LXR linux/arch/ia64/kernel/kprobes.c

   1/*
   2 *  Kernel Probes (KProbes)
   3 *  arch/ia64/kernel/kprobes.c
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License as published by
   7 * the Free Software Foundation; either version 2 of the License, or
   8 * (at your option) any later version.
   9 *
  10 * This program is distributed in the hope that it will be useful,
  11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13 * GNU General Public License for more details.
  14 *
  15 * You should have received a copy of the GNU General Public License
  16 * along with this program; if not, write to the Free Software
  17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  18 *
  19 * Copyright (C) IBM Corporation, 2002, 2004
  20 * Copyright (C) Intel Corporation, 2005
  21 *
  22 * 2005-Apr     Rusty Lynch <rusty.lynch@intel.com> and Anil S Keshavamurthy
  23 *              <anil.s.keshavamurthy@intel.com> adapted from i386
  24 */
  25
  26#include <linux/kprobes.h>
  27#include <linux/ptrace.h>
  28#include <linux/string.h>
  29#include <linux/slab.h>
  30#include <linux/preempt.h>
  31#include <linux/moduleloader.h>
  32#include <linux/kdebug.h>
  33
  34#include <asm/pgtable.h>
  35#include <asm/sections.h>
  36#include <asm/uaccess.h>
  37
  38extern void jprobe_inst_return(void);
  39
  40DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
  41DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
  42
  43struct kretprobe_blackpoint kretprobe_blacklist[] = {{NULL, NULL}};
  44
  45enum instruction_type {A, I, M, F, B, L, X, u};
  46static enum instruction_type bundle_encoding[32][3] = {
  47  { M, I, I },                          /* 00 */
  48  { M, I, I },                          /* 01 */
  49  { M, I, I },                          /* 02 */
  50  { M, I, I },                          /* 03 */
  51  { M, L, X },                          /* 04 */
  52  { M, L, X },                          /* 05 */
  53  { u, u, u },                          /* 06 */
  54  { u, u, u },                          /* 07 */
  55  { M, M, I },                          /* 08 */
  56  { M, M, I },                          /* 09 */
  57  { M, M, I },                          /* 0A */
  58  { M, M, I },                          /* 0B */
  59  { M, F, I },                          /* 0C */
  60  { M, F, I },                          /* 0D */
  61  { M, M, F },                          /* 0E */
  62  { M, M, F },                          /* 0F */
  63  { M, I, B },                          /* 10 */
  64  { M, I, B },                          /* 11 */
  65  { M, B, B },                          /* 12 */
  66  { M, B, B },                          /* 13 */
  67  { u, u, u },                          /* 14 */
  68  { u, u, u },                          /* 15 */
  69  { B, B, B },                          /* 16 */
  70  { B, B, B },                          /* 17 */
  71  { M, M, B },                          /* 18 */
  72  { M, M, B },                          /* 19 */
  73  { u, u, u },                          /* 1A */
  74  { u, u, u },                          /* 1B */
  75  { M, F, B },                          /* 1C */
  76  { M, F, B },                          /* 1D */
  77  { u, u, u },                          /* 1E */
  78  { u, u, u },                          /* 1F */
  79};
  80
  81/*
  82 * In this function we check to see if the instruction
  83 * is IP relative instruction and update the kprobe
  84 * inst flag accordingly
  85 */
  86static void __kprobes update_kprobe_inst_flag(uint template, uint  slot,
  87                                              uint major_opcode,
  88                                              unsigned long kprobe_inst,
  89                                              struct kprobe *p)
  90{
  91        p->ainsn.inst_flag = 0;
  92        p->ainsn.target_br_reg = 0;
  93        p->ainsn.slot = slot;
  94
  95        /* Check for Break instruction
  96         * Bits 37:40 Major opcode to be zero
  97         * Bits 27:32 X6 to be zero
  98         * Bits 32:35 X3 to be zero
  99         */
 100        if ((!major_opcode) && (!((kprobe_inst >> 27) & 0x1FF)) ) {
 101                /* is a break instruction */
 102                p->ainsn.inst_flag |= INST_FLAG_BREAK_INST;
 103                return;
 104        }
 105
 106        if (bundle_encoding[template][slot] == B) {
 107                switch (major_opcode) {
 108                  case INDIRECT_CALL_OPCODE:
 109                        p->ainsn.inst_flag |= INST_FLAG_FIX_BRANCH_REG;
 110                        p->ainsn.target_br_reg = ((kprobe_inst >> 6) & 0x7);
 111                        break;
 112                  case IP_RELATIVE_PREDICT_OPCODE:
 113                  case IP_RELATIVE_BRANCH_OPCODE:
 114                        p->ainsn.inst_flag |= INST_FLAG_FIX_RELATIVE_IP_ADDR;
 115                        break;
 116                  case IP_RELATIVE_CALL_OPCODE:
 117                        p->ainsn.inst_flag |= INST_FLAG_FIX_RELATIVE_IP_ADDR;
 118                        p->ainsn.inst_flag |= INST_FLAG_FIX_BRANCH_REG;
 119                        p->ainsn.target_br_reg = ((kprobe_inst >> 6) & 0x7);
 120                        break;
 121                }
 122        } else if (bundle_encoding[template][slot] == X) {
 123                switch (major_opcode) {
 124                  case LONG_CALL_OPCODE:
 125                        p->ainsn.inst_flag |= INST_FLAG_FIX_BRANCH_REG;
 126                        p->ainsn.target_br_reg = ((kprobe_inst >> 6) & 0x7);
 127                  break;
 128                }
 129        }
 130        return;
 131}
 132
 133/*
 134 * In this function we check to see if the instruction
 135 * (qp) cmpx.crel.ctype p1,p2=r2,r3
 136 * on which we are inserting kprobe is cmp instruction
 137 * with ctype as unc.
