]>
Commit | Line | Data |
---|---|---|
aaddd3ea ME |
1 | /* |
2 | * Copyright 2008 Michael Ellerman, IBM Corporation. | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version | |
7 | * 2 of the License, or (at your option) any later version. | |
8 | */ | |
9 | ||
10 | #include <linux/kernel.h> | |
71f6e58e | 11 | #include <linux/kprobes.h> |
ae0dc736 ME |
12 | #include <linux/vmalloc.h> |
13 | #include <linux/init.h> | |
27ac792c | 14 | #include <linux/mm.h> |
37bc3e5f BS |
15 | #include <linux/cpuhotplug.h> |
16 | #include <linux/slab.h> | |
7c0f6ba6 | 17 | #include <linux/uaccess.h> |
7d134b2c | 18 | #include <linux/kprobes.h> |
aaddd3ea | 19 | |
37bc3e5f BS |
20 | #include <asm/pgtable.h> |
21 | #include <asm/tlbflush.h> | |
22 | #include <asm/page.h> | |
23 | #include <asm/code-patching.h> | |
252eb558 | 24 | #include <asm/setup.h> |
aaddd3ea | 25 | |
2548b032 CL |
26 | static int __patch_instruction(unsigned int *exec_addr, unsigned int instr, |
27 | unsigned int *patch_addr) | |
aaddd3ea | 28 | { |
b6e37968 SR |
29 | int err; |
30 | ||
2548b032 | 31 | __put_user_size(instr, patch_addr, 4, err); |
b6e37968 SR |
32 | if (err) |
33 | return err; | |
37bc3e5f | 34 | |
2548b032 CL |
35 | asm ("dcbst 0, %0; sync; icbi 0,%1; sync; isync" :: "r" (patch_addr), |
36 | "r" (exec_addr)); | |
37bc3e5f BS |
37 | |
38 | return 0; | |
39 | } | |
40 | ||
56c684d5 | 41 | int raw_patch_instruction(unsigned int *addr, unsigned int instr) |
2548b032 CL |
42 | { |
43 | return __patch_instruction(addr, instr, addr); | |
44 | } | |
45 | ||
37bc3e5f BS |
46 | #ifdef CONFIG_STRICT_KERNEL_RWX |
47 | static DEFINE_PER_CPU(struct vm_struct *, text_poke_area); | |
48 | ||
49 | static int text_area_cpu_up(unsigned int cpu) | |
50 | { | |
51 | struct vm_struct *area; | |
52 | ||
53 | area = get_vm_area(PAGE_SIZE, VM_ALLOC); | |
54 | if (!area) { | |
55 | WARN_ONCE(1, "Failed to create text area for cpu %d\n", | |
56 | cpu); | |
57 | return -1; | |
58 | } | |
59 | this_cpu_write(text_poke_area, area); | |
60 | ||
61 | return 0; | |
62 | } | |
63 | ||
64 | static int text_area_cpu_down(unsigned int cpu) | |
65 | { | |
66 | free_vm_area(this_cpu_read(text_poke_area)); | |
67 | return 0; | |
68 | } | |
69 | ||
70 | /* | |
71 | * Run as a late init call. This allows all the boot time patching to be done | |
72 | * simply by patching the code, and then we're called here prior to | |
73 | * mark_rodata_ro(), which happens after all init calls are run. Although | |
74 | * BUG_ON() is rude, in this case it should only happen if ENOMEM, and we judge | |
75 | * it as being preferable to a kernel that will crash later when someone tries | |
76 | * to use patch_instruction(). | |
77 | */ | |
78 | static int __init setup_text_poke_area(void) | |
79 | { | |
80 | BUG_ON(!cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, | |
81 | "powerpc/text_poke:online", text_area_cpu_up, | |
82 | text_area_cpu_down)); | |
83 | ||
84 | return 0; | |
85 | } | |
86 | late_initcall(setup_text_poke_area); | |
87 | ||
88 | /* | |
89 | * This can be called for kernel text or a module. | |
90 | */ | |
91 | static int map_patch_area(void *addr, unsigned long text_poke_addr) | |
