1/*
  2 * arch/tile/kernel/kprobes.c
  3 * Kprobes on TILE-Gx
  4 *
  5 * Some portions copied from the MIPS version.
  6 *
  7 * Copyright (C) IBM Corporation, 2002, 2004
  8 * Copyright 2006 Sony Corp.
  9 * Copyright 2010 Cavium Networks
 10 *
 11 * Copyright 2012 Tilera Corporation. All Rights Reserved.
 12 *
 13 *   This program is free software; you can redistribute it and/or
 14 *   modify it under the terms of the GNU General Public License
 15 *   as published by the Free Software Foundation, version 2.
 16 *
 17 *   This program is distributed in the hope that it will be useful, but
 18 *   WITHOUT ANY WARRANTY; without even the implied warranty of
 19 *   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
 20 *   NON INFRINGEMENT.  See the GNU General Public License for
 21 *   more details.
 22 */
 23
 24#include <linux/kprobes.h>
 25#include <linux/kdebug.h>
 26#include <linux/module.h>
 27#include <linux/slab.h>
 28#include <linux/uaccess.h>
 29#include <asm/cacheflush.h>
 30
 31#include <arch/opcode.h>
 32
 33DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
 34DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
 35
 36tile_bundle_bits breakpoint_insn = TILEGX_BPT_BUNDLE;
 37tile_bundle_bits breakpoint2_insn = TILEGX_BPT_BUNDLE | DIE_SSTEPBP;
 38
 39/*
 40 * Check whether instruction is branch or jump, or if executing it
 41 * has different results depending on where it is executed (e.g. lnk).
 42 */
 43static int __kprobes insn_has_control(kprobe_opcode_t insn)
 44{
 45	if (get_Mode(insn) != 0) {   /* Y-format bundle */
 46		if (get_Opcode_Y1(insn) != RRR_1_OPCODE_Y1 ||
 47		    get_RRROpcodeExtension_Y1(insn) != UNARY_RRR_1_OPCODE_Y1)
 48			return 0;
 49
 50		switch (get_UnaryOpcodeExtension_Y1(insn)) {
 51		case JALRP_UNARY_OPCODE_Y1:
 52		case JALR_UNARY_OPCODE_Y1:
 53		case JRP_UNARY_OPCODE_Y1:
 54		case JR_UNARY_OPCODE_Y1:
 55		case LNK_UNARY_OPCODE_Y1:
 56			return 1;
 57		default:
 58			return 0;
 59		}
 60	}
 61
 62	switch (get_Opcode_X1(insn)) {
 63	case BRANCH_OPCODE_X1:	/* branch instructions */
 64	case JUMP_OPCODE_X1:	/* jump instructions: j and jal */
 65		return 1;
 66
 67	case RRR_0_OPCODE_X1:   /* other jump instructions */
 68		if (get_RRROpcodeExtension_X1(insn) != UNARY_RRR_0_OPCODE_X1)
 69			return 0;
 70		switch (get_UnaryOpcodeExtension_X1(insn)) {
 71		case JALRP_UNARY_OPCODE_X1:
 72		case JALR_UNARY_OPCODE_X1:
 73		case JRP_UNARY_OPCODE_X1:
 74		case JR_UNARY_OPCODE_X1:
 75		case LNK_UNARY_OPCODE_X1:
 76			return 1;
 77		default:
 78			return 0;
 79		}
 80	default:
 81		return 0;
 82	}
 83}
 84
 85int __kprobes arch_prepare_kprobe(struct kprobe *p)
 86{
 87	unsigned long addr = (unsigned long)p->addr;
 88
 89	if (addr & (sizeof(kprobe_opcode_t) - 1))
 90		return -EINVAL;
 91
 92	if (insn_has_control(*p->addr)) {
 93		pr_notice("Kprobes for control instructions are not "
 94			  "supported\n");
 95		return -EINVAL;
 96	}
 97
 98	/* insn: must be on special executable page on tile. */
 99	p->ainsn.insn = get_insn_slot();
100	if (!p->ainsn.insn)
101		return -ENOMEM;
102
103	/*
104	 * In the kprobe->ainsn.insn[] array we store the original
105	 * instruction at index zero and a break trap instruction at
106	 * index one.
107	 */
108	memcpy(&p->ainsn.insn[0], p->addr, sizeof(kprobe_opcode_t));
109	p->ainsn.insn[1] = breakpoint2_insn;
110	p->opcode = *p->addr;
111
112	return 0;
113}
114
115void __kprobes arch_arm_kprobe(struct kprobe *p)
116{
117	unsigned long addr_wr;
118
119	/* Operate on writable kernel text mapping. */
120	addr_wr = (unsigned long)p->addr - MEM_SV_START + PAGE_OFFSET;
121
122	if (probe_kernel_write((void *)addr_wr, &breakpoint_insn,
123		sizeof(breakpoint_insn)))
124		pr_err("%s: failed to enable kprobe\n", __func__);
125
126	smp_wmb();
127	flush_insn_slot(p);
128}
129
130void __kprobes arch_disarm_kprobe(struct kprobe *kp)
131{
132	unsigned long addr_wr;
133
134	/* Operate on writable kernel text mapping. */
135	addr_wr = (unsigned long)kp->addr - MEM_SV_START + PAGE_OFFSET;
136
137	if (probe_kernel_write((void *)addr_wr, &kp->opcode,
138		sizeof(kp->opcode)))
139		pr_err("%s: failed to enable kprobe\n", __func__);
140
141	smp_wmb();
142	flush_insn_slot(kp);
143}
144
145void __kprobes arch_remove_kprobe(struct kprobe *p)
146{
147	if (p->ainsn.insn) {
148		free_insn_slot(p->ainsn.insn, 0);
149		p->ainsn.insn = NULL;
150	}
151}
152
153static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
154{
155	kcb->prev_kprobe.kp = kprobe_running();
156	kcb->prev_kprobe.status = kcb->kprobe_status;
157	kcb->prev_kprobe.saved_pc = kcb->kprobe_saved_pc;
158}
159
160static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
161{
162	__this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
163	kcb->kprobe_status = kcb->prev_kprobe.status;
164	kcb->kprobe_saved_pc = kcb->prev_kprobe.saved_pc;
165}
166
167static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
168			struct kprobe_ctlblk *kcb)
169{
170	__this_cpu_write(current_kprobe, p);
171	kcb->kprobe_saved_pc = regs->pc;
172}
173
174static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
175{
176	/* Single step inline if the instruction is a break. */
177	if (p->opcode == breakpoint_insn ||
178	    p->opcode == breakpoint2_insn)
179		regs->pc = (unsigned long)p->addr;
180	else
181		regs->pc = (unsigned long)&p->ainsn.insn[0];
182}
183
184static int __kprobes kprobe_handler(struct pt_regs *regs)
185{
186	struct kprobe *p;
187	int ret = 0;
188	kprobe_opcode_t *addr;
189	struct kprobe_ctlblk *kcb;
190
191	addr = (kprobe_opcode_t *)regs->pc;
192
193	/*
194	 * We don't want to be preempted for the entire
195	 * duration of kprobe processing.
196	 */
197	preempt_disable();
198	kcb = get_kprobe_ctlblk();
199
200	/* Check we're not actually recursing. */
201	if (kprobe_running()) {
202		p = get_kprobe(addr);
203		if (p) {
204			if (kcb->kprobe_status == KPROBE_HIT_SS &&
205			    p->ainsn.insn[0] == breakpoint_insn) {
206				goto no_kprobe;
207			}
208			/*
209			 * We have reentered the kprobe_handler(), since
210			 * another probe was hit while within the handler.
211			 * We here save the original kprobes variables and
212			 * just single step on the instruction of the new probe
213			 * without calling any user handlers.
214			 */
215			save_previous_kprobe(kcb);
216			set_current_kprobe(p, regs, kcb);
217			kprobes_inc_nmissed_count(p);
218			prepare_singlestep(p, regs);
219			kcb->kprobe_status = KPROBE_REENTER;
220			return 1;
221		} else {
222			if (*addr != breakpoint_insn) {
223				/*
224				 * The breakpoint instruction was removed by
225				 * another cpu right after we hit, no further
226				 * handling of this interrupt is appropriate.
227				 */
228				ret = 1;
229				goto no_kprobe;
230			}
231			p = __this_cpu_read(current_kprobe);
232			if (p->break_handler && p->break_handler(p, regs))
233				goto ss_probe;
234		}
235		goto no_kprobe;
236	}
237
238	p = get_kprobe(addr);
239	if (!p) {
240		if (*addr != breakpoint_insn) {
241			/*
242			 * The breakpoint instruction was removed right
243			 * after we hit it.  Another cpu has removed
244			 * either a probepoint or a debugger breakpoint
245			 * at this address.  In either case, no further
246			 * handling of this interrupt is appropriate.
247			 */
248			ret = 1;
249		}
250		/* Not one of ours: let kernel handle it. */
251		goto no_kprobe;
252	}
253
254	set_current_kprobe(p, regs, kcb);
255	kcb->kprobe_status = KPROBE_HIT_ACTIVE;
256
257	if (p->pre_handler && p->pre_handler(p, regs)) {
258		/* Handler has already set things up, so skip ss setup. */
259		return 1;
260	}
261
262ss_probe:
263	prepare_singlestep(p, regs);
264	kcb->kprobe_status = KPROBE_HIT_SS;
265	return 1;
266
267no_kprobe:
268	preempt_enable_no_resched();
269	return ret;
270}
271
272/*
273 * Called after single-stepping.  p->addr is the address of the
274 * instruction that has been replaced by the breakpoint. To avoid the
275 * SMP problems that can occur when we temporarily put back the
276 * original opcode to single-step, we single-stepped a copy of the
277 * instruction.  The address of this copy is p->ainsn.insn.
278 *
279 * This function prepares to return from the post-single-step
280 * breakpoint trap.
281 */
282static void __kprobes resume_execution(struct kprobe *p,
283				       struct pt_regs *regs,
284				       struct kprobe_ctlblk *kcb)
285{
286	unsigned long orig_pc = kcb->kprobe_saved_pc;
287	regs->pc = orig_pc + 8;
288}
289
290static inline int post_kprobe_handler(struct pt_regs *regs)
291{
292	struct kprobe *cur = kprobe_running();
293	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
294
295	if (!cur)
296		return 0;
297
298	if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
299		kcb->kprobe_status = KPROBE_HIT_SSDONE;
300		cur->post_handler(cur, regs, 0);
301	}
302
303	resume_execution(cur, regs, kcb);
304
305	/* Restore back the original saved kprobes variables and continue. */
306	if (kcb->kprobe_status == KPROBE_REENTER) {
307		restore_previous_kprobe(kcb);
308		goto out;
309	}
310	reset_current_kprobe();
311out:
312	preempt_enable_no_resched();
313
314	return 1;
315}
316
317static inline int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
318{
319	struct kprobe *cur = kprobe_running();
320	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
321
322	if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
323		return 1;
324
325	if (kcb->kprobe_status & KPROBE_HIT_SS) {
326		/*
327		 * We are here because the instruction being single
328		 * stepped caused a page fault. We reset the current
329		 * kprobe and the ip points back to the probe address
330		 * and allow the page fault handler to continue as a
331		 * normal page fault.
332		 */
333		resume_execution(cur, regs, kcb);
334		reset_current_kprobe();
335		preempt_enable_no_resched();
336	}
337	return 0;
338}
339
340/*
341 * Wrapper routine for handling exceptions.
342 */
343int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
344				       unsigned long val, void *data)
345{
346	struct die_args *args = (struct die_args *)data;
347	int ret = NOTIFY_DONE;
348
349	switch (val) {
350	case DIE_BREAK:
351		if (kprobe_handler(args->regs))
352			ret = NOTIFY_STOP;
353		break;
354	case DIE_SSTEPBP:
355		if (post_kprobe_handler(args->regs))
356			ret = NOTIFY_STOP;
357		break;
358	case DIE_PAGE_FAULT:
359		/* kprobe_running() needs smp_processor_id(). */
360		preempt_disable();
361
362		if (kprobe_running()
363		    && kprobe_fault_handler(args->regs, args->trapnr))
364			ret = NOTIFY_STOP;
365		preempt_enable();
366		break;
367	default:
368		break;
369	}
370	return ret;
371}
372
373int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
374{
375	struct jprobe *jp = container_of(p, struct jprobe, kp);
376	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
377
378	kcb->jprobe_saved_regs = *regs;
379	kcb->jprobe_saved_sp = regs->sp;
380
381	memcpy(kcb->jprobes_stack, (void *)kcb->jprobe_saved_sp,
382	       MIN_JPROBES_STACK_SIZE(kcb->jprobe_saved_sp));
383
384	regs->pc = (unsigned long)(jp->entry);
385
386	return 1;
387}
388
389/* Defined in the inline asm below. */
390void jprobe_return_end(void);
391
392void __kprobes jprobe_return(void)
393{
