Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 037c10a612e8b7461e33672fb3848807ac6e2346 / . / arch / sh / kernel / kprobes.c
blob: 81a3725e515572610a9be847705d0182ef98fc49 [file] [log] [blame]
Chris Smithd39f5452008-09-05 17:15:39 +0900[diff] [blame]1/*
2 * Kernel probes (kprobes) for SuperH
3 *
4 * Copyright (C) 2007 Chris Smith <chris.smith@st.com>
5 * Copyright (C) 2006 Lineo Solutions, Inc.
6 *
7 * This file is subject to the terms and conditions of the GNU General Public
8 * License. See the file "COPYING" in the main directory of this archive
9 * for more details.
10 */
11#include <linux/kprobes.h>
12#include <linux/module.h>
13#include <linux/ptrace.h>
14#include <linux/preempt.h>
15#include <linux/kdebug.h>
16#include <asm/cacheflush.h>
17#include <asm/uaccess.h>
18
19DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
20DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
21
22static struct kprobe saved_current_opcode;
23static struct kprobe saved_next_opcode;
24static struct kprobe saved_next_opcode2;
25
26#define OPCODE_JMP(x) (((x) & 0xF0FF) == 0x402b)
27#define OPCODE_JSR(x) (((x) & 0xF0FF) == 0x400b)
28#define OPCODE_BRA(x) (((x) & 0xF000) == 0xa000)
29#define OPCODE_BRAF(x) (((x) & 0xF0FF) == 0x0023)
30#define OPCODE_BSR(x) (((x) & 0xF000) == 0xb000)
31#define OPCODE_BSRF(x) (((x) & 0xF0FF) == 0x0003)
32
33#define OPCODE_BF_S(x) (((x) & 0xFF00) == 0x8f00)
34#define OPCODE_BT_S(x) (((x) & 0xFF00) == 0x8d00)
35
36#define OPCODE_BF(x) (((x) & 0xFF00) == 0x8b00)
37#define OPCODE_BT(x) (((x) & 0xFF00) == 0x8900)
38
39#define OPCODE_RTS(x) (((x) & 0x000F) == 0x000b)
40#define OPCODE_RTE(x) (((x) & 0xFFFF) == 0x002b)
41
42int __kprobes arch_prepare_kprobe(struct kprobe *p)
43{
44 kprobe_opcode_t opcode = *(kprobe_opcode_t *) (p->addr);
45
46 if (OPCODE_RTE(opcode))
47 return -EFAULT; /* Bad breakpoint */
48
49 p->opcode = opcode;
50
51 return 0;
52}
53
54void __kprobes arch_copy_kprobe(struct kprobe *p)
55{
56 memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
57 p->opcode = *p->addr;
58}
59
60void __kprobes arch_arm_kprobe(struct kprobe *p)
61{
62 *p->addr = BREAKPOINT_INSTRUCTION;
63 flush_icache_range((unsigned long)p->addr,
64 (unsigned long)p->addr + sizeof(kprobe_opcode_t));
65}
66
67void __kprobes arch_disarm_kprobe(struct kprobe *p)
68{
69 *p->addr = p->opcode;
70 flush_icache_range((unsigned long)p->addr,
71 (unsigned long)p->addr + sizeof(kprobe_opcode_t));
72}
73
74int __kprobes arch_trampoline_kprobe(struct kprobe *p)
75{
76 if (*p->addr == BREAKPOINT_INSTRUCTION)
77 return 1;
78
79 return 0;
80}
81
82/**
83 * If an illegal slot instruction exception occurs for an address
84 * containing a kprobe, remove the probe.
85 *
86 * Returns 0 if the exception was handled successfully, 1 otherwise.
