1
2
3
4
5
6#include <linux/kernel.h>
7#include <linux/kprobes.h>
8#include <linux/module.h>
9#include <linux/kdebug.h>
10#include <asm/signal.h>
11#include <asm/cacheflush.h>
12#include <asm/uaccess.h>
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
43DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
44
45struct kretprobe_blackpoint kretprobe_blacklist[] = {{NULL, NULL}};
46
47int __kprobes arch_prepare_kprobe(struct kprobe *p)
48{
49 p->ainsn.insn[0] = *p->addr;
50 flushi(&p->ainsn.insn[0]);
51
52 p->ainsn.insn[1] = BREAKPOINT_INSTRUCTION_2;
53 flushi(&p->ainsn.insn[1]);
54
55 p->opcode = *p->addr;
56 return 0;
57}
58
59void __kprobes arch_arm_kprobe(struct kprobe *p)
60{
61 *p->addr = BREAKPOINT_INSTRUCTION;
62 flushi(p->addr);
63}
64
65void __kprobes arch_disarm_kprobe(struct kprobe *p)
66{
67 *p->addr = p->opcode;
68 flushi(p->addr);
69}
70
71static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
72{
73 kcb->prev_kprobe.kp = kprobe_running();
74 kcb->prev_kprobe.status = kcb->kprobe_status;
75 kcb->prev_kprobe.orig_tnpc = kcb->kprobe_orig_tnpc;
76 kcb->prev_kprobe.orig_tstate_pil = kcb->kprobe_orig_tstate_pil;
77}
78
79static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
80{
81 __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
82 kcb->kprobe_status = kcb->prev_kprobe.status;
83 kcb->kprobe_orig_tnpc = kcb->prev_kprobe.orig_tnpc;
84 kcb->kprobe_orig_tstate_pil = kcb->prev_kprobe.orig_tstate_pil;
85}
86
87static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
88 struct kprobe_ctlblk *kcb)
89{
90 __get_cpu_var(current_kprobe) = p;
91 kcb->kprobe_orig_tnpc = regs->tnpc;
92 kcb->kprobe_orig_tstate_pil = (regs->tstate & TSTATE_PIL);
93}
94
95static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs,
96 struct kprobe_ctlblk *kcb)
97{
98 regs->tstate |= TSTATE_PIL;
99
100
101 if (p->opcode == BREAKPOINT_INSTRUCTION) {
102 regs->tpc = (unsigned long) p->addr;
103 regs->tnpc = kcb->kprobe_orig_tnpc;
104 } else {
105 regs->tpc = (unsigned long) &p->ainsn.insn[0];
106 regs->tnpc = (unsigned long) &p->ainsn.insn[1];
107 }
108}
109
110static int __kprobes kprobe_handler(struct pt_regs *regs)
111{
112 struct kprobe *p;
113 void *addr = (void *) regs->tpc;
114 int ret = 0;
115 struct kprobe_ctlblk *kcb;
116
117
118
119
120
121 preempt_disable();
122 kcb = get_kprobe_ctlblk();
123
124 if (kprobe_running()) {
125 p = get_kprobe(addr);
126 if (p) {
127 if (kcb->kprobe_status == KPROBE_HIT_SS) {
128 regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
129 kcb->kprobe_orig_tstate_pil);
130 goto no_kprobe;
131 }
132
133
134
135
136
137
138 save_previous_kprobe(kcb);
139 set_current_kprobe(p, regs, kcb);
140 kprobes_inc_nmissed_count(p);
141 kcb->kprobe_status = KPROBE_REENTER;
142 prepare_singlestep(p, regs, kcb);
143 return 1;
144 } else {
145 if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
146
147
148
149
150 ret = 1;
151 goto no_kprobe;
152 }
153 p = __get_cpu_var(current_kprobe);
154 if (p->break_handler && p->break_handler(p, regs))
155 goto ss_probe;
156 }
157 goto no_kprobe;
158 }
159
160 p = get_kprobe(addr);
161 if (!p) {
162 if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
163
164
165
166
167
168
169
170 ret = 1;
171 }
172
173 goto no_kprobe;
174 }
175
176 set_current_kprobe(p, regs, kcb);
177 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
178 if (p->pre_handler && p->pre_handler(p, regs))
179 return 1;
180
181ss_probe:
182 prepare_singlestep(p, regs, kcb);
183 kcb->kprobe_status = KPROBE_HIT_SS;
184 return 1;
185
186no_kprobe:
187 preempt_enable_no_resched();
188 return ret;
189}
190
191
192
193
194
195
196
197
198
199static unsigned long __kprobes relbranch_fixup(u32 insn, struct kprobe *p,
200 struct pt_regs *regs)
201{
202 unsigned long real_pc = (unsigned long) p->addr;
