1/* arch/sparc64/kernel/kprobes.c
2 *
3 * Copyright (C) 2004 David S. Miller <davem@davemloft.net>
4 */
5
6#include <linux/kernel.h>
7#include <linux/kprobes.h>
8#include <linux/module.h>
9#include <linux/kdebug.h>
10#include <asm/signal.h>
11#include <asm/cacheflush.h>
12#include <asm/uaccess.h>
13
14/* We do not have hardware single-stepping on sparc64.
15 * So we implement software single-stepping with breakpoint
16 * traps.  The top-level scheme is similar to that used
17 * in the x86 kprobes implementation.
18 *
19 * In the kprobe->ainsn.insn[] array we store the original
20 * instruction at index zero and a break instruction at
21 * index one.
22 *
23 * When we hit a kprobe we:
24 * - Run the pre-handler
25 * - Remember "regs->tnpc" and interrupt level stored in
26 *   "regs->tstate" so we can restore them later
27 * - Disable PIL interrupts
28 * - Set regs->tpc to point to kprobe->ainsn.insn[0]
29 * - Set regs->tnpc to point to kprobe->ainsn.insn[1]
30 * - Mark that we are actively in a kprobe
31 *
32 * At this point we wait for the second breakpoint at
33 * kprobe->ainsn.insn[1] to hit.  When it does we:
34 * - Run the post-handler
35 * - Set regs->tpc to "remembered" regs->tnpc stored above,
36 *   restore the PIL interrupt level in "regs->tstate" as well
37 * - Make any adjustments necessary to regs->tnpc in order
38 *   to handle relative branches correctly.  See below.
39 * - Mark that we are no longer actively in a kprobe.
40 */
41
42DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
43DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
44
45int __kprobes arch_prepare_kprobe(struct kprobe *p)
46{
47	p->ainsn.insn[0] = *p->addr;
48	flushi(&p->ainsn.insn[0]);
49
50	p->ainsn.insn[1] = BREAKPOINT_INSTRUCTION_2;
51	flushi(&p->ainsn.insn[1]);
52
53	p->opcode = *p->addr;
54	return 0;
55}
56
57void __kprobes arch_arm_kprobe(struct kprobe *p)
58{
59	*p->addr = BREAKPOINT_INSTRUCTION;
60	flushi(p->addr);
61}
62
63void __kprobes arch_disarm_kprobe(struct kprobe *p)
64{
65	*p->addr = p->opcode;
66	flushi(p->addr);
67}
68
69static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
70{
71	kcb->prev_kprobe.kp = kprobe_running();
72	kcb->prev_kprobe.status = kcb->kprobe_status;
73	kcb->prev_kprobe.orig_tnpc = kcb->kprobe_orig_tnpc;
74	kcb->prev_kprobe.orig_tstate_pil = kcb->kprobe_orig_tstate_pil;
75}
76
77static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
78{
79	__get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
80	kcb->kprobe_status = kcb->prev_kprobe.status;
81	kcb->kprobe_orig_tnpc = kcb->prev_kprobe.orig_tnpc;
82	kcb->kprobe_orig_tstate_pil = kcb->prev_kprobe.orig_tstate_pil;
83}
84
85static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
86				struct kprobe_ctlblk *kcb)
87{
88	__get_cpu_var(current_kprobe) = p;
89	kcb->kprobe_orig_tnpc = regs->tnpc;
90	kcb->kprobe_orig_tstate_pil = (regs->tstate & TSTATE_PIL);
91}
92
93static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs,
94			struct kprobe_ctlblk *kcb)
95{
96	regs->tstate |= TSTATE_PIL;
97
98	/*single step inline, if it a breakpoint instruction*/
99	if (p->opcode == BREAKPOINT_INSTRUCTION) {
100		regs->tpc = (unsigned long) p->addr;
101		regs->tnpc = kcb->kprobe_orig_tnpc;
102	} else {
103		regs->tpc = (unsigned long) &p->ainsn.insn[0];
104		regs->tnpc = (unsigned long) &p->ainsn.insn[1];
105	}
106}
107
108static int __kprobes kprobe_handler(struct pt_regs *regs)
109{
110	struct kprobe *p;
111	void *addr = (void *) regs->tpc;
112	int ret = 0;
113	struct kprobe_ctlblk *kcb;
114
115	/*
116	 * We don't want to be preempted for the entire
117	 * duration of kprobe processing
118	 */
119	preempt_disable();
120	kcb = get_kprobe_ctlblk();
121
122	if (kprobe_running()) {
123		p = get_kprobe(addr);
124		if (p) {
125			if (kcb->kprobe_status == KPROBE_HIT_SS) {
126				regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
127					kcb->kprobe_orig_tstate_pil);
128				goto no_kprobe;
129			}
130			/* We have reentered the kprobe_handler(), since
131			 * another probe was hit while within the handler.
