1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Kernel probes (kprobes) for SuperH 4 * 5 * Copyright (C) 2007 Chris Smith <chris.smith@st.com> 6 * Copyright (C) 2006 Lineo Solutions, Inc. 7 */ 8 #include <linux/kprobes.h> 9 #include <linux/extable.h> 10 #include <linux/ptrace.h> 11 #include <linux/preempt.h> 12 #include <linux/kdebug.h> 13 #include <linux/slab.h> 14 #include <asm/cacheflush.h> 15 #include <linux/uaccess.h> 16 17 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; 18 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); 19 20 static DEFINE_PER_CPU(struct kprobe, saved_current_opcode); 21 static DEFINE_PER_CPU(struct kprobe, saved_next_opcode); 22 static DEFINE_PER_CPU(struct kprobe, saved_next_opcode2); 23 24 #define OPCODE_JMP(x) (((x) & 0xF0FF) == 0x402b) 25 #define OPCODE_JSR(x) (((x) & 0xF0FF) == 0x400b) 26 #define OPCODE_BRA(x) (((x) & 0xF000) == 0xa000) 27 #define OPCODE_BRAF(x) (((x) & 0xF0FF) == 0x0023) 28 #define OPCODE_BSR(x) (((x) & 0xF000) == 0xb000) 29 #define OPCODE_BSRF(x) (((x) & 0xF0FF) == 0x0003) 30 31 #define OPCODE_BF_S(x) (((x) & 0xFF00) == 0x8f00) 32 #define OPCODE_BT_S(x) (((x) & 0xFF00) == 0x8d00) 33 34 #define OPCODE_BF(x) (((x) & 0xFF00) == 0x8b00) 35 #define OPCODE_BT(x) (((x) & 0xFF00) == 0x8900) 36 37 #define OPCODE_RTS(x) (((x) & 0x000F) == 0x000b) 38 #define OPCODE_RTE(x) (((x) & 0xFFFF) == 0x002b) 39 40 int __kprobes arch_prepare_kprobe(struct kprobe *p) 41 { 42 kprobe_opcode_t opcode = *(kprobe_opcode_t *) (p->addr); 43 44 if (OPCODE_RTE(opcode)) 45 return -EFAULT; /* Bad breakpoint */ 46 47 memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t)); 48 p->opcode = opcode; 49 50 return 0; 51 } 52 53 void __kprobes arch_arm_kprobe(struct kprobe *p) 54 { 55 *p->addr = BREAKPOINT_INSTRUCTION; 56 flush_icache_range((unsigned long)p->addr, 57 (unsigned long)p->addr + sizeof(kprobe_opcode_t)); 58 } 59 60 void __kprobes arch_disarm_kprobe(struct kprobe *p) 61 { 62 *p->addr = p->opcode; 63 flush_icache_range((unsigned long)p->addr, 64 (unsigned long)p->addr + sizeof(kprobe_opcode_t)); 65 } 66 67 int __kprobes arch_trampoline_kprobe(struct kprobe *p) 68 { 69 if (*p->addr == BREAKPOINT_INSTRUCTION) 70 return 1; 71 72 return 0; 73 } 74 75 /** 76 * If an illegal slot instruction exception occurs for an address 77 * containing a kprobe, remove the probe. 78 * 79 * Returns 0 if the exception was handled successfully, 1 otherwise. 80 */ 81 int __kprobes kprobe_handle_illslot(unsigned long pc) 82 { 83 struct kprobe *p = get_kprobe((kprobe_opcode_t *) pc + 1); 84 85 if (p != NULL) { 86 printk("Warning: removing kprobe from delay slot: 0x%.8x\n", 87 (unsigned int)pc + 2); 88 unregister_kprobe(p); 89 return 0; 90 } 91 92 return 1; 93 } 94 95 void __kprobes arch_remove_kprobe(struct kprobe *p) 96 { 97 struct kprobe *saved = this_cpu_ptr(&saved_next_opcode); 98 99 if (saved->addr) { 100 arch_disarm_kprobe(p); 101 arch_disarm_kprobe(saved); 102 103 saved->addr = NULL; 104 saved->opcode = 0; 105 106 saved = this_cpu_ptr(&saved_next_opcode2); 107 if (saved->addr) { 108 arch_disarm_kprobe(saved); 109 110 saved->addr = NULL; 111 saved->opcode = 0; 112 } 113 } 114 } 115 116 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb) 117 { 118 kcb->prev_kprobe.kp = kprobe_running(); 119 kcb->prev_kprobe.status = kcb->kprobe_status; 120 } 121 122 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb) 123 { 124 __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp); 125 kcb->kprobe_status = kcb->prev_kprobe.status; 126 } 127 128 static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs, 129 struct kprobe_ctlblk *kcb) 130 { 131 __this_cpu_write(current_kprobe, p); 132 } 133 134 /* 135 * Singlestep is implemented by disabling the current kprobe and setting one 136 * on the next instruction, following branches. Two probes are set if the 137 * branch is conditional. 