arch/tile/kernel/kprobes.c

   1 /*
   2  * arch/tile/kernel/kprobes.c
   3  * Kprobes on TILE-Gx
   4  *
   5  * Some portions copied from the MIPS version.
   6  *
   7  * Copyright (C) IBM Corporation, 2002, 2004
   8  * Copyright 2006 Sony Corp.
   9  * Copyright 2010 Cavium Networks
  10  *
  11  * Copyright 2012 Tilera Corporation. All Rights Reserved.
  12  *
  13  *   This program is free software; you can redistribute it and/or
  14  *   modify it under the terms of the GNU General Public License
  15  *   as published by the Free Software Foundation, version 2.
  16  *
  17  *   This program is distributed in the hope that it will be useful, but
  18  *   WITHOUT ANY WARRANTY; without even the implied warranty of
  19  *   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
  20  *   NON INFRINGEMENT.  See the GNU General Public License for
  21  *   more details.
  22  */
  23
  24 #include <linux/kprobes.h>
  25 #include <linux/kdebug.h>
  26 #include <linux/module.h>
  27 #include <linux/slab.h>
  28 #include <linux/uaccess.h>
  29 #include <asm/cacheflush.h>
  30
  31 #include <arch/opcode.h>
  32
  33 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
  34 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
  35
  36 tile_bundle_bits breakpoint_insn = TILEGX_BPT_BUNDLE;
  37 tile_bundle_bits breakpoint2_insn = TILEGX_BPT_BUNDLE | DIE_SSTEPBP;
  38
  39 /*
  40  * Check whether instruction is branch or jump, or if executing it
  41  * has different results depending on where it is executed (e.g. lnk).
  42  */
  43 static int __kprobes insn_has_control(kprobe_opcode_t insn)
  44 {
  45         if (get_Mode(insn) != 0) {   /* Y-format bundle */
  46                 if (get_Opcode_Y1(insn) != RRR_1_OPCODE_Y1 ||
  47                     get_RRROpcodeExtension_Y1(insn) != UNARY_RRR_1_OPCODE_Y1)
  48                         return 0;
  49
  50                 switch (get_UnaryOpcodeExtension_Y1(insn)) {
  51                 case JALRP_UNARY_OPCODE_Y1:
  52                 case JALR_UNARY_OPCODE_Y1:
  53                 case JRP_UNARY_OPCODE_Y1:
  54                 case JR_UNARY_OPCODE_Y1:
  55                 case LNK_UNARY_OPCODE_Y1:
  56                         return 1;
  57                 default:
  58                         return 0;
  59                 }
  60         }
  61
  62         switch (get_Opcode_X1(insn)) {
  63         case BRANCH_OPCODE_X1:  /* branch instructions */
  64         case JUMP_OPCODE_X1:    /* jump instructions: j and jal */
  65                 return 1;
  66
  67         case RRR_0_OPCODE_X1:   /* other jump instructions */
  68                 if (get_RRROpcodeExtension_X1(insn) != UNARY_RRR_0_OPCODE_X1)
  69                         return 0;
  70                 switch (get_UnaryOpcodeExtension_X1(insn)) {
  71                 case JALRP_UNARY_OPCODE_X1:
  72                 case JALR_UNARY_OPCODE_X1:
  73                 case JRP_UNARY_OPCODE_X1:
  74                 case JR_UNARY_OPCODE_X1:
  75                 case LNK_UNARY_OPCODE_X1:
  76                         return 1;
  77                 default:
  78                         return 0;
  79                 }
  80         default:
  81                 return 0;
  82         }
  83 }
  84
  85 int __kprobes arch_prepare_kprobe(struct kprobe *p)
  86 {
  87         unsigned long addr = (unsigned long)p->addr;
  88
  89         if (addr & (sizeof(kprobe_opcode_t) - 1))
  90                 return -EINVAL;
  91
  92         if (insn_has_control(*p->addr)) {
  93                 pr_notice("Kprobes for control instructions are not "
  94                           "supported\n");
  95                 return -EINVAL;
  96         }
  97
  98         /* insn: must be on special executable page on tile. */
  99         p->ainsn.insn = get_insn_slot();
 100         if (!p->ainsn.insn)
 101                 return -ENOMEM;
 102
 103         /*
 104          * In the kprobe->ainsn.insn[] array we store the original
 105          * instruction at index zero and a break trap instruction at
 106          * index one.
