search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'timers-clockevents-for-linus' of git://git.kernel.org/pub/scm/linux...
[linux-2.6.git] / arch / mips / kernel / kprobes.c
blobee28683fc2acbb7168d437702f2f0fdf453a4a3d
1 /*
2 * Kernel Probes (KProbes)
3 * arch/mips/kernel/kprobes.c
4 *
5 * Copyright 2006 Sony Corp.
6 * Copyright 2010 Cavium Networks
7 *
8 * Some portions copied from the powerpc version.
9 *
10 * Copyright (C) IBM Corporation, 2002, 2004
11 *
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; version 2 of the License.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24 */
25
26 #include <linux/kprobes.h>
27 #include <linux/preempt.h>
28 #include <linux/kdebug.h>
29 #include <linux/slab.h>
30
31 #include <asm/ptrace.h>
32 #include <asm/break.h>
33 #include <asm/inst.h>
34
35 static const union mips_instruction breakpoint_insn = {
36 .b_format = {
37 .opcode = spec_op,
38 .code = BRK_KPROBE_BP,
39 .func = break_op
40 }
41 };
42
43 static const union mips_instruction breakpoint2_insn = {
44 .b_format = {
45 .opcode = spec_op,
46 .code = BRK_KPROBE_SSTEPBP,
47 .func = break_op
48 }
49 };
50
51 DEFINE_PER_CPU(struct kprobe *, current_kprobe);
52 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
53
54 static int __kprobes insn_has_delayslot(union mips_instruction insn)
55 {
56 switch (insn.i_format.opcode) {
57
58 /*
59 * This group contains:
60 * jr and jalr are in r_format format.
61 */
62 case spec_op:
63 switch (insn.r_format.func) {
64 case jr_op:
65 case jalr_op:
66 break;
67 default:
68 goto insn_ok;
69 }
70
71 /*
72 * This group contains:
73 * bltz_op, bgez_op, bltzl_op, bgezl_op,
74 * bltzal_op, bgezal_op, bltzall_op, bgezall_op.
75 */
76 case bcond_op:
77
78 /*
79 * These are unconditional and in j_format.
80 */
81 case jal_op:
82 case j_op:
83
84 /*
85 * These are conditional and in i_format.
86 */
87 case beq_op:
88 case beql_op:
89 case bne_op:
90 case bnel_op:
91 case blez_op:
92 case blezl_op:
93 case bgtz_op:
94 case bgtzl_op:
95
96 /*
97 * These are the FPA/cp1 branch instructions.
98 */
99 case cop1_op:
100
101 #ifdef CONFIG_CPU_CAVIUM_OCTEON
102 case lwc2_op: /* This is bbit0 on Octeon */
103 case ldc2_op: /* This is bbit032 on Octeon */
104 case swc2_op: /* This is bbit1 on Octeon */
105 case sdc2_op: /* This is bbit132 on Octeon */
106 #endif
107 return 1;
108 default:
109 break;
110 }
111 insn_ok:
112 return 0;
113 }
114
115 int __kprobes arch_prepare_kprobe(struct kprobe *p)
116 {
117 union mips_instruction insn;
118 union mips_instruction prev_insn;
119 int ret = 0;
120
121 prev_insn = p->addr[-1];
122 insn = p->addr[0];
123
124 if (insn_has_delayslot(insn) || insn_has_delayslot(prev_insn)) {
125 pr_notice("Kprobes for branch and jump instructions are not supported\n");
126 ret = -EINVAL;
127 goto out;
128 }
129
130 /* insn: must be on special executable page on mips. */
131 p->ainsn.insn = get_insn_slot();
132 if (!p->ainsn.insn) {
133 ret = -ENOMEM;
134 goto out;
135 }
136
137 /*
138 * In the kprobe->ainsn.insn[] array we store the original
139 * instruction at index zero and a break trap instruction at
140 * index one.
