1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * User-space Probes (UProbes) for s390 4 * 5 * Copyright IBM Corp. 2014 6 * Author(s): Jan Willeke, 7 */ 8 9 #include <linux/uaccess.h> 10 #include <linux/uprobes.h> 11 #include <linux/compat.h> 12 #include <linux/kdebug.h> 13 #include <linux/sched/task_stack.h> 14 15 #include <asm/switch_to.h> 16 #include <asm/facility.h> 17 #include <asm/kprobes.h> 18 #include <asm/dis.h> 19 #include "entry.h" 20 21 #define UPROBE_TRAP_NR UINT_MAX 22 23 int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, 24 unsigned long addr) 25 { 26 return probe_is_prohibited_opcode(auprobe->insn); 27 } 28 29 int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) 30 { 31 if (psw_bits(regs->psw).eaba == PSW_BITS_AMODE_24BIT) 32 return -EINVAL; 33 if (!is_compat_task() && psw_bits(regs->psw).eaba == PSW_BITS_AMODE_31BIT) 34 return -EINVAL; 35 clear_thread_flag(TIF_PER_TRAP); 36 auprobe->saved_per = psw_bits(regs->psw).per; 37 auprobe->saved_int_code = regs->int_code; 38 regs->int_code = UPROBE_TRAP_NR; 39 regs->psw.addr = current->utask->xol_vaddr; 40 set_tsk_thread_flag(current, TIF_UPROBE_SINGLESTEP); 41 update_cr_regs(current); 42 return 0; 43 } 44 45 bool arch_uprobe_xol_was_trapped(struct task_struct *tsk) 46 { 47 struct pt_regs *regs = task_pt_regs(tsk); 48 49 if (regs->int_code != UPROBE_TRAP_NR) 50 return true; 51 return false; 52 } 53 54 static int check_per_event(unsigned short cause, unsigned long control, 55 struct pt_regs *regs) 56 { 57 if (!(regs->psw.mask & PSW_MASK_PER)) 58 return 0; 59 /* user space single step */ 60 if (control == 0) 61 return 1; 62 /* over indication for storage alteration */ 63 if ((control & 0x20200000) && (cause & 0x2000)) 64 return 1; 65 if (cause & 0x8000) { 66 /* all branches */ 67 if ((control & 0x80800000) == 0x80000000) 68 return 1; 69 /* branch into selected range */ 70 if (((control & 0x80800000) == 0x80800000) && 71 regs->psw.addr >= current->thread.per_user.start && 72 regs->psw.addr <= current->thread.per_user.end) 73 return 1; 74 } 75 return 0; 76 } 77 78 int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) 79 { 80 int fixup = probe_get_fixup_type(auprobe->insn); 81 struct uprobe_task *utask = current->utask; 82 83 clear_tsk_thread_flag(current, TIF_UPROBE_SINGLESTEP); 84 update_cr_regs(current); 85 psw_bits(regs->psw).per = auprobe->saved_per; 86 regs->int_code = auprobe->saved_int_code; 87 88 if (fixup & FIXUP_PSW_NORMAL) 89 regs->psw.addr += utask->vaddr - utask->xol_vaddr; 90 if (fixup & FIXUP_RETURN_REGISTER) { 91 int reg = (auprobe->insn[0] & 0xf0) >> 4; 92 93 regs->gprs[reg] += utask->vaddr - utask->xol_vaddr; 94 } 95 if (fixup & FIXUP_BRANCH_NOT_TAKEN) { 96 int ilen = insn_length(auprobe->insn[0] >> 8); 97 98 if (regs->psw.addr - utask->xol_vaddr == ilen) 99 regs->psw.addr = utask->vaddr + ilen; 100 } 101 if (check_per_event(current->thread.per_event.cause, 102 current->thread.per_user.control, regs)) { 103 /* fix per address */ 104 current->thread.per_event.address = utask->vaddr; 105 /* trigger per event */ 106 set_thread_flag(TIF_PER_TRAP); 107 } 108 return 0; 109 } 110 111 int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, 112 void *data) 113 { 114 struct die_args *args = data; 115 struct pt_regs *regs = args->regs; 116 117 if (!user_mode(regs)) 118 return NOTIFY_DONE; 119 if (regs->int_code & 0x200) /* Trap during transaction */ 120 return NOTIFY_DONE; 121 switch (val) { 122 case DIE_BPT: 123 if (uprobe_pre_sstep_notifier(regs)) 124 return NOTIFY_STOP; 125 break; 126 case DIE_SSTEP: 127 if (uprobe_post_sstep_notifier(regs)) 128 return NOTIFY_STOP; 129 break; 130 default: 131 break; 132 } 