]>
Commit | Line | Data |
---|---|---|
24ba613c AS |
1 | /* |
2 | * arch/arm/kernel/kprobes.c | |
3 | * | |
4 | * Kprobes on ARM | |
5 | * | |
6 | * Abhishek Sagar <sagar.abhishek@gmail.com> | |
7 | * Copyright (C) 2006, 2007 Motorola Inc. | |
8 | * | |
9 | * Nicolas Pitre <nico@marvell.com> | |
10 | * Copyright (C) 2007 Marvell Ltd. | |
11 | * | |
12 | * This program is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License version 2 as | |
14 | * published by the Free Software Foundation. | |
15 | * | |
16 | * This program is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
19 | * General Public License for more details. | |
20 | */ | |
21 | ||
22 | #include <linux/kernel.h> | |
23 | #include <linux/kprobes.h> | |
24 | #include <linux/module.h> | |
5a0e3ad6 | 25 | #include <linux/slab.h> |
2003b7af | 26 | #include <linux/stop_machine.h> |
b17b0153 | 27 | #include <linux/sched/debug.h> |
24ba613c AS |
28 | #include <linux/stringify.h> |
29 | #include <asm/traps.h> | |
888be254 | 30 | #include <asm/opcodes.h> |
24ba613c | 31 | #include <asm/cacheflush.h> |
21254ebc DL |
32 | #include <linux/percpu.h> |
33 | #include <linux/bug.h> | |
fca08f32 | 34 | #include <asm/patch.h> |
24ba613c | 35 | |
fca08f32 WN |
36 | #include "../decode-arm.h" |
37 | #include "../decode-thumb.h" | |
38 | #include "core.h" | |
221bf15f | 39 | |
24ba613c AS |
40 | #define MIN_STACK_SIZE(addr) \ |
41 | min((unsigned long)MAX_STACK_SIZE, \ | |
42 | (unsigned long)current_thread_info() + THREAD_START_SP - (addr)) | |
43 | ||
aceb487a | 44 | #define flush_insns(addr, size) \ |
24ba613c AS |
45 | flush_icache_range((unsigned long)(addr), \ |
46 | (unsigned long)(addr) + \ | |
aceb487a | 47 | (size)) |
24ba613c AS |
48 | |
49 | /* Used as a marker in ARM_pc to note when we're in a jprobe. */ | |
50 | #define JPROBE_MAGIC_ADDR 0xffffffff | |
51 | ||
52 | DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; | |
53 | DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); | |
54 | ||
55 | ||
56 | int __kprobes arch_prepare_kprobe(struct kprobe *p) | |
57 | { | |
58 | kprobe_opcode_t insn; | |
59 | kprobe_opcode_t tmp_insn[MAX_INSN_SIZE]; | |
60 | unsigned long addr = (unsigned long)p->addr; | |
e2960317 | 61 | bool thumb; |
24371707 | 62 | kprobe_decode_insn_t *decode_insn; |
3e6cd394 | 63 | const union decode_action *actions; |
24ba613c | 64 | int is; |
83803d97 | 65 | const struct decode_checker **checkers; |
24ba613c | 66 | |
24371707 | 67 | if (in_exception_text(addr)) |
24ba613c AS |
68 | return -EINVAL; |
69 | ||
24371707 | 70 | #ifdef CONFIG_THUMB2_KERNEL |
e2960317 | 71 | thumb = true; |
24371707 | 72 | addr &= ~1; /* Bit 0 would normally be set to indicate Thumb code */ |
888be254 | 73 | insn = __mem_to_opcode_thumb16(((u16 *)addr)[0]); |
24371707 | 74 | if (is_wide_instruction(insn)) { |
888be254 BD |
75 | u16 inst2 = __mem_to_opcode_thumb16(((u16 *)addr)[1]); |
76 | insn = __opcode_thumb32_compose(insn, inst2); | |
47e190fa | 77 | decode_insn = thumb32_probes_decode_insn; |
3e6cd394 | 78 | actions = kprobes_t32_actions; |
