2 * arch/arm/kernel/kprobes-common.c
4 * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
6 * Some contents moved here from arch/arm/include/asm/kprobes-arm.c which is
7 * Copyright (C) 2006, 2007 Motorola Inc.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
14 #include <linux/kernel.h>
15 #include <linux/kprobes.h>
16 #include <asm/system_info.h>
17 #include <asm/opcodes.h>
22 #ifndef find_str_pc_offset
25 * For STR and STM instructions, an ARM core may choose to use either
26 * a +8 or a +12 displacement from the current instruction's address.
27 * Whichever value is chosen for a given core, it must be the same for
28 * both instructions and may not change. This function measures it.
33 void __init find_str_pc_offset(void)
35 int addr, scratch, ret;
38 "sub %[ret], pc, #4 \n\t"
39 "str pc, %[addr] \n\t"
40 "ldr %[scr], %[addr] \n\t"
41 "sub %[ret], %[scr], %[ret] \n\t"
42 : [ret] "=r" (ret), [scr] "=r" (scratch), [addr] "+m" (addr));
47 #endif /* !find_str_pc_offset */
50 #ifndef test_load_write_pc_interworking
52 bool load_write_pc_interworks;
54 void __init test_load_write_pc_interworking(void)
56 int arch = cpu_architecture();
57 BUG_ON(arch == CPU_ARCH_UNKNOWN);
58 load_write_pc_interworks = arch >= CPU_ARCH_ARMv5T;
61 #endif /* !test_load_write_pc_interworking */
64 #ifndef test_alu_write_pc_interworking
66 bool alu_write_pc_interworks;
68 void __init test_alu_write_pc_interworking(void)
70 int arch = cpu_architecture();
71 BUG_ON(arch == CPU_ARCH_UNKNOWN);
72 alu_write_pc_interworks = arch >= CPU_ARCH_ARMv7;
75 #endif /* !test_alu_write_pc_interworking */
78 void __init arm_kprobe_decode_init(void)
81 test_load_write_pc_interworking();
82 test_alu_write_pc_interworking();
86 static unsigned long __kprobes __check_eq(unsigned long cpsr)
88 return cpsr & PSR_Z_BIT;
91 static unsigned long __kprobes __check_ne(unsigned long cpsr)
93 return (~cpsr) & PSR_Z_BIT;
96 static unsigned long __kprobes __check_cs(unsigned long cpsr)
98 return cpsr & PSR_C_BIT;
101 static unsigned long __kprobes __check_cc(unsigned long cpsr)
103 return (~cpsr) & PSR_C_BIT;
106 static unsigned long __kprobes __check_mi(unsigned long cpsr)
108 return cpsr & PSR_N_BIT;
111 static unsigned long __kprobes __check_pl(unsigned long cpsr)
113 return (~cpsr) & PSR_N_BIT;
116 static unsigned long __kprobes __check_vs(unsigned long cpsr)
118 return cpsr & PSR_V_BIT;
121 static unsigned long __kprobes __check_vc(unsigned long cpsr)
123 return (~cpsr) & PSR_V_BIT;
126 static unsigned long __kprobes __check_hi(unsigned long cpsr)
128 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
129 return cpsr & PSR_C_BIT;
132 static unsigned long __kprobes __check_ls(unsigned long cpsr)
134 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
135 return (~cpsr) & PSR_C_BIT;
138 static unsigned long __kprobes __check_ge(unsigned long cpsr)
140 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
141 return (~cpsr) & PSR_N_BIT;
144 static unsigned long __kprobes __check_lt(unsigned long cpsr)
146 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
147 return cpsr & PSR_N_BIT;
150 static unsigned long __kprobes __check_gt(unsigned long cpsr)
152 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
153 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
154 return (~temp) & PSR_N_BIT;
157 static unsigned long __kprobes __check_le(unsigned long cpsr)
159 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
160 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
161 return temp & PSR_N_BIT;
164 static unsigned long __kprobes __check_al(unsigned long cpsr)
169 kprobe_check_cc * const kprobe_condition_checks[16] = {
170 &__check_eq, &__check_ne, &__check_cs, &__check_cc,
