the nmissed count for accounting,
271 		 * we can also use npre/npostfault count for accounting
272 		 * these specific fault cases.
273 		 */
274 		kprobes_inc_nmissed_count(cur);
275 
276 		/*
277 		 * We come here because instructions in the pre/post
278 		 * handler caused the page_fault, this could happen
279 		 * if handler tries to access user space by
280 		 * copy_from_user(), get_user() etc. Let the
281 		 * user-specified handler try to fix it first.
282 		 */
283 		if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
284 			return 1;
285 
286 		/*
287 		 * In case the user-specified fault handler returned
288 		 * zero, try to fix up.
289 		 */
290 		if (fixup_exception(regs))
291 			return 1;
292 	}
293 	return 0;
294 }
295 
296 bool __kprobes
297 kprobe_breakpoint_handler(struct pt_regs *regs)
298 {
299 	struct kprobe *p, *cur_kprobe;
300 	struct kprobe_ctlblk *kcb;
301 	unsigned long addr = instruction_pointer(regs);
302 
303 	kcb = get_kprobe_ctlblk();
304 	cur_kprobe = kprobe_running();
305 
306 	p = get_kprobe((kprobe_opcode_t *) addr);
307 
308 	if (p) {
309 		if (cur_kprobe) {
310 			if (reenter_kprobe(p, regs, kcb))
311 				return true;
312 		} else {
313 			/* Probe hit */
314 			set_current_kprobe(p);
315 			kcb->kprobe_status = KPROBE_HIT_ACTIVE;
316 
317 			/*
318 			 * If we have no pre-handler or it returned 0, we
319 			 * continue with normal processing.  If we have a
320 			 * pre-handler and it returned non-zero, it will
321 			 * modify the execution path and no need to single
322 			 * stepping. Let's just reset current kprobe and exit.
323 			 *
324 			 * pre_handler can hit a breakpoint and can step thru
325 			 * before return.
326 			 */
327 			if (!p->pre_handler || !p->pre_handler(p, regs))
328 				setup_singlestep(p, regs, kcb, 0);
329 			else
330 				reset_current_kprobe();
331 		}
332 		return true;
333 	}
334 
335 	/*
336 	 * The breakpoint instruction was removed right
337 	 * after we hit it.  Another cpu has removed
338 	 * either a probepoint or a debugger breakpoint
339 	 * at this address.  In either case, no further
340 	 * handling of this interrupt is appropriate.
341 	 * Return back to original instruction, and continue.
342 	 */
343 	return false;
344 }
345 
346 bool __kprobes
347 kprobe_single_step_handler(struct pt_regs *regs)
348 {
349 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
350 
351 	if ((kcb->ss_ctx.ss_pending)
352 	    && (kcb->ss_ctx.match_addr == instruction_pointer(regs))) {
353 		clear_ss_context(kcb);	/* clear pending ss */
354 
355 		kprobes_restore_local_irqflag(kcb, regs);
356 
357 		post_kprobe_handler(kcb, regs);
358 		return true;
359 	}
360 	return false;
361 }
362 
363 /*
364  * Provide a blacklist of symbols identifying ranges which cannot be kprobed.
365  * This blacklist is exposed to userspace via debugfs (kprobes/blacklist).
366  */
367 int __init arch_populate_kprobe_blacklist(void)
368 {
369 	int ret;
370 
371 	ret = kprobe_add_area_blacklist((unsigned long)__irqentry_text_start,
372 					(unsigned long)__irqentry_text_end);
373 	return ret;
374 }
375 
376 void __kprobes __used *trampoline_probe_handler(struct pt_regs *regs)
377 {
378 	return (void *)kretprobe_trampoline_handler(regs, &kretprobe_trampoline, NULL);
379 }
380 
381 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
382 				      struct pt_regs *regs)
383 {
384 	ri->ret_addr = (kprobe_opcode_t *)regs->ra;
385 	ri->fp = NULL;
386 	regs->ra = (unsigned long) &kretprobe_trampoline;
387 }
388 
389 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
390 {
391 	return 0;
392 }
393 
394 int __init arch_init_kprobes(void)
395 {
396 	return 0;
397 }
398