mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
262 lines
6.5 KiB
262 lines
6.5 KiB
// SPDX-License-Identifier: GPL-2.0 |
|
#include <linux/highmem.h> |
|
#include <linux/kdebug.h> |
|
#include <linux/types.h> |
|
#include <linux/notifier.h> |
|
#include <linux/sched.h> |
|
#include <linux/uprobes.h> |
|
|
|
#include <asm/branch.h> |
|
#include <asm/cpu-features.h> |
|
#include <asm/ptrace.h> |
|
|
|
#include "probes-common.h" |
|
|
|
static inline int insn_has_delay_slot(const union mips_instruction insn) |
|
{ |
|
return __insn_has_delay_slot(insn); |
|
} |
|
|
|
/** |
|
* arch_uprobe_analyze_insn - instruction analysis including validity and fixups. |
|
* @mm: the probed address space. |
|
* @arch_uprobe: the probepoint information. |
|
* @addr: virtual address at which to install the probepoint |
|
* Return 0 on success or a -ve number on error. |
|
*/ |
|
int arch_uprobe_analyze_insn(struct arch_uprobe *aup, |
|
struct mm_struct *mm, unsigned long addr) |
|
{ |
|
union mips_instruction inst; |
|
|
|
/* |
|
* For the time being this also blocks attempts to use uprobes with |
|
* MIPS16 and microMIPS. |
|
*/ |
|
if (addr & 0x03) |
|
return -EINVAL; |
|
|
|
inst.word = aup->insn[0]; |
|
|
|
if (__insn_is_compact_branch(inst)) { |
|
pr_notice("Uprobes for compact branches are not supported\n"); |
|
return -EINVAL; |
|
} |
|
|
|
aup->ixol[0] = aup->insn[insn_has_delay_slot(inst)]; |
|
aup->ixol[1] = UPROBE_BRK_UPROBE_XOL; /* NOP */ |
|
|
|
return 0; |
|
} |
|
|
|
/** |
|
* is_trap_insn - check if the instruction is a trap variant |
|
* @insn: instruction to be checked. |
|
* Returns true if @insn is a trap variant. |
|
* |
|
* This definition overrides the weak definition in kernel/events/uprobes.c. |
|
* and is needed for the case where an architecture has multiple trap |
|
* instructions (like PowerPC or MIPS). We treat BREAK just like the more |
|
* modern conditional trap instructions. |
|
*/ |
|
bool is_trap_insn(uprobe_opcode_t *insn) |
|
{ |
|
union mips_instruction inst; |
|
|
|
inst.word = *insn; |
|
|
|
switch (inst.i_format.opcode) { |
|
case spec_op: |
|
switch (inst.r_format.func) { |
|
case break_op: |
|
case teq_op: |
|
case tge_op: |
|
case tgeu_op: |
|
case tlt_op: |
|
case tltu_op: |
|
case tne_op: |
|
return 1; |
|
} |
|
break; |
|
|
|
case bcond_op: /* Yes, really ... */ |
|
switch (inst.u_format.rt) { |
|
case teqi_op: |
|
case tgei_op: |
|
case tgeiu_op: |
|
case tlti_op: |
|
case tltiu_op: |
|
case tnei_op: |
|
return 1; |
|
} |
|
break; |
|
} |
|
|
|
return 0; |
|
} |
|
|
|
#define UPROBE_TRAP_NR ULONG_MAX |
|
|
|
/* |
|
* arch_uprobe_pre_xol - prepare to execute out of line. |
|
* @auprobe: the probepoint information. |
|
* @regs: reflects the saved user state of current task. |
|
*/ |
|
int arch_uprobe_pre_xol(struct arch_uprobe *aup, struct pt_regs *regs) |
|
{ |
|
struct uprobe_task *utask = current->utask; |
|
|
|
/* |
|
* Now find the EPC where to resume after the breakpoint has been |
|
* dealt with. This may require emulation of a branch. |
|
*/ |
|
aup->resume_epc = regs->cp0_epc + 4; |
|
if (insn_has_delay_slot((union mips_instruction) aup->insn[0])) { |
|
__compute_return_epc_for_insn(regs, |
|
(union mips_instruction) aup->insn[0]); |
|
aup->resume_epc = regs->cp0_epc; |
|
} |
|
utask->autask.saved_trap_nr = current->thread.trap_nr; |
|
current->thread.trap_nr = UPROBE_TRAP_NR; |
|
regs->cp0_epc = current->utask->xol_vaddr; |
|
|
|
return 0; |
|
} |
|
|
|
int arch_uprobe_post_xol(struct arch_uprobe *aup, struct pt_regs *regs) |
|
{ |
|
struct uprobe_task *utask = current->utask; |
|
|
|
current->thread.trap_nr = utask->autask.saved_trap_nr; |
|
regs->cp0_epc = aup->resume_epc; |
|
|
|
return 0; |
|
} |
|
|
|
/* |
|
* If xol insn itself traps and generates a signal(Say, |