87 */
88int __kprobes kprobe_handle_illslot(unsigned long pc)
89{
90 struct kprobe *p = get_kprobe((kprobe_opcode_t *) pc + 1);
91
92 if (p != NULL) {
93 printk("Warning: removing kprobe from delay slot: 0x%.8x\n",
94 (unsigned int)pc + 2);
95 unregister_kprobe(p);
96 return 0;
97 }
98
99 return 1;
100}
101
102void __kprobes arch_remove_kprobe(struct kprobe *p)
103{
104 if (saved_next_opcode.addr != 0x0) {
105 arch_disarm_kprobe(p);
106 arch_disarm_kprobe(&saved_next_opcode);
107 saved_next_opcode.addr = 0x0;
108 saved_next_opcode.opcode = 0x0;
109
110 if (saved_next_opcode2.addr != 0x0) {
111 arch_disarm_kprobe(&saved_next_opcode2);
112 saved_next_opcode2.addr = 0x0;
113 saved_next_opcode2.opcode = 0x0;
114 }
115 }
116}
117
118static inline void save_previous_kprobe(struct kprobe_ctlblk *kcb)
119{
120 kcb->prev_kprobe.kp = kprobe_running();
121 kcb->prev_kprobe.status = kcb->kprobe_status;
122}
123
124static inline void restore_previous_kprobe(struct kprobe_ctlblk *kcb)
125{
126 __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
127 kcb->kprobe_status = kcb->prev_kprobe.status;
128}
129
130static inline void set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
131 struct kprobe_ctlblk *kcb)
132{
133 __get_cpu_var(current_kprobe) = p;
134}
135
136/*
137 * Singlestep is implemented by disabling the current kprobe and setting one
138 * on the next instruction, following branches. Two probes are set if the
139 * branch is conditional.
140 */
141static inline void prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
142{
143 kprobe_opcode_t *addr = NULL;
144 saved_current_opcode.addr = (kprobe_opcode_t *) (regs->pc);
145 addr = saved_current_opcode.addr;
146
147 if (p != NULL) {
148 arch_disarm_kprobe(p);
149
150 if (OPCODE_JSR(p->opcode) || OPCODE_JMP(p->opcode)) {
151 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F);
152 saved_next_opcode.addr =
153 (kprobe_opcode_t *) regs->regs[reg_nr];
154 } else if (OPCODE_BRA(p->opcode) || OPCODE_BSR(p->opcode)) {
155 unsigned long disp = (p->opcode & 0x0FFF);
156 saved_next_opcode.addr =
157 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
158
159 } else if (OPCODE_BRAF(p->opcode) || OPCODE_BSRF(p->opcode)) {
160 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F);
161 saved_next_opcode.addr =
162 (kprobe_opcode_t *) (regs->pc + 4 +
163 regs->regs[reg_nr]);
164
165 } else if (OPCODE_RTS(p->opcode)) {
166 saved_next_opcode.addr = (kprobe_opcode_t *) regs->pr;
167
168 } else if (OPCODE_BF(p->opcode) || OPCODE_BT(p->opcode)) {
169 unsigned long disp = (p->opcode & 0x00FF);
170 /* case 1 */
171 saved_next_opcode.addr = p->addr + 1;
172 /* case 2 */
173 saved_next_opcode2.addr =
174 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
175 saved_next_opcode2.opcode = *(saved_next_opcode2.addr);
176 arch_arm_kprobe(&saved_next_opcode2);
177
178 } else if (OPCODE_BF_S(p->opcode) || OPCODE_BT_S(p->opcode)) {
179 unsigned long disp = (p->opcode & 0x00FF);
180 /* case 1 */
181 saved_next_opcode.addr = p->addr + 2;
182 /* case 2 */
183 saved_next_opcode2.addr =
184 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
185 saved_next_opcode2.opcode = *(saved_next_opcode2.addr);
186 arch_arm_kprobe(&saved_next_opcode2);
187
188 } else {
189 saved_next_opcode.addr = p->addr + 1;
190 }
191
192 saved_next_opcode.opcode = *(saved_next_opcode.addr);
193 arch_arm_kprobe(&saved_next_opcode);
194 }
195}
196
197/* Called with kretprobe_lock held */
198void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
199 struct pt_regs *regs)
200{
201 ri->ret_addr = (kprobe_opcode_t *) regs->pr;
202
203 /* Replace the return addr with trampoline addr */
204 regs->pr = (unsigned long)kretprobe_trampoline;
205}
206
207static int __kprobes kprobe_handler(struct pt_regs *regs)
208{
209 struct kprobe *p;
210 int ret = 0;
211 kprobe_opcode_t *addr = NULL;
212 struct kprobe_ctlblk *kcb;
213
214 /*
215 * We don't want to be preempted for the entire
216 * duration of kprobe processing
217 */
218 preempt_disable();
219 kcb = get_kprobe_ctlblk();
220
221 addr = (kprobe_opcode_t *) (regs->pc);
222
223 /* Check we're not actually recursing */
224 if (kprobe_running()) {
225 p = get_kprobe(addr);
226 if (p) {
227 if (kcb->kprobe_status == KPROBE_HIT_SS &&
228 *p->ainsn.insn == BREAKPOINT_INSTRUCTION) {
229 goto no_kprobe;
230 }
231 /* We have reentered the kprobe_handler(), since
232 * another probe was hit while within the handler.
