1/* 2 * arch/arm/kernel/kprobes-decode.c 3 * 4 * Copyright (C) 2006, 2007 Motorola Inc. 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 2 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * General Public License for more details. 14 */ 15 16/* 17 * We do not have hardware single-stepping on ARM, This 18 * effort is further complicated by the ARM not having a 19 * "next PC" register. Instructions that change the PC 20 * can't be safely single-stepped in a MP environment, so 21 * we have a lot of work to do: 22 * 23 * In the prepare phase: 24 * *) If it is an instruction that does anything 25 * with the CPU mode, we reject it for a kprobe. 26 * (This is out of laziness rather than need. The 27 * instructions could be simulated.) 28 * 29 * *) Otherwise, decode the instruction rewriting its 30 * registers to take fixed, ordered registers and 31 * setting a handler for it to run the instruction. 32 * 33 * In the execution phase by an instruction's handler: 34 * 35 * *) If the PC is written to by the instruction, the 36 * instruction must be fully simulated in software. 37 * If it is a conditional instruction, the handler 38 * will use insn[0] to copy its condition code to 39 * set r0 to 1 and insn[1] to "mov pc, lr" to return. 40 * 41 * *) Otherwise, a modified form of the instruction is 42 * directly executed. Its handler calls the 43 * instruction in insn[0]. In insn[1] is a 44 * "mov pc, lr" to return. 45 * 46 * Before calling, load up the reordered registers 47 * from the original instruction's registers. If one 48 * of the original input registers is the PC, compute 49 * and adjust the appropriate input register. 50 * 51 * After call completes, copy the output registers to 52 * the original instruction's original registers. 53 * 54 * We don't use a real breakpoint instruction since that 55 * would have us in the kernel go from SVC mode to SVC 56 * mode losing the link register. Instead we use an 57 * undefined instruction. To simplify processing, the 58 * undefined instruction used for kprobes must be reserved 59 * exclusively for kprobes use. 60 * 61 * TODO: ifdef out some instruction decoding based on architecture. 62 */ 63 64#include <linux/kernel.h> 65#include <linux/kprobes.h> 66 67#define sign_extend(x, signbit) ((x) | (0 - ((x) & (1 << (signbit))))) 68 69#define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25) 70 71#define PSR_fs (PSR_f|PSR_s) 72 73#define KPROBE_RETURN_INSTRUCTION 0xe1a0f00e /* mov pc, lr */ 74#define SET_R0_TRUE_INSTRUCTION 0xe3a00001 /* mov r0, #1 */ 75 76#define truecc_insn(insn) (((insn) & 0xf0000000) | \ 77 (SET_R0_TRUE_INSTRUCTION & 0x0fffffff)) 78 79typedef long (insn_0arg_fn_t)(void); 80typedef long (insn_1arg_fn_t)(long); 81typedef long (insn_2arg_fn_t)(long, long); 82typedef long (insn_3arg_fn_t)(long, long, long); 83typedef long (insn_4arg_fn_t)(long, long, long, long); 84typedef long long (insn_llret_0arg_fn_t)(void); 85typedef long long (insn_llret_3arg_fn_t)(long, long, long); 86typedef long long (insn_llret_4arg_fn_t)(long, long, long, long); 87 88union reg_pair { 89 long long dr; 90#ifdef __LITTLE_ENDIAN 91 struct { long r0, r1; }; 92#else 93 struct { long r1, r0; }; 94#endif 95}; 96 97/* 98 * For STR and STM instructions, an ARM core may choose to use either 99 * a +8 or a +12 displacement from the current instruction's address. 100 * Whichever value is chosen for a given core, it must be the same for 101 * both instructions and may not change. This function measures it. 102 */ 103 104static int str_pc_offset; 105 106static void __init find_str_pc_offset(void) 107{ 108 int addr, scratch, ret; 109 110 __asm__ ( 111 "sub %[ret], pc, #4 \n\t" 112 "str pc, %[addr] \n\t" 113 "ldr %[scr], %[addr] \n\t" 114 "sub %[ret], %[scr], %[ret] \n\t" 115 : [ret] "=r" (ret), [scr] "=r" (scratch), [addr] "+m" (addr)); 116 117 str_pc_offset = ret; 118} 119 120/* 121 * The insnslot_?arg_r[w]flags() functions below are to keep the 122 * msr -> *fn -> mrs instruction sequences indivisible so that 123 * the state of the CPSR flags aren't inadvertently modified 124 * just before or just after the call. 125 */ 126 127static inline long __kprobes 128insnslot_0arg_rflags(long cpsr, insn_0arg_fn_t *fn) 129{ 130 register long ret asm("r0"); 131 132 __asm__ __volatile__ ( 133 "msr cpsr_fs, %[cpsr] \n\t" 134 "mov lr, pc \n\t" 135 "mov pc, %[fn] \n\t" 136 : "=r" (ret) 137 : [cpsr] "r" (cpsr), [fn] "r" (fn) 138 : "lr", "cc" 139 ); 140 return ret; 141} 142 143static inline long long __kprobes 144insnslot_llret_0arg_rflags(long cpsr, insn_llret_0arg_fn_t *fn) 145{ 146 register long ret0 asm("r0"); 147 register long ret1 asm("r1"); 148 union reg_pair fnr; 149 150 __asm__ __volatile__ ( 151 "msr cpsr_fs, %[cpsr] \n\t" 152 "mov lr, pc \n\t" 153 "mov pc, %[fn] \n\t" 154 : "=r" (ret0), "=r" (ret1) 155 : [cpsr] "r" (cpsr), [fn] "r" (fn) 156 : "lr", "cc" 157 ); 158 fnr.r0 = ret0; 159 fnr.r1 = ret1; 160 return fnr.dr; 161} 162 163static inline long __kprobes 164insnslot_1arg_rflags(long r0, long cpsr, insn_1arg_fn_t *fn) 165{ 166 register long rr0 asm("r0") = r0; 167 register long ret asm("r0"); 168 169 __asm__ __volatile__ ( 170 "msr cpsr_fs, %[cpsr] \n\t" 171 "mov lr, pc \n\t" 172 "mov pc, %[fn] \n\t" 173 : "=r" (ret) 174 : "0" (rr0), [cpsr] "r" (cpsr), [fn] "r" (fn) 175 : "lr", "cc" 176 ); 