This source file includes following definitions.
- arch_prepare_kprobe
- arch_copy_kprobe
- arch_arm_kprobe
- arch_disarm_kprobe
- arch_trampoline_kprobe
- kprobe_handle_illslot
- arch_remove_kprobe
- save_previous_kprobe
- restore_previous_kprobe
- set_current_kprobe
- prepare_singlestep
- arch_prepare_kretprobe
- kprobe_handler
- kretprobe_trampoline_holder
- trampoline_probe_handler
- post_kprobe_handler
- kprobe_fault_handler
- kprobe_exceptions_notify
- arch_init_kprobes
1
2
3
4
5
6
7
8 #include <linux/kprobes.h>
9 #include <linux/extable.h>
10 #include <linux/ptrace.h>
11 #include <linux/preempt.h>
12 #include <linux/kdebug.h>
13 #include <linux/slab.h>
14 #include <asm/cacheflush.h>
15 #include <linux/uaccess.h>
16
17 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
18 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
19
20 static DEFINE_PER_CPU(struct kprobe, saved_current_opcode);
21 static DEFINE_PER_CPU(struct kprobe, saved_next_opcode);
22 static DEFINE_PER_CPU(struct kprobe, saved_next_opcode2);
23
24 #define OPCODE_JMP(x) (((x) & 0xF0FF) == 0x402b)
25 #define OPCODE_JSR(x) (((x) & 0xF0FF) == 0x400b)
26 #define OPCODE_BRA(x) (((x) & 0xF000) == 0xa000)
27 #define OPCODE_BRAF(x) (((x) & 0xF0FF) == 0x0023)
28 #define OPCODE_BSR(x) (((x) & 0xF000) == 0xb000)
29 #define OPCODE_BSRF(x) (((x) & 0xF0FF) == 0x0003)
30
31 #define OPCODE_BF_S(x) (((x) & 0xFF00) == 0x8f00)
32 #define OPCODE_BT_S(x) (((x) & 0xFF00) == 0x8d00)
33
34 #define OPCODE_BF(x) (((x) & 0xFF00) == 0x8b00)
35 #define OPCODE_BT(x) (((x) & 0xFF00) == 0x8900)
36
37 #define OPCODE_RTS(x) (((x) & 0x000F) == 0x000b)
38 #define OPCODE_RTE(x) (((x) & 0xFFFF) == 0x002b)
39
40 int __kprobes arch_prepare_kprobe(struct kprobe *p)
41 {
42 kprobe_opcode_t opcode = *(kprobe_opcode_t *) (p->addr);
43
44 if (OPCODE_RTE(opcode))
45 return -EFAULT;
46
47 p->opcode = opcode;
48
49 return 0;
50 }
51
52 void __kprobes arch_copy_kprobe(struct kprobe *p)
53 {
54 memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
55 p->opcode = *p->addr;
56 }
57
58 void __kprobes arch_arm_kprobe(struct kprobe *p)
59 {
60 *p->addr = BREAKPOINT_INSTRUCTION;
61 flush_icache_range((unsigned long)p->addr,
62 (unsigned long)p->addr + sizeof(kprobe_opcode_t));
63 }
64
65 void __kprobes arch_disarm_kprobe(struct kprobe *p)
66 {
67 *p->addr = p->opcode;
68 flush_icache_range((unsigned long)p->addr,
69 (unsigned long)p->addr + sizeof(kprobe_opcode_t));
70 }
71
72 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
73 {
74 if (*p->addr == BREAKPOINT_INSTRUCTION)
75 return 1;
76
77 return 0;
78 }
79
80
81
82
83
84
85
86 int __kprobes kprobe_handle_illslot(unsigned long pc)
87 {
88 struct kprobe *p = get_kprobe((kprobe_opcode_t *) pc + 1);
89
90 if (p != NULL) {
91 printk("Warning: removing kprobe from delay slot: 0x%.8x\n",
92 (unsigned int)pc + 2);
93 unregister_kprobe(p);
94 return 0;
95 }
96
97 return 1;
98 }
99
100 void __kprobes arch_remove_kprobe(struct kprobe *p)
101 {
102 struct kprobe *saved = this_cpu_ptr(&saved_next_opcode);
103
104 if (saved->addr) {
105 arch_disarm_kprobe(p);
106 arch_disarm_kprobe(saved);
107
108 saved->addr = NULL;
109 saved->opcode = 0;
110
111 saved = this_cpu_ptr(&saved_next_opcode2);
112 if (saved->addr) {
113 arch_disarm_kprobe(saved);
114
115 saved->addr = NULL;
116 saved->opcode = 0;
117 }
118 }
119 }
120
121 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
122 {
123 kcb->prev_kprobe.kp = kprobe_running();
124 kcb->prev_kprobe.status = kcb->kprobe_status;
125 }
126
127 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
128 {
129 __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
130 kcb->kprobe_status = kcb->prev_kprobe.status;
131 }
132
133 static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
134 struct kprobe_ctlblk *kcb)
135 {
136 __this_cpu_write(current_kprobe, p);
137 }
138
139
140
141
142
143