133 return NOTIFY_DONE; 134 } 135 136 void arch_uprobe_abort_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) 137 { 138 clear_thread_flag(TIF_UPROBE_SINGLESTEP); 139 regs->int_code = auprobe->saved_int_code; 140 regs->psw.addr = current->utask->vaddr; 141 current->thread.per_event.address = current->utask->vaddr; 142 } 143 144 unsigned long arch_uretprobe_hijack_return_addr(unsigned long trampoline, 145 struct pt_regs *regs) 146 { 147 unsigned long orig; 148 149 orig = regs->gprs[14]; 150 regs->gprs[14] = trampoline; 151 return orig; 152 } 153 154 bool arch_uretprobe_is_alive(struct return_instance *ret, enum rp_check ctx, 155 struct pt_regs *regs) 156 { 157 if (ctx == RP_CHECK_CHAIN_CALL) 158 return user_stack_pointer(regs) <= ret->stack; 159 else 160 return user_stack_pointer(regs) < ret->stack; 161 } 162 163 /* Instruction Emulation */ 164 165 static void adjust_psw_addr(psw_t *psw, unsigned long len) 166 { 167 psw->addr = __rewind_psw(*psw, -len); 168 } 169 170 #define EMU_ILLEGAL_OP 1 171 #define EMU_SPECIFICATION 2 172 #define EMU_ADDRESSING 3 173 174 #define emu_load_ril(ptr, output) \ 175 ({ \ 176 unsigned int mask = sizeof(*(ptr)) - 1; \ 177 __typeof__(*(ptr)) input; \ 178 int __rc = 0; \ 179 \ 180 if (!test_facility(34)) \ 181 __rc = EMU_ILLEGAL_OP; \ 182 else if ((u64 __force)ptr & mask) \ 183 __rc = EMU_SPECIFICATION; \ 184 else if (get_user(input, ptr)) \ 185 __rc = EMU_ADDRESSING; \ 186 else \ 187 *(output) = input; \ 188 __rc; \ 189 }) 190 191 #define emu_store_ril(regs, ptr, input) \ 192 ({ \ 193 unsigned int mask = sizeof(*(ptr)) - 1; \ 194 __typeof__(ptr) __ptr = (ptr); \ 195 int __rc = 0; \ 196 \ 197 if (!test_facility(34)) \ 198 __rc = EMU_ILLEGAL_OP; \ 199 else if ((u64 __force)__ptr & mask) \ 200 __rc = EMU_SPECIFICATION; \ 201 else if (put_user(*(input), __ptr)) \ 202 __rc = EMU_ADDRESSING; \ 203 if (__rc == 0) \ 204 sim_stor_event(regs, \ 205 (void __force *)__ptr, \ 206 mask + 1); \ 207 __rc; \ 208 }) 209 210 #define emu_cmp_ril(regs, ptr, cmp) \ 211 ({ \ 212 unsigned int mask = sizeof(*(ptr)) - 1; \ 213 __typeof__(*(ptr)) input; \ 214 int __rc = 0; \ 215 \ 216 if (!test_facility(34)) \ 217 __rc = EMU_ILLEGAL_OP; \ 218 else if ((u64 __force)ptr & mask) \ 219 __rc = EMU_SPECIFICATION; \ 220 else if (get_user(input, ptr)) \ 221 __rc = EMU_ADDRESSING; \ 222 else if (input > *(cmp)) \ 223 psw_bits((regs)->psw).cc = 1; \ 224 else if (input < *(cmp)) \ 225 psw_bits((regs)->psw).cc = 2; \ 226 else \ 227 psw_bits((regs)->psw).cc = 0; \ 228 __rc; \ 229 }) 230 231 struct insn_ril { 232 u8 opc0; 233 u8 reg : 4; 234 u8 opc1 : 4; 235 s32 disp; 236 } __packed; 237 238 union split_register { 239 u64 u64; 240 u32 u32[2]; 241 u16 u16[4]; 242 s64 s64; 243 s32 s32[2]; 244 s16 s16[4]; 245 }; 246 247 /* 248 * If user per registers are setup to trace storage alterations and an 249 * emulated store took place on a fitting address a user trap is generated. 250 */ 251 static void sim_stor_event(struct pt_regs *regs, void *addr, int len) 252 { 253 if (!(regs->psw.mask & PSW_MASK_PER)) 254 return; 255 if (!(current->thread.per_user.control & PER_EVENT_STORE)) 256 return; 257 if ((void *)current->thread.per_user.start > (addr + len)) 258 return; 259 if ((void *)current->thread.per_user.end < addr) 260 return; 261 current->thread.per_event.address = regs->psw.addr; 262 current->thread.per_event.cause = PER_EVENT_STORE >> 16; 263 set_thread_flag(TIF_PER_TRAP); 264 } 265 266 /* 267 * pc relative instructions are emulated, since parameters may not be 268 * accessible from the xol area due to range limitations. 