1 // SPDX-License-Identifier: GPL-2.0 1 // SPDX-License-Identifier: GPL-2.0
2 /* !! 2 /* arch/sparc64/kernel/kprobes.c
3 * arch/parisc/kernel/kprobes.c <<
4 * <<
5 * PA-RISC kprobes implementation <<
6 * 3 *
7 * Copyright (c) 2019 Sven Schnelle <svens@sta !! 4 * Copyright (C) 2004 David S. Miller <davem@davemloft.net>
8 * Copyright (c) 2022 Helge Deller <deller@gmx <<
9 */ 5 */
10 6
11 #include <linux/types.h> !! 7 #include <linux/kernel.h>
12 #include <linux/kprobes.h> 8 #include <linux/kprobes.h>
>> 9 #include <linux/extable.h>
>> 10 #include <linux/kdebug.h>
13 #include <linux/slab.h> 11 #include <linux/slab.h>
>> 12 #include <linux/context_tracking.h>
>> 13 #include <asm/signal.h>
14 #include <asm/cacheflush.h> 14 #include <asm/cacheflush.h>
15 #include <asm/patch.h> !! 15 #include <linux/uaccess.h>
>> 16
>> 17 /* We do not have hardware single-stepping on sparc64.
>> 18 * So we implement software single-stepping with breakpoint
>> 19 * traps. The top-level scheme is similar to that used
>> 20 * in the x86 kprobes implementation.
>> 21 *
>> 22 * In the kprobe->ainsn.insn[] array we store the original
>> 23 * instruction at index zero and a break instruction at
>> 24 * index one.
>> 25 *
>> 26 * When we hit a kprobe we:
>> 27 * - Run the pre-handler
>> 28 * - Remember "regs->tnpc" and interrupt level stored in
>> 29 * "regs->tstate" so we can restore them later
>> 30 * - Disable PIL interrupts
>> 31 * - Set regs->tpc to point to kprobe->ainsn.insn[0]
>> 32 * - Set regs->tnpc to point to kprobe->ainsn.insn[1]
>> 33 * - Mark that we are actively in a kprobe
>> 34 *
>> 35 * At this point we wait for the second breakpoint at
>> 36 * kprobe->ainsn.insn[1] to hit. When it does we:
>> 37 * - Run the post-handler
>> 38 * - Set regs->tpc to "remembered" regs->tnpc stored above,
>> 39 * restore the PIL interrupt level in "regs->tstate" as well
>> 40 * - Make any adjustments necessary to regs->tnpc in order
>> 41 * to handle relative branches correctly. See below.
>> 42 * - Mark that we are no longer actively in a kprobe.
>> 43 */
16 44
17 DEFINE_PER_CPU(struct kprobe *, current_kprobe 45 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
18 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ct 46 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
19 47
>> 48 struct kretprobe_blackpoint kretprobe_blacklist[] = {{NULL, NULL}};
>> 49
20 int __kprobes arch_prepare_kprobe(struct kprob 50 int __kprobes arch_prepare_kprobe(struct kprobe *p)
21 { 51 {
22 if ((unsigned long)p->addr & 3UL) !! 52 if ((unsigned long) p->addr & 0x3UL)
23 return -EINVAL; !! 53 return -EILSEQ;
24 54
25 p->ainsn.insn = get_insn_slot(); !! 55 p->ainsn.insn[0] = *p->addr;
26 if (!p->ainsn.insn) !! 56 flushi(&p->ainsn.insn[0]);
27 return -ENOMEM; <<
28 57
29 /* !! 58 p->ainsn.insn[1] = BREAKPOINT_INSTRUCTION_2;
30 * Set up new instructions. Second bre !! 59 flushi(&p->ainsn.insn[1]);
31 * trigger call of parisc_kprobe_ss_ha <<
32 */ <<
33 p->opcode = *p->addr; <<
34 p->ainsn.insn[0] = p->opcode; <<
35 p->ainsn.insn[1] = PARISC_KPROBES_BREA <<
36 60
37 flush_insn_slot(p); !! 61 p->opcode = *p->addr;
38 return 0; 62 return 0;
39 } 63 }
40 64
41 void __kprobes arch_remove_kprobe(struct kprob <<
42 { <<
43 if (!p->ainsn.insn) <<
44 return; <<
45 <<
46 free_insn_slot(p->ainsn.insn, 0); <<
47 p->ainsn.insn = NULL; <<
48 } <<
49 <<