144 static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
145 {
146 __this_cpu_write(saved_current_opcode.addr, (kprobe_opcode_t *)regs->pc);
147
148 if (p != NULL) {
149 struct kprobe *op1, *op2;
150
151 arch_disarm_kprobe(p);
152
153 op1 = this_cpu_ptr(&saved_next_opcode);
154 op2 = this_cpu_ptr(&saved_next_opcode2);
155
156 if (OPCODE_JSR(p->opcode) || OPCODE_JMP(p->opcode)) {
157 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F);
158 op1->addr = (kprobe_opcode_t *) regs->regs[reg_nr];
159 } else if (OPCODE_BRA(p->opcode) || OPCODE_BSR(p->opcode)) {
160 unsigned long disp = (p->opcode & 0x0FFF);
161 op1->addr =
162 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
163
164 } else if (OPCODE_BRAF(p->opcode) || OPCODE_BSRF(p->opcode)) {
165 unsigned int reg_nr = ((p->opcode >> 8) & 0x000F);
166 op1->addr =
167 (kprobe_opcode_t *) (regs->pc + 4 +
168 regs->regs[reg_nr]);
169
170 } else if (OPCODE_RTS(p->opcode)) {
171 op1->addr = (kprobe_opcode_t *) regs->pr;
172
173 } else if (OPCODE_BF(p->opcode) || OPCODE_BT(p->opcode)) {
174 unsigned long disp = (p->opcode & 0x00FF);
175
176 op1->addr = p->addr + 1;
177
178 op2->addr =
179 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
180 op2->opcode = *(op2->addr);
181 arch_arm_kprobe(op2);
182
183 } else if (OPCODE_BF_S(p->opcode) || OPCODE_BT_S(p->opcode)) {
184 unsigned long disp = (p->opcode & 0x00FF);
185
186 op1->addr = p->addr + 2;
187
188 op2->addr =
189 (kprobe_opcode_t *) (regs->pc + 4 + disp * 2);
190 op2->opcode = *(op2->addr);
191 arch_arm_kprobe(op2);
192
193 } else {
194 op1->addr = p->addr + 1;
195 }
196
197 op1->opcode = *(op1->addr);
198 arch_arm_kprobe(op1);
199 }
200 }
201
202
203 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
204 struct pt_regs *regs)
205 {
206 ri->ret_addr = (kprobe_opcode_t *) regs->pr;
207
208
209 regs->pr = (unsigned long)kretprobe_trampoline;
210 }
211
212 static int __kprobes kprobe_handler(struct pt_regs *regs)
213 {
214 struct kprobe *p;
215 int ret = 0;
216 kprobe_opcode_t *addr = NULL;
217 struct kprobe_ctlblk *kcb;
218
219
220
221
222
223 preempt_disable();
224 kcb = get_kprobe_ctlblk();
225
226 addr = (kprobe_opcode_t *) (regs->pc);
227
228
229 if (kprobe_running()) {
230 p = get_kprobe(addr);
231 if (p) {
232 if (kcb->kprobe_status == KPROBE_HIT_SS &&
233 *p->ainsn.insn == BREAKPOINT_INSTRUCTION) {
234 goto no_kprobe;
235 }
236
237
238
239
240
241
242 save_previous_kprobe(kcb);
243 set_current_kprobe(p, regs, kcb);
244 kprobes_inc_nmissed_count(p);
245 prepare_singlestep(p, regs);
246 kcb->kprobe_status = KPROBE_REENTER;
247 return 1;
248 }
249 goto no_kprobe;
250 }
251
252 p = get_kprobe(addr);
253 if (!p) {
254
255 if (*(kprobe_opcode_t *)addr != BREAKPOINT_INSTRUCTION) {
256
257
258
259
260
261
262
263 ret = 1;
264 }
265
266 goto no_kprobe;
267 }
268
269 set_current_kprobe(p, regs, kcb);
270 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
271
272 if (p->pre_handler && p->pre_handler(p, regs)) {
273
274 reset_current_kprobe();
275 preempt_enable_no_resched();
276 return 1;
277 }
278
279 prepare_singlestep(p, regs);
280 kcb->kprobe_status = KPROBE_HIT_SS;
281 return 1;
282
283 no_kprobe:
284 preempt_enable_no_resched();
285 return ret;
286 }
287
288
289
290
291
292
293 static void __used kretprobe_trampoline_holder(void)
294 {
295 asm volatile (".globl kretprobe_trampoline\n"
296 "kretprobe_trampoline:\n\t"
297 "nop\n");
298 }
299
300
301
302
303 int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
304 {
305 struct kretprobe_instance *ri = NULL;
306 struct hlist_head *head, empty_rp;
307 struct hlist_node *tmp;
308 unsigned long flags, orig_ret_address = 0;
309 unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
310
311 INIT_HLIST_HEAD(&empty_rp);
312 kretprobe_hash_lock(current, &head, &flags);
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327 hlist_for_each_entry_safe(ri, tmp, head, hlist) {
