2 * Kernel Probes (KProbes)
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 * Copyright (C) IBM Corporation, 2002, 2004
20 * 2002-Oct Created by Vamsi Krishna S <vamsi_krishna@in.ibm.com> Kernel
21 * Probes initial implementation ( includes contributions from
23 * 2004-July Suparna Bhattacharya <suparna@in.ibm.com> added jumper probes
24 * interface to access function arguments.
25 * 2004-Nov Ananth N Mavinakayanahalli <ananth@in.ibm.com> kprobes port
29 #include <linux/kprobes.h>
30 #include <linux/ptrace.h>
31 #include <linux/preempt.h>
32 #include <linux/extable.h>
33 #include <linux/kdebug.h>
34 #include <linux/slab.h>
35 #include <asm/code-patching.h>
36 #include <asm/cacheflush.h>
37 #include <asm/sstep.h>
38 #include <asm/sections.h>
39 #include <linux/uaccess.h>
41 DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
42 DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
44 struct kretprobe_blackpoint kretprobe_blacklist[] = {{NULL, NULL}};
46 bool arch_within_kprobe_blacklist(unsigned long addr)
48 return (addr >= (unsigned long)__kprobes_text_start &&
49 addr < (unsigned long)__kprobes_text_end) ||
50 (addr >= (unsigned long)_stext &&
51 addr < (unsigned long)__head_end);
54 kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset)
56 kprobe_opcode_t *addr;
58 #ifdef PPC64_ELF_ABI_v2
59 /* PPC64 ABIv2 needs local entry point */
60 addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
61 if (addr && !offset) {
62 #ifdef CONFIG_KPROBES_ON_FTRACE
65 * Per livepatch.h, ftrace location is always within the first
66 * 16 bytes of a function on powerpc with -mprofile-kernel.
68 faddr = ftrace_location_range((unsigned long)addr,
69 (unsigned long)addr + 16);
71 addr = (kprobe_opcode_t *)faddr;
74 addr = (kprobe_opcode_t *)ppc_function_entry(addr);
76 #elif defined(PPC64_ELF_ABI_v1)
78 * 64bit powerpc ABIv1 uses function descriptors:
79 * - Check for the dot variant of the symbol first.
80 * - If that fails, try looking up the symbol provided.
82 * This ensures we always get to the actual symbol and not
85 * Also handle <module:symbol> format.
87 char dot_name[MODULE_NAME_LEN + 1 + KSYM_NAME_LEN];
89 bool dot_appended = false;
90 if ((modsym = strchr(name, ':')) != NULL) {
92 if (*modsym != '\0' && *modsym != '.') {
93 /* Convert to <module:.symbol> */
94 strncpy(dot_name, name, modsym - name);
95 dot_name[modsym - name] = '.';
96 dot_name[modsym - name + 1] = '\0';
97 strncat(dot_name, modsym,
98 sizeof(dot_name) - (modsym - name) - 2);
102 strncat(dot_name, name, sizeof(dot_name) - 1);
104 } else if (name[0] != '.') {
107 strncat(dot_name, name, KSYM_NAME_LEN - 2);
111 strncat(dot_name, name, KSYM_NAME_LEN - 1);
113 addr = (kprobe_opcode_t *)kallsyms_lookup_name(dot_name);
114 if (!addr && dot_appended) {
115 /* Let's try the original non-dot symbol lookup */
116 addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
119 addr = (kprobe_opcode_t *)kallsyms_lookup_name(name);
125 int arch_prepare_kprobe(struct kprobe *p)
128 kprobe_opcode_t insn = *p->addr;
130 if ((unsigned long)p->addr & 0x03) {
131 printk("Attempt to register kprobe at an unaligned address\n");
133 } else if (IS_MTMSRD(insn) || IS_RFID(insn) || IS_RFI(insn)) {
134 printk("Cannot register a kprobe on rfi/rfid or mtmsr[d]\n");
138 /* insn must be on a special executable page on ppc64. This is
139 * not explicitly required on ppc32 (right now), but it doesn't hurt */
141 p->ainsn.insn = get_insn_slot();
147 memcpy(p->ainsn.insn, p->addr,
148 MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