 138 */
 139static uint __kprobes is_cmp_ctype_unc_inst(uint template, uint slot,
 140                                            uint major_opcode,
 141                                            unsigned long kprobe_inst)
 142{
 143        cmp_inst_t cmp_inst;
 144        uint ctype_unc = 0;
 145
 146        if (!((bundle_encoding[template][slot] == I) ||
 147                (bundle_encoding[template][slot] == M)))
 148                goto out;
 149
 150        if (!((major_opcode == 0xC) || (major_opcode == 0xD) ||
 151                (major_opcode == 0xE)))
 152                goto out;
 153
 154        cmp_inst.l = kprobe_inst;
 155        if ((cmp_inst.f.x2 == 0) || (cmp_inst.f.x2 == 1)) {
 156                /* Integer compare - Register Register (A6 type)*/
 157                if ((cmp_inst.f.tb == 0) && (cmp_inst.f.ta == 0)
 158                                &&(cmp_inst.f.c == 1))
 159                        ctype_unc = 1;
 160        } else if ((cmp_inst.f.x2 == 2)||(cmp_inst.f.x2 == 3)) {
 161                /* Integer compare - Immediate Register (A8 type)*/
 162                if ((cmp_inst.f.ta == 0) &&(cmp_inst.f.c == 1))
 163                        ctype_unc = 1;
 164        }
 165out:
 166        return ctype_unc;
 167}
 168
 169/*
 170 * In this function we check to see if the instruction
 171 * on which we are inserting kprobe is supported.
 172 * Returns qp value if supported
 173 * Returns -EINVAL if unsupported
 174 */
 175static int __kprobes unsupported_inst(uint template, uint  slot,
 176                                      uint major_opcode,
 177                                      unsigned long kprobe_inst,
 178                                      unsigned long addr)
 179{
 180        int qp;
 181
 182        qp = kprobe_inst & 0x3f;
 183        if (is_cmp_ctype_unc_inst(template, slot, major_opcode, kprobe_inst)) {
 184                if (slot == 1 && qp)  {
 185                        printk(KERN_WARNING "Kprobes on cmp unc "
 186                                        "instruction on slot 1 at <0x%lx> "
 187                                        "is not supported\n", addr);
 188                        return -EINVAL;
 189
 190                }
 191                qp = 0;
 192        }
 193        else if (bundle_encoding[template][slot] == I) {
 194                if (major_opcode == 0) {
 195                        /*
 196                         * Check for Integer speculation instruction
 197                         * - Bit 33-35 to be equal to 0x1
 198                         */
 199                        if (((kprobe_inst >> 33) & 0x7) == 1) {
 200                                printk(KERN_WARNING
 201                                        "Kprobes on speculation inst at <0x%lx> not supported\n",
 202                                                addr);
 203                                return -EINVAL;
 204                        }
 205                        /*
 206                         * IP relative mov instruction
 207                         *  - Bit 27-35 to be equal to 0x30
 208                         */
 209                        if (((kprobe_inst >> 27) & 0x1FF) == 0x30) {
 210                                printk(KERN_WARNING
 211                                        "Kprobes on \"mov r1=ip\" at <0x%lx> not supported\n",
 212                                                addr);
 213                                return -EINVAL;
 214
 215                        }
 216                }
 217                else if ((major_opcode == 5) && !(kprobe_inst & (0xFUl << 33)) &&
 218                                (kprobe_inst & (0x1UL << 12))) {
 219                        /* test bit instructions, tbit,tnat,tf
 220                         * bit 33-36 to be equal to 0
 221                         * bit 12 to be equal to 1
 222                         */
 223                        if (slot == 1 && qp) {
 224                                printk(KERN_WARNING "Kprobes on test bit "
 225                                                "instruction on slot at <0x%lx> "
 226                                                "is not supported\n", addr);
 227                                return -EINVAL;
 228                        }
 229                        qp = 0;
 230                }
 231        }
 232        else if (bundle_encoding[template][slot] == B) {
 233                if (major_opcode == 7) {
 234                        /* IP-Relative Predict major code is 7 */
 235                        printk(KERN_WARNING "Kprobes on IP-Relative"
 236                                        "Predict is not supported\n");
 237                        return -EINVAL;
 238                }
 239                else if (major_opcode == 2) {
 240                        /* Indirect Predict, major code is 2