177 return ret; 178} 179 180static inline long __kprobes 181insnslot_2arg_rflags(long r0, long r1, long cpsr, insn_2arg_fn_t *fn) 182{ 183 register long rr0 asm("r0") = r0; 184 register long rr1 asm("r1") = r1; 185 register long ret asm("r0"); 186 187 __asm__ __volatile__ ( 188 "msr cpsr_fs, %[cpsr] \n\t" 189 "mov lr, pc \n\t" 190 "mov pc, %[fn] \n\t" 191 : "=r" (ret) 192 : "0" (rr0), "r" (rr1), 193 [cpsr] "r" (cpsr), [fn] "r" (fn) 194 : "lr", "cc" 195 ); 196 return ret; 197} 198 199static inline long __kprobes 200insnslot_3arg_rflags(long r0, long r1, long r2, long cpsr, insn_3arg_fn_t *fn) 201{ 202 register long rr0 asm("r0") = r0; 203 register long rr1 asm("r1") = r1; 204 register long rr2 asm("r2") = r2; 205 register long ret asm("r0"); 206 207 __asm__ __volatile__ ( 208 "msr cpsr_fs, %[cpsr] \n\t" 209 "mov lr, pc \n\t" 210 "mov pc, %[fn] \n\t" 211 : "=r" (ret) 212 : "0" (rr0), "r" (rr1), "r" (rr2), 213 [cpsr] "r" (cpsr), [fn] "r" (fn) 214 : "lr", "cc" 215 ); 216 return ret; 217} 218 219static inline long long __kprobes 220insnslot_llret_3arg_rflags(long r0, long r1, long r2, long cpsr, 221 insn_llret_3arg_fn_t *fn) 222{ 223 register long rr0 asm("r0") = r0; 224 register long rr1 asm("r1") = r1; 225 register long rr2 asm("r2") = r2; 226 register long ret0 asm("r0"); 227 register long ret1 asm("r1"); 228 union reg_pair fnr; 229 230 __asm__ __volatile__ ( 231 "msr cpsr_fs, %[cpsr] \n\t" 232 "mov lr, pc \n\t" 233 "mov pc, %[fn] \n\t" 234 : "=r" (ret0), "=r" (ret1) 235 : "0" (rr0), "r" (rr1), "r" (rr2), 236 [cpsr] "r" (cpsr), [fn] "r" (fn) 237 : "lr", "cc" 238 ); 239 fnr.r0 = ret0; 240 fnr.r1 = ret1; 241 return fnr.dr; 242} 243 244static inline long __kprobes 245insnslot_4arg_rflags(long r0, long r1, long r2, long r3, long cpsr, 246 insn_4arg_fn_t *fn) 247{ 248 register long rr0 asm("r0") = r0; 249 register long rr1 asm("r1") = r1; 250 register long rr2 asm("r2") = r2; 251 register long rr3 asm("r3") = r3; 252 register long ret asm("r0"); 253 254 __asm__ __volatile__ ( 255 "msr cpsr_fs, %[cpsr] \n\t" 256 "mov lr, pc \n\t" 257 "mov pc, %[fn] \n\t" 258 : "=r" (ret) 259 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3), 260 [cpsr] "r" (cpsr), [fn] "r" (fn) 261 : "lr", "cc" 262 ); 263 return ret; 264} 265 266static inline long __kprobes 267insnslot_1arg_rwflags(long r0, long *cpsr, insn_1arg_fn_t *fn) 268{ 269 register long rr0 asm("r0") = r0; 270 register long ret asm("r0"); 271 long oldcpsr = *cpsr; 272 long newcpsr; 273 274 __asm__ __volatile__ ( 275 "msr cpsr_fs, %[oldcpsr] \n\t" 276 "mov lr, pc \n\t" 277 "mov pc, %[fn] \n\t" 278 "mrs %[newcpsr], cpsr \n\t" 279 : "=r" (ret), [newcpsr] "=r" (newcpsr) 280 : "0" (rr0), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn) 281 : "lr", "cc" 282 ); 283 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs); 284 return ret; 285} 286 287static inline long __kprobes 288insnslot_2arg_rwflags(long r0, long r1, long *cpsr, insn_2arg_fn_t *fn) 289{ 290 register long rr0 asm("r0") = r0; 291 register long rr1 asm("r1") = r1; 292 register long ret asm("r0"); 293 long oldcpsr = *cpsr; 294 long newcpsr; 295 296 __asm__ __volatile__ ( 297 "msr cpsr_fs, %[oldcpsr] \n\t" 298 "mov lr, pc \n\t" 299 "mov pc, %[fn] \n\t" 300 "mrs %[newcpsr], cpsr \n\t" 301 : "=r" (ret), [newcpsr] "=r" (newcpsr) 302 : "0" (rr0), "r" (rr1), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn) 303 : "lr", "cc" 304 ); 305 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs); 306 return ret; 307} 308 309static inline long __kprobes 310insnslot_3arg_rwflags(long r0, long r1, long r2, long *cpsr, 311 insn_3arg_fn_t *fn) 312{ 313 register long rr0 asm("r0") = r0; 314 register long rr1 asm("r1") = r1; 315 register long rr2 asm("r2") = r2; 316 register long ret asm("r0"); 317 long oldcpsr = *cpsr; 318 long newcpsr; 319 320 __asm__ __volatile__ ( 321 "msr cpsr_fs, %[oldcpsr] \n\t" 322 "mov lr, pc \n\t" 323 "mov pc, %[fn] \n\t" 324 "mrs %[newcpsr], cpsr \n\t" 325 : "=r" (ret), [newcpsr] "=r" (newcpsr) 326 : "0" (rr0), "r" (rr1), "r" (rr2), 327 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn) 328 : "lr", "cc" 329 ); 330 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs); 331 return ret; 332} 333 334static inline long __kprobes 335insnslot_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr, 336 insn_4arg_fn_t *fn) 337{ 338 register long rr0 asm("r0") = r0; 339 register long rr1 asm("r1") = r1; 340 register long rr2 asm("r2") = r2; 341 register long rr3 asm("r3") = r3; 342 register long ret asm("r0"); 343 long oldcpsr = *cpsr; 344 long newcpsr; 345 346 __asm__ __volatile__ ( 347 "msr cpsr_fs, %[oldcpsr] \n\t" 348 "mov lr, pc \n\t" 349 "mov pc, %[fn] \n\t" 350 "mrs %[newcpsr], cpsr \n\t" 351 : "=r" (ret), [newcpsr] "=r" (newcpsr) 352 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3), 353 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn) 354 : "lr", "cc" 355 ); 356 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs); 357 return ret; 358} 359 360static inline long long __kprobes 361insnslot_llret_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr, 362 insn_llret_4arg_fn_t *fn) 363{ 364 register long rr0 asm("r0") = r0; 365 register long rr1 asm("r1") = r1; 366 register long rr2 asm("r2") = r2; 367 register long rr3 asm("r3") = r3; 368 register long ret0 asm("r0"); 369 