92 | { | |
93 | unsigned long pfn; | |
94 | int err; | |
95 | ||
96 | if (is_vmalloc_addr(addr)) | |
97 | pfn = vmalloc_to_pfn(addr); | |
98 | else | |
99 | pfn = __pa_symbol(addr) >> PAGE_SHIFT; | |
100 | ||
101 | err = map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), | |
102 | pgprot_val(PAGE_KERNEL)); | |
103 | ||
104 | pr_devel("Mapped addr %lx with pfn %lx:%d\n", text_poke_addr, pfn, err); | |
105 | if (err) | |
106 | return -1; | |
107 | ||
108 | return 0; | |
109 | } | |
110 | ||
111 | static inline int unmap_patch_area(unsigned long addr) | |
112 | { | |
113 | pte_t *ptep; | |
114 | pmd_t *pmdp; | |
115 | pud_t *pudp; | |
116 | pgd_t *pgdp; | |
117 | ||
118 | pgdp = pgd_offset_k(addr); | |
119 | if (unlikely(!pgdp)) | |
120 | return -EINVAL; | |
121 | ||
122 | pudp = pud_offset(pgdp, addr); | |
123 | if (unlikely(!pudp)) | |
124 | return -EINVAL; | |
125 | ||
126 | pmdp = pmd_offset(pudp, addr); | |
127 | if (unlikely(!pmdp)) | |
128 | return -EINVAL; | |
129 | ||
130 | ptep = pte_offset_kernel(pmdp, addr); | |
131 | if (unlikely(!ptep)) | |
132 | return -EINVAL; | |
133 | ||
134 | pr_devel("clearing mm %p, pte %p, addr %lx\n", &init_mm, ptep, addr); | |
135 | ||
136 | /* | |
137 | * In hash, pte_clear flushes the tlb, in radix, we have to | |
138 | */ | |
139 | pte_clear(&init_mm, addr, ptep); | |
140 | flush_tlb_kernel_range(addr, addr + PAGE_SIZE); | |
141 | ||
b6e37968 | 142 | return 0; |
aaddd3ea ME |
143 | } |
144 | ||
37bc3e5f BS |
145 | int patch_instruction(unsigned int *addr, unsigned int instr) |
146 | { | |
147 | int err; | |
2548b032 | 148 | unsigned int *patch_addr = NULL; |
37bc3e5f BS |
149 | unsigned long flags; |
150 | unsigned long text_poke_addr; | |
151 | unsigned long kaddr = (unsigned long)addr; | |
152 | ||
153 | /* | |
154 | * During early early boot patch_instruction is called | |
155 | * when text_poke_area is not ready, but we still need | |
156 | * to allow patching. We just do the plain old patching | |
37bc3e5f | 157 | */ |
56c684d5 | 158 | if (!this_cpu_read(text_poke_area)) |
2548b032 | 159 | return raw_patch_instruction(addr, instr); |
37bc3e5f BS |
160 | |
161 | local_irq_save(flags); | |
162 | ||
163 | text_poke_addr = (unsigned long)__this_cpu_read(text_poke_area)->addr; | |
164 | if (map_patch_area(addr, text_poke_addr)) { | |
165 | err = -1; | |
166 | goto out; | |
167 | } | |
168 | ||
2548b032 | 169 | patch_addr = (unsigned int *)(text_poke_addr) + |
37bc3e5f BS |
170 | ((kaddr & ~PAGE_MASK) / sizeof(unsigned int)); |
171 | ||
2548b032 | 172 | __patch_instruction(addr, instr, patch_addr); |
37bc3e5f BS |
173 | |
174 | err = unmap_patch_area(text_poke_addr); | |
175 | if (err) | |
176 | pr_warn("failed to unmap %lx\n", text_poke_addr); | |
177 | ||
178 | out: | |
179 | local_irq_restore(flags); | |
180 | ||
181 | return err; | |
182 | } | |
183 | #else /* !CONFIG_STRICT_KERNEL_RWX */ | |
184 | ||
185 | int patch_instruction(unsigned int *addr, unsigned int instr) | |
186 | { | |
2548b032 | 187 | return raw_patch_instruction(addr, instr); |
37bc3e5f BS |
188 | } |
189 | ||
190 | #endif /* CONFIG_STRICT_KERNEL_RWX */ | |
191 | NOKPROBE_SYMBOL(patch_instruction); | |
