1 /*
2  * arch/arm/kernel/unwind.c
3  *
4  * Copyright (C) 2008 ARM Limited
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18  *
19  *
20  * Stack unwinding support for ARM
21  *
22  * An ARM EABI version of gcc is required to generate the unwind
23  * tables. For information about the structure of the unwind tables,
24  * see "Exception Handling ABI for the ARM Architecture" at:
25  *
26  * http://infocenter.arm.com/help/topic/com.arm.doc.subset.swdev.abi/index.html
27  */
28 
29 #ifndef __CHECKER__
30 #if !defined (__ARM_EABI__)
31 #warning Your compiler does not have EABI support.
32 #warning    ARM unwind is known to compile only with EABI compilers.
33 #warning    Change compiler or disable ARM_UNWIND option.
34 #elif (__GNUC__ == 4 && __GNUC_MINOR__ <= 2) && !defined(__clang__)
35 #warning Your compiler is too buggy; it is known to not compile ARM unwind support.
36 #warning    Change compiler or disable ARM_UNWIND option.
37 #endif
38 #endif /* __CHECKER__ */
39 
40 #include <linux/kernel.h>
41 #include <linux/init.h>
42 #include <linux/export.h>
43 #include <linux/sched.h>
44 #include <linux/slab.h>
45 #include <linux/spinlock.h>
46 #include <linux/list.h>
47 
48 #include <asm/stacktrace.h>
49 #include <asm/traps.h>
50 #include <asm/unwind.h>
51 
52 /* Dummy functions to avoid linker complaints */
__aeabi_unwind_cpp_pr0(void)53 void __aeabi_unwind_cpp_pr0(void)
54 {
55 };
56 EXPORT_SYMBOL(__aeabi_unwind_cpp_pr0);
57 
__aeabi_unwind_cpp_pr1(void)58 void __aeabi_unwind_cpp_pr1(void)
59 {
60 };
61 EXPORT_SYMBOL(__aeabi_unwind_cpp_pr1);
62 
__aeabi_unwind_cpp_pr2(void)63 void __aeabi_unwind_cpp_pr2(void)
64 {
65 };
66 EXPORT_SYMBOL(__aeabi_unwind_cpp_pr2);
67 
68 struct unwind_ctrl_block {
69 	unsigned long vrs[16];		/* virtual register set */
70 	const unsigned long *insn;	/* pointer to the current instructions word */
71 	unsigned long sp_high;		/* highest value of sp allowed */
72 	/*
73 	 * 1 : check for stack overflow for each register pop.
74 	 * 0 : save overhead if there is plenty of stack remaining.
75 	 */
76 	int check_each_pop;
77 	int entries;			/* number of entries left to interpret */
78 	int byte;			/* current byte number in the instructions word */
79 };
80 
81 enum regs {
82 #ifdef CONFIG_THUMB2_KERNEL
83 	FP = 7,
84 #else
85 	FP = 11,
86 #endif
87 	SP = 13,
88 	LR = 14,
89 	PC = 15
90 };
91 
92 extern const struct unwind_idx __start_unwind_idx[];
93 static const struct unwind_idx *__origin_unwind_idx;
94 extern const struct unwind_idx __stop_unwind_idx[];
95 
96 static DEFINE_SPINLOCK(unwind_lock);
97 static LIST_HEAD(unwind_tables);
98 
99 /* Convert a prel31 symbol to an absolute address */
100 #define prel31_to_addr(ptr)				\
101 ({							\
102 	/* sign-extend to 32 bits */			\
103 	long offset = (((long)*(ptr)) << 1) >> 1;	\
104 	(unsigned long)(ptr) + offset;			\
105 })
106 
107 /*
108  * Binary search in the unwind index. The entries are
109  * guaranteed to be sorted in ascending order by the linker.
110  *
111  * start = first entry
112  * origin = first entry with positive offset (or stop if there is no such entry)
113  * stop - 1 = last entry
114  */
search_index(unsigned long addr,const struct unwind_idx * start,const struct unwind_idx * origin,const struct unwind_idx * stop)115 static const struct unwind_idx *search_index(unsigned long addr,
116 				       const struct unwind_idx *start,
117 				       const struct unwind_idx *origin,
118 				       const struct unwind_idx *stop)
119 {
120 	unsigned long addr_prel31;
121 
122 	pr_debug("%s(%08lx, %p, %p, %p)\n",
123 			__func__, addr, start, origin, stop);
124 
125 	/*
126 	 * only search in the section with the matching sign. This way the
127 	 * prel31 numbers can be compared as unsigned longs.