83803d97 | 79 | checkers = kprobes_t32_checkers; |
3e6cd394 | 80 | } else { |
47e190fa | 81 | decode_insn = thumb16_probes_decode_insn; |
3e6cd394 | 82 | actions = kprobes_t16_actions; |
83803d97 | 83 | checkers = kprobes_t16_checkers; |
3e6cd394 | 84 | } |
24371707 | 85 | #else /* !CONFIG_THUMB2_KERNEL */ |
e2960317 | 86 | thumb = false; |
24371707 JM |
87 | if (addr & 0x3) |
88 | return -EINVAL; | |
888be254 | 89 | insn = __mem_to_opcode_arm(*p->addr); |
47e190fa | 90 | decode_insn = arm_probes_decode_insn; |
3e6cd394 | 91 | actions = kprobes_arm_actions; |
83803d97 | 92 | checkers = kprobes_arm_checkers; |
24371707 JM |
93 | #endif |
94 | ||
24ba613c AS |
95 | p->opcode = insn; |
96 | p->ainsn.insn = tmp_insn; | |
97 | ||
83803d97 | 98 | switch ((*decode_insn)(insn, &p->ainsn, true, actions, checkers)) { |
24ba613c AS |
99 | case INSN_REJECTED: /* not supported */ |
100 | return -EINVAL; | |
101 | ||
102 | case INSN_GOOD: /* instruction uses slot */ | |
103 | p->ainsn.insn = get_insn_slot(); | |
104 | if (!p->ainsn.insn) | |
105 | return -ENOMEM; | |
106 | for (is = 0; is < MAX_INSN_SIZE; ++is) | |
107 | p->ainsn.insn[is] = tmp_insn[is]; | |
aceb487a JM |
108 | flush_insns(p->ainsn.insn, |
109 | sizeof(p->ainsn.insn[0]) * MAX_INSN_SIZE); | |
47e190fa | 110 | p->ainsn.insn_fn = (probes_insn_fn_t *) |
e2960317 | 111 | ((uintptr_t)p->ainsn.insn | thumb); |
24ba613c AS |
112 | break; |
113 | ||
114 | case INSN_GOOD_NO_SLOT: /* instruction doesn't need insn slot */ | |
115 | p->ainsn.insn = NULL; | |
116 | break; | |
117 | } | |
118 | ||
a0266c21 WN |
119 | /* |
120 | * Never instrument insn like 'str r0, [sp, +/-r1]'. Also, insn likes | |
121 | * 'str r0, [sp, #-68]' should also be prohibited. | |
122 | * See __und_svc. | |
123 | */ | |
124 | if ((p->ainsn.stack_space < 0) || | |
125 | (p->ainsn.stack_space > MAX_STACK_SIZE)) | |
126 | return -EINVAL; | |
127 | ||
24ba613c AS |
128 | return 0; |
129 | } | |
130 | ||
131 | void __kprobes arch_arm_kprobe(struct kprobe *p) | |
132 | { | |
b21d55e9 RV |
133 | unsigned int brkp; |
134 | void *addr; | |
135 | ||
136 | if (IS_ENABLED(CONFIG_THUMB2_KERNEL)) { | |
137 | /* Remove any Thumb flag */ | |
138 | addr = (void *)((uintptr_t)p->addr & ~1); | |
139 | ||
140 | if (is_wide_instruction(p->opcode)) | |
141 | brkp = KPROBE_THUMB32_BREAKPOINT_INSTRUCTION; | |
142 | else | |
143 | brkp = KPROBE_THUMB16_BREAKPOINT_INSTRUCTION; | |
aceb487a | 144 | } else { |
b21d55e9 | 145 | kprobe_opcode_t insn = p->opcode; |
24ba613c | 146 | |
b21d55e9 RV |
147 | addr = p->addr; |
148 | brkp = KPROBE_ARM_BREAKPOINT_INSTRUCTION; | |
aceb487a | 149 | |
b21d55e9 RV |
150 | if (insn >= 0xe0000000) |
151 | brkp |= 0xe0000000; /* Unconditional instruction */ | |
152 | else | |
153 | brkp |= insn & 0xf0000000; /* Copy condition from insn */ | |
154 | } | |
aceb487a | 155 | |
b21d55e9 RV |
156 | patch_text(addr, brkp); |
157 | } | |
aceb487a | 158 | |
2003b7af FR |
159 | /* |
160 | * The actual disarming is done here on each CPU and synchronized using | |
