arm/probes/decode.h

0001 /* SPDX-License-Identifier: GPL-2.0-only */
0002 /*
0003  * arch/arm/probes/decode.h
0004  *
0005  * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
0006  *
0007  * Some contents moved here from arch/arm/include/asm/kprobes.h which is
0008  * Copyright (C) 2006, 2007 Motorola Inc.
0009  */
0010
0011 #ifndef _ARM_KERNEL_PROBES_H
0012 #define  _ARM_KERNEL_PROBES_H
0013
0014 #include <linux/types.h>
0015 #include <linux/stddef.h>
0016 #include <asm/probes.h>
0017 #include <asm/ptrace.h>
0018 #include <asm/kprobes.h>
0019
0020 void __init arm_probes_decode_init(void);
0021
0022 extern probes_check_cc * const probes_condition_checks[16];
0023
0024 #if __LINUX_ARM_ARCH__ >= 7
0025
0026 /* str_pc_offset is architecturally defined from ARMv7 onwards */
0027 #define str_pc_offset 8
0028 #define find_str_pc_offset()
0029
0030 #else /* __LINUX_ARM_ARCH__ < 7 */
0031
0032 /* We need a run-time check to determine str_pc_offset */
0033 extern int str_pc_offset;
0034 void __init find_str_pc_offset(void);
0035
0036 #endif
0037
0038
0039 static inline void __kprobes bx_write_pc(long pcv, struct pt_regs *regs)
0040 {
0041     long cpsr = regs->ARM_cpsr;
0042     if (pcv & 0x1) {
0043         cpsr |= PSR_T_BIT;
0044         pcv &= ~0x1;
0045     } else {
0046         cpsr &= ~PSR_T_BIT;
0047         pcv &= ~0x2;    /* Avoid UNPREDICTABLE address allignment */
0048     }
0049     regs->ARM_cpsr = cpsr;
0050     regs->ARM_pc = pcv;
0051 }
0052
0053
0054 #if __LINUX_ARM_ARCH__ >= 6
0055
0056 /* Kernels built for >= ARMv6 should never run on <= ARMv5 hardware, so... */
0057 #define load_write_pc_interworks true
0058 #define test_load_write_pc_interworking()
0059
0060 #else /* __LINUX_ARM_ARCH__ < 6 */
0061
0062 /* We need run-time testing to determine if load_write_pc() should interwork. */
0063 extern bool load_write_pc_interworks;
0064 void __init test_load_write_pc_interworking(void);
0065
0066 #endif
0067
0068 static inline void __kprobes load_write_pc(long pcv, struct pt_regs *regs)
0069 {
0070     if (load_write_pc_interworks)
0071         bx_write_pc(pcv, regs);
0072     else
0073         regs->ARM_pc = pcv;
0074 }
0075
0076
0077 #if __LINUX_ARM_ARCH__ >= 7
0078
0079 #define alu_write_pc_interworks true
0080 #define test_alu_write_pc_interworking()
0081
0082 #elif __LINUX_ARM_ARCH__ <= 5
0083
0084 /* Kernels built for <= ARMv5 should never run on >= ARMv6 hardware, so... */
0085 #define alu_write_pc_interworks false
0086 #define test_alu_write_pc_interworking()
0087
0088 #else /* __LINUX_ARM_ARCH__ == 6 */
0089
0090 /* We could be an ARMv6 binary on ARMv7 hardware so we need a run-time check. */
0091 extern bool alu_write_pc_interworks;
0092 void __init test_alu_write_pc_interworking(void);
0093
0094 #endif /* __LINUX_ARM_ARCH__ == 6 */
0095
0096 static inline void __kprobes alu_write_pc(long pcv, struct pt_regs *regs)
0097 {
0098     if (alu_write_pc_interworks)
0099         bx_write_pc(pcv, regs);
0100     else
0101         regs->ARM_pc = pcv;
0102 }
0103
0104
0105 /*
0106  * Test if load/store instructions writeback the address register.