128 	 */
129 	if (addr < (unsigned long)start)
130 		/* negative offsets: [start; origin) */
131 		stop = origin;
132 	else
133 		/* positive offsets: [origin; stop) */
134 		start = origin;
135 
136 	/* prel31 for address relavive to start */
137 	addr_prel31 = (addr - (unsigned long)start) & 0x7fffffff;
138 
139 	while (start < stop - 1) {
140 		const struct unwind_idx *mid = start + ((stop - start) >> 1);
141 
142 		/*
143 		 * As addr_prel31 is relative to start an offset is needed to
144 		 * make it relative to mid.
145 		 */
146 		if (addr_prel31 - ((unsigned long)mid - (unsigned long)start) <
147 				mid->addr_offset)
148 			stop = mid;
149 		else {
150 			/* keep addr_prel31 relative to start */
151 			addr_prel31 -= ((unsigned long)mid -
152 					(unsigned long)start);
153 			start = mid;
154 		}
155 	}
156 
157 	if (likely(start->addr_offset <= addr_prel31))
158 		return start;
159 	else {
160 		pr_warn("unwind: Unknown symbol address %08lx\n", addr);
161 		return NULL;
162 	}
163 }
164 
unwind_find_origin(const struct unwind_idx * start,const struct unwind_idx * stop)165 static const struct unwind_idx *unwind_find_origin(
166 		const struct unwind_idx *start, const struct unwind_idx *stop)
167 {
168 	pr_debug("%s(%p, %p)\n", __func__, start, stop);
169 	while (start < stop) {
170 		const struct unwind_idx *mid = start + ((stop - start) >> 1);
171 
172 		if (mid->addr_offset >= 0x40000000)
173 			/* negative offset */
174 			start = mid + 1;
175 		else
176 			/* positive offset */
177 			stop = mid;
178 	}
179 	pr_debug("%s -> %p\n", __func__, stop);
180 	return stop;
181 }
182 
unwind_find_idx(unsigned long addr)183 static const struct unwind_idx *unwind_find_idx(unsigned long addr)
184 {
185 	const struct unwind_idx *idx = NULL;
186 	unsigned long flags;
187 
188 	pr_debug("%s(%08lx)\n", __func__, addr);
189 
190 	if (core_kernel_text(addr)) {
191 		if (unlikely(!__origin_unwind_idx))
192 			__origin_unwind_idx =
193 				unwind_find_origin(__start_unwind_idx,
194 						__stop_unwind_idx);
195 
196 		/* main unwind table */
197 		idx = search_index(addr, __start_unwind_idx,
198 				   __origin_unwind_idx,
199 				   __stop_unwind_idx);
200 	} else {
201 		/* module unwind tables */
202 		struct unwind_table *table;
203 
204 		spin_lock_irqsave(&unwind_lock, flags);
205 		list_for_each_entry(table, &unwind_tables, list) {
206 			if (addr >= table->begin_addr &&
207 			    addr < table->end_addr) {
208 				idx = search_index(addr, table->start,
209 						   table->origin,
210 						   table->stop);
211 				/* Move-to-front to exploit common traces */
212 				list_move(&table->list, &unwind_tables);
213 				break;
214 			}
215 		}
216 		spin_unlock_irqrestore(&unwind_lock, flags);
217 	}
218 
219 	pr_debug("%s: idx = %p\n", __func__, idx);
220 	return idx;