269 */ 270 static void handle_insn_ril(struct arch_uprobe *auprobe, struct pt_regs *regs) 271 { 272 union split_register *rx; 273 struct insn_ril *insn; 274 unsigned int ilen; 275 void *uptr; 276 int rc = 0; 277 278 insn = (struct insn_ril *) &auprobe->insn; 279 rx = (union split_register *) ®s->gprs[insn->reg]; 280 uptr = (void *)(regs->psw.addr + (insn->disp * 2)); 281 ilen = insn_length(insn->opc0); 282 283 switch (insn->opc0) { 284 case 0xc0: 285 switch (insn->opc1) { 286 case 0x00: /* larl */ 287 rx->u64 = (unsigned long)uptr; 288 break; 289 } 290 break; 291 case 0xc4: 292 switch (insn->opc1) { 293 case 0x02: /* llhrl */ 294 rc = emu_load_ril((u16 __user *)uptr, &rx->u32[1]); 295 break; 296 case 0x04: /* lghrl */ 297 rc = emu_load_ril((s16 __user *)uptr, &rx->u64); 298 break; 299 case 0x05: /* lhrl */ 300 rc = emu_load_ril((s16 __user *)uptr, &rx->u32[1]); 301 break; 302 case 0x06: /* llghrl */ 303 rc = emu_load_ril((u16 __user *)uptr, &rx->u64); 304 break; 305 case 0x08: /* lgrl */ 306 rc = emu_load_ril((u64 __user *)uptr, &rx->u64); 307 break; 308 case 0x0c: /* lgfrl */ 309 rc = emu_load_ril((s32 __user *)uptr, &rx->u64); 310 break; 311 case 0x0d: /* lrl */ 312 rc = emu_load_ril((u32 __user *)uptr, &rx->u32[1]); 313 break; 314 case 0x0e: /* llgfrl */ 315 rc = emu_load_ril((u32 __user *)uptr, &rx->u64); 316 break; 317 case 0x07: /* sthrl */ 318 rc = emu_store_ril(regs, (u16 __user *)uptr, &rx->u16[3]); 319 break; 320 case 0x0b: /* stgrl */ 321 rc = emu_store_ril(regs, (u64 __user *)uptr, &rx->u64); 322 break; 323 case 0x0f: /* strl */ 324 rc = emu_store_ril(regs, (u32 __user *)uptr, &rx->u32[1]); 325 break; 326 } 327 break; 328 case 0xc6: 329 switch (insn->opc1) { 330 case 0x02: /* pfdrl */ 331 if (!test_facility(34)) 332 rc = EMU_ILLEGAL_OP; 333 break; 334 case 0x04: /* cghrl */ 335 rc = emu_cmp_ril(regs, (s16 __user *)uptr, &rx->s64); 336 break; 337 case 0x05: /* chrl */ 338 rc = emu_cmp_ril(regs, (s16 __user *)uptr, &rx->s32[1]); 339 break; 340 case 0x06: /* clghrl */ 341 rc = emu_cmp_ril(regs, (u16 __user *)uptr, &rx->u64); 342 break; 343 case 0x07: /* clhrl */ 344 rc = emu_cmp_ril(regs, (u16 __user *)uptr, &rx->u32[1]); 345 break; 346 case 0x08: /* cgrl */ 347 rc = emu_cmp_ril(regs, (s64 __user *)uptr, &rx->s64); 348 break; 349 case 0x0a: /* clgrl */ 350 rc = emu_cmp_ril(regs, (u64 __user *)uptr, &rx->u64); 351 break; 352 case 0x0c: /* cgfrl */ 353 rc = emu_cmp_ril(regs, (s32 __user *)uptr, &rx->s64); 354 break; 355 case 0x0d: /* crl */ 356 rc = emu_cmp_ril(regs, (s32 __user *)uptr, &rx->s32[1]); 357 break; 358 case 0x0e: /* clgfrl */ 359 rc = emu_cmp_ril(regs, (u32 __user *)uptr, &rx->u64); 360 break; 361 case 0x0f: /* clrl */ 362 rc = emu_cmp_ril(regs, (u32 __user *)uptr, &rx->u32[1]); 363 break; 364 } 365 break; 366 } 367 adjust_psw_addr(®s->psw, ilen); 368 switch (rc) { 369 case EMU_ILLEGAL_OP: 370 regs->int_code = ilen << 16 | 0x0001; 371 do_report_trap(regs, SIGILL, ILL_ILLOPC, NULL); 372 break; 373 case EMU_SPECIFICATION: 374 regs->int_code = ilen << 16 | 0x0006; 375 do_report_trap(regs, SIGILL, ILL_ILLOPC , NULL); 376 break; 377 case EMU_ADDRESSING: 378 regs->int_code = ilen << 16 | 0x0005; 379 do_report_trap(regs, SIGSEGV, SEGV_MAPERR, NULL); 380 break; 381 } 382 } 383 384 bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs) 385 { 386 if ((psw_bits(regs->psw).eaba == PSW_BITS_AMODE_24BIT) || 387 ((psw_bits(regs->psw).eaba == PSW_BITS_AMODE_31BIT) && 388 !is_compat_task())) { 389 regs->psw.addr = __rewind_psw(regs->psw, UPROBE_SWBP_INSN_SIZE); 390 do_report_trap(regs, SIGILL, ILL_ILLADR, NULL); 391 return true; 392 } 393 if (probe_is_insn_relative_long(auprobe->insn)) { 394 handle_insn_ril(auprobe, regs); 395 return true; 396 } 397 return false; 398 } 399