Commit | Line | Data |
---|---|---|
4ba069b8 MG |
1 | /* |
2 | * Kernel Probes (KProbes) | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify | |
5 | * it under the terms of the GNU General Public License as published by | |
6 | * the Free Software Foundation; either version 2 of the License, or | |
7 | * (at your option) any later version. | |
8 | * | |
9 | * This program is distributed in the hope that it will be useful, | |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | * GNU General Public License for more details. | |
13 | * | |
14 | * You should have received a copy of the GNU General Public License | |
15 | * along with this program; if not, write to the Free Software | |
16 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
17 | * | |
a53c8fab | 18 | * Copyright IBM Corp. 2002, 2006 |
4ba069b8 MG |
19 | * |
20 | * s390 port, used ppc64 as template. Mike Grundy <grundym@us.ibm.com> | |
21 | */ | |
22 | ||
4ba069b8 MG |
23 | #include <linux/kprobes.h> |
24 | #include <linux/ptrace.h> | |
25 | #include <linux/preempt.h> | |
26 | #include <linux/stop_machine.h> | |
1eeb66a1 | 27 | #include <linux/kdebug.h> |
a2b53673 | 28 | #include <linux/uaccess.h> |
4ba069b8 | 29 | #include <asm/cacheflush.h> |
4ba069b8 | 30 | #include <asm/sections.h> |
4ba069b8 | 31 | #include <linux/module.h> |
5a0e3ad6 | 32 | #include <linux/slab.h> |
adb45839 | 33 | #include <linux/hardirq.h> |
4ba069b8 | 34 | |
4a188635 | 35 | DEFINE_PER_CPU(struct kprobe *, current_kprobe); |
4ba069b8 MG |
36 | DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); |
37 | ||
4a188635 | 38 | struct kretprobe_blackpoint kretprobe_blacklist[] = { }; |
f438d914 | 39 | |
ba640a59 | 40 | static int __kprobes is_prohibited_opcode(kprobe_opcode_t *insn) |
4ba069b8 | 41 | { |
ba640a59 | 42 | switch (insn[0] >> 8) { |
4ba069b8 MG |
43 | case 0x0c: /* bassm */ |
44 | case 0x0b: /* bsm */ | |
45 | case 0x83: /* diag */ | |
46 | case 0x44: /* ex */ | |
bac9f154 HC |
47 | case 0xac: /* stnsm */ |
48 | case 0xad: /* stosm */ | |
4ba069b8 MG |
49 | return -EINVAL; |
50 | } | |
ba640a59 | 51 | switch (insn[0]) { |
4ba069b8 MG |
52 | case 0x0101: /* pr */ |
53 | case 0xb25a: /* bsa */ | |
54 | case 0xb240: /* bakr */ | |
55 | case 0xb258: /* bsg */ | |
56 | case 0xb218: /* pc */ | |
57 | case 0xb228: /* pt */ | |
bac9f154 | 58 | case 0xb98d: /* epsw */ |
4ba069b8 MG |
59 | return -EINVAL; |
60 | } | |
61 | return 0; | |
62 | } | |
63 | ||
ba640a59 | 64 | static int __kprobes get_fixup_type(kprobe_opcode_t *insn) |
4ba069b8 MG |
65 | { |
66 | /* default fixup method */ | |
ba640a59 | 67 | int fixup = FIXUP_PSW_NORMAL; |
4ba069b8 | 68 | |
ba640a59 | 69 | switch (insn[0] >> 8) { |
4ba069b8 MG |
70 | case 0x05: /* balr */ |
71 | case 0x0d: /* basr */ | |
ba640a59 | 72 | fixup = FIXUP_RETURN_REGISTER; |
4ba069b8 | 73 | /* if r2 = 0, no branch will be taken */ |
ba640a59 MS |
74 | if ((insn[0] & 0x0f) == 0) |
75 | fixup |= FIXUP_BRANCH_NOT_TAKEN; | |
4ba069b8 MG |
76 | break; |
77 | case 0x06: /* bctr */ | |
78 | case 0x07: /* bcr */ | |
ba640a59 | 79 | fixup = FIXUP_BRANCH_NOT_TAKEN; |
4ba069b8 MG |
80 | break; |
81 | case 0x45: /* bal */ | |
82 | case 0x4d: /* bas */ | |
ba640a59 | 83 | fixup = FIXUP_RETURN_REGISTER; |
4ba069b8 MG |
84 | break; |
85 | case 0x47: /* bc */ | |
86 | case 0x46: /* bct */ | |
87 | case 0x86: /* bxh */ | |
88 | case 0x87: /* bxle */ | |
ba640a59 | 89 | fixup = FIXUP_BRANCH_NOT_TAKEN; |
4ba069b8 MG |
90 | break; |
91 | case 0x82: /* lpsw */ | |
ba640a59 | 92 | fixup = FIXUP_NOT_REQUIRED; |
4ba069b8 MG |
93 | break; |
94 | case 0xb2: /* lpswe */ | |
ba640a59 MS |
95 | if ((insn[0] & 0xff) == 0xb2) |
96 | fixup = FIXUP_NOT_REQUIRED; | |
4ba069b8 MG |
97 | break; |
98 | case 0xa7: /* bras */ | |
ba640a59 MS |
99 | if ((insn[0] & 0x0f) == 0x05) |
100 | fixup |= FIXUP_RETURN_REGISTER; | |
4ba069b8 MG |
101 | break; |
102 | case 0xc0: | |
ba640a59 MS |
103 | if ((insn[0] & 0x0f) == 0x00 || /* larl */ |
104 | (insn[0] & 0x0f) == 0x05) /* brasl */ | |
105 | fixup |= FIXUP_RETURN_REGISTER; | |
4ba069b8 MG |
106 | break; |
107 | case 0xeb: | |
ba640a59 MS |
108 | if ((insn[2] & 0xff) == 0x44 || /* bxhg */ |
109 | (insn[2] & 0xff) == 0x45) /* bxleg */ | |
110 | fixup = FIXUP_BRANCH_NOT_TAKEN; | |
4ba069b8 MG |
111 | break; |
112 | case 0xe3: /* bctg */ | |
ba640a59 MS |
113 | if ((insn[2] & 0xff) == 0x46) |
114 | fixup = FIXUP_BRANCH_NOT_TAKEN; | |
4ba069b8 MG |
115 | break; |
116 | } | |
ba640a59 MS |
117 | return fixup; |
118 | } | |
119 | ||
120 | int __kprobes arch_prepare_kprobe(struct kprobe *p) | |
121 | { | |
122 | if ((unsigned long) p->addr & 0x01) | |
123 | return -EINVAL; | |
124 | ||
125 | /* Make sure the probe isn't going on a difficult instruction */ | |
4a188635 | 126 | if (is_prohibited_opcode(p->addr)) |
ba640a59 MS |
127 | return -EINVAL; |
128 | ||
ba640a59 MS |
129 | p->opcode = *p->addr; |
130 | memcpy(p->ainsn.insn, p->addr, ((p->opcode >> 14) + 3) & -2); | |
131 | ||
132 | return 0; | |
4ba069b8 MG |
133 | } |
134 | ||
5a8b589f MS |
135 | struct ins_replace_args { |
136 | kprobe_opcode_t *ptr; | |
137 | kprobe_opcode_t opcode; | |
138 | }; | |
139 | ||
4ba069b8 MG |
140 | static int __kprobes swap_instruction(void *aref) |
141 | { | |
acf01800 HC |
142 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); |
143 | unsigned long status = kcb->kprobe_status; | |
4ba069b8 | 144 | struct ins_replace_args *args = aref; |
a2b53673 | 145 | |
acf01800 | 146 | kcb->kprobe_status = KPROBE_SWAP_INST; |
5a8b589f | 147 | probe_kernel_write(args->ptr, &args->opcode, sizeof(args->opcode)); |
acf01800 | 148 | kcb->kprobe_status = status; |
5a8b589f | 149 | return 0; |
4ba069b8 MG |
150 | } |
151 | ||
152 | void __kprobes arch_arm_kprobe(struct kprobe *p) | |
153 | { | |
4ba069b8 MG |
154 | struct ins_replace_args args; |
155 | ||
156 | args.ptr = p->addr; | |
5a8b589f | 157 | args.opcode = BREAKPOINT_INSTRUCTION; |
9b1a4d38 | 158 | stop_machine(swap_instruction, &args, NULL); |
4ba069b8 MG |
159 | } |
160 | ||
161 | void __kprobes arch_disarm_kprobe(struct kprobe *p) | |
162 | { | |
4ba069b8 MG |
163 | struct ins_replace_args args; |
164 | ||
165 | args.ptr = p->addr; | |
5a8b589f | 166 | args.opcode = p->opcode; |
9b1a4d38 | 167 | stop_machine(swap_instruction, &args, NULL); |
4ba069b8 MG |
168 | } |
169 | ||
170 | void __kprobes arch_remove_kprobe(struct kprobe *p) | |
171 | { | |
4ba069b8 MG |
172 | } |
173 | ||
fc0a1fea MS |
174 | static void __kprobes enable_singlestep(struct kprobe_ctlblk *kcb, |
175 | struct pt_regs *regs, | |
176 | unsigned long ip) | |
4ba069b8 | 177 | { |