50 void __kprobes arch_arm_kprobe(struct kprobe * 65 void __kprobes arch_arm_kprobe(struct kprobe *p)
51 { 66 {
52 patch_text(p->addr, PARISC_KPROBES_BRE !! 67 *p->addr = BREAKPOINT_INSTRUCTION;
>> 68 flushi(p->addr);
53 } 69 }
54 70
55 void __kprobes arch_disarm_kprobe(struct kprob 71 void __kprobes arch_disarm_kprobe(struct kprobe *p)
56 { 72 {
57 patch_text(p->addr, p->opcode); !! 73 *p->addr = p->opcode;
>> 74 flushi(p->addr);
58 } 75 }
59 76
60 static void __kprobes save_previous_kprobe(str 77 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
61 { 78 {
62 kcb->prev_kprobe.kp = kprobe_running() 79 kcb->prev_kprobe.kp = kprobe_running();
63 kcb->prev_kprobe.status = kcb->kprobe_ 80 kcb->prev_kprobe.status = kcb->kprobe_status;
>> 81 kcb->prev_kprobe.orig_tnpc = kcb->kprobe_orig_tnpc;
>> 82 kcb->prev_kprobe.orig_tstate_pil = kcb->kprobe_orig_tstate_pil;
64 } 83 }
65 84
66 static void __kprobes restore_previous_kprobe( 85 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
67 { 86 {
68 __this_cpu_write(current_kprobe, kcb-> 87 __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
69 kcb->kprobe_status = kcb->prev_kprobe. 88 kcb->kprobe_status = kcb->prev_kprobe.status;
>> 89 kcb->kprobe_orig_tnpc = kcb->prev_kprobe.orig_tnpc;
>> 90 kcb->kprobe_orig_tstate_pil = kcb->prev_kprobe.orig_tstate_pil;
70 } 91 }
71 92
72 static inline void __kprobes set_current_kprob !! 93 static void __kprobes set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
>> 94 struct kprobe_ctlblk *kcb)
73 { 95 {
74 __this_cpu_write(current_kprobe, p); 96 __this_cpu_write(current_kprobe, p);
>> 97 kcb->kprobe_orig_tnpc = regs->tnpc;
>> 98 kcb->kprobe_orig_tstate_pil = (regs->tstate & TSTATE_PIL);
75 } 99 }
76 100
77 static void __kprobes setup_singlestep(struct !! 101 static void __kprobes prepare_singlestep(struct kprobe *p, struct pt_regs *regs,
78 struct kprobe_ctlblk *kcb, str !! 102 struct kprobe_ctlblk *kcb)
79 { 103 {
80 kcb->iaoq[0] = regs->iaoq[0]; !! 104 regs->tstate |= TSTATE_PIL;
81 kcb->iaoq[1] = regs->iaoq[1]; !! 105
82 instruction_pointer_set(regs, (unsigne !! 106 /*single step inline, if it a breakpoint instruction*/
>> 107 if (p->opcode == BREAKPOINT_INSTRUCTION) {
>> 108 regs->tpc = (unsigned long) p->addr;
>> 109 regs->tnpc = kcb->kprobe_orig_tnpc;
>> 110 } else {
>> 111 regs->tpc = (unsigned long) &p->ainsn.insn[0];
>> 112 regs->tnpc = (unsigned long) &p->ainsn.insn[1];
>> 113 }
83 } 114 }
84 115
85 int __kprobes parisc_kprobe_break_handler(stru !! 116 static int __kprobes kprobe_handler(struct pt_regs *regs)
86 { 117 {
87 struct kprobe *p; 118 struct kprobe *p;
>> 119 void *addr = (void *) regs->tpc;
>> 120 int ret = 0;
88 struct kprobe_ctlblk *kcb; 121 struct kprobe_ctlblk *kcb;
89 122
>> 123 /*
>> 124 * We don't want to be preempted for the entire
>> 125 * duration of kprobe processing
>> 126 */
90 preempt_disable(); 127 preempt_disable();
91 <<
92 kcb = get_kprobe_ctlblk(); 128 kcb = get_kprobe_ctlblk();
93 p = get_kprobe((unsigned long *)regs-> <<
94 129
>> 130 if (kprobe_running()) {
>> 131 p = get_kprobe(addr);
>> 132 if (p) {
>> 133 if (kcb->kprobe_status == KPROBE_HIT_SS) {
>> 134 regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
>> 135 kcb->kprobe_orig_tstate_pil);
>> 136 goto no_kprobe;
>> 137 }
>> 138 /* We have reentered the kprobe_handler(), since
>> 139 * another probe was hit while within the handler.
