2 * User-space Probes (UProbes)
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 * Copyright (C) IBM Corporation, 2008-2012
22 * Copyright (C) 2011-2012 Red Hat, Inc., Peter Zijlstra <pzijlstr@redhat.com>
25 #include <linux/kernel.h>
26 #include <linux/highmem.h>
27 #include <linux/pagemap.h> /* read_mapping_page */
28 #include <linux/slab.h>
29 #include <linux/sched.h>
30 #include <linux/rmap.h> /* anon_vma_prepare */
31 #include <linux/mmu_notifier.h> /* set_pte_at_notify */
32 #include <linux/swap.h> /* try_to_free_swap */
33 #include <linux/ptrace.h> /* user_enable_single_step */
34 #include <linux/kdebug.h> /* notifier mechanism */
36 #include <linux/uprobes.h>
38 static struct srcu_struct uprobes_srcu;
39 static struct rb_root uprobes_tree = RB_ROOT;
41 static DEFINE_SPINLOCK(uprobes_treelock); /* serialize rbtree access */
43 #define UPROBES_HASH_SZ 13
45 /* serialize (un)register */
46 static struct mutex uprobes_mutex[UPROBES_HASH_SZ];
48 #define uprobes_hash(v) (&uprobes_mutex[((unsigned long)(v)) % UPROBES_HASH_SZ])
50 /* serialize uprobe->pending_list */
51 static struct mutex uprobes_mmap_mutex[UPROBES_HASH_SZ];
52 #define uprobes_mmap_hash(v) (&uprobes_mmap_mutex[((unsigned long)(v)) % UPROBES_HASH_SZ])
55 * uprobe_events allows us to skip the uprobe_mmap if there are no uprobe
56 * events active at this time. Probably a fine grained per inode count is
59 static atomic_t uprobe_events = ATOMIC_INIT(0);
62 * Maintain a temporary per vma info that can be used to search if a vma
63 * has already been handled. This structure is introduced since extending
64 * vm_area_struct wasnt recommended.
67 struct list_head probe_list;
73 struct rb_node rb_node; /* node in the rb tree */
75 struct rw_semaphore consumer_rwsem;
76 struct list_head pending_list;
77 struct uprobe_consumer *consumers;
78 struct inode *inode; /* Also hold a ref to inode */
81 struct arch_uprobe arch;
85 * valid_vma: Verify if the specified vma is an executable vma
86 * Relax restrictions while unregistering: vm_flags might have
87 * changed after breakpoint was inserted.
88 * - is_register: indicates if we are in register context.
89 * - Return 1 if the specified virtual address is in an
92 static bool valid_vma(struct vm_area_struct *vma, bool is_register)
100 if ((vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)) == (VM_READ|VM_EXEC))
106 static loff_t vma_address(struct vm_area_struct *vma, loff_t offset)
110 vaddr = vma->vm_start + offset;
111 vaddr -= vma->vm_pgoff << PAGE_SHIFT;
117 * __replace_page - replace page in vma by new page.
118 * based on replace_page in mm/ksm.c
120 * @vma: vma that holds the pte pointing to page
121 * @page: the cowed page we are replacing by kpage
122 * @kpage: the modified page we replace page by
124 * Returns 0 on success, -EFAULT on failure.
126 static int __replace_page(struct vm_area_struct *vma, struct page *page, struct page *kpage)
128 struct mm_struct *mm = vma->vm_mm;
137 addr = page_address_in_vma(page, vma);
141 pgd = pgd_offset(mm, addr);
142 if (!pgd_present(*pgd))
145 pud = pud_offset(pgd, addr);
146 if (!pud_present(*pud))
149 pmd = pmd_offset(pud, addr);
150 if (!pmd_present(*pmd))
153 ptep = pte_offset_map_lock(mm, pmd, addr, &ptl);
158 page_add_new_anon_rmap(kpage, vma, addr);
160 flush_cache_page(vma, addr, pte_pfn(*ptep));
161 ptep_clear_flush(vma, addr, ptep);
162 set_pte_at_notify(mm, addr, ptep, mk_pte(kpage, vma->vm_page_prot));
164 page_remove_rmap(page);
165 if (!page_mapped(page))
166 try_to_free_swap(page);
168 pte_unmap_unlock(ptep, ptl);
176 * is_swbp_insn - check if instruction is breakpoint instruction.