233 * We here save the original kprobes variables and
234 * just single step on the instruction of the new probe
235 * without calling any user handlers.
236 */
237 save_previous_kprobe(kcb);
238 set_current_kprobe(p, regs, kcb);
239 kprobes_inc_nmissed_count(p);
240 prepare_singlestep(p, regs);
241 kcb->kprobe_status = KPROBE_REENTER;
242 return 1;
243 } else {
244 p = __get_cpu_var(current_kprobe);
245 if (p->break_handler && p->break_handler(p, regs)) {
246 goto ss_probe;
247 }
248 }
249 goto no_kprobe;
250 }
251
252 p = get_kprobe(addr);
253 if (!p) {
254 /* Not one of ours: let kernel handle it */
255 goto no_kprobe;
256 }
257
258 set_current_kprobe(p, regs, kcb);
259 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
260
261 if (p->pre_handler && p->pre_handler(p, regs))
262 /* handler has already set things up, so skip ss setup */
263 return 1;
264
265 ss_probe:
266 prepare_singlestep(p, regs);
267 kcb->kprobe_status = KPROBE_HIT_SS;
268 return 1;
269
270 no_kprobe:
271 preempt_enable_no_resched();
272 return ret;
273}
274
275/*
276 * For function-return probes, init_kprobes() establishes a probepoint
277 * here. When a retprobed function returns, this probe is hit and
278 * trampoline_probe_handler() runs, calling the kretprobe's handler.
279 */
Paul Mundte7cb0162008-09-08 12:02:17 +0900[diff] [blame]280static void __used kretprobe_trampoline_holder(void)
Chris Smithd39f5452008-09-05 17:15:39 +0900[diff] [blame]281{
282 asm volatile ("kretprobe_trampoline: \n" "nop\n");
283}
284
285/*
286 * Called when we hit the probe point at kretprobe_trampoline
287 */
288int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
289{
290 struct kretprobe_instance *ri = NULL;
291 struct hlist_head *head, empty_rp;
292 struct hlist_node *node, *tmp;
293 unsigned long flags, orig_ret_address = 0;
294 unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
295
296 INIT_HLIST_HEAD(&empty_rp);
297 kretprobe_hash_lock(current, &head, &flags);
298
299 /*
300 * It is possible to have multiple instances associated with a given
301 * task either because an multiple functions in the call path
302 * have a return probe installed on them, and/or more then one return
303 * return probe was registered for a target function.
