1 /* 2 * Kernel probes (kprobes) for SuperH 3 * 4 * Copyright (C) 2007 Chris Smith <chris.smith@st.com> 5 * Copyright (C) 2006 Lineo Solutions, Inc. 6 * 7 * This file is subject to the terms and conditions of the GNU General Public 8 * License. See the file "COPYING" in the main directory of this archive 9 * for more details. 10 */ 11 #include <linux/kprobes.h> 12 #include <linux/extable.h> 13 #include <linux/ptrace.h> 14 #include <linux/preempt.h> 15 #include <linux/kdebug.h> 16 #include <linux/slab.h> 17 #include <asm/cacheflush.h> 18 #include <linux/uaccess.h> 19 20 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; 21 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); 22 23 static DEFINE_PER_CPU(struct kprobe, saved_current_opcode); 24 static DEFINE_PER_CPU(struct kprobe, saved_next_opcode); 25 static DEFINE_PER_CPU(struct kprobe, saved_next_opcode2); 26 27 #define OPCODE_JMP(x) (((x) & 0xF0FF) == 0x402b) 28 #define OPCODE_JSR(x) (((x) & 0xF0FF) == 0x400b) 29 #define OPCODE_BRA(x) (((x) & 0xF000) == 0xa000) 30 #define OPCODE_BRAF(x) (((x) & 0xF0FF) == 0x0023) 31 #define OPCODE_BSR(x) (((x) & 0xF000) == 0xb000) 32 #define OPCODE_BSRF(x) (((x) & 0xF0FF) == 0x0003) 33 34 #define OPCODE_BF_S(x) (((x) & 0xFF00) == 0x8f00) 35 #define OPCODE_BT_S(x) (((x) & 0xFF00) == 0x8d00) 36 37 #define OPCODE_BF(x) (((x) & 0xFF00) == 0x8b00) 38 #define OPCODE_BT(x) (((x) & 0xFF00) == 0x8900) 39 40 #define OPCODE_RTS(x) (((x) & 0x000F) == 0x000b) 41 #define OPCODE_RTE(x) (((x) & 0xFFFF) == 0x002b) 42 43 int __kprobes arch_prepare_kprobe(struct kprobe *p) 44 { 45 kprobe_opcode_t opcode = *(kprobe_opcode_t *) (p->addr); 46 47 if (OPCODE_RTE(opcode)) 48 return -EFAULT; /* Bad breakpoint */ 49 50 p->opcode = opcode; 51 52 return 0; 53 } 54 55 void __kprobes arch_copy_kprobe(struct kprobe *p) 56 { 57 memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t)); 58 p->opcode = *p->addr; 59 } 60 61 void __kprobes arch_arm_kprobe(struct kprobe *p) 62 { 63 *p->addr = BREAKPOINT_INSTRUCTION; 64 flush_icache_range((unsigned long)p->addr, 65 (unsigned long)p->addr + sizeof(kprobe_opcode_t)); 66 } 67 68 void __kprobes arch_disarm_kprobe(struct kprobe *p) 69 { 70 *p->addr = p->opcode; 71 flush_icache_range((unsigned long)p->addr, 72 (unsigned long)p->addr + sizeof(kprobe_opcode_t)); 73 } 74 75 int __kprobes arch_trampoline_kprobe(struct kprobe *p) 76 { 77 if (*p->addr == BREAKPOINT_INSTRUCTION) 78 return 1; 79 80 return 0; 81 } 82 83 /** 84 * If an illegal slot instruction exception occurs for an address 85 * containing a kprobe, remove the probe. 86 * 87 * Returns 0 if the exception was handled successfully, 1 otherwise. 88 */ 89 int __kprobes kprobe_handle_illslot(unsigned long pc) 90 { 91 struct kprobe *p = get_kprobe((kprobe_opcode_t *) pc + 1); 92 93 if (p != NULL) { 94 printk("Warning: removing kprobe from delay slot: 0x%.8x\n", 95 (unsigned int)pc + 2); 96 unregister_kprobe(p); 97 return 0; 98 } 99 100 return 1; 101 } 102 103 void __kprobes arch_remove_kprobe(struct kprobe *p) 104 { 105 struct kprobe *saved = this_cpu_ptr(&saved_next_opcode); 106 107 if (saved->addr) { 108 arch_disarm_kprobe(p); 109 arch_disarm_kprobe(saved); 110 111 saved->addr = NULL; 112 saved->opcode = 0; 113 114 saved = this_cpu_ptr(&saved_next_opcode2); 115 if (saved->addr) { 116 arch_disarm_kprobe(saved); 117 118 saved->addr = NULL; 119 saved->opcode = 0; 120 } 121 } 122 } 123 124 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb) 125 { 126 kcb->prev_kprobe.kp = kprobe_running(); 127 kcb->prev_kprobe.status = kcb->kprobe_status; 128 } 129 130 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb) 131 { 132 __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp); 133 kcb->kprobe_status = kcb->prev_kprobe.status; 134 } 135 136 static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs, 137 struct kprobe_ctlblk *kcb) 138 { 139 __this_cpu_write(current_kprobe, p); 140 } 141 142 /* 143 * Singlestep is implemented by disabling the current kprobe and setting one 144 * on the next instruction, following branches. Two probes are set if the 145 * branch is conditional. 