|
* SIGILL/SIGSEGV/etc), then detect the case where a singlestepped |
|
* instruction jumps back to its own address. It is assumed that anything |
|
* like do_page_fault/do_trap/etc sets thread.trap_nr != -1. |
|
* |
|
* arch_uprobe_pre_xol/arch_uprobe_post_xol save/restore thread.trap_nr, |
|
* arch_uprobe_xol_was_trapped() simply checks that ->trap_nr is not equal to |
|
* UPROBE_TRAP_NR == -1 set by arch_uprobe_pre_xol(). |
|
*/ |
|
bool arch_uprobe_xol_was_trapped(struct task_struct *tsk) |
|
{ |
|
if (tsk->thread.trap_nr != UPROBE_TRAP_NR) |
|
return true; |
|
|
|
return false; |
|
} |
|
|
|
int arch_uprobe_exception_notify(struct notifier_block *self, |
|
unsigned long val, void *data) |
|
{ |
|
struct die_args *args = data; |
|
struct pt_regs *regs = args->regs; |
|
|
|
/* regs == NULL is a kernel bug */ |
|
if (WARN_ON(!regs)) |
|
return NOTIFY_DONE; |
|
|
|
/* We are only interested in userspace traps */ |
|
if (!user_mode(regs)) |
|
return NOTIFY_DONE; |
|
|
|
switch (val) { |
|
case DIE_UPROBE: |
|
if (uprobe_pre_sstep_notifier(regs)) |
|
return NOTIFY_STOP; |
|
break; |
|
case DIE_UPROBE_XOL: |
|
if (uprobe_post_sstep_notifier(regs)) |
|
return NOTIFY_STOP; |
|
default: |
|
break; |
|
} |
|
|
|
return 0; |
|
} |
|
|
|
/* |
|
* This function gets called when XOL instruction either gets trapped or |
|
* the thread has a fatal signal. Reset the instruction pointer to its |
|
* probed address for the potential restart or for post mortem analysis. |
|
*/ |
|
void arch_uprobe_abort_xol(struct arch_uprobe *aup, |
|
struct pt_regs *regs) |
|
{ |
|
struct uprobe_task *utask = current->utask; |
|
|
|
instruction_pointer_set(regs, utask->vaddr); |
|
} |
|
|
|
unsigned long arch_uretprobe_hijack_return_addr( |
|
unsigned long trampoline_vaddr, struct pt_regs *regs) |
|
{ |
|
unsigned long ra; |
|
|
|
ra = regs->regs[31]; |
|
|
|
/* Replace the return address with the trampoline address */ |
|
regs->regs[31] = trampoline_vaddr; |
|
|
|
return ra; |
|
} |
|
|
|
/** |
|
* set_swbp - store breakpoint at a given address. |
|
* @auprobe: arch specific probepoint information. |
|
* @mm: the probed process address space. |
|
* @vaddr: the virtual address to insert the opcode. |
|
* |
|
* For mm @mm, store the breakpoint instruction at @vaddr. |
|
* Return 0 (success) or a negative errno. |
|
* |
|
* This version overrides the weak version in kernel/events/uprobes.c. |
|
* It is required to handle MIPS16 and microMIPS. |
|
*/ |
|
int __weak set_swbp(struct arch_uprobe *auprobe, struct mm_struct *mm, |
|
unsigned long vaddr) |
|
{ |
|
return uprobe_write_opcode(auprobe, mm, vaddr, UPROBE_SWBP_INSN); |
|
} |
|
|
|
void arch_uprobe_copy_ixol(struct page *page, unsigned long vaddr, |
|
void *src, unsigned long len) |
|
{ |
|
unsigned long kaddr, kstart; |
|
|
|
/* Initialize the slot */ |
|
kaddr = (unsigned long)kmap_atomic(page); |
|
kstart = kaddr + (vaddr & ~PAGE_MASK); |
|
memcpy((void *)kstart, src, len); |
|
flush_icache_range(kstart, kstart + len); |
|
kunmap_atomic((void *)kaddr); |
|
} |
|
|
|
/** |
|
* uprobe_get_swbp_addr - compute address of swbp given post-swbp regs |
|
* @regs: Reflects the saved state of the task after it has hit a breakpoint |
|
* instruction. |
|
* Return the address of the breakpoint instruction. |
|
* |
|
* This overrides the weak version in kernel/events/uprobes.c. |
|
*/ |
|
unsigned long uprobe_get_swbp_addr(struct pt_regs *regs) |
|
{ |
|
return instruction_pointer(regs); |
|
} |
|
|
|
/* |
|
* See if the instruction can be emulated. |
|
* Returns true if instruction was emulated, false otherwise. |
|
* |
|
* For now we always emulate so this function just returns 0. |
|
*/ |
|
bool arch_uprobe_skip_sstep(struct arch_uprobe *auprobe, struct pt_regs *regs) |
|
{ |
|
return 0; |
|
}
|
|
|