0107  * if P (bit 24) == 0 or W (bit 21) == 1
0108  */
0109 #define is_writeback(insn) ((insn ^ 0x01000000) & 0x01200000)
0110
0111 /*
0112  * The following definitions and macros are used to build instruction
0113  * decoding tables for use by probes_decode_insn.
0114  *
0115  * These tables are a concatenation of entries each of which consist of one of
0116  * the decode_* structs. All of the fields in every type of decode structure
0117  * are of the union type decode_item, therefore the entire decode table can be
0118  * viewed as an array of these and declared like:
0119  *
0120  *  static const union decode_item table_name[] = {};
0121  *
0122  * In order to construct each entry in the table, macros are used to
0123  * initialise a number of sequential decode_item values in a layout which
0124  * matches the relevant struct. E.g. DECODE_SIMULATE initialise a struct
0125  * decode_simulate by initialising four decode_item objects like this...
0126  *
0127  *  {.bits = _type},
0128  *  {.bits = _mask},
0129  *  {.bits = _value},
0130  *  {.action = _handler},
0131  *
0132  * Initialising a specified member of the union means that the compiler
0133  * will produce a warning if the argument is of an incorrect type.
0134  *
0135  * Below is a list of each of the macros used to initialise entries and a
0136  * description of the action performed when that entry is matched to an
0137  * instruction. A match is found when (instruction & mask) == value.
0138  *
0139  * DECODE_TABLE(mask, value, table)
0140  *  Instruction decoding jumps to parsing the new sub-table 'table'.
0141  *
0142  * DECODE_CUSTOM(mask, value, decoder)
0143  *  The value of 'decoder' is used as an index into the array of
0144  *  action functions, and the retrieved decoder function is invoked
0145  *  to complete decoding of the instruction.
0146  *
0147  * DECODE_SIMULATE(mask, value, handler)
0148  *  The probes instruction handler is set to the value found by
0149  *  indexing into the action array using the value of 'handler'. This
0150  *  will be used to simulate the instruction when the probe is hit.
0151  *  Decoding returns with INSN_GOOD_NO_SLOT.
0152  *
0153  * DECODE_EMULATE(mask, value, handler)
0154  *  The probes instruction handler is set to the value found by
0155  *  indexing into the action array using the value of 'handler'. This
0156  *  will be used to emulate the instruction when the probe is hit. The
0157  *  modified instruction (see below) is placed in the probes instruction
0158  *  slot so it may be called by the emulation code. Decoding returns
0159  *  with INSN_GOOD.
0160  *
0161  * DECODE_REJECT(mask, value)
0162  *  Instruction decoding fails with INSN_REJECTED
0163  *
0164  * DECODE_OR(mask, value)
0165  *  This allows the mask/value test of multiple table entries to be
0166  *  logically ORed. Once an 'or' entry is matched the decoding action to
0167  *  be performed is that of the next entry which isn't an 'or'. E.g.
0168  *
0169  *      DECODE_OR   (mask1, value1)
0170  *      DECODE_OR   (mask2, value2)
0171  *      DECODE_SIMULATE (mask3, value3, simulation_handler)
0172  *
0173  *  This means that if any of the three mask/value pairs match the
0174  *  instruction being decoded, then 'simulation_handler' will be used
0175  *  for it.
0176  *
0177  * Both the SIMULATE and EMULATE macros have a second form which take an
0178  * additional 'regs' argument.
0179  *
0180  *  DECODE_SIMULATEX(mask, value, handler, regs)
0181  *  DECODE_EMULATEX (mask, value, handler, regs)
0182  *
0183  * These are used to specify what kind of CPU register is encoded in each of the
0184  * least significant 5 nibbles of the instruction being decoded. The regs value
0185  * is specified using the REGS macro, this takes any of the REG_TYPE_* values
0186  * from enum decode_reg_type as arguments; only the '*' part of the name is
0187  * given. E.g.