221 }
222 
unwind_get_byte(struct unwind_ctrl_block * ctrl)223 static unsigned long unwind_get_byte(struct unwind_ctrl_block *ctrl)
224 {
225 	unsigned long ret;
226 
227 	if (ctrl->entries <= 0) {
228 		pr_warn("unwind: Corrupt unwind table\n");
229 		return 0;
230 	}
231 
232 	ret = (*ctrl->insn >> (ctrl->byte * 8)) & 0xff;
233 
234 	if (ctrl->byte == 0) {
235 		ctrl->insn++;
236 		ctrl->entries--;
237 		ctrl->byte = 3;
238 	} else
239 		ctrl->byte--;
240 
241 	return ret;
242 }
243 
244 /* Before poping a register check whether it is feasible or not */
unwind_pop_register(struct unwind_ctrl_block * ctrl,unsigned long ** vsp,unsigned int reg)245 static int unwind_pop_register(struct unwind_ctrl_block *ctrl,
246 				unsigned long **vsp, unsigned int reg)
247 {
248 	if (unlikely(ctrl->check_each_pop))
249 		if (*vsp >= (unsigned long *)ctrl->sp_high)
250 			return -URC_FAILURE;
251 
252 	ctrl->vrs[reg] = *(*vsp)++;
253 	return URC_OK;
254 }
255 
256 /* Helper functions to execute the instructions */
unwind_exec_pop_subset_r4_to_r13(struct unwind_ctrl_block * ctrl,unsigned long mask)257 static int unwind_exec_pop_subset_r4_to_r13(struct unwind_ctrl_block *ctrl,
258 						unsigned long mask)
259 {
260 	unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
261 	int load_sp, reg = 4;
262 
263 	load_sp = mask & (1 << (13 - 4));
264 	while (mask) {
265 		if (mask & 1)
266 			if (unwind_pop_register(ctrl, &vsp, reg))
267 				return -URC_FAILURE;
268 		mask >>= 1;
269 		reg++;
270 	}
271 	if (!load_sp)
272 		ctrl->vrs[SP] = (unsigned long)vsp;
273 
274 	return URC_OK;
275 }
276 
unwind_exec_pop_r4_to_rN(struct unwind_ctrl_block * ctrl,unsigned long insn)277 static int unwind_exec_pop_r4_to_rN(struct unwind_ctrl_block *ctrl,
278 					unsigned long insn)
279 {
280 	unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
281 	int reg;
282 
283 	/* pop R4-R[4+bbb] */
284 	for (reg = 4; reg <= 4 + (insn & 7); reg++)
285 		if (unwind_pop_register(ctrl, &vsp, reg))
286 				return -URC_FAILURE;
287 
288 	if (insn & 0x8)
289 		if (unwind_pop_register(ctrl, &vsp, 14))
290 				return -URC_FAILURE;
291 
292 	ctrl->vrs[SP] = (unsigned long)vsp;
293 
294 	return URC_OK;
295 }
296 
unwind_exec_pop_subset_r0_to_r3(struct unwind_ctrl_block * ctrl,unsigned long mask)297 static int unwind_exec_pop_subset_r0_to_r3(struct unwind_ctrl_block *ctrl,
298 						unsigned long mask)
299 {
300 	unsigned long *vsp = (unsigned long *)ctrl->vrs[SP];
301 	int reg = 0;
302 
303 	/* pop R0-R3 according to mask */
304 	while (mask) {
305 		if (mask & 1)
306 			if (unwind_pop_register(ctrl, &vsp, reg))
307 				return -URC_FAILURE;
308 		mask >>= 1;
309 		reg++;
310 	}
311 	ctrl->vrs[SP] = (unsigned long)vsp;
312 
313 	return URC_OK;
314 }
315 
316 /*
317  * Execute the current unwind instruction.
