linux/arch/sh/kernel/kprobes.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * Kernel probes (kprobes) for SuperH
   4 *
   5 * Copyright (C) 2007 Chris Smith <chris.smith@st.com>
   6 * Copyright (C) 2006 Lineo Solutions, Inc.
   7 */
   8#include <linux/kprobes.h>
   9#include <linux/extable.h>
  10#include <linux/ptrace.h>
  11#include <linux/preempt.h>
  12#include <linux/kdebug.h>
  13#include <linux/slab.h>
  14#include <asm/cacheflush.h>
  15#include <linux/uaccess.h>
  16
  17DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
  18DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
  19
  20static DEFINE_PER_CPU(struct kprobe, saved_current_opcode);
  21static DEFINE_PER_CPU(struct kprobe, saved_next_opcode);
  22static DEFINE_PER_CPU(struct kprobe, saved_next_opcode2);
  23
  24#define OPCODE_JMP(x)   (((x) & 0xF0FF) == 0x402b)
  25#define OPCODE_JSR(x)   (((x) & 0xF0FF) == 0x400b)
  26#define OPCODE_BRA(x)   (((x) & 0xF000) == 0xa000)
  27#define OPCODE_BRAF(x)  (((x) & 0xF0FF) == 0x0023)
  28#define OPCODE_BSR(x)   (((x) & 0xF000) == 0xb000)
  29#define OPCODE_BSRF(x)  (((x) & 0xF0FF) == 0x0003)
  30
  31#define OPCODE_BF_S(x)  (((x) & 0xFF00) == 0x8f00)
  32#define OPCODE_BT_S(x)  (((x) & 0xFF00) == 0x8d00)
  33
  34#define OPCODE_BF(x)    (((x) & 0xFF00) == 0x8b00)
  35#define OPCODE_BT(x)    (((x) & 0xFF00) == 0x8900)
  36
  37#define OPCODE_RTS(x)   (((x) & 0x000F) == 0x000b)
  38#define OPCODE_RTE(x)   (((x) & 0xFFFF) == 0x002b)
  39
  40int __kprobes arch_prepare_kprobe(struct kprobe *p)
  41{
  42        kprobe_opcode_t opcode = *(kprobe_opcode_t *) (p->addr);
  43
  44        if (OPCODE_RTE(opcode))
  45                return -EFAULT; /* Bad breakpoint */
  46
  47        p->opcode = opcode;
  48
  49        return 0;
  50}
  51
  52void __kprobes arch_copy_kprobe(struct kprobe *p)
  53{
  54        memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
  55        p->opcode = *p->addr;
  56}
  57
  58void __kprobes arch_arm_kprobe(struct kprobe *p)
  59{
  60        *p->addr = BREAKPOINT_INSTRUCTION;
  61        flush_icache_range((unsigned long)p->addr,
  62                           (unsigned long)p->addr + sizeof(kprobe_opcode_t));
  63}
  64
  65void __kprobes arch_disarm_kprobe(struct kprobe *p)
  66{
  67        *p->addr = p->opcode;
  68        flush_icache_range((unsigned long)p->addr,
  69                           (unsigned long)p->addr + sizeof(kprobe_opcode_t));
  70}
  71
  72int __kprobes arch_trampoline_kprobe(struct kprobe *p)
  73{
  74        if (*p->addr == BREAKPOINT_INSTRUCTION)
  75                return 1;
  76
  77        return 0;
  78}
  79
  80/**
  81 * If an illegal slot instruction exception occurs for an address
  82 * containing a kprobe, remove the probe.
  83 *
  84 * Returns 0 if the exception was handled successfully, 1 otherwise.
  85 */
  86int __kprobes kprobe_handle_illslot(unsigned long pc)
  87{
  88        struct kprobe *p = get_kprobe((kprobe_opcode_t *) pc + 1);
  89
  90        if (p != NULL) {
  91                printk("Warning: removing kprobe from delay slot: 0x%.8x\n",
  92                       (unsigned int)pc + 2);
  93                unregister_kprobe(p);
  94                return 0;
  95        }
  96
  97        return 1;
  98}
  99
 100void __kprobes arch_remove_kprobe(struct kprobe *p)
 101{
 102        struct kprobe *saved = this_cpu_ptr(&saved_next_opcode);
 103
 104        if (saved->addr) {
 105                arch_disarm_kprobe(p);
 106                arch_disarm_kprobe(saved);
 107
 108                saved->addr = NULL;
 109                saved->opcode = 0;
 110
 111                saved = this_cpu_ptr(&saved_next_opcode2);
 112                if (saved->addr) {
 113                        arch_disarm_kprobe(saved);
 114
 115                        saved->addr = NULL;
 116                        saved->opcode = 0;
 117                }
 118        }
 119}
 120
 121static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
 122{
 123        kcb->prev_kprobe.kp = kprobe_running();
 124        kcb->prev_kprobe.status = kcb->kprobe_status;
 125}
 126
 127static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
 128{
 129        __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
 130        kcb->kprobe_status = kcb->prev_kprobe.status;
 131}
 132
 133static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
 134                                         struct kprobe_ctlblk *kcb)
 135{
 136        __this_cpu_write(current_kprobe, p);
 137}
 138
 139/*
 140 * Singlestep is implemented by disabling the current kprobe and setting one
 141 * on the next instruction, following branches. Two probes are set if the
 142 * branch is conditional.