177 * @insn: instruction to be checked.
178 * Default implementation of is_swbp_insn
179 * Returns true if @insn is a breakpoint instruction.
181 bool __weak is_swbp_insn(uprobe_opcode_t *insn)
183 return *insn == UPROBE_SWBP_INSN;
188 * Expect the breakpoint instruction to be the smallest size instruction for
189 * the architecture. If an arch has variable length instruction and the
190 * breakpoint instruction is not of the smallest length instruction
191 * supported by that architecture then we need to modify read_opcode /
192 * write_opcode accordingly. This would never be a problem for archs that
193 * have fixed length instructions.
197 * write_opcode - write the opcode at a given virtual address.
198 * @auprobe: arch breakpointing information.
199 * @mm: the probed process address space.
200 * @vaddr: the virtual address to store the opcode.
201 * @opcode: opcode to be written at @vaddr.
203 * Called with mm->mmap_sem held (for read and with a reference to
206 * For mm @mm, write the opcode at @vaddr.
207 * Return 0 (success) or a negative errno.
209 static int write_opcode(struct arch_uprobe *auprobe, struct mm_struct *mm,
210 unsigned long vaddr, uprobe_opcode_t opcode)
212 struct page *old_page, *new_page;
213 struct address_space *mapping;
214 void *vaddr_old, *vaddr_new;
215 struct vm_area_struct *vma;
216 struct uprobe *uprobe;
220 /* Read the page with vaddr into memory */
221 ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &old_page, &vma);
228 * We are interested in text pages only. Our pages of interest
229 * should be mapped for read and execute only. We desist from
230 * adding probes in write mapped pages since the breakpoints
231 * might end up in the file copy.
233 if (!valid_vma(vma, is_swbp_insn(&opcode)))
236 uprobe = container_of(auprobe, struct uprobe, arch);
237 mapping = uprobe->inode->i_mapping;
238 if (mapping != vma->vm_file->f_mapping)
241 addr = vma_address(vma, uprobe->offset);
242 if (vaddr != (unsigned long)addr)
246 new_page = alloc_page_vma(GFP_HIGHUSER_MOVABLE, vma, vaddr);
250 __SetPageUptodate(new_page);
253 * lock page will serialize against do_wp_page()'s
254 * PageAnon() handling
257 /* copy the page now that we've got it stable */
258 vaddr_old = kmap_atomic(old_page);
259 vaddr_new = kmap_atomic(new_page);
261 memcpy(vaddr_new, vaddr_old, PAGE_SIZE);
263 /* poke the new insn in, ASSUMES we don't cross page boundary */
265 BUG_ON(vaddr + UPROBE_SWBP_INSN_SIZE > PAGE_SIZE);
266 memcpy(vaddr_new + vaddr, &opcode, UPROBE_SWBP_INSN_SIZE);
268 kunmap_atomic(vaddr_new);
269 kunmap_atomic(vaddr_old);
271 ret = anon_vma_prepare(vma);
276 ret = __replace_page(vma, old_page, new_page);
277 unlock_page(new_page);
280 unlock_page(old_page);
281 page_cache_release(new_page);
290 * read_opcode - read the opcode at a given virtual address.
291 * @mm: the probed process address space.
292 * @vaddr: the virtual address to read the opcode.
293 * @opcode: location to store the read opcode.
295 * Called with mm->mmap_sem held (for read and with a reference to
298 * For mm @mm, read the opcode at @vaddr and store it in @opcode.
299 * Return 0 (success) or a negative errno.
301 static int read_opcode(struct mm_struct *mm, unsigned long vaddr, uprobe_opcode_t *opcode)
307 ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &page, NULL);
312 vaddr_new = kmap_atomic(page);
314 memcpy(opcode, vaddr_new + vaddr, UPROBE_SWBP_INSN_SIZE);
315 kunmap_atomic(vaddr_new);
323 static int is_swbp_at_addr(struct mm_struct *mm, unsigned long vaddr)
325 uprobe_opcode_t opcode;
328 result = read_opcode(mm, vaddr, &opcode);
332 if (is_swbp_insn(&opcode))
339 * set_swbp - store breakpoint at a given address.
340 * @auprobe: arch specific probepoint information.
341 * @mm: the probed process address space.