 241                         * bit 27-32 to be equal to 10 or 11
 242                         */
 243                        int x6=(kprobe_inst >> 27) & 0x3F;
 244                        if ((x6 == 0x10) || (x6 == 0x11)) {
 245                                printk(KERN_WARNING "Kprobes on "
 246                                        "Indirect Predict is not supported\n");
 247                                return -EINVAL;
 248                        }
 249                }
 250        }
 251        /* kernel does not use float instruction, here for safety kprobe
 252         * will judge whether it is fcmp/flass/float approximation instruction
 253         */
 254        else if (unlikely(bundle_encoding[template][slot] == F)) {
 255                if ((major_opcode == 4 || major_opcode == 5) &&
 256                                (kprobe_inst  & (0x1 << 12))) {
 257                        /* fcmp/fclass unc instruction */
 258                        if (slot == 1 && qp) {
 259                                printk(KERN_WARNING "Kprobes on fcmp/fclass "
 260                                        "instruction on slot at <0x%lx> "
 261                                        "is not supported\n", addr);
 262                                return -EINVAL;
 263
 264                        }
 265                        qp = 0;
 266                }
 267                if ((major_opcode == 0 || major_opcode == 1) &&
 268                        (kprobe_inst & (0x1UL << 33))) {
 269                        /* float Approximation instruction */
 270                        if (slot == 1 && qp) {
 271                                printk(KERN_WARNING "Kprobes on float Approx "
 272                                        "instr at <0x%lx> is not supported\n",
 273                                                addr);
 274                                return -EINVAL;
 275                        }
 276                        qp = 0;
 277                }
 278        }
 279        return qp;
 280}
 281
 282/*
 283 * In this function we override the bundle with
 284 * the break instruction at the given slot.
 285 */
 286static void __kprobes prepare_break_inst(uint template, uint  slot,
 287                                         uint major_opcode,
 288                                         unsigned long kprobe_inst,
 289                                         struct kprobe *p,
 290                                         int qp)
 291{
 292        unsigned long break_inst = BREAK_INST;
 293        bundle_t *bundle = &p->opcode.bundle;
 294
 295        /*
 296         * Copy the original kprobe_inst qualifying predicate(qp)
 297         * to the break instruction
 298         */
 299        break_inst |= qp;
 300
 301        switch (slot) {
 302          case 0:
 303                bundle->quad0.slot0 = break_inst;
 304                break;
 305          case 1:
 306                bundle->quad0.slot1_p0 = break_inst;
 307                bundle->quad1.slot1_p1 = break_inst >> (64-46);
 308                break;
 309          case 2:
 310                bundle->quad1.slot2 = break_inst;
 311                break;
 312        }
 313
 314        /*
 315         * Update the instruction flag, so that we can
 316         * emulate the instruction properly after we
 317         * single step on original instruction
 318         */
 319        update_kprobe_inst_flag(template, slot, major_opcode, kprobe_inst, p);
 320}
 321
 322static void __kprobes get_kprobe_inst(bundle_t *bundle, uint slot,
 323                unsigned long *kprobe_inst, uint *major_opcode)
 324{
 325        unsigned long kprobe_inst_p0, kprobe_inst_p1;
 326        unsigned int template;
 327
 328        template = bundle->quad0.template;
 329
 330        switch (slot) {
 331          case 0:
 332                *major_opcode = (bundle->quad0.slot0 >> SLOT0_OPCODE_SHIFT);
 333                *kprobe_inst = bundle->quad0.slot0;
 334                  break;
 335          case 1:
 336                *major_opcode = (bundle->quad1.slot1_p1 >> SLOT1_p1_OPCODE_SHIFT);
 337                kprobe_inst_p0 = bundle->quad0.slot1_p0;
 338                kprobe_inst_p1 = bundle->quad1.slot1_p1;
 339                *kprobe_inst = kprobe_inst_p0 | (kprobe_inst_p1 << (64-46));
 340                break;
 341          case 2:
 342                *major_opcode = (bundle->quad1.slot2 >> SLOT2_OPCODE_SHIFT);
 343                *kprobe_inst = bundle->quad1.slot2;
 344                break;
 345        }
 346}
 347
 348/* Returns non-zero if the addr is in the Interrupt Vector Table */
 349static int __kprobes in_ivt_functions(unsigned long addr)
 350{
 351        return (addr >= (unsigned long)__start_ivt_text
 352                && addr < (unsigned long)__end_ivt_text);
 353}
 354
