arch/riscv/kernel/probes/kprobes.c

root/arch/riscv/kernel/probes/kprobes.c
// SPDX-License-Identifier: GPL-2.0+

#define pr_fmt(fmt) "kprobes: " fmt

#include <linux/kprobes.h>
#include <linux/extable.h>
#include <linux/slab.h>
#include <linux/stop_machine.h>
#include <linux/vmalloc.h>
#include <asm/ptrace.h>
#include <linux/uaccess.h>
#include <asm/sections.h>
#include <asm/cacheflush.h>
#include <asm/bug.h>
#include <asm/text-patching.h>

#include "decode-insn.h"

DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);

static void __kprobes
post_kprobe_handler(struct kprobe *, struct kprobe_ctlblk *, struct pt_regs *);

static void __kprobes arch_prepare_ss_slot(struct kprobe *p)
{
        size_t len = GET_INSN_LENGTH(p->opcode);
        u32 insn = __BUG_INSN_32;

        p->ainsn.api.restore = (unsigned long)p->addr + len;

        patch_text_nosync(p->ainsn.api.insn, &p->opcode, len);
        patch_text_nosync((void *)p->ainsn.api.insn + len, &insn, GET_INSN_LENGTH(insn));
}

static void __kprobes arch_prepare_simulate(struct kprobe *p)
{
        p->ainsn.api.restore = 0;
}

static void __kprobes arch_simulate_insn(struct kprobe *p, struct pt_regs *regs)
{
        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();

        if (p->ainsn.api.handler)
                p->ainsn.api.handler((u32)p->opcode,
                                        (unsigned long)p->addr, regs);

        post_kprobe_handler(p, kcb, regs);
}

static bool __kprobes arch_check_kprobe(unsigned long addr)
{
        unsigned long tmp, offset;

        /* start iterating at the closest preceding symbol */
        if (!kallsyms_lookup_size_offset(addr, NULL, &offset))
                return false;

        tmp = addr - offset;

        while (tmp <= addr) {
                if (tmp == addr)
                        return true;

                tmp += GET_INSN_LENGTH(*(u16 *)tmp);
        }

        return false;
}

int __kprobes arch_prepare_kprobe(struct kprobe *p)
{
        u16 *insn = (u16 *)p->addr;

        if ((unsigned long)insn & 0x1)
                return -EILSEQ;

        if (!arch_check_kprobe((unsigned long)p->addr))
                return -EILSEQ;

        /* copy instruction */
        p->opcode = (kprobe_opcode_t)(*insn++);
        if (GET_INSN_LENGTH(p->opcode) == 4)
                p->opcode |= (kprobe_opcode_t)(*insn) << 16;

        /* decode instruction */
        switch (riscv_probe_decode_insn(p->addr, &p->ainsn.api)) {
        case INSN_REJECTED:     /* insn not supported */
                return -EINVAL;

        case INSN_GOOD_NO_SLOT: /* insn need simulation */
                p->ainsn.api.insn = NULL;
                break;

        case INSN_GOOD: /* instruction uses slot */
                p->ainsn.api.insn = get_insn_slot();
                if (!p->ainsn.api.insn)
                        return -ENOMEM;
                break;
        }

        /* prepare the instruction */
        if (p->ainsn.api.insn)
                arch_prepare_ss_slot(p);
        else
                arch_prepare_simulate(p);

        return 0;
}

/* install breakpoint in text */
void __kprobes arch_arm_kprobe(struct kprobe *p)
{
        size_t len = GET_INSN_LENGTH(p->opcode);
        u32 insn = len == 4 ? __BUG_INSN_32 : __BUG_INSN_16;

        patch_text(p->addr, &insn, len);
}

/* remove breakpoint from text */
void __kprobes arch_disarm_kprobe(struct kprobe *p)
{
        size_t len = GET_INSN_LENGTH(p->opcode);

        patch_text(p->addr, &p->opcode, len);
}

void __kprobes arch_remove_kprobe(struct kprobe *p)
{
}

static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
{
        kcb->prev_kprobe.kp = kprobe_running();
        kcb->prev_kprobe.status = kcb->kprobe_status;
}

static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
{
        __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
        kcb->kprobe_status = kcb->prev_kprobe.status;
}

static void __kprobes set_current_kprobe(struct kprobe *p)
{
        __this_cpu_write(current_kprobe, p);
}

/*
 * Interrupts need to be disabled before single-step mode is set, and not
 * reenabled until after single-step mode ends.
 * Without disabling interrupt on local CPU, there is a chance of
 * interrupt occurrence in the period of exception return and  start of
 * out-of-line single-step, that result in wrongly single stepping
 * into the interrupt handler.
 */
static void __kprobes kprobes_save_local_irqflag(struct kprobe_ctlblk *kcb,
                                                struct pt_regs *regs)
{
        kcb->saved_status = regs->status;
        regs->status &= ~SR_SPIE;
}

static void __kprobes kprobes_restore_local_irqflag(struct kprobe_ctlblk *kcb,
                                                struct pt_regs *regs)
{
        regs->status = kcb->saved_status;
}

static void __kprobes setup_singlestep(struct kprobe *p,
                                       struct pt_regs *regs,
                                       struct kprobe_ctlblk *kcb, int reenter)
{
        unsigned long slot;

        if (reenter) {
                save_previous_kprobe(kcb);
                set_current_kprobe(p);
                kcb->kprobe_status = KPROBE_REENTER;
        } else {
                kcb->kprobe_status = KPROBE_HIT_SS;
        }

        if (p->ainsn.api.insn) {
                /* prepare for single stepping */
                slot = (unsigned long)p->ainsn.api.insn;