>> 140 * We here save the original kprobes variables and
>> 141 * just single step on the instruction of the new probe
>> 142 * without calling any user handlers.
>> 143 */
>> 144 save_previous_kprobe(kcb);
>> 145 set_current_kprobe(p, regs, kcb);
>> 146 kprobes_inc_nmissed_count(p);
>> 147 kcb->kprobe_status = KPROBE_REENTER;
>> 148 prepare_singlestep(p, regs, kcb);
>> 149 return 1;
>> 150 } else if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
>> 151 /* The breakpoint instruction was removed by
>> 152 * another cpu right after we hit, no further
>> 153 * handling of this interrupt is appropriate
>> 154 */
>> 155 ret = 1;
>> 156 }
>> 157 goto no_kprobe;
>> 158 }
>> 159
>> 160 p = get_kprobe(addr);
95 if (!p) { 161 if (!p) {
96 preempt_enable_no_resched(); !! 162 if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) {
97 return 0; !! 163 /*
>> 164 * The breakpoint instruction was removed right
>> 165 * after we hit it. Another cpu has removed
>> 166 * either a probepoint or a debugger breakpoint
>> 167 * at this address. In either case, no further
>> 168 * handling of this interrupt is appropriate.
>> 169 */
>> 170 ret = 1;
>> 171 }
>> 172 /* Not one of ours: let kernel handle it */
>> 173 goto no_kprobe;
98 } 174 }
99 175
100 if (kprobe_running()) { !! 176 set_current_kprobe(p, regs, kcb);
101 /* !! 177 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
102 * We have reentered the kprob !! 178 if (p->pre_handler && p->pre_handler(p, regs)) {
103 * was hit while within the ha !! 179 reset_current_kprobe();
104 * kprobes and single step on !! 180 preempt_enable_no_resched();
105 * without calling any user ha <<
106 * kprobes. <<
107 */ <<
108 save_previous_kprobe(kcb); <<
109 set_current_kprobe(p); <<
110 kprobes_inc_nmissed_count(p); <<
111 setup_singlestep(p, kcb, regs) <<
112 kcb->kprobe_status = KPROBE_RE <<
113 return 1; 181 return 1;
114 } 182 }
115 183
116 set_current_kprobe(p); !! 184 prepare_singlestep(p, regs, kcb);
117 kcb->kprobe_status = KPROBE_HIT_ACTIVE !! 185 kcb->kprobe_status = KPROBE_HIT_SS;
>> 186 return 1;
>> 187
>> 188 no_kprobe:
>> 189 preempt_enable_no_resched();
>> 190 return ret;
>> 191 }
>> 192
>> 193 /* If INSN is a relative control transfer instruction,
>> 194 * return the corrected branch destination value.
>> 195 *
>> 196 * regs->tpc and regs->tnpc still hold the values of the
>> 197 * program counters at the time of trap due to the execution
>> 198 * of the BREAKPOINT_INSTRUCTION_2 at p->ainsn.insn[1]
>> 199 *
>> 200 */
>> 201 static unsigned long __kprobes relbranch_fixup(u32 insn, struct kprobe *p,
>> 202 struct pt_regs *regs)
>> 203 {
>> 204 unsigned long real_pc = (unsigned long) p->addr;
118 205
119 /* If we have no pre-handler or it ret !! 206 /* Branch not taken, no mods necessary. */
120 * normal processing. If we have a pre !! 207 if (regs->tnpc == regs->tpc + 0x4UL)
121 * non-zero - which means user handler !! 208 return real_pc + 0x8UL;
122 * to another instruction, we must ski !! 209
>> 210 /* The three cases are call, branch w/prediction,
>> 211 * and traditional branch.