192 | ||
b6e37968 | 193 | int patch_branch(unsigned int *addr, unsigned long target, int flags) |
e7a57273 | 194 | { |
b6e37968 | 195 | return patch_instruction(addr, create_branch(addr, target, flags)); |
e7a57273 ME |
196 | } |
197 | ||
522d9ee9 ME |
198 | int patch_branch_site(s32 *site, unsigned long target, int flags) |
199 | { | |
200 | unsigned int *addr; | |
201 | ||
202 | addr = (unsigned int *)((unsigned long)site + *site); | |
203 | return patch_instruction(addr, create_branch(addr, target, flags)); | |
204 | } | |
205 | ||
206 | int patch_instruction_site(s32 *site, unsigned int instr) | |
207 | { | |
208 | unsigned int *addr; | |
209 | ||
210 | addr = (unsigned int *)((unsigned long)site + *site); | |
211 | return patch_instruction(addr, instr); | |
212 | } | |
213 | ||
ebfa50df A |
214 | bool is_offset_in_branch_range(long offset) |
215 | { | |
216 | /* | |
217 | * Powerpc branch instruction is : | |
218 | * | |
219 | * 0 6 30 31 | |
220 | * +---------+----------------+---+---+ | |
221 | * | opcode | LI |AA |LK | | |
222 | * +---------+----------------+---+---+ | |
223 | * Where AA = 0 and LK = 0 | |
224 | * | |
225 | * LI is a signed 24 bits integer. The real branch offset is computed | |
226 | * by: imm32 = SignExtend(LI:'0b00', 32); | |
227 | * | |
228 | * So the maximum forward branch should be: | |
229 | * (0x007fffff << 2) = 0x01fffffc = 0x1fffffc | |
230 | * The maximum backward branch should be: | |
231 | * (0xff800000 << 2) = 0xfe000000 = -0x2000000 | |
232 | */ | |
233 | return (offset >= -0x2000000 && offset <= 0x1fffffc && !(offset & 0x3)); | |
234 | } | |
235 | ||
51c9c084 A |
236 | /* |
237 | * Helper to check if a given instruction is a conditional branch | |
238 | * Derived from the conditional checks in analyse_instr() | |
239 | */ | |
71f6e58e | 240 | bool is_conditional_branch(unsigned int instr) |
51c9c084 A |
241 | { |
242 | unsigned int opcode = instr >> 26; | |
243 | ||
244 | if (opcode == 16) /* bc, bca, bcl, bcla */ | |
245 | return true; | |
246 | if (opcode == 19) { | |
247 | switch ((instr >> 1) & 0x3ff) { | |
248 | case 16: /* bclr, bclrl */ | |
249 | case 528: /* bcctr, bcctrl */ | |
250 | case 560: /* bctar, bctarl */ | |
251 | return true; | |
252 | } | |
253 | } | |
254 | return false; | |
255 | } | |
71f6e58e | 256 | NOKPROBE_SYMBOL(is_conditional_branch); |
51c9c084 | 257 | |
e7a57273 ME |
258 | unsigned int create_branch(const unsigned int *addr, |
259 | unsigned long target, int flags) | |
aaddd3ea ME |
260 | { |
261 | unsigned int instruction; | |
053a858e | 262 | long offset; |
aaddd3ea | 263 | |
053a858e | 264 | offset = target; |
aaddd3ea | 265 | if (! (flags & BRANCH_ABSOLUTE)) |
053a858e ME |
266 | offset = offset - (unsigned long)addr; |
267 | ||
268 | /* Check we can represent the target in the instruction format */ | |
ebfa50df | 269 | if (!is_offset_in_branch_range(offset)) |
053a858e | 270 | return 0; |
aaddd3ea ME |
271 | |
272 | /* Mask out the flags and target, so they don't step on each other. */ | |
053a858e | 273 | instruction = 0x48000000 | (flags & 0x3) | (offset & 0x03FFFFFC); |
aaddd3ea | 274 | |
e7a57273 | 275 | return instruction; |