203
204
205 if (regs->tnpc == regs->tpc + 0x4UL)
206 return real_pc + 0x8UL;
207
208
209
210
211 if ((insn & 0xc0000000) == 0x40000000 ||
212 (insn & 0xc1c00000) == 0x00400000 ||
213 (insn & 0xc1c00000) == 0x00800000) {
214 unsigned long ainsn_addr;
215
216 ainsn_addr = (unsigned long) &p->ainsn.insn[0];
217
218
219
220
221
222 return (real_pc + (regs->tnpc - ainsn_addr));
223 }
224
225
226
227
228 return regs->tnpc;
229}
230
231
232
233
234static void __kprobes retpc_fixup(struct pt_regs *regs, u32 insn,
235 unsigned long real_pc)
236{
237 unsigned long *slot = NULL;
238
239
240 if ((insn & 0xc0000000) == 0x40000000) {
241 slot = ®s->u_regs[UREG_I7];
242 }
243
244
245 if ((insn & 0xc1f80000) == 0x81c00000) {
246 unsigned long rd = ((insn >> 25) & 0x1f);
247
248 if (rd <= 15) {
249 slot = ®s->u_regs[rd];
250 } else {
251
252 flushw_all();
253
254 rd -= 16;
255 slot = (unsigned long *)
256 (regs->u_regs[UREG_FP] + STACK_BIAS);
257 slot += rd;
258 }
259 }
260 if (slot != NULL)
261 *slot = real_pc;
262}
263
264
265
266
267
268
269
270
271
272
273
274
275static void __kprobes resume_execution(struct kprobe *p,
276 struct pt_regs *regs, struct kprobe_ctlblk *kcb)
277{
278 u32 insn = p->ainsn.insn[0];
279
280 regs->tnpc = relbranch_fixup(insn, p, regs);
281
282
283 regs->tpc = kcb->kprobe_orig_tnpc;
284
285 retpc_fixup(regs, insn, (unsigned long) p->addr);
286
287 regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
288 kcb->kprobe_orig_tstate_pil);
289}
290
291static int __kprobes post_kprobe_handler(struct pt_regs *regs)
292{
293 struct kprobe *cur = kprobe_running();
294 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
295
296 if (!cur)
297 return 0;
298
299 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
300 kcb->kprobe_status = KPROBE_HIT_SSDONE;
301 cur->post_handler(cur, regs, 0);
302 }
303
304 resume_execution(cur, regs, kcb);
305
306
307 if (kcb->kprobe_status == KPROBE_REENTER) {
308 restore_previous_kprobe(kcb);
309 goto out;
310 }
311 reset_current_kprobe();
312out:
313 preempt_enable_no_resched();
314
315 return 1;
316}
317
318int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
319{
320 struct kprobe *cur = kprobe_running();
321 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
322 const struct exception_table_entry *entry;
323
324 switch(kcb->kprobe_status) {
325 case KPROBE_HIT_SS:
326 case KPROBE_REENTER:
327
328
329
330
331
332
333
334 regs->tpc = (unsigned long)cur->addr;
335 regs->tnpc = kcb->kprobe_orig_tnpc;
336 regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
337 kcb->kprobe_orig_tstate_pil);
338 if (kcb->kprobe_status == KPROBE_REENTER)
339 restore_previous_kprobe(kcb);
340 else
341 reset_current_kprobe();
342 preempt_enable_no_resched();
343 break;
344 case KPROBE_HIT_ACTIVE:
345 case KPROBE_HIT_SSDONE:
346
347
348
349
350
351 kprobes_inc_nmissed_count(cur);
352
353
354
355
356
357
358
359
360 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
361 return 1;
362
363
364
365
366
367
368 entry = search_exception_tables(regs->tpc);
369 if (entry) {
370 regs->tpc = entry->fixup;
371 regs->tnpc = regs->tpc + 4;
372 return 1;
373 }
374
375
376
377
378
379 break;
380 default:
381 break;
382 }
383
384 return 0;
385}
386
387
388
389
390int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
391 unsigned long val, void *data)
392{
393 struct die_args *args = (struct die_args *)data;
394 int ret = NOTIFY_DONE;
395
396 if (args->regs && user_mode(args->regs))
397 return ret;
398
399 switch (val) {
400 case DIE_DEBUG:
401 if (kprobe_handler(args->regs))
402 ret = NOTIFY_STOP;
403 break;
404 case DIE_DEBUG_2:
405 if (post_kprobe_handler(args->regs))
406 ret = NOTIFY_STOP;
407 break;
408 default:
409 break;
410 }
411 return ret;
412}
413
414asmlinkage void __kprobes kprobe_trap(unsigned long trap_level,
