parisc/kernel/kprobes.c

8858ac8eSSven Schnelle// SPDX-License-Identifier: GPL-2.0
8858ac8eSSven Schnelle/*
8858ac8eSSven Schnelle * arch/parisc/kernel/kprobes.c
8858ac8eSSven Schnelle *
8858ac8eSSven Schnelle * PA-RISC kprobes implementation
8858ac8eSSven Schnelle *
8858ac8eSSven Schnelle * Copyright (c) 2019 Sven Schnelle <svens@stackframe.org>
8858ac8eSSven Schnelle */
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle#include <linux/types.h>
8858ac8eSSven Schnelle#include <linux/kprobes.h>
8858ac8eSSven Schnelle#include <linux/slab.h>
8858ac8eSSven Schnelle#include <asm/cacheflush.h>
8858ac8eSSven Schnelle#include <asm/patch.h>
8858ac8eSSven Schnelle
8858ac8eSSven SchnelleDEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
8858ac8eSSven SchnelleDEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
8858ac8eSSven Schnelle
8858ac8eSSven Schnelleint __kprobes arch_prepare_kprobe(struct kprobe *p)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	if ((unsigned long)p->addr & 3UL)
8858ac8eSSven Schnelle		return -EINVAL;
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	p->ainsn.insn = get_insn_slot();
8858ac8eSSven Schnelle	if (!p->ainsn.insn)
8858ac8eSSven Schnelle		return -ENOMEM;
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	memcpy(p->ainsn.insn, p->addr,
8858ac8eSSven Schnelle		MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
8858ac8eSSven Schnelle	p->opcode = *p->addr;
8858ac8eSSven Schnelle	flush_insn_slot(p);
8858ac8eSSven Schnelle	return 0;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellevoid __kprobes arch_remove_kprobe(struct kprobe *p)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	if (!p->ainsn.insn)
8858ac8eSSven Schnelle		return;
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	free_insn_slot(p->ainsn.insn, 0);
8858ac8eSSven Schnelle	p->ainsn.insn = NULL;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellevoid __kprobes arch_arm_kprobe(struct kprobe *p)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	patch_text(p->addr, PARISC_KPROBES_BREAK_INSN);
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellevoid __kprobes arch_disarm_kprobe(struct kprobe *p)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	patch_text(p->addr, p->opcode);
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellestatic void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	kcb->prev_kprobe.kp = kprobe_running();
8858ac8eSSven Schnelle	kcb->prev_kprobe.status = kcb->kprobe_status;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellestatic void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	__this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
8858ac8eSSven Schnelle	kcb->kprobe_status = kcb->prev_kprobe.status;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellestatic inline void __kprobes set_current_kprobe(struct kprobe *p)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	__this_cpu_write(current_kprobe, p);
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnellestatic void __kprobes setup_singlestep(struct kprobe *p,
8858ac8eSSven Schnelle		struct kprobe_ctlblk *kcb, struct pt_regs *regs)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	kcb->iaoq[0] = regs->iaoq[0];
8858ac8eSSven Schnelle	kcb->iaoq[1] = regs->iaoq[1];
8858ac8eSSven Schnelle	regs->iaoq[0] = (unsigned long)p->ainsn.insn;
8858ac8eSSven Schnelle	mtctl(0, 0);
8858ac8eSSven Schnelle	regs->gr[0] |= PSW_R;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnelleint __kprobes parisc_kprobe_break_handler(struct pt_regs *regs)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	struct kprobe *p;
8858ac8eSSven Schnelle	struct kprobe_ctlblk *kcb;
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	preempt_disable();
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	kcb = get_kprobe_ctlblk();
8858ac8eSSven Schnelle	p = get_kprobe((unsigned long *)regs->iaoq[0]);
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	if (!p) {
8858ac8eSSven Schnelle		preempt_enable_no_resched();
8858ac8eSSven Schnelle		return 0;
8858ac8eSSven Schnelle	}
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	if (kprobe_running()) {
8858ac8eSSven Schnelle		/*
8858ac8eSSven Schnelle		 * We have reentered the kprobe_handler, since another kprobe
8858ac8eSSven Schnelle		 * was hit while within the handler, we save the original
8858ac8eSSven Schnelle		 * kprobes and single step on the instruction of the new probe
8858ac8eSSven Schnelle		 * without calling any user handlers to avoid recursive
8858ac8eSSven Schnelle		 * kprobes.