 355static int __kprobes valid_kprobe_addr(int template, int slot,
 356                                       unsigned long addr)
 357{
 358        if ((slot > 2) || ((bundle_encoding[template][1] == L) && slot > 1)) {
 359                printk(KERN_WARNING "Attempting to insert unaligned kprobe "
 360                                "at 0x%lx\n", addr);
 361                return -EINVAL;
 362        }
 363
 364        if (in_ivt_functions(addr)) {
 365                printk(KERN_WARNING "Kprobes can't be inserted inside "
 366                                "IVT functions at 0x%lx\n", addr);
 367                return -EINVAL;
 368        }
 369
 370        return 0;
 371}
 372
 373static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
 374{
 375        unsigned int i;
 376        i = atomic_add_return(1, &kcb->prev_kprobe_index);
 377        kcb->prev_kprobe[i-1].kp = kprobe_running();
 378        kcb->prev_kprobe[i-1].status = kcb->kprobe_status;
 379}
 380
 381static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
 382{
 383        unsigned int i;
 384        i = atomic_sub_return(1, &kcb->prev_kprobe_index);
 385        __get_cpu_var(current_kprobe) = kcb->prev_kprobe[i].kp;
 386        kcb->kprobe_status = kcb->prev_kprobe[i].status;
 387}
 388
 389static void __kprobes set_current_kprobe(struct kprobe *p,
 390                        struct kprobe_ctlblk *kcb)
 391{
 392        __get_cpu_var(current_kprobe) = p;
 393}
 394
 395static void kretprobe_trampoline(void)
 396{
 397}
 398
 399/*
 400 * At this point the target function has been tricked into
 401 * returning into our trampoline.  Lookup the associated instance
 402 * and then:
 403 *    - call the handler function
 404 *    - cleanup by marking the instance as unused
 405 *    - long jump back to the original return address
 406 */
 407int __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
 408{
 409        struct kretprobe_instance *ri = NULL;
 410        struct hlist_head *head, empty_rp;
 411        struct hlist_node *node, *tmp;
 412        unsigned long flags, orig_ret_address = 0;
 413        unsigned long trampoline_address =
 414                ((struct fnptr *)kretprobe_trampoline)->ip;
 415
 416        INIT_HLIST_HEAD(&empty_rp);
 417        spin_lock_irqsave(&kretprobe_lock, flags);
 418        head = kretprobe_inst_table_head(current);
 419
 420        /*
 421         * It is possible to have multiple instances associated with a given
 422         * task either because an multiple functions in the call path
 423         * have a return probe installed on them, and/or more then one return
 424         * return probe was registered for a target function.
 425         *
 426         * We can handle this because:
 427         *     - instances are always inserted at the head of the list
 428         *     - when multiple return probes are registered for the same
 429         *       function, the first instance's ret_addr will point to the
 430         *       real return address, and all the rest will point to
 431         *       kretprobe_trampoline
 432         */
 433        hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
 434                if (ri->task != current)
 435                        /* another task is sharing our hash bucket */
 436                        continue;
 437
 438                orig_ret_address = (unsigned long)ri->ret_addr;
 439                if (orig_ret_address != trampoline_address)
 440                        /*
 441                         * This is the real return address. Any other
 442                         * instances associated with this task are for
 443                         * other calls deeper on the call stack
 444                         */
 445                        break;
 446        }
 447
 448        regs->cr_iip = orig_ret_address;
 449
 450        hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
 451                if (ri->task != current)
 452                        /* another task is sharing our hash bucket */
 453                        continue;
 454
 455                if (ri->rp && ri->rp->handler)
 456                        ri->rp->handler(ri, regs);
 457
 458                orig_ret_address = (unsigned long)ri->ret_addr;
 459                recycle_rp_inst(ri, &empty_rp);
 460
 461                if (orig_ret_address != trampoline_address)
 462                        /*
 463                         * This is the real return address. Any other
 464                         * instances associated with this task are for
 465                         * other calls deeper on the call stack
 466                         */
 467                        break;
 468        }
 469
 470        kretprobe_assert(ri, orig_ret_address, trampoline_address);
 471
 472        reset_current_kprobe();