5e9a2692 | 178 | struct per_regs per_kprobe; |
4ba069b8 | 179 | |
5e9a2692 MS |
180 | /* Set up the PER control registers %cr9-%cr11 */ |
181 | per_kprobe.control = PER_EVENT_IFETCH; | |
182 | per_kprobe.start = ip; | |
183 | per_kprobe.end = ip; | |
4ba069b8 | 184 | |
fc0a1fea MS |
185 | /* Save control regs and psw mask */ |
186 | __ctl_store(kcb->kprobe_saved_ctl, 9, 11); | |
187 | kcb->kprobe_saved_imask = regs->psw.mask & | |
188 | (PSW_MASK_PER | PSW_MASK_IO | PSW_MASK_EXT); | |
189 | ||
190 | /* Set PER control regs, turns on single step for the given address */ | |
5e9a2692 | 191 | __ctl_load(per_kprobe, 9, 11); |
4ba069b8 | 192 | regs->psw.mask |= PSW_MASK_PER; |
adb45839 | 193 | regs->psw.mask &= ~(PSW_MASK_IO | PSW_MASK_EXT); |
fc0a1fea | 194 | regs->psw.addr = ip | PSW_ADDR_AMODE; |
4ba069b8 MG |
195 | } |
196 | ||
fc0a1fea MS |
197 | static void __kprobes disable_singlestep(struct kprobe_ctlblk *kcb, |
198 | struct pt_regs *regs, | |
199 | unsigned long ip) | |
200 | { | |
201 | /* Restore control regs and psw mask, set new psw address */ | |
202 | __ctl_load(kcb->kprobe_saved_ctl, 9, 11); | |
203 | regs->psw.mask &= ~PSW_MASK_PER; | |
204 | regs->psw.mask |= kcb->kprobe_saved_imask; | |
205 | regs->psw.addr = ip | PSW_ADDR_AMODE; | |
206 | } | |
207 | ||
b9599798 MS |
208 | /* |
209 | * Activate a kprobe by storing its pointer to current_kprobe. The | |
210 | * previous kprobe is stored in kcb->prev_kprobe. A stack of up to | |
211 | * two kprobes can be active, see KPROBE_REENTER. | |
212 | */ | |
213 | static void __kprobes push_kprobe(struct kprobe_ctlblk *kcb, struct kprobe *p) | |
4ba069b8 | 214 | { |
b9599798 | 215 | kcb->prev_kprobe.kp = __get_cpu_var(current_kprobe); |
4ba069b8 | 216 | kcb->prev_kprobe.status = kcb->kprobe_status; |
b9599798 | 217 | __get_cpu_var(current_kprobe) = p; |
4ba069b8 MG |
218 | } |
219 | ||
b9599798 MS |
220 | /* |
221 | * Deactivate a kprobe by backing up to the previous state. If the | |
222 | * current state is KPROBE_REENTER prev_kprobe.kp will be non-NULL, | |
223 | * for any other state prev_kprobe.kp will be NULL. | |
224 | */ | |
225 | static void __kprobes pop_kprobe(struct kprobe_ctlblk *kcb) | |
4ba069b8 MG |
226 | { |
227 | __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp; | |
228 | kcb->kprobe_status = kcb->prev_kprobe.status; | |
4ba069b8 MG |
229 | } |
230 | ||
4c4308cb | 231 | void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, |
4ba069b8 MG |
232 | struct pt_regs *regs) |
233 | { | |
4c4308cb | 234 | ri->ret_addr = (kprobe_opcode_t *) regs->gprs[14]; |
4ba069b8 | 235 | |
4c4308cb | 236 | /* Replace the return addr with trampoline addr */ |
4a188635 | 237 | regs->gprs[14] = (unsigned long) &kretprobe_trampoline; |
4ba069b8 MG |
238 | } |
239 | ||
0e917cc3 MS |
240 | static void __kprobes kprobe_reenter_check(struct kprobe_ctlblk *kcb, |
241 | struct kprobe *p) | |
242 | { | |
243 | switch (kcb->kprobe_status) { | |
244 | case KPROBE_HIT_SSDONE: | |
245 | case KPROBE_HIT_ACTIVE: | |
246 | kprobes_inc_nmissed_count(p); | |
247 | break; | |
248 | case KPROBE_HIT_SS: | |
249 | case KPROBE_REENTER: | |
250 | default: | |
251 | /* | |
252 | * A kprobe on the code path to single step an instruction | |
253 | * is a BUG. The code path resides in the .kprobes.text | |