328 if (ri->task != current)
329
330 continue;
331
332 if (ri->rp && ri->rp->handler) {
333 __this_cpu_write(current_kprobe, &ri->rp->kp);
334 ri->rp->handler(ri, regs);
335 __this_cpu_write(current_kprobe, NULL);
336 }
337
338 orig_ret_address = (unsigned long)ri->ret_addr;
339 recycle_rp_inst(ri, &empty_rp);
340
341 if (orig_ret_address != trampoline_address)
342
343
344
345
346
347 break;
348 }
349
350 kretprobe_assert(ri, orig_ret_address, trampoline_address);
351
352 regs->pc = orig_ret_address;
353 kretprobe_hash_unlock(current, &flags);
354
355 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
356 hlist_del(&ri->hlist);
357 kfree(ri);
358 }
359
360 return orig_ret_address;
361 }
362
363 static int __kprobes post_kprobe_handler(struct pt_regs *regs)
364 {
365 struct kprobe *cur = kprobe_running();
366 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
367 kprobe_opcode_t *addr = NULL;
368 struct kprobe *p = NULL;
369
370 if (!cur)
371 return 0;
372
373 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
374 kcb->kprobe_status = KPROBE_HIT_SSDONE;
375 cur->post_handler(cur, regs, 0);
376 }
377
378 p = this_cpu_ptr(&saved_next_opcode);
379 if (p->addr) {
380 arch_disarm_kprobe(p);
381 p->addr = NULL;
382 p->opcode = 0;
383
384 addr = __this_cpu_read(saved_current_opcode.addr);
385 __this_cpu_write(saved_current_opcode.addr, NULL);
386
387 p = get_kprobe(addr);
388 arch_arm_kprobe(p);
389
390 p = this_cpu_ptr(&saved_next_opcode2);
391 if (p->addr) {
392 arch_disarm_kprobe(p);
393 p->addr = NULL;
394 p->opcode = 0;
395 }
396 }
397
398
399 if (kcb->kprobe_status == KPROBE_REENTER) {
400 restore_previous_kprobe(kcb);
401 goto out;
402 }
403
404 reset_current_kprobe();
405
406 out:
407 preempt_enable_no_resched();
408
409 return 1;
410 }
411
412 int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
413 {
414 struct kprobe *cur = kprobe_running();
415 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
416 const struct exception_table_entry *entry;
417
418 switch (kcb->kprobe_status) {
419 case KPROBE_HIT_SS:
420 case KPROBE_REENTER:
421
422
423
424
425
426
427
428 regs->pc = (unsigned long)cur->addr;
429 if (kcb->kprobe_status == KPROBE_REENTER)
430 restore_previous_kprobe(kcb);
431 else
432 reset_current_kprobe();
433 preempt_enable_no_resched();
434 break;
435 case KPROBE_HIT_ACTIVE:
436 case KPROBE_HIT_SSDONE:
437
438
439
440
441
442 kprobes_inc_nmissed_count(cur);
443
444
445
446
447
448
449
450
451 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
452 return 1;
453
454
455
456
457
458 if ((entry = search_exception_tables(regs->pc)) != NULL) {
459 regs->pc = entry->fixup;
460 return 1;
461 }
462
463
464
465
466
467 break;
468 default:
469 break;
470 }
471
472 return 0;
473 }
474
475
476
477
478 int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
479 unsigned long val, void *data)
480 {
481 struct kprobe *p = NULL;
482 struct die_args *args = (struct die_args *)data;
483 int ret = NOTIFY_DONE;
484 kprobe_opcode_t *addr = NULL;
485 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
486
487 addr = (kprobe_opcode_t *) (args->regs->pc);
488 if (val == DIE_TRAP &&
489 args->trapnr == (BREAKPOINT_INSTRUCTION & 0xff)) {
490 if (!kprobe_running()) {
491 if (kprobe_handler(args->regs)) {
492 ret = NOTIFY_STOP;
493 } else {
494
495 ret = NOTIFY_DONE;
496 }
497 } else {
498 p = get_kprobe(addr);
499 if ((kcb->kprobe_status == KPROBE_HIT_SS) ||
500 (kcb->kprobe_status == KPROBE_REENTER)) {
501 if (post_kprobe_handler(args->regs))
502 ret = NOTIFY_STOP;
503 } else {
504 if (kprobe_handler(args->regs))
505 ret = NOTIFY_STOP;
506 }
507 }
508 }
509
510 return ret;
511 }
512
513 static struct kprobe trampoline_p = {
514 .addr = (kprobe_opcode_t *)&kretprobe_trampoline,
515 .pre_handler = trampoline_probe_handler
516 };
517
518 int __init arch_init_kprobes(void)
519 {
520 return register_kprobe(&trampoline_p);
521 }