415 struct pt_regs *regs)
416{
417 BUG_ON(trap_level != 0x170 && trap_level != 0x171);
418
419 if (user_mode(regs)) {
420 local_irq_enable();
421 bad_trap(regs, trap_level);
422 return;
423 }
424
425
426
427
428 if (notify_die((trap_level == 0x170) ? DIE_DEBUG : DIE_DEBUG_2,
429 (trap_level == 0x170) ? "debug" : "debug_2",
430 regs, 0, trap_level, SIGTRAP) != NOTIFY_STOP)
431 bad_trap(regs, trap_level);
432}
433
434
435int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
436{
437 struct jprobe *jp = container_of(p, struct jprobe, kp);
438 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
439
440 memcpy(&(kcb->jprobe_saved_regs), regs, sizeof(*regs));
441
442 regs->tpc = (unsigned long) jp->entry;
443 regs->tnpc = ((unsigned long) jp->entry) + 0x4UL;
444 regs->tstate |= TSTATE_PIL;
445
446 return 1;
447}
448
449void __kprobes jprobe_return(void)
450{
451 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
452 register unsigned long orig_fp asm("g1");
453
454 orig_fp = kcb->jprobe_saved_regs.u_regs[UREG_FP];
455 __asm__ __volatile__("\n"
456"1: cmp %%sp, %0\n\t"
457 "blu,a,pt %%xcc, 1b\n\t"
458 " restore\n\t"
459 ".globl jprobe_return_trap_instruction\n"
460"jprobe_return_trap_instruction:\n\t"
461 "ta 0x70"
462 :
463 : "r" (orig_fp));
464}
465
466extern void jprobe_return_trap_instruction(void);
467
468int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
469{
470 u32 *addr = (u32 *) regs->tpc;
471 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
472
473 if (addr == (u32 *) jprobe_return_trap_instruction) {
474 memcpy(regs, &(kcb->jprobe_saved_regs), sizeof(*regs));
475 preempt_enable_no_resched();
476 return 1;
477 }
478 return 0;
479}
480
481
482
483
484
485
486
487
488
489
490
491
492
493void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
494 struct pt_regs *regs)
495{
496 ri->ret_addr = (kprobe_opcode_t *)(regs->u_regs[UREG_RETPC] + 8);
497
498
499 regs->u_regs[UREG_RETPC] =
500 ((unsigned long)kretprobe_trampoline) - 8;
501}
502
503
504
505
506int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
507{
508 struct kretprobe_instance *ri = NULL;
509 struct hlist_head *head, empty_rp;
510 struct hlist_node *node, *tmp;
511 unsigned long flags, orig_ret_address = 0;
512 unsigned long trampoline_address =(unsigned long)&kretprobe_trampoline;
513
514 INIT_HLIST_HEAD(&empty_rp);
515 kretprobe_hash_lock(current, &head, &flags);
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530 hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
531 if (ri->task != current)
532
533 continue;
534
535 if (ri->rp && ri->rp->handler)
536 ri->rp->handler(ri, regs);
537
538 orig_ret_address = (unsigned long)ri->ret_addr;
539 recycle_rp_inst(ri, &empty_rp);
540
541 if (orig_ret_address != trampoline_address)
542
543
544
545
546
547 break;
548 }
549
550 kretprobe_assert(ri, orig_ret_address, trampoline_address);
551 regs->tpc = orig_ret_address;
552 regs->tnpc = orig_ret_address + 4;
553
554 reset_current_kprobe();
555 kretprobe_hash_unlock(current, &flags);
556 preempt_enable_no_resched();
557
558 hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
559 hlist_del(&ri->hlist);
560 kfree(ri);
561 }
562
563
564
565
566
567 return 1;
568}
569
570void kretprobe_trampoline_holder(void)
571{
572 asm volatile(".global kretprobe_trampoline\n"
573 "kretprobe_trampoline:\n"
574 "\tnop\n"
575 "\tnop\n");
576}
577static struct kprobe trampoline_p = {
578 .addr = (kprobe_opcode_t *) &kretprobe_trampoline,
579 .pre_handler = trampoline_probe_handler
580};
581
582int __init arch_init_kprobes(void)
583{
584 return register_kprobe(&trampoline_p);
585}
586
587int __kprobes arch_trampoline_kprobe(struct kprobe *p)
588{
589 if (p->addr == (kprobe_opcode_t *)&kretprobe_trampoline)
590 return 1;
591
592 return 0;
593}
594