318  */
unwind_exec_insn(struct unwind_ctrl_block * ctrl)319 static int unwind_exec_insn(struct unwind_ctrl_block *ctrl)
320 {
321 	unsigned long insn = unwind_get_byte(ctrl);
322 	int ret = URC_OK;
323 
324 	pr_debug("%s: insn = %08lx\n", __func__, insn);
325 
326 	if ((insn & 0xc0) == 0x00)
327 		ctrl->vrs[SP] += ((insn & 0x3f) << 2) + 4;
328 	else if ((insn & 0xc0) == 0x40)
329 		ctrl->vrs[SP] -= ((insn & 0x3f) << 2) + 4;
330 	else if ((insn & 0xf0) == 0x80) {
331 		unsigned long mask;
332 
333 		insn = (insn << 8) | unwind_get_byte(ctrl);
334 		mask = insn & 0x0fff;
335 		if (mask == 0) {
336 			pr_warn("unwind: 'Refuse to unwind' instruction %04lx\n",
337 				insn);
338 			return -URC_FAILURE;
339 		}
340 
341 		ret = unwind_exec_pop_subset_r4_to_r13(ctrl, mask);
342 		if (ret)
343 			goto error;
344 	} else if ((insn & 0xf0) == 0x90 &&
345 		   (insn & 0x0d) != 0x0d)
346 		ctrl->vrs[SP] = ctrl->vrs[insn & 0x0f];
347 	else if ((insn & 0xf0) == 0xa0) {
348 		ret = unwind_exec_pop_r4_to_rN(ctrl, insn);
349 		if (ret)
350 			goto error;
351 	} else if (insn == 0xb0) {
352 		if (ctrl->vrs[PC] == 0)
353 			ctrl->vrs[PC] = ctrl->vrs[LR];
354 		/* no further processing */
355 		ctrl->entries = 0;
356 	} else if (insn == 0xb1) {
357 		unsigned long mask = unwind_get_byte(ctrl);
358 
359 		if (mask == 0 || mask & 0xf0) {
360 			pr_warn("unwind: Spare encoding %04lx\n",
361 				(insn << 8) | mask);
362 			return -URC_FAILURE;
363 		}
364 
365 		ret = unwind_exec_pop_subset_r0_to_r3(ctrl, mask);
366 		if (ret)
367 			goto error;
368 	} else if (insn == 0xb2) {
369 		unsigned long uleb128 = unwind_get_byte(ctrl);
370 
371 		ctrl->vrs[SP] += 0x204 + (uleb128 << 2);
372 	} else {
373 		pr_warn("unwind: Unhandled instruction %02lx\n", insn);
374 		return -URC_FAILURE;
375 	}
376 
377 	pr_debug("%s: fp = %08lx sp = %08lx lr = %08lx pc = %08lx\n", __func__,
378 		 ctrl->vrs[FP], ctrl->vrs[SP], ctrl->vrs[LR], ctrl->vrs[PC]);
379 
380 error:
381 	return ret;
382 }
383 
384 /*
385  * Unwind a single frame starting with *sp for the symbol at *pc. It
386  * updates the *pc and *sp with the new values.
387  */
unwind_frame(struct stackframe * frame)388 int unwind_frame(struct stackframe *frame)
389 {
390 	unsigned long low;
391 	const struct unwind_idx *idx;
392 	struct unwind_ctrl_block ctrl;
393 
394 	/* store the highest address on the stack to avoid crossing it*/
395 	low = frame->sp;
396 	ctrl.sp_high = ALIGN(low, THREAD_SIZE);
397 
398 	pr_debug("%s(pc = %08lx lr = %08lx sp = %08lx)\n", __func__,
399 		 frame->pc, frame->lr, frame->sp);
400 
401 	if (!kernel_text_address(frame->pc))
402 		return -URC_FAILURE;
403 
404 	idx = unwind_find_idx(frame->pc);
405 	if (!idx) {
406 		pr_warn("unwind: Index not found %08lx\n", frame->pc);
407 		return -URC_FAILURE;
408 	}
409 
410 	ctrl.vrs[FP] = frame->fp;
411 	ctrl.vrs[SP] = frame->sp;
412 	ctrl.vrs[LR] = frame->lr;
413 	ctrl.vrs[PC] = 0;
414 
415 	if (idx->insn == 1)
416 		/* can't unwind */
417 		return -URC_FAILURE;
418 	else if ((idx->insn & 0x80000000) == 0)
419 		/* prel31 to the unwind table */
420 		ctrl.insn = (unsigned long *)prel31_to_addr(&idx->insn);
421 	else if ((idx->insn & 0xff000000) == 0x80000000)
422 		/* only personality routine 0 supported in the index */
423 		ctrl.insn = &idx->insn;
424 	else {
425 		pr_warn("unwind: Unsupported personality routine %08lx in the index at %p\n",
426 			idx->insn, idx);
427 		return -URC_FAILURE;
428 	}
429 
430 	/* check the personality routine */
431 	if ((*ctrl.insn & 0xff000000) == 0x80000000) {
432 		ctrl.byte = 2;