141 */
142
143 memcpy(&p->ainsn.insn[0], p->addr, sizeof(kprobe_opcode_t));
144 p->ainsn.insn[1] = breakpoint2_insn;
145 p->opcode = *p->addr;
146
147 out:
148 return ret;
149 }
150
151 void __kprobes arch_arm_kprobe(struct kprobe *p)
152 {
153 *p->addr = breakpoint_insn;
154 flush_insn_slot(p);
155 }
156
157 void __kprobes arch_disarm_kprobe(struct kprobe *p)
158 {
159 *p->addr = p->opcode;
160 flush_insn_slot(p);
161 }
162
163 void __kprobes arch_remove_kprobe(struct kprobe *p)
164 {
165 free_insn_slot(p->ainsn.insn, 0);
166 }
167
168 static void save_previous_kprobe(struct kprobe_ctlblk *kcb)
169 {
170 kcb->prev_kprobe.kp = kprobe_running();
171 kcb->prev_kprobe.status = kcb->kprobe_status;
172 kcb->prev_kprobe.old_SR = kcb->kprobe_old_SR;
173 kcb->prev_kprobe.saved_SR = kcb->kprobe_saved_SR;
174 kcb->prev_kprobe.saved_epc = kcb->kprobe_saved_epc;
175 }
176
177 static void restore_previous_kprobe(struct kprobe_ctlblk *kcb)
178 {
179 __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
180 kcb->kprobe_status = kcb->prev_kprobe.status;
181 kcb->kprobe_old_SR = kcb->prev_kprobe.old_SR;
182 kcb->kprobe_saved_SR = kcb->prev_kprobe.saved_SR;
183 kcb->kprobe_saved_epc = kcb->prev_kprobe.saved_epc;
184 }
185
186 static void set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
187 struct kprobe_ctlblk *kcb)
188 {
189 __get_cpu_var(current_kprobe) = p;
190 kcb->kprobe_saved_SR = kcb->kprobe_old_SR = (regs->cp0_status & ST0_IE);
191 kcb->kprobe_saved_epc = regs->cp0_epc;
192 }
193
194 static void prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
195 {
196 regs->cp0_status &= ~ST0_IE;
197
198 /* single step inline if the instruction is a break */
199 if (p->opcode.word == breakpoint_insn.word ||
200 p->opcode.word == breakpoint2_insn.word)
201 regs->cp0_epc = (unsigned long)p->addr;
202 else
203 regs->cp0_epc = (unsigned long)&p->ainsn.insn[0];
204 }
205
206 static int __kprobes kprobe_handler(struct pt_regs *regs)
207 {
208 struct kprobe *p;
209 int ret = 0;
210 kprobe_opcode_t *addr;
211 struct kprobe_ctlblk *kcb;
212
213 addr = (kprobe_opcode_t *) regs->cp0_epc;
214
215 /*
216 * We don't want to be preempted for the entire
217 * duration of kprobe processing
218 */
219 preempt_disable();
220 kcb = get_kprobe_ctlblk();
221
222 /* Check we're not actually recursing */
223 if (kprobe_running()) {
224 p = get_kprobe(addr);
225 if (p) {
226 if (kcb->kprobe_status == KPROBE_HIT_SS &&
227 p->ainsn.insn->word == breakpoint_insn.word) {
228 regs->cp0_status &= ~ST0_IE;
229 regs->cp0_status |= kcb->kprobe_saved_SR;
230 goto no_kprobe;
231 }
232 /*
233 * We have reentered the kprobe_handler(), since
234 * another probe was hit while within the handler.
235 * We here save the original kprobes variables and
236 * just single step on the instruction of the new probe
237 * without calling any user handlers.
238 */
239 save_previous_kprobe(kcb);
240 set_current_kprobe(p, regs, kcb);
241 kprobes_inc_nmissed_count(p);
242 prepare_singlestep(p, regs);
243 kcb->kprobe_status = KPROBE_REENTER;
244 return 1;
245 } else {
246 if (addr->word != breakpoint_insn.word) {
247 /*
248 * The breakpoint instruction was removed by
249 * another cpu right after we hit, no further
250 * handling of this interrupt is appropriate
251 */
252 ret = 1;
253 goto no_kprobe;
254 }
255 p = __get_cpu_var(current_kprobe);
256 if (p->break_handler && p->break_handler(p, regs))
257 goto ss_probe;
258 }
259 goto no_kprobe;
260 }
261
262 p = get_kprobe(addr);
263 if (!p) {
264 if (addr->word != breakpoint_insn.word) {
265 /*
266 * The breakpoint instruction was removed right
267 * after we hit it. Another cpu has removed
268 * either a probepoint or a debugger breakpoint
269 * at this address. In either case, no further
270 * handling of this interrupt is appropriate.