register long ret1 asm("r1"); 370 long oldcpsr = *cpsr; 371 long newcpsr; 372 union reg_pair fnr; 373 374 __asm__ __volatile__ ( 375 "msr cpsr_fs, %[oldcpsr] \n\t" 376 "mov lr, pc \n\t" 377 "mov pc, %[fn] \n\t" 378 "mrs %[newcpsr], cpsr \n\t" 379 : "=r" (ret0), "=r" (ret1), [newcpsr] "=r" (newcpsr) 380 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3), 381 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn) 382 : "lr", "cc" 383 ); 384 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs); 385 fnr.r0 = ret0; 386 fnr.r1 = ret1; 387 return fnr.dr; 388} 389 390/* 391 * To avoid the complications of mimicing single-stepping on a 392 * processor without a Next-PC or a single-step mode, and to 393 * avoid having to deal with the side-effects of boosting, we 394 * simulate or emulate (almost) all ARM instructions. 395 * 396 * "Simulation" is where the instruction's behavior is duplicated in 397 * C code. "Emulation" is where the original instruction is rewritten 398 * and executed, often by altering its registers. 399 * 400 * By having all behavior of the kprobe'd instruction completed before 401 * returning from the kprobe_handler(), all locks (scheduler and 402 * interrupt) can safely be released. There is no need for secondary 403 * breakpoints, no race with MP or preemptable kernels, nor having to 404 * clean up resources counts at a later time impacting overall system 405 * performance. By rewriting the instruction, only the minimum registers 406 * need to be loaded and saved back optimizing performance. 407 * 408 * Calling the insnslot_*_rwflags version of a function doesn't hurt 409 * anything even when the CPSR flags aren't updated by the 410 * instruction. It's just a little slower in return for saving 411 * a little space by not having a duplicate function that doesn't 412 * update the flags. (The same optimization can be said for 413 * instructions that do or don't perform register writeback) 414 * Also, instructions can either read the flags, only write the 415 * flags, or read and write the flags. To save combinations 416 * rather than for sheer performance, flag functions just assume 417 * read and write of flags. 418 */ 419 420static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs) 421{ 422 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 423 kprobe_opcode_t insn = p->opcode; 424 long iaddr = (long)p->addr; 425 int disp = branch_displacement(insn); 426 427 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn)) 428 return; 429 430 if (insn & (1 << 24)) 431 regs->ARM_lr = iaddr + 4; 432 433 regs->ARM_pc = iaddr + 8 + disp; 434} 435 436static void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs) 437{ 438 kprobe_opcode_t insn = p->opcode; 439 long iaddr = (long)p->addr; 440 int disp = branch_displacement(insn); 441 442 regs->ARM_lr = iaddr + 4; 443 regs->ARM_pc = iaddr + 8 + disp + ((insn >> 23) & 0x2); 444 regs->ARM_cpsr |= PSR_T_BIT; 445} 446 447static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs) 448{ 449 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 450 kprobe_opcode_t insn = p->opcode; 451 int rm = insn & 0xf; 452 long rmv = regs->uregs[rm]; 453 454 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn)) 455 return; 456 457 if (insn & (1 << 5)) 458 regs->ARM_lr = (long)p->addr + 4; 459 460 regs->ARM_pc = rmv & ~0x1; 461 regs->ARM_cpsr &= ~PSR_T_BIT; 462 if (rmv & 0x1) 463 regs->ARM_cpsr |= PSR_T_BIT; 464} 465 466static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs) 467{ 468 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 469 kprobe_opcode_t insn = p->opcode; 470 int rn = (insn >> 16) & 0xf; 471 int lbit = insn & (1 << 20); 472 int wbit = insn & (1 << 21); 473 int ubit = insn & (1 << 23); 474 int pbit = insn & (1 << 24); 475 long *addr = (long *)regs->uregs[rn]; 476 int reg_bit_vector; 477 int reg_count; 478 479 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn)) 480 return; 481 482 reg_count = 0; 483 reg_bit_vector = insn & 0xffff; 484 while (reg_bit_vector) { 485 reg_bit_vector &= (reg_bit_vector - 1); 486 ++reg_count; 487 } 488 489 if (!ubit) 490 addr -= reg_count; 491 addr += (!pbit == !ubit); 492 493 reg_bit_vector = insn & 0xffff; 494 while (reg_bit_vector) { 495 int reg = __ffs(reg_bit_vector); 496 reg_bit_vector &= (reg_bit_vector - 1); 497 if (lbit) 498 regs->uregs[reg] = *addr++; 499 else 500 *addr++ = regs->uregs[reg]; 501 } 502 503 if (wbit) { 504 if (!ubit) 505 addr -= reg_count; 506 addr -= (!pbit == !ubit); 507 regs->uregs[rn] = (long)addr; 508 } 509} 510 511static void __kprobes simulate_stm1_pc(struct kprobe *p, struct pt_regs *regs) 512{ 513 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 514 515 if (!insnslot_1arg_rflags(0, regs->ARM_cpsr, i_fn)) 516 return; 517 518 regs->ARM_pc = (long)p->addr + str_pc_offset; 519 simulate_ldm1stm1(p, regs); 520 regs->ARM_pc = (long)p->addr + 4; 521} 522 523static void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs) 524{ 525 regs->uregs[12] = regs->uregs[13]; 526} 527 528static void __kprobes emulate_ldcstc(struct kprobe *p, struct pt_regs *regs) 529{ 530 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 531 kprobe_opcode_t insn = p->opcode; 532 int rn = (insn >> 16) & 0xf; 533 long rnv = regs->uregs[rn]; 534 535 /* Save Rn in case of writeback. */ 536 