8858ac8eSSven Schnelle		 */
8858ac8eSSven Schnelle		save_previous_kprobe(kcb);
8858ac8eSSven Schnelle		set_current_kprobe(p);
8858ac8eSSven Schnelle		kprobes_inc_nmissed_count(p);
8858ac8eSSven Schnelle		setup_singlestep(p, kcb, regs);
8858ac8eSSven Schnelle		kcb->kprobe_status = KPROBE_REENTER;
8858ac8eSSven Schnelle		return 1;
8858ac8eSSven Schnelle	}
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	set_current_kprobe(p);
8858ac8eSSven Schnelle	kcb->kprobe_status = KPROBE_HIT_ACTIVE;
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	/* If we have no pre-handler or it returned 0, we continue with
8858ac8eSSven Schnelle	 * normal processing. If we have a pre-handler and it returned
8858ac8eSSven Schnelle	 * non-zero - which means user handler setup registers to exit
8858ac8eSSven Schnelle	 * to another instruction, we must skip the single stepping.
8858ac8eSSven Schnelle	 */
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	if (!p->pre_handler || !p->pre_handler(p, regs)) {
8858ac8eSSven Schnelle		setup_singlestep(p, kcb, regs);
8858ac8eSSven Schnelle		kcb->kprobe_status = KPROBE_HIT_SS;
8858ac8eSSven Schnelle	} else {
8858ac8eSSven Schnelle		reset_current_kprobe();
8858ac8eSSven Schnelle		preempt_enable_no_resched();
8858ac8eSSven Schnelle	}
8858ac8eSSven Schnelle	return 1;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnelleint __kprobes parisc_kprobe_ss_handler(struct pt_regs *regs)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
8858ac8eSSven Schnelle	struct kprobe *p = kprobe_running();
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	if (regs->iaoq[0] != (unsigned long)p->ainsn.insn+4)
8858ac8eSSven Schnelle		return 0;
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	/* restore back original saved kprobe variables and continue */
8858ac8eSSven Schnelle	if (kcb->kprobe_status == KPROBE_REENTER) {
8858ac8eSSven Schnelle		restore_previous_kprobe(kcb);
8858ac8eSSven Schnelle		return 1;
8858ac8eSSven Schnelle	}
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	/* for absolute branch instructions we can copy iaoq_b. for relative
8858ac8eSSven Schnelle	 * branch instructions we need to calculate the new address based on the
8858ac8eSSven Schnelle	 * difference between iaoq_f and iaoq_b. We cannot use iaoq_b without
8858ac8eSSven Schnelle	 * modificationt because it's based on our ainsn.insn address.
