1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3 * arch/arm/probes/decode.h
4 *
5 * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
6 *
7 * Some contents moved here from arch/arm/include/asm/kprobes.h which is
8 * Copyright (C) 2006, 2007 Motorola Inc.
9 */
10
11 #ifndef _ARM_KERNEL_PROBES_H
12 #define _ARM_KERNEL_PROBES_H
13
14 #include <linux/types.h>
15 #include <linux/stddef.h>
16 #include <asm/probes.h>
17 #include <asm/kprobes.h>
18
19 void __init arm_probes_decode_init(void);
20
21 extern probes_check_cc * const probes_condition_checks[16];
22
23 #if __LINUX_ARM_ARCH__ >= 7
24
25 /* str_pc_offset is architecturally defined from ARMv7 onwards */
26 #define str_pc_offset 8
27 #define find_str_pc_offset()
28
29 #else /* __LINUX_ARM_ARCH__ < 7 */
30
31 /* We need a run-time check to determine str_pc_offset */
32 extern int str_pc_offset;
33 void __init find_str_pc_offset(void);
34
35 #endif
36
37
38 /*
39 * Update ITSTATE after normal execution of an IT block instruction.
40 *
41 * The 8 IT state bits are split into two parts in CPSR:
42 * ITSTATE<1:0> are in CPSR<26:25>
43 * ITSTATE<7:2> are in CPSR<15:10>
44 */
45 static inline unsigned long it_advance(unsigned long cpsr)
46 {
47 if ((cpsr & 0x06000400) == 0) {
48 /* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */
49 cpsr &= ~PSR_IT_MASK;
50 } else {
51 /* We need to shift left ITSTATE<4:0> */
52 const unsigned long mask = 0x06001c00; /* Mask ITSTATE<4:0> */
53 unsigned long it = cpsr & mask;
54 it <<= 1;
55 it |= it >> (27 - 10); /* Carry ITSTATE<2> to correct place */
56 it &= mask;
57 cpsr &= ~mask;
58 cpsr |= it;
59 }
60 return cpsr;
61 }
62
63 static inline void __kprobes bx_write_pc(long pcv, struct pt_regs *regs)
64 {
65 long cpsr = regs->ARM_cpsr;
66 if (pcv & 0x1) {
67 cpsr |= PSR_T_BIT;
68 pcv &= ~0x1;
69 } else {
70 cpsr &= ~PSR_T_BIT;
71 pcv &= ~0x2; /* Avoid UNPREDICTABLE address allignment */
72 }
73 regs->ARM_cpsr = cpsr;
74 regs->ARM_pc = pcv;
75 }
76
77
78 #if __LINUX_ARM_ARCH__ >= 6
79
80 /* Kernels built for >= ARMv6 should never run on <= ARMv5 hardware, so... */
81 #define load_write_pc_interworks true
82 #define test_load_write_pc_interworking()
83
84 #else /* __LINUX_ARM_ARCH__ < 6 */
85
86 /* We need run-time testing to determine if load_write_pc() should interwork. */
87 extern bool load_write_pc_interworks;
88 void __init test_load_write_pc_interworking(void);
89
90 #endif
91
92 static inline void __kprobes load_write_pc(long pcv, struct pt_regs *regs)
93 {
94 if (load_write_pc_interworks)
95 bx_write_pc(pcv, regs);
96 else
97 regs->ARM_pc = pcv;
98 }
99
100
101 #if __LINUX_ARM_ARCH__ >= 7
102
103 #define alu_write_pc_interworks true
104 #define test_alu_write_pc_interworking()
105
106 #elif __LINUX_ARM_ARCH__ <= 5
107
108 /* Kernels built for <= ARMv5 should never run on >= ARMv6 hardware, so... */
109 #define alu_write_pc_interworks false
110 #define test_alu_write_pc_interworking()
111
112 #else /* __LINUX_ARM_ARCH__ == 6 */
113
114 /* We could be an ARMv6 binary on ARMv7 hardware so we need a run-time check. */
115 extern bool alu_write_pc_interworks;
116 void __init test_alu_write_pc_interworking(void);
117
118 #endif /* __LINUX_ARM_ARCH__ == 6 */
119
120 static inline void __kprobes alu_write_pc(long pcv, struct pt_regs *regs)
121 {
122 if (alu_write_pc_interworks)
123 bx_write_pc(pcv, regs);
124 else
125 regs->ARM_pc = pcv;
126 }
127
128
129 /*
130 * Test if load/store instructions writeback the address register.
