1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * arch/parisc/kernel/kprobes.c
4  *
5  * PA-RISC kprobes implementation
6  *
7  * Copyright (c) 2019 Sven Schnelle <svens@stackframe.org>
8  */
9 
10 #include <linux/types.h>
11 #include <linux/kprobes.h>
12 #include <linux/slab.h>
13 #include <asm/cacheflush.h>
14 #include <asm/patch.h>
15 
16 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
17 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
18 
arch_prepare_kprobe(struct kprobe * p)19 int __kprobes arch_prepare_kprobe(struct kprobe *p)
20 {
21 	if ((unsigned long)p->addr & 3UL)
22 		return -EINVAL;
23 
24 	p->ainsn.insn = get_insn_slot();
25 	if (!p->ainsn.insn)
26 		return -ENOMEM;
27 
28 	memcpy(p->ainsn.insn, p->addr,
29 		MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
30 	p->opcode = *p->addr;
31 	flush_insn_slot(p);
32 	return 0;
33 }
34 
arch_remove_kprobe(struct kprobe * p)35 void __kprobes arch_remove_kprobe(struct kprobe *p)
36 {
37 	if (!p->ainsn.insn)
38 		return;
39 
40 	free_insn_slot(p->ainsn.insn, 0);
41 	p->ainsn.insn = NULL;
42 }
43 
arch_arm_kprobe(struct kprobe * p)44 void __kprobes arch_arm_kprobe(struct kprobe *p)
45 {
46 	patch_text(p->addr, PARISC_KPROBES_BREAK_INSN);
47 }
48 
arch_disarm_kprobe(struct kprobe * p)49 void __kprobes arch_disarm_kprobe(struct kprobe *p)
50 {
51 	patch_text(p->addr, p->opcode);
52 }
53 
save_previous_kprobe(struct kprobe_ctlblk * kcb)54 static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
55 {
56 	kcb->prev_kprobe.kp = kprobe_running();
57 	kcb->prev_kprobe.status = kcb->kprobe_status;
58 }
59 
restore_previous_kprobe(struct kprobe_ctlblk * kcb)60 static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
61 {
62 	__this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
63 	kcb->kprobe_status = kcb->prev_kprobe.status;
64 }
65 
set_current_kprobe(struct kprobe * p)66 static inline void __kprobes set_current_kprobe(struct kprobe *p)
67 {
68 	__this_cpu_write(current_kprobe, p);
69 }
70 
setup_singlestep(struct kprobe * p,struct kprobe_ctlblk * kcb,struct pt_regs * regs)71 static void __kprobes setup_singlestep(struct kprobe *p,
72 		struct kprobe_ctlblk *kcb, struct pt_regs *regs)
73 {
74 	kcb->iaoq[0] = regs->iaoq[0];
75 	kcb->iaoq[1] = regs->iaoq[1];
76 	regs->iaoq[0] = (unsigned long)p->ainsn.insn;
77 	mtctl(0, 0);
78 	regs->gr[0] |= PSW_R;
79 }
80 
parisc_kprobe_break_handler(struct pt_regs * regs)81 int __kprobes parisc_kprobe_break_handler(struct pt_regs *regs)
82 {
83 	struct kprobe *p;
84 	struct kprobe_ctlblk *kcb;
85 
86 	preempt_disable();
87 
88 	kcb = get_kprobe_ctlblk();
89 	p = get_kprobe((unsigned long *)regs->iaoq[0]);
90 
91 	if (!p) {
92 		preempt_enable_no_resched();
93 		return 0;
94 	}
95 
96 	if (kprobe_running()) {
97 		/*
98 		 * We have reentered the kprobe_handler, since another kprobe
99 		 * was hit while within the handler, we save the original
100 		 * kprobes and single step on the instruction of the new probe
101 		 * without calling any user handlers to avoid recursive
102 		 * kprobes.
103 		 */
104 		save_previous_kprobe(kcb);
105 		set_current_kprobe(p);
106 		kprobes_inc_nmissed_count(p);
107 		setup_singlestep(p, kcb, regs);
108 		kcb->kprobe_status = KPROBE_REENTER;
109 		return 1;
110 	}
111 
112 	set_current_kprobe(p);
113 	kcb->kprobe_status = KPROBE_HIT_ACTIVE;
114 
115 	/* If we have no pre-handler or it returned 0, we continue with
116 	 * normal processing. If we have a pre-handler and it returned
117 	 * non-zero - which means user handler setup registers to exit
118 	 * to another instruction, we must skip the single stepping.
119 	 */
120 
121 	if (!p->pre_handler || !p->pre_handler(p, regs)) {
122 		setup_singlestep(p, kcb, regs);
123 		kcb->kprobe_status = KPROBE_HIT_SS;
124 	} else {
125 		reset_current_kprobe();
126 		preempt_enable_no_resched();
127 	}
128 	return 1;
129 }
130 
parisc_kprobe_ss_handler(struct pt_regs * regs)131 int __kprobes parisc_kprobe_ss_handler(struct pt_regs *regs)
132 {
133 	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
134 	struct kprobe *p = kprobe_running();
135 
136 	if (!p)
137 		return 0;
138 
139 	if (regs->iaoq[0] != (unsigned long)p->ainsn.insn+4)
140 		return 0;
141 
142 	/* restore back original saved kprobe variables and continue */
143 	if (kcb->kprobe_status == KPROBE_REENTER) {
144 		restore_previous_kprobe(kcb);
145 		return 1;
146 	}
147 
148 	/* for absolute branch instructions we can copy iaoq_b. for relative
149 	 * branch instructions we need to calculate the new address based on the
150 	 * difference between iaoq_f and iaoq_b. We cannot use iaoq_b without
151 	 * modificationt because it's based on our ainsn.insn address.