146 */ 147 static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs) 148 { 149 __this_cpu_write(saved_current_opcode.addr, (kprobe_opcode_t *)regs->pc); 150 151 if (p != NULL) { 152 struct kprobe *op1, *op2; 153 154 arch_disarm_kprobe(p); 155 156 op1 = this_cpu_ptr(&saved_next_opcode); 157 op2 = this_cpu_ptr(&saved_next_opcode2); 158 159 if (OPCODE_JSR(p->opcode) || OPCODE_JMP(p->opcode)) { 160 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F); 161 op1->addr = (kprobe_opcode_t *) regs->regs[reg_nr]; 162 } else if (OPCODE_BRA(p->opcode) || OPCODE_BSR(p->opcode)) { 163 unsigned long disp = (p->opcode & 0x0FFF); 164 op1->addr = 165 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2); 166 167 } else if (OPCODE_BRAF(p->opcode) || OPCODE_BSRF(p->opcode)) { 168 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F); 169 op1->addr = 170 (kprobe_opcode_t *) (regs->pc + 4 + 171 regs->regs[reg_nr]); 172 173 } else if (OPCODE_RTS(p->opcode)) { 174 op1->addr = (kprobe_opcode_t *) regs->pr; 175 176 } else if (OPCODE_BF(p->opcode) || OPCODE_BT(p->opcode)) { 177 unsigned long disp = (p->opcode & 0x00FF); 178 /* case 1 */ 179 op1->addr = p->addr + 1; 180 /* case 2 */ 181 op2->addr = 182 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2); 183 op2->opcode = *(op2->addr); 184 arch_arm_kprobe(op2); 185 186 } else if (OPCODE_BF_S(p->opcode) || OPCODE_BT_S(p->opcode)) { 187 unsigned long disp = (p->opcode & 0x00FF); 188 /* case 1 */ 189 op1->addr = p->addr + 2; 190 /* case 2 */ 191 op2->addr = 192 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2); 193 op2->opcode = *(op2->addr); 194 arch_arm_kprobe(op2); 195 196 } else { 197 op1->addr = p->addr + 1; 198 } 199 200 op1->opcode = *(op1->addr); 201 arch_arm_kprobe(op1); 202 } 203 } 204 205 /* Called with kretprobe_lock held */ 206 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, 207 struct pt_regs *regs) 208 { 209 ri->ret_addr = (kprobe_opcode_t *) regs->pr; 210 211 /* Replace the return addr with trampoline addr */ 212 regs->pr = (unsigned long)kretprobe_trampoline; 213 } 214 215 static int __kprobes kprobe_handler(struct pt_regs *regs) 216 { 217 struct kprobe *p; 218 int ret = 0; 219 kprobe_opcode_t *addr = NULL; 220 struct kprobe_ctlblk *kcb; 221 222 /* 223 * We don't want to be preempted for the entire 224 * duration of kprobe processing 225 */ 226 preempt_disable(); 227 kcb = get_kprobe_ctlblk(); 228 229 addr = (kprobe_opcode_t *) (regs->pc); 230 231 /* Check we're not actually recursing */ 232 if (kprobe_running()) { 233 p = get_kprobe(addr); 234 if (p) { 235 if (kcb->kprobe_status == KPROBE_HIT_SS && 236 *p->ainsn.insn == BREAKPOINT_INSTRUCTION) { 237 goto no_kprobe; 238 } 239 /* We have reentered the kprobe_handler(), since 240 * another probe was hit while within the handler. 241 * We here save the original kprobes variables and 242 * just single step on the instruction of the new probe 243 * without calling any user handlers. 