regs->uregs[rn] = insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn); 537} 538 539static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs) 540{ 541 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0]; 542 kprobe_opcode_t insn = p->opcode; 543 int rd = (insn >> 12) & 0xf; 544 int rn = (insn >> 16) & 0xf; 545 int rm = insn & 0xf; /* rm may be invalid, don't care. */ 546 547 /* Not following the C calling convention here, so need asm(). */ 548 __asm__ __volatile__ ( 549 "ldr r0, %[rn] \n\t" 550 "ldr r1, %[rm] \n\t" 551 "msr cpsr_fs, %[cpsr]\n\t" 552 "mov lr, pc \n\t" 553 "mov pc, %[i_fn] \n\t" 554 "str r0, %[rn] \n\t" /* in case of writeback */ 555 "str r2, %[rd0] \n\t" 556 "str r3, %[rd1] \n\t" 557 : [rn] "+m" (regs->uregs[rn]), 558 [rd0] "=m" (regs->uregs[rd]), 559 [rd1] "=m" (regs->uregs[rd+1]) 560 : [rm] "m" (regs->uregs[rm]), 561 [cpsr] "r" (regs->ARM_cpsr), 562 [i_fn] "r" (i_fn) 563 : "r0", "r1", "r2", "r3", "lr", "cc" 564 ); 565} 566 567static void __kprobes emulate_strd(struct kprobe *p, struct pt_regs *regs) 568{ 569 insn_4arg_fn_t *i_fn = (insn_4arg_fn_t *)&p->ainsn.insn[0]; 570 kprobe_opcode_t insn = p->opcode; 571 int rd = (insn >> 12) & 0xf; 572 int rn = (insn >> 16) & 0xf; 573 int rm = insn & 0xf; 574 long rnv = regs->uregs[rn]; 575 long rmv = regs->uregs[rm]; /* rm/rmv may be invalid, don't care. */ 576 577 regs->uregs[rn] = insnslot_4arg_rflags(rnv, rmv, regs->uregs[rd], 578 regs->uregs[rd+1], 579 regs->ARM_cpsr, i_fn); 580} 581 582static void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs) 583{ 584 insn_llret_3arg_fn_t *i_fn = (insn_llret_3arg_fn_t *)&p->ainsn.insn[0]; 585 kprobe_opcode_t insn = p->opcode; 586 long ppc = (long)p->addr + 8; 587 union reg_pair fnr; 588 int rd = (insn >> 12) & 0xf; 589 int rn = (insn >> 16) & 0xf; 590 int rm = insn & 0xf; 591 long rdv; 592 long rnv = (rn == 15) ? ppc : regs->uregs[rn]; 593 long rmv = (rm == 15) ? ppc : regs->uregs[rm]; 594 long cpsr = regs->ARM_cpsr; 595 596 fnr.dr = insnslot_llret_3arg_rflags(rnv, 0, rmv, cpsr, i_fn); 597 regs->uregs[rn] = fnr.r0; /* Save Rn in case of writeback. */ 598 rdv = fnr.r1; 599 600 if (rd == 15) { 601#if __LINUX_ARM_ARCH__ >= 5 602 cpsr &= ~PSR_T_BIT; 603 if (rdv & 0x1) 604 cpsr |= PSR_T_BIT; 605 regs->ARM_cpsr = cpsr; 606 rdv &= ~0x1; 607#else 608 rdv &= ~0x2; 609#endif 610 } 611 regs->uregs[rd] = rdv; 612} 613 614static void __kprobes emulate_str(struct kprobe *p, struct pt_regs *regs) 615{ 616 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0]; 617 kprobe_opcode_t insn = p->opcode; 618 long iaddr = (long)p->addr; 619 int rd = (insn >> 12) & 0xf; 620 int rn = (insn >> 16) & 0xf; 621 int rm = insn & 0xf; 622 long rdv = (rd == 15) ? iaddr + str_pc_offset : regs->uregs[rd]; 623 long rnv = (rn == 15) ? iaddr + 8 : regs->uregs[rn]; 624 long rmv = regs->uregs[rm]; /* rm/rmv may be invalid, don't care. */ 625 626 /* Save Rn in case of writeback. */ 627 regs->uregs[rn] = 628 insnslot_3arg_rflags(rnv, rdv, rmv, regs->ARM_cpsr, i_fn); 629} 630 631static void __kprobes emulate_mrrc(struct kprobe *p, struct pt_regs *regs) 632{ 633 insn_llret_0arg_fn_t *i_fn = (insn_llret_0arg_fn_t *)&p->ainsn.insn[0]; 634 kprobe_opcode_t insn = p->opcode; 635 union reg_pair fnr; 636 int rd = (insn >> 12) & 0xf; 637 int rn = (insn >> 16) & 0xf; 638 639 fnr.dr = insnslot_llret_0arg_rflags(regs->ARM_cpsr, i_fn); 640 regs->uregs[rn] = fnr.r0; 641 regs->uregs[rd] = fnr.r1; 642} 643 644static void __kprobes emulate_mcrr(struct kprobe *p, struct pt_regs *regs) 645{ 646 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0]; 647 kprobe_opcode_t insn = p->opcode; 648 int rd = (insn >> 12) & 0xf; 649 int rn = (insn >> 16) & 0xf; 650 long rnv = regs->uregs[rn]; 651 long rdv = regs->uregs[rd]; 652 653 insnslot_2arg_rflags(rnv, rdv, regs->ARM_cpsr, i_fn); 654} 655 656static void __kprobes emulate_sat(struct kprobe *p, struct pt_regs *regs) 657{ 658 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 659 kprobe_opcode_t insn = p->opcode; 660 int rd = (insn >> 12) & 0xf; 661 int rm = insn & 0xf; 662 long rmv = regs->uregs[rm]; 663 664 /* Writes Q flag */ 665 regs->uregs[rd] = insnslot_1arg_rwflags(rmv, ®s->ARM_cpsr, i_fn); 666} 667 668static void __kprobes emulate_sel(struct kprobe *p, struct pt_regs *regs) 669{ 670 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0]; 671 kprobe_opcode_t insn = p->opcode; 672 int rd = (insn >> 12) & 0xf; 673 int rn = (insn >> 16) & 0xf; 674 int rm = insn & 0xf; 675 long rnv = regs->uregs[rn]; 676 long rmv = regs->uregs[rm]; 677 678 /* Reads GE bits */ 679 regs->uregs[rd] = insnslot_2arg_rflags(rnv, rmv, regs->ARM_cpsr, i_fn); 680} 681 682static void __kprobes emulate_none(struct kprobe *p, struct pt_regs *regs) 683{ 684 insn_0arg_fn_t *i_fn = (insn_0arg_fn_t *)&p->ainsn.insn[0]; 685 686 insnslot_0arg_rflags(regs->ARM_cpsr, i_fn); 687} 688 689static void __kprobes emulate_rd12(struct kprobe *p, struct pt_regs *regs) 690{ 691 insn_0arg_fn_t *i_fn = (insn_0arg_fn_t *)&p->ainsn.insn[0]; 692 kprobe_opcode_t insn = p->opcode; 693 int rd = (insn >> 12) & 0xf; 694 695 regs->uregs[rd] = insnslot_0arg_rflags(regs->ARM_cpsr, i_fn); 696} 697 698static void __kprobes emulate_ird12(struct kprobe *p, struct pt_regs *regs) 699{ 700 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 701 kprobe_opcode_t insn = p->opcode; 