arc/kernel/kprobes.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (C) 2004, 2007-2010, 2011-2012 Synopsys, Inc. (www.synopsys.com)
0004  */
0005
0006 #include <linux/types.h>
0007 #include <linux/kprobes.h>
0008 #include <linux/slab.h>
0009 #include <linux/module.h>
0010 #include <linux/kdebug.h>
0011 #include <linux/sched.h>
0012 #include <linux/uaccess.h>
0013 #include <asm/cacheflush.h>
0014 #include <asm/current.h>
0015 #include <asm/disasm.h>
0016
0017 #define MIN_STACK_SIZE(addr)    min((unsigned long)MAX_STACK_SIZE, \
0018         (unsigned long)current_thread_info() + THREAD_SIZE - (addr))
0019
0020 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
0021 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
0022
0023 int __kprobes arch_prepare_kprobe(struct kprobe *p)
0024 {
0025     /* Attempt to probe at unaligned address */
0026     if ((unsigned long)p->addr & 0x01)
0027         return -EINVAL;
0028
0029     /* Address should not be in exception handling code */
0030
0031     p->ainsn.is_short = is_short_instr((unsigned long)p->addr);
0032     p->opcode = *p->addr;
0033
0034     return 0;
0035 }
0036
0037 void __kprobes arch_arm_kprobe(struct kprobe *p)
0038 {
0039     *p->addr = UNIMP_S_INSTRUCTION;
0040
0041     flush_icache_range((unsigned long)p->addr,
0042                (unsigned long)p->addr + sizeof(kprobe_opcode_t));
0043 }
0044
0045 void __kprobes arch_disarm_kprobe(struct kprobe *p)
0046 {
0047     *p->addr = p->opcode;
0048
0049     flush_icache_range((unsigned long)p->addr,
0050                (unsigned long)p->addr + sizeof(kprobe_opcode_t));
0051 }
0052
0053 void __kprobes arch_remove_kprobe(struct kprobe *p)
0054 {
0055     arch_disarm_kprobe(p);
0056
0057     /* Can we remove the kprobe in the middle of kprobe handling? */
0058     if (p->ainsn.t1_addr) {
0059         *(p->ainsn.t1_addr) = p->ainsn.t1_opcode;
0060
0061         flush_icache_range((unsigned long)p->ainsn.t1_addr,
0062                    (unsigned long)p->ainsn.t1_addr +
0063                    sizeof(kprobe_opcode_t));
0064
0065         p->ainsn.t1_addr = NULL;
0066     }
0067
0068     if (p->ainsn.t2_addr) {
0069         *(p->ainsn.t2_addr) = p->ainsn.t2_opcode;
0070
0071         flush_icache_range((unsigned long)p->ainsn.t2_addr,
0072                    (unsigned long)p->ainsn.t2_addr +
0073                    sizeof(kprobe_opcode_t));
0074
0075         p->ainsn.t2_addr = NULL;
0076     }
0077 }
0078
0079 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
0080 {
0081     kcb->prev_kprobe.kp = kprobe_running();
0082     kcb->prev_kprobe.status = kcb->kprobe_status;
0083 }
0084
0085 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
0086 {
0087     __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
0088     kcb->kprobe_status = kcb->prev_kprobe.status;
0089 }
0090
0091 static inline void __kprobes set_current_kprobe(struct kprobe *p)
0092 {
0093     __this_cpu_write(current_kprobe, p);
0094 }
0095
0096 static void __kprobes resume_execution(struct kprobe *p, unsigned long addr,
0097                        struct pt_regs *regs)
0098 {
0099     /* Remove the trap instructions inserted for single step and
0100      * restore the original instructions
0101      */
0102     if (p->ainsn.t1_addr) {
0103         *(p->ainsn.t1_addr) = p->ainsn.t1_opcode;
0104
0105         flush_icache_range((unsigned long)p->ainsn.t1_addr,
0106                    (unsigned long)p->ainsn.t1_addr +
0107                    sizeof(kprobe_opcode_t));
0108
0109         p->ainsn.t1_addr = NULL;
0110     }
0111
0112     if (p->ainsn.t2_addr) {
0113         *(p->ainsn.t2_addr) = p->ainsn.t2_opcode;
0114
0115         flush_icache_range((unsigned long)p->ainsn.t2_addr,
0116                    (unsigned long)p->ainsn.t2_addr +
0117                    sizeof(kprobe_opcode_t));
0118
0119         p->ainsn.t2_addr = NULL;
0120     }
0121
0122     return;
0123 }
0124
0125 static void __kprobes setup_singlestep(struct kprobe *p, struct pt_regs *regs)
0126 {
0127     unsigned long next_pc;
0128     unsigned long tgt_if_br = 0;
0129     int is_branch;
0130     unsigned long bta;
0131
0132     /* Copy the opcode back to the kprobe location and execute the
0133      * instruction. Because of this we will not be able to get into the
0134      * same kprobe until this kprobe is done
0135      */
0136     *(p->addr) = p->opcode;
0137
0138     flush_icache_range((unsigned long)p->addr,
0139                (unsigned long)p->addr + sizeof(kprobe_opcode_t));
0140
0141     /* Now we insert the trap at the next location after this instruction to
0142      * single step. If it is a branch we insert the trap at possible branch