 143 */
 144static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
 145{
 146        __this_cpu_write(saved_current_opcode.addr, (kprobe_opcode_t *)regs->pc);
 147
 148        if (p != NULL) {
 149                struct kprobe *op1, *op2;
 150
 151                arch_disarm_kprobe(p);
 152
 153                op1 = this_cpu_ptr(&saved_next_opcode);
 154                op2 = this_cpu_ptr(&saved_next_opcode2);
 155
 156                if (OPCODE_JSR(p->opcode) || OPCODE_JMP(p->opcode)) {
 157                        unsigned int reg_nr = ((p->opcode >> 8) & 0x000F);
 158                        op1->addr = (kprobe_opcode_t *) regs->regs[reg_nr];
 159                } else if (OPCODE_BRA(p->opcode) || OPCODE_BSR(p->opcode)) {
 160                        unsigned long disp = (p->opcode & 0x0FFF);
 161                        op1->addr =
 162                            (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
 163
 164                } else if (OPCODE_BRAF(p->opcode) || OPCODE_BSRF(p->opcode)) {
 165                        unsigned int reg_nr = ((p->opcode >> 8) & 0x000F);
 166                        op1->addr =
 167                            (kprobe_opcode_t *) (regs->pc + 4 +
 168                                                 regs->regs[reg_nr]);
 169
 170                } else if (OPCODE_RTS(p->opcode)) {
 171                        op1->addr = (kprobe_opcode_t *) regs->pr;
 172
 173                } else if (OPCODE_BF(p->opcode) || OPCODE_BT(p->opcode)) {
 174                        unsigned long disp = (p->opcode & 0x00FF);
 175                        /* case 1 */
 176                        op1->addr = p->addr + 1;
 177                        /* case 2 */
 178                        op2->addr =
 179                            (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
 180                        op2->opcode = *(op2->addr);
 181                        arch_arm_kprobe(op2);
 182
 183                } else if (OPCODE_BF_S(p->opcode) || OPCODE_BT_S(p->opcode)) {
 184                        unsigned long disp = (p->opcode & 0x00FF);
 185                        /* case 1 */
 186                        op1->addr = p->addr + 2;
 187                        /* case 2 */
 188                        op2->addr =
 189                            (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
 190                        op2->opcode = *(op2->addr);
 191                        arch_arm_kprobe(op2);
 192
 193                } else {
 194                        op1->addr = p->addr + 1;
 195                }
 196
 197                op1->opcode = *(op1->addr);
 198                arch_arm_kprobe(op1);
 199        }
 200}
 201
 202/* Called with kretprobe_lock held */
 203void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
 204                                      struct pt_regs *regs)
 205{
 206        ri->ret_addr = (kprobe_opcode_t *) regs->pr;
 207
 208        /* Replace the return addr with trampoline addr */
 209        regs->pr = (unsigned long)kretprobe_trampoline;
 210}
 211
 212static int __kprobes kprobe_handler(struct pt_regs *regs)
 213{
 214        struct kprobe *p;
 215        int ret = 0;
 216        kprobe_opcode_t *addr = NULL;
 217        struct kprobe_ctlblk *kcb;
 218
 219        /*
 220         * We don't want to be preempted for the entire
 221         * duration of kprobe processing
 222         */
 223        preempt_disable();
 224        kcb = get_kprobe_ctlblk();
 225
 226        addr = (kprobe_opcode_t *) (regs->pc);
 227
 228        /* Check we're not actually recursing */
 229        if (kprobe_running()) {
 230                p = get_kprobe(addr);
 231                if (p) {
 232                        if (kcb->kprobe_status == KPROBE_HIT_SS &&
 233                            *p->ainsn.insn == BREAKPOINT_INSTRUCTION) {
 234                                goto no_kprobe;
 235                        }
 236                        /* We have reentered the kprobe_handler(), since
 237                         * another probe was hit while within the handler.
 238                         * We here save the original kprobes variables and
 239                         * just single step on the instruction of the new probe
 240                         * without calling any user handlers.