138 */ 139 static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs) 140 { 141 __this_cpu_write(saved_current_opcode.addr, (kprobe_opcode_t *)regs->pc); 142 143 if (p != NULL) { 144 struct kprobe *op1, *op2; 145 146 arch_disarm_kprobe(p); 147 148 op1 = this_cpu_ptr(&saved_next_opcode); 149 op2 = this_cpu_ptr(&saved_next_opcode2); 150 151 if (OPCODE_JSR(p->opcode) || OPCODE_JMP(p->opcode)) { 152 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F); 153 op1->addr = (kprobe_opcode_t *) regs->regs[reg_nr]; 154 } else if (OPCODE_BRA(p->opcode) || OPCODE_BSR(p->opcode)) { 155 unsigned long disp = (p->opcode & 0x0FFF); 156 op1->addr = 157 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2); 158 159 } else if (OPCODE_BRAF(p->opcode) || OPCODE_BSRF(p->opcode)) { 160 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F); 161 op1->addr = 162 (kprobe_opcode_t *) (regs->pc + 4 + 163 regs->regs[reg_nr]); 164 165 } else if (OPCODE_RTS(p->opcode)) { 166 op1->addr = (kprobe_opcode_t *) regs->pr; 167 168 } else if (OPCODE_BF(p->opcode) || OPCODE_BT(p->opcode)) { 169 unsigned long disp = (p->opcode & 0x00FF); 170 /* case 1 */ 171 op1->addr = p->addr + 1; 172 /* case 2 */ 173 op2->addr = 174 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2); 175 op2->opcode = *(op2->addr); 176 arch_arm_kprobe(op2); 177 178 } else if (OPCODE_BF_S(p->opcode) || OPCODE_BT_S(p->opcode)) { 179 unsigned long disp = (p->opcode & 0x00FF); 180 /* case 1 */ 181 op1->addr = p->addr + 2; 182 /* case 2 */ 183 op2->addr = 184 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2); 185 op2->opcode = *(op2->addr); 186 arch_arm_kprobe(op2); 187 188 } else { 189 op1->addr = p->addr + 1; 190 } 191 192 op1->opcode = *(op1->addr); 193 arch_arm_kprobe(op1); 194 } 195 } 196 197 /* Called with kretprobe_lock held */ 198 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, 199 struct pt_regs *regs) 200 { 201 ri->ret_addr = (kprobe_opcode_t *) regs->pr; 202 ri->fp = NULL; 203 204 /* Replace the return addr with trampoline addr */ 205 regs->pr = (unsigned long)__kretprobe_trampoline; 206 } 207 208 static int __kprobes kprobe_handler(struct pt_regs *regs) 209 { 210 struct kprobe *p; 211 int ret = 0; 212 kprobe_opcode_t *addr = NULL; 213 struct kprobe_ctlblk *kcb; 214 215 /* 216 * We don't want to be preempted for the entire 217 * duration of kprobe processing 218 */ 219 preempt_disable(); 220 kcb = get_kprobe_ctlblk(); 221 222 addr = (kprobe_opcode_t *) (regs->pc); 223 224 /* Check we're not actually recursing */ 225 if (kprobe_running()) { 226 p = get_kprobe(addr); 227 if (p) { 228 if (kcb->kprobe_status == KPROBE_HIT_SS && 229 *p->ainsn.insn == BREAKPOINT_INSTRUCTION) { 230 goto no_kprobe; 231 } 232 /* We have reentered the kprobe_handler(), since 233 * another probe was hit while within the handler. 234 * We here save the original kprobes variables and 235 * just single step on the instruction of the new probe 236 * without calling any user handlers. 237 */ 238 save_previous_kprobe(kcb); 239 set_current_kprobe(p, regs, kcb); 240 kprobes_inc_nmissed_count(p); 241 prepare_singlestep(p, regs); 242 kcb->kprobe_status = KPROBE_REENTER; 243 return 1; 244 } 245 goto no_kprobe; 246 } 247 248 p = get_kprobe(addr); 249 if (!p) { 250 /* Not one of ours: let kernel handle it */ 251 if (*(kprobe_opcode_t *)addr != BREAKPOINT_INSTRUCTION) { 252 /* 253 * The breakpoint instruction was removed right 254 * after we hit it. Another cpu has removed 255 * either a probepoint or a debugger breakpoint 256 * at this address. In either case, no further 257 * handling of this interrupt is appropriate. 258 */ 259 ret = 1; 260 } 261 262 goto no_kprobe; 263 } 264 265 set_current_kprobe(p, regs, kcb); 266 kcb->kprobe_status = KPROBE_HIT_ACTIVE; 267 268 if (p->pre_handler && p->pre_handler(p, regs)) { 269 /* handler has already set things up, so skip ss setup */ 270 reset_current_kprobe(); 271 preempt_enable_no_resched(); 272 return 1; 273 } 274 275 prepare_singlestep(p, regs); 276 kcb->kprobe_status = KPROBE_HIT_SS; 277 return 1; 278 279 no_kprobe: 280 preempt_enable_no_resched(); 281 return ret; 282 } 283 284 /* 285 * For function-return probes, init_kprobes() establishes a probepoint 286 * here. When a retprobed function returns, this probe is hit and 287 * trampoline_probe_handler() runs, calling the kretprobe's handler. 