132			 * We here save the original kprobes variables and
133			 * just single step on the instruction of the new probe
134			 * without calling any user handlers.
135			 */
136			save_previous_kprobe(kcb);
137			set_current_kprobe(p, regs, kcb);
138			kprobes_inc_nmissed_count(p);
139			kcb->kprobe_status = KPROBE_REENTER;
140			prepare_singlestep(p, regs, kcb);
141			return 1;
142		} else {
143			if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
144			/* The breakpoint instruction was removed by
145			 * another cpu right after we hit, no further
146			 * handling of this interrupt is appropriate
147			 */
148				ret = 1;
149				goto no_kprobe;
150			}
151			p = __get_cpu_var(current_kprobe);
152			if (p->break_handler && p->break_handler(p, regs))
153				goto ss_probe;
154		}
155		goto no_kprobe;
156	}
157
158	p = get_kprobe(addr);
159	if (!p) {
160		if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
161			/*
162			 * The breakpoint instruction was removed right
163			 * after we hit it.  Another cpu has removed
164			 * either a probepoint or a debugger breakpoint
165			 * at this address.  In either case, no further
166			 * handling of this interrupt is appropriate.
167			 */
168			ret = 1;
169		}
170		/* Not one of ours: let kernel handle it */
171		goto no_kprobe;
172	}
173
174	set_current_kprobe(p, regs, kcb);
175	kcb->kprobe_status = KPROBE_HIT_ACTIVE;
176	if (p->pre_handler && p->pre_handler(p, regs))
177		return 1;
178
179ss_probe:
180	prepare_singlestep(p, regs, kcb);
181	kcb->kprobe_status = KPROBE_HIT_SS;
182	return 1;
183
184no_kprobe:
185	preempt_enable_no_resched();
186	return ret;
187}
188
189/* If INSN is a relative control transfer instruction,
190 * return the corrected branch destination value.
191 *
192 * regs->tpc and regs->tnpc still hold the values of the
193 * program counters at the time of trap due to the execution
194 * of the BREAKPOINT_INSTRUCTION_2 at p->ainsn.insn[1]
195 *
196 */
197static unsigned long __kprobes relbranch_fixup(u32 insn, struct kprobe *p,
198					       struct pt_regs *regs)
199{
200	unsigned long real_pc = (unsigned long) p->addr;
201
202	/* Branch not taken, no mods necessary.  */
203	if (regs->tnpc == regs->tpc + 0x4UL)
204		return real_pc + 0x8UL;
205
206	/* The three cases are call, branch w/prediction,
207	 * and traditional branch.
208	 */
209	if ((insn & 0xc0000000) == 0x40000000 ||
210	    (insn & 0xc1c00000) == 0x00400000 ||
211	    (insn & 0xc1c00000) == 0x00800000) {
212		unsigned long ainsn_addr;
213
214		ainsn_addr = (unsigned long) &p->ainsn.insn[0];
215
216		/* The instruction did all the work for us
217		 * already, just apply the offset to the correct
218		 * instruction location.
219		 */
220		return (real_pc + (regs->tnpc - ainsn_addr));
221	}
222
223	/* It is jmpl or some other absolute PC modification instruction,
224	 * leave NPC as-is.