0188  *
0189  *  REGS(0, ANY, NOPC, 0, ANY)
0190  *
0191  * This indicates an instruction is encoded like:
0192  *
0193  *  bits 19..16 ignore
0194  *  bits 15..12 any register allowed here
0195  *  bits 11.. 8 any register except PC allowed here
0196  *  bits  7.. 4 ignore
0197  *  bits  3.. 0 any register allowed here
0198  *
0199  * This register specification is checked after a decode table entry is found to
0200  * match an instruction (through the mask/value test). Any invalid register then
0201  * found in the instruction will cause decoding to fail with INSN_REJECTED. In
0202  * the above example this would happen if bits 11..8 of the instruction were
0203  * 1111, indicating R15 or PC.
0204  *
0205  * As well as checking for legal combinations of registers, this data is also
0206  * used to modify the registers encoded in the instructions so that an
0207  * emulation routines can use it. (See decode_regs() and INSN_NEW_BITS.)
0208  *
0209  * Here is a real example which matches ARM instructions of the form
0210  * "AND <Rd>,<Rn>,<Rm>,<shift> <Rs>"
0211  *
0212  *  DECODE_EMULATEX (0x0e000090, 0x00000010, PROBES_DATA_PROCESSING_REG,
0213  *                       REGS(ANY, ANY, NOPC, 0, ANY)),
0214  *                            ^    ^    ^        ^
0215  *                            Rn   Rd   Rs       Rm
0216  *
0217  * Decoding the instruction "AND R4, R5, R6, ASL R15" will be rejected because
0218  * Rs == R15
0219  *
0220  * Decoding the instruction "AND R4, R5, R6, ASL R7" will be accepted and the
0221  * instruction will be modified to "AND R0, R2, R3, ASL R1" and then placed into
0222  * the kprobes instruction slot. This can then be called later by the handler
0223  * function emulate_rd12rn16rm0rs8_rwflags (a pointer to which is retrieved from
0224  * the indicated slot in the action array), in order to simulate the instruction.
0225  */
0226
0227 enum decode_type {
0228     DECODE_TYPE_END,
0229     DECODE_TYPE_TABLE,
0230     DECODE_TYPE_CUSTOM,
0231     DECODE_TYPE_SIMULATE,
0232     DECODE_TYPE_EMULATE,
0233     DECODE_TYPE_OR,
0234     DECODE_TYPE_REJECT,
0235     NUM_DECODE_TYPES /* Must be last enum */
0236 };
0237
0238 #define DECODE_TYPE_BITS    4
0239 #define DECODE_TYPE_MASK    ((1 << DECODE_TYPE_BITS) - 1)
0240
0241 enum decode_reg_type {
0242     REG_TYPE_NONE = 0, /* Not a register, ignore */
0243     REG_TYPE_ANY,      /* Any register allowed */
0244     REG_TYPE_SAMEAS16, /* Register should be same as that at bits 19..16 */
0245     REG_TYPE_SP,       /* Register must be SP */
0246     REG_TYPE_PC,       /* Register must be PC */
0247     REG_TYPE_NOSP,     /* Register must not be SP */
0248     REG_TYPE_NOSPPC,   /* Register must not be SP or PC */
0249     REG_TYPE_NOPC,     /* Register must not be PC */
0250     REG_TYPE_NOPCWB,   /* No PC if load/store write-back flag also set */
0251
0252     /* The following types are used when the encoding for PC indicates
0253      * another instruction form. This distiction only matters for test
0254      * case coverage checks.
