1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * User-space Probes (UProbes) for s390 4 * 5 * Copyright IBM Corp. 2014 6 * Author(s): Jan Willeke, 7 */ 8 9 #include <linux/uaccess.h> 10 #include <linux/uprobes.h> 11 #include <linux/compat.h> 12 #include <linux/kdebug.h> 13 #include <linux/sched/task_stack.h> 14 15 #include <asm/switch_to.h> 16 #include <asm/facility.h> 17 #include <asm/kprobes.h> 18 #include <asm/dis.h> 19 #include "entry.h" 20 21 #define UPROBE_TRAP_NR UINT_MAX 22 23 int arch_uprobe_analyze_insn(struct arch_uprobe *auprobe, struct mm_struct *mm, 24 unsigned long addr) 25 { 26 return probe_is_prohibited_opcode(auprobe->insn); 27 } 28 29 int arch_uprobe_pre_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) 30 { 31 if (psw_bits(regs->psw).eaba == PSW_BITS_AMODE_24BIT) 32 return -EINVAL; 33 if (!is_compat_task() && psw_bits(regs->psw).eaba == PSW_BITS_AMODE_31BIT) 34 return -EINVAL; 35 clear_pt_regs_flag(regs, PIF_PER_TRAP); 36 auprobe->saved_per = psw_bits(regs->psw).per; 37 auprobe->saved_int_code = regs->int_code; 38 regs->int_code = UPROBE_TRAP_NR; 39 regs->psw.addr = current->utask->xol_vaddr; 40 set_tsk_thread_flag(current, TIF_UPROBE_SINGLESTEP); 41 update_cr_regs(current); 42 return 0; 43 } 44 45 bool arch_uprobe_xol_was_trapped(struct task_struct *tsk) 46 { 47 struct pt_regs *regs = task_pt_regs(tsk); 48 49 if (regs->int_code != UPROBE_TRAP_NR) 50 return true; 51 return false; 52 } 53 54 static int check_per_event(unsigned short cause, unsigned long control, 55 struct pt_regs *regs) 56 { 57 if (!(regs->psw.mask & PSW_MASK_PER)) 58 return 0; 59 /* user space single step */ 60 if (control == 0) 61 return 1; 62 /* over indication for storage alteration */ 63 if ((control & 0x20200000) && (cause & 0x2000)) 64 return 1; 65 if (cause & 0x8000) { 66 /* all branches */ 67 if ((control & 0x80800000) == 0x80000000) 68 return 1; 69 /* branch into selected range */ 70 if (((control & 0x80800000) == 0x80800000) && 71 regs->psw.addr >= current->thread.per_user.start && 72 regs->psw.addr <= current->thread.per_user.end) 73 return 1; 74 } 75 return 0; 76 } 77 78 int arch_uprobe_post_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) 79 { 80 int fixup = probe_get_fixup_type(auprobe->insn); 81 struct uprobe_task *utask = current->utask; 82 83 clear_tsk_thread_flag(current, TIF_UPROBE_SINGLESTEP); 84 update_cr_regs(current); 85 psw_bits(regs->psw).per = auprobe->saved_per; 86 regs->int_code = auprobe->saved_int_code; 87 88 if (fixup & FIXUP_PSW_NORMAL) 89 regs->psw.addr += utask->vaddr - utask->xol_vaddr; 90 if (fixup & FIXUP_RETURN_REGISTER) { 91 int reg = (auprobe->insn[0] & 0xf0) >> 4; 92 93 regs->gprs[reg] += utask->vaddr - utask->xol_vaddr; 94 } 95 if (fixup & FIXUP_BRANCH_NOT_TAKEN) { 96 int ilen = insn_length(auprobe->insn[0] >> 8); 97 98 if (regs->psw.addr - utask->xol_vaddr == ilen) 99 regs->psw.addr = utask->vaddr + ilen; 100 } 101 if (check_per_event(current->thread.per_event.cause, 102 current->thread.per_user.control, regs)) { 103 /* fix per address */ 104 current->thread.per_event.address = utask->vaddr; 105 /* trigger per event */ 106 set_pt_regs_flag(regs, PIF_PER_TRAP); 107 } 108 return 0; 109 } 110 111 int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, 112 void *data) 113 { 114 struct die_args *args = data; 115 struct pt_regs *regs = args->regs; 116 117 if (!user_mode(regs)) 118 return NOTIFY_DONE; 119 if (regs->int_code & 0x200) /* Trap during transaction */ 120 return NOTIFY_DONE; 121 switch (val) { 122 case DIE_BPT: 123 if (uprobe_pre_sstep_notifier(regs)) 124 return NOTIFY_STOP; 125 break; 126 case DIE_SSTEP: 127 if (uprobe_post_sstep_notifier(regs)) 128 return