xref: /linux/arch/riscv/kernel/probes/kprobes.c (revision 9dbbc3b9d09d6deba9f3b9e1d5b355032ed46a75)
1 // SPDX-License-Identifier: GPL-2.0+
2 
3 #include <linux/kprobes.h>
4 #include <linux/extable.h>
5 #include <linux/slab.h>
6 #include <linux/stop_machine.h>
7 #include <asm/ptrace.h>
8 #include <linux/uaccess.h>
9 #include <asm/sections.h>
10 #include <asm/cacheflush.h>
11 #include <asm/bug.h>
12 #include <asm/patch.h>
13 
14 #include "decode-insn.h"
15 
16 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
17 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
18 
19 static void __kprobes
20 post_kprobe_handler(struct kprobe_ctlblk *, struct pt_regs *);
21 
22 static void __kprobes arch_prepare_ss_slot(struct kprobe *p)
23 {
24 	unsigned long offset = GET_INSN_LENGTH(p->opcode);
25 
26 	p->ainsn.api.restore = (unsigned long)p->addr + offset;
27 
28 	patch_text(p->ainsn.api.insn, p->opcode);
29 	patch_text((void *)((unsigned long)(p->ainsn.api.insn) + offset),
30 		   __BUG_INSN_32);
31 }
32 
33 static void __kprobes arch_prepare_simulate(struct kprobe *p)
34 {
35 	p->ainsn.api.restore = 0;
36 }
37 
38 static void __kprobes arch_simulate_insn(struct kprobe *p, struct pt_regs *regs)
39 {
40 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
41 
42 	if (p->ainsn.api.handler)
43 		p->ainsn.api.handler((u32)p->opcode,
44 					(unsigned long)p->addr, regs);
45 
46 	post_kprobe_handler(kcb, regs);
47 }
48 
49 int __kprobes arch_prepare_kprobe(struct kprobe *p)
50 {
51 	unsigned long probe_addr = (unsigned long)p->addr;
52 
53 	if (probe_addr & 0x1) {
54 		pr_warn("Address not aligned.\n");
55 
56 		return -EINVAL;
57 	}
58 
59 	/* copy instruction */
60 	p->opcode = *p->addr;
61 
62 	/* decode instruction */
63 	switch (riscv_probe_decode_insn(p->addr, &p->ainsn.api)) {
64 	case INSN_REJECTED:	/* insn not supported */
65 		return -EINVAL;
66 
67 	case INSN_GOOD_NO_SLOT:	/* insn need simulation */
68 		p->ainsn.api.insn = NULL;
69 		break;
70 
71 	case INSN_GOOD:	/* instruction uses slot */
72 		p->ainsn.api.insn = get_insn_slot();
73 		if (!p->ainsn.api.insn)
74 			return -ENOMEM;
75 		break;
76 	}
77 
78 	/* prepare the instruction */
79 	if (p->ainsn.api.insn)
80 		arch_prepare_ss_slot(p);
81 	else
82 		arch_prepare_simulate(p);
83 
84 	return 0;
85 }
86 
87 #ifdef CONFIG_MMU
88 void *alloc_insn_page(void)
89 {
90 	return  __vmalloc_node_range(PAGE_SIZE, 1, VMALLOC_START, VMALLOC_END,
91 				     GFP_KERNEL, PAGE_KERNEL_READ_EXEC,
92 				     VM_FLUSH_RESET_PERMS, NUMA_NO_NODE,
93 				     __builtin_return_address(0));
94 }
95 #endif
96 
97 /* install breakpoint in text */
98 void __kprobes arch_arm_kprobe(struct kprobe *p)
99 {
100 	if ((p->opcode & __INSN_LENGTH_MASK) == __INSN_LENGTH_32)
101 		patch_text(p->addr, __BUG_INSN_32);
102 	else
103 		patch_text(p->addr, __BUG_INSN_16);
104 }
105 
106 /* remove breakpoint from text */
107 void __kprobes arch_disarm_kprobe(struct kprobe *p)
108 {
109 	patch_text(p->addr, p->opcode);
110 }
111 
112 void __kprobes arch_remove_kprobe(struct kprobe *p)
113 {
114 }
115 
116 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
117 {
118 	kcb->prev_kprobe.kp = kprobe_running();
119 	kcb->prev_kprobe.status = kcb->kprobe_status;
120 }
121 
122 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
123 {
124 	__this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
125 	kcb->kprobe_status = kcb->prev_kprobe.status;
126 }
127 
128 static void __kprobes set_current_kprobe(struct kprobe *p)
129 {
130 	__this_cpu_write(current_kprobe, p);
131 }
132 
133 /*
134  * Interrupts need to be disabled before single-step mode is set, and not
135  * reenabled until after single-step mode ends.