0143      * targets
0144      */
0145
0146     bta = regs->bta;
0147
0148     if (regs->status32 & 0x40) {
0149         /* We are in a delay slot with the branch taken */
0150
0151         next_pc = bta & ~0x01;
0152
0153         if (!p->ainsn.is_short) {
0154             if (bta & 0x01)
0155                 regs->blink += 2;
0156             else {
0157                 /* Branch not taken */
0158                 next_pc += 2;
0159
0160                 /* next pc is taken from bta after executing the
0161                  * delay slot instruction
0162                  */
0163                 regs->bta += 2;
0164             }
0165         }
0166
0167         is_branch = 0;
0168     } else
0169         is_branch =
0170             disasm_next_pc((unsigned long)p->addr, regs,
0171             (struct callee_regs *) current->thread.callee_reg,
0172             &next_pc, &tgt_if_br);
0173
0174     p->ainsn.t1_addr = (kprobe_opcode_t *) next_pc;
0175     p->ainsn.t1_opcode = *(p->ainsn.t1_addr);
0176     *(p->ainsn.t1_addr) = TRAP_S_2_INSTRUCTION;
0177
0178     flush_icache_range((unsigned long)p->ainsn.t1_addr,
0179                (unsigned long)p->ainsn.t1_addr +
0180                sizeof(kprobe_opcode_t));
0181
0182     if (is_branch) {
0183         p->ainsn.t2_addr = (kprobe_opcode_t *) tgt_if_br;
0184         p->ainsn.t2_opcode = *(p->ainsn.t2_addr);
0185         *(p->ainsn.t2_addr) = TRAP_S_2_INSTRUCTION;
0186
0187         flush_icache_range((unsigned long)p->ainsn.t2_addr,
0188                    (unsigned long)p->ainsn.t2_addr +
0189                    sizeof(kprobe_opcode_t));
0190     }
0191 }
0192
0193 int __kprobes arc_kprobe_handler(unsigned long addr, struct pt_regs *regs)
0194 {
0195     struct kprobe *p;
0196     struct kprobe_ctlblk *kcb;
0197
0198     preempt_disable();
0199
0200     kcb = get_kprobe_ctlblk();
0201     p = get_kprobe((unsigned long *)addr);
0202
0203     if (p) {
0204         /*
0205          * We have reentered the kprobe_handler, since another kprobe
0206          * was hit while within the handler, we save the original
0207          * kprobes and single step on the instruction of the new probe
0208          * without calling any user handlers to avoid recursive
0209          * kprobes.
0210          */
0211         if (kprobe_running()) {
0212             save_previous_kprobe(kcb);
0213             set_current_kprobe(p);
0214             kprobes_inc_nmissed_count(p);
0215             setup_singlestep(p, regs);
0216             kcb->kprobe_status = KPROBE_REENTER;
0217             return 1;
0218         }
0219
0220         set_current_kprobe(p);
0221         kcb->kprobe_status = KPROBE_HIT_ACTIVE;
0222
0223         /* If we have no pre-handler or it returned 0, we continue with
0224          * normal processing. If we have a pre-handler and it returned
0225          * non-zero - which means user handler setup registers to exit
0226          * to another instruction, we must skip the single stepping.
0227          */
0228         if (!p->pre_handler || !p->pre_handler(p, regs)) {
0229             setup_singlestep(p, regs);
0230             kcb->kprobe_status = KPROBE_HIT_SS;
0231         } else {
0232             reset_current_kprobe();
0233             preempt_enable_no_resched();
0234         }
0235
0236         return 1;
0237     }
0238
0239     /* no_kprobe: */
0240     preempt_enable_no_resched();
0241     return 0;
0242 }
0243
0244 static int __kprobes arc_post_kprobe_handler(unsigned long addr,
0245                      struct pt_regs *regs)
0246 {
0247     struct kprobe *cur = kprobe_running();
0248     struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
0249
0250     if (!cur)
0251         return 0;
0252
0253     resume_execution(cur, addr, regs);
0254
0255     /* Rearm the kprobe */
0256     arch_arm_kprobe(cur);
0257
0258     /*
0259      * When we return from trap instruction we go to the next instruction
0260      * We restored the actual instruction in resume_exectuiont and we to
0261      * return to the same address and execute it
0262      */
0263     regs->ret = addr;
0264
0265     if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
0266         kcb->kprobe_status = KPROBE_HIT_SSDONE;
0267         cur->post_handler(cur, regs, 0);
0268     }
0269
0270     if (kcb->kprobe_status == KPROBE_REENTER) {
0271         restore_previous_kprobe(kcb);
0272         goto out;
0273     }
0274
0275     reset_current_kprobe();
0276
0277 out:
0278     preempt_enable_no_resched();
0279     return 1;
0280 }
0281
0282 /*
0283  * Fault can be for the instruction being single stepped or for the
0284  * pre/post handlers in the module.