 107          */
 108         memcpy(&p->ainsn.insn[0], p->addr, sizeof(kprobe_opcode_t));
 109         p->ainsn.insn[1] = breakpoint2_insn;
 110         p->opcode = *p->addr;
 111
 112         return 0;
 113 }
 114
 115 void __kprobes arch_arm_kprobe(struct kprobe *p)
 116 {
 117         unsigned long addr_wr;
 118
 119         /* Operate on writable kernel text mapping. */
 120         addr_wr = (unsigned long)p->addr - MEM_SV_START + PAGE_OFFSET;
 121
 122         if (probe_kernel_write((void *)addr_wr, &breakpoint_insn,
 123                 sizeof(breakpoint_insn)))
 124                 pr_err("%s: failed to enable kprobe\n", __func__);
 125
 126         smp_wmb();
 127         flush_insn_slot(p);
 128 }
 129
 130 void __kprobes arch_disarm_kprobe(struct kprobe *kp)
 131 {
 132         unsigned long addr_wr;
 133
 134         /* Operate on writable kernel text mapping. */
 135         addr_wr = (unsigned long)kp->addr - MEM_SV_START + PAGE_OFFSET;
 136
 137         if (probe_kernel_write((void *)addr_wr, &kp->opcode,
 138                 sizeof(kp->opcode)))
 139                 pr_err("%s: failed to enable kprobe\n", __func__);
 140
 141         smp_wmb();
 142         flush_insn_slot(kp);
 143 }
 144
 145 void __kprobes arch_remove_kprobe(struct kprobe *p)
 146 {
 147         if (p->ainsn.insn) {
 148                 free_insn_slot(p->ainsn.insn, 0);
 149                 p->ainsn.insn = NULL;
 150         }
 151 }
 152
 153 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
 154 {
 155         kcb->prev_kprobe.kp = kprobe_running();
 156         kcb->prev_kprobe.status = kcb->kprobe_status;
 157         kcb->prev_kprobe.saved_pc = kcb->kprobe_saved_pc;
 158 }
 159
 160 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
 161 {
 162         __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
 163         kcb->kprobe_status = kcb->prev_kprobe.status;
 164         kcb->kprobe_saved_pc = kcb->prev_kprobe.saved_pc;
 165 }
 166
 167 static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
 168                         struct kprobe_ctlblk *kcb)
 169 {
 170         __this_cpu_write(current_kprobe, p);
 171         kcb->kprobe_saved_pc = regs->pc;
 172 }
 173
 174 static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
 175 {
 176         /* Single step inline if the instruction is a break. */
 177         if (p->opcode == breakpoint_insn ||
 178             p->opcode == breakpoint2_insn)
 179                 regs->pc = (unsigned long)p->addr;
 180         else
 181                 regs->pc = (unsigned long)&p->ainsn.insn[0];
 182 }
 183
 184 static int __kprobes kprobe_handler(struct pt_regs *regs)
 185 {
 186         struct kprobe *p;
 187         int ret = 0;
 188         kprobe_opcode_t *addr;
 189         struct kprobe_ctlblk *kcb;
 190
 191         addr = (kprobe_opcode_t *)regs->pc;
 192
 193         /*
 194          * We don't want to be preempted for the entire
 195          * duration of kprobe processing.
 196          */
 197         preempt_disable();
 198         kcb = get_kprobe_ctlblk();
 199
 200         /* Check we're not actually recursing. */
 201         if (kprobe_running()) {
 202                 p = get_kprobe(addr);
 203                 if (p) {
 204                         if (kcb->kprobe_status == KPROBE_HIT_SS &&
 205                             p->ainsn.insn[0] == breakpoint_insn) {
 206                                 goto no_kprobe;
 207                         }
 208                         /*
 209                          * We have reentered the kprobe_handler(), since
 210                          * another probe was hit while within the handler.
 211                          * We here save the original kprobes variables and
 212                          * just single step on the instruction of the new probe
 213                          * without calling any user handlers.
 214                          */
 215                         save_previous_kprobe(kcb);
 216                         set_current_kprobe(p, regs, kcb);
 217                         kprobes_inc_nmissed_count(p);
 218                         prepare_singlestep(p, regs);
 219                         kcb->kprobe_status = KPROBE_REENTER;
 220                         return 1;
 221                 } else {
 222                         if (*addr != breakpoint_insn) {
 223                                 /*
 224                                  * The breakpoint instruction was removed by
 225                                  * another cpu right after we hit, no further
 226                                  * handling of this interrupt is appropriate.
 227                                  */
 228                                 ret = 1;
 229                                 goto no_kprobe;
 230                         }
 231                         p = __this_cpu_read(current_kprobe);
 232                         if (p->break_handler && p->break_handler(p, regs))
 233                                 goto ss_probe;
 234                 }
 235                 goto no_kprobe;
 236         }
 237
 238         p = get_kprobe(addr);
 239         if (!p) {
 240                 if (*addr != breakpoint_insn) {
 241                         /*
 242                          * The breakpoint instruction was removed right
 243                          * after we hit it.  Another cpu has removed
 244                          * either a probepoint or a debugger breakpoint
 245                          * at this address.  In either case, no further
 246                          * handling of this interrupt is appropriate.