254 | * section and is executed with interrupts disabled. | |
255 | */ | |
256 | printk(KERN_EMERG "Invalid kprobe detected at %p.\n", p->addr); | |
257 | dump_kprobe(p); | |
258 | BUG(); | |
259 | } | |
260 | } | |
261 | ||
4ba069b8 MG |
262 | static int __kprobes kprobe_handler(struct pt_regs *regs) |
263 | { | |
4ba069b8 | 264 | struct kprobe_ctlblk *kcb; |
0e917cc3 | 265 | struct kprobe *p; |
4ba069b8 MG |
266 | |
267 | /* | |
0e917cc3 MS |
268 | * We want to disable preemption for the entire duration of kprobe |
269 | * processing. That includes the calls to the pre/post handlers | |
270 | * and single stepping the kprobe instruction. | |
4ba069b8 MG |
271 | */ |
272 | preempt_disable(); | |
273 | kcb = get_kprobe_ctlblk(); | |
0e917cc3 | 274 | p = get_kprobe((void *)((regs->psw.addr & PSW_ADDR_INSN) - 2)); |
4ba069b8 | 275 | |
0e917cc3 MS |
276 | if (p) { |
277 | if (kprobe_running()) { | |
b9599798 MS |
278 | /* |
279 | * We have hit a kprobe while another is still | |
280 | * active. This can happen in the pre and post | |
281 | * handler. Single step the instruction of the | |
282 | * new probe but do not call any handler function | |
283 | * of this secondary kprobe. | |
284 | * push_kprobe and pop_kprobe saves and restores | |
285 | * the currently active kprobe. | |
4ba069b8 | 286 | */ |
0e917cc3 | 287 | kprobe_reenter_check(kcb, p); |
b9599798 | 288 | push_kprobe(kcb, p); |
4ba069b8 | 289 | kcb->kprobe_status = KPROBE_REENTER; |
4ba069b8 | 290 | } else { |
0e917cc3 MS |
291 | /* |
292 | * If we have no pre-handler or it returned 0, we | |
293 | * continue with single stepping. If we have a | |
294 | * pre-handler and it returned non-zero, it prepped | |
295 | * for calling the break_handler below on re-entry | |
296 | * for jprobe processing, so get out doing nothing | |
297 | * more here. | |
298 | */ | |
299 | push_kprobe(kcb, p); | |
300 | kcb->kprobe_status = KPROBE_HIT_ACTIVE; | |
301 | if (p->pre_handler && p->pre_handler(p, regs)) | |
302 | return 1; | |
303 | kcb->kprobe_status = KPROBE_HIT_SS; | |
4ba069b8 | 304 | } |
0e917cc3 | 305 | enable_singlestep(kcb, regs, (unsigned long) p->ainsn.insn); |
4ba069b8 | 306 | return 1; |
0e917cc3 MS |
307 | } else if (kprobe_running()) { |
308 | p = __get_cpu_var(current_kprobe); | |
309 | if (p->break_handler && p->break_handler(p, regs)) { | |
310 | /* | |
311 | * Continuation after the jprobe completed and | |
312 | * caused the jprobe_return trap. The jprobe | |
313 | * break_handler "returns" to the original | |
314 | * function that still has the kprobe breakpoint | |
315 | * installed. We continue with single stepping. | |
316 | */ | |
317 | kcb->kprobe_status = KPROBE_HIT_SS; | |
318 | enable_singlestep(kcb, regs, | |
319 | (unsigned long) p->ainsn.insn); | |
320 | return 1; | |
321 | } /* else: | |
322 | * No kprobe at this address and the current kprobe | |
323 | * has no break handler (no jprobe!). The kernel just | |
324 | * exploded, let the standard trap handler pick up the | |
325 | * pieces. | |
326 | */ | |
327 | } /* else: | |
328 | * No kprobe at this address and no active kprobe. The trap has | |
329 | * not been caused by a kprobe breakpoint. The race of breakpoint | |
330 | * vs. kprobe remove does not exist because on s390 as we use | |