304 *
305 * We can handle this because:
306 * - instances are always inserted at the head of the list
307 * - when multiple return probes are registered for the same
308 * function, the first instance's ret_addr will point to the
309 * real return address, and all the rest will point to
310 * kretprobe_trampoline
311 */
312 hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
313 if (ri->task != current)
314 /* another task is sharing our hash bucket */
315 continue;
316
317 if (ri->rp && ri->rp->handler) {
318 __get_cpu_var(current_kprobe) = &ri->rp->kp;
319 ri->rp->handler(ri, regs);
320 __get_cpu_var(current_kprobe) = NULL;
321 }
322
323 orig_ret_address = (unsigned long)ri->ret_addr;
324 recycle_rp_inst(ri, &empty_rp);
325
326 if (orig_ret_address != trampoline_address)
327 /*
328 * This is the real return address. Any other
329 * instances associated with this task are for
330 * other calls deeper on the call stack
331 */
332 break;
333 }
334
335 kretprobe_assert(ri, orig_ret_address, trampoline_address);
336
337 regs->pc = orig_ret_address;
338 kretprobe_hash_unlock(current, &flags);
339
340 preempt_enable_no_resched();
341
342 hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
343 hlist_del(&ri->hlist);
344 kfree(ri);
345 }
346
347 return orig_ret_address;
348}
349
350static inline int post_kprobe_handler(struct pt_regs *regs)
351{
352 struct kprobe *cur = kprobe_running();
353 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
354 kprobe_opcode_t *addr = NULL;
355 struct kprobe *p = NULL;
356
357 if (!cur)
358 return 0;
359
360 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
361 kcb->kprobe_status = KPROBE_HIT_SSDONE;
362 cur->post_handler(cur, regs, 0);
363 }
364
365 if (saved_next_opcode.addr != 0x0) {
366 arch_disarm_kprobe(&saved_next_opcode);
367 saved_next_opcode.addr = 0x0;
368 saved_next_opcode.opcode = 0x0;
369
370 addr = saved_current_opcode.addr;
371 saved_current_opcode.addr = 0x0;
372
373 p = get_kprobe(addr);
374 arch_arm_kprobe(p);
375
376 if (saved_next_opcode2.addr != 0x0) {
377 arch_disarm_kprobe(&saved_next_opcode2);
378 saved_next_opcode2.addr = 0x0;
379 saved_next_opcode2.opcode = 0x0;
380 }
381 }
382
383 /*Restore back the original saved kprobes variables and continue. */
384 if (kcb->kprobe_status == KPROBE_REENTER) {
385 restore_previous_kprobe(kcb);
386 goto out;
387 }
388 reset_current_kprobe();
389
390 out:
391 preempt_enable_no_resched();
392
393 return 1;
394}
395
Paul Mundt037c10a2008-09-08 12:22:47 +0900[diff] [blame^]396int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
Chris Smithd39f5452008-09-05 17:15:39 +0900[diff] [blame]397{
398 struct kprobe *cur = kprobe_running();
399 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
400 const struct exception_table_entry *entry;
401
402 switch (kcb->kprobe_status) {
403 case KPROBE_HIT_SS:
404 case KPROBE_REENTER:
405 /*
406 * We are here because the instruction being single
407 * stepped caused a page fault. We reset the current
408 * kprobe, point the pc back to the probe address
409 * and allow the page fault handler to continue as a
410 * normal page fault.
411 */
412 regs->pc = (unsigned long)cur->addr;
413 if (kcb->kprobe_status == KPROBE_REENTER)
414 restore_previous_kprobe(kcb);
415 else
416 reset_current_kprobe();
417 preempt_enable_no_resched();
418 break;
419 case KPROBE_HIT_ACTIVE:
420 case KPROBE_HIT_SSDONE:
421 /*
422 * We increment the nmissed count for accounting,
423 * we can also use npre/npostfault count for accounting
424 * these specific fault cases.
425 */
426 kprobes_inc_nmissed_count(cur);
427
428 /*
429 * We come here because instructions in the pre/post
430 * handler caused the page_fault, this could happen
431 * if handler tries to access user space by
432 * copy_from_user(), get_user() etc. Let the
433 * user-specified handler try to fix it first.
434 */
435 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
436 return 1;
437
438 /*
439 * In case the user-specified fault handler returned
440 * zero, try to fix up.