 241                         */
 242                        save_previous_kprobe(kcb);
 243                        set_current_kprobe(p, regs, kcb);
 244                        kprobes_inc_nmissed_count(p);
 245                        prepare_singlestep(p, regs);
 246                        kcb->kprobe_status = KPROBE_REENTER;
 247                        return 1;
 248                }
 249                goto no_kprobe;
 250        }
 251
 252        p = get_kprobe(addr);
 253        if (!p) {
 254                /* Not one of ours: let kernel handle it */
 255                if (*(kprobe_opcode_t *)addr != BREAKPOINT_INSTRUCTION) {
 256                        /*
 257                         * The breakpoint instruction was removed right
 258                         * after we hit it. Another cpu has removed
 259                         * either a probepoint or a debugger breakpoint
 260                         * at this address. In either case, no further
 261                         * handling of this interrupt is appropriate.
 262                         */
 263                        ret = 1;
 264                }
 265
 266                goto no_kprobe;
 267        }
 268
 269        set_current_kprobe(p, regs, kcb);
 270        kcb->kprobe_status = KPROBE_HIT_ACTIVE;
 271
 272        if (p->pre_handler && p->pre_handler(p, regs)) {
 273                /* handler has already set things up, so skip ss setup */
 274                reset_current_kprobe();
 275                preempt_enable_no_resched();
 276                return 1;
 277        }
 278
 279        prepare_singlestep(p, regs);
 280        kcb->kprobe_status = KPROBE_HIT_SS;
 281        return 1;
 282
 283no_kprobe:
 284        preempt_enable_no_resched();
 285        return ret;
 286}
 287
 288/*
 289 * For function-return probes, init_kprobes() establishes a probepoint
 290 * here. When a retprobed function returns, this probe is hit and
 291 * trampoline_probe_handler() runs, calling the kretprobe's handler.
 292 */
 293static void __used kretprobe_trampoline_holder(void)
 294{
 295        asm volatile (".globl kretprobe_trampoline\n"
 296                      "kretprobe_trampoline:\n\t"
 297                      "nop\n");
 298}
 299
 300/*
 301 * Called when we hit the probe point at kretprobe_trampoline
 302 */
 303int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
 304{
 305        struct kretprobe_instance *ri = NULL;
 306        struct hlist_head *head, empty_rp;
 307        struct hlist_node *tmp;
 308        unsigned long flags, orig_ret_address = 0;
 309        unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
 310
 311        INIT_HLIST_HEAD(&empty_rp);
 312        kretprobe_hash_lock(current, &head, &flags);
 313
 314        /*
 315         * It is possible to have multiple instances associated with a given
 316         * task either because an multiple functions in the call path
 317         * have a return probe installed on them, and/or more then one return
 318         * return probe was registered for a target function.
 319         *
 320         * We can handle this because:
 321         *     - instances are always inserted at the head of the list
 322         *     - when multiple return probes are registered for the same
 323         *       function, the first instance's ret_addr will point to the
 324         *       real return address, and all the rest will point to
 325         *       kretprobe_trampoline
 326         */
 327        hlist_for_each_entry_safe(ri, tmp, head, hlist) {
 328                if (ri->task != current)
 329                        /* another task is sharing our hash bucket */
 330                        continue;
 331
 332                if (ri->rp && ri->rp->handler) {
 333                        __this_cpu_write(current_kprobe, &ri->rp->kp);
 334                        ri->rp->handler(ri, regs);
 335                        __this_cpu_write(current_kprobe, NULL);
 336                }
 337
 338                orig_ret_address = (unsigned long)ri->ret_addr;
 339                recycle_rp_inst(ri, &empty_rp);
 340
 341                if (orig_ret_address != trampoline_address)
 342                        /*
 343                         * This is the real return address. Any other
 344                         * instances associated with this task are for
 345                         * other calls deeper on the call stack
 346                         */
 347                        break;
 348        }
 349
 350        kretprobe_assert(ri, orig_ret_address, trampoline_address);
 351
 352        regs->pc = orig_ret_address;
 353        kretprobe_hash_unlock(current, &flags);
 354
 355        hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
 356                hlist_del(&ri->hlist);
 357                kfree(ri);
 358        }
 359
 360        return orig_ret_address;
 361}
 362
 363static int __kprobes post_kprobe_handler(struct pt_regs *regs)
 364{
 365        struct kprobe *cur = kprobe_running();
 366        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 367        kprobe_opcode_t *addr = NULL;
 368        struct kprobe *p = NULL;
 369
 370        if (!cur)
 371                return 0;
 372
 373        if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
 374                kcb->kprobe_status = KPROBE_HIT_SSDONE;
 375                cur->post_handler(cur, regs, 0);
 376        }
 377
 378        p = this_cpu_ptr(&saved_next_opcode);