342 * @vaddr: the virtual address to insert the opcode.
344 * For mm @mm, store the breakpoint instruction at @vaddr.
345 * Return 0 (success) or a negative errno.
347 int __weak set_swbp(struct arch_uprobe *auprobe, struct mm_struct *mm, unsigned long vaddr)
351 result = is_swbp_at_addr(mm, vaddr);
358 return write_opcode(auprobe, mm, vaddr, UPROBE_SWBP_INSN);
362 * set_orig_insn - Restore the original instruction.
363 * @mm: the probed process address space.
364 * @auprobe: arch specific probepoint information.
365 * @vaddr: the virtual address to insert the opcode.
366 * @verify: if true, verify existance of breakpoint instruction.
368 * For mm @mm, restore the original opcode (opcode) at @vaddr.
369 * Return 0 (success) or a negative errno.
372 set_orig_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, unsigned long vaddr, bool verify)
377 result = is_swbp_at_addr(mm, vaddr);
384 return write_opcode(auprobe, mm, vaddr, *(uprobe_opcode_t *)auprobe->insn);
387 static int match_uprobe(struct uprobe *l, struct uprobe *r)
389 if (l->inode < r->inode)
392 if (l->inode > r->inode)
395 if (l->offset < r->offset)
398 if (l->offset > r->offset)
404 static struct uprobe *__find_uprobe(struct inode *inode, loff_t offset)
406 struct uprobe u = { .inode = inode, .offset = offset };
407 struct rb_node *n = uprobes_tree.rb_node;
408 struct uprobe *uprobe;
412 uprobe = rb_entry(n, struct uprobe, rb_node);
413 match = match_uprobe(&u, uprobe);
415 atomic_inc(&uprobe->ref);
428 * Find a uprobe corresponding to a given inode:offset
429 * Acquires uprobes_treelock
431 static struct uprobe *find_uprobe(struct inode *inode, loff_t offset)
433 struct uprobe *uprobe;
436 spin_lock_irqsave(&uprobes_treelock, flags);
437 uprobe = __find_uprobe(inode, offset);
438 spin_unlock_irqrestore(&uprobes_treelock, flags);
443 static struct uprobe *__insert_uprobe(struct uprobe *uprobe)
445 struct rb_node **p = &uprobes_tree.rb_node;
446 struct rb_node *parent = NULL;
452 u = rb_entry(parent, struct uprobe, rb_node);
453 match = match_uprobe(uprobe, u);
460 p = &parent->rb_left;
462 p = &parent->rb_right;
467 rb_link_node(&uprobe->rb_node, parent, p);
468 rb_insert_color(&uprobe->rb_node, &uprobes_tree);
469 /* get access + creation ref */
470 atomic_set(&uprobe->ref, 2);
476 * Acquire uprobes_treelock.
477 * Matching uprobe already exists in rbtree;
478 * increment (access refcount) and return the matching uprobe.
480 * No matching uprobe; insert the uprobe in rb_tree;
481 * get a double refcount (access + creation) and return NULL.
483 static struct uprobe *insert_uprobe(struct uprobe *uprobe)
488 spin_lock_irqsave(&uprobes_treelock, flags);
489 u = __insert_uprobe(uprobe);
490 spin_unlock_irqrestore(&uprobes_treelock, flags);
492 /* For now assume that the instruction need not be single-stepped */
493 uprobe->flags |= UPROBE_SKIP_SSTEP;
498 static void put_uprobe(struct uprobe *uprobe)
500 if (atomic_dec_and_test(&uprobe->ref))
504 static struct uprobe *alloc_uprobe(struct inode *inode, loff_t offset)
506 struct uprobe *uprobe, *cur_uprobe;
508 uprobe = kzalloc(sizeof(struct uprobe), GFP_KERNEL);
512 uprobe->inode = igrab(inode);
513 uprobe->offset = offset;
514 init_rwsem(&uprobe->consumer_rwsem);
515 INIT_LIST_HEAD(&uprobe->pending_list);
517 /* add to uprobes_tree, sorted on inode:offset */
518 cur_uprobe = insert_uprobe(uprobe);
520 /* a uprobe exists for this inode:offset combination */
526 atomic_inc(&uprobe_events);
532 static void handler_chain(struct uprobe *uprobe, struct pt_regs *regs)
534 struct uprobe_consumer *uc;
536 if (!(uprobe->flags & UPROBE_RUN_HANDLER))
539 down_read(&uprobe->consumer_rwsem);
540 for (uc = uprobe->consumers; uc; uc = uc->next) {
541 if (!uc->filter || uc->filter(uc, current))
542 uc->handler(uc, regs);
544 up_read(&uprobe->consumer_rwsem);
547 /* Returns the previous consumer */
548 static struct uprobe_consumer *
549 consumer_add(struct uprobe *uprobe, struct uprobe_consumer *uc)
551 down_write(&uprobe->consumer_rwsem);
552 uc->next = uprobe->consumers;
553 uprobe->consumers = uc;
554 up_write(&uprobe->consumer_rwsem);
560 * For uprobe @uprobe, delete the consumer @uc.