149 p->opcode = *p->addr;
150 flush_icache_range((unsigned long)p->ainsn.insn,
151 (unsigned long)p->ainsn.insn + sizeof(kprobe_opcode_t));
154 p->ainsn.boostable = 0;
157 NOKPROBE_SYMBOL(arch_prepare_kprobe);
159 void arch_arm_kprobe(struct kprobe *p)
161 patch_instruction(p->addr, BREAKPOINT_INSTRUCTION);
163 NOKPROBE_SYMBOL(arch_arm_kprobe);
165 void arch_disarm_kprobe(struct kprobe *p)
167 patch_instruction(p->addr, p->opcode);
169 NOKPROBE_SYMBOL(arch_disarm_kprobe);
171 void arch_remove_kprobe(struct kprobe *p)
174 free_insn_slot(p->ainsn.insn, 0);
175 p->ainsn.insn = NULL;
178 NOKPROBE_SYMBOL(arch_remove_kprobe);
180 static nokprobe_inline void prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
182 enable_single_step(regs);
185 * On powerpc we should single step on the original
186 * instruction even if the probed insn is a trap
187 * variant as values in regs could play a part in
188 * if the trap is taken or not
190 regs->nip = (unsigned long)p->ainsn.insn;
193 static nokprobe_inline void save_previous_kprobe(struct kprobe_ctlblk *kcb)
195 kcb->prev_kprobe.kp = kprobe_running();
196 kcb->prev_kprobe.status = kcb->kprobe_status;
197 kcb->prev_kprobe.saved_msr = kcb->kprobe_saved_msr;
200 static nokprobe_inline void restore_previous_kprobe(struct kprobe_ctlblk *kcb)
202 __this_cpu_write(current_kprobe, kcb->prev_kprobe.kp);
203 kcb->kprobe_status = kcb->prev_kprobe.status;
204 kcb->kprobe_saved_msr = kcb->prev_kprobe.saved_msr;
207 static nokprobe_inline void set_current_kprobe(struct kprobe *p, struct pt_regs *regs,
208 struct kprobe_ctlblk *kcb)
210 __this_cpu_write(current_kprobe, p);
211 kcb->kprobe_saved_msr = regs->msr;
214 bool arch_kprobe_on_func_entry(unsigned long offset)
216 #ifdef PPC64_ELF_ABI_v2
217 #ifdef CONFIG_KPROBES_ON_FTRACE
227 void arch_prepare_kretprobe(struct kretprobe_instance *ri, struct pt_regs *regs)
229 ri->ret_addr = (kprobe_opcode_t *)regs->link;
231 /* Replace the return addr with trampoline addr */
232 regs->link = (unsigned long)kretprobe_trampoline;
234 NOKPROBE_SYMBOL(arch_prepare_kretprobe);
236 static int try_to_emulate(struct kprobe *p, struct pt_regs *regs)
239 unsigned int insn = *p->ainsn.insn;
241 /* regs->nip is also adjusted if emulate_step returns 1 */
242 ret = emulate_step(regs, insn);
245 * Once this instruction has been boosted
246 * successfully, set the boostable flag
248 if (unlikely(p->ainsn.boostable == 0))
249 p->ainsn.boostable = 1;
250 } else if (ret < 0) {
252 * We don't allow kprobes on mtmsr(d)/rfi(d), etc.
253 * So, we should never get here... but, its still
254 * good to catch them, just in case...
256 printk("Can't step on instruction %x\n", insn);
260 * If we haven't previously emulated this instruction, then it
261 * can't be boosted. Note it down so we don't try to do so again.
263 * If, however, we had emulated this instruction in the past,
264 * then this is just an error with the current run (for
265 * instance, exceptions due to a load/store). We return 0 so
266 * that this is now single-stepped, but continue to try
267 * emulating it in subsequent probe hits.
269 if (unlikely(p->ainsn.boostable != 1))
270 p->ainsn.boostable = -1;
275 NOKPROBE_SYMBOL(try_to_emulate);
277 int kprobe_handler(struct pt_regs *regs)
281 unsigned int *addr = (unsigned int *)regs->nip;
282 struct kprobe_ctlblk *kcb;
288 * We don't want to be preempted for the entire
289 * duration of kprobe processing
292 kcb = get_kprobe_ctlblk();
294 /* Check we're not actually recursing */
295 if (kprobe_running()) