From patchwork Tue Feb 17 23:11:39 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Long X-Patchwork-Id: 44754 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-wi0-f198.google.com (mail-wi0-f198.google.com [209.85.212.198]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id DE26421557 for ; Tue, 17 Feb 2015 23:11:57 +0000 (UTC) Received: by mail-wi0-f198.google.com with SMTP id h11sf21843016wiw.1 for ; Tue, 17 Feb 2015 15:11:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :list-post:list-help:list-archive:list-unsubscribe; bh=JZF+M2KEL7cmnEzwvGdB8jIy3iPZ6XtC586bt4IP0NQ=; b=YtsCATf8PWD+B6C1dzXqw+Wm3RVoraZnWerNeDSUrp9HUvhiZFrU7f22vw/Dbn6IgO pGLn8oeB2mEpKQAaENKkMnuXskWa3S55taaIj5RSlQwB0ZR8nUQ//ZwAoo4py5naX9qw AafZxP91CV1dN2umnNUbpZUxpwVoi9rYs4cddmudkIesN9vOpPXRxEbIywlvvcJNGDE8 mL2quJK/pXYhSSeRwbDvXLQtfXq9sGmu2kfXPrDZiu/xWYKW+U9jS0LxbDDhsIzn6Zwt HMT2Cmd03vj28XKBfyPcs+nqUhA8xR2SoLX3Pw8bTvX8NSfQbHg4F9pCsAKuCEoVFjEZ 8mlw== X-Gm-Message-State: ALoCoQnSHLxsWTDI12OjNTnRFQGfEAlatSgryq4wJrOFc5hQnPpW4BmNdyfFiYovJuXjmEUcqhhA X-Received: by 10.112.77.101 with SMTP id r5mr3314623lbw.4.1424214716993; Tue, 17 Feb 2015 15:11:56 -0800 (PST) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.44.232 with SMTP id h8ls725588lam.30.gmail; Tue, 17 Feb 2015 15:11:56 -0800 (PST) X-Received: by 10.112.188.227 with SMTP id gd3mr12336813lbc.22.1424214716836; Tue, 17 Feb 2015 15:11:56 -0800 (PST) Received: from mail-la0-f42.google.com (mail-la0-f42.google.com. [209.85.215.42]) by mx.google.com with ESMTPS id eo7si11696019lbb.121.2015.02.17.15.11.56 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Feb 2015 15:11:56 -0800 (PST) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) client-ip=209.85.215.42; Received: by lamq1 with SMTP id q1so38836453lam.5 for ; Tue, 17 Feb 2015 15:11:56 -0800 (PST) X-Received: by 10.152.21.201 with SMTP id x9mr30698944lae.72.1424214716673; Tue, 17 Feb 2015 15:11:56 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patches@linaro.org Received: by 10.112.35.133 with SMTP id h5csp2502403lbj; Tue, 17 Feb 2015 15:11:55 -0800 (PST) X-Received: by 10.236.53.73 with SMTP id f49mr856451yhc.61.1424214709069; Tue, 17 Feb 2015 15:11:49 -0800 (PST) Received: from mail-qg0-f52.google.com (mail-qg0-f52.google.com. [209.85.192.52]) by mx.google.com with ESMTPS id f2si17390161qaq.72.2015.02.17.15.11.48 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Feb 2015 15:11:49 -0800 (PST) Received-SPF: pass (google.com: domain of dave.long@linaro.org designates 209.85.192.52 as permitted sender) client-ip=209.85.192.52; Received: by mail-qg0-f52.google.com with SMTP id h3so30384794qgf.11 for ; Tue, 17 Feb 2015 15:11:48 -0800 (PST) X-Received: by 10.140.150.199 with SMTP id 190mr921606qhw.70.1424214708425; Tue, 17 Feb 2015 15:11:48 -0800 (PST) Received: from localhost.localdomain (pool-72-71-243-249.cncdnh.fast00.myfairpoint.net. [72.71.243.249]) by mx.google.com with ESMTPSA id e2sm4320004qaf.47.2015.02.17.15.11.47 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 17 Feb 2015 15:11:47 -0800 (PST) From: David Long To: linux-arm-kernel@lists.infradead.org, Russell King Cc: Sandeepa Prabhu , William Cohen , Steve Capper , Catalin Marinas , Will Deacon , "Jon Medhurst (Tixy)" , Masami Hiramatsu , Ananth N Mavinakayanahalli , Anil S Keshavamurthy , , linux-kernel@vger.kernel.org Subject: [PATCH v5 4/6] arm64: kprobes instruction simulation support Date: Tue, 17 Feb 2015 18:11:39 -0500 Message-Id: <1424214701-4899-5-git-send-email-dave.long@linaro.org> X-Mailer: git-send-email 1.8.1.2 In-Reply-To: <1424214701-4899-1-git-send-email-dave.long@linaro.org> References: <1424214701-4899-1-git-send-email-dave.long@linaro.org> X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: dave.long@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.42 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Precedence: list Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org List-ID: X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , From: Sandeepa Prabhu Kprobes needs simulation of instructions that cannot be stepped from different memory location, e.g.: those instructions that uses PC-relative addressing. In simulation, the behaviour of the instruction is implemented using a copy of pt_regs. Following instruction catagories are simulated: - All branching instructions(conditional, register, and immediate) - Literal access instructions(load-literal, adr/adrp) Conditional execution is limited to branching instructions in ARM v8. If conditions at PSTATE do not match the condition fields of opcode, the instruction is effectively NOP. Kprobes considers this case as 'miss'. Thanks to Will Cohen for assorted suggested changes. Signed-off-by: Sandeepa Prabhu Signed-off-by: William Cohen Signed-off-by: David A. Long --- arch/arm64/kernel/Makefile | 4 +- arch/arm64/kernel/kprobes-arm64.c | 98 +++++++++++++++++++++++++++++++++++++++ arch/arm64/kernel/kprobes-arm64.h | 2 + arch/arm64/kernel/kprobes.c | 35 ++++++++++++-- 4 files changed, 135 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kernel/Makefile b/arch/arm64/kernel/Makefile index 6ca9fc0..6e4dcde 100644 --- a/arch/arm64/kernel/Makefile +++ b/arch/arm64/kernel/Makefile @@ -31,7 +31,9 @@ arm64-obj-$(CONFIG_ARM64_CPU_SUSPEND) += sleep.o suspend.o arm64-obj-$(CONFIG_CPU_IDLE) += cpuidle.o arm64-obj-$(CONFIG_JUMP_LABEL) += jump_label.o arm64-obj-$(CONFIG_KGDB) += kgdb.o -arm64-obj-$(CONFIG_KPROBES) += kprobes.o kprobes-arm64.o +arm64-obj-$(CONFIG_KPROBES) += kprobes.o kprobes-arm64.o \ + probes-simulate-insn.o \ + probes-condn-check.o arm64-obj-$(CONFIG_EFI) += efi.o efi-stub.o efi-entry.o arm64-obj-$(CONFIG_PCI) += pci.o arm64-obj-$(CONFIG_ARMV8_DEPRECATED) += armv8_deprecated.o diff --git a/arch/arm64/kernel/kprobes-arm64.c b/arch/arm64/kernel/kprobes-arm64.c index f958c52..8a7e6b0 100644 --- a/arch/arm64/kernel/kprobes-arm64.c +++ b/arch/arm64/kernel/kprobes-arm64.c @@ -20,6 +20,76 @@ #include #include "kprobes-arm64.h" +#include "probes-simulate-insn.h" + +/* + * condition check functions for kprobes simulation + */ +static unsigned long __kprobes +__check_pstate(struct kprobe *p, struct pt_regs *regs) +{ + struct arch_specific_insn *asi = &p->ainsn; + unsigned long pstate = regs->pstate & 0xffffffff; + + return asi->pstate_cc(pstate); +} + +static unsigned long __kprobes +__check_cbz(struct kprobe *p, struct pt_regs *regs) +{ + return check_cbz((u32)p->opcode, regs); +} + +static unsigned long __kprobes +__check_cbnz(struct kprobe *p, struct pt_regs *regs) +{ + return check_cbnz((u32)p->opcode, regs); +} + +static unsigned long __kprobes +__check_tbz(struct kprobe *p, struct pt_regs *regs) +{ + return check_tbz((u32)p->opcode, regs); +} + +static unsigned long __kprobes +__check_tbnz(struct kprobe *p, struct pt_regs *regs) +{ + return check_tbnz((u32)p->opcode, regs); +} + +/* + * prepare functions for instruction simulation + */ +static void __kprobes +prepare_none(struct kprobe *p, struct arch_specific_insn *asi) +{ +} + +static void __kprobes +prepare_bcond(struct kprobe *p, struct arch_specific_insn *asi) +{ + kprobe_opcode_t insn = p->opcode; + + asi->check_condn = __check_pstate; + asi->pstate_cc = kprobe_condition_checks[insn & 0xf]; +} + +static void __kprobes +prepare_cbz_cbnz(struct kprobe *p, struct arch_specific_insn *asi) +{ + kprobe_opcode_t insn = p->opcode; + + asi->check_condn = (insn & (1 << 24)) ? __check_cbnz : __check_cbz; +} + +static