131 * if P (bit 24) == 0 or W (bit 21) == 1
132 */
133 #define is_writeback(insn) ((insn ^ 0x01000000) & 0x01200000)
134
135 /*
136 * The following definitions and macros are used to build instruction
137 * decoding tables for use by probes_decode_insn.
138 *
139 * These tables are a concatenation of entries each of which consist of one of
140 * the decode_* structs. All of the fields in every type of decode structure
141 * are of the union type decode_item, therefore the entire decode table can be
142 * viewed as an array of these and declared like:
143 *
144 * static const union decode_item table_name[] = {};
145 *
146 * In order to construct each entry in the table, macros are used to
147 * initialise a number of sequential decode_item values in a layout which
148 * matches the relevant struct. E.g. DECODE_SIMULATE initialise a struct
149 * decode_simulate by initialising four decode_item objects like this...
150 *
151 * {.bits = _type},
152 * {.bits = _mask},
153 * {.bits = _value},
154 * {.action = _handler},
155 *
156 * Initialising a specified member of the union means that the compiler
157 * will produce a warning if the argument is of an incorrect type.
158 *
159 * Below is a list of each of the macros used to initialise entries and a
160 * description of the action performed when that entry is matched to an
161 * instruction. A match is found when (instruction & mask) == value.
162 *
163 * DECODE_TABLE(mask, value, table)
164 * Instruction decoding jumps to parsing the new sub-table 'table'.
165 *
166 * DECODE_CUSTOM(mask, value, decoder)
167 * The value of 'decoder' is used as an index into the array of
168 * action functions, and the retrieved decoder function is invoked
169 * to complete decoding of the instruction.
170 *
171 * DECODE_SIMULATE(mask, value, handler)
172 * The probes instruction handler is set to the value found by
173 * indexing into the action array using the value of 'handler'. This
174 * will be used to simulate the instruction when the probe is hit.
175 * Decoding returns with INSN_GOOD_NO_SLOT.
176 *
177 * DECODE_EMULATE(mask, value, handler)
178 * The probes instruction handler is set to the value found by
179 * indexing into the action array using the value of 'handler'. This
180 * will be used to emulate the instruction when the probe is hit. The
181 * modified instruction (see below) is placed in the probes instruction
182 * slot so it may be called by the emulation code. Decoding returns
183 * with INSN_GOOD.
184 *
185 * DECODE_REJECT(mask, value)
186 * Instruction decoding fails with INSN_REJECTED
187 *
188 * DECODE_OR(mask, value)
189 * This allows the mask/value test of multiple table entries to be
190 * logically ORed. Once an 'or' entry is matched the decoding action to
191 * be performed is that of the next entry which isn't an 'or'. E.g.
192 *
193 * DECODE_OR (mask1, value1)
194 * DECODE_OR (mask2, value2)
195 * DECODE_SIMULATE (mask3, value3, simulation_handler)
196 *
197 * This means that if any of the three mask/value pairs match the
198 * instruction being decoded, then 'simulation_handler' will be used
199 * for it.
200 *
201 * Both the SIMULATE and EMULATE macros have a second form which take an
202 * additional 'regs' argument.
