LXR linux/arch/arc/kernel/kprobes.c

   1/*
   2 * Copyright (C) 2004, 2007-2010, 2011-2012 Synopsys, Inc. (www.synopsys.com)
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 */
   8
   9#include <linux/types.h>
  10#include <linux/kprobes.h>
  11#include <linux/slab.h>
  12#include <linux/module.h>
  13#include <linux/kdebug.h>
  14#include <linux/sched.h>
  15#include <linux/uaccess.h>
  16#include <asm/cacheflush.h>
  17#include <asm/current.h>
  18#include <asm/disasm.h>
  19
  20#define MIN_STACK_SIZE(addr)    min((unsigned long)MAX_STACK_SIZE, \
  21                (unsigned long)current_thread_info() + THREAD_SIZE - (addr))
  22
  23DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
  24DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
  25
  26int __kprobes arch_prepare_kprobe(struct kprobe *p)
  27{
  28        /* Attempt to probe at unaligned address */
  29        if ((unsigned long)p->addr & 0x01)
  30                return -EINVAL;
  31
  32        /* Address should not be in exception handling code */
  33
  34        p->ainsn.is_short = is_short_instr((unsigned long)p->addr);
  35        p->opcode = *p->addr;
  36
  37        return 0;
  38}
  39
  40void __kprobes arch_arm_kprobe(struct kprobe *p)
  41{
  42        *p->addr = UNIMP_S_INSTRUCTION;
  43
  44        flush_icache_range((unsigned long)p->addr,
  45                           (unsigned long)p->addr + sizeof(kprobe_opcode_t));
  46}
  47
  48void __kprobes arch_disarm_kprobe(struct kprobe *p)
  49{
  50        *p->addr = p->opcode;
  51
  52        flush_icache_range((unsigned long)p->addr,
  53                           (unsigned long)p->addr + sizeof(kprobe_opcode_t));
  54}
  55
  56void __kprobes arch_remove_kprobe(struct kprobe *p)
  57{
  58        arch_disarm_kprobe(p);
  59
  60        /* Can we remove the kprobe in the middle of kprobe handling? */
  61        if (p->ainsn.t1_addr) {
  62                *(p->ainsn.t1_addr) = p->ainsn.t1_opcode;
  63
  64                flush_icache_range((unsigned long)p->ainsn.t1_addr,
  65                                   (unsigned long)p->ainsn.t1_addr +
  66                                   sizeof(kprobe_opcode_t));
  67
  68                p->ainsn.t1_addr = NULL;
  69        }
  70
  71        if (p->ainsn.t2_addr) {
  72                *(p->ainsn.t2_addr) = p->ainsn.t2_opcode;
  73
  74                flush_icache_range((unsigned long)p->ainsn.t2_addr,
  75                                   (unsigned long)p->ainsn.t2_addr +
  76                                   sizeof(kprobe_opcode_t));
  77
  78                p->ainsn.t2_addr = NULL;
  79        }
  80}
  81
  82static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
  83{
  84        kcb->prev_kprobe.kp = kprobe_running();
  85        kcb->prev_kprobe.status = kcb->kprobe_status;
  86}
  87
  88static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
  89{
  90        __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
  91        kcb->kprobe_status = kcb->prev_kprobe.status;
  92}
  93
  94static inline void __kprobes set_current_kprobe(struct kprobe *p)
  95{
  96        __this_cpu_write(current_kprobe, p);
  97}
  98
  99static void __kprobes resume_execution(struct kprobe *p, unsigned long addr,
 100                                       struct pt_regs *regs)
 101{
 102        /* Remove the trap instructions inserted for single step and
 103         * restore the original instructions
 104         */
 105        if (p->ainsn.t1_addr) {
 106                *(p->ainsn.t1_addr) = p->ainsn.t1_opcode;
 107
 108                flush_icache_range((unsigned long)p->ainsn.t1_addr,
 109                                   (unsigned long)p->ainsn.t1_addr +
 110                                   sizeof(kprobe_opcode_t));
 111
 112                p->ainsn.t1_addr = NULL;
 113        }
 114
 115        if (p->ainsn.t2_addr) {
 116                *(p->ainsn.t2_addr) = p->ainsn.t2_opcode;
 117
 118                flush_icache_range((unsigned long)p->ainsn.t2_addr,
 119                                   (unsigned long)p->ainsn.t2_addr +
 120                                   sizeof(kprobe_opcode_t));
 121
 122                p->ainsn.t2_addr = NULL;
 123        }
 124
 125        return;
 126}
 127