225	 */
226	return regs->tnpc;
227}
228
229/* If INSN is an instruction which writes it's PC location
230 * into a destination register, fix that up.
231 */
232static void __kprobes retpc_fixup(struct pt_regs *regs, u32 insn,
233				  unsigned long real_pc)
234{
235	unsigned long *slot = NULL;
236
237	/* Simplest case is 'call', which always uses %o7 */
238	if ((insn & 0xc0000000) == 0x40000000) {
239		slot = &regs->u_regs[UREG_I7];
240	}
241
242	/* 'jmpl' encodes the register inside of the opcode */
243	if ((insn & 0xc1f80000) == 0x81c00000) {
244		unsigned long rd = ((insn >> 25) & 0x1f);
245
246		if (rd <= 15) {
247			slot = &regs->u_regs[rd];
248		} else {
249			/* Hard case, it goes onto the stack. */
250			flushw_all();
251
252			rd -= 16;
253			slot = (unsigned long *)
254				(regs->u_regs[UREG_FP] + STACK_BIAS);
255			slot += rd;
256		}
257	}
258	if (slot != NULL)
259		*slot = real_pc;
260}
261
262/*
263 * Called after single-stepping.  p->addr is the address of the
264 * instruction which has been replaced by the breakpoint
265 * instruction.  To avoid the SMP problems that can occur when we
266 * temporarily put back the original opcode to single-step, we
267 * single-stepped a copy of the instruction.  The address of this
268 * copy is &p->ainsn.insn[0].
269 *
270 * This function prepares to return from the post-single-step
271 * breakpoint trap.
272 */
273static void __kprobes resume_execution(struct kprobe *p,
274		struct pt_regs *regs, struct kprobe_ctlblk *kcb)
275{
276	u32 insn = p->ainsn.insn[0];
277
278	regs->tnpc = relbranch_fixup(insn, p, regs);
279
280	/* This assignment must occur after relbranch_fixup() */
281	regs->tpc = kcb->kprobe_orig_tnpc;
282
283	retpc_fixup(regs, insn, (unsigned long) p->addr);
284
285	regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
286			kcb->kprobe_orig_tstate_pil);
287}
288
289static int __kprobes post_kprobe_handler(struct pt_regs *regs)
290{
291	struct kprobe *cur = kprobe_running();
292	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
293
294	if (!cur)
295		return 0;
296
297	if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
298		kcb->kprobe_status = KPROBE_HIT_SSDONE;
299		cur->post_handler(cur, regs, 0);
300	}
301
302	resume_execution(cur, regs, kcb);
303
304	/*Restore back the original saved kprobes variables and continue. */
305	if (kcb->kprobe_status == KPROBE_REENTER) {
306		restore_previous_kprobe(kcb);
307		goto out;
308	}
309	reset_current_kprobe();
310out:
311	preempt_enable_no_resched();
312
313	return 1;
314}
315
316int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
317{
318	struct kprobe *cur = kprobe_running();
319	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
320	const struct exception_table_entry *entry;
321
322	switch(kcb->kprobe_status) {
323	case KPROBE_HIT_SS:
324	case KPROBE_REENTER:
325		/*
326		 * We are here because the instruction being single
327		 * stepped caused a page fault. We reset the current
328		 * kprobe and the tpc points back to the probe address
329		 * and allow the page fault handler to continue as a
330		 * normal page fault.
331		 */
332		regs->tpc = (unsigned long)cur->addr;
333		regs->tnpc = kcb->kprobe_orig_tnpc;
334		regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
335				kcb->kprobe_orig_tstate_pil);
336		if (kcb->kprobe_status == KPROBE_REENTER)
337			restore_previous_kprobe(kcb);
338		else
339			reset_current_kprobe();
340		preempt_enable_no_resched();
341		break;
342	case KPROBE_HIT_ACTIVE:
343	case KPROBE_HIT_SSDONE:
344		/*
345		 * We increment the nmissed count for accounting,
346		 * we can also use npre/npostfault count for accouting
347		 * these specific fault cases.