123 */ 212 */
>> 213 if ((insn & 0xc0000000) == 0x40000000 ||
>> 214 (insn & 0xc1c00000) == 0x00400000 ||
>> 215 (insn & 0xc1c00000) == 0x00800000) {
>> 216 unsigned long ainsn_addr;
>> 217
>> 218 ainsn_addr = (unsigned long) &p->ainsn.insn[0];
>> 219
>> 220 /* The instruction did all the work for us
>> 221 * already, just apply the offset to the correct
>> 222 * instruction location.
>> 223 */
>> 224 return (real_pc + (regs->tnpc - ainsn_addr));
>> 225 }
124 226
125 if (!p->pre_handler || !p->pre_handler !! 227 /* It is jmpl or some other absolute PC modification instruction,
126 setup_singlestep(p, kcb, regs) !! 228 * leave NPC as-is.
127 kcb->kprobe_status = KPROBE_HI !! 229 */
128 } else { !! 230 return regs->tnpc;
129 reset_current_kprobe(); !! 231 }
130 preempt_enable_no_resched(); !! 232
>> 233 /* If INSN is an instruction which writes it's PC location
>> 234 * into a destination register, fix that up.
>> 235 */
>> 236 static void __kprobes retpc_fixup(struct pt_regs *regs, u32 insn,
>> 237 unsigned long real_pc)
>> 238 {
>> 239 unsigned long *slot = NULL;
>> 240
>> 241 /* Simplest case is 'call', which always uses %o7 */
>> 242 if ((insn & 0xc0000000) == 0x40000000) {
>> 243 slot = ®s->u_regs[UREG_I7];
131 } 244 }
132 return 1; !! 245
>> 246 /* 'jmpl' encodes the register inside of the opcode */
>> 247 if ((insn & 0xc1f80000) == 0x81c00000) {
>> 248 unsigned long rd = ((insn >> 25) & 0x1f);
>> 249
>> 250 if (rd <= 15) {
>> 251 slot = ®s->u_regs[rd];
>> 252 } else {
>> 253 /* Hard case, it goes onto the stack. */
>> 254 flushw_all();
>> 255
>> 256 rd -= 16;
>> 257 slot = (unsigned long *)
>> 258 (regs->u_regs[UREG_FP] + STACK_BIAS);
>> 259 slot += rd;
>> 260 }
>> 261 }
>> 262 if (slot != NULL)
>> 263 *slot = real_pc;
133 } 264 }
134 265
135 int __kprobes parisc_kprobe_ss_handler(struct !! 266 /*
>> 267 * Called after single-stepping. p->addr is the address of the
>> 268 * instruction which has been replaced by the breakpoint
>> 269 * instruction. To avoid the SMP problems that can occur when we
>> 270 * temporarily put back the original opcode to single-step, we
>> 271 * single-stepped a copy of the instruction. The address of this
>> 272 * copy is &p->ainsn.insn[0].
>> 273 *
>> 274 * This function prepares to return from the post-single-step
>> 275 * breakpoint trap.