 247                          */
 248                         ret = 1;
 249                 }
 250                 /* Not one of ours: let kernel handle it. */
 251                 goto no_kprobe;
 252         }
 253
 254         set_current_kprobe(p, regs, kcb);
 255         kcb->kprobe_status = KPROBE_HIT_ACTIVE;
 256
 257         if (p->pre_handler && p->pre_handler(p, regs)) {
 258                 /* Handler has already set things up, so skip ss setup. */
 259                 return 1;
 260         }
 261
 262 ss_probe:
 263         prepare_singlestep(p, regs);
 264         kcb->kprobe_status = KPROBE_HIT_SS;
 265         return 1;
 266
 267 no_kprobe:
 268         preempt_enable_no_resched();
 269         return ret;
 270 }
 271
 272 /*
 273  * Called after single-stepping.  p->addr is the address of the
 274  * instruction that has been replaced by the breakpoint. To avoid the
 275  * SMP problems that can occur when we temporarily put back the
 276  * original opcode to single-step, we single-stepped a copy of the
 277  * instruction.  The address of this copy is p->ainsn.insn.
 278  *
 279  * This function prepares to return from the post-single-step
 280  * breakpoint trap.
 281  */
 282 static void __kprobes resume_execution(struct kprobe *p,
 283                                        struct pt_regs *regs,
 284                                        struct kprobe_ctlblk *kcb)
 285 {
 286         unsigned long orig_pc = kcb->kprobe_saved_pc;
 287         regs->pc = orig_pc + 8;
 288 }
 289
 290 static inline int post_kprobe_handler(struct pt_regs *regs)
 291 {
 292         struct kprobe *cur = kprobe_running();
 293         struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 294
 295         if (!cur)
 296                 return 0;
 297
 298         if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
 299                 kcb->kprobe_status = KPROBE_HIT_SSDONE;
 300                 cur->post_handler(cur, regs, 0);
 301         }
 302
 303         resume_execution(cur, regs, kcb);
 304
 305         /* Restore back the original saved kprobes variables and continue. */
 306         if (kcb->kprobe_status == KPROBE_REENTER) {
 307                 restore_previous_kprobe(kcb);
 308                 goto out;
 309         }
 310         reset_current_kprobe();
 311 out:
 312         preempt_enable_no_resched();
 313
 314         return 1;
 315 }
 316
 317 static inline int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
 318 {
 319         struct kprobe *cur = kprobe_running();
 320         struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 321
 322         if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
 323                 return 1;
 324
 325         if (kcb->kprobe_status & KPROBE_HIT_SS) {
 326                 /*
 327                  * We are here because the instruction being single
 328                  * stepped caused a page fault. We reset the current
 329                  * kprobe and the ip points back to the probe address
 330                  * and allow the page fault handler to continue as a
 331                  * normal page fault.
 332                  */
 333                 resume_execution(cur, regs, kcb);
 334                 reset_current_kprobe();
 335                 preempt_enable_no_resched();
 336         }
 337         return 0;
 338 }
 339
 340 /*
 341  * Wrapper routine for handling exceptions.
 342  */
 343 int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
 344                                        unsigned long val, void *data)
 345 {
 346         struct die_args *args = (struct die_args *)data;
 347         int ret = NOTIFY_DONE;
 348
 349         switch (val) {
 350         case DIE_BREAK:
 351                 if (kprobe_handler(args->regs))
 352                         ret = NOTIFY_STOP;
 353                 break;
 354         case DIE_SSTEPBP:
 355                 if (post_kprobe_handler(args->regs))
 356                         ret = NOTIFY_STOP;
 357                 break;
 358         case DIE_PAGE_FAULT:
 359                 /* kprobe_running() needs smp_processor_id(). */
 360                 preempt_disable();
 361
 362                 if (kprobe_running()
 363                     && kprobe_fault_handler(args->regs, args->trapnr))
 364                         ret = NOTIFY_STOP;
 365                 preempt_enable();
 366                 break;
 367         default:
 368                 break;
 369         }
 370         return ret;
 371 }
 372
 373 int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
 374 {
 375         struct jprobe *jp = container_of(p, struct jprobe, kp);
 376         struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 377
 378         kcb->jprobe_saved_regs = *regs;
 379         kcb->jprobe_saved_sp = regs->sp;
 380
 381         memcpy(kcb->jprobes_stack, (void *)kcb->jprobe_saved_sp,
 382                MIN_JPROBES_STACK_SIZE(kcb->jprobe_saved_sp));
 383
 384         regs->pc = (unsigned long)(jp->entry);
 385
 386         return 1;
 387 }
 388
 389 /* Defined in the inline asm below. */
 390 void jprobe_return_end(void);
 391