161 | * stop_machine. This synchronization is necessary on SMP to avoid removing | |
162 | * a probe between the moment the 'Undefined Instruction' exception is raised | |
163 | * and the moment the exception handler reads the faulting instruction from | |
aceb487a JM |
164 | * memory. It is also needed to atomically set the two half-words of a 32-bit |
165 | * Thumb breakpoint. | |
2003b7af | 166 | */ |
0dc016db WN |
167 | struct patch { |
168 | void *addr; | |
169 | unsigned int insn; | |
170 | }; | |
aceb487a | 171 | |
0dc016db WN |
172 | static int __kprobes_remove_breakpoint(void *data) |
173 | { | |
174 | struct patch *p = data; | |
175 | __patch_text(p->addr, p->insn); | |
2003b7af FR |
176 | return 0; |
177 | } | |
178 | ||
0dc016db WN |
179 | void __kprobes kprobes_remove_breakpoint(void *addr, unsigned int insn) |
180 | { | |
181 | struct patch p = { | |
182 | .addr = addr, | |
183 | .insn = insn, | |
184 | }; | |
185 | stop_machine(__kprobes_remove_breakpoint, &p, cpu_online_mask); | |
186 | } | |
187 | ||
24ba613c AS |
188 | void __kprobes arch_disarm_kprobe(struct kprobe *p) |
189 | { | |
0dc016db WN |
190 | kprobes_remove_breakpoint((void *)((uintptr_t)p->addr & ~1), |
191 | p->opcode); | |
24ba613c AS |
192 | } |
193 | ||
194 | void __kprobes arch_remove_kprobe(struct kprobe *p) | |
195 | { | |
196 | if (p->ainsn.insn) { | |
24ba613c | 197 | free_insn_slot(p->ainsn.insn, 0); |
24ba613c AS |
198 | p->ainsn.insn = NULL; |
199 | } | |
200 | } | |
201 | ||
202 | static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb) | |
203 | { | |
204 | kcb->prev_kprobe.kp = kprobe_running(); | |
205 | kcb->prev_kprobe.status = kcb->kprobe_status; | |
206 | } | |
207 | ||
208 | static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb) | |
209 | { | |
1436c1aa | 210 | __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp); |
24ba613c AS |
211 | kcb->kprobe_status = kcb->prev_kprobe.status; |
212 | } | |
213 | ||
214 | static void __kprobes set_current_kprobe(struct kprobe *p) | |
215 | { | |
1436c1aa | 216 | __this_cpu_write(current_kprobe, p); |
24ba613c AS |
217 | } |
218 | ||
3cca6c24 JM |
219 | static void __kprobes |
220 | singlestep_skip(struct kprobe *p, struct pt_regs *regs) | |
221 | { | |
222 | #ifdef CONFIG_THUMB2_KERNEL | |
223 | regs->ARM_cpsr = it_advance(regs->ARM_cpsr); | |
224 | if (is_wide_instruction(p->opcode)) | |
225 | regs->ARM_pc += 4; | |
226 | else | |
227 | regs->ARM_pc += 2; | |
228 | #else | |
229 | regs->ARM_pc += 4; | |
230 | #endif | |
231 | } | |
232 | ||
c6a7d97d JM |
233 | static inline void __kprobes |
234 | singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) | |
24ba613c | 235 | { |
7579f4b3 | 236 | p->ainsn.insn_singlestep(p->opcode, &p->ainsn, regs); |
24ba613c AS |
237 | } |
238 | ||
239 | /* | |
240 | * Called with IRQs disabled. IRQs must remain disabled from that point | |
241 | * all the way until processing this kprobe is complete. The current | |
242 | * kprobes implementation cannot process more than one nested level of | |
243 | * kprobe, and that level is reserved for user kprobe handlers, so we can't | |
244 | * risk encountering a new kprobe in an interrupt handler. | |
245 | */ | |
246 | void __kprobes kprobe_handler(struct pt_regs *regs) | |
247 | { | |
248 | struct kprobe *p, *cur; | |
249 | struct kprobe_ctlblk *kcb; | |
24ba613c AS |
250 | |
251 | kcb = get_kprobe_ctlblk(); | |
252 | cur = kprobe_running(); | |
aceb487a JM |
253 | |
254 | #ifdef CONFIG_THUMB2_KERNEL | |
255 | /* | |
256 | * First look for a probe which was registered using an address with | |
257 | * bit 0 set, this is the usual situation for pointers to Thumb code. | |
258 | * If not found, fallback to looking for one with bit 0 clear. | |
259 | */ | |
260 | p = get_kprobe((kprobe_opcode_t *)(regs->ARM_pc | 1)); | |
261 | if (!p) | |
262 | p = get_kprobe((kprobe_opcode_t *)regs->ARM_pc); | |
263 | ||
264 | #else /* ! CONFIG_THUMB2_KERNEL */ | |
265 | p = get_kprobe((kprobe_opcode_t *)regs->ARM_pc); | |
266 | #endif | |
24ba613c AS |
267 | |
268 | if (p) { | |
269 | if (cur) { | |
270 | /* Kprobe is pending, so we're recursing. */ | |
271 | switch (kcb->kprobe_status) { | |
272 | case KPROBE_HIT_ACTIVE: | |
273 | case KPROBE_HIT_SSDONE: | |
274 | /* A pre- or post-handler probe got us here. */ | |
275 | kprobes_inc_nmissed_count(p); | |
276 | save_previous_kprobe(kcb); | |
277 | set_current_kprobe(p); | |
278 | kcb->kprobe_status = KPROBE_REENTER; | |
279 | singlestep(p, regs, kcb); | |
280 | restore_previous_kprobe(kcb); | |
281 | break; | |
282 | default: | |
283 | /* impossible cases */ | |
284 | BUG(); | |
285 | } | |
3cca6c24 JM |
286 | } else if (p->ainsn.insn_check_cc(regs->ARM_cpsr)) { |
287 | /* Probe hit and conditional execution check ok. */ | |
24ba613c AS |
288 | set_current_kprobe(p); |
289 | kcb->kprobe_status = KPROBE_HIT_ACTIVE; | |
290 | ||
291 | /* | |
292 | * If we have no pre-handler or it returned 0, we | |
293 | * continue with normal processing. If we have a | |
294 | * pre-handler and it returned non-zero, it prepped | |
295 | * for calling the break_handler below on re-entry, | |
296 | * so get out doing nothing more here. | |
297 | */ | |
298 | if (!p->pre_handler || !p->pre_handler(p, regs)) { | |
299 | kcb->kprobe_status = KPROBE_HIT_SS; | |
300 | singlestep(p, regs, kcb); | |
301 | if (p->post_handler) { | |
302 | kcb->kprobe_status = KPROBE_HIT_SSDONE; | |
303 | p->post_handler(p, regs, 0); | |
304 | } | |
305 | reset_current_kprobe(); | |
306 | } | |
3cca6c24 JM |
307 | } else { |
308 | /* | |
309 | * Probe hit but conditional execution check failed, | |
310 | * so just skip the instruction and continue as if | |
311 | * nothing had happened. | |
312 | */ | |
313 | singlestep_skip(p, regs); | |
24ba613c AS |
314 | } |
315 | } else if (cur) { | |
316 | /* We probably hit a jprobe. Call its break handler. */ | |
317 | if (cur->break_handler && cur->break_handler(cur, regs)) { | |
318 | kcb->kprobe_status = KPROBE_HIT_SS; | |
319 | singlestep(cur, regs, kcb); | |
320 | if (cur->post_handler) { | |
321 | kcb->kprobe_status = KPROBE_HIT_SSDONE; | |
322 | cur->post_handler(cur, regs, 0); | |
323 | } | |
324 | } | |
325 | reset_current_kprobe(); | |
326 | } else { | |
327 | /* | |
328 | * The probe was removed and a race is in progress. | |
329 | * There is nothing we can do about it. Let's restart | |
330 | * the instruction. By the time we can restart, the | |
331 | * real instruction will be there. | |
332 | */ | |
333 | } | |
334 | } | |
335 | ||
3305a607 | 336 | static int __kprobes kprobe_trap_handler(struct pt_regs *regs, unsigned int instr) |
24ba613c | 337 | { |
3305a607 NP |
338 | unsigned long flags; |
339 | local_irq_save(flags); | |
24ba613c | 340 | kprobe_handler(regs); |
3305a607 | 341 | local_irq_restore(flags); |
24ba613c AS |
342 | return 0; |
343 | } | |
344 | ||
345 | int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int fsr) | |
346 | { | |
347 | struct kprobe *cur = kprobe_running(); | |
348 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); | |
349 | ||
350 | switch (kcb->kprobe_status) { | |
351 | case KPROBE_HIT_SS: | |
352 | case KPROBE_REENTER: | |
353 | /* | |
354 | * We are here because the instruction being single | |
355 | * stepped caused a page fault. We reset the current | |
356 | * kprobe and the PC to point back to the probe address | |
357 | * and allow the page fault handler to continue as a | |
358 | * normal page fault. | |
359 | */ | |
360 | regs->ARM_pc = (long)cur->addr; | |
361 | if (kcb->kprobe_status == KPROBE_REENTER) { | |
362 | restore_previous_kprobe(kcb); | |
363 | } else { | |
364 | reset_current_kprobe(); | |
365 | } | |
366 | break; | |
367 | ||
368 | case KPROBE_HIT_ACTIVE: | |
369 | case KPROBE_HIT_SSDONE: | |
370 | /* | |
371 | * We increment the nmissed count for accounting, | |
372 | * we can also use npre/npostfault count for accounting | |
373 | * these specific fault cases. | |
374 | */ | |
375 | kprobes_inc_nmissed_count(cur); | |
376 | ||
377 | /* | |
378 | * We come here because instructions in the pre/post | |
379 | * handler caused the page_fault, this could happen | |
380 | * if handler tries to access user space by | |
381 | * copy_from_user(), get_user() etc. Let the | |
382 | * user-specified handler try to fix it. | |
383 | */ | |
384 | if (cur->fault_handler && cur->fault_handler(cur, regs, fsr)) | |
385 | return 1; | |
386 | break; | |
387 | ||
388 | default: | |
389 | break; | |
390 | } | |
391 | ||
392 | return 0; | |
393 | } | |
394 | ||
395 | int __kprobes kprobe_exceptions_notify(struct notifier_block *self, | |
396 | unsigned long val, void *data) | |
397 | { | |
398 | /* | |
399 | * notify_die() is currently never called on ARM, | |
400 | * so this callback is currently empty. | |
401 | */ | |
402 | return NOTIFY_DONE; | |
403 | } | |
404 | ||
405 | /* | |
406 | * When a retprobed function returns, trampoline_handler() is called, | |
407 | * calling the kretprobe's handler. We construct a struct pt_regs to | |
408 | * give a view of registers r0-r11 to the user return-handler. This is | |
409 | * not a complete pt_regs structure, but that should be plenty sufficient | |
410 | * for kretprobe handlers which should normally be interested in r0 only | |
411 | * anyway. | |
412 | */ | |
e0773410 | 413 | void __naked __kprobes kretprobe_trampoline(void) |
24ba613c AS |
414 | { |
415 | __asm__ __volatile__ ( | |
416 | "stmdb sp!, {r0 - r11} \n\t" | |
417 | "mov r0, sp \n\t" | |
418 | "bl trampoline_handler \n\t" | |
419 | "mov lr, r0 \n\t" | |
420 | "ldmia sp!, {r0 - r11} \n\t" | |
de419840 JM |
421 | #ifdef CONFIG_THUMB2_KERNEL |
422 | "bx lr \n\t" | |
423 | #else | |
24ba613c | 424 | "mov pc, lr \n\t" |
de419840 | 425 | #endif |
24ba613c AS |
426 | : : : "memory"); |
427 | } | |
428 | ||
429 | /* Called from kretprobe_trampoline */ | |
430 | static __used __kprobes void *trampoline_handler(struct pt_regs *regs) | |
431 | { | |
432 | struct kretprobe_instance *ri = NULL; | |
433 | struct hlist_head *head, empty_rp; | |
b67bfe0d | 434 | struct hlist_node *tmp; |
24ba613c AS |
435 | unsigned long flags, orig_ret_address = 0; |
436 | unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline; | |
437 | ||
438 | INIT_HLIST_HEAD(&empty_rp); | |
ef53d9c5 | 439 | kretprobe_hash_lock(current, &head, &flags); |
24ba613c AS |
440 | |
441 | /* | |
442 | * It is possible to have multiple instances associated with a given | |
443 | * task either because multiple functions in the call path have | |
444 | * a return probe installed on them, and/or more than one return | |
445 | * probe was registered for a target function. | |
446 | * | |
447 | * We can handle this because: | |
448 | * - instances are always inserted at the head of the list | |
449 | * - when multiple return probes are registered for the same | |
450 | * function, the first instance's ret_addr will point to the | |
451 | * real return address, and all the rest will point to | |
452 | * kretprobe_trampoline | |
453 | */ | |
b67bfe0d | 454 | hlist_for_each_entry_safe(ri, tmp, head, hlist) { |
24ba613c AS |
455 | if (ri->task != current) |
456 | /* another task is sharing our hash bucket */ | |
457 | continue; | |
458 | ||
459 | if (ri->rp && ri->rp->handler) { | |
1436c1aa | 460 | __this_cpu_write(current_kprobe, &ri->rp->kp); |
24ba613c AS |
461 | get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE; |
462 | ri->rp->handler(ri, regs); | |
1436c1aa | 463 | __this_cpu_write(current_kprobe, NULL); |
24ba613c AS |
464 | } |
465 | ||
466 | orig_ret_address = (unsigned long)ri->ret_addr; | |
467 | recycle_rp_inst(ri, &empty_rp); | |
468 | ||
469 | if (orig_ret_address != trampoline_address) | |
470 | /* | |
471 | * This is the real return address. Any other | |
472 | * instances associated with this task are for | |
473 | * other calls deeper on the call stack | |
474 | */ | |
475 | break; | |
476 | } | |
477 | ||
478 | kretprobe_assert(ri, orig_ret_address, trampoline_address); | |
ef53d9c5 | 479 | kretprobe_hash_unlock(current, &flags); |
24ba613c | 480 | |
b67bfe0d | 481 | hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { |
24ba613c AS |
482 | hlist_del(&ri->hlist); |
483 | kfree(ri); | |
484 | } | |
485 | ||
486 | return (void *)orig_ret_address; | |
487 | } | |
488 | ||