244 */ 245 save_previous_kprobe(kcb); 246 set_current_kprobe(p, regs, kcb); 247 kprobes_inc_nmissed_count(p); 248 prepare_singlestep(p, regs); 249 kcb->kprobe_status = KPROBE_REENTER; 250 return 1; 251 } 252 goto no_kprobe; 253 } 254 255 p = get_kprobe(addr); 256 if (!p) { 257 /* Not one of ours: let kernel handle it */ 258 if (*(kprobe_opcode_t *)addr != BREAKPOINT_INSTRUCTION) { 259 /* 260 * The breakpoint instruction was removed right 261 * after we hit it. Another cpu has removed 262 * either a probepoint or a debugger breakpoint 263 * at this address. In either case, no further 264 * handling of this interrupt is appropriate. 265 */ 266 ret = 1; 267 } 268 269 goto no_kprobe; 270 } 271 272 set_current_kprobe(p, regs, kcb); 273 kcb->kprobe_status = KPROBE_HIT_ACTIVE; 274 275 if (p->pre_handler && p->pre_handler(p, regs)) { 276 /* handler has already set things up, so skip ss setup */ 277 reset_current_kprobe(); 278 preempt_enable_no_resched(); 279 return 1; 280 } 281 282 prepare_singlestep(p, regs); 283 kcb->kprobe_status = KPROBE_HIT_SS; 284 return 1; 285 286 no_kprobe: 287 preempt_enable_no_resched(); 288 return ret; 289 } 290 291 /* 292 * For function-return probes, init_kprobes() establishes a probepoint 293 * here. When a retprobed function returns, this probe is hit and 294 * trampoline_probe_handler() runs, calling the kretprobe's handler. 295 */ 296 static void __used kretprobe_trampoline_holder(void) 297 { 298 asm volatile (".globl kretprobe_trampoline\n" 299 "kretprobe_trampoline:\n\t" 300 "nop\n"); 301 } 302 303 /* 304 * Called when we hit the probe point at kretprobe_trampoline 305 */ 306 int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs) 307 { 308 struct kretprobe_instance *ri = NULL; 309 struct hlist_head *head, empty_rp; 310 struct hlist_node *tmp; 311 unsigned long flags, orig_ret_address = 0; 312 unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline; 313 314 INIT_HLIST_HEAD(&empty_rp); 315 kretprobe_hash_lock(current, &head, &flags); 316 317 /* 318 * It is possible to have multiple instances associated with a given 319 * task either because an multiple functions in the call path 320 * have a return probe installed on them, and/or more then one return 321 * return probe was registered for a target function. 322 * 323 * We can handle this because: 324 * - instances are always inserted at the head of the list 325 * - when multiple return probes are registered for the same 326 * function, the first instance's ret_addr will point to the 327 * real return address, and all the rest will point to 328 * kretprobe_trampoline 329 */ 330 hlist_for_each_entry_safe(ri, tmp, head, hlist) { 331 if (ri->task != current) 332 /* another task is sharing our hash bucket */ 333 continue; 334 335 if (ri->rp && ri->rp->handler) { 336 __this_cpu_write(current_kprobe, &ri->rp->kp); 337 ri->rp->handler(ri, regs); 338 __this_cpu_write(current_kprobe, NULL); 339 } 340 341 orig_ret_address = (unsigned long)ri->ret_addr; 342 recycle_rp_inst(ri, &empty_rp); 343 344 if (orig_ret_address != trampoline_address) 345 /* 346 * This is the real return address. Any other 347 * instances associated with this task are for 348 * other calls deeper on the call stack 349 */ 350 break; 351 } 352 353 kretprobe_assert(ri, orig_ret_address, trampoline_address); 354 355 regs->pc = orig_ret_address; 356 kretprobe_hash_unlock(current, &flags); 357 358 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { 359 hlist_del(&ri->hlist); 360 kfree(ri); 361 } 362 363 return orig_ret_address; 364 } 365 366 static int __kprobes post_kprobe_handler(struct pt_regs *regs) 367 { 368 struct kprobe *cur = kprobe_running(); 369 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 370 kprobe_opcode_t *addr = NULL; 371 struct kprobe *p = NULL; 372 373 if (!cur) 374 return 0; 375 376 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) { 377 kcb->kprobe_status = KPROBE_HIT_SSDONE; 378 cur->post_handler(cur, regs, 