171 &__check_mi, &__check_pl, &__check_vs, &__check_vc,
172 &__check_hi, &__check_ls, &__check_ge, &__check_lt,
173 &__check_gt, &__check_le, &__check_al, &__check_al
177 void __kprobes kprobe_simulate_nop(struct kprobe *p, struct pt_regs *regs)
181 void __kprobes kprobe_emulate_none(struct kprobe *p, struct pt_regs *regs)
186 static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs)
188 kprobe_opcode_t insn = p->opcode;
189 int rn = (insn >> 16) & 0xf;
190 int lbit = insn & (1 << 20);
191 int wbit = insn & (1 << 21);
192 int ubit = insn & (1 << 23);
193 int pbit = insn & (1 << 24);
194 long *addr = (long *)regs->uregs[rn];
199 reg_bit_vector = insn & 0xffff;
200 while (reg_bit_vector) {
201 reg_bit_vector &= (reg_bit_vector - 1);
207 addr += (!pbit == !ubit);
209 reg_bit_vector = insn & 0xffff;
210 while (reg_bit_vector) {
211 int reg = __ffs(reg_bit_vector);
212 reg_bit_vector &= (reg_bit_vector - 1);
214 regs->uregs[reg] = *addr++;
216 *addr++ = regs->uregs[reg];
222 addr -= (!pbit == !ubit);
223 regs->uregs[rn] = (long)addr;
227 static void __kprobes simulate_stm1_pc(struct kprobe *p, struct pt_regs *regs)
229 regs->ARM_pc = (long)p->addr + str_pc_offset;
230 simulate_ldm1stm1(p, regs);
231 regs->ARM_pc = (long)p->addr + 4;
234 static void __kprobes simulate_ldm1_pc(struct kprobe *p, struct pt_regs *regs)
236 simulate_ldm1stm1(p, regs);
237 load_write_pc(regs->ARM_pc, regs);
240 static void __kprobes
241 emulate_generic_r0_12_noflags(struct kprobe *p, struct pt_regs *regs)
243 register void *rregs asm("r1") = regs;
244 register void *rfn asm("lr") = p->ainsn.insn_fn;
246 __asm__ __volatile__ (
247 "stmdb sp!, {%[regs], r11} \n\t"
248 "ldmia %[regs], {r0-r12} \n\t"
249 #if __LINUX_ARM_ARCH__ >= 6
252 "str %[fn], [sp, #-4]! \n\t"
254 "ldr pc, [sp], #4 \n\t"
257 "ldr lr, [sp], #4 \n\t" /* lr = regs */
258 "stmia lr, {r0-r12} \n\t"
259 "ldr r11, [sp], #4 \n\t"
260 : [regs] "=r" (rregs), [fn] "=r" (rfn)
261 : "0" (rregs), "1" (rfn)
262 : "r0", "r2", "r3", "r4", "r5", "r6", "r7",
263 "r8", "r9", "r10", "r12", "memory", "cc"
267 static void __kprobes
268 emulate_generic_r2_14_noflags(struct kprobe *p, struct pt_regs *regs)
270 emulate_generic_r0_12_noflags(p, (struct pt_regs *)(regs->uregs+2));
273 static void __kprobes
274 emulate_ldm_r3_15(struct kprobe *p, struct pt_regs *regs)
276 emulate_generic_r0_12_noflags(p, (struct pt_regs *)(regs->uregs+3));
277 load_write_pc(regs->ARM_pc, regs);
280 enum kprobe_insn __kprobes
281 kprobe_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi)
283 kprobe_insn_handler_t *handler = 0;
284 unsigned reglist = insn & 0xffff;
285 int is_ldm = insn & 0x100000;
286 int rn = (insn >> 16) & 0xf;
288 if (rn <= 12 && (reglist & 0xe000) == 0) {
289 /* Instruction only uses registers in the range R0..R12 */
290 handler = emulate_generic_r0_12_noflags;
292 } else if (rn >= 2 && (reglist & 0x8003) == 0) {
293 /* Instruction only uses registers in the range R2..R14 */
296 handler = emulate_generic_r2_14_noflags;
298 } else if (rn >= 3 && (reglist & 0x0007) == 0) {
299 /* Instruction only uses registers in the range R3..R15 */
300 if (is_ldm && (reglist & 0x8000)) {
303 handler = emulate_ldm_r3_15;
308 /* We can emulate the instruction in (possibly) modified form */
309 asi->insn[0] = __opcode_to_mem_arm((insn & 0xfff00000) |
310 (rn << 16) | reglist);
311 asi->insn_handler = handler;
315 /* Fallback to slower simulation... */
316 if (reglist & 0x8000)
317 handler = is_ldm ? simulate_ldm1_pc : simulate_stm1_pc;
319 handler = simulate_ldm1stm1;
320 asi->insn_handler = handler;
321 return INSN_GOOD_NO_SLOT;
326 * Prepare an instruction slot to receive an instruction for emulating.