288 */ 289 static void __used kretprobe_trampoline_holder(void) 290 { 291 asm volatile (".globl __kretprobe_trampoline\n" 292 "__kretprobe_trampoline:\n\t" 293 "nop\n"); 294 } 295 296 /* 297 * Called when we hit the probe point at __kretprobe_trampoline 298 */ 299 int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs) 300 { 301 regs->pc = __kretprobe_trampoline_handler(regs, NULL); 302 303 return 1; 304 } 305 306 static int __kprobes post_kprobe_handler(struct pt_regs *regs) 307 { 308 struct kprobe *cur = kprobe_running(); 309 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 310 kprobe_opcode_t *addr = NULL; 311 struct kprobe *p = NULL; 312 313 if (!cur) 314 return 0; 315 316 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) { 317 kcb->kprobe_status = KPROBE_HIT_SSDONE; 318 cur->post_handler(cur, regs, 0); 319 } 320 321 p = this_cpu_ptr(&saved_next_opcode); 322 if (p->addr) { 323 arch_disarm_kprobe(p); 324 p->addr = NULL; 325 p->opcode = 0; 326 327 addr = __this_cpu_read(saved_current_opcode.addr); 328 __this_cpu_write(saved_current_opcode.addr, NULL); 329 330 p = get_kprobe(addr); 331 arch_arm_kprobe(p); 332 333 p = this_cpu_ptr(&saved_next_opcode2); 334 if (p->addr) { 335 arch_disarm_kprobe(p); 336 p->addr = NULL; 337 p->opcode = 0; 338 } 339 } 340 341 /* Restore back the original saved kprobes variables and continue. */ 342 if (kcb->kprobe_status == KPROBE_REENTER) { 343 restore_previous_kprobe(kcb); 344 goto out; 345 } 346 347 reset_current_kprobe(); 348 349 out: 350 preempt_enable_no_resched(); 351 352 return 1; 353 } 354 355 int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr) 356 { 357 struct kprobe *cur = kprobe_running(); 358 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 359 const struct exception_table_entry *entry; 360 361 switch (kcb->kprobe_status) { 362 case KPROBE_HIT_SS: 363 case KPROBE_REENTER: 364 /* 365 * We are here because the instruction being single 366 * stepped caused a page fault. We reset the current 367 * kprobe, point the pc back to the probe address 368 * and allow the page fault handler to continue as a 369 * normal page fault. 370 */ 371 regs->pc = (unsigned long)cur->addr; 372 if (kcb->kprobe_status == KPROBE_REENTER) 373 restore_previous_kprobe(kcb); 374 else 375 reset_current_kprobe(); 376 preempt_enable_no_resched(); 377 break; 378 case KPROBE_HIT_ACTIVE: 379 case KPROBE_HIT_SSDONE: 380 /* 381 * In case the user-specified fault handler returned 382 * zero, try to fix up. 383 */ 384 if ((entry = search_exception_tables(regs->pc)) != NULL) { 385 regs->pc = entry->fixup; 386 return 1; 387 } 388 389 /* 390 * fixup_exception() could not handle it, 391 * Let do_page_fault() fix it. 392 */ 393 break; 394 default: 395 break; 396 } 397 398 return 0; 399 } 400 401 /* 402 * Wrapper routine to for handling exceptions. 403 */ 404 int __kprobes kprobe_exceptions_notify(struct notifier_block *self, 405 unsigned long val, void *data) 406 { 407 struct kprobe *p = NULL; 408 struct die_args *args = (struct die_args *)data; 409 int ret = NOTIFY_DONE; 410 kprobe_opcode_t *addr = NULL; 411 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); 412 413 addr = (kprobe_opcode_t *) (args->regs->pc); 414 if (val == DIE_TRAP && 415 args->trapnr == (BREAKPOINT_INSTRUCTION & 0xff)) { 416 if (!kprobe_running()) { 417 if (kprobe_handler(args->regs)) { 418 ret = NOTIFY_STOP; 419 } else { 420 /* Not a kprobe trap */ 421 ret = NOTIFY_DONE; 422 } 423 } else { 424 p = get_kprobe(addr); 425 if ((kcb->kprobe_status == KPROBE_HIT_SS) || 426 (kcb->kprobe_status == KPROBE_REENTER)) { 427 if (post_kprobe_handler(args->regs)) 428 ret = NOTIFY_STOP; 429 } else { 430 if (kprobe_handler(args->regs)) 431 ret = NOTIFY_STOP; 432 } 433 } 434 } 435 436 return ret; 437 } 438 439 static struct kprobe trampoline_p = { 440 .addr = (kprobe_opcode_t *)&__kretprobe_trampoline, 441 .pre_handler = trampoline_probe_handler 442 }; 443 444 int __init arch_init_kprobes(void) 445 { 446 return register_kprobe(&trampoline_p); 447 } 448