203 *
204 * DECODE_SIMULATEX(mask, value, handler, regs)
205 * DECODE_EMULATEX (mask, value, handler, regs)
206 *
207 * These are used to specify what kind of CPU register is encoded in each of the
208 * least significant 5 nibbles of the instruction being decoded. The regs value
209 * is specified using the REGS macro, this takes any of the REG_TYPE_* values
210 * from enum decode_reg_type as arguments; only the '*' part of the name is
211 * given. E.g.
212 *
213 * REGS(0, ANY, NOPC, 0, ANY)
214 *
215 * This indicates an instruction is encoded like:
216 *
217 * bits 19..16 ignore
218 * bits 15..12 any register allowed here
219 * bits 11.. 8 any register except PC allowed here
220 * bits 7.. 4 ignore
221 * bits 3.. 0 any register allowed here
222 *
223 * This register specification is checked after a decode table entry is found to
224 * match an instruction (through the mask/value test). Any invalid register then
225 * found in the instruction will cause decoding to fail with INSN_REJECTED. In
226 * the above example this would happen if bits 11..8 of the instruction were
227 * 1111, indicating R15 or PC.
228 *
229 * As well as checking for legal combinations of registers, this data is also
230 * used to modify the registers encoded in the instructions so that an
231 * emulation routines can use it. (See decode_regs() and INSN_NEW_BITS.)
232 *
233 * Here is a real example which matches ARM instructions of the form
234 * "AND <Rd>,<Rn>,<Rm>,<shift> <Rs>"
235 *
236 * DECODE_EMULATEX (0x0e000090, 0x00000010, PROBES_DATA_PROCESSING_REG,
237 * REGS(ANY, ANY, NOPC, 0, ANY)),
238 * ^ ^ ^ ^
239 * Rn Rd Rs Rm
240 *
241 * Decoding the instruction "AND R4, R5, R6, ASL R15" will be rejected because
242 * Rs == R15
243 *
244 * Decoding the instruction "AND R4, R5, R6, ASL R7" will be accepted and the
245 * instruction will be modified to "AND R0, R2, R3, ASL R1" and then placed into
246 * the kprobes instruction slot. This can then be called later by the handler
247 * function emulate_rd12rn16rm0rs8_rwflags (a pointer to which is retrieved from
248 * the indicated slot in the action array), in order to simulate the instruction.
249 */
250
251 enum decode_type {
252 DECODE_TYPE_END,
253 DECODE_TYPE_TABLE,
254 DECODE_TYPE_CUSTOM,
255 DECODE_TYPE_SIMULATE,
256 DECODE_TYPE_EMULATE,
257 DECODE_TYPE_OR,
258 DECODE_TYPE_REJECT,
259 NUM_DECODE_TYPES /* Must be last enum */
260 };
261
262 #define DECODE_TYPE_BITS 4
263 #define DECODE_TYPE_MASK ((1 << DECODE_TYPE_BITS) - 1)
264
265 enum decode_reg_type {
266 REG_TYPE_NONE = 0, /* Not a register, ignore */
267 REG_TYPE_ANY, /* Any register allowed */
268 REG_TYPE_SAMEAS16, /* Register should be same as that at bits 19..16 */
269 REG_TYPE_SP, /* Register must be SP */
270 REG_TYPE_PC, /* Register must be PC */
271 REG_TYPE_NOSP, /* Register must not be SP */
272 REG_TYPE_NOSPPC, /* Register must not be SP or PC */
273 REG_TYPE_NOPC, /* Register must not be PC */
274 REG_TYPE_NOPCWB, /* No PC if load/store write-back flag also set */
275
276 /* The following types are used when the encoding for PC indicates
277 * another instruction form. This distiction only matters for test
278 * case coverage checks.