348		 */
349		kprobes_inc_nmissed_count(cur);
350
351		/*
352		 * We come here because instructions in the pre/post
353		 * handler caused the page_fault, this could happen
354		 * if handler tries to access user space by
355		 * copy_from_user(), get_user() etc. Let the
356		 * user-specified handler try to fix it first.
357		 */
358		if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
359			return 1;
360
361		/*
362		 * In case the user-specified fault handler returned
363		 * zero, try to fix up.
364		 */
365
366		entry = search_exception_tables(regs->tpc);
367		if (entry) {
368			regs->tpc = entry->fixup;
369			regs->tnpc = regs->tpc + 4;
370			return 1;
371		}
372
373		/*
374		 * fixup_exception() could not handle it,
375		 * Let do_page_fault() fix it.
376		 */
377		break;
378	default:
379		break;
380	}
381
382	return 0;
383}
384
385/*
386 * Wrapper routine to for handling exceptions.
387 */
388int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
389				       unsigned long val, void *data)
390{
391	struct die_args *args = (struct die_args *)data;
392	int ret = NOTIFY_DONE;
393
394	if (args->regs && user_mode(args->regs))
395		return ret;
396
397	switch (val) {
398	case DIE_DEBUG:
399		if (kprobe_handler(args->regs))
400			ret = NOTIFY_STOP;
401		break;
402	case DIE_DEBUG_2:
403		if (post_kprobe_handler(args->regs))
404			ret = NOTIFY_STOP;
405		break;
406	default:
407		break;
408	}
409	return ret;
410}
411
412asmlinkage void __kprobes kprobe_trap(unsigned long trap_level,
413				      struct pt_regs *regs)
414{
415	BUG_ON(trap_level != 0x170 && trap_level != 0x171);
416
417	if (user_mode(regs)) {
418		local_irq_enable();
419		bad_trap(regs, trap_level);
420		return;
421	}
422
423	/* trap_level == 0x170 --> ta 0x70
424	 * trap_level == 0x171 --> ta 0x71
425	 */
426	if (notify_die((trap_level == 0x170) ? DIE_DEBUG : DIE_DEBUG_2,
427		       (trap_level == 0x170) ? "debug" : "debug_2",
428		       regs, 0, trap_level, SIGTRAP) != NOTIFY_STOP)
429		bad_trap(regs, trap_level);
430}
431
432/* Jprobes support.  */
433int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
434{
435	struct jprobe *jp = container_of(p, struct jprobe, kp);
436	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
437
438	memcpy(&(kcb->jprobe_saved_regs), regs, sizeof(*regs));
439
440	regs->tpc  = (unsigned long) jp->entry;
441	regs->tnpc = ((unsigned long) jp->entry) + 0x4UL;
442	regs->tstate |= TSTATE_PIL;
443
444	return 1;
445}
446
447void __kprobes jprobe_return(void)
448{
449	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
450	register unsigned long orig_fp asm("g1");
451
452	orig_fp = kcb->jprobe_saved_regs.u_regs[UREG_FP];
453	__asm__ __volatile__("\n"
454"1:	cmp		%%sp, %0\n\t"
455	"blu,a,pt	%%xcc, 1b\n\t"
456	" restore\n\t"
457	".globl		jprobe_return_trap_instruction\n"
458"jprobe_return_trap_instruction:\n\t"
459	"ta		0x70"
460	: /* no outputs */
461	: "r" (orig_fp));
462}
463
464extern void jprobe_return_trap_instruction(void);
465
466extern void __show_regs(struct pt_regs * regs);
467
468int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
469{
470	u32 *addr = (u32 *) regs->tpc;
471	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
472
473	if (addr == (u32 *) jprobe_return_trap_instruction) {
474		memcpy(regs, &(kcb->jprobe_saved_regs), sizeof(*regs));
475		preempt_enable_no_resched();
476		return 1;
477	}
478	return 0;
479}
480
481/* architecture specific initialization */
482int arch_init_kprobes(void)
483{
484	return 0;
485}
486