aaddd3ea | 276 | } |
411781a2 ME |
277 | |
278 | unsigned int create_cond_branch(const unsigned int *addr, | |
279 | unsigned long target, int flags) | |
280 | { | |
281 | unsigned int instruction; | |
282 | long offset; | |
283 | ||
284 | offset = target; | |
285 | if (! (flags & BRANCH_ABSOLUTE)) | |
286 | offset = offset - (unsigned long)addr; | |
287 | ||
288 | /* Check we can represent the target in the instruction format */ | |
289 | if (offset < -0x8000 || offset > 0x7FFF || offset & 0x3) | |
290 | return 0; | |
291 | ||
292 | /* Mask out the flags and target, so they don't step on each other. */ | |
293 | instruction = 0x40000000 | (flags & 0x3FF0003) | (offset & 0xFFFC); | |
294 | ||
295 | return instruction; | |
296 | } | |
297 | ||
298 | static unsigned int branch_opcode(unsigned int instr) | |
299 | { | |
300 | return (instr >> 26) & 0x3F; | |
301 | } | |
302 | ||
303 | static int instr_is_branch_iform(unsigned int instr) | |
304 | { | |
305 | return branch_opcode(instr) == 18; | |
306 | } | |
307 | ||
308 | static int instr_is_branch_bform(unsigned int instr) | |
309 | { | |
310 | return branch_opcode(instr) == 16; | |
311 | } | |
312 | ||
313 | int instr_is_relative_branch(unsigned int instr) | |
314 | { | |
315 | if (instr & BRANCH_ABSOLUTE) | |
316 | return 0; | |
317 | ||
318 | return instr_is_branch_iform(instr) || instr_is_branch_bform(instr); | |
319 | } | |
320 | ||
56576a40 JP |
321 | int instr_is_relative_link_branch(unsigned int instr) |
322 | { | |
323 | return instr_is_relative_branch(instr) && (instr & BRANCH_SET_LINK); | |
324 | } | |
325 | ||
411781a2 ME |
326 | static unsigned long branch_iform_target(const unsigned int *instr) |
327 | { | |
328 | signed long imm; | |
329 | ||
330 | imm = *instr & 0x3FFFFFC; | |
331 | ||
332 | /* If the top bit of the immediate value is set this is negative */ | |
333 | if (imm & 0x2000000) | |
334 | imm -= 0x4000000; | |
335 | ||
336 | if ((*instr & BRANCH_ABSOLUTE) == 0) | |
337 | imm += (unsigned long)instr; | |
338 | ||
339 | return (unsigned long)imm; | |
340 | } | |
341 | ||
342 | static unsigned long branch_bform_target(const unsigned int *instr) | |
343 | { | |
344 | signed long imm; | |
345 | ||
346 | imm = *instr & 0xFFFC; | |
347 | ||
348 | /* If the top bit of the immediate value is set this is negative */ | |
349 | if (imm & 0x8000) | |
350 | imm -= 0x10000; | |
351 | ||
352 | if ((*instr & BRANCH_ABSOLUTE) == 0) | |
353 | imm += (unsigned long)instr; | |
354 | ||
355 | return (unsigned long)imm; | |
356 | } | |
357 | ||
358 | unsigned long branch_target(const unsigned int *instr) | |
359 | { | |
360 | if (instr_is_branch_iform(*instr)) | |
361 | return branch_iform_target(instr); | |
362 | else if (instr_is_branch_bform(*instr)) | |
363 | return branch_bform_target(instr); | |
364 | ||
365 | return 0; | |
366 | } | |
367 | ||
368 | int instr_is_branch_to_addr(const unsigned int *instr, unsigned long addr) | |
369 | { | |
370 | if (instr_is_branch_iform(*instr) || instr_is_branch_bform(*instr)) | |
371 | return branch_target(instr) == addr; | |
372 | ||
373 | return 0; | |
374 | } | |
375 | ||