 379        if (p->addr) {
 380                arch_disarm_kprobe(p);
 381                p->addr = NULL;
 382                p->opcode = 0;
 383
 384                addr = __this_cpu_read(saved_current_opcode.addr);
 385                __this_cpu_write(saved_current_opcode.addr, NULL);
 386
 387                p = get_kprobe(addr);
 388                arch_arm_kprobe(p);
 389
 390                p = this_cpu_ptr(&saved_next_opcode2);
 391                if (p->addr) {
 392                        arch_disarm_kprobe(p);
 393                        p->addr = NULL;
 394                        p->opcode = 0;
 395                }
 396        }
 397
 398        /* Restore back the original saved kprobes variables and continue. */
 399        if (kcb->kprobe_status == KPROBE_REENTER) {
 400                restore_previous_kprobe(kcb);
 401                goto out;
 402        }
 403
 404        reset_current_kprobe();
 405
 406out:
 407        preempt_enable_no_resched();
 408
 409        return 1;
 410}
 411
 412int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
 413{
 414        struct kprobe *cur = kprobe_running();
 415        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 416        const struct exception_table_entry *entry;
 417
 418        switch (kcb->kprobe_status) {
 419        case KPROBE_HIT_SS:
 420        case KPROBE_REENTER:
 421                /*
 422                 * We are here because the instruction being single
 423                 * stepped caused a page fault. We reset the current
 424                 * kprobe, point the pc back to the probe address
 425                 * and allow the page fault handler to continue as a
 426                 * normal page fault.
 427                 */
 428                regs->pc = (unsigned long)cur->addr;
 429                if (kcb->kprobe_status == KPROBE_REENTER)
 430                        restore_previous_kprobe(kcb);
 431                else
 432                        reset_current_kprobe();
 433                preempt_enable_no_resched();
 434                break;
 435        case KPROBE_HIT_ACTIVE:
 436        case KPROBE_HIT_SSDONE:
 437                /*
 438                 * We increment the nmissed count for accounting,
 439                 * we can also use npre/npostfault count for accounting
 440                 * these specific fault cases.
 441                 */
 442                kprobes_inc_nmissed_count(cur);
 443
 444                /*
 445                 * We come here because instructions in the pre/post
 446                 * handler caused the page_fault, this could happen
 447                 * if handler tries to access user space by
 448                 * copy_from_user(), get_user() etc. Let the
 449                 * user-specified handler try to fix it first.
 450                 */
 451                if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
 452                        return 1;
 453
 454                /*
 455                 * In case the user-specified fault handler returned
 456                 * zero, try to fix up.
 457                 */
 458                if ((entry = search_exception_tables(regs->pc)) != NULL) {
 459                        regs->pc = entry->fixup;
 460                        return 1;
 461                }
 462
 463                /*
 464                 * fixup_exception() could not handle it,
 465                 * Let do_page_fault() fix it.
 466                 */
 467                break;
 468        default:
 469                break;
 470        }
 471
 472        return 0;
 473}
 474
 475/*
 476 * Wrapper routine to for handling exceptions.
 477 */
 478int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
 479                                       unsigned long val, void *data)
 480{
 481        struct kprobe *p = NULL;
 482        struct die_args *args = (struct die_args *)data;
 483        int ret = NOTIFY_DONE;
 484        kprobe_opcode_t *addr = NULL;
 485        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 486
 487        addr = (kprobe_opcode_t *) (args->regs->pc);
 488        if (val == DIE_TRAP &&
 489            args->trapnr == (BREAKPOINT_INSTRUCTION & 0xff)) {
 490                if (!kprobe_running()) {
 491                        if (kprobe_handler(args->regs)) {
 492                                ret = NOTIFY_STOP;
 493                        } else {
 494                                /* Not a kprobe trap */
 495                                ret = NOTIFY_DONE;
 496                        }
 497                } else {
 498                        p = get_kprobe(addr);
 499                        if ((kcb->kprobe_status == KPROBE_HIT_SS) ||
 500                            (kcb->kprobe_status == KPROBE_REENTER)) {
 501                                if (post_kprobe_handler(args->regs))
 502                                        ret = NOTIFY_STOP;
 503                        } else {
 504                                if (kprobe_handler(args->regs))
 505                                        ret = NOTIFY_STOP;
 506                        }
 507                }
 508        }
 509
 510        return ret;
 511}
 512
 513static struct kprobe trampoline_p = {
 514        .addr = (kprobe_opcode_t *)&kretprobe_trampoline,
 515        .pre_handler = trampoline_probe_handler
 516};
 517
 518int __init arch_init_kprobes(void)
 519{
 520        return register_kprobe(&trampoline_p);
 521}
 522