561 * Return true if the @uc is deleted successfully
564 static bool consumer_del(struct uprobe *uprobe, struct uprobe_consumer *uc)
566 struct uprobe_consumer **con;
569 down_write(&uprobe->consumer_rwsem);
570 for (con = &uprobe->consumers; *con; con = &(*con)->next) {
577 up_write(&uprobe->consumer_rwsem);
583 __copy_insn(struct address_space *mapping, struct vm_area_struct *vma, char *insn,
584 unsigned long nbytes, unsigned long offset)
586 struct file *filp = vma->vm_file;
595 idx = (unsigned long)(offset >> PAGE_CACHE_SHIFT);
596 off1 = offset &= ~PAGE_MASK;
599 * Ensure that the page that has the original instruction is
600 * populated and in page-cache.
602 page = read_mapping_page(mapping, idx, filp);
604 return PTR_ERR(page);
606 vaddr = kmap_atomic(page);
607 memcpy(insn, vaddr + off1, nbytes);
608 kunmap_atomic(vaddr);
609 page_cache_release(page);
615 copy_insn(struct uprobe *uprobe, struct vm_area_struct *vma, unsigned long addr)
617 struct address_space *mapping;
618 unsigned long nbytes;
622 nbytes = PAGE_SIZE - addr;
623 mapping = uprobe->inode->i_mapping;
625 /* Instruction at end of binary; copy only available bytes */
626 if (uprobe->offset + MAX_UINSN_BYTES > uprobe->inode->i_size)
627 bytes = uprobe->inode->i_size - uprobe->offset;
629 bytes = MAX_UINSN_BYTES;
631 /* Instruction at the page-boundary; copy bytes in second page */
632 if (nbytes < bytes) {
633 if (__copy_insn(mapping, vma, uprobe->arch.insn + nbytes,
634 bytes - nbytes, uprobe->offset + nbytes))
639 return __copy_insn(mapping, vma, uprobe->arch.insn, bytes, uprobe->offset);
643 install_breakpoint(struct uprobe *uprobe, struct mm_struct *mm,
644 struct vm_area_struct *vma, loff_t vaddr)
650 * If probe is being deleted, unregister thread could be done with
651 * the vma-rmap-walk through. Adding a probe now can be fatal since
652 * nobody will be able to cleanup. Also we could be from fork or
653 * mremap path, where the probe might have already been inserted.
654 * Hence behave as if probe already existed.
656 if (!uprobe->consumers)
659 addr = (unsigned long)vaddr;
661 if (!(uprobe->flags & UPROBE_COPY_INSN)) {
662 ret = copy_insn(uprobe, vma, addr);
666 if (is_swbp_insn((uprobe_opcode_t *)uprobe->arch.insn))
669 ret = arch_uprobe_analyze_insn(&uprobe->arch, mm);
673 uprobe->flags |= UPROBE_COPY_INSN;
675 ret = set_swbp(&uprobe->arch, mm, addr);
681 remove_breakpoint(struct uprobe *uprobe, struct mm_struct *mm, loff_t vaddr)
683 set_orig_insn(&uprobe->arch, mm, (unsigned long)vaddr, true);
687 * There could be threads that have hit the breakpoint and are entering the
688 * notifier code and trying to acquire the uprobes_treelock. The thread
689 * calling delete_uprobe() that is removing the uprobe from the rb_tree can
690 * race with these threads and might acquire the uprobes_treelock compared
691 * to some of the breakpoint hit threads. In such a case, the breakpoint
692 * hit threads will not find the uprobe. The current unregistering thread
693 * waits till all other threads have hit a breakpoint, to acquire the
694 * uprobes_treelock before the uprobe is removed from the rbtree.