>> 276 */
>> 277 static void __kprobes resume_execution(struct kprobe *p,
>> 278 struct pt_regs *regs, struct kprobe_ctlblk *kcb)
>> 279 {
>> 280 u32 insn = p->ainsn.insn[0];
>> 281
>> 282 regs->tnpc = relbranch_fixup(insn, p, regs);
>> 283
>> 284 /* This assignment must occur after relbranch_fixup() */
>> 285 regs->tpc = kcb->kprobe_orig_tnpc;
>> 286
>> 287 retpc_fixup(regs, insn, (unsigned long) p->addr);
>> 288
>> 289 regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
>> 290 kcb->kprobe_orig_tstate_pil);
>> 291 }
>> 292
>> 293 static int __kprobes post_kprobe_handler(struct pt_regs *regs)
136 { 294 {
>> 295 struct kprobe *cur = kprobe_running();
137 struct kprobe_ctlblk *kcb = get_kprobe 296 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
138 struct kprobe *p = kprobe_running(); <<
139 297
140 if (!p) !! 298 if (!cur)
141 return 0; 299 return 0;
142 300
143 if (regs->iaoq[0] != (unsigned long)p- !! 301 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
144 return 0; !! 302 kcb->kprobe_status = KPROBE_HIT_SSDONE;
>> 303 cur->post_handler(cur, regs, 0);
>> 304 }
>> 305
>> 306 resume_execution(cur, regs, kcb);
145 307
146 /* restore back original saved kprobe !! 308 /*Restore back the original saved kprobes variables and continue. */
147 if (kcb->kprobe_status == KPROBE_REENT 309 if (kcb->kprobe_status == KPROBE_REENTER) {
148 restore_previous_kprobe(kcb); 310 restore_previous_kprobe(kcb);
149 return 1; !! 311 goto out;
150 } 312 }
>> 313 reset_current_kprobe();
>> 314 out:
>> 315 preempt_enable_no_resched();
>> 316
>> 317 return 1;
>> 318 }
>> 319
>> 320 int __kprobes kprobe_fault_handler(struct pt_regs *regs, int trapnr)
>> 321 {
>> 322 struct kprobe *cur = kprobe_running();
>> 323 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
>> 324 const struct exception_table_entry *entry;
151 325
152 /* for absolute branch instructions we !! 326 switch(kcb->kprobe_status) {
153 * branch instructions we need to calc !! 327 case KPROBE_HIT_SS:
154 * difference between iaoq_f and iaoq_ !! 328 case KPROBE_REENTER:
155 * modifications because it's based on !! 329 /*
156 */ !! 330 * We are here because the instruction being single
157 !! 331 * stepped caused a page fault. We reset the current
158 if (p->post_handler) !! 332 * kprobe and the tpc points back to the probe address
159 p->post_handler(p, regs, 0); !! 333 * and allow the page fault handler to continue as a
160 !! 334 * normal page fault.
161 switch (regs->iir >> 26) { !! 335 */
162 case 0x38: /* BE */ !! 336 regs->tpc = (unsigned long)cur->addr;
163 case 0x39: /* BE,L */ !! 337 regs->tnpc = kcb->kprobe_orig_tnpc;
164 case 0x3a: /* BV */ !! 338 regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
165 case 0x3b: /* BVE */ !! 339 kcb->kprobe_orig_tstate_pil);
166 /* for absolute branches, regs !! 340 if (kcb->kprobe_status == KPROBE_REENTER)
167 * address !! 341 restore_previous_kprobe(kcb);
>> 342 else
>> 343 reset_current_kprobe();
>> 344 preempt_enable_no_resched();
>> 345 break;
>> 346 case KPROBE_HIT_ACTIVE:
>> 347 case KPROBE_HIT_SSDONE:
>> 348 /*
>> 349 * We increment the nmissed count for accounting,
>> 350 * we can also use npre/npostfault count for accounting
>> 351 * these specific fault cases.
>> 352 */
>> 353 kprobes_inc_nmissed_count(cur);
>> 354
>> 355 /*
>> 356 * We come here because instructions in the pre/post
>> 357 * handler caused the page_fault, this could happen
>> 358 * if handler tries to access user space by
>> 359 * copy_from_user(), get_user() etc. Let the
>> 360 * user-specified handler try to fix it first.
>> 361 */
>> 362 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
>> 363 return 1;
>> 364
>> 365 /*
>> 366 * In case the user-specified fault handler returned
>> 367 * zero, try to fix up.
>> 368 */
>> 369
>> 370 entry = search_exception_tables(regs->tpc);
>> 371 if (entry) {
>> 372 regs->tpc = entry->fixup;
>> 373 regs->tnpc = regs->tpc + 4;
>> 374 return 1;
>> 375 }
>> 376
>> 377 /*
>> 378 * fixup_exception() could not handle it,
>> 379 * Let do_page_fault() fix it.
