Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_msm8996 / 3f92dfed6a9a5f490128c8e7cc6a64dfe412994f / . / arch / arm / kernel / kprobes-common.c
blob: 3a3e765d2090bbf4c7b93d8f012ef902f9126247 [file] [log] [blame]
Jon Medhurst0ab4c022011-07-06 11:25:18 +0100[diff] [blame]1/*
2 * arch/arm/kernel/kprobes-common.c
3 *
4 * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
5 *
Jon Medhurst6c8df332011-07-07 10:21:40 +0100[diff] [blame]6 * Some contents moved here from arch/arm/include/asm/kprobes-arm.c which is
7 * Copyright (C) 2006, 2007 Motorola Inc.
8 *
Jon Medhurst0ab4c022011-07-06 11:25:18 +0100[diff] [blame]9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14#include <linux/kernel.h>
15#include <linux/kprobes.h>
16
17#include "kprobes.h"
18
19
Jon Medhurstaea49022011-07-07 19:58:29 +0100[diff] [blame]20#ifndef find_str_pc_offset
21
Jon Medhurst6c8df332011-07-07 10:21:40 +0100[diff] [blame]22/*
23 * For STR and STM instructions, an ARM core may choose to use either
24 * a +8 or a +12 displacement from the current instruction's address.
25 * Whichever value is chosen for a given core, it must be the same for
26 * both instructions and may not change. This function measures it.
27 */
28
29int str_pc_offset;
30
31void __init find_str_pc_offset(void)
32{
33 int addr, scratch, ret;
34
35 __asm__ (
36 "sub %[ret], pc, #4 \n\t"
37 "str pc, %[addr] \n\t"
38 "ldr %[scr], %[addr] \n\t"
39 "sub %[ret], %[scr], %[ret] \n\t"
40 : [ret] "=r" (ret), [scr] "=r" (scratch), [addr] "+m" (addr));
41
42 str_pc_offset = ret;
43}
44
Jon Medhurstaea49022011-07-07 19:58:29 +0100[diff] [blame]45#endif /* !find_str_pc_offset */
46
Jon Medhurst6c8df332011-07-07 10:21:40 +0100[diff] [blame]47
48void __init arm_kprobe_decode_init(void)
49{
50 find_str_pc_offset();
51}
52
53
Jon Medhurst0ab4c022011-07-06 11:25:18 +0100[diff] [blame]54static unsigned long __kprobes __check_eq(unsigned long cpsr)
55{
56 return cpsr & PSR_Z_BIT;
57}
58
59static unsigned long __kprobes __check_ne(unsigned long cpsr)
60{
61 return (~cpsr) & PSR_Z_BIT;
62}
63
64static unsigned long __kprobes __check_cs(unsigned long cpsr)
65{
66 return cpsr & PSR_C_BIT;
67}
68
69static unsigned long __kprobes __check_cc(unsigned long cpsr)
70{
71 return (~cpsr) & PSR_C_BIT;
72}
73
74static unsigned long __kprobes __check_mi(unsigned long cpsr)
75{
76 return cpsr & PSR_N_BIT;
77}
78
79static unsigned long __kprobes __check_pl(unsigned long cpsr)
80{
81 return (~cpsr) & PSR_N_BIT;
82}
83
84static unsigned long __kprobes __check_vs(unsigned long cpsr)
85{
86 return cpsr & PSR_V_BIT;
87}
88
89static unsigned long __kprobes __check_vc(unsigned long cpsr)
90{
91 return (~cpsr) & PSR_V_BIT;
92}
93
94static unsigned long __kprobes __check_hi(unsigned long cpsr)
95{
96 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
97 return cpsr & PSR_C_BIT;
98}
99
100static unsigned long __kprobes __check_ls(unsigned long cpsr)
101{
102 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
103 return (~cpsr) & PSR_C_BIT;
104}
105
106static unsigned long __kprobes __check_ge(unsigned long cpsr)
107{
108 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
109 return (~cpsr) & PSR_N_BIT;
110}
111
112static unsigned long __kprobes __check_lt(unsigned long cpsr)
113{
114 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
115 return cpsr & PSR_N_BIT;
116}
117
118static unsigned long __kprobes __check_gt(unsigned long cpsr)
119{
120 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
121 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
122 return (~temp) & PSR_N_BIT;
123}
124
125static unsigned long __kprobes __check_le(unsigned long cpsr)
126{
127 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
128 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
129 return temp & PSR_N_BIT;
130}
131
132static unsigned long __kprobes __check_al(unsigned long cpsr)
133{
134 return true;
135}
136
137kprobe_check_cc * const kprobe_condition_checks[16] = {
138 &__check_eq, &__check_ne, &__check_cs, &__check_cc,
139 &__check_mi, &__check_pl, &__check_vs, &__check_vc,
140 &__check_hi, &__check_ls, &__check_ge, &__check_lt,
141 &__check_gt, &__check_le, &__check_al, &__check_al
142};
Jon Medhurst0d1a0952011-04-26 15:15:56 +0100[diff] [blame]143
144
Jon Medhurst3f92dfe2011-07-02 15:36:32 +0100[diff] [blame^]145void __kprobes kprobe_simulate_nop(struct kprobe *p, struct pt_regs *regs)
146{
147}
148
149void __kprobes kprobe_emulate_none(struct kprobe *p, struct pt_regs *regs)
150{
151 p->ainsn.insn_fn();
152}
153
Jon Medhurst0d1a0952011-04-26 15:15:56 +0100[diff] [blame]154/*
155 * Prepare an instruction slot to receive an instruction for emulating.