696 static void delete_uprobe(struct uprobe *uprobe)
700 synchronize_srcu(&uprobes_srcu);
701 spin_lock_irqsave(&uprobes_treelock, flags);
702 rb_erase(&uprobe->rb_node, &uprobes_tree);
703 spin_unlock_irqrestore(&uprobes_treelock, flags);
706 atomic_dec(&uprobe_events);
709 static struct vma_info *
710 __find_next_vma_info(struct address_space *mapping, struct list_head *head,
711 struct vma_info *vi, loff_t offset, bool is_register)
713 struct prio_tree_iter iter;
714 struct vm_area_struct *vma;
715 struct vma_info *tmpvi;
720 pgoff = offset >> PAGE_SHIFT;
722 vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) {
723 if (!valid_vma(vma, is_register))
727 vaddr = vma_address(vma, offset);
729 list_for_each_entry(tmpvi, head, probe_list) {
730 if (tmpvi->mm == vma->vm_mm && tmpvi->vaddr == vaddr) {
737 * Another vma needs a probe to be installed. However skip
738 * installing the probe if the vma is about to be unlinked.
740 if (!existing_vma && atomic_inc_not_zero(&vma->vm_mm->mm_users)) {
743 list_add(&vi->probe_list, head);
753 * Iterate in the rmap prio tree and find a vma where a probe has not
756 static struct vma_info *
757 find_next_vma_info(struct address_space *mapping, struct list_head *head,
758 loff_t offset, bool is_register)
760 struct vma_info *vi, *retvi;
762 vi = kzalloc(sizeof(struct vma_info), GFP_KERNEL);
764 return ERR_PTR(-ENOMEM);
766 mutex_lock(&mapping->i_mmap_mutex);
767 retvi = __find_next_vma_info(mapping, head, vi, offset, is_register);
768 mutex_unlock(&mapping->i_mmap_mutex);
776 static int register_for_each_vma(struct uprobe *uprobe, bool is_register)
778 struct list_head try_list;
779 struct vm_area_struct *vma;
780 struct address_space *mapping;
781 struct vma_info *vi, *tmpvi;
782 struct mm_struct *mm;
786 mapping = uprobe->inode->i_mapping;
787 INIT_LIST_HEAD(&try_list);
792 vi = find_next_vma_info(mapping, &try_list, uprobe->offset, is_register);
802 down_read(&mm->mmap_sem);
803 vma = find_vma(mm, (unsigned long)vi->vaddr);
804 if (!vma || !valid_vma(vma, is_register)) {
805 list_del(&vi->probe_list);
807 up_read(&mm->mmap_sem);
811 vaddr = vma_address(vma, uprobe->offset);
812 if (vma->vm_file->f_mapping->host != uprobe->inode ||
813 vaddr != vi->vaddr) {
814 list_del(&vi->probe_list);
816 up_read(&mm->mmap_sem);
822 ret = install_breakpoint(uprobe, mm, vma, vi->vaddr);
824 remove_breakpoint(uprobe, mm, vi->vaddr);
826 up_read(&mm->mmap_sem);
829 if (ret && ret == -EEXIST)
836 list_for_each_entry_safe(vi, tmpvi, &try_list, probe_list) {
837 list_del(&vi->probe_list);
844 static int __uprobe_register(struct uprobe *uprobe)
846 return register_for_each_vma(uprobe, true);
849 static void __uprobe_unregister(struct uprobe *uprobe)
851 if (!register_for_each_vma(uprobe, false))
852 delete_uprobe(uprobe);
854 /* TODO : cant unregister? schedule a worker thread */
858 * uprobe_register - register a probe
859 * @inode: the file in which the probe has to be placed.
860 * @offset: offset from the start of the file.
861 * @uc: information on howto handle the probe..