24ba613c AS |
489 | void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, |
490 | struct pt_regs *regs) | |
491 | { | |
492 | ri->ret_addr = (kprobe_opcode_t *)regs->ARM_lr; | |
493 | ||
494 | /* Replace the return addr with trampoline addr. */ | |
495 | regs->ARM_lr = (unsigned long)&kretprobe_trampoline; | |
496 | } | |
497 | ||
498 | int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs) | |
499 | { | |
500 | struct jprobe *jp = container_of(p, struct jprobe, kp); | |
501 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); | |
502 | long sp_addr = regs->ARM_sp; | |
de419840 | 503 | long cpsr; |
24ba613c AS |
504 | |
505 | kcb->jprobe_saved_regs = *regs; | |
506 | memcpy(kcb->jprobes_stack, (void *)sp_addr, MIN_STACK_SIZE(sp_addr)); | |
507 | regs->ARM_pc = (long)jp->entry; | |
de419840 JM |
508 | |
509 | cpsr = regs->ARM_cpsr | PSR_I_BIT; | |
510 | #ifdef CONFIG_THUMB2_KERNEL | |
511 | /* Set correct Thumb state in cpsr */ | |
512 | if (regs->ARM_pc & 1) | |
513 | cpsr |= PSR_T_BIT; | |
514 | else | |
515 | cpsr &= ~PSR_T_BIT; | |
516 | #endif | |
517 | regs->ARM_cpsr = cpsr; | |
518 | ||
24ba613c AS |
519 | preempt_disable(); |
520 | return 1; | |
521 | } | |
522 | ||
523 | void __kprobes jprobe_return(void) | |
524 | { | |
525 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); | |
526 | ||
527 | __asm__ __volatile__ ( | |
528 | /* | |
529 | * Setup an empty pt_regs. Fill SP and PC fields as | |
530 | * they're needed by longjmp_break_handler. | |
782a0fd1 MW |
531 | * |
532 | * We allocate some slack between the original SP and start of | |
533 | * our fabricated regs. To be precise we want to have worst case | |
534 | * covered which is STMFD with all 16 regs so we allocate 2 * | |
535 | * sizeof(struct_pt_regs)). | |
536 | * | |
537 | * This is to prevent any simulated instruction from writing | |
538 | * over the regs when they are accessing the stack. | |
24ba613c | 539 | */ |
de419840 JM |
540 | #ifdef CONFIG_THUMB2_KERNEL |
541 | "sub r0, %0, %1 \n\t" | |
542 | "mov sp, r0 \n\t" | |
543 | #else | |
24ba613c | 544 | "sub sp, %0, %1 \n\t" |
de419840 | 545 | #endif |
24ba613c AS |
546 | "ldr r0, ="__stringify(JPROBE_MAGIC_ADDR)"\n\t" |
547 | "str %0, [sp, %2] \n\t" | |
548 | "str r0, [sp, %3] \n\t" | |
549 | "mov r0, sp \n\t" | |
550 | "bl kprobe_handler \n\t" | |
551 | ||
552 | /* | |
553 | * Return to the context saved by setjmp_pre_handler | |
554 | * and restored by longjmp_break_handler. | |
555 | */ | |
de419840 JM |
556 | #ifdef CONFIG_THUMB2_KERNEL |
557 | "ldr lr, [sp, %2] \n\t" /* lr = saved sp */ | |
558 | "ldrd r0, r1, [sp, %5] \n\t" /* r0,r1 = saved lr,pc */ | |
559 | "ldr r2, [sp, %4] \n\t" /* r2 = saved psr */ | |
560 | "stmdb lr!, {r0, r1, r2} \n\t" /* push saved lr and */ | |
561 | /* rfe context */ | |
562 | "ldmia sp, {r0 - r12} \n\t" | |
563 | "mov sp, lr \n\t" | |
564 | "ldr lr, [sp], #4 \n\t" | |
565 | "rfeia sp! \n\t" | |
566 | #else | |
24ba613c AS |
567 | "ldr r0, [sp, %4] \n\t" |
568 | "msr cpsr_cxsf, r0 \n\t" | |
569 | "ldmia sp, {r0 - pc} \n\t" | |
de419840 | 570 | #endif |