 473        spin_unlock_irqrestore(&kretprobe_lock, flags);
 474        preempt_enable_no_resched();
 475
 476        hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
 477                hlist_del(&ri->hlist);
 478                kfree(ri);
 479        }
 480        /*
 481         * By returning a non-zero value, we are telling
 482         * kprobe_handler() that we don't want the post_handler
 483         * to run (and have re-enabled preemption)
 484         */
 485        return 1;
 486}
 487
 488/* Called with kretprobe_lock held */
 489void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
 490                                      struct pt_regs *regs)
 491{
 492        ri->ret_addr = (kprobe_opcode_t *)regs->b0;
 493
 494        /* Replace the return addr with trampoline addr */
 495        regs->b0 = ((struct fnptr *)kretprobe_trampoline)->ip;
 496}
 497
 498int __kprobes arch_prepare_kprobe(struct kprobe *p)
 499{
 500        unsigned long addr = (unsigned long) p->addr;
 501        unsigned long *kprobe_addr = (unsigned long *)(addr & ~0xFULL);
 502        unsigned long kprobe_inst=0;
 503        unsigned int slot = addr & 0xf, template, major_opcode = 0;
 504        bundle_t *bundle;
 505        int qp;
 506
 507        bundle = &((kprobe_opcode_t *)kprobe_addr)->bundle;
 508        template = bundle->quad0.template;
 509
 510        if(valid_kprobe_addr(template, slot, addr))
 511                return -EINVAL;
 512
 513        /* Move to slot 2, if bundle is MLX type and kprobe slot is 1 */
 514        if (slot == 1 && bundle_encoding[template][1] == L)
 515                slot++;
 516
 517        /* Get kprobe_inst and major_opcode from the bundle */
 518        get_kprobe_inst(bundle, slot, &kprobe_inst, &major_opcode);
 519
 520        qp = unsupported_inst(template, slot, major_opcode, kprobe_inst, addr);
 521        if (qp < 0)
 522                return -EINVAL;
 523
 524        p->ainsn.insn = get_insn_slot();
 525        if (!p->ainsn.insn)
 526                return -ENOMEM;
 527        memcpy(&p->opcode, kprobe_addr, sizeof(kprobe_opcode_t));
 528        memcpy(p->ainsn.insn, kprobe_addr, sizeof(kprobe_opcode_t));
 529
 530        prepare_break_inst(template, slot, major_opcode, kprobe_inst, p, qp);
 531
 532        return 0;
 533}
 534
 535void __kprobes arch_arm_kprobe(struct kprobe *p)
 536{
 537        unsigned long arm_addr;
 538        bundle_t *src, *dest;
 539
 540        arm_addr = ((unsigned long)p->addr) & ~0xFUL;
 541        dest = &((kprobe_opcode_t *)arm_addr)->bundle;
 542        src = &p->opcode.bundle;
 543
 544        flush_icache_range((unsigned long)p->ainsn.insn,
 545                        (unsigned long)p->ainsn.insn + sizeof(kprobe_opcode_t));
 546        switch (p->ainsn.slot) {
 547                case 0:
 548                        dest->quad0.slot0 = src->quad0.slot0;
 549                        break;
 550                case 1:
 551                        dest->quad1.slot1_p1 = src->quad1.slot1_p1;
 552                        break;
 553                case 2:
 554                        dest->quad1.slot2 = src->quad1.slot2;
 555                        break;
 556        }
 557        flush_icache_range(arm_addr, arm_addr + sizeof(kprobe_opcode_t));
 558}
 559
 560void __kprobes arch_disarm_kprobe(struct kprobe *p)
 561{
 562        unsigned long arm_addr;
 563        bundle_t *src, *dest;
 564
 565        arm_addr = ((unsigned long)p->addr) & ~0xFUL;
 566        dest = &((kprobe_opcode_t *)arm_addr)->bundle;
 567        /* p->ainsn.insn contains the original unaltered kprobe_opcode_t */
 568        src = &p->ainsn.insn->bundle;
 569        switch (p->ainsn.slot) {
 570                case 0:
 571                        dest->quad0.slot0 = src->quad0.slot0;
 572                        break;
 573                case 1:
 574                        dest->quad1.slot1_p1 = src->quad1.slot1_p1;
 575                        break;
 576                case 2:
 577                        dest->quad1.slot2 = src->quad1.slot2;
 578                        break;
 579        }
 580        flush_icache_range(arm_addr, arm_addr + sizeof(kprobe_opcode_t));
 581}
 582
 583void __kprobes arch_remove_kprobe(struct kprobe *p)
 584{
 585        mutex_lock(&kprobe_mutex);
 586        free_insn_slot(p->ainsn.insn, 0);
 587        mutex_unlock(&kprobe_mutex);
 588}
 589/*
 590 * We are resuming execution after a single step fault, so the pt_regs
 591 * structure reflects the register state after we executed the instruction
 592 * located in the kprobe (p->ainsn.insn.bundle).  We still need to adjust
 593 * the ip to point back to the original stack address. To set the IP address
 594 * to original stack address, handle the case where we need to fixup the
 595 * relative IP address and/or fixup branch register.