136  * Without disabling interrupt on local CPU, there is a chance of
137  * interrupt occurrence in the period of exception return and  start of
138  * out-of-line single-step, that result in wrongly single stepping
139  * into the interrupt handler.
140  */
141 static void __kprobes kprobes_save_local_irqflag(struct kprobe_ctlblk *kcb,
142 						struct pt_regs *regs)
143 {
144 	kcb->saved_status = regs->status;
145 	regs->status &= ~SR_SPIE;
146 }
147 
148 static void __kprobes kprobes_restore_local_irqflag(struct kprobe_ctlblk *kcb,
149 						struct pt_regs *regs)
150 {
151 	regs->status = kcb->saved_status;
152 }
153 
154 static void __kprobes
155 set_ss_context(struct kprobe_ctlblk *kcb, unsigned long addr, struct kprobe *p)
156 {
157 	unsigned long offset = GET_INSN_LENGTH(p->opcode);
158 
159 	kcb->ss_ctx.ss_pending = true;
160 	kcb->ss_ctx.match_addr = addr + offset;
161 }
162 
163 static void __kprobes clear_ss_context(struct kprobe_ctlblk *kcb)
164 {
165 	kcb->ss_ctx.ss_pending = false;
166 	kcb->ss_ctx.match_addr = 0;
167 }
168 
169 static void __kprobes setup_singlestep(struct kprobe *p,
170 				       struct pt_regs *regs,
171 				       struct kprobe_ctlblk *kcb, int reenter)
172 {
173 	unsigned long slot;
174 
175 	if (reenter) {
176 		save_previous_kprobe(kcb);
177 		set_current_kprobe(p);
178 		kcb->kprobe_status = KPROBE_REENTER;
179 	} else {
180 		kcb->kprobe_status = KPROBE_HIT_SS;
181 	}
182 
183 	if (p->ainsn.api.insn) {
184 		/* prepare for single stepping */
185 		slot = (unsigned long)p->ainsn.api.insn;
186 
187 		set_ss_context(kcb, slot, p);	/* mark pending ss */
188 
189 		/* IRQs and single stepping do not mix well. */
190 		kprobes_save_local_irqflag(kcb, regs);
191 
192 		instruction_pointer_set(regs, slot);
193 	} else {
194 		/* insn simulation */
195 		arch_simulate_insn(p, regs);
196 	}
197 }
198 
199 static int __kprobes reenter_kprobe(struct kprobe *p,
200 				    struct pt_regs *regs,
201 				    struct kprobe_ctlblk *kcb)
202 {
203 	switch (kcb->kprobe_status) {
204 	case KPROBE_HIT_SSDONE:
205 	case KPROBE_HIT_ACTIVE:
206 		kprobes_inc_nmissed_count(p);
207 		setup_singlestep(p, regs, kcb, 1);
208 		break;
209 	case KPROBE_HIT_SS:
210 	case KPROBE_REENTER:
211 		pr_warn("Unrecoverable kprobe detected.\n");
212 		dump_kprobe(p);
213 		BUG();
214 		break;
215 	default:
216 		WARN_ON(1);
217 		return 0;
218 	}
219 
220 	return 1;
221 }
222 
223 static void __kprobes
224 post_kprobe_handler(struct kprobe_ctlblk *kcb, struct pt_regs *regs)
225 {
226 	struct kprobe *cur = kprobe_running();
227 
228 	if (!cur)
229 		return;
230 
231 	/* return addr restore if non-branching insn */
232 	if (cur->ainsn.api.restore != 0)
233 		regs->epc = cur->ainsn.api.restore;
234 
235 	/* restore back original saved kprobe variables and continue */
236 	if (kcb->kprobe_status == KPROBE_REENTER) {
237 		restore_previous_kprobe(kcb);
238 		return;
239 	}
240 
241 	/* call post handler */
242 	kcb->kprobe_status = KPROBE_HIT_SSDONE;
243 	if (cur->post_handler)	{
244 		/* post_handler can hit breakpoint and single step
245 		 * again, so we enable D-flag for recursive exception.