NOTIFY_STOP; 129 default: 130 break; 131 } 132 return NOTIFY_DONE; 133 } 134 135 void arch_uprobe_abort_xol(struct arch_uprobe *auprobe, struct pt_regs *regs) 136 { 137 clear_thread_flag(TIF_UPROBE_SINGLESTEP); 138 regs->int_code = auprobe->saved_int_code; 139 regs->psw.addr = current->utask->vaddr; 140 current->thread.per_event.address = current->utask->vaddr; 141 } 142 143 unsigned long arch_uretprobe_hijack_return_addr(unsigned long trampoline, 144 struct pt_regs *regs) 145 { 146 unsigned long orig; 147 148 orig = regs->gprs[14]; 149 regs->gprs[14] = trampoline; 150 return orig; 151 } 152 153 bool arch_uretprobe_is_alive(struct return_instance *ret, enum rp_check ctx, 154 struct pt_regs *regs) 155 { 156 if (ctx == RP_CHECK_CHAIN_CALL) 157 return user_stack_pointer(regs) <= ret->stack; 158 else 159 return user_stack_pointer(regs) < ret->stack; 160 } 161 162 /* Instruction Emulation */ 163 164 static void adjust_psw_addr(psw_t *psw, unsigned long len) 165 { 166 psw->addr = __rewind_psw(*psw, -len); 167 } 168 169 #define EMU_ILLEGAL_OP 1 170 #define EMU_SPECIFICATION 2 171 #define EMU_ADDRESSING 3 172 173 #define emu_load_ril(ptr, output) \ 174 ({ \ 175 unsigned int mask = sizeof(*(ptr)) - 1; \ 176 __typeof__(*(ptr)) input; \ 177 int __rc = 0; \ 178 \ 179 if (!test_facility(34)) \ 180 __rc = EMU_ILLEGAL_OP; \ 181 else if ((u64 __force)ptr & mask) \ 182 __rc = EMU_SPECIFICATION; \ 183 else if (get_user(input, ptr)) \ 184 __rc = EMU_ADDRESSING; \ 185 else \ 186 *(output) = input; \ 187 __rc; \ 188 }) 189 190 #define emu_store_ril(regs, ptr, input) \ 191 ({ \ 192 unsigned int mask = sizeof(*(ptr)) - 1; \ 193 __typeof__(ptr) __ptr = (ptr); \ 194 int __rc = 0; \ 195 \ 196 if (!test_facility(34)) \ 197 __rc = EMU_ILLEGAL_OP; \ 198 else if ((u64 __force)__ptr & mask) \ 199 __rc = EMU_SPECIFICATION; \ 200 else if (put_user(*(input), __ptr)) \ 201 __rc = EMU_ADDRESSING; \ 202 if (__rc == 0) \ 203 sim_stor_event(regs, \ 204 (void __force *)__ptr, \ 205 mask + 1); \ 206 __rc; \ 207 }) 208 209 #define emu_cmp_ril(regs, ptr, cmp) \ 210 ({ \ 211 unsigned int mask = sizeof(*(ptr)) - 1; \ 212 __typeof__(*(ptr)) input; \ 213 int __rc = 0; \ 214 \ 215 if (!test_facility(34)) \ 216 __rc = EMU_ILLEGAL_OP; \ 217 else if ((u64 __force)ptr & mask) \ 218 __rc = EMU_SPECIFICATION; \ 219 else if (get_user(input, ptr)) \ 220 __rc = EMU_ADDRESSING; \ 221 else if (input > *(cmp)) \ 222 psw_bits((regs)->psw).cc = 1; \ 223 else if (input < *(cmp)) \ 224 psw_bits((regs)->psw).cc = 2; \ 225 else \ 226 psw_bits((regs)->psw).cc = 0; \ 227 __rc; \ 228 }) 229 230 struct insn_ril { 231 u8 opc0; 232 u8 reg : 4; 233 u8 opc1 : 4; 234 s32 disp; 235 } __packed; 236 237 union split_register { 238 u64 u64; 239 u32 u32[2]; 240 u16 u16[4]; 241 s64 s64; 242 s32 s32[2]; 243 s16 s16[4]; 244 }; 245 246 /* 247 * If user per registers are setup to trace storage alterations and an 248 * emulated store took place on a fitting address a user trap is generated. 249 */ 250 static void sim_stor_event(struct pt_regs *regs, void *addr, int len) 251 { 252 if (!(regs->psw.mask & PSW_MASK_PER)) 253 return; 254 if (!(current->thread.per_user.control & PER_EVENT_STORE)) 255 return; 256 if ((void *)current->thread.per_user.start > (addr + len)) 257 return; 258 if ((void *)current->thread.per_user.end < addr) 259 return; 260 current->thread.per_event.address = regs->psw.addr; 261 current->thread.per_event.cause = PER_EVENT_STORE >> 16; 262 set_pt_regs_flag(regs, PIF_PER_TRAP); 263 } 264 265 /* 266 * pc relative instructions are emulated, since parameters may not be 267 * accessible from the xol area due to range limitations. 