441 */
442 if ((entry = search_exception_tables(regs->pc)) != NULL) {
443 regs->pc = entry->fixup;
444 return 1;
445 }
446
447 /*
448 * fixup_exception() could not handle it,
449 * Let do_page_fault() fix it.
450 */
451 break;
452 default:
453 break;
454 }
455 return 0;
456}
457
458/*
459 * Wrapper routine to for handling exceptions.
460 */
461int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
462 unsigned long val, void *data)
463{
464 struct kprobe *p = NULL;
465 struct die_args *args = (struct die_args *)data;
466 int ret = NOTIFY_DONE;
467 kprobe_opcode_t *addr = NULL;
468 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
469
470 addr = (kprobe_opcode_t *) (args->regs->pc);
471 if (val == DIE_TRAP) {
472 if (!kprobe_running()) {
473 if (kprobe_handler(args->regs)) {
474 ret = NOTIFY_STOP;
475 } else {
476 /* Not a kprobe trap */
477 force_sig(SIGTRAP, current);
478 }
479 } else {
480 p = get_kprobe(addr);
481 if ((kcb->kprobe_status == KPROBE_HIT_SS) ||
482 (kcb->kprobe_status == KPROBE_REENTER)) {
483 if (post_kprobe_handler(args->regs))
484 ret = NOTIFY_STOP;
485 } else {
486 if (kprobe_handler(args->regs)) {
487 ret = NOTIFY_STOP;
488 } else {
489 p = __get_cpu_var(current_kprobe);
490 if (p->break_handler
491 && p->break_handler(p, args->regs))
492 ret = NOTIFY_STOP;
493 }
494 }
495 }
496 }
497
498 return ret;
499}
500
501int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
502{
503 struct jprobe *jp = container_of(p, struct jprobe, kp);
504 unsigned long addr;
505 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
506
507 kcb->jprobe_saved_regs = *regs;
508 kcb->jprobe_saved_r15 = regs->regs[15];
509 addr = kcb->jprobe_saved_r15;
510
511 /*
512 * TBD: As Linus pointed out, gcc assumes that the callee
513 * owns the argument space and could overwrite it, e.g.
514 * tailcall optimization. So, to be absolutely safe
515 * we also save and restore enough stack bytes to cover
516 * the argument area.
517 */
518 memcpy(kcb->jprobes_stack, (kprobe_opcode_t *) addr,
519 MIN_STACK_SIZE(addr));
520
521 regs->pc = (unsigned long)(jp->entry);
522
523 return 1;
524}
525
526void __kprobes jprobe_return(void)
527{
528 __asm("trapa #-1\n\t" "jprobe_return_end:\n\t" "nop\n\t");
529
530}
531
532int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
533{
534 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
535 u8 *addr = (u8 *) regs->pc;
536 unsigned long stack_addr = kcb->jprobe_saved_r15;
537
538 if ((addr >= (u8 *) jprobe_return)
539 && (addr <= (u8 *) jprobe_return_end)) {
540 *regs = kcb->jprobe_saved_regs;
541
542 memcpy((kprobe_opcode_t *) stack_addr, kcb->jprobes_stack,
543 MIN_STACK_SIZE(stack_addr));
544
545 kcb->kprobe_status = KPROBE_HIT_SS;
546 return 1;
547 }
548 return 0;
549}
550
551static struct kprobe trampoline_p = {
552 .addr = (kprobe_opcode_t *) &kretprobe_trampoline,
553 .pre_handler = trampoline_probe_handler
554};
555
556int __init arch_init_kprobes(void)
557{
558 saved_next_opcode.addr = 0x0;
559 saved_next_opcode.opcode = 0x0;
560
561 saved_current_opcode.addr = 0x0;
562 saved_current_opcode.opcode = 0x0;
563
564 saved_next_opcode2.addr = 0x0;
565 saved_next_opcode2.opcode = 0x0;
566
567 return register_kprobe(&trampoline_p);
568}