 596 */
 597static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs)
 598{
 599        unsigned long bundle_addr = (unsigned long) (&p->ainsn.insn->bundle);
 600        unsigned long resume_addr = (unsigned long)p->addr & ~0xFULL;
 601        unsigned long template;
 602        int slot = ((unsigned long)p->addr & 0xf);
 603
 604        template = p->ainsn.insn->bundle.quad0.template;
 605
 606        if (slot == 1 && bundle_encoding[template][1] == L)
 607                slot = 2;
 608
 609        if (p->ainsn.inst_flag) {
 610
 611                if (p->ainsn.inst_flag & INST_FLAG_FIX_RELATIVE_IP_ADDR) {
 612                        /* Fix relative IP address */
 613                        regs->cr_iip = (regs->cr_iip - bundle_addr) +
 614                                        resume_addr;
 615                }
 616
 617                if (p->ainsn.inst_flag & INST_FLAG_FIX_BRANCH_REG) {
 618                /*
 619                 * Fix target branch register, software convention is
 620                 * to use either b0 or b6 or b7, so just checking
 621                 * only those registers
 622                 */
 623                        switch (p->ainsn.target_br_reg) {
 624                        case 0:
 625                                if ((regs->b0 == bundle_addr) ||
 626                                        (regs->b0 == bundle_addr + 0x10)) {
 627                                        regs->b0 = (regs->b0 - bundle_addr) +
 628                                                resume_addr;
 629                                }
 630                                break;
 631                        case 6:
 632                                if ((regs->b6 == bundle_addr) ||
 633                                        (regs->b6 == bundle_addr + 0x10)) {
 634                                        regs->b6 = (regs->b6 - bundle_addr) +
 635                                                resume_addr;
 636                                }
 637                                break;
 638                        case 7:
 639                                if ((regs->b7 == bundle_addr) ||
 640                                        (regs->b7 == bundle_addr + 0x10)) {
 641                                        regs->b7 = (regs->b7 - bundle_addr) +
 642                                                resume_addr;
 643                                }
 644                                break;
 645                        } /* end switch */
 646                }
 647                goto turn_ss_off;
 648        }
 649
 650        if (slot == 2) {
 651                if (regs->cr_iip == bundle_addr + 0x10) {
 652                        regs->cr_iip = resume_addr + 0x10;
 653                }
 654        } else {
 655                if (regs->cr_iip == bundle_addr) {
 656                        regs->cr_iip = resume_addr;
 657                }
 658        }
 659
 660turn_ss_off:
 661        /* Turn off Single Step bit */
 662        ia64_psr(regs)->ss = 0;
 663}
 664
 665static void __kprobes prepare_ss(struct kprobe *p, struct pt_regs *regs)
 666{
 667        unsigned long bundle_addr = (unsigned long) &p->ainsn.insn->bundle;
 668        unsigned long slot = (unsigned long)p->addr & 0xf;
 669
 670        /* single step inline if break instruction */
 671        if (p->ainsn.inst_flag == INST_FLAG_BREAK_INST)
 672                regs->cr_iip = (unsigned long)p->addr & ~0xFULL;
 673        else
 674                regs->cr_iip = bundle_addr & ~0xFULL;
 675
 676        if (slot > 2)
 677                slot = 0;
 678
 679        ia64_psr(regs)->ri = slot;
 680
 681        /* turn on single stepping */
 682        ia64_psr(regs)->ss = 1;
 683}
 684
 685static int __kprobes is_ia64_break_inst(struct pt_regs *regs)
 686{
 687        unsigned int slot = ia64_psr(regs)->ri;
 688        unsigned int template, major_opcode;
 689        unsigned long kprobe_inst;
 690        unsigned long *kprobe_addr = (unsigned long *)regs->cr_iip;
 691        bundle_t bundle;
 692
 693        memcpy(&bundle, kprobe_addr, sizeof(bundle_t));
 694        template = bundle.quad0.template;
 695
 696        /* Move to slot 2, if bundle is MLX type and kprobe slot is 1 */
 697        if (slot == 1 && bundle_encoding[template][1] == L)
 698                slot++;
 699
 700        /* Get Kprobe probe instruction at given slot*/
 701        get_kprobe_inst(&bundle, slot, &kprobe_inst, &major_opcode);
 702
 703        /* For break instruction,
 704         * Bits 37:40 Major opcode to be zero
 705         * Bits 27:32 X6 to be zero
 706         * Bits 32:35 X3 to be zero
 707         */
 708        if (major_opcode || ((kprobe_inst >> 27) & 0x1FF) ) {
 709                /* Not a break instruction */
 710                return 0;
 711        }
 712
 713        /* Is a break instruction */
 714        return 1;
 715}
 716
 717static int __kprobes pre_kprobes_handler(struct die_args *args)
 718{
 719        struct kprobe *p;
 720        int ret = 0;
 721        struct pt_regs *regs = args->regs;
 722        kprobe_opcode_t *addr = (kprobe_opcode_t *)instruction_pointer(regs);
 723        struct kprobe_ctlblk *kcb;
 724
 725        /*
 726         * We don't want to be preempted for the entire
 727         * duration of kprobe processing
 728         */
 729        preempt_disable();
 730        kcb = get_kprobe_ctlblk();
 731
 732        /* Handle recursion cases */
 733        if (kprobe_running()) {
 734                p = get_kprobe(addr);
 735                if (p) {
 736                        if ((kcb->kprobe_status == KPROBE_HIT_SS) &&
 737                             (p->ainsn.inst_flag == INST_FLAG_BREAK_INST)) {
 738                                ia64_psr(regs)->ss = 0;
 739                                goto no_kprobe;
 740                        }
 741                        /* We have reentered the pre_kprobe_handler(), since
 742                         * another probe was hit while within the handler.
 743                         * We here save the original kprobes variables and
 744                         * just single step on the instruction of the new probe
 745                         * without calling any user handlers.