331 | * stop_machine to arm/disarm the breakpoints. | |
332 | */ | |
4ba069b8 | 333 | preempt_enable_no_resched(); |
0e917cc3 | 334 | return 0; |
4ba069b8 MG |
335 | } |
336 | ||
337 | /* | |
338 | * Function return probe trampoline: | |
339 | * - init_kprobes() establishes a probepoint here | |
340 | * - When the probed function returns, this probe | |
341 | * causes the handlers to fire | |
342 | */ | |
a806170e | 343 | static void __used kretprobe_trampoline_holder(void) |
4ba069b8 MG |
344 | { |
345 | asm volatile(".global kretprobe_trampoline\n" | |
346 | "kretprobe_trampoline: bcr 0,0\n"); | |
347 | } | |
348 | ||
349 | /* | |
350 | * Called when the probe at kretprobe trampoline is hit | |
351 | */ | |
2b67fc46 HC |
352 | static int __kprobes trampoline_probe_handler(struct kprobe *p, |
353 | struct pt_regs *regs) | |
4ba069b8 | 354 | { |
4a188635 | 355 | struct kretprobe_instance *ri; |
99219a3f | 356 | struct hlist_head *head, empty_rp; |
4ba069b8 | 357 | struct hlist_node *node, *tmp; |
4a188635 MS |
358 | unsigned long flags, orig_ret_address; |
359 | unsigned long trampoline_address; | |
360 | kprobe_opcode_t *correct_ret_addr; | |
4ba069b8 | 361 | |
99219a3f | 362 | INIT_HLIST_HEAD(&empty_rp); |
ef53d9c5 | 363 | kretprobe_hash_lock(current, &head, &flags); |
4ba069b8 MG |
364 | |
365 | /* | |
366 | * It is possible to have multiple instances associated with a given | |
367 | * task either because an multiple functions in the call path | |
025dfdaf | 368 | * have a return probe installed on them, and/or more than one return |
4ba069b8 MG |
369 | * return probe was registered for a target function. |
370 | * | |
371 | * We can handle this because: | |
372 | * - instances are always inserted at the head of the list | |
373 | * - when multiple return probes are registered for the same | |
374 | * function, the first instance's ret_addr will point to the | |
375 | * real return address, and all the rest will point to | |
376 | * kretprobe_trampoline | |
377 | */ | |
4a188635 MS |
378 | ri = NULL; |
379 | orig_ret_address = 0; | |
380 | correct_ret_addr = NULL; | |
381 | trampoline_address = (unsigned long) &kretprobe_trampoline; | |
4ba069b8 MG |
382 | hlist_for_each_entry_safe(ri, node, tmp, head, hlist) { |
383 | if (ri->task != current) | |
384 | /* another task is sharing our hash bucket */ | |
385 | continue; | |
386 | ||
4a188635 | 387 | orig_ret_address = (unsigned long) ri->ret_addr; |
89480801 MS |
388 | |
389 | if (orig_ret_address != trampoline_address) | |
390 | /* | |
391 | * This is the real return address. Any other | |
392 | * instances associated with this task are for | |
393 | * other calls deeper on the call stack | |
394 | */ | |
395 | break; | |
396 | } | |
397 | ||
398 | kretprobe_assert(ri, orig_ret_address, trampoline_address); | |
399 | ||
400 | correct_ret_addr = ri->ret_addr; | |
401 | hlist_for_each_entry_safe(ri, node, tmp, head, hlist) { | |
402 | if (ri->task != current) | |
403 | /* another task is sharing our hash bucket */ | |
404 | continue; | |
4ba069b8 | 405 | |
4a188635 | 406 | orig_ret_address = (unsigned long) ri->ret_addr; |
89480801 MS |
407 | |
408 | if (ri->rp && ri->rp->handler) { | |
409 | ri->ret_addr = correct_ret_addr; | |
410 | ri->rp->handler(ri, regs); | |
411 | } | |
412 | ||