 128static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs)
 129{
 130        unsigned long next_pc;
 131        unsigned long tgt_if_br = 0;
 132        int is_branch;
 133        unsigned long bta;
 134
 135        /* Copy the opcode back to the kprobe location and execute the
 136         * instruction. Because of this we will not be able to get into the
 137         * same kprobe until this kprobe is done
 138         */
 139        *(p->addr) = p->opcode;
 140
 141        flush_icache_range((unsigned long)p->addr,
 142                           (unsigned long)p->addr + sizeof(kprobe_opcode_t));
 143
 144        /* Now we insert the trap at the next location after this instruction to
 145         * single step. If it is a branch we insert the trap at possible branch
 146         * targets
 147         */
 148
 149        bta = regs->bta;
 150
 151        if (regs->status32 & 0x40) {
 152                /* We are in a delay slot with the branch taken */
 153
 154                next_pc = bta & ~0x01;
 155
 156                if (!p->ainsn.is_short) {
 157                        if (bta & 0x01)
 158                                regs->blink += 2;
 159                        else {
 160                                /* Branch not taken */
 161                                next_pc += 2;
 162
 163                                /* next pc is taken from bta after executing the
 164                                 * delay slot instruction
 165                                 */
 166                                regs->bta += 2;
 167                        }
 168                }
 169
 170                is_branch = 0;
 171        } else
 172                is_branch =
 173                    disasm_next_pc((unsigned long)p->addr, regs,
 174                        (struct callee_regs *) current->thread.callee_reg,
 175                        &next_pc, &tgt_if_br);
 176
 177        p->ainsn.t1_addr = (kprobe_opcode_t *) next_pc;
 178        p->ainsn.t1_opcode = *(p->ainsn.t1_addr);
 179        *(p->ainsn.t1_addr) = TRAP_S_2_INSTRUCTION;
 180
 181        flush_icache_range((unsigned long)p->ainsn.t1_addr,
 182                           (unsigned long)p->ainsn.t1_addr +
 183                           sizeof(kprobe_opcode_t));
 184
 185        if (is_branch) {
 186                p->ainsn.t2_addr = (kprobe_opcode_t *) tgt_if_br;
 187                p->ainsn.t2_opcode = *(p->ainsn.t2_addr);
 188                *(p->ainsn.t2_addr) = TRAP_S_2_INSTRUCTION;
 189
 190                flush_icache_range((unsigned long)p->ainsn.t2_addr,
 191                                   (unsigned long)p->ainsn.t2_addr +
 192                                   sizeof(kprobe_opcode_t));
 193        }
 194}
 195
 196int __kprobes arc_kprobe_handler(unsigned long addr, struct pt_regs *regs)
 197{
 198        struct kprobe *p;
 199        struct kprobe_ctlblk *kcb;
 200
 201        preempt_disable();
 202
 203        kcb = get_kprobe_ctlblk();
 204        p = get_kprobe((unsigned long *)addr);
 205
 206        if (p) {
 207                /*
 208                 * We have reentered the kprobe_handler, since another kprobe
 209                 * was hit while within the handler, we save the original
 210                 * kprobes and single step on the instruction of the new probe
 211                 * without calling any user handlers to avoid recursive
 212                 * kprobes.
 213                 */
 214                if (kprobe_running()) {
 215                        save_previous_kprobe(kcb);
 216                        set_current_kprobe(p);
 217                        kprobes_inc_nmissed_count(p);
 218                        setup_singlestep(p, regs);
 219                        kcb->kprobe_status = KPROBE_REENTER;
 220                        return 1;
 221                }
 222
 223                set_current_kprobe(p);
 224                kcb->kprobe_status = KPROBE_HIT_ACTIVE;
 225
 226                /* If we have no pre-handler or it returned 0, we continue with
 227                 * normal processing. If we have a pre-handler and it returned
 228                 * non-zero - which means user handler setup registers to exit
 229                 * to another instruction, we must skip the single stepping.