376 | unsigned int translate_branch(const unsigned int *dest, const unsigned int *src) | |
377 | { | |
378 | unsigned long target; | |
379 | ||
380 | target = branch_target(src); | |
381 | ||
382 | if (instr_is_branch_iform(*src)) | |
383 | return create_branch(dest, target, *src); | |
384 | else if (instr_is_branch_bform(*src)) | |
385 | return create_cond_branch(dest, target, *src); | |
386 | ||
387 | return 0; | |
388 | } | |
ae0dc736 | 389 | |
1e8341ae KH |
390 | #ifdef CONFIG_PPC_BOOK3E_64 |
391 | void __patch_exception(int exc, unsigned long addr) | |
392 | { | |
393 | extern unsigned int interrupt_base_book3e; | |
394 | unsigned int *ibase = &interrupt_base_book3e; | |
395 | ||
396 | /* Our exceptions vectors start with a NOP and -then- a branch | |
397 | * to deal with single stepping from userspace which stops on | |
398 | * the second instruction. Thus we need to patch the second | |
399 | * instruction of the exception, not the first one | |
400 | */ | |
401 | ||
402 | patch_branch(ibase + (exc / 4) + 1, addr, 0); | |
403 | } | |
404 | #endif | |
ae0dc736 ME |
405 | |
406 | #ifdef CONFIG_CODE_PATCHING_SELFTEST | |
407 | ||
408 | static void __init test_trampoline(void) | |
409 | { | |
410 | asm ("nop;\n"); | |
411 | } | |
412 | ||
413 | #define check(x) \ | |
414 | if (!(x)) printk("code-patching: test failed at line %d\n", __LINE__); | |
415 | ||
416 | static void __init test_branch_iform(void) | |
417 | { | |
418 | unsigned int instr; | |
419 | unsigned long addr; | |
420 | ||
421 | addr = (unsigned long)&instr; | |
422 | ||
423 | /* The simplest case, branch to self, no flags */ | |
424 | check(instr_is_branch_iform(0x48000000)); | |
425 | /* All bits of target set, and flags */ | |
426 | check(instr_is_branch_iform(0x4bffffff)); | |
427 | /* High bit of opcode set, which is wrong */ | |
428 | check(!instr_is_branch_iform(0xcbffffff)); | |
429 | /* Middle bits of opcode set, which is wrong */ | |
430 | check(!instr_is_branch_iform(0x7bffffff)); | |
431 | ||
432 | /* Simplest case, branch to self with link */ | |
433 | check(instr_is_branch_iform(0x48000001)); | |
434 | /* All bits of targets set */ | |
435 | check(instr_is_branch_iform(0x4bfffffd)); | |
436 | /* Some bits of targets set */ | |
437 | check(instr_is_branch_iform(0x4bff00fd)); | |
438 | /* Must be a valid branch to start with */ | |
439 | check(!instr_is_branch_iform(0x7bfffffd)); | |
440 | ||
441 | /* Absolute branch to 0x100 */ | |
442 | instr = 0x48000103; | |
443 | check(instr_is_branch_to_addr(&instr, 0x100)); | |
444 | /* Absolute branch to 0x420fc */ | |
445 | instr = 0x480420ff; | |
446 | check(instr_is_branch_to_addr(&instr, 0x420fc)); | |
447 | /* Maximum positive relative branch, + 20MB - 4B */ | |
448 | instr = 0x49fffffc; | |
449 | check(instr_is_branch_to_addr(&instr, addr + 0x1FFFFFC)); | |
450 | /* Smallest negative relative branch, - 4B */ | |
451 | instr = 0x4bfffffc; | |
452 | check(instr_is_branch_to_addr(&instr, addr - 4)); | |
453 | /* Largest negative relative branch, - 32 MB */ | |
454 | instr = 0x4a000000; | |
455 | check(instr_is_branch_to_addr(&instr, addr - 0x2000000)); | |
456 | ||
457 | /* Branch to self, with link */ | |