152 	 */
153 
154 	if (p->post_handler)
155 		p->post_handler(p, regs, 0);
156 
157 	switch (regs->iir >> 26) {
158 	case 0x38: /* BE */
159 	case 0x39: /* BE,L */
160 	case 0x3a: /* BV */
161 	case 0x3b: /* BVE */
162 		/* for absolute branches, regs->iaoq[1] has already the right
163 		 * address
164 		 */
165 		regs->iaoq[0] = kcb->iaoq[1];
166 		break;
167 	default:
168 		regs->iaoq[1] = kcb->iaoq[0];
169 		regs->iaoq[1] += (regs->iaoq[1] - regs->iaoq[0]) + 4;
170 		regs->iaoq[0] = kcb->iaoq[1];
171 		break;
172 	}
173 	kcb->kprobe_status = KPROBE_HIT_SSDONE;
174 	reset_current_kprobe();
175 	return 1;
176 }
177 
kretprobe_trampoline(void)178 static inline void kretprobe_trampoline(void)
179 {
180 	asm volatile("nop");
181 	asm volatile("nop");
182 }
183 
184 static int __kprobes trampoline_probe_handler(struct kprobe *p,
185 					      struct pt_regs *regs);
186 
187 static struct kprobe trampoline_p = {
188 	.pre_handler = trampoline_probe_handler
189 };
190 
trampoline_probe_handler(struct kprobe * p,struct pt_regs * regs)191 static int __kprobes trampoline_probe_handler(struct kprobe *p,
192 					      struct pt_regs *regs)
193 {
194 	struct kretprobe_instance *ri = NULL;
195 	struct hlist_head *head, empty_rp;
196 	struct hlist_node *tmp;
197 	unsigned long flags, orig_ret_address = 0;
198 	unsigned long trampoline_address = (unsigned long)trampoline_p.addr;
199 	kprobe_opcode_t *correct_ret_addr = NULL;
200 
201 	INIT_HLIST_HEAD(&empty_rp);
202 	kretprobe_hash_lock(current, &head, &flags);
203 
204 	/*
205 	 * It is possible to have multiple instances associated with a given
206 	 * task either because multiple functions in the call path have
207 	 * a return probe installed on them, and/or more than one return
208 	 * probe was registered for a target function.
209 	 *
210 	 * We can handle this because:
211 	 *     - instances are always inserted at the head of the list
212 	 *     - when multiple return probes are registered for the same
213 	 *       function, the first instance's ret_addr will point to the
214 	 *       real return address, and all the rest will point to
215 	 *       kretprobe_trampoline
216 	 */
217 	hlist_for_each_entry_safe(ri, tmp, head, hlist) {
218 		if (ri->task != current)
219 			/* another task is sharing our hash bucket */
220 			continue;
221 
222 		orig_ret_address = (unsigned long)ri->ret_addr;
223 
224 		if (orig_ret_address != trampoline_address)
225 			/*
226 			 * This is the real return address. Any other
227 			 * instances associated with this task are for
228 			 * other calls deeper on the call stack
229 			 */
230 			break;
231 	}
232 
233 	kretprobe_assert(ri, orig_ret_address, trampoline_address);
234 
235 	correct_ret_addr = ri->ret_addr;
236 	hlist_for_each_entry_safe(ri, tmp, head, hlist) {
237 		if (ri->task != current)
238 			/* another task is sharing our hash bucket */
239 			continue;
240 
241 		orig_ret_address = (unsigned long)ri->ret_addr;
242 		if (ri->rp && ri->rp->handler) {
243 			__this_cpu_write(current_kprobe, &ri->rp->kp);
244 			get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE;
245 			ri->ret_addr = correct_ret_addr;
246 			ri->rp->handler(ri, regs);
247 			__this_cpu_write(current_kprobe, NULL);
248 		}
249 
250 		recycle_rp_inst(ri, &empty_rp);
251 
252 		if (orig_ret_address != trampoline_address)
253 			/*
254 			 * This is the real return address. Any other
255 			 * instances associated with this task are for
256 			 * other calls deeper on the call stack
257 			 */
258 			break;
259 	}
260 
261 	kretprobe_hash_unlock(current, &flags);
262 
263 	hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
264 		hlist_del(&ri->hlist);
265 		kfree(ri);
266 	}
267 	instruction_pointer_set(regs, orig_ret_address);
268 	return 1;
269 }
270 
arch_prepare_kretprobe(struct kretprobe_instance * ri,struct pt_regs * regs)271 void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
272 				      struct pt_regs *regs)
273 {
274 	ri->ret_addr = (kprobe_opcode_t *)regs->gr[2];
275 
276 	/* Replace the return addr with trampoline addr. */
277 	regs->gr[2] = (unsigned long)trampoline_p.addr;
278 }
279 
arch_trampoline_kprobe(struct kprobe * p)280 int __kprobes arch_trampoline_kprobe(struct kprobe *p)
281 {
282 	return p->addr == trampoline_p.addr;
283 }
284 
arch_init_kprobes(void)285 int __init arch_init_kprobes(void)
286 {
287 	trampoline_p.addr = (kprobe_opcode_t *)
288 		dereference_function_descriptor(kretprobe_trampoline);
289 	return register_kprobe(&trampoline_p);
290 }
291