863 * Apart from the access refcount, uprobe_register() takes a creation
864 * refcount (thro alloc_uprobe) if and only if this @uprobe is getting
865 * inserted into the rbtree (i.e first consumer for a @inode:@offset
866 * tuple). Creation refcount stops uprobe_unregister from freeing the
867 * @uprobe even before the register operation is complete. Creation
868 * refcount is released when the last @uc for the @uprobe
871 * Return errno if it cannot successully install probes
872 * else return 0 (success)
874 int uprobe_register(struct inode *inode, loff_t offset, struct uprobe_consumer *uc)
876 struct uprobe *uprobe;
879 if (!inode || !uc || uc->next)
882 if (offset > i_size_read(inode))
886 mutex_lock(uprobes_hash(inode));
887 uprobe = alloc_uprobe(inode, offset);
889 if (uprobe && !consumer_add(uprobe, uc)) {
890 ret = __uprobe_register(uprobe);
892 uprobe->consumers = NULL;
893 __uprobe_unregister(uprobe);
895 uprobe->flags |= UPROBE_RUN_HANDLER;
899 mutex_unlock(uprobes_hash(inode));
906 * uprobe_unregister - unregister a already registered probe.
907 * @inode: the file in which the probe has to be removed.
908 * @offset: offset from the start of the file.
909 * @uc: identify which probe if multiple probes are colocated.
911 void uprobe_unregister(struct inode *inode, loff_t offset, struct uprobe_consumer *uc)
913 struct uprobe *uprobe;
918 uprobe = find_uprobe(inode, offset);
922 mutex_lock(uprobes_hash(inode));
924 if (consumer_del(uprobe, uc)) {
925 if (!uprobe->consumers) {
926 __uprobe_unregister(uprobe);
927 uprobe->flags &= ~UPROBE_RUN_HANDLER;
931 mutex_unlock(uprobes_hash(inode));
937 * Of all the nodes that correspond to the given inode, return the node
938 * with the least offset.
940 static struct rb_node *find_least_offset_node(struct inode *inode)
942 struct uprobe u = { .inode = inode, .offset = 0};
943 struct rb_node *n = uprobes_tree.rb_node;
944 struct rb_node *close_node = NULL;
945 struct uprobe *uprobe;
949 uprobe = rb_entry(n, struct uprobe, rb_node);
950 match = match_uprobe(&u, uprobe);
952 if (uprobe->inode == inode)
968 * For a given inode, build a list of probes that need to be inserted.
970 static void build_probe_list(struct inode *inode, struct list_head *head)
972 struct uprobe *uprobe;
976 spin_lock_irqsave(&uprobes_treelock, flags);
978 n = find_least_offset_node(inode);
980 for (; n; n = rb_next(n)) {
981 uprobe = rb_entry(n, struct uprobe, rb_node);
982 if (uprobe->inode != inode)
985 list_add(&uprobe->pending_list, head);
986 atomic_inc(&uprobe->ref);
989 spin_unlock_irqrestore(&uprobes_treelock, flags);
993 * Called from mmap_region.
994 * called with mm->mmap_sem acquired.
996 * Return -ve no if we fail to insert probes and we cannot
998 * Return 0 otherwise. i.e:
1000 * - successful insertion of probes
1001 * - (or) no possible probes to be inserted.
1002 * - (or) insertion of probes failed but we can bail-out.
1004 int uprobe_mmap(struct vm_area_struct *vma)
1006 struct list_head tmp_list;
1007 struct uprobe *uprobe, *u;
1008 struct inode *inode;
1011 if (!atomic_read(&uprobe_events) || !valid_vma(vma, true))
1014 inode = vma->vm_file->f_mapping->host;
1018 INIT_LIST_HEAD(&tmp_list);
1019 mutex_lock(uprobes_mmap_hash(inode));
1020 build_probe_list(inode, &tmp_list);
1024 list_for_each_entry_safe(uprobe, u, &tmp_list, pending_list) {
1027 list_del(&uprobe->pending_list);
1029 vaddr = vma_address(vma, uprobe->offset);
1030 if (vaddr >= vma->vm_start && vaddr < vma->vm_end) {
1031 ret = install_breakpoint(uprobe, vma->vm_mm, vma, vaddr);
1032 /* Ignore double add: */
1040 mutex_unlock(uprobes_mmap_hash(inode));
1046 * uprobe_get_swbp_addr - compute address of swbp given post-swbp regs
1047 * @regs: Reflects the saved state of the task after it has hit a breakpoint
1049 * Return the address of the breakpoint instruction.