458 | instr = create_branch(&instr, addr, BRANCH_SET_LINK); | |
459 | check(instr_is_branch_to_addr(&instr, addr)); | |
460 | ||
461 | /* Branch to self - 0x100, with link */ | |
462 | instr = create_branch(&instr, addr - 0x100, BRANCH_SET_LINK); | |
463 | check(instr_is_branch_to_addr(&instr, addr - 0x100)); | |
464 | ||
465 | /* Branch to self + 0x100, no link */ | |
466 | instr = create_branch(&instr, addr + 0x100, 0); | |
467 | check(instr_is_branch_to_addr(&instr, addr + 0x100)); | |
468 | ||
469 | /* Maximum relative negative offset, - 32 MB */ | |
470 | instr = create_branch(&instr, addr - 0x2000000, BRANCH_SET_LINK); | |
471 | check(instr_is_branch_to_addr(&instr, addr - 0x2000000)); | |
472 | ||
473 | /* Out of range relative negative offset, - 32 MB + 4*/ | |
474 | instr = create_branch(&instr, addr - 0x2000004, BRANCH_SET_LINK); | |
475 | check(instr == 0); | |
476 | ||
477 | /* Out of range relative positive offset, + 32 MB */ | |
478 | instr = create_branch(&instr, addr + 0x2000000, BRANCH_SET_LINK); | |
479 | check(instr == 0); | |
480 | ||
481 | /* Unaligned target */ | |
482 | instr = create_branch(&instr, addr + 3, BRANCH_SET_LINK); | |
483 | check(instr == 0); | |
484 | ||
485 | /* Check flags are masked correctly */ | |
486 | instr = create_branch(&instr, addr, 0xFFFFFFFC); | |
487 | check(instr_is_branch_to_addr(&instr, addr)); | |
488 | check(instr == 0x48000000); | |
489 | } | |
490 | ||
491 | static void __init test_create_function_call(void) | |
492 | { | |
493 | unsigned int *iptr; | |
494 | unsigned long dest; | |
495 | ||
496 | /* Check we can create a function call */ | |
497 | iptr = (unsigned int *)ppc_function_entry(test_trampoline); | |
498 | dest = ppc_function_entry(test_create_function_call); | |
499 | patch_instruction(iptr, create_branch(iptr, dest, BRANCH_SET_LINK)); | |
500 | check(instr_is_branch_to_addr(iptr, dest)); | |
501 | } | |
502 | ||
503 | static void __init test_branch_bform(void) | |
504 | { | |
505 | unsigned long addr; | |
506 | unsigned int *iptr, instr, flags; | |
507 | ||
508 | iptr = &instr; | |
509 | addr = (unsigned long)iptr; | |
510 | ||
511 | /* The simplest case, branch to self, no flags */ | |
512 | check(instr_is_branch_bform(0x40000000)); | |
513 | /* All bits of target set, and flags */ | |
514 | check(instr_is_branch_bform(0x43ffffff)); | |
515 | /* High bit of opcode set, which is wrong */ | |
516 | check(!instr_is_branch_bform(0xc3ffffff)); | |
517 | /* Middle bits of opcode set, which is wrong */ | |
518 | check(!instr_is_branch_bform(0x7bffffff)); | |
519 | ||
520 | /* Absolute conditional branch to 0x100 */ | |
521 | instr = 0x43ff0103; | |
522 | check(instr_is_branch_to_addr(&instr, 0x100)); | |
523 | /* Absolute conditional branch to 0x20fc */ | |
524 | instr = 0x43ff20ff; | |
525 | check(instr_is_branch_to_addr(&instr, 0x20fc)); | |
526 | /* Maximum positive relative conditional branch, + 32 KB - 4B */ | |
527 | instr = 0x43ff7ffc; | |
528 | check(instr_is_branch_to_addr(&instr, addr + 0x7FFC)); | |
529 | /* Smallest negative relative conditional branch, - 4B */ | |
530 | instr = 0x43fffffc; | |
531 | check(instr_is_branch_to_addr(&instr, addr - 4)); | |