268 */ 269 static void handle_insn_ril(struct arch_uprobe *auprobe, struct pt_regs *regs) 270 { 271 union split_register *rx; 272 struct insn_ril *insn; 273 unsigned int ilen; 274 void *uptr; 275 int rc = 0; 276 277 insn = (struct insn_ril *) &auprobe->insn; 278 rx = (union split_register *) ®s->gprs[insn->reg]; 279 uptr = (void *)(regs->psw.addr + (insn->disp * 2)); 280 ilen = insn_length(insn->opc0); 281 282 switch (insn->opc0) { 283 case 0xc0: 284 switch (insn->opc1) { 285 case 0x00: /* larl */ 286 rx->u64 = (unsigned long)uptr; 287 break; 288 } 289 break; 290 case 0xc4: 291 switch (insn->opc1) { 292 case 0x02: /* llhrl */ 293 rc = emu_load_ril((u16 __user *)uptr, &rx->u32[1]); 294 break; 295 case 0x04: /* lghrl */ 296 rc = emu_load_ril((s16 __user *)uptr, &rx->u64); 297 break; 298 case 0x05: /* lhrl */ 299 rc = emu_load_ril((s16 __user *)uptr, &rx->u32[1]); 300 break; 301 case 0x06: /* llghrl */ 302 rc = emu_load_ril((u16 __user *)uptr, &rx->u64); 303 break; 304 case 0x08: /* lgrl */ 305 rc = emu_load_ril((u64 __user *)uptr, &rx->u64); 306 break; 307 case 0x0c: /* lgfrl */ 308 rc = emu_load_ril((s32 __user *)uptr, &rx->u64); 309 break; 310 case 0x0d: /* lrl */ 311 rc = emu_load_ril((u32 __user *)uptr, &rx->u32[1]); 312 break; 313 case 0x0e: /* llgfrl */ 314 rc = emu_load_ril((u32 __user *)uptr, &rx->u64); 315 break; 316 case 0x07: /* sthrl */ 317 rc = emu_store_ril(regs, (u16 __user *)uptr, &rx->u16[3]); 318 break; 319 case 0x0b: /* stgrl */ 320 rc = emu_store_ril(regs, (u64 __user *)uptr, &rx->u64); 321 break; 322 case 0x0f: /* strl */ 323 rc = emu_store_ril(regs, (u32 __user *)uptr, &rx->u32[1]); 324 break; 325 } 326 break; 327 case 0xc6: 328 switch (insn->opc1) { 329 case 0x02: /* pfdrl */ 330 if (!test_facility(34)) 331 rc = EMU_ILLEGAL_OP; 332 break; 333 case 0x04: /* cghrl */ 334 rc = emu_cmp_ril(regs, (s16 __user *)uptr, &rx->s64); 335 break; 336 case 0x05: /* chrl */ 337 rc = emu_cmp_ril(regs, (s16 __user *)uptr, &rx->s32[1]); 338 break; 339 case 0x06: /* clghrl */ 340 rc = emu_cmp_ril(regs, (u16 __user *)uptr, &rx->u64); 341 break; 342 case 0x07: /* clhrl */ 343 rc = emu_cmp_ril(regs, (u16 __user *)uptr, &rx->u32[1]); 344 break; 345 case 0x08: /* cgrl */ 346 rc = emu_cmp_ril(regs, (s64 __user *)uptr, &rx->s64); 347 break; 348 case 0x0a: /* clgrl */ 349 rc = emu_cmp_ril(regs, (u64 __user *)uptr, &rx->u64); 350 break; 351 case 0x0c: /* cgfrl */ 352 rc = emu_cmp_ril(regs, (s32 __user *)uptr, &rx->s64); 353 break; 354 case 0x0d: /* crl */ 355 rc = emu_cmp_ril(regs, (s32 __user *)uptr, &rx->s32[1]); 356 break; 357 case 0x0e: /* clgfrl */ 358 rc = emu_cmp_ril(regs, (u32 __user *)uptr, &rx->u64); 359 break; 360 case 0x0f: /* clrl */ 361 rc = emu_cmp_ril(regs, (u32 __user *)uptr, &rx->u32[1]); 362 break; 363 } 364 break; 365 } 366 adjust_psw_addr(®s->psw, ilen); 367 switch (rc) { 368 case EMU_ILLEGAL_OP: 369 regs->int_code = ilen << 16 | 0x0001; 370 do_report_trap(regs, SIGILL, ILL_ILLOPC, NULL); 371 break; 372 case EMU_SPECIFICATION: 373 regs->int_code = ilen << 16 | 0x0006; 374 do_report_trap(regs, SIGILL, ILL_ILLOPC , NULL); 375 break; 376 case EMU_ADDRESSING: 377 regs->int_code = ilen << 16 | 0x0005; 378 do_report_trap(regs, SIGSEGV, SEGV_MAPERR, NULL); 379 break; 380 } 381 } 382 383 bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs) 384 { 385 if ((psw_bits(regs->psw).eaba == PSW_BITS_AMODE_24BIT) || 386 ((psw_bits(regs->psw).eaba == PSW_BITS_AMODE_31BIT) && 387 !is_compat_task())) { 388 regs->psw.addr = __rewind_psw(regs->psw, UPROBE_SWBP_INSN_SIZE); 389 do_report_trap(regs, SIGILL, ILL_ILLADR, NULL); 390 return true; 391 } 392 if (probe_is_insn_relative_long(auprobe->insn)) { 393 handle_insn_ril(auprobe, regs); 394 return true; 395 } 396 return false; 397 } 398