1051 unsigned long __weak uprobe_get_swbp_addr(struct pt_regs *regs)
1053 return instruction_pointer(regs) - UPROBE_SWBP_INSN_SIZE;
1057 * Called with no locks held.
1058 * Called in context of a exiting or a exec-ing thread.
1060 void uprobe_free_utask(struct task_struct *t)
1062 struct uprobe_task *utask = t->utask;
1064 if (t->uprobe_srcu_id != -1)
1065 srcu_read_unlock_raw(&uprobes_srcu, t->uprobe_srcu_id);
1070 if (utask->active_uprobe)
1071 put_uprobe(utask->active_uprobe);
1078 * Called in context of a new clone/fork from copy_process.
1080 void uprobe_copy_process(struct task_struct *t)
1083 t->uprobe_srcu_id = -1;
1087 * Allocate a uprobe_task object for the task.
1088 * Called when the thread hits a breakpoint for the first time.
1091 * - pointer to new uprobe_task on success
1094 static struct uprobe_task *add_utask(void)
1096 struct uprobe_task *utask;
1098 utask = kzalloc(sizeof *utask, GFP_KERNEL);
1099 if (unlikely(!utask))
1102 utask->active_uprobe = NULL;
1103 current->utask = utask;
1107 /* Prepare to single-step probed instruction out of line. */
1109 pre_ssout(struct uprobe *uprobe, struct pt_regs *regs, unsigned long vaddr)
1115 * If we are singlestepping, then ensure this thread is not connected to
1116 * non-fatal signals until completion of singlestep. When xol insn itself
1117 * triggers the signal, restart the original insn even if the task is
1118 * already SIGKILL'ed (since coredump should report the correct ip). This
1119 * is even more important if the task has a handler for SIGSEGV/etc, The
1120 * _same_ instruction should be repeated again after return from the signal
1121 * handler, and SSTEP can never finish in this case.
1123 bool uprobe_deny_signal(void)
1125 struct task_struct *t = current;
1126 struct uprobe_task *utask = t->utask;
1128 if (likely(!utask || !utask->active_uprobe))
1131 WARN_ON_ONCE(utask->state != UTASK_SSTEP);
1133 if (signal_pending(t)) {
1134 spin_lock_irq(&t->sighand->siglock);
1135 clear_tsk_thread_flag(t, TIF_SIGPENDING);
1136 spin_unlock_irq(&t->sighand->siglock);
1138 if (__fatal_signal_pending(t) || arch_uprobe_xol_was_trapped(t)) {
1139 utask->state = UTASK_SSTEP_TRAPPED;
1140 set_tsk_thread_flag(t, TIF_UPROBE);
1141 set_tsk_thread_flag(t, TIF_NOTIFY_RESUME);
1149 * Avoid singlestepping the original instruction if the original instruction
1150 * is a NOP or can be emulated.
1152 static bool can_skip_sstep(struct uprobe *uprobe, struct pt_regs *regs)
1154 if (arch_uprobe_skip_sstep(&uprobe->arch, regs))
1157 uprobe->flags &= ~UPROBE_SKIP_SSTEP;
1162 * Run handler and ask thread to singlestep.
1163 * Ensure all non-fatal signals cannot interrupt thread while it singlesteps.
1165 static void handle_swbp(struct pt_regs *regs)
1167 struct vm_area_struct *vma;
1168 struct uprobe_task *utask;
1169 struct uprobe *uprobe;
1170 struct mm_struct *mm;
1171 unsigned long bp_vaddr;
1174 bp_vaddr = uprobe_get_swbp_addr(regs);
1176 down_read(&mm->mmap_sem);
1177 vma = find_vma(mm, bp_vaddr);
1179 if (vma && vma->vm_start <= bp_vaddr && valid_vma(vma, false)) {
1180 struct inode *inode;
1183 inode = vma->vm_file->f_mapping->host;
1184 offset = bp_vaddr - vma->vm_start;
1185 offset += (vma->vm_pgoff << PAGE_SHIFT);
1186 uprobe = find_uprobe(inode, offset);
1189 srcu_read_unlock_raw(&uprobes_srcu, current->uprobe_srcu_id);
1190 current->uprobe_srcu_id = -1;
1191 up_read(&mm->mmap_sem);
1194 /* No matching uprobe; signal SIGTRAP. */
1195 send_sig(SIGTRAP, current, 0);
1199 utask = current->utask;
1201 utask = add_utask();
1202 /* Cannot allocate; re-execute the instruction. */
1206 utask->active_uprobe = uprobe;
1207 handler_chain(uprobe, regs);
1208 if (uprobe->flags & UPROBE_SKIP_SSTEP && can_skip_sstep(uprobe, regs))
1211 utask->state = UTASK_SSTEP;
1212 if (!pre_ssout(uprobe, regs, bp_vaddr)) {
1213 user_enable_single_step(current);
1219 utask->active_uprobe = NULL;
1220 utask->state = UTASK_RUNNING;
1223 if (!(uprobe->flags & UPROBE_SKIP_SSTEP))
1226 * cannot singlestep; cannot skip instruction;
1227 * re-execute the instruction.