246 		 */
247 		cur->post_handler(cur, regs, 0);
248 	}
249 
250 	reset_current_kprobe();
251 }
252 
253 int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int trapnr)
254 {
255 	struct kprobe *cur = kprobe_running();
256 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
257 
258 	switch (kcb->kprobe_status) {
259 	case KPROBE_HIT_SS:
260 	case KPROBE_REENTER:
261 		/*
262 		 * We are here because the instruction being single
263 		 * stepped caused a page fault. We reset the current
264 		 * kprobe and the ip points back to the probe address
265 		 * and allow the page fault handler to continue as a
266 		 * normal page fault.
267 		 */
268 		regs->epc = (unsigned long) cur->addr;
269 		BUG_ON(!instruction_pointer(regs));
270 
271 		if (kcb->kprobe_status == KPROBE_REENTER)
272 			restore_previous_kprobe(kcb);
273 		else {
274 			kprobes_restore_local_irqflag(kcb, regs);
275 			reset_current_kprobe();
276 		}
277 
278 		break;
279 	case KPROBE_HIT_ACTIVE:
280 	case KPROBE_HIT_SSDONE:
281 		/*
282 		 * In case the user-specified fault handler returned
283 		 * zero, try to fix up.
284 		 */
285 		if (fixup_exception(regs))
286 			return 1;
287 	}
288 	return 0;
289 }
290 
291 bool __kprobes
292 kprobe_breakpoint_handler(struct pt_regs *regs)
293 {
294 	struct kprobe *p, *cur_kprobe;
295 	struct kprobe_ctlblk *kcb;
296 	unsigned long addr = instruction_pointer(regs);
297 
298 	kcb = get_kprobe_ctlblk();
299 	cur_kprobe = kprobe_running();
300 
301 	p = get_kprobe((kprobe_opcode_t *) addr);
302 
303 	if (p) {
304 		if (cur_kprobe) {
305 			if (reenter_kprobe(p, regs, kcb))
306 				return true;
307 		} else {
308 			/* Probe hit */
309 			set_current_kprobe(p);
310 			kcb->kprobe_status = KPROBE_HIT_ACTIVE;
311 
312 			/*
313 			 * If we have no pre-handler or it returned 0, we
314 			 * continue with normal processing.  If we have a
315 			 * pre-handler and it returned non-zero, it will
316 			 * modify the execution path and no need to single
317 			 * stepping. Let's just reset current kprobe and exit.
318 			 *
319 			 * pre_handler can hit a breakpoint and can step thru
320 			 * before return.
321 			 */
322 			if (!p->pre_handler || !p->pre_handler(p, regs))
323 				setup_singlestep(p, regs, kcb, 0);
324 			else
325 				reset_current_kprobe();
326 		}
327 		return true;
328 	}
329 
330 	/*
331 	 * The breakpoint instruction was removed right
332 	 * after we hit it.  Another cpu has removed
333 	 * either a probepoint or a debugger breakpoint
334 	 * at this address.  In either case, no further
335 	 * handling of this interrupt is appropriate.
336 	 * Return back to original instruction, and continue.
337 	 */
338 	return false;
339 }
340 
341 bool __kprobes
342 kprobe_single_step_handler(struct pt_regs *regs)
343 {
344 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
345 
346 	if ((kcb->ss_ctx.ss_pending)
347 	    && (kcb->ss_ctx.match_addr == instruction_pointer(regs))) {
348 		clear_ss_context(kcb);	/* clear pending ss */
349 
350 		kprobes_restore_local_irqflag(kcb, regs);
351 
352 		post_kprobe_handler(kcb, regs);
353 		return true;
354 	}
355 	return false;
356 }
357 
358 /*
359  * Provide a blacklist of symbols identifying ranges which cannot be kprobed.
360  * This blacklist is exposed to userspace via debugfs (kprobes/blacklist).
361  */
362 int __init arch_populate_kprobe_blacklist(void)
363 {
364 	int ret;
365 
366 	ret = kprobe_add_area_blacklist((unsigned long)__irqentry_text_start,
367 					(unsigned long)__irqentry_text_end);
368 	return ret;
369 }
370 
371 void __kprobes __used *trampoline_probe_handler(struct pt_regs *regs)
372 {
373 	return (void *)kretprobe_trampoline_handler(regs, &kretprobe_trampoline, NULL);
374 }
375 
376 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
377 				      struct pt_regs *regs)
378 {
379 	ri->ret_addr = (kprobe_opcode_t *)regs->ra;
380 	ri->fp = NULL;
381 	regs->ra = (unsigned long) &kretprobe_trampoline;
382 }
383 
384 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
385 {
386 	return 0;
387 }
388 
389 int __init arch_init_kprobes(void)
390 {
391 	return 0;
392 }
393