532 | /* Largest negative relative conditional branch, - 32 KB */ | |
533 | instr = 0x43ff8000; | |
534 | check(instr_is_branch_to_addr(&instr, addr - 0x8000)); | |
535 | ||
536 | /* All condition code bits set & link */ | |
537 | flags = 0x3ff000 | BRANCH_SET_LINK; | |
538 | ||
539 | /* Branch to self */ | |
540 | instr = create_cond_branch(iptr, addr, flags); | |
541 | check(instr_is_branch_to_addr(&instr, addr)); | |
542 | ||
543 | /* Branch to self - 0x100 */ | |
544 | instr = create_cond_branch(iptr, addr - 0x100, flags); | |
545 | check(instr_is_branch_to_addr(&instr, addr - 0x100)); | |
546 | ||
547 | /* Branch to self + 0x100 */ | |
548 | instr = create_cond_branch(iptr, addr + 0x100, flags); | |
549 | check(instr_is_branch_to_addr(&instr, addr + 0x100)); | |
550 | ||
551 | /* Maximum relative negative offset, - 32 KB */ | |
552 | instr = create_cond_branch(iptr, addr - 0x8000, flags); | |
553 | check(instr_is_branch_to_addr(&instr, addr - 0x8000)); | |
554 | ||
555 | /* Out of range relative negative offset, - 32 KB + 4*/ | |
556 | instr = create_cond_branch(iptr, addr - 0x8004, flags); | |
557 | check(instr == 0); | |
558 | ||
559 | /* Out of range relative positive offset, + 32 KB */ | |
560 | instr = create_cond_branch(iptr, addr + 0x8000, flags); | |
561 | check(instr == 0); | |
562 | ||
563 | /* Unaligned target */ | |
564 | instr = create_cond_branch(iptr, addr + 3, flags); | |
565 | check(instr == 0); | |
566 | ||
567 | /* Check flags are masked correctly */ | |
568 | instr = create_cond_branch(iptr, addr, 0xFFFFFFFC); | |
569 | check(instr_is_branch_to_addr(&instr, addr)); | |
570 | check(instr == 0x43FF0000); | |
571 | } | |
572 | ||
573 | static void __init test_translate_branch(void) | |
574 | { | |
575 | unsigned long addr; | |
576 | unsigned int *p, *q; | |
577 | void *buf; | |
578 | ||
579 | buf = vmalloc(PAGE_ALIGN(0x2000000 + 1)); | |
580 | check(buf); | |
581 | if (!buf) | |
582 | return; | |
583 | ||
584 | /* Simple case, branch to self moved a little */ | |
585 | p = buf; | |
586 | addr = (unsigned long)p; | |
587 | patch_branch(p, addr, 0); | |
588 | check(instr_is_branch_to_addr(p, addr)); | |
589 | q = p + 1; | |
590 | patch_instruction(q, translate_branch(q, p)); | |
591 | check(instr_is_branch_to_addr(q, addr)); | |
592 | ||
593 | /* Maximum negative case, move b . to addr + 32 MB */ | |
594 | p = buf; | |
595 | addr = (unsigned long)p; | |
596 | patch_branch(p, addr, 0); | |
597 | q = buf + 0x2000000; | |
598 | patch_instruction(q, translate_branch(q, p)); | |
599 | check(instr_is_branch_to_addr(p, addr)); | |
600 | check(instr_is_branch_to_addr(q, addr)); | |
601 | check(*q == 0x4a000000); | |
602 | ||
603 | /* Maximum positive case, move x to x - 32 MB + 4 */ | |
604 | p = buf + 0x2000000; | |
605 | addr = (unsigned long)p; | |
606 | patch_branch(p, addr, 0); | |
607 | q = buf + 4; | |
608 | patch_instruction(q, translate_branch(q, p)); | |
609 | check(instr_is_branch_to_addr(p, addr)); | |
610 | check(instr_is_branch_to_addr(q, addr)); | |
611 | check(*q == 0x49fffffc); | |
612 | ||
613 | /* Jump to x + 16 MB moved to x + 20 MB */ | |
614 | p = buf; | |
615 | addr = 0x1000000 + (unsigned long)buf; | |