271 */
272 ret = 1;
273 }
274 /* Not one of ours: let kernel handle it */
275 goto no_kprobe;
276 }
277
278 set_current_kprobe(p, regs, kcb);
279 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
280
281 if (p->pre_handler && p->pre_handler(p, regs)) {
282 /* handler has already set things up, so skip ss setup */
283 return 1;
284 }
285
286 ss_probe:
287 prepare_singlestep(p, regs);
288 kcb->kprobe_status = KPROBE_HIT_SS;
289 return 1;
290
291 no_kprobe:
292 preempt_enable_no_resched();
293 return ret;
294
295 }
296
297 /*
298 * Called after single-stepping. p->addr is the address of the
299 * instruction whose first byte has been replaced by the "break 0"
300 * instruction. To avoid the SMP problems that can occur when we
301 * temporarily put back the original opcode to single-step, we
302 * single-stepped a copy of the instruction. The address of this
303 * copy is p->ainsn.insn.
304 *
305 * This function prepares to return from the post-single-step
306 * breakpoint trap.
307 */
308 static void __kprobes resume_execution(struct kprobe *p,
309 struct pt_regs *regs,
310 struct kprobe_ctlblk *kcb)
311 {
312 unsigned long orig_epc = kcb->kprobe_saved_epc;
313 regs->cp0_epc = orig_epc + 4;
314 }
315
316 static inline int post_kprobe_handler(struct pt_regs *regs)
317 {
318 struct kprobe *cur = kprobe_running();
319 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
320
321 if (!cur)
322 return 0;
323
324 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
325 kcb->kprobe_status = KPROBE_HIT_SSDONE;
326 cur->post_handler(cur, regs, 0);
327 }
328
329 resume_execution(cur, regs, kcb);
330
331 regs->cp0_status |= kcb->kprobe_saved_SR;
332
333 /* Restore back the original saved kprobes variables and continue. */
334 if (kcb->kprobe_status == KPROBE_REENTER) {
335 restore_previous_kprobe(kcb);
336 goto out;
337 }
338 reset_current_kprobe();
339 out:
340 preempt_enable_no_resched();
341
342 return 1;
343 }
344
345 static inline int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
346 {
347 struct kprobe *cur = kprobe_running();
348 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
349
350 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
351 return 1;
352
353 if (kcb->kprobe_status & KPROBE_HIT_SS) {
354 resume_execution(cur, regs, kcb);
355 regs->cp0_status |= kcb->kprobe_old_SR;
356
357 reset_current_kprobe();
358 preempt_enable_no_resched();
359 }
360 return 0;
361 }
362
363 /*
364 * Wrapper routine for handling exceptions.
365 */
366 int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
367 unsigned long val, void *data)
368 {
369
370 struct die_args *args = (struct die_args *)data;
371 int ret = NOTIFY_DONE;
372
373 switch (val) {
374 case DIE_BREAK:
375 if (kprobe_handler(args->regs))
376 ret = NOTIFY_STOP;
377 break;
378 case DIE_SSTEPBP:
379 if (post_kprobe_handler(args->regs))
380 ret = NOTIFY_STOP;
381 break;
382
383 case DIE_PAGE_FAULT:
384 /* kprobe_running() needs smp_processor_id() */
385 preempt_disable();
386
387 if (kprobe_running()
388 && kprobe_fault_handler(args->regs, args->trapnr))
389 ret = NOTIFY_STOP;
390 preempt_enable();
391 break;
392 default:
393 break;
394 }
395 return ret;
396 }
397
398 int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
399 {
400 struct jprobe *jp = container_of(p, struct jprobe, kp);
401 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
402
403 kcb->jprobe_saved_regs = *regs;
404 kcb->jprobe_saved_sp = regs->regs[29];
405
406 memcpy(kcb->jprobes_stack, (void *)kcb->jprobe_saved_sp,
407 MIN_JPROBES_STACK_SIZE(kcb->jprobe_saved_sp));
408
409 regs->cp0_epc = (unsigned long)(jp->entry);
410
411 return 1;
412 }
413
414 /* Defined in the inline asm below. */
415 void jprobe_return_end(void);
416
417 void __kprobes jprobe_return(void)
418 {
419 /* Assembler quirk necessitates this '0,code' business. */
420 asm volatile(
421 "break 0,%0\n\t"
422 ".globl jprobe_return_end\n"
423 "jprobe_return_end:\n"