394	asm volatile(
395		"bpt\n\t"
396		".globl jprobe_return_end\n"
397		"jprobe_return_end:\n");
398}
399
400int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
401{
402	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
403
404	if (regs->pc >= (unsigned long)jprobe_return &&
405	    regs->pc <= (unsigned long)jprobe_return_end) {
406		*regs = kcb->jprobe_saved_regs;
407		memcpy((void *)kcb->jprobe_saved_sp, kcb->jprobes_stack,
408		       MIN_JPROBES_STACK_SIZE(kcb->jprobe_saved_sp));
409		preempt_enable_no_resched();
410
411		return 1;
412	}
413	return 0;
414}
415
416/*
417 * Function return probe trampoline:
418 * - init_kprobes() establishes a probepoint here
419 * - When the probed function returns, this probe causes the
420 *   handlers to fire
421 */
422static void __used kretprobe_trampoline_holder(void)
423{
424	asm volatile(
425		"nop\n\t"
426		".global kretprobe_trampoline\n"
427		"kretprobe_trampoline:\n\t"
428		"nop\n\t"
429		: : : "memory");
430}
431
432void kretprobe_trampoline(void);
433
434void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
435				      struct pt_regs *regs)
436{
437	ri->ret_addr = (kprobe_opcode_t *) regs->lr;
438
439	/* Replace the return addr with trampoline addr */
440	regs->lr = (unsigned long)kretprobe_trampoline;
441}
442
443/*
444 * Called when the probe at kretprobe trampoline is hit.
445 */
446static int __kprobes trampoline_probe_handler(struct kprobe *p,
447						struct pt_regs *regs)
448{
449	struct kretprobe_instance *ri = NULL;
450	struct hlist_head *head, empty_rp;
451	struct hlist_node *tmp;
452	unsigned long flags, orig_ret_address = 0;
453	unsigned long trampoline_address = (unsigned long)kretprobe_trampoline;
454
455	INIT_HLIST_HEAD(&empty_rp);
456	kretprobe_hash_lock(current, &head, &flags);
457
458	/*
459	 * It is possible to have multiple instances associated with a given
460	 * task either because multiple functions in the call path have
461	 * a return probe installed on them, and/or more than one return
462	 * return probe was registered for a target function.
463	 *
464	 * We can handle this because:
465	 *     - instances are always inserted at the head of the list
466	 *     - when multiple return probes are registered for the same
467	 *       function, the first instance's ret_addr will point to the
468	 *       real return address, and all the rest will point to
469	 *       kretprobe_trampoline
470	 */
471	hlist_for_each_entry_safe(ri, tmp, head, hlist) {
472		if (ri->task != current)
473			/* another task is sharing our hash bucket */
474			continue;
475
476		if (ri->rp && ri->rp->handler)
477			ri->rp->handler(ri, regs);
478
479		orig_ret_address = (unsigned long)ri->ret_addr;
480		recycle_rp_inst(ri, &empty_rp);
481
482		if (orig_ret_address != trampoline_address) {
483			/*
484			 * This is the real return address. Any other
485			 * instances associated with this task are for
486			 * other calls deeper on the call stack
487			 */
488			break;
489		}
490	}
491
492	kretprobe_assert(ri, orig_ret_address, trampoline_address);
493	instruction_pointer(regs) = orig_ret_address;
494
495	reset_current_kprobe();
496	kretprobe_hash_unlock(current, &flags);
497	preempt_enable_no_resched();
498
499	hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
500		hlist_del(&ri->hlist);
501		kfree(ri);
502	}
503	/*
504	 * By returning a non-zero value, we are telling
505	 * kprobe_handler() that we don't want the post_handler
506	 * to run (and have re-enabled preemption)
507	 */
508	return 1;
509}
510
511int __kprobes arch_trampoline_kprobe(struct kprobe *p)
512{
513	if (p->addr == (kprobe_opcode_t *)kretprobe_trampoline)
514		return 1;
515
516	return 0;
517}
518
519static struct kprobe trampoline_p = {
520	.addr = (kprobe_opcode_t *)kretprobe_trampoline,
521	.pre_handler = trampoline_probe_handler
522};
523
524int __init arch_init_kprobes(void)
525{
526	register_kprobe(&trampoline_p);
527	return 0;
528}