99219a3f | 413 | recycle_rp_inst(ri, &empty_rp); |
4ba069b8 | 414 | |
4a188635 | 415 | if (orig_ret_address != trampoline_address) |
4ba069b8 MG |
416 | /* |
417 | * This is the real return address. Any other | |
418 | * instances associated with this task are for | |
419 | * other calls deeper on the call stack | |
420 | */ | |
421 | break; | |
4ba069b8 | 422 | } |
89480801 | 423 | |
4ba069b8 MG |
424 | regs->psw.addr = orig_ret_address | PSW_ADDR_AMODE; |
425 | ||
b9599798 | 426 | pop_kprobe(get_kprobe_ctlblk()); |
ef53d9c5 | 427 | kretprobe_hash_unlock(current, &flags); |
4ba069b8 MG |
428 | preempt_enable_no_resched(); |
429 | ||
99219a3f | 430 | hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) { |
431 | hlist_del(&ri->hlist); | |
432 | kfree(ri); | |
433 | } | |
4ba069b8 MG |
434 | /* |
435 | * By returning a non-zero value, we are telling | |
436 | * kprobe_handler() that we don't want the post_handler | |
437 | * to run (and have re-enabled preemption) | |
438 | */ | |
439 | return 1; | |
440 | } | |
441 | ||
442 | /* | |
443 | * Called after single-stepping. p->addr is the address of the | |
444 | * instruction whose first byte has been replaced by the "breakpoint" | |
445 | * instruction. To avoid the SMP problems that can occur when we | |
446 | * temporarily put back the original opcode to single-step, we | |
447 | * single-stepped a copy of the instruction. The address of this | |
448 | * copy is p->ainsn.insn. | |
449 | */ | |
450 | static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs) | |
451 | { | |
452 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); | |
fc0a1fea | 453 | unsigned long ip = regs->psw.addr & PSW_ADDR_INSN; |
ba640a59 | 454 | int fixup = get_fixup_type(p->ainsn.insn); |
4ba069b8 | 455 | |
ba640a59 | 456 | if (fixup & FIXUP_PSW_NORMAL) |
fc0a1fea | 457 | ip += (unsigned long) p->addr - (unsigned long) p->ainsn.insn; |
4ba069b8 | 458 | |
ba640a59 MS |
459 | if (fixup & FIXUP_BRANCH_NOT_TAKEN) { |
460 | int ilen = ((p->ainsn.insn[0] >> 14) + 3) & -2; | |
461 | if (ip - (unsigned long) p->ainsn.insn == ilen) | |
462 | ip = (unsigned long) p->addr + ilen; | |
463 | } | |
4ba069b8 | 464 | |
ba640a59 MS |
465 | if (fixup & FIXUP_RETURN_REGISTER) { |
466 | int reg = (p->ainsn.insn[0] & 0xf0) >> 4; | |
467 | regs->gprs[reg] += (unsigned long) p->addr - | |
468 | (unsigned long) p->ainsn.insn; | |
469 | } | |
4ba069b8 | 470 | |
fc0a1fea | 471 | disable_singlestep(kcb, regs, ip); |
4ba069b8 MG |
472 | } |
473 | ||
474 | static int __kprobes post_kprobe_handler(struct pt_regs *regs) | |
475 | { | |
4ba069b8 | 476 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); |
4a188635 | 477 | struct kprobe *p = kprobe_running(); |
4ba069b8 | 478 | |
4a188635 | 479 | if (!p) |
4ba069b8 MG |
480 | return 0; |
481 | ||
4a188635 | 482 | if (kcb->kprobe_status != KPROBE_REENTER && p->post_handler) { |
4ba069b8 | 483 | kcb->kprobe_status = KPROBE_HIT_SSDONE; |
4a188635 | 484 | p->post_handler(p, regs, 0); |
4ba069b8 MG |
485 | } |
486 | ||
4a188635 | 487 | resume_execution(p, regs); |
b9599798 | 488 | pop_kprobe(kcb); |
4ba069b8 MG |
489 | preempt_enable_no_resched(); |
490 | ||
491 | /* | |
492 | * if somebody else is singlestepping across a probe point, psw mask | |
493 | * will have PER set, in which case, continue the remaining processing | |