156 * This is done by placing a subroutine return after the location where the
157 * instruction will be placed. We also modify ARM instructions to be
158 * unconditional as the condition code will already be checked before any
159 * emulation handler is called.
160 */
161static kprobe_opcode_t __kprobes
162prepare_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
163 bool thumb)
164{
165#ifdef CONFIG_THUMB2_KERNEL
166 if (thumb) {
167 u16 *thumb_insn = (u16 *)asi->insn;
168 thumb_insn[1] = 0x4770; /* Thumb bx lr */
169 thumb_insn[2] = 0x4770; /* Thumb bx lr */
170 return insn;
171 }
172 asi->insn[1] = 0xe12fff1e; /* ARM bx lr */
173#else
174 asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */
175#endif
176 /* Make an ARM instruction unconditional */
177 if (insn < 0xe0000000)
178 insn = (insn | 0xe0000000) & ~0x10000000;
179 return insn;
180}
181
182/*
183 * Write a (probably modified) instruction into the slot previously prepared by
184 * prepare_emulated_insn
185 */
186static void __kprobes
187set_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
188 bool thumb)
189{
190#ifdef CONFIG_THUMB2_KERNEL
191 if (thumb) {
192 u16 *ip = (u16 *)asi->insn;
193 if (is_wide_instruction(insn))
194 *ip++ = insn >> 16;
195 *ip++ = insn;
196 return;
197 }
198#endif
199 asi->insn[0] = insn;
200}
201
202/*
203 * When we modify the register numbers encoded in an instruction to be emulated,
204 * the new values come from this define. For ARM and 32-bit Thumb instructions
205 * this gives...
206 *
207 * bit position 16 12 8 4 0
208 * ---------------+---+---+---+---+---+
209 * register r2 r0 r1 -- r3
210 */
211#define INSN_NEW_BITS 0x00020103
212
213/* Each nibble has same value as that at INSN_NEW_BITS bit 16 */
214#define INSN_SAMEAS16_BITS 0x22222222
215
216/*
217 * Validate and modify each of the registers encoded in an instruction.
218 *
219 * Each nibble in regs contains a value from enum decode_reg_type. For each
220 * non-zero value, the corresponding nibble in pinsn is validated and modified
221 * according to the type.
222 */
223static bool __kprobes decode_regs(kprobe_opcode_t* pinsn, u32 regs)
224{
225 kprobe_opcode_t insn = *pinsn;
226 kprobe_opcode_t mask = 0xf; /* Start at least significant nibble */
227
228 for (; regs != 0; regs >>= 4, mask <<= 4) {
229
230 kprobe_opcode_t new_bits = INSN_NEW_BITS;
231
232 switch (regs & 0xf) {
233
234 case REG_TYPE_NONE:
235 /* Nibble not a register, skip to next */
236 continue;
237
238 case REG_TYPE_ANY:
239 /* Any register is allowed */
240 break;
241
242 case REG_TYPE_SAMEAS16:
243 /* Replace register with same as at bit position 16 */
244 new_bits = INSN_SAMEAS16_BITS;
245 break;
246
247 case REG_TYPE_SP:
248 /* Only allow SP (R13) */
249 if ((insn ^ 0xdddddddd) & mask)
250 goto reject;
251 break;
252
253 case REG_TYPE_PC:
254 /* Only allow PC (R15) */
255 if ((insn ^ 0xffffffff) & mask)
256 goto reject;
257 break;
258
259 case REG_TYPE_NOSP:
260 /* Reject SP (R13) */
261 if (((insn ^ 0xdddddddd) & mask) == 0)
262 goto reject;
263 break;
264
265 case REG_TYPE_NOSPPC:
266 case REG_TYPE_NOSPPCX:
267 /* Reject SP and PC (R13 and R15) */
268 if (((insn ^ 0xdddddddd) & 0xdddddddd & mask) == 0)
269 goto reject;
270 break;
271
272 case REG_TYPE_NOPCWB:
273 if (!is_writeback(insn))
274 break; /* No writeback, so any register is OK */
275 /* fall through... */
276 case REG_TYPE_NOPC:
277 case REG_TYPE_NOPCX:
278 /* Reject PC (R15) */
279 if (((insn ^ 0xffffffff) & mask) == 0)
280 goto reject;
281 break;
282 }
283
284 /* Replace value of nibble with new register number... */
285 insn &= ~mask;
286 insn |= new_bits & mask;
287 }
288
289 *pinsn = insn;
290 return true;
291
292reject:
293 return false;
294}
295
296static const int decode_struct_sizes[NUM_DECODE_TYPES] = {
297 [DECODE_TYPE_TABLE] = sizeof(struct decode_table),
298 [DECODE_TYPE_CUSTOM] = sizeof(struct decode_custom),
299 [DECODE_TYPE_SIMULATE] = sizeof(struct decode_simulate),
300 [DECODE_TYPE_EMULATE] = sizeof(struct decode_emulate),
301 [DECODE_TYPE_OR] = sizeof(struct decode_or),
302 [DECODE_TYPE_REJECT] = sizeof(struct decode_reject)
303};
304
305/*
306 * kprobe_decode_insn operates on data tables in order to decode an ARM
307 * architecture instruction onto which a kprobe has been placed.