 392 void __kprobes jprobe_return(void)
 393 {
 394         asm volatile(
 395                 "bpt\n\t"
 396                 ".globl jprobe_return_end\n"
 397                 "jprobe_return_end:\n");
 398 }
 399
 400 int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
 401 {
 402         struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 403
 404         if (regs->pc >= (unsigned long)jprobe_return &&
 405             regs->pc <= (unsigned long)jprobe_return_end) {
 406                 *regs = kcb->jprobe_saved_regs;
 407                 memcpy((void *)kcb->jprobe_saved_sp, kcb->jprobes_stack,
 408                        MIN_JPROBES_STACK_SIZE(kcb->jprobe_saved_sp));
 409                 preempt_enable_no_resched();
 410
 411                 return 1;
 412         }
 413         return 0;
 414 }
 415
 416 /*
 417  * Function return probe trampoline:
 418  * - init_kprobes() establishes a probepoint here
 419  * - When the probed function returns, this probe causes the
 420  *   handlers to fire
 421  */
 422 static void __used kretprobe_trampoline_holder(void)
 423 {
 424         asm volatile(
 425                 "nop\n\t"
 426                 ".global kretprobe_trampoline\n"
 427                 "kretprobe_trampoline:\n\t"
 428                 "nop\n\t"
 429                 : : : "memory");
 430 }
 431
 432 void kretprobe_trampoline(void);
 433
 434 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
 435                                       struct pt_regs *regs)
 436 {
 437         ri->ret_addr = (kprobe_opcode_t *) regs->lr;
 438
 439         /* Replace the return addr with trampoline addr */
 440         regs->lr = (unsigned long)kretprobe_trampoline;
 441 }
 442
 443 /*
 444  * Called when the probe at kretprobe trampoline is hit.
 445  */
 446 static int __kprobes trampoline_probe_handler(struct kprobe *p,
 447                                                 struct pt_regs *regs)
 448 {
 449         struct kretprobe_instance *ri = NULL;
 450         struct hlist_head *head, empty_rp;
 451         struct hlist_node *tmp;
 452         unsigned long flags, orig_ret_address = 0;
 453         unsigned long trampoline_address = (unsigned long)kretprobe_trampoline;
 454
 455         INIT_HLIST_HEAD(&empty_rp);
 456         kretprobe_hash_lock(current, &head, &flags);
 457
 458         /*
 459          * It is possible to have multiple instances associated with a given
 460          * task either because multiple functions in the call path have
 461          * a return probe installed on them, and/or more than one return
 462          * return probe was registered for a target function.
 463          *
 464          * We can handle this because:
 465          *     - instances are always inserted at the head of the list
 466          *     - when multiple return probes are registered for the same
 467          *       function, the first instance's ret_addr will point to the
 468          *       real return address, and all the rest will point to
 469          *       kretprobe_trampoline
 470          */
 471         hlist_for_each_entry_safe(ri, tmp, head, hlist) {
 472                 if (ri->task != current)
 473                         /* another task is sharing our hash bucket */
 474                         continue;
 475
 476                 if (ri->rp && ri->rp->handler)
 477                         ri->rp->handler(ri, regs);
 478
 479                 orig_ret_address = (unsigned long)ri->ret_addr;
 480                 recycle_rp_inst(ri, &empty_rp);
 481
 482                 if (orig_ret_address != trampoline_address) {
 483                         /*
 484                          * This is the real return address. Any other
 485                          * instances associated with this task are for
 486                          * other calls deeper on the call stack
 487                          */
 488                         break;
 489                 }
 490         }
 491
 492         kretprobe_assert(ri, orig_ret_address, trampoline_address);
 493         instruction_pointer(regs) = orig_ret_address;
 494
 495         reset_current_kprobe();
 496         kretprobe_hash_unlock(current, &flags);
 497         preempt_enable_no_resched();
 498
 499         hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
 500                 hlist_del(&ri->hlist);
 501                 kfree(ri);
 502         }
 503         /*
 504          * By returning a non-zero value, we are telling
 505          * kprobe_handler() that we don't want the post_handler
 506          * to run (and have re-enabled preemption)
 507          */
 508         return 1;
 509 }
 510
 511 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
 512 {
 513         if (p->addr == (kprobe_opcode_t *)kretprobe_trampoline)
 514                 return 1;
 515
 516         return 0;
 517 }
 518
 519 static struct kprobe trampoline_p = {
 520         .addr = (kprobe_opcode_t *)kretprobe_trampoline,
 521         .pre_handler = trampoline_probe_handler
 522 };
 523
 524 int __init arch_init_kprobes(void)
 525 {
 526         register_kprobe(&trampoline_p);
 527         return 0;
 528 }