8858ac8eSSven Schnelle	 */
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	if (p->post_handler)
8858ac8eSSven Schnelle		p->post_handler(p, regs, 0);
8858ac8eSSven Schnelle
8858ac8eSSven Schnelle	switch (regs->iir >> 26) {
8858ac8eSSven Schnelle	case 0x38: /* BE */
8858ac8eSSven Schnelle	case 0x39: /* BE,L */
8858ac8eSSven Schnelle	case 0x3a: /* BV */
8858ac8eSSven Schnelle	case 0x3b: /* BVE */
8858ac8eSSven Schnelle		/* for absolute branches, regs->iaoq[1] has already the right
8858ac8eSSven Schnelle		 * address
8858ac8eSSven Schnelle		 */
8858ac8eSSven Schnelle		regs->iaoq[0] = kcb->iaoq[1];
8858ac8eSSven Schnelle		break;
8858ac8eSSven Schnelle	default:
8858ac8eSSven Schnelle		regs->iaoq[1] = kcb->iaoq[0];
8858ac8eSSven Schnelle		regs->iaoq[1] += (regs->iaoq[1] - regs->iaoq[0]) + 4;
8858ac8eSSven Schnelle		regs->iaoq[0] = kcb->iaoq[1];
8858ac8eSSven Schnelle		break;
8858ac8eSSven Schnelle	}
8858ac8eSSven Schnelle	kcb->kprobe_status = KPROBE_HIT_SSDONE;
8858ac8eSSven Schnelle	reset_current_kprobe();
8858ac8eSSven Schnelle	return 1;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
*e0b59b7bSSven Schnellestatic inline void kretprobe_trampoline(void)
*e0b59b7bSSven Schnelle{
*e0b59b7bSSven Schnelle	asm volatile("nop");
*e0b59b7bSSven Schnelle	asm volatile("nop");
*e0b59b7bSSven Schnelle}
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnellestatic int __kprobes trampoline_probe_handler(struct kprobe *p,
*e0b59b7bSSven Schnelle					      struct pt_regs *regs);
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnellestatic struct kprobe trampoline_p = {
*e0b59b7bSSven Schnelle	.pre_handler = trampoline_probe_handler
*e0b59b7bSSven Schnelle};
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnellestatic int __kprobes trampoline_probe_handler(struct kprobe *p,
*e0b59b7bSSven Schnelle					      struct pt_regs *regs)
*e0b59b7bSSven Schnelle{
*e0b59b7bSSven Schnelle	struct kretprobe_instance *ri = NULL;
*e0b59b7bSSven Schnelle	struct hlist_head *head, empty_rp;
*e0b59b7bSSven Schnelle	struct hlist_node *tmp;
*e0b59b7bSSven Schnelle	unsigned long flags, orig_ret_address = 0;
*e0b59b7bSSven Schnelle	unsigned long trampoline_address = (unsigned long)trampoline_p.addr;
*e0b59b7bSSven Schnelle	kprobe_opcode_t *correct_ret_addr = NULL;
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	INIT_HLIST_HEAD(&empty_rp);
*e0b59b7bSSven Schnelle	kretprobe_hash_lock(current, &head, &flags);
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	/*
*e0b59b7bSSven Schnelle	 * It is possible to have multiple instances associated with a given
*e0b59b7bSSven Schnelle	 * task either because multiple functions in the call path have
*e0b59b7bSSven Schnelle	 * a return probe installed on them, and/or more than one return
*e0b59b7bSSven Schnelle	 * probe was registered for a target function.