 746                         */
 747                        save_previous_kprobe(kcb);
 748                        set_current_kprobe(p, kcb);
 749                        kprobes_inc_nmissed_count(p);
 750                        prepare_ss(p, regs);
 751                        kcb->kprobe_status = KPROBE_REENTER;
 752                        return 1;
 753                } else if (args->err == __IA64_BREAK_JPROBE) {
 754                        /*
 755                         * jprobe instrumented function just completed
 756                         */
 757                        p = __get_cpu_var(current_kprobe);
 758                        if (p->break_handler && p->break_handler(p, regs)) {
 759                                goto ss_probe;
 760                        }
 761                } else if (!is_ia64_break_inst(regs)) {
 762                        /* The breakpoint instruction was removed by
 763                         * another cpu right after we hit, no further
 764                         * handling of this interrupt is appropriate
 765                         */
 766                        ret = 1;
 767                        goto no_kprobe;
 768                } else {
 769                        /* Not our break */
 770                        goto no_kprobe;
 771                }
 772        }
 773
 774        p = get_kprobe(addr);
 775        if (!p) {
 776                if (!is_ia64_break_inst(regs)) {
 777                        /*
 778                         * The breakpoint instruction was removed right
 779                         * after we hit it.  Another cpu has removed
 780                         * either a probepoint or a debugger breakpoint
 781                         * at this address.  In either case, no further
 782                         * handling of this interrupt is appropriate.
 783                         */
 784                        ret = 1;
 785
 786                }
 787
 788                /* Not one of our break, let kernel handle it */
 789                goto no_kprobe;
 790        }
 791
 792        set_current_kprobe(p, kcb);
 793        kcb->kprobe_status = KPROBE_HIT_ACTIVE;
 794
 795        if (p->pre_handler && p->pre_handler(p, regs))
 796                /*
 797                 * Our pre-handler is specifically requesting that we just
 798                 * do a return.  This is used for both the jprobe pre-handler
 799                 * and the kretprobe trampoline
 800                 */
 801                return 1;
 802
 803ss_probe:
 804        prepare_ss(p, regs);
 805        kcb->kprobe_status = KPROBE_HIT_SS;
 806        return 1;
 807
 808no_kprobe:
 809        preempt_enable_no_resched();
 810        return ret;
 811}
 812
 813static int __kprobes post_kprobes_handler(struct pt_regs *regs)
 814{
 815        struct kprobe *cur = kprobe_running();
 816        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 817
 818        if (!cur)
 819                return 0;
 820
 821        if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
 822                kcb->kprobe_status = KPROBE_HIT_SSDONE;
 823                cur->post_handler(cur, regs, 0);
 824        }
 825
 826        resume_execution(cur, regs);
 827
 828        /*Restore back the original saved kprobes variables and continue. */
 829        if (kcb->kprobe_status == KPROBE_REENTER) {
 830                restore_previous_kprobe(kcb);
 831                goto out;
 832        }
 833        reset_current_kprobe();
 834
 835out:
 836        preempt_enable_no_resched();
 837        return 1;
 838}
 839
 840int __kprobes kprobes_fault_handler(struct pt_regs *regs, int trapnr)
 841{
 842        struct kprobe *cur = kprobe_running();
 843        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 844
 845
 846        switch(kcb->kprobe_status) {
 847        case KPROBE_HIT_SS:
 848        case KPROBE_REENTER:
 849                /*
 850                 * We are here because the instruction being single
 851                 * stepped caused a page fault. We reset the current
 852                 * kprobe and the instruction pointer points back to
 853                 * the probe address and allow the page fault handler
 854                 * to continue as a normal page fault.
 855                 */
 856                regs->cr_iip = ((unsigned long)cur->addr) & ~0xFULL;
 857                ia64_psr(regs)->ri = ((unsigned long)cur->addr) & 0xf;
 858                if (kcb->kprobe_status == KPROBE_REENTER)
 859                        restore_previous_kprobe(kcb);
 860                else
 861                        reset_current_kprobe();
 862                preempt_enable_no_resched();
 863                break;
 864        case KPROBE_HIT_ACTIVE:
 865        case KPROBE_HIT_SSDONE:
 866                /*
 867                 * We increment the nmissed count for accounting,
 868                 * we can also use npre/npostfault count for accouting
 869                 * these specific fault cases.
 870                 */
 871                kprobes_inc_nmissed_count(cur);
 872
 873                /*
 874                 * We come here because instructions in the pre/post
 875                 * handler caused the page_fault, this could happen
 876                 * if handler tries to access user space by
 877                 * copy_from_user(), get_user() etc. Let the
 878                 * user-specified handler try to fix it first.
 879                 */
 880                if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
 881                        return 1;
 882                /*
 883                 * In case the user-specified fault handler returned
 884                 * zero, try to fix up.
 885                 */
 886                if (ia64_done_with_exception(regs))
 887                        return 1;
 888
 889                /*
 890                 * Let ia64_do_page_fault() fix it.