 230                 */
 231                if (!p->pre_handler || !p->pre_handler(p, regs)) {
 232                        setup_singlestep(p, regs);
 233                        kcb->kprobe_status = KPROBE_HIT_SS;
 234                } else {
 235                        reset_current_kprobe();
 236                        preempt_enable_no_resched();
 237                }
 238
 239                return 1;
 240        }
 241
 242        /* no_kprobe: */
 243        preempt_enable_no_resched();
 244        return 0;
 245}
 246
 247static int __kprobes arc_post_kprobe_handler(unsigned long addr,
 248                                         struct pt_regs *regs)
 249{
 250        struct kprobe *cur = kprobe_running();
 251        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 252
 253        if (!cur)
 254                return 0;
 255
 256        resume_execution(cur, addr, regs);
 257
 258        /* Rearm the kprobe */
 259        arch_arm_kprobe(cur);
 260
 261        /*
 262         * When we return from trap instruction we go to the next instruction
 263         * We restored the actual instruction in resume_exectuiont and we to
 264         * return to the same address and execute it
 265         */
 266        regs->ret = addr;
 267
 268        if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
 269                kcb->kprobe_status = KPROBE_HIT_SSDONE;
 270                cur->post_handler(cur, regs, 0);
 271        }
 272
 273        if (kcb->kprobe_status == KPROBE_REENTER) {
 274                restore_previous_kprobe(kcb);
 275                goto out;
 276        }
 277
 278        reset_current_kprobe();
 279
 280out:
 281        preempt_enable_no_resched();
 282        return 1;
 283}
 284
 285/*
 286 * Fault can be for the instruction being single stepped or for the
 287 * pre/post handlers in the module.
 288 * This is applicable for applications like user probes, where we have the
 289 * probe in user space and the handlers in the kernel
 290 */
 291
 292int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned long trapnr)
 293{
 294        struct kprobe *cur = kprobe_running();
 295        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 296
 297        switch (kcb->kprobe_status) {
 298        case KPROBE_HIT_SS:
 299        case KPROBE_REENTER:
 300                /*
 301                 * We are here because the instruction being single stepped
 302                 * caused the fault. We reset the current kprobe and allow the
 303                 * exception handler as if it is regular exception. In our
 304                 * case it doesn't matter because the system will be halted
 305                 */
 306                resume_execution(cur, (unsigned long)cur->addr, regs);
 307
 308                if (kcb->kprobe_status == KPROBE_REENTER)
 309                        restore_previous_kprobe(kcb);
 310                else
 311                        reset_current_kprobe();
 312
 313                preempt_enable_no_resched();
 314                break;
 315
 316        case KPROBE_HIT_ACTIVE:
 317        case KPROBE_HIT_SSDONE:
 318                /*
 319                 * We are here because the instructions in the pre/post handler
 320                 * caused the fault.
 321                 */
 322
 323                /* We increment the nmissed count for accounting,
 324                 * we can also use npre/npostfault count for accounting
 325                 * these specific fault cases.
 326                 */
 327                kprobes_inc_nmissed_count(cur);
 328
 329                /*
 330                 * We come here because instructions in the pre/post
 331                 * handler caused the page_fault, this could happen
 332                 * if handler tries to access user space by
 333                 * copy_from_user(), get_user() etc. Let the
 334                 * user-specified handler try to fix it first.
 335                 */
 336                if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
 337                        return 1;
 338
 339                /*
 340                 * In case the user-specified fault handler returned zero,
 341                 * try to fix up.
 342                 */
 343                if (fixup_exception(regs))
 344                        return 1;
 345
 346                /*
 347                 * fixup_exception() could not handle it,
 348                 * Let do_page_fault() fix it.