494 | * of do_single_step, as if this is not a probe hit. | |
495 | */ | |
4a188635 | 496 | if (regs->psw.mask & PSW_MASK_PER) |
4ba069b8 | 497 | return 0; |
4ba069b8 MG |
498 | |
499 | return 1; | |
500 | } | |
501 | ||
adb45839 | 502 | static int __kprobes kprobe_trap_handler(struct pt_regs *regs, int trapnr) |
4ba069b8 | 503 | { |
4ba069b8 | 504 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); |
4a188635 | 505 | struct kprobe *p = kprobe_running(); |
4ba069b8 MG |
506 | const struct exception_table_entry *entry; |
507 | ||
508 | switch(kcb->kprobe_status) { | |
509 | case KPROBE_SWAP_INST: | |
510 | /* We are here because the instruction replacement failed */ | |
511 | return 0; | |
512 | case KPROBE_HIT_SS: | |
513 | case KPROBE_REENTER: | |
514 | /* | |
515 | * We are here because the instruction being single | |
516 | * stepped caused a page fault. We reset the current | |
517 | * kprobe and the nip points back to the probe address | |
518 | * and allow the page fault handler to continue as a | |
519 | * normal page fault. | |
520 | */ | |
4a188635 | 521 | disable_singlestep(kcb, regs, (unsigned long) p->addr); |
b9599798 | 522 | pop_kprobe(kcb); |
4ba069b8 MG |
523 | preempt_enable_no_resched(); |
524 | break; | |
525 | case KPROBE_HIT_ACTIVE: | |
526 | case KPROBE_HIT_SSDONE: | |
527 | /* | |
528 | * We increment the nmissed count for accounting, | |
529 | * we can also use npre/npostfault count for accouting | |
530 | * these specific fault cases. | |
531 | */ | |
4a188635 | 532 | kprobes_inc_nmissed_count(p); |
4ba069b8 MG |
533 | |
534 | /* | |
535 | * We come here because instructions in the pre/post | |
536 | * handler caused the page_fault, this could happen | |
537 | * if handler tries to access user space by | |
538 | * copy_from_user(), get_user() etc. Let the | |
539 | * user-specified handler try to fix it first. | |
540 | */ | |
4a188635 | 541 | if (p->fault_handler && p->fault_handler(p, regs, trapnr)) |
4ba069b8 MG |
542 | return 1; |
543 | ||
544 | /* | |
545 | * In case the user-specified fault handler returned | |
546 | * zero, try to fix up. | |
547 | */ | |
548 | entry = search_exception_tables(regs->psw.addr & PSW_ADDR_INSN); | |
549 | if (entry) { | |
550 | regs->psw.addr = entry->fixup | PSW_ADDR_AMODE; | |
551 | return 1; | |
552 | } | |
553 | ||
554 | /* | |
555 | * fixup_exception() could not handle it, | |
556 | * Let do_page_fault() fix it. | |
557 | */ | |
558 | break; | |
559 | default: | |
560 | break; | |
561 | } | |
562 | return 0; | |
563 | } | |
564 | ||
adb45839 MS |
565 | int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr) |
566 | { | |
567 | int ret; | |
568 | ||
569 | if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT)) | |
570 | local_irq_disable(); | |
571 | ret = kprobe_trap_handler(regs, trapnr); | |
572 | if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT)) | |
573 | local_irq_restore(regs->psw.mask & ~PSW_MASK_PER); | |
574 | return ret; | |
575 | } | |
576 | ||
4ba069b8 MG |
577 | /* |
578 | * Wrapper routine to for handling exceptions. | |
579 | */ | |
580 | int __kprobes kprobe_exceptions_notify(struct notifier_block *self, | |
581 | unsigned long val, void *data) | |
582 | { | |
4a188635 | 583 | struct die_args *args = (struct die_args *) data; |