0285  * This is applicable for applications like user probes, where we have the
0286  * probe in user space and the handlers in the kernel
0287  */
0288
0289 int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned long trapnr)
0290 {
0291     struct kprobe *cur = kprobe_running();
0292     struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
0293
0294     switch (kcb->kprobe_status) {
0295     case KPROBE_HIT_SS:
0296     case KPROBE_REENTER:
0297         /*
0298          * We are here because the instruction being single stepped
0299          * caused the fault. We reset the current kprobe and allow the
0300          * exception handler as if it is regular exception. In our
0301          * case it doesn't matter because the system will be halted
0302          */
0303         resume_execution(cur, (unsigned long)cur->addr, regs);
0304
0305         if (kcb->kprobe_status == KPROBE_REENTER)
0306             restore_previous_kprobe(kcb);
0307         else
0308             reset_current_kprobe();
0309
0310         preempt_enable_no_resched();
0311         break;
0312
0313     case KPROBE_HIT_ACTIVE:
0314     case KPROBE_HIT_SSDONE:
0315         /*
0316          * We are here because the instructions in the pre/post handler
0317          * caused the fault.
0318          */
0319
0320         /*
0321          * In case the user-specified fault handler returned zero,
0322          * try to fix up.
0323          */
0324         if (fixup_exception(regs))
0325             return 1;
0326
0327         /*
0328          * fixup_exception() could not handle it,
0329          * Let do_page_fault() fix it.
0330          */
0331         break;
0332
0333     default:
0334         break;
0335     }
0336     return 0;
0337 }
0338
0339 int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
0340                        unsigned long val, void *data)
0341 {
0342     struct die_args *args = data;
0343     unsigned long addr = args->err;
0344     int ret = NOTIFY_DONE;
0345
0346     switch (val) {
0347     case DIE_IERR:
0348         if (arc_kprobe_handler(addr, args->regs))
0349             return NOTIFY_STOP;
0350         break;
0351
0352     case DIE_TRAP:
0353         if (arc_post_kprobe_handler(addr, args->regs))
0354             return NOTIFY_STOP;
0355         break;
0356
0357     default:
0358         break;
0359     }
0360
0361     return ret;
0362 }
0363
0364 static void __used kretprobe_trampoline_holder(void)
0365 {
0366     __asm__ __volatile__(".global __kretprobe_trampoline\n"
0367                  "__kretprobe_trampoline:\n"
0368                  "nop\n");
0369 }
0370
0371 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
0372                       struct pt_regs *regs)
0373 {
0374
0375     ri->ret_addr = (kprobe_opcode_t *) regs->blink;
0376     ri->fp = NULL;
0377
0378     /* Replace the return addr with trampoline addr */
0379     regs->blink = (unsigned long)&__kretprobe_trampoline;
0380 }
0381
0382 static int __kprobes trampoline_probe_handler(struct kprobe *p,
0383                           struct pt_regs *regs)
0384 {
0385     regs->ret = __kretprobe_trampoline_handler(regs, NULL);
0386
0387     /* By returning a non zero value, we are telling the kprobe handler
0388      * that we don't want the post_handler to run
0389      */
0390     return 1;
0391 }
0392
0393 static struct kprobe trampoline_p = {
0394     .addr = (kprobe_opcode_t *) &__kretprobe_trampoline,
0395     .pre_handler = trampoline_probe_handler
0396 };
0397
0398 int __init arch_init_kprobes(void)
0399 {
0400     /* Registering the trampoline code for the kret probe */
0401     return register_kprobe(&trampoline_p);
0402 }
0403
0404 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
0405 {
0406     if (p->addr == (kprobe_opcode_t *) &__kretprobe_trampoline)
0407         return 1;
0408
0409     return 0;
0410 }
0411
0412 void trap_is_kprobe(unsigned long address, struct pt_regs *regs)
0413 {
0414     notify_die(DIE_TRAP, "kprobe_trap", regs, address, 0, SIGTRAP);
0415 }