void __kprobes +prepare_tbz_tbnz(struct kprobe *p, struct arch_specific_insn *asi) +{ + kprobe_opcode_t insn = p->opcode; + + asi->check_condn = (insn & (1 << 24)) ? __check_tbnz : __check_tbz; +} static bool __kprobes aarch64_insn_is_steppable(u32 insn) { @@ -63,6 +133,34 @@ arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi) */ if (aarch64_insn_is_steppable(insn)) return INSN_GOOD; + + asi->prepare = prepare_none; + + if (aarch64_insn_is_bcond(insn)) { + asi->prepare = prepare_bcond; + asi->handler = simulate_b_cond; + } else if (aarch64_insn_is_cb(insn)) { + asi->prepare = prepare_cbz_cbnz; + asi->handler = simulate_cbz_cbnz; + } else if (aarch64_insn_is_tb(insn)) { + asi->prepare = prepare_tbz_tbnz; + asi->handler = simulate_tbz_tbnz; + } else if (aarch64_insn_is_adr_adrp(insn)) + asi->handler = simulate_adr_adrp; + else if (aarch64_insn_is_b_bl(insn)) + asi->handler = simulate_b_bl; + else if (aarch64_insn_is_br_blr(insn) || aarch64_insn_is_ret(insn)) + asi->handler = simulate_br_blr_ret; + else if (aarch64_insn_is_ldr_lit(insn)) + asi->handler = simulate_ldr_literal; + else if (aarch64_insn_is_ldrsw_lit(insn)) + asi->handler = simulate_ldrsw_literal; else + /* + * Instruction cannot be stepped out-of-line and we don't + * (yet) simulate it. + */ return INSN_REJECTED; + + return INSN_GOOD_NO_SLOT; } diff --git a/arch/arm64/kernel/kprobes-arm64.h b/arch/arm64/kernel/kprobes-arm64.h index 87e7891..ff8a55f 100644 --- a/arch/arm64/kernel/kprobes-arm64.h +++ b/arch/arm64/kernel/kprobes-arm64.h @@ -22,6 +22,8 @@ enum kprobe_insn { INSN_GOOD, }; +extern kprobes_pstate_check_t * const kprobe_condition_checks[16]; + enum kprobe_insn __kprobes arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi); diff --git a/arch/arm64/kernel/kprobes.c b/arch/arm64/kernel/kprobes.c index 1ead41f..e157877 100644 --- a/arch/arm64/kernel/kprobes.c +++ b/arch/arm64/kernel/kprobes.c @@ -38,6 +38,9 @@ DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL; DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); +static void __kprobes +post_kprobe_handler(struct kprobe_ctlblk *, struct pt_regs *); + static void __kprobes arch_prepare_ss_slot(struct kprobe *p) { /* prepare insn slot */ @@ -54,6 +57,27 @@ static void __kprobes arch_prepare_ss_slot(struct kprobe *p) p->ainsn.restore.type = RESTORE_PC; } +static void __kprobes arch_prepare_simulate(struct kprobe *p) +{ + if (p->ainsn.prepare) + p->ainsn.prepare(p, &p->ainsn); + + /* This instructions is not executed xol. No need to adjust the PC */ + p->ainsn.restore.addr = 0; + p->ainsn.restore.type = NO_RESTORE; +} + +static void __kprobes arch_simulate_insn(struct kprobe *p, struct pt_regs *regs) +{ + struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); + + if (p->ainsn.handler) + p->ainsn.handler((u32)p->opcode, (long)p->addr, regs); + + /* single step simulated, now go for post processing */ + post_kprobe_handler(kcb, regs); +} + int __kprobes arch_prepare_kprobe(struct kprobe *p) { kprobe_opcode_t insn; @@ -72,7 +96,8 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) return -EINVAL; case INSN_GOOD_NO_SLOT: /* insn need simulation */ - return -EINVAL; + p->ainsn.insn = NULL; + break; case INSN_GOOD: /* instruction uses slot */ p->ainsn.insn = get_insn_slot(); @@ -82,7 +107,10 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) }; /* prepare the instruction */ - arch_prepare_ss_slot(p); + if (p->ainsn.insn) + arch_prepare_ss_slot(p); + else + arch_prepare_simulate(p); return 0; } @@ -231,7 +259,8 @@ static void __kprobes setup_singlestep(struct kprobe *p, kernel_enable_single_step(regs); instruction_pointer(regs) = slot; } else { - BUG(); + /* insn simulation */ + arch_simulate_insn(p, regs); } }