24ba613c AS |
571 | : |
572 | : "r" (kcb->jprobe_saved_regs.ARM_sp), | |
782a0fd1 | 573 | "I" (sizeof(struct pt_regs) * 2), |
24ba613c AS |
574 | "J" (offsetof(struct pt_regs, ARM_sp)), |
575 | "J" (offsetof(struct pt_regs, ARM_pc)), | |
de419840 JM |
576 | "J" (offsetof(struct pt_regs, ARM_cpsr)), |
577 | "J" (offsetof(struct pt_regs, ARM_lr)) | |
24ba613c AS |
578 | : "memory", "cc"); |
579 | } | |
580 | ||
581 | int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs) | |
582 | { | |
583 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); | |
584 | long stack_addr = kcb->jprobe_saved_regs.ARM_sp; | |
585 | long orig_sp = regs->ARM_sp; | |
586 | struct jprobe *jp = container_of(p, struct jprobe, kp); | |
587 | ||
588 | if (regs->ARM_pc == JPROBE_MAGIC_ADDR) { | |
589 | if (orig_sp != stack_addr) { | |
590 | struct pt_regs *saved_regs = | |
591 | (struct pt_regs *)kcb->jprobe_saved_regs.ARM_sp; | |
592 | printk("current sp %lx does not match saved sp %lx\n", | |
593 | orig_sp, stack_addr); | |
594 | printk("Saved registers for jprobe %p\n", jp); | |
595 | show_regs(saved_regs); | |
596 | printk("Current registers\n"); | |
597 | show_regs(regs); | |
598 | BUG(); | |
599 | } | |
600 | *regs = kcb->jprobe_saved_regs; | |
601 | memcpy((void *)stack_addr, kcb->jprobes_stack, | |
602 | MIN_STACK_SIZE(stack_addr)); | |
603 | preempt_enable_no_resched(); | |
604 | return 1; | |
605 | } | |
606 | return 0; | |
607 | } | |
608 | ||
b24061fa NP |
609 | int __kprobes arch_trampoline_kprobe(struct kprobe *p) |
610 | { | |
611 | return 0; | |
612 | } | |
613 | ||
aceb487a JM |
614 | #ifdef CONFIG_THUMB2_KERNEL |
615 | ||
616 | static struct undef_hook kprobes_thumb16_break_hook = { | |
617 | .instr_mask = 0xffff, | |
618 | .instr_val = KPROBE_THUMB16_BREAKPOINT_INSTRUCTION, | |
619 | .cpsr_mask = MODE_MASK, | |
620 | .cpsr_val = SVC_MODE, | |
621 | .fn = kprobe_trap_handler, | |
622 | }; | |
623 | ||
624 | static struct undef_hook kprobes_thumb32_break_hook = { | |
625 | .instr_mask = 0xffffffff, | |
626 | .instr_val = KPROBE_THUMB32_BREAKPOINT_INSTRUCTION, | |
627 | .cpsr_mask = MODE_MASK, | |
628 | .cpsr_val = SVC_MODE, | |
629 | .fn = kprobe_trap_handler, | |
630 | }; | |
631 | ||
632 | #else /* !CONFIG_THUMB2_KERNEL */ | |
633 | ||
634 | static struct undef_hook kprobes_arm_break_hook = { | |
3b269455 | 635 | .instr_mask = 0x0fffffff, |
aceb487a | 636 | .instr_val = KPROBE_ARM_BREAKPOINT_INSTRUCTION, |
24ba613c AS |
637 | .cpsr_mask = MODE_MASK, |
638 | .cpsr_val = SVC_MODE, | |
639 | .fn = kprobe_trap_handler, | |
640 | }; | |
641 | ||
aceb487a JM |
642 | #endif /* !CONFIG_THUMB2_KERNEL */ |
643 | ||
24ba613c AS |
644 | int __init arch_init_kprobes() |
645 | { | |
eb73ea97 | 646 | arm_probes_decode_init(); |
aceb487a JM |
647 | #ifdef CONFIG_THUMB2_KERNEL |
648 | register_undef_hook(&kprobes_thumb16_break_hook); | |
649 | register_undef_hook(&kprobes_thumb32_break_hook); | |
650 | #else | |
651 | register_undef_hook(&kprobes_arm_break_hook); | |
652 | #endif | |
24ba613c AS |
653 | return 0; |
654 | } |