616 | patch_branch(p, addr, BRANCH_SET_LINK); | |
617 | q = buf + 0x1400000; | |
618 | patch_instruction(q, translate_branch(q, p)); | |
619 | check(instr_is_branch_to_addr(p, addr)); | |
620 | check(instr_is_branch_to_addr(q, addr)); | |
621 | ||
622 | /* Jump to x + 16 MB moved to x - 16 MB + 4 */ | |
623 | p = buf + 0x1000000; | |
624 | addr = 0x2000000 + (unsigned long)buf; | |
625 | patch_branch(p, addr, 0); | |
626 | q = buf + 4; | |
627 | patch_instruction(q, translate_branch(q, p)); | |
628 | check(instr_is_branch_to_addr(p, addr)); | |
629 | check(instr_is_branch_to_addr(q, addr)); | |
630 | ||
631 | ||
632 | /* Conditional branch tests */ | |
633 | ||
634 | /* Simple case, branch to self moved a little */ | |
635 | p = buf; | |
636 | addr = (unsigned long)p; | |
637 | patch_instruction(p, create_cond_branch(p, addr, 0)); | |
638 | check(instr_is_branch_to_addr(p, addr)); | |
639 | q = p + 1; | |
640 | patch_instruction(q, translate_branch(q, p)); | |
641 | check(instr_is_branch_to_addr(q, addr)); | |
642 | ||
643 | /* Maximum negative case, move b . to addr + 32 KB */ | |
644 | p = buf; | |
645 | addr = (unsigned long)p; | |
646 | patch_instruction(p, create_cond_branch(p, addr, 0xFFFFFFFC)); | |
647 | q = buf + 0x8000; | |
648 | patch_instruction(q, translate_branch(q, p)); | |
649 | check(instr_is_branch_to_addr(p, addr)); | |
650 | check(instr_is_branch_to_addr(q, addr)); | |
651 | check(*q == 0x43ff8000); | |
652 | ||
653 | /* Maximum positive case, move x to x - 32 KB + 4 */ | |
654 | p = buf + 0x8000; | |
655 | addr = (unsigned long)p; | |
656 | patch_instruction(p, create_cond_branch(p, addr, 0xFFFFFFFC)); | |
657 | q = buf + 4; | |
658 | patch_instruction(q, translate_branch(q, p)); | |
659 | check(instr_is_branch_to_addr(p, addr)); | |
660 | check(instr_is_branch_to_addr(q, addr)); | |
661 | check(*q == 0x43ff7ffc); | |
662 | ||
663 | /* Jump to x + 12 KB moved to x + 20 KB */ | |
664 | p = buf; | |
665 | addr = 0x3000 + (unsigned long)buf; | |
666 | patch_instruction(p, create_cond_branch(p, addr, BRANCH_SET_LINK)); | |
667 | q = buf + 0x5000; | |
668 | patch_instruction(q, translate_branch(q, p)); | |
669 | check(instr_is_branch_to_addr(p, addr)); | |
670 | check(instr_is_branch_to_addr(q, addr)); | |
671 | ||
672 | /* Jump to x + 8 KB moved to x - 8 KB + 4 */ | |
673 | p = buf + 0x2000; | |
674 | addr = 0x4000 + (unsigned long)buf; | |
675 | patch_instruction(p, create_cond_branch(p, addr, 0)); | |
676 | q = buf + 4; | |
677 | patch_instruction(q, translate_branch(q, p)); | |
678 | check(instr_is_branch_to_addr(p, addr)); | |
679 | check(instr_is_branch_to_addr(q, addr)); | |
680 | ||
681 | /* Free the buffer we were using */ | |
682 | vfree(buf); | |
683 | } | |
684 | ||
685 | static int __init test_code_patching(void) | |
686 | { | |
687 | printk(KERN_DEBUG "Running code patching self-tests ...\n"); | |
688 | ||
689 | test_branch_iform(); | |
690 | test_branch_bform(); | |
691 | test_create_function_call(); | |
692 | test_translate_branch(); | |
693 | ||
694 | return 0; | |
695 | } | |
696 | late_initcall(test_code_patching); | |
697 | ||
698 | #endif /* CONFIG_CODE_PATCHING_SELFTEST */ |