 349                 */
 350                break;
 351
 352        default:
 353                break;
 354        }
 355        return 0;
 356}
 357
 358int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
 359                                       unsigned long val, void *data)
 360{
 361        struct die_args *args = data;
 362        unsigned long addr = args->err;
 363        int ret = NOTIFY_DONE;
 364
 365        switch (val) {
 366        case DIE_IERR:
 367                if (arc_kprobe_handler(addr, args->regs))
 368                        return NOTIFY_STOP;
 369                break;
 370
 371        case DIE_TRAP:
 372                if (arc_post_kprobe_handler(addr, args->regs))
 373                        return NOTIFY_STOP;
 374                break;
 375
 376        default:
 377                break;
 378        }
 379
 380        return ret;
 381}
 382
 383static void __used kretprobe_trampoline_holder(void)
 384{
 385        __asm__ __volatile__(".global kretprobe_trampoline\n"
 386                             "kretprobe_trampoline:\n" "nop\n");
 387}
 388
 389void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
 390                                      struct pt_regs *regs)
 391{
 392
 393        ri->ret_addr = (kprobe_opcode_t *) regs->blink;
 394
 395        /* Replace the return addr with trampoline addr */
 396        regs->blink = (unsigned long)&kretprobe_trampoline;
 397}
 398
 399static int __kprobes trampoline_probe_handler(struct kprobe *p,
 400                                              struct pt_regs *regs)
 401{
 402        struct kretprobe_instance *ri = NULL;
 403        struct hlist_head *head, empty_rp;
 404        struct hlist_node *tmp;
 405        unsigned long flags, orig_ret_address = 0;
 406        unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
 407
 408        INIT_HLIST_HEAD(&empty_rp);
 409        kretprobe_hash_lock(current, &head, &flags);
 410
 411        /*
 412         * It is possible to have multiple instances associated with a given
 413         * task either because an multiple functions in the call path
 414         * have a return probe installed on them, and/or more than one return
 415         * return probe was registered for a target function.
 416         *
 417         * We can handle this because:
 418         *     - instances are always inserted at the head of the list
 419         *     - when multiple return probes are registered for the same
 420         *       function, the first instance's ret_addr will point to the
 421         *       real return address, and all the rest will point to
 422         *       kretprobe_trampoline
 423         */
 424        hlist_for_each_entry_safe(ri, tmp, head, hlist) {
 425                if (ri->task != current)
 426                        /* another task is sharing our hash bucket */
 427                        continue;
 428
 429                if (ri->rp && ri->rp->handler)
 430                        ri->rp->handler(ri, regs);
 431
 432                orig_ret_address = (unsigned long)ri->ret_addr;
 433                recycle_rp_inst(ri, &empty_rp);
 434
 435                if (orig_ret_address != trampoline_address) {
 436                        /*
 437                         * This is the real return address. Any other
 438                         * instances associated with this task are for
 439                         * other calls deeper on the call stack
 440                         */
 441                        break;
 442                }
 443        }
 444
 445        kretprobe_assert(ri, orig_ret_address, trampoline_address);
 446        regs->ret = orig_ret_address;
 447
 448        kretprobe_hash_unlock(current, &flags);
 449
 450        hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
 451                hlist_del(&ri->hlist);
 452                kfree(ri);
 453        }
 454
 455        /* By returning a non zero value, we are telling the kprobe handler
 456         * that we don't want the post_handler to run
 457         */
 458        return 1;
 459}
 460
 461static struct kprobe trampoline_p = {
 462        .addr = (kprobe_opcode_t *) &kretprobe_trampoline,
 463        .pre_handler = trampoline_probe_handler
 464};
 465
 466int __init arch_init_kprobes(void)
 467{
 468        /* Registering the trampoline code for the kret probe */
 469        return register_kprobe(&trampoline_p);
 470}
 471
 472int __kprobes arch_trampoline_kprobe(struct kprobe *p)
 473{
 474        if (p->addr == (kprobe_opcode_t *) &kretprobe_trampoline)
 475                return 1;
 476
 477        return 0;
 478}
 479
 480void trap_is_kprobe(unsigned long address, struct pt_regs *regs)
 481{
 482        notify_die(DIE_TRAP, "kprobe_trap", regs, address, 0, SIGTRAP);
 483}
 484