*e0b59b7bSSven Schnelle	 *
*e0b59b7bSSven Schnelle	 * We can handle this because:
*e0b59b7bSSven Schnelle	 *     - instances are always inserted at the head of the list
*e0b59b7bSSven Schnelle	 *     - when multiple return probes are registered for the same
*e0b59b7bSSven Schnelle	 *       function, the first instance's ret_addr will point to the
*e0b59b7bSSven Schnelle	 *       real return address, and all the rest will point to
*e0b59b7bSSven Schnelle	 *       kretprobe_trampoline
*e0b59b7bSSven Schnelle	 */
*e0b59b7bSSven Schnelle	hlist_for_each_entry_safe(ri, tmp, head, hlist) {
*e0b59b7bSSven Schnelle		if (ri->task != current)
*e0b59b7bSSven Schnelle			/* another task is sharing our hash bucket */
*e0b59b7bSSven Schnelle			continue;
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle		orig_ret_address = (unsigned long)ri->ret_addr;
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle		if (orig_ret_address != trampoline_address)
*e0b59b7bSSven Schnelle			/*
*e0b59b7bSSven Schnelle			 * This is the real return address. Any other
*e0b59b7bSSven Schnelle			 * instances associated with this task are for
*e0b59b7bSSven Schnelle			 * other calls deeper on the call stack
*e0b59b7bSSven Schnelle			 */
*e0b59b7bSSven Schnelle			break;
*e0b59b7bSSven Schnelle	}
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	kretprobe_assert(ri, orig_ret_address, trampoline_address);
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	correct_ret_addr = ri->ret_addr;
*e0b59b7bSSven Schnelle	hlist_for_each_entry_safe(ri, tmp, head, hlist) {
*e0b59b7bSSven Schnelle		if (ri->task != current)
*e0b59b7bSSven Schnelle			/* another task is sharing our hash bucket */
*e0b59b7bSSven Schnelle			continue;
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle		orig_ret_address = (unsigned long)ri->ret_addr;
*e0b59b7bSSven Schnelle		if (ri->rp && ri->rp->handler) {
*e0b59b7bSSven Schnelle			__this_cpu_write(current_kprobe, &ri->rp->kp);
*e0b59b7bSSven Schnelle			get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE;
*e0b59b7bSSven Schnelle			ri->ret_addr = correct_ret_addr;
*e0b59b7bSSven Schnelle			ri->rp->handler(ri, regs);
*e0b59b7bSSven Schnelle			__this_cpu_write(current_kprobe, NULL);
*e0b59b7bSSven Schnelle		}
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle		recycle_rp_inst(ri, &empty_rp);
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle		if (orig_ret_address != trampoline_address)
*e0b59b7bSSven Schnelle			/*
*e0b59b7bSSven Schnelle			 * This is the real return address. Any other
*e0b59b7bSSven Schnelle			 * instances associated with this task are for
*e0b59b7bSSven Schnelle			 * other calls deeper on the call stack
*e0b59b7bSSven Schnelle			 */
*e0b59b7bSSven Schnelle			break;
*e0b59b7bSSven Schnelle	}
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	kretprobe_hash_unlock(current, &flags);
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
*e0b59b7bSSven Schnelle		hlist_del(&ri->hlist);
*e0b59b7bSSven Schnelle		kfree(ri);
*e0b59b7bSSven Schnelle	}
*e0b59b7bSSven Schnelle	instruction_pointer_set(regs, orig_ret_address);
*e0b59b7bSSven Schnelle	return 1;
*e0b59b7bSSven Schnelle}
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnellevoid __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
*e0b59b7bSSven Schnelle				      struct pt_regs *regs)
*e0b59b7bSSven Schnelle{
*e0b59b7bSSven Schnelle	ri->ret_addr = (kprobe_opcode_t *)regs->gr[2];
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelle	/* Replace the return addr with trampoline addr. */
*e0b59b7bSSven Schnelle	regs->gr[2] = (unsigned long)trampoline_p.addr;
*e0b59b7bSSven Schnelle}
*e0b59b7bSSven Schnelle
*e0b59b7bSSven Schnelleint __kprobes arch_trampoline_kprobe(struct kprobe *p)
*e0b59b7bSSven Schnelle{
*e0b59b7bSSven Schnelle	return p->addr == trampoline_p.addr;
*e0b59b7bSSven Schnelle}
8858ac8eSSven Schnellebool arch_kprobe_on_func_entry(unsigned long offset)
8858ac8eSSven Schnelle{
8858ac8eSSven Schnelle	return !offset;
8858ac8eSSven Schnelle}
8858ac8eSSven Schnelle
8858ac8eSSven Schnelleint __init arch_init_kprobes(void)
8858ac8eSSven Schnelle{
*e0b59b7bSSven Schnelle	trampoline_p.addr = (kprobe_opcode_t *)
*e0b59b7bSSven Schnelle		dereference_function_descriptor(kretprobe_trampoline);
*e0b59b7bSSven Schnelle	return register_kprobe(&trampoline_p);
8858ac8eSSven Schnelle}