0); 379 } 380 381 p = this_cpu_ptr(&saved_next_opcode); 382 if (p->addr) { 383 arch_disarm_kprobe(p); 384 p->addr = NULL; 385 p->opcode = 0; 386 387 addr = __this_cpu_read(saved_current_opcode.addr); 388 __this_cpu_write(saved_current_opcode.addr, NULL); 389 390 p = get_kprobe(addr); 391 arch_arm_kprobe(p); 392 393 p = this_cpu_ptr(&saved_next_opcode2); 394 if (p->addr) { 395 arch_disarm_kprobe(p); 396 p->addr = NULL; 397 p->opcode = 0; 398 } 399 } 400 401 /* Restore back the original saved kprobes variables and continue. */ 402 if (kcb->kprobe_status == KPROBE_REENTER) { 403 restore_previous_kprobe(kcb); 404 goto out; 405 } 406 407 reset_current_kprobe(); 408 409 out: 410 preempt_enable_no_resched(); 411 412 return 1; 413 } 414 415 int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr) 416 { 417 struct kprobe *cur = kprobe_running(); 418 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 419 const struct exception_table_entry *entry; 420 421 switch (kcb->kprobe_status) { 422 case KPROBE_HIT_SS: 423 case KPROBE_REENTER: 424 /* 425 * We are here because the instruction being single 426 * stepped caused a page fault. We reset the current 427 * kprobe, point the pc back to the probe address 428 * and allow the page fault handler to continue as a 429 * normal page fault. 430 */ 431 regs->pc = (unsigned long)cur->addr; 432 if (kcb->kprobe_status == KPROBE_REENTER) 433 restore_previous_kprobe(kcb); 434 else 435 reset_current_kprobe(); 436 preempt_enable_no_resched(); 437 break; 438 case KPROBE_HIT_ACTIVE: 439 case KPROBE_HIT_SSDONE: 440 /* 441 * We increment the nmissed count for accounting, 442 * we can also use npre/npostfault count for accounting 443 * these specific fault cases. 444 */ 445 kprobes_inc_nmissed_count(cur); 446 447 /* 448 * We come here because instructions in the pre/post 449 * handler caused the page_fault, this could happen 450 * if handler tries to access user space by 451 * copy_from_user(), get_user() etc. Let the 452 * user-specified handler try to fix it first. 453 */ 454 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr)) 455 return 1; 456 457 /* 458 * In case the user-specified fault handler returned 459 * zero, try to fix up. 460 */ 461 if ((entry = search_exception_tables(regs->pc)) != NULL) { 462 regs->pc = entry->fixup; 463 return 1; 464 } 465 466 /* 467 * fixup_exception() could not handle it, 468 * Let do_page_fault() fix it. 469 */ 470 break; 471 default: 472 break; 473 } 474 475 return 0; 476 } 477 478 /* 479 * Wrapper routine to for handling exceptions. 480 */ 481 int __kprobes kprobe_exceptions_notify(struct notifier_block *self, 482 unsigned long val, void *data) 483 { 484 struct kprobe *p = NULL; 485 struct die_args *args = (struct die_args *)data; 486 int ret = NOTIFY_DONE; 487 kprobe_opcode_t *addr = NULL; 488 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 489 490 addr = (kprobe_opcode_t *) (args->regs->pc); 491 if (val == DIE_TRAP) { 492 if (!kprobe_running()) { 493 if (kprobe_handler(args->regs)) { 494 ret = NOTIFY_STOP; 495 } else { 496 /* Not a kprobe trap */ 497 ret = NOTIFY_DONE; 498 } 499 } else { 500 p = get_kprobe(addr); 501 if ((kcb->kprobe_status == KPROBE_HIT_SS) || 502 (kcb->kprobe_status == KPROBE_REENTER)) { 503 if (post_kprobe_handler(args->regs)) 504 ret = NOTIFY_STOP; 505 } else { 506 if (kprobe_handler(args->regs)) 507 ret = NOTIFY_STOP; 508 } 509 } 510 } 511 512 return ret; 513 } 514 515 static struct kprobe trampoline_p = { 516 .addr = (kprobe_opcode_t *)&kretprobe_trampoline, 517 .pre_handler = trampoline_probe_handler 518 }; 519 520 int __init arch_init_kprobes(void) 521 { 522 return register_kprobe(&trampoline_p); 523 } 524