1229 instruction_pointer_set(regs, bp_vaddr);
1236 * Perform required fix-ups and disable singlestep.
1237 * Allow pending signals to take effect.
1239 static void handle_singlestep(struct uprobe_task *utask, struct pt_regs *regs)
1241 struct uprobe *uprobe;
1243 uprobe = utask->active_uprobe;
1244 if (utask->state == UTASK_SSTEP_ACK)
1245 arch_uprobe_post_xol(&uprobe->arch, regs);
1246 else if (utask->state == UTASK_SSTEP_TRAPPED)
1247 arch_uprobe_abort_xol(&uprobe->arch, regs);
1252 utask->active_uprobe = NULL;
1253 utask->state = UTASK_RUNNING;
1254 user_disable_single_step(current);
1256 spin_lock_irq(¤t->sighand->siglock);
1257 recalc_sigpending(); /* see uprobe_deny_signal() */
1258 spin_unlock_irq(¤t->sighand->siglock);
1262 * On breakpoint hit, breakpoint notifier sets the TIF_UPROBE flag. (and on
1263 * subsequent probe hits on the thread sets the state to UTASK_BP_HIT) and
1264 * allows the thread to return from interrupt.
1266 * On singlestep exception, singlestep notifier sets the TIF_UPROBE flag and
1267 * also sets the state to UTASK_SSTEP_ACK and allows the thread to return from
1270 * While returning to userspace, thread notices the TIF_UPROBE flag and calls
1271 * uprobe_notify_resume().
1273 void uprobe_notify_resume(struct pt_regs *regs)
1275 struct uprobe_task *utask;
1277 utask = current->utask;
1278 if (!utask || utask->state == UTASK_BP_HIT)
1281 handle_singlestep(utask, regs);
1285 * uprobe_pre_sstep_notifier gets called from interrupt context as part of
1286 * notifier mechanism. Set TIF_UPROBE flag and indicate breakpoint hit.
1288 int uprobe_pre_sstep_notifier(struct pt_regs *regs)
1290 struct uprobe_task *utask;
1295 utask = current->utask;
1297 utask->state = UTASK_BP_HIT;
1299 set_thread_flag(TIF_UPROBE);
1300 current->uprobe_srcu_id = srcu_read_lock_raw(&uprobes_srcu);
1306 * uprobe_post_sstep_notifier gets called in interrupt context as part of notifier
1307 * mechanism. Set TIF_UPROBE flag and indicate completion of singlestep.
1309 int uprobe_post_sstep_notifier(struct pt_regs *regs)
1311 struct uprobe_task *utask = current->utask;
1313 if (!current->mm || !utask || !utask->active_uprobe)
1314 /* task is currently not uprobed */
1317 utask->state = UTASK_SSTEP_ACK;
1318 set_thread_flag(TIF_UPROBE);
1322 static struct notifier_block uprobe_exception_nb = {
1323 .notifier_call = arch_uprobe_exception_notify,
1324 .priority = INT_MAX-1, /* notified after kprobes, kgdb */
1327 static int __init init_uprobes(void)
1331 for (i = 0; i < UPROBES_HASH_SZ; i++) {
1332 mutex_init(&uprobes_mutex[i]);
1333 mutex_init(&uprobes_mmap_mutex[i]);
1335 init_srcu_struct(&uprobes_srcu);
1337 return register_die_notifier(&uprobe_exception_nb);
1339 module_init(init_uprobes);
1341 static void __exit exit_uprobes(void)
1344 module_exit(exit_uprobes);
projects / cascardo / linux.git / blob