                /* IRQs and single stepping do not mix well. */
                kprobes_save_local_irqflag(kcb, regs);

                instruction_pointer_set(regs, slot);
        } else {
                /* insn simulation */
                arch_simulate_insn(p, regs);
        }
}

static int __kprobes reenter_kprobe(struct kprobe *p,
                                    struct pt_regs *regs,
                                    struct kprobe_ctlblk *kcb)
{
        switch (kcb->kprobe_status) {
        case KPROBE_HIT_SSDONE:
        case KPROBE_HIT_ACTIVE:
                kprobes_inc_nmissed_count(p);
                setup_singlestep(p, regs, kcb, 1);
                break;
        case KPROBE_HIT_SS:
        case KPROBE_REENTER:
                pr_warn("Failed to recover from reentered kprobes.\n");
                dump_kprobe(p);
                BUG();
                break;
        default:
                WARN_ON(1);
                return 0;
        }

        return 1;
}

static void __kprobes
post_kprobe_handler(struct kprobe *cur, struct kprobe_ctlblk *kcb, struct pt_regs *regs)
{
        /* return addr restore if non-branching insn */
        if (cur->ainsn.api.restore != 0)
                regs->epc = cur->ainsn.api.restore;

        /* restore back original saved kprobe variables and continue */
        if (kcb->kprobe_status == KPROBE_REENTER) {
                restore_previous_kprobe(kcb);
                return;
        }

        /* call post handler */
        kcb->kprobe_status = KPROBE_HIT_SSDONE;
        if (cur->post_handler)  {
                /* post_handler can hit breakpoint and single step
                 * again, so we enable D-flag for recursive exception.
                 */
                cur->post_handler(cur, regs, 0);
        }

        reset_current_kprobe();
}

int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int trapnr)
{
        struct kprobe *cur = kprobe_running();
        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();

        switch (kcb->kprobe_status) {
        case KPROBE_HIT_SS:
        case KPROBE_REENTER:
                /*
                 * We are here because the instruction being single
                 * stepped caused a page fault. We reset the current
                 * kprobe and the ip points back to the probe address
                 * and allow the page fault handler to continue as a
                 * normal page fault.
                 */
                regs->epc = (unsigned long) cur->addr;
                BUG_ON(!instruction_pointer(regs));

                if (kcb->kprobe_status == KPROBE_REENTER)
                        restore_previous_kprobe(kcb);
                else {
                        kprobes_restore_local_irqflag(kcb, regs);
                        reset_current_kprobe();
                }

                break;
        case KPROBE_HIT_ACTIVE:
        case KPROBE_HIT_SSDONE:
                /*
                 * In case the user-specified fault handler returned
                 * zero, try to fix up.
                 */
                if (fixup_exception(regs))
                        return 1;
        }
        return 0;
}

bool __kprobes
kprobe_breakpoint_handler(struct pt_regs *regs)
{
        struct kprobe *p, *cur_kprobe;
        struct kprobe_ctlblk *kcb;
        unsigned long addr = instruction_pointer(regs);

        kcb = get_kprobe_ctlblk();
        cur_kprobe = kprobe_running();

        p = get_kprobe((kprobe_opcode_t *) addr);

        if (p) {
                if (cur_kprobe) {
                        if (reenter_kprobe(p, regs, kcb))
                                return true;
                } else {
                        /* Probe hit */
                        set_current_kprobe(p);
                        kcb->kprobe_status = KPROBE_HIT_ACTIVE;

                        /*
                         * If we have no pre-handler or it returned 0, we
                         * continue with normal processing.  If we have a
                         * pre-handler and it returned non-zero, it will
                         * modify the execution path and no need to single
                         * stepping. Let's just reset current kprobe and exit.
                         *
                         * pre_handler can hit a breakpoint and can step thru
                         * before return.
                         */
                        if (!p->pre_handler || !p->pre_handler(p, regs))
                                setup_singlestep(p, regs, kcb, 0);
                        else
                                reset_current_kprobe();
                }
                return true;
        }

        /*
         * The breakpoint instruction was removed right
         * after we hit it.  Another cpu has removed
         * either a probepoint or a debugger breakpoint
         * at this address.  In either case, no further
         * handling of this interrupt is appropriate.
         * Return back to original instruction, and continue.
         */
        return false;
}

bool __kprobes
kprobe_single_step_handler(struct pt_regs *regs)
{
        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
        unsigned long addr = instruction_pointer(regs);
        struct kprobe *cur = kprobe_running();

        if (cur && (kcb->kprobe_status & (KPROBE_HIT_SS | KPROBE_REENTER)) &&
            ((unsigned long)&cur->ainsn.api.insn[0] + GET_INSN_LENGTH(cur->opcode) == addr)) {
                kprobes_restore_local_irqflag(kcb, regs);
                post_kprobe_handler(cur, kcb, regs);
                return true;
        }
        /* not ours, kprobes should ignore it */
        return false;
}

/*
 * Provide a blacklist of symbols identifying ranges which cannot be kprobed.
 * This blacklist is exposed to userspace via debugfs (kprobes/blacklist).
 */
int __init arch_populate_kprobe_blacklist(void)
{
        int ret;

        ret = kprobe_add_area_blacklist((unsigned long)__irqentry_text_start,
                                        (unsigned long)__irqentry_text_end);
        return ret;
}

int __kprobes arch_trampoline_kprobe(struct kprobe *p)
{
        return 0;
}

int __init arch_init_kprobes(void)
{
        return 0;
}
Linux