adb45839 | 584 | struct pt_regs *regs = args->regs; |
4ba069b8 MG |
585 | int ret = NOTIFY_DONE; |
586 | ||
adb45839 MS |
587 | if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT)) |
588 | local_irq_disable(); | |
589 | ||
4ba069b8 MG |
590 | switch (val) { |
591 | case DIE_BPT: | |
4a188635 | 592 | if (kprobe_handler(regs)) |
4ba069b8 MG |
593 | ret = NOTIFY_STOP; |
594 | break; | |
595 | case DIE_SSTEP: | |
4a188635 | 596 | if (post_kprobe_handler(regs)) |
4ba069b8 MG |
597 | ret = NOTIFY_STOP; |
598 | break; | |
599 | case DIE_TRAP: | |
adb45839 | 600 | if (!preemptible() && kprobe_running() && |
4a188635 | 601 | kprobe_trap_handler(regs, args->trapnr)) |
4ba069b8 | 602 | ret = NOTIFY_STOP; |
4ba069b8 MG |
603 | break; |
604 | default: | |
605 | break; | |
606 | } | |
adb45839 MS |
607 | |
608 | if (regs->psw.mask & (PSW_MASK_IO | PSW_MASK_EXT)) | |
609 | local_irq_restore(regs->psw.mask & ~PSW_MASK_PER); | |
610 | ||
4ba069b8 MG |
611 | return ret; |
612 | } | |
613 | ||
614 | int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs) | |
615 | { | |
616 | struct jprobe *jp = container_of(p, struct jprobe, kp); | |
4ba069b8 | 617 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); |
92b8cbf1 | 618 | unsigned long stack; |
4ba069b8 MG |
619 | |
620 | memcpy(&kcb->jprobe_saved_regs, regs, sizeof(struct pt_regs)); | |
621 | ||
622 | /* setup return addr to the jprobe handler routine */ | |
4a188635 | 623 | regs->psw.addr = (unsigned long) jp->entry | PSW_ADDR_AMODE; |
adb45839 | 624 | regs->psw.mask &= ~(PSW_MASK_IO | PSW_MASK_EXT); |
4ba069b8 | 625 | |
4ba069b8 | 626 | /* r15 is the stack pointer */ |
92b8cbf1 | 627 | stack = (unsigned long) regs->gprs[15]; |
4ba069b8 | 628 | |
92b8cbf1 | 629 | memcpy(kcb->jprobes_stack, (void *) stack, MIN_STACK_SIZE(stack)); |
4ba069b8 MG |
630 | return 1; |
631 | } | |
632 | ||
633 | void __kprobes jprobe_return(void) | |
634 | { | |
635 | asm volatile(".word 0x0002"); | |
636 | } | |
637 | ||
c4736d96 | 638 | static void __used __kprobes jprobe_return_end(void) |
4ba069b8 MG |
639 | { |
640 | asm volatile("bcr 0,0"); | |
641 | } | |
642 | ||
643 | int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs) | |
644 | { | |
645 | struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); | |
92b8cbf1 MS |
646 | unsigned long stack; |
647 | ||
648 | stack = (unsigned long) kcb->jprobe_saved_regs.gprs[15]; | |
4ba069b8 MG |
649 | |
650 | /* Put the regs back */ | |
651 | memcpy(regs, &kcb->jprobe_saved_regs, sizeof(struct pt_regs)); | |
652 | /* put the stack back */ | |
92b8cbf1 | 653 | memcpy((void *) stack, kcb->jprobes_stack, MIN_STACK_SIZE(stack)); |
4ba069b8 MG |
654 | preempt_enable_no_resched(); |
655 | return 1; | |
656 | } | |
657 | ||
4a188635 MS |
658 | static struct kprobe trampoline = { |
659 | .addr = (kprobe_opcode_t *) &kretprobe_trampoline, | |
4ba069b8 MG |
660 | .pre_handler = trampoline_probe_handler |
661 | }; | |
662 | ||
663 | int __init arch_init_kprobes(void) | |
664 | { | |
4a188635 | 665 | return register_kprobe(&trampoline); |
4ba069b8 | 666 | } |
bf8f6e5b AM |
667 | |
668 | int __kprobes arch_trampoline_kprobe(struct kprobe *p) | |
669 | { | |
4a188635 | 670 | return p->addr == (kprobe_opcode_t *) &kretprobe_trampoline; |
bf8f6e5b | 671 | } |