702 int ird = (insn >> 12) & 0xf; 703 704 insnslot_1arg_rflags(regs->uregs[ird], regs->ARM_cpsr, i_fn); 705} 706 707static void __kprobes emulate_rn16(struct kprobe *p, struct pt_regs *regs) 708{ 709 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 710 kprobe_opcode_t insn = p->opcode; 711 int rn = (insn >> 16) & 0xf; 712 long rnv = regs->uregs[rn]; 713 714 insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn); 715} 716 717static void __kprobes emulate_rd12rm0(struct kprobe *p, struct pt_regs *regs) 718{ 719 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 720 kprobe_opcode_t insn = p->opcode; 721 int rd = (insn >> 12) & 0xf; 722 int rm = insn & 0xf; 723 long rmv = regs->uregs[rm]; 724 725 regs->uregs[rd] = insnslot_1arg_rflags(rmv, regs->ARM_cpsr, i_fn); 726} 727 728static void __kprobes 729emulate_rd12rn16rm0_rwflags(struct kprobe *p, struct pt_regs *regs) 730{ 731 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0]; 732 kprobe_opcode_t insn = p->opcode; 733 int rd = (insn >> 12) & 0xf; 734 int rn = (insn >> 16) & 0xf; 735 int rm = insn & 0xf; 736 long rnv = regs->uregs[rn]; 737 long rmv = regs->uregs[rm]; 738 739 regs->uregs[rd] = 740 insnslot_2arg_rwflags(rnv, rmv, ®s->ARM_cpsr, i_fn); 741} 742 743static void __kprobes 744emulate_rd16rn12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs) 745{ 746 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0]; 747 kprobe_opcode_t insn = p->opcode; 748 int rd = (insn >> 16) & 0xf; 749 int rn = (insn >> 12) & 0xf; 750 int rs = (insn >> 8) & 0xf; 751 int rm = insn & 0xf; 752 long rnv = regs->uregs[rn]; 753 long rsv = regs->uregs[rs]; 754 long rmv = regs->uregs[rm]; 755 756 regs->uregs[rd] = 757 insnslot_3arg_rwflags(rnv, rsv, rmv, ®s->ARM_cpsr, i_fn); 758} 759 760static void __kprobes 761emulate_rd16rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs) 762{ 763 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0]; 764 kprobe_opcode_t insn = p->opcode; 765 int rd = (insn >> 16) & 0xf; 766 int rs = (insn >> 8) & 0xf; 767 int rm = insn & 0xf; 768 long rsv = regs->uregs[rs]; 769 long rmv = regs->uregs[rm]; 770 771 regs->uregs[rd] = 772 insnslot_2arg_rwflags(rsv, rmv, ®s->ARM_cpsr, i_fn); 773} 774 775static void __kprobes 776emulate_rdhi16rdlo12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs) 777{ 778 insn_llret_4arg_fn_t *i_fn = (insn_llret_4arg_fn_t *)&p->ainsn.insn[0]; 779 kprobe_opcode_t insn = p->opcode; 780 union reg_pair fnr; 781 int rdhi = (insn >> 16) & 0xf; 782 int rdlo = (insn >> 12) & 0xf; 783 int rs = (insn >> 8) & 0xf; 784 int rm = insn & 0xf; 785 long rsv = regs->uregs[rs]; 786 long rmv = regs->uregs[rm]; 787 788 fnr.dr = insnslot_llret_4arg_rwflags(regs->uregs[rdhi], 789 regs->uregs[rdlo], rsv, rmv, 790 ®s->ARM_cpsr, i_fn); 791 regs->uregs[rdhi] = fnr.r0; 792 regs->uregs[rdlo] = fnr.r1; 793} 794 795static void __kprobes 796emulate_alu_imm_rflags(struct kprobe *p, struct pt_regs *regs) 797{ 798 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 799 kprobe_opcode_t insn = p->opcode; 800 int rd = (insn >> 12) & 0xf; 801 int rn = (insn >> 16) & 0xf; 802 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn]; 803 804 regs->uregs[rd] = insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn); 805} 806 807static void __kprobes 808emulate_alu_imm_rwflags(struct kprobe *p, struct pt_regs *regs) 809{ 810 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0]; 811 kprobe_opcode_t insn = p->opcode; 812 int rd = (insn >> 12) & 0xf; 813 int rn = (insn >> 16) & 0xf; 814 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn]; 815 816 regs->uregs[rd] = insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn); 817} 818 819static void __kprobes 820emulate_alu_rflags(struct kprobe *p, struct pt_regs *regs) 821{ 822 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0]; 823 kprobe_opcode_t insn = p->opcode; 824 long ppc = (long)p->addr + 8; 825 int rd = (insn >> 12) & 0xf; 826 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */ 827 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */ 828 int rm = insn & 0xf; 829 long rnv = (rn == 15) ? ppc : regs->uregs[rn]; 830 long rmv = (rm == 15) ? ppc : regs->uregs[rm]; 831 long rsv = regs->uregs[rs]; 832 833 regs->uregs[rd] = 834 insnslot_3arg_rflags(rnv, rmv, rsv, regs->ARM_cpsr, i_fn); 835} 836 837static void __kprobes 838emulate_alu_rwflags(struct kprobe *p, struct pt_regs *regs) 839{ 840 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0]; 841 kprobe_opcode_t insn = p->opcode; 842 long ppc = (long)p->addr + 8; 843 int rd = (insn >> 12) & 0xf; 844 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */ 845 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */ 846 int rm = insn & 0xf; 847 long rnv = (rn == 15) ? ppc : regs->uregs[rn]; 848 long rmv = (rm == 15) ? ppc : regs->uregs[rm]; 849 long rsv = regs->uregs[rs]; 850 851 regs->uregs[rd] = 852 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn); 853} 854 855static enum kprobe_insn __kprobes 856prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi) 857{ 858 int ibit = (insn & (1 << 26)) ? 