424 : : "n" (BRK_KPROBE_BP) : "memory");
425 }
426
427 int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
428 {
429 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
430
431 if (regs->cp0_epc >= (unsigned long)jprobe_return &&
432 regs->cp0_epc <= (unsigned long)jprobe_return_end) {
433 *regs = kcb->jprobe_saved_regs;
434 memcpy((void *)kcb->jprobe_saved_sp, kcb->jprobes_stack,
435 MIN_JPROBES_STACK_SIZE(kcb->jprobe_saved_sp));
436 preempt_enable_no_resched();
437
438 return 1;
439 }
440 return 0;
441 }
442
443 /*
444 * Function return probe trampoline:
445 * - init_kprobes() establishes a probepoint here
446 * - When the probed function returns, this probe causes the
447 * handlers to fire
448 */
449 static void __used kretprobe_trampoline_holder(void)
450 {
451 asm volatile(
452 ".set push\n\t"
453 /* Keep the assembler from reordering and placing JR here. */
454 ".set noreorder\n\t"
455 "nop\n\t"
456 ".global kretprobe_trampoline\n"
457 "kretprobe_trampoline:\n\t"
458 "nop\n\t"
459 ".set pop"
460 : : : "memory");
461 }
462
463 void kretprobe_trampoline(void);
464
465 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
466 struct pt_regs *regs)
467 {
468 ri->ret_addr = (kprobe_opcode_t *) regs->regs[31];
469
470 /* Replace the return addr with trampoline addr */
471 regs->regs[31] = (unsigned long)kretprobe_trampoline;
472 }
473
474 /*
475 * Called when the probe at kretprobe trampoline is hit
476 */
477 static int __kprobes trampoline_probe_handler(struct kprobe *p,
478 struct pt_regs *regs)
479 {
480 struct kretprobe_instance *ri = NULL;
481 struct hlist_head *head, empty_rp;
482 struct hlist_node *node, *tmp;
483 unsigned long flags, orig_ret_address = 0;
484 unsigned long trampoline_address = (unsigned long)kretprobe_trampoline;
485
486 INIT_HLIST_HEAD(&empty_rp);
487 kretprobe_hash_lock(current, &head, &flags);
488
489 /*
490 * It is possible to have multiple instances associated with a given
491 * task either because an multiple functions in the call path
492 * have a return probe installed on them, and/or more than one return
493 * return probe was registered for a target function.
494 *
495 * We can handle this because:
496 * - instances are always inserted at the head of the list
497 * - when multiple return probes are registered for the same
498 * function, the first instance's ret_addr will point to the
499 * real return address, and all the rest will point to
500 * kretprobe_trampoline
501 */
502 hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
503 if (ri->task != current)
504 /* another task is sharing our hash bucket */
505 continue;
506
507 if (ri->rp && ri->rp->handler)
508 ri->rp->handler(ri, regs);
509
510 orig_ret_address = (unsigned long)ri->ret_addr;
511 recycle_rp_inst(ri, &empty_rp);
512
513 if (orig_ret_address != trampoline_address)
514 /*
515 * This is the real return address. Any other
516 * instances associated with this task are for
517 * other calls deeper on the call stack
518 */
519 break;
520 }
521
522 kretprobe_assert(ri, orig_ret_address, trampoline_address);
523 instruction_pointer(regs) = orig_ret_address;
524
525 reset_current_kprobe();
526 kretprobe_hash_unlock(current, &flags);
527 preempt_enable_no_resched();
528
529 hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
530 hlist_del(&ri->hlist);
531 kfree(ri);
532 }
533 /*
534 * By returning a non-zero value, we are telling
535 * kprobe_handler() that we don't want the post_handler
536 * to run (and have re-enabled preemption)
537 */
538 return 1;
539 }
540
541 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
542 {
543 if (p->addr == (kprobe_opcode_t *)kretprobe_trampoline)
544 return 1;
545
546 return 0;
547 }
548
549 static struct kprobe trampoline_p = {
550 .addr = (kprobe_opcode_t *)kretprobe_trampoline,
551 .pre_handler = trampoline_probe_handler
552 };
553
554 int __init arch_init_kprobes(void)
555 {
556 return register_kprobe(&trampoline_p);
557 }
Linus' kernel tree