327 * This is done by placing a subroutine return after the location where the
328 * instruction will be placed. We also modify ARM instructions to be
329 * unconditional as the condition code will already be checked before any
330 * emulation handler is called.
332 static kprobe_opcode_t __kprobes
333 prepare_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
336 #ifdef CONFIG_THUMB2_KERNEL
338 u16 *thumb_insn = (u16 *)asi->insn;
340 thumb_insn[1] = __opcode_to_mem_thumb16(0x4770);
341 thumb_insn[2] = __opcode_to_mem_thumb16(0x4770);
344 asi->insn[1] = __opcode_to_mem_arm(0xe12fff1e); /* ARM bx lr */
346 asi->insn[1] = __opcode_to_mem_arm(0xe1a0f00e); /* mov pc, lr */
348 /* Make an ARM instruction unconditional */
349 if (insn < 0xe0000000)
350 insn = (insn | 0xe0000000) & ~0x10000000;
355 * Write a (probably modified) instruction into the slot previously prepared by
356 * prepare_emulated_insn
358 static void __kprobes
359 set_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
362 #ifdef CONFIG_THUMB2_KERNEL
364 u16 *ip = (u16 *)asi->insn;
365 if (is_wide_instruction(insn))
366 *ip++ = __opcode_to_mem_thumb16(insn >> 16);
367 *ip++ = __opcode_to_mem_thumb16(insn);
371 asi->insn[0] = __opcode_to_mem_arm(insn);
375 * When we modify the register numbers encoded in an instruction to be emulated,
376 * the new values come from this define. For ARM and 32-bit Thumb instructions
379 * bit position 16 12 8 4 0
380 * ---------------+---+---+---+---+---+
381 * register r2 r0 r1 -- r3
383 #define INSN_NEW_BITS 0x00020103
385 /* Each nibble has same value as that at INSN_NEW_BITS bit 16 */
386 #define INSN_SAMEAS16_BITS 0x22222222
389 * Validate and modify each of the registers encoded in an instruction.
391 * Each nibble in regs contains a value from enum decode_reg_type. For each
392 * non-zero value, the corresponding nibble in pinsn is validated and modified
393 * according to the type.