25 : 22; 859 860 insn &= 0xfff00fff; 861 insn |= 0x00001000; /* Rn = r0, Rd = r1 */ 862 if (insn & (1 << ibit)) { 863 insn &= ~0xf; 864 insn |= 2; /* Rm = r2 */ 865 } 866 asi->insn[0] = insn; 867 asi->insn_handler = (insn & (1 << 20)) ? emulate_ldr : emulate_str; 868 return INSN_GOOD; 869} 870 871static enum kprobe_insn __kprobes 872prep_emulate_rd12rm0(kprobe_opcode_t insn, struct arch_specific_insn *asi) 873{ 874 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */ 875 asi->insn[0] = insn; 876 asi->insn_handler = emulate_rd12rm0; 877 return INSN_GOOD; 878} 879 880static enum kprobe_insn __kprobes 881prep_emulate_rd12(kprobe_opcode_t insn, struct arch_specific_insn *asi) 882{ 883 insn &= 0xffff0fff; /* Rd = r0 */ 884 asi->insn[0] = insn; 885 asi->insn_handler = emulate_rd12; 886 return INSN_GOOD; 887} 888 889static enum kprobe_insn __kprobes 890prep_emulate_rd12rn16rm0_wflags(kprobe_opcode_t insn, 891 struct arch_specific_insn *asi) 892{ 893 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */ 894 insn |= 0x00000001; /* Rm = r1 */ 895 asi->insn[0] = insn; 896 asi->insn_handler = emulate_rd12rn16rm0_rwflags; 897 return INSN_GOOD; 898} 899 900static enum kprobe_insn __kprobes 901prep_emulate_rd16rs8rm0_wflags(kprobe_opcode_t insn, 902 struct arch_specific_insn *asi) 903{ 904 insn &= 0xfff0f0f0; /* Rd = r0, Rs = r0 */ 905 insn |= 0x00000001; /* Rm = r1 */ 906 asi->insn[0] = insn; 907 asi->insn_handler = emulate_rd16rs8rm0_rwflags; 908 return INSN_GOOD; 909} 910 911static enum kprobe_insn __kprobes 912prep_emulate_rd16rn12rs8rm0_wflags(kprobe_opcode_t insn, 913 struct arch_specific_insn *asi) 914{ 915 insn &= 0xfff000f0; /* Rd = r0, Rn = r0 */ 916 insn |= 0x00000102; /* Rs = r1, Rm = r2 */ 917 asi->insn[0] = insn; 918 asi->insn_handler = emulate_rd16rn12rs8rm0_rwflags; 919 return INSN_GOOD; 920} 921 922static enum kprobe_insn __kprobes 923prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn, 924 struct arch_specific_insn *asi) 925{ 926 insn &= 0xfff000f0; /* RdHi = r0, RdLo = r1 */ 927 insn |= 0x00001203; /* Rs = r2, Rm = r3 */ 928 asi->insn[0] = insn; 929 asi->insn_handler = emulate_rdhi16rdlo12rs8rm0_rwflags; 930 return INSN_GOOD; 931} 932 933/* 934 * For the instruction masking and comparisons in all the "space_*" 935 * functions below, Do _not_ rearrange the order of tests unless 936 * you're very, very sure of what you are doing. For the sake of 937 * efficiency, the masks for some tests sometimes assume other test 938 * have been done prior to them so the number of patterns to test 939 * for an instruction set can be as broad as possible to reduce the 940 * number of tests needed. 941 */ 942 943static enum kprobe_insn __kprobes 944space_1111(kprobe_opcode_t insn, struct arch_specific_insn *asi) 945{ 946 if ((insn & 0xfff30020) == 0xf1020000 || 947 (insn & 0xfe500f00) == 0xf8100a00 || 948 (insn & 0xfe5f0f00) == 0xf84d0500) 949 return INSN_REJECTED; 950 951 if ((insn & 0xfd700000) == 0xf4500000) { 952 insn &= 0xfff0ffff; /* Rn = r0 */ 953 asi->insn[0] = insn; 954 asi->insn_handler = emulate_rn16; 955 return INSN_GOOD; 956 } 957 958 if ((insn & 0xfe000000) == 0xfa000000) { 959 asi->insn_handler = simulate_blx1; 960 return INSN_GOOD_NO_SLOT; 961 } 962 963 if ((insn & 0xffff00f0) == 0xf1010000 || 964 (insn & 0xff000010) == 0xfe000000) { 965 asi->insn[0] = insn; 966 asi->insn_handler = emulate_none; 967 return INSN_GOOD; 968 } 969 970 if ((insn & 0xffe00000) == 0xfc400000) { 971 insn &= 0xfff00fff; /* Rn = r0 */ 972 insn |= 0x00001000; /* Rd = r1 */ 973 asi->insn[0] = insn; 974 asi->insn_handler = 975 (insn & (1 << 20)) ? emulate_mrrc : emulate_mcrr; 976 return INSN_GOOD; 977 } 978 979 if ((insn & 0xfe000000) == 0xfc000000) { 980 insn &= 0xfff0ffff; /* Rn = r0 */ 981 asi->insn[0] = insn; 982 asi->insn_handler = emulate_ldcstc; 983 return INSN_GOOD; 984 } 985 986 insn &= 0xffff0fff; /* Rd = r0 */ 987 asi->insn[0] = insn; 988 asi->insn_handler = (insn & (1 << 20)) ? emulate_rd12 : emulate_ird12; 989 return INSN_GOOD; 990} 991 992static enum kprobe_insn __kprobes 993space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 994{ 995 if ((insn & 0x0f900010) == 0x01000000) { 996 997 if ((insn & 0x0ff000f0) == 0x01200020 || 998 (insn & 0x0fb000f0) == 0x01200000) 999 return INSN_REJECTED; 1000 1001 if ((insn & 0x0fb00010) == 0x01000000) 1002 return prep_emulate_rd12(insn, asi); 1003 1004 if ((insn & 0x0ff00090) == 0x01400080) 1005 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi); 1006 1007 if ((insn & 0x0ff000b0) == 0x012000a0 || 1008 (insn & 0x0ff00090) == 0x01600080) 1009 return prep_emulate_rd16rs8rm0_wflags(insn, asi); 1010 1011 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1012 1013 } 1014 1015 else if ((insn & 0x0f900090) == 0x01000010) { 1016 1017 if ((insn & 0xfff000f0) == 0xe1200070) 1018 return INSN_REJECTED; 1019 1020 if ((insn & 0x0ff000d0) == 0x01200010) { 1021 asi->insn[0] = truecc_insn(insn); 1022 asi->insn_handler = simulate_blx2bx; 1023 return INSN_GOOD; 1024 } 1025 1026 if ((insn & 0x0ff000f0) == 0x01600010) 1027 return prep_emulate_rd12rm0(insn, asi); 1028 1029 return prep_emulate_rd12rn16rm0_wflags(insn, asi); 1030 } 1031 1032 else if ((insn & 0x0f000090) == 0x00000090) { 1033 1034 if ((insn & 0x0fe000f0) == 0x00000090) { 1035 return prep_emulate_rd16rs8rm0_wflags(insn, asi); 1036 } else if ((insn & 0x0fe000f0) == 0x00200090) { 1037 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1038 } else { 1039 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi); 1040 } 1041 } 1042 1043 else if ((insn & 0x0e000090) == 0x00000090) { 1044 1045 if ((insn & 0x0fb000f0) == 0x01000090) { 1046 /* SWP/SWPB */ 1047 return prep_emulate_rd12rn16rm0_wflags(insn, asi); 1048 } else if ((insn & 0x0e1000d0) == 0x00000d0) { 1049 /* STRD/LDRD */ 1050 insn &= 0xfff00fff; 1051 insn |= 0x00002000; /* Rn = r0, Rd = r2 */ 1052 if (insn & (1 << 22)) { 1053 /* I bit */ 1054 insn &= ~0xf; 1055 insn |= 1; /* Rm = r1 */ 1056 } 1057 asi->insn[0] = insn; 1058 asi->insn_handler = 1059 (insn & (1 << 5)) ? emulate_strd : emulate_ldrd; 1060 return INSN_GOOD; 1061 } 1062 1063 return prep_emulate_ldr_str(insn, asi); 1064 } 1065 1066 1067 if ((insn & 0x0e10f000) == 0x0010f000) 1068 return INSN_REJECTED; 1069 1070 /* 1071 * "mov ip, sp" is the most common kprobe'd instruction by far. 1072 * Check and optimize for it explicitly. 1073 */ 1074 if (insn == 0xe1a0c00d) { 1075 asi->insn_handler = simulate_mov_ipsp; 1076 return INSN_GOOD_NO_SLOT; 1077 } 1078 1079 insn &= 0xfff00ff0; /* Rn = r0, Rd = r0 */ 1080 insn |= 0x00000001; /* Rm = r1 */ 1081 if (insn & 0x010) { 1082 insn &= 0xfffff0ff; /* register shift */ 1083 insn |= 0x00000200; /* Rs = r2 */ 1084 } 1085 asi->insn[0] = insn; 1086 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */ 1087 emulate_alu_rwflags : emulate_alu_rflags; 1088 return INSN_GOOD; 1089} 1090 1091static enum kprobe_insn __kprobes 1092space_cccc_001x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1093{ 1094 if ((insn & 0x0fb00000) == 0x03200000 || /* MSR */ 1095 (insn & 0x0ff00000) == 0x03400000 || /* Undef */ 1096 (insn & 0x0e10f000) == 0x0210f000) /* ALU s-bit, R15 */ 1097 return INSN_REJECTED; 1098 1099 insn &= 0xffff0fff; /* Rd = r0 */ 1100 asi->insn[0] = insn; 1101 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */ 1102 emulate_alu_imm_rwflags : emulate_alu_imm_rflags; 1103 return INSN_GOOD; 1104} 1105 1106static enum kprobe_insn __kprobes 1107space_cccc_0110__1(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1108{ 1109 if ((insn & 0x0ff000f0) == 0x068000b0) { 1110 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */ 1111 insn |= 0x00000001; /* Rm = r1 */ 1112 asi->insn[0] = insn; 1113 asi->insn_handler = emulate_sel; 1114 return INSN_GOOD; 1115 } 1116 1117 if ((insn & 0x0fa00030) == 0x06a00010 || 1118 (insn & 0x0fb000f0) == 0x06a00030) { 1119 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */ 1120 asi->insn[0] = insn; 1121 asi->insn_handler = emulate_sat; 1122 return INSN_GOOD; 1123 } 1124 1125 if ((insn & 0x0ff00070) == 0x06b00030 || 1126 (insn & 0x0ff000f0) == 0x06f000b0) 1127 return prep_emulate_rd12rm0(insn, asi); 1128 1129 return prep_emulate_rd12rn16rm0_wflags(insn, asi); 1130} 1131 1132static enum kprobe_insn __kprobes 1133space_cccc_0111__1(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1134{ 1135 if ((insn & 0x0ff000f0) == 0x03f000f0) 1136 return INSN_REJECTED; 1137 1138 if ((insn & 0x0ff000f0) == 0x07800010) 1139 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1140 1141 if ((insn & 0x0ff00090) == 0x07400010) 1142 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi); 1143 1144 if ((insn & 0x0ff00090) == 0x07000010 || 1145 (insn & 0x0ff000d0) == 0x07500010 || 1146 (insn & 0x0ff000d0) == 0x075000d0) 1147 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi); 1148 1149 return prep_emulate_rd16rs8rm0_wflags(insn, asi); 1150} 1151 1152static enum kprobe_insn __kprobes 1153space_cccc_01xx(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1154{ 1155 return prep_emulate_ldr_str(insn, asi); 1156} 1157 1158static enum kprobe_insn __kprobes 1159space_cccc_100x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1160{ 1161 if ((insn & 0x0e708000) == 0x85000000 || 1162 (insn & 0x0e508000) == 0x85010000) 1163 return INSN_REJECTED; 1164 1165 asi->insn[0] = truecc_insn(insn); 1166 asi->insn_handler = ((insn & 0x108000) == 0x008000) ? /* STM & R15 */ 1167 simulate_stm1_pc : simulate_ldm1stm1; 1168 return INSN_GOOD; 1169} 1170 1171static enum kprobe_insn __kprobes 1172space_cccc_101x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1173{ 1174 asi->insn[0] = truecc_insn(insn); 1175 asi->insn_handler = simulate_bbl; 1176 return INSN_GOOD; 1177} 1178 1179static enum kprobe_insn __kprobes 1180space_cccc_1100_010x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1181{ 1182 insn &= 0xfff00fff; 1183 insn |= 0x00001000; /* Rn = r0, Rd = r1 */ 1184 asi->insn[0] = insn; 1185 asi->insn_handler = (insn & (1 << 20)) ? emulate_mrrc : emulate_mcrr; 1186 return INSN_GOOD; 1187} 1188 1189static enum kprobe_insn __kprobes 1190space_cccc_110x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1191{ 1192 insn &= 0xfff0ffff; /* Rn = r0 */ 1193 asi->insn[0] = insn; 1194 asi->insn_handler = emulate_ldcstc; 1195 return INSN_GOOD; 1196} 1197 1198static enum kprobe_insn __kprobes 1199space_cccc_111x(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1200{ 1201 if ((insn & 0xfff000f0) == 0xe1200070 || 1202 (insn & 0x0f000000) == 0x0f000000) 1203 return INSN_REJECTED; 1204 1205 if ((insn & 0x0f000010) == 0x0e000000) { 1206 asi->insn[0] = insn; 1207 asi->insn_handler = emulate_none; 1208 return INSN_GOOD; 1209 } 1210 1211 insn &= 0xffff0fff; /* Rd = r0 */ 1212 asi->insn[0] = insn; 1213 asi->insn_handler = (insn & (1 << 20)) ? emulate_rd12 : emulate_ird12; 1214 return INSN_GOOD; 1215} 1216 1217/* Return: 