433 		ctrl.entries = 1;
434 	} else if ((*ctrl.insn & 0xff000000) == 0x81000000) {
435 		ctrl.byte = 1;
436 		ctrl.entries = 1 + ((*ctrl.insn & 0x00ff0000) >> 16);
437 	} else {
438 		pr_warn("unwind: Unsupported personality routine %08lx at %p\n",
439 			*ctrl.insn, ctrl.insn);
440 		return -URC_FAILURE;
441 	}
442 
443 	ctrl.check_each_pop = 0;
444 
445 	while (ctrl.entries > 0) {
446 		int urc;
447 		if ((ctrl.sp_high - ctrl.vrs[SP]) < sizeof(ctrl.vrs))
448 			ctrl.check_each_pop = 1;
449 		urc = unwind_exec_insn(&ctrl);
450 		if (urc < 0)
451 			return urc;
452 		if (ctrl.vrs[SP] < low || ctrl.vrs[SP] >= ctrl.sp_high)
453 			return -URC_FAILURE;
454 	}
455 
456 	if (ctrl.vrs[PC] == 0)
457 		ctrl.vrs[PC] = ctrl.vrs[LR];
458 
459 	/* check for infinite loop */
460 	if (frame->pc == ctrl.vrs[PC])
461 		return -URC_FAILURE;
462 
463 	frame->fp = ctrl.vrs[FP];
464 	frame->sp = ctrl.vrs[SP];
465 	frame->lr = ctrl.vrs[LR];
466 	frame->pc = ctrl.vrs[PC];
467 
468 	return URC_OK;
469 }
470 
unwind_backtrace(struct pt_regs * regs,struct task_struct * tsk)471 void unwind_backtrace(struct pt_regs *regs, struct task_struct *tsk)
472 {
473 	struct stackframe frame;
474 
475 	pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk);
476 
477 	if (!tsk)
478 		tsk = current;
479 
480 	if (regs) {
481 		arm_get_current_stackframe(regs, &frame);
482 		/* PC might be corrupted, use LR in that case. */
483 		if (!kernel_text_address(regs->ARM_pc))
484 			frame.pc = regs->ARM_lr;
485 	} else if (tsk == current) {
486 		frame.fp = (unsigned long)__builtin_frame_address(0);
487 		frame.sp = current_stack_pointer;
488 		frame.lr = (unsigned long)__builtin_return_address(0);
489 		frame.pc = (unsigned long)unwind_backtrace;
490 	} else {
491 		/* task blocked in __switch_to */
492 		frame.fp = thread_saved_fp(tsk);
493 		frame.sp = thread_saved_sp(tsk);
494 		/*
495 		 * The function calling __switch_to cannot be a leaf function
496 		 * so LR is recovered from the stack.
497 		 */
498 		frame.lr = 0;
499 		frame.pc = thread_saved_pc(tsk);
500 	}
501 
502 	while (1) {
503 		int urc;
504 		unsigned long where = frame.pc;
505 
506 		urc = unwind_frame(&frame);
507 		if (urc < 0)
508 			break;
509 		dump_backtrace_entry(where, frame.pc, frame.sp - 4);
510 	}
511 }
512 
unwind_table_add(unsigned long start,unsigned long size,unsigned long text_addr,unsigned long text_size)513 struct unwind_table *unwind_table_add(unsigned long start, unsigned long size,
514 				      unsigned long text_addr,
515 				      unsigned long text_size)
516 {
517 	unsigned long flags;
518 	struct unwind_table *tab = kmalloc(sizeof(*tab), GFP_KERNEL);
519 
520 	pr_debug("%s(%08lx, %08lx, %08lx, %08lx)\n", __func__, start, size,
521 		 text_addr, text_size);
522 
523 	if (!tab)
524 		return tab;
525 
526 	tab->start = (const struct unwind_idx *)start;
527 	tab->stop = (const struct unwind_idx *)(start + size);
528 	tab->origin = unwind_find_origin(tab->start, tab->stop);
529 	tab->begin_addr = text_addr;
530 	tab->end_addr = text_addr + text_size;
531 
532 	spin_lock_irqsave(&unwind_lock, flags);
533 	list_add_tail(&tab->list, &unwind_tables);
534 	spin_unlock_irqrestore(&unwind_lock, flags);
535 
536 	return tab;
537 }
538 
unwind_table_del(struct unwind_table * tab)539 void unwind_table_del(struct unwind_table *tab)
540 {
541 	unsigned long flags;
542 
543 	if (!tab)
544 		return;
545 
546 	spin_lock_irqsave(&unwind_lock, flags);
547 	list_del(&tab->list);
548 	spin_unlock_irqrestore(&unwind_lock, flags);
549 
550 	kfree(tab);
551 }
552