395 static bool __kprobes decode_regs(kprobe_opcode_t* pinsn, u32 regs)
397 kprobe_opcode_t insn = *pinsn;
398 kprobe_opcode_t mask = 0xf; /* Start at least significant nibble */
400 for (; regs != 0; regs >>= 4, mask <<= 4) {
402 kprobe_opcode_t new_bits = INSN_NEW_BITS;
404 switch (regs & 0xf) {
407 /* Nibble not a register, skip to next */
411 /* Any register is allowed */
414 case REG_TYPE_SAMEAS16:
415 /* Replace register with same as at bit position 16 */
416 new_bits = INSN_SAMEAS16_BITS;
420 /* Only allow SP (R13) */
421 if ((insn ^ 0xdddddddd) & mask)
426 /* Only allow PC (R15) */
427 if ((insn ^ 0xffffffff) & mask)
432 /* Reject SP (R13) */
433 if (((insn ^ 0xdddddddd) & mask) == 0)
437 case REG_TYPE_NOSPPC:
438 case REG_TYPE_NOSPPCX:
439 /* Reject SP and PC (R13 and R15) */
440 if (((insn ^ 0xdddddddd) & 0xdddddddd & mask) == 0)
444 case REG_TYPE_NOPCWB:
445 if (!is_writeback(insn))
446 break; /* No writeback, so any register is OK */
447 /* fall through... */
450 /* Reject PC (R15) */
451 if (((insn ^ 0xffffffff) & mask) == 0)
456 /* Replace value of nibble with new register number... */
458 insn |= new_bits & mask;
468 static const int decode_struct_sizes[NUM_DECODE_TYPES] = {
469 [DECODE_TYPE_TABLE] = sizeof(struct decode_table),
470 [DECODE_TYPE_CUSTOM] = sizeof(struct decode_custom),
471 [DECODE_TYPE_SIMULATE] = sizeof(struct decode_simulate),
472 [DECODE_TYPE_EMULATE] = sizeof(struct decode_emulate),
473 [DECODE_TYPE_OR] = sizeof(struct decode_or),
474 [DECODE_TYPE_REJECT] = sizeof(struct decode_reject)
478 * kprobe_decode_insn operates on data tables in order to decode an ARM
479 * architecture instruction onto which a kprobe has been placed.
481 * These instruction decoding tables are a concatenation of entries each
482 * of which consist of one of the following structs:
491 * Each of these starts with a struct decode_header which has the following
498 * The least significant DECODE_TYPE_BITS of type_regs contains a value
499 * from enum decode_type, this indicates which of the decode_* structs
500 * the entry contains. The value DECODE_TYPE_END indicates the end of the
503 * When the table is parsed, each entry is checked in turn to see if it
504 * matches the instruction to be decoded using the test:
506 * (insn & mask) == value
508 * If no match is found before the end of the table is reached then decoding
509 * fails with INSN_REJECTED.
511 * When a match is found, decode_regs() is called to validate and modify each
512 * of the registers encoded in the instruction; the data it uses to do this
513 * is (type_regs >> DECODE_TYPE_BITS). A validation failure will cause decoding
514 * to fail with INSN_REJECTED.
516 * Once the instruction has passed the above tests, further processing
517 * depends on the type of the table entry's decode struct.
521 kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
522 const union decode_item *table, bool thumb)
524 const struct decode_header *h = (struct decode_header *)table;
525 const struct decode_header *next;
526 bool matched = false;
528 insn = prepare_emulated_insn(insn, asi, thumb);
531 enum decode_type type = h->type_regs.bits & DECODE_TYPE_MASK;
532 u32 regs = h->type_regs.bits >> DECODE_TYPE_BITS;
534 if (type == DECODE_TYPE_END)
535 return INSN_REJECTED;
537 next = (struct decode_header *)
538 ((uintptr_t)h + decode_struct_sizes[type]);
540 if (!matched && (insn & h->mask.bits) != h->value.bits)
543 if (!decode_regs(&insn, regs))
544 return INSN_REJECTED;
548 case DECODE_TYPE_TABLE: {
549 struct decode_table *d = (struct decode_table *)h;
550 next = (struct decode_header *)d->table.table;
554 case DECODE_TYPE_CUSTOM: {
555 struct decode_custom *d = (struct decode_custom *)h;
556 return (*d->decoder.decoder)(insn, asi);
559 case DECODE_TYPE_SIMULATE: {
560 struct decode_simulate *d = (struct decode_simulate *)h;
561 asi->insn_handler = d->handler.handler;
562 return INSN_GOOD_NO_SLOT;
565 case DECODE_TYPE_EMULATE: {
566 struct decode_emulate *d = (struct decode_emulate *)h;
567 asi->insn_handler = d->handler.handler;
568 set_emulated_insn(insn, asi, thumb);
576 case DECODE_TYPE_REJECT:
578 return INSN_REJECTED;
projects / firefly-linux-kernel-4.4.55.git / blob