0255      */
0256     REG_TYPE_NOPCX,    /* Register must not be PC */
0257     REG_TYPE_NOSPPCX,  /* Register must not be SP or PC */
0258
0259     /* Alias to allow '0' arg to be used in REGS macro. */
0260     REG_TYPE_0 = REG_TYPE_NONE
0261 };
0262
0263 #define REGS(r16, r12, r8, r4, r0)  \
0264     (((REG_TYPE_##r16) << 16) + \
0265     ((REG_TYPE_##r12) << 12) +  \
0266     ((REG_TYPE_##r8) << 8) +    \
0267     ((REG_TYPE_##r4) << 4) +    \
0268     (REG_TYPE_##r0))
0269
0270 union decode_item {
0271     u32         bits;
0272     const union decode_item *table;
0273     int         action;
0274 };
0275
0276 struct decode_header;
0277 typedef enum probes_insn (probes_custom_decode_t)(probes_opcode_t,
0278                           struct arch_probes_insn *,
0279                           const struct decode_header *);
0280
0281 union decode_action {
0282     probes_insn_handler_t   *handler;
0283     probes_custom_decode_t  *decoder;
0284 };
0285
0286 typedef enum probes_insn (probes_check_t)(probes_opcode_t,
0287                        struct arch_probes_insn *,
0288                        const struct decode_header *);
0289
0290 struct decode_checker {
0291     probes_check_t  *checker;
0292 };
0293
0294 #define DECODE_END          \
0295     {.bits = DECODE_TYPE_END}
0296
0297
0298 struct decode_header {
0299     union decode_item   type_regs;
0300     union decode_item   mask;
0301     union decode_item   value;
0302 };
0303
0304 #define DECODE_HEADER(_type, _mask, _value, _regs)      \
0305     {.bits = (_type) | ((_regs) << DECODE_TYPE_BITS)},  \
0306     {.bits = (_mask)},                  \
0307     {.bits = (_value)}
0308
0309
0310 struct decode_table {
0311     struct decode_header    header;
0312     union decode_item   table;
0313 };
0314
0315 #define DECODE_TABLE(_mask, _value, _table)         \
0316     DECODE_HEADER(DECODE_TYPE_TABLE, _mask, _value, 0), \
0317     {.table = (_table)}
0318
0319
0320 struct decode_custom {
0321     struct decode_header    header;
0322     union decode_item   decoder;
0323 };
0324
0325 #define DECODE_CUSTOM(_mask, _value, _decoder)          \
0326     DECODE_HEADER(DECODE_TYPE_CUSTOM, _mask, _value, 0),    \
0327     {.action = (_decoder)}
0328
0329
0330 struct decode_simulate {
0331     struct decode_header    header;
0332     union decode_item   handler;
0333 };
0334
0335 #define DECODE_SIMULATEX(_mask, _value, _handler, _regs)        \
0336     DECODE_HEADER(DECODE_TYPE_SIMULATE, _mask, _value, _regs),  \
0337     {.action = (_handler)}
0338
0339 #define DECODE_SIMULATE(_mask, _value, _handler)    \
0340     DECODE_SIMULATEX(_mask, _value, _handler, 0)
0341
0342
0343 struct decode_emulate {
0344     struct decode_header    header;
0345     union decode_item   handler;
0346 };
0347
0348 #define DECODE_EMULATEX(_mask, _value, _handler, _regs)         \
0349     DECODE_HEADER(DECODE_TYPE_EMULATE, _mask, _value, _regs),   \
0350     {.action = (_handler)}
0351
0352 #define DECODE_EMULATE(_mask, _value, _handler)     \
0353     DECODE_EMULATEX(_mask, _value, _handler, 0)
0354
0355
0356 struct decode_or {
0357     struct decode_header    header;
0358 };
0359
0360 #define DECODE_OR(_mask, _value)                \
0361     DECODE_HEADER(DECODE_TYPE_OR, _mask, _value, 0)
0362
0363 enum probes_insn {
0364     INSN_REJECTED,
0365     INSN_GOOD,
0366     INSN_GOOD_NO_SLOT
0367 };
0368
0369 struct decode_reject {
0370     struct decode_header    header;
0371 };
0372
0373 #define DECODE_REJECT(_mask, _value)                \
0374     DECODE_HEADER(DECODE_TYPE_REJECT, _mask, _value, 0)
0375
0376 probes_insn_handler_t probes_simulate_nop;
0377 probes_insn_handler_t probes_emulate_none;
0378
0379 int __kprobes
0380 probes_decode_insn(probes_opcode_t insn, struct arch_probes_insn *asi,
0381         const union decode_item *table, bool thumb, bool emulate,
0382         const union decode_action *actions,
0383         const struct decode_checker **checkers);
0384
0385 #endif