 891                 */
 892                break;
 893        default:
 894                break;
 895        }
 896
 897        return 0;
 898}
 899
 900int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
 901                                       unsigned long val, void *data)
 902{
 903        struct die_args *args = (struct die_args *)data;
 904        int ret = NOTIFY_DONE;
 905
 906        if (args->regs && user_mode(args->regs))
 907                return ret;
 908
 909        switch(val) {
 910        case DIE_BREAK:
 911                /* err is break number from ia64_bad_break() */
 912                if ((args->err >> 12) == (__IA64_BREAK_KPROBE >> 12)
 913                        || args->err == __IA64_BREAK_JPROBE
 914                        || args->err == 0)
 915                        if (pre_kprobes_handler(args))
 916                                ret = NOTIFY_STOP;
 917                break;
 918        case DIE_FAULT:
 919                /* err is vector number from ia64_fault() */
 920                if (args->err == 36)
 921                        if (post_kprobes_handler(args->regs))
 922                                ret = NOTIFY_STOP;
 923                break;
 924        default:
 925                break;
 926        }
 927        return ret;
 928}
 929
 930struct param_bsp_cfm {
 931        unsigned long ip;
 932        unsigned long *bsp;
 933        unsigned long cfm;
 934};
 935
 936static void ia64_get_bsp_cfm(struct unw_frame_info *info, void *arg)
 937{
 938        unsigned long ip;
 939        struct param_bsp_cfm *lp = arg;
 940
 941        do {
 942                unw_get_ip(info, &ip);
 943                if (ip == 0)
 944                        break;
 945                if (ip == lp->ip) {
 946                        unw_get_bsp(info, (unsigned long*)&lp->bsp);
 947                        unw_get_cfm(info, (unsigned long*)&lp->cfm);
 948                        return;
 949                }
 950        } while (unw_unwind(info) >= 0);
 951        lp->bsp = NULL;
 952        lp->cfm = 0;
 953        return;
 954}
 955
 956unsigned long arch_deref_entry_point(void *entry)
 957{
 958        return ((struct fnptr *)entry)->ip;
 959}
 960
 961int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
 962{
 963        struct jprobe *jp = container_of(p, struct jprobe, kp);
 964        unsigned long addr = arch_deref_entry_point(jp->entry);
 965        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
 966        struct param_bsp_cfm pa;
 967        int bytes;
 968
 969        /*
 970         * Callee owns the argument space and could overwrite it, eg
 971         * tail call optimization. So to be absolutely safe
 972         * we save the argument space before transferring the control
 973         * to instrumented jprobe function which runs in
 974         * the process context
 975         */
 976        pa.ip = regs->cr_iip;
 977        unw_init_running(ia64_get_bsp_cfm, &pa);
 978        bytes = (char *)ia64_rse_skip_regs(pa.bsp, pa.cfm & 0x3f)
 979                                - (char *)pa.bsp;
 980        memcpy( kcb->jprobes_saved_stacked_regs,
 981                pa.bsp,
 982                bytes );
 983        kcb->bsp = pa.bsp;
 984        kcb->cfm = pa.cfm;
 985
 986        /* save architectural state */
 987        kcb->jprobe_saved_regs = *regs;
 988
 989        /* after rfi, execute the jprobe instrumented function */
 990        regs->cr_iip = addr & ~0xFULL;
 991        ia64_psr(regs)->ri = addr & 0xf;
 992        regs->r1 = ((struct fnptr *)(jp->entry))->gp;
 993
 994        /*
 995         * fix the return address to our jprobe_inst_return() function
 996         * in the jprobes.S file
 997         */
 998        regs->b0 = ((struct fnptr *)(jprobe_inst_return))->ip;
 999
1000        return 1;

1001}
1002
1003int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
1004{
1005        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
1006        int bytes;
1007
1008        /* restoring architectural state */
1009        *regs = kcb->jprobe_saved_regs;
1010
1011        /* restoring the original argument space */
1012        flush_register_stack();
1013        bytes = (char *)ia64_rse_skip_regs(kcb->bsp, kcb->cfm & 0x3f)
1014                                - (char *)kcb->bsp;
1015        memcpy( kcb->bsp,
1016                kcb->jprobes_saved_stacked_regs,
1017                bytes );
1018        invalidate_stacked_regs();
1019
1020        preempt_enable_no_resched();
1021        return 1;
1022}
1023
1024static struct kprobe trampoline_p = {
1025        .pre_handler = trampoline_probe_handler
1026};
1027
1028int __init arch_init_kprobes(void)
1029{
1030        trampoline_p.addr =
1031                (kprobe_opcode_t *)((struct fnptr *)kretprobe_trampoline)->ip;
1032        return register_kprobe(&trampoline_p);
1033}
1034
1035int __kprobes arch_trampoline_kprobe(struct kprobe *p)
1036{
1037        if (p->addr ==
1038                (kprobe_opcode_t *)((struct fnptr *)kretprobe_trampoline)->ip)
1039                return 1;
1040
1041        return 0;
1042}
1043