1218 * INSN_REJECTED If instruction is one not allowed to kprobe, 1219 * INSN_GOOD If instruction is supported and uses instruction slot, 1220 * INSN_GOOD_NO_SLOT If instruction is supported but doesn't use its slot. 1221 * 1222 * For instructions we don't want to kprobe (INSN_REJECTED return result): 1223 * These are generally ones that modify the processor state making 1224 * them "hard" to simulate such as switches processor modes or 1225 * make accesses in alternate modes. Any of these could be simulated 1226 * if the work was put into it, but low return considering they 1227 * should also be very rare. 1228 */ 1229enum kprobe_insn __kprobes 1230arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi) 1231{ 1232 asi->insn[1] = KPROBE_RETURN_INSTRUCTION; 1233 1234 if ((insn & 0xf0000000) == 0xf0000000) { 1235 1236 return space_1111(insn, asi); 1237 1238 } else if ((insn & 0x0e000000) == 0x00000000) { 1239 1240 return space_cccc_000x(insn, asi); 1241 1242 } else if ((insn & 0x0e000000) == 0x02000000) { 1243 1244 return space_cccc_001x(insn, asi); 1245 1246 } else if ((insn & 0x0f000010) == 0x06000010) { 1247 1248 return space_cccc_0110__1(insn, asi); 1249 1250 } else if ((insn & 0x0f000010) == 0x07000010) { 1251 1252 return space_cccc_0111__1(insn, asi); 1253 1254 } else if ((insn & 0x0c000000) == 0x04000000) { 1255 1256 return space_cccc_01xx(insn, asi); 1257 1258 } else if ((insn & 0x0e000000) == 0x08000000) { 1259 1260 return space_cccc_100x(insn, asi); 1261 1262 } else if ((insn & 0x0e000000) == 0x0a000000) { 1263 1264 return space_cccc_101x(insn, asi); 1265 1266 } else if ((insn & 0x0fe00000) == 0x0c400000) { 1267 1268 return space_cccc_1100_010x(insn, asi); 1269 1270 } else if ((insn & 0x0e000000) == 0x0c400000) { 1271 1272 return space_cccc_110x(insn, asi); 1273 1274 } 1275 1276 return space_cccc_111x(insn, asi); 1277} 1278 1279void __init arm_kprobe_decode_init(void) 1280{ 1281 find_str_pc_offset(); 1282} 1283 1284 1285/* 1286 * All ARM instructions listed below. 1287 * 1288 * Instructions and their general purpose registers are given. 1289 * If a particular register may not use R15, it is prefixed with a "!". 1290 * If marked with a "*" means the value returned by reading R15 1291 * is implementation defined. 1292 * 1293 * ADC/ADD/AND/BIC/CMN/CMP/EOR/MOV/MVN/ORR/RSB/RSC/SBC/SUB/TEQ 1294 * TST: Rd, Rn, Rm, !Rs 1295 * BX: Rm 1296 * BLX(2): !Rm 1297 * BX: Rm (R15 legal, but discouraged) 1298 * BXJ: !Rm, 1299 * CLZ: !Rd, !Rm 1300 * CPY: Rd, Rm 1301 * LDC/2,STC/2 immediate offset & unindex: Rn 1302 * LDC/2,STC/2 immediate pre/post-indexed: !Rn 1303 * LDM(1/3): !Rn, register_list 1304 * LDM(2): !Rn, !register_list 1305 * LDR,STR,PLD immediate offset: Rd, Rn 1306 * LDR,STR,PLD register offset: Rd, Rn, !Rm 1307 * LDR,STR,PLD scaled register offset: Rd, !Rn, !Rm 1308 * LDR,STR immediate pre/post-indexed: Rd, !Rn 1309 * LDR,STR register pre/post-indexed: Rd, !Rn, !Rm 1310 * LDR,STR scaled register pre/post-indexed: Rd, !Rn, !Rm 1311 * LDRB,STRB immediate offset: !Rd, Rn 1312 * LDRB,STRB register offset: !Rd, Rn, !Rm 1313 * LDRB,STRB scaled register offset: !Rd, !Rn, !Rm 1314 * LDRB,STRB immediate pre/post-indexed: !Rd, !Rn 1315 * LDRB,STRB register pre/post-indexed: !Rd, !Rn, !Rm 1316 * LDRB,STRB scaled register pre/post-indexed: !Rd, !Rn, !Rm 1317 * LDRT,LDRBT,STRBT immediate pre/post-indexed: !Rd, !Rn 1318 * LDRT,LDRBT,STRBT register pre/post-indexed: !Rd, !Rn, !Rm 1319 * LDRT,LDRBT,STRBT scaled register pre/post-indexed: !Rd, !Rn, !Rm 1320 * LDRH/SH/SB/D,STRH/SH/SB/D immediate offset: !Rd, Rn 1321 * LDRH/SH/SB/D,STRH/SH/SB/D register offset: !Rd, Rn, !Rm 1322 * LDRH/SH/SB/D,STRH/SH/SB/D immediate pre/post-indexed: !Rd, !Rn 1323 * LDRH/SH/SB/D,STRH/SH/SB/D register pre/post-indexed: !Rd, !Rn, !Rm 1324 * LDREX: !Rd, !Rn 1325 * MCR/2: !Rd 1326 * MCRR/2,MRRC/2: !Rd, !Rn 1327 * MLA: !Rd, !Rn, !Rm, !Rs 1328 * MOV: Rd 1329 * MRC/2: !Rd (if Rd==15, only changes cond codes, not the register) 1330 * MRS,MSR: !Rd 1331 * MUL: !Rd, !Rm, !Rs 1332 * PKH{BT,TB}: !Rd, !Rn, !Rm 1333 * QDADD,[U]QADD/16/8/SUBX: !Rd, !Rm, !Rn 1334 * QDSUB,[U]QSUB/16/8/ADDX: !Rd, !Rm, !Rn 1335 * REV/16/SH: !Rd, !Rm 1336 * RFE: !Rn 1337 * {S,U}[H]ADD{16,8,SUBX},{S,U}[H]SUB{16,8,ADDX}: !Rd, !Rn, !Rm 1338 * SEL: !Rd, !Rn, !Rm 1339 * SMLA<x><y>,SMLA{D,W<y>},SMLSD,SMML{A,S}: !Rd, !Rn, !Rm, !Rs 1340 * SMLAL<x><y>,SMLA{D,LD},SMLSLD,SMMULL,SMULW<y>: !RdHi, !RdLo, !Rm, !Rs 1341 * SMMUL,SMUAD,SMUL<x><y>,SMUSD: !Rd, !Rm, !Rs 1342 * SSAT/16: !Rd, !Rm 1343 * STM(1/2): !Rn, register_list* (R15 in reg list not recommended) 1344 * STRT immediate pre/post-indexed: Rd*, !Rn 1345 * STRT register pre/post-indexed: Rd*, !Rn, !Rm 1346 * STRT scaled register pre/post-indexed: Rd*, !Rn, !Rm 1347 * STREX: !Rd, !Rn, !Rm 1348 * SWP/B: !Rd, !Rn, !Rm 1349 * {S,U}XTA{B,B16,H}: !Rd, !Rn, !Rm 1350 * {S,U}XT{B,B16,H}: !Rd, !Rm 1351 * UM{AA,LA,UL}L: !RdHi, !RdLo, !Rm, !Rs 1352 * USA{D8,A8,T,T16}: !Rd, !Rm, !Rs 1353 * 1354 * May transfer control by writing R15 (possible mode changes or alternate 1355 * mode accesses marked by "*"): 1356 * ALU op (* with s-bit), B, BL, BKPT, BLX(1/2), BX, BXJ, CPS*, CPY, 1357 * LDM(1), LDM(2/3)*, LDR, MOV, RFE*, SWI* 1358 * 1359 * Instructions that do not take general registers, nor transfer control: 1360 * CDP/2, SETEND, SRS* 1361 */ 1362