279 */
280 REG_TYPE_NOPCX, /* Register must not be PC */
281 REG_TYPE_NOSPPCX, /* Register must not be SP or PC */
282
283 /* Alias to allow '0' arg to be used in REGS macro. */
284 REG_TYPE_0 = REG_TYPE_NONE
285 };
286
287 #define REGS(r16, r12, r8, r4, r0) \
288 (((REG_TYPE_##r16) << 16) + \
289 ((REG_TYPE_##r12) << 12) + \
290 ((REG_TYPE_##r8) << 8) + \
291 ((REG_TYPE_##r4) << 4) + \
292 (REG_TYPE_##r0))
293
294 union decode_item {
295 u32 bits;
296 const union decode_item *table;
297 int action;
298 };
299
300 struct decode_header;
301 typedef enum probes_insn (probes_custom_decode_t)(probes_opcode_t,
302 struct arch_probes_insn *,
303 const struct decode_header *);
304
305 union decode_action {
306 probes_insn_handler_t *handler;
307 probes_custom_decode_t *decoder;
308 };
309
310 typedef enum probes_insn (probes_check_t)(probes_opcode_t,
311 struct arch_probes_insn *,
312 const struct decode_header *);
313
314 struct decode_checker {
315 probes_check_t *checker;
316 };
317
318 #define DECODE_END \
319 {.bits = DECODE_TYPE_END}
320
321
322 struct decode_header {
323 union decode_item type_regs;
324 union decode_item mask;
325 union decode_item value;
326 };
327
328 #define DECODE_HEADER(_type, _mask, _value, _regs) \
329 {.bits = (_type) | ((_regs) << DECODE_TYPE_BITS)}, \
330 {.bits = (_mask)}, \
331 {.bits = (_value)}
332
333
334 struct decode_table {
335 struct decode_header header;
336 union decode_item table;
337 };
338
339 #define DECODE_TABLE(_mask, _value, _table) \
340 DECODE_HEADER(DECODE_TYPE_TABLE, _mask, _value, 0), \
341 {.table = (_table)}
342
343
344 struct decode_custom {
345 struct decode_header header;
346 union decode_item decoder;
347 };
348
349 #define DECODE_CUSTOM(_mask, _value, _decoder) \
350 DECODE_HEADER(DECODE_TYPE_CUSTOM, _mask, _value, 0), \
351 {.action = (_decoder)}
352
353
354 struct decode_simulate {
355 struct decode_header header;
356 union decode_item handler;
357 };
358
359 #define DECODE_SIMULATEX(_mask, _value, _handler, _regs) \
360 DECODE_HEADER(DECODE_TYPE_SIMULATE, _mask, _value, _regs), \
361 {.action = (_handler)}
362
363 #define DECODE_SIMULATE(_mask, _value, _handler) \
364 DECODE_SIMULATEX(_mask, _value, _handler, 0)
365
366
367 struct decode_emulate {
368 struct decode_header header;
369 union decode_item handler;
370 };
371
372 #define DECODE_EMULATEX(_mask, _value, _handler, _regs) \
373 DECODE_HEADER(DECODE_TYPE_EMULATE, _mask, _value, _regs), \
374 {.action = (_handler)}
375
376 #define DECODE_EMULATE(_mask, _value, _handler) \
377 DECODE_EMULATEX(_mask, _value, _handler, 0)
378
379
380 struct decode_or {
381 struct decode_header header;
382 };
383
384 #define DECODE_OR(_mask, _value) \
385 DECODE_HEADER(DECODE_TYPE_OR, _mask, _value, 0)
386
387 enum probes_insn {
388 INSN_REJECTED,
389 INSN_GOOD,
390 INSN_GOOD_NO_SLOT
391 };
392
393 struct decode_reject {
394 struct decode_header header;
395 };
396
397 #define DECODE_REJECT(_mask, _value) \
398 DECODE_HEADER(DECODE_TYPE_REJECT, _mask, _value, 0)
399
400 probes_insn_handler_t probes_simulate_nop;
401 probes_insn_handler_t probes_emulate_none;
402
403 int __kprobes
404 probes_decode_insn(probes_opcode_t insn, struct arch_probes_insn *asi,
405 const union decode_item *table, bool thumb, bool emulate,
406 const union decode_action *actions,
407 const struct decode_checker **checkers);
408
409 #endif