168 */ 380 */
169 regs->iaoq[0] = kcb->iaoq[1]; <<
170 break; 381 break;
171 default: 382 default:
172 regs->iaoq[0] = kcb->iaoq[1]; <<
173 regs->iaoq[1] = regs->iaoq[0] <<
174 break; 383 break;
175 } 384 }
176 kcb->kprobe_status = KPROBE_HIT_SSDONE !! 385
177 reset_current_kprobe(); !! 386 return 0;
178 return 1; <<
179 } 387 }
180 388
181 void __kretprobe_trampoline(void) !! 389 /*
>> 390 * Wrapper routine to for handling exceptions.
>> 391 */
>> 392 int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
>> 393 unsigned long val, void *data)
182 { 394 {
183 asm volatile("nop"); !! 395 struct die_args *args = (struct die_args *)data;
184 asm volatile("nop"); !! 396 int ret = NOTIFY_DONE;
185 } <<
186 397
187 static int __kprobes trampoline_probe_handler( !! 398 if (args->regs && user_mode(args->regs))
188 !! 399 return ret;
189 400
190 static struct kprobe trampoline_p = { !! 401 switch (val) {
191 .pre_handler = trampoline_probe_handle !! 402 case DIE_DEBUG:
192 }; !! 403 if (kprobe_handler(args->regs))
>> 404 ret = NOTIFY_STOP;
>> 405 break;
>> 406 case DIE_DEBUG_2:
>> 407 if (post_kprobe_handler(args->regs))
>> 408 ret = NOTIFY_STOP;
>> 409 break;
>> 410 default:
>> 411 break;
>> 412 }
>> 413 return ret;
>> 414 }
193 415
194 static int __kprobes trampoline_probe_handler( !! 416 asmlinkage void __kprobes kprobe_trap(unsigned long trap_level,
195 !! 417 struct pt_regs *regs)
196 { 418 {
197 __kretprobe_trampoline_handler(regs, N !! 419 enum ctx_state prev_state = exception_enter();
198 420
199 return 1; !! 421 BUG_ON(trap_level != 0x170 && trap_level != 0x171);
200 } <<
201 422
202 void arch_kretprobe_fixup_return(struct pt_reg !! 423 if (user_mode(regs)) {
203 kprobe_opcode !! 424 local_irq_enable();
204 { !! 425 bad_trap(regs, trap_level);
205 regs->gr[2] = (unsigned long)correct_r !! 426 goto out;
>> 427 }
>> 428
>> 429 /* trap_level == 0x170 --> ta 0x70
>> 430 * trap_level == 0x171 --> ta 0x71
>> 431 */
>> 432 if (notify_die((trap_level == 0x170) ? DIE_DEBUG : DIE_DEBUG_2,
>> 433 (trap_level == 0x170) ? "debug" : "debug_2",
>> 434 regs, 0, trap_level, SIGTRAP) != NOTIFY_STOP)
>> 435 bad_trap(regs, trap_level);
>> 436 out:
>> 437 exception_exit(prev_state);
206 } 438 }
207 439
>> 440 /* The value stored in the return address register is actually 2
>> 441 * instructions before where the callee will return to.
>> 442 * Sequences usually look something like this
>> 443 *
>> 444 * call some_function <--- return register points here
>> 445 * nop <--- call delay slot
>> 446 * whatever <--- where callee returns to
>> 447 *
>> 448 * To keep trampoline_probe_handler logic simpler, we normalize the
>> 449 * value kept in ri->ret_addr so we don't need to keep adjusting it
>> 450 * back and forth.