308 *
309 * These instruction decoding tables are a concatenation of entries each
310 * of which consist of one of the following structs:
311 *
312 * decode_table
313 * decode_custom
314 * decode_simulate
315 * decode_emulate
316 * decode_or
317 * decode_reject
318 *
319 * Each of these starts with a struct decode_header which has the following
320 * fields:
321 *
322 * type_regs
323 * mask
324 * value
325 *
326 * The least significant DECODE_TYPE_BITS of type_regs contains a value
327 * from enum decode_type, this indicates which of the decode_* structs
328 * the entry contains. The value DECODE_TYPE_END indicates the end of the
329 * table.
330 *
331 * When the table is parsed, each entry is checked in turn to see if it
332 * matches the instruction to be decoded using the test:
333 *
334 * (insn & mask) == value
335 *
336 * If no match is found before the end of the table is reached then decoding
337 * fails with INSN_REJECTED.
338 *
339 * When a match is found, decode_regs() is called to validate and modify each
340 * of the registers encoded in the instruction; the data it uses to do this
341 * is (type_regs >> DECODE_TYPE_BITS). A validation failure will cause decoding
342 * to fail with INSN_REJECTED.
343 *
344 * Once the instruction has passed the above tests, further processing
345 * depends on the type of the table entry's decode struct.
346 *
347 */
348int __kprobes
349kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
350 const union decode_item *table, bool thumb)
351{
352 const struct decode_header *h = (struct decode_header *)table;
353 const struct decode_header *next;
354 bool matched = false;
355
356 insn = prepare_emulated_insn(insn, asi, thumb);
357
358 for (;; h = next) {
359 enum decode_type type = h->type_regs.bits & DECODE_TYPE_MASK;
360 u32 regs = h->type_regs.bits >> DECODE_TYPE_BITS;
361
362 if (type == DECODE_TYPE_END)
363 return INSN_REJECTED;
364
365 next = (struct decode_header *)
366 ((uintptr_t)h + decode_struct_sizes[type]);
367
368 if (!matched && (insn & h->mask.bits) != h->value.bits)
369 continue;
370
371 if (!decode_regs(&insn, regs))
372 return INSN_REJECTED;
373
374 switch (type) {
375
376 case DECODE_TYPE_TABLE: {
377 struct decode_table *d = (struct decode_table *)h;
378 next = (struct decode_header *)d->table.table;
379 break;
380 }
381
382 case DECODE_TYPE_CUSTOM: {
383 struct decode_custom *d = (struct decode_custom *)h;
384 return (*d->decoder.decoder)(insn, asi);
385 }
386
387 case DECODE_TYPE_SIMULATE: {
388 struct decode_simulate *d = (struct decode_simulate *)h;
389 asi->insn_handler = d->handler.handler;
390 return INSN_GOOD_NO_SLOT;
391 }
392
393 case DECODE_TYPE_EMULATE: {
394 struct decode_emulate *d = (struct decode_emulate *)h;
395 asi->insn_handler = d->handler.handler;
396 set_emulated_insn(insn, asi, thumb);
397 return INSN_GOOD;
398 }
399
400 case DECODE_TYPE_OR:
401 matched = true;
402 break;
403
404 case DECODE_TYPE_REJECT:
405 default:
406 return INSN_REJECTED;
407 }
408 }
409 }