>> 451 */
208 void __kprobes arch_prepare_kretprobe(struct k 452 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
209 struct p 453 struct pt_regs *regs)
210 { 454 {
211 ri->ret_addr = (kprobe_opcode_t *)regs !! 455 ri->ret_addr = (kprobe_opcode_t *)(regs->u_regs[UREG_RETPC] + 8);
212 ri->fp = NULL; <<
213 456
214 /* Replace the return addr with trampo !! 457 /* Replace the return addr with trampoline addr */
215 regs->gr[2] = (unsigned long)trampolin !! 458 regs->u_regs[UREG_RETPC] =
>> 459 ((unsigned long)kretprobe_trampoline) - 8;
216 } 460 }
217 461
218 int __kprobes arch_trampoline_kprobe(struct kp !! 462 /*
>> 463 * Called when the probe at kretprobe trampoline is hit
>> 464 */
>> 465 static int __kprobes trampoline_probe_handler(struct kprobe *p,
>> 466 struct pt_regs *regs)
219 { 467 {
220 return p->addr == trampoline_p.addr; !! 468 struct kretprobe_instance *ri = NULL;
>> 469 struct hlist_head *head, empty_rp;
>> 470 struct hlist_node *tmp;
>> 471 unsigned long flags, orig_ret_address = 0;
>> 472 unsigned long trampoline_address =(unsigned long)&kretprobe_trampoline;
>> 473
>> 474 INIT_HLIST_HEAD(&empty_rp);
>> 475 kretprobe_hash_lock(current, &head, &flags);
>> 476
>> 477 /*
>> 478 * It is possible to have multiple instances associated with a given
>> 479 * task either because an multiple functions in the call path
>> 480 * have a return probe installed on them, and/or more than one return
>> 481 * return probe was registered for a target function.
>> 482 *
>> 483 * We can handle this because:
>> 484 * - instances are always inserted at the head of the list
>> 485 * - when multiple return probes are registered for the same
>> 486 * function, the first instance's ret_addr will point to the
>> 487 * real return address, and all the rest will point to
>> 488 * kretprobe_trampoline
>> 489 */
>> 490 hlist_for_each_entry_safe(ri, tmp, head, hlist) {
>> 491 if (ri->task != current)
>> 492 /* another task is sharing our hash bucket */
>> 493 continue;
>> 494
>> 495 if (ri->rp && ri->rp->handler)
>> 496 ri->rp->handler(ri, regs);
>> 497
>> 498 orig_ret_address = (unsigned long)ri->ret_addr;
>> 499 recycle_rp_inst(ri, &empty_rp);
>> 500
>> 501 if (orig_ret_address != trampoline_address)
>> 502 /*
>> 503 * This is the real return address. Any other
>> 504 * instances associated with this task are for
>> 505 * other calls deeper on the call stack
>> 506 */
>> 507 break;
>> 508 }
>> 509
>> 510 kretprobe_assert(ri, orig_ret_address, trampoline_address);
>> 511 regs->tpc = orig_ret_address;
>> 512 regs->tnpc = orig_ret_address + 4;
>> 513
>> 514 kretprobe_hash_unlock(current, &flags);
>> 515
>> 516 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
>> 517 hlist_del(&ri->hlist);
>> 518 kfree(ri);
>> 519 }
>> 520 /*
>> 521 * By returning a non-zero value, we are telling
>> 522 * kprobe_handler() that we don't want the post_handler
>> 523 * to run (and have re-enabled preemption)
>> 524 */
>> 525 return 1;
221 } 526 }
222 527
>> 528 static void __used kretprobe_trampoline_holder(void)
>> 529 {
>> 530 asm volatile(".global kretprobe_trampoline\n"
>> 531 "kretprobe_trampoline:\n"
>> 532 "\tnop\n"
>> 533 "\tnop\n");
>> 534 }
>> 535 static struct kprobe trampoline_p = {
>> 536 .addr = (kprobe_opcode_t *) &kretprobe_trampoline,
>> 537 .pre_handler = trampoline_probe_handler
>> 538 };
>> 539
223 int __init arch_init_kprobes(void) 540 int __init arch_init_kprobes(void)
224 { 541 {
225 trampoline_p.addr = (kprobe_opcode_t * <<
226 dereference_function_descripto <<
227 return register_kprobe(&trampoline_p); 542 return register_kprobe(&trampoline_p);
>> 543 }
>> 544
>> 545 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
>> 546 {
>> 547 if (p->addr == (kprobe_opcode_t *)&kretprobe_trampoline)
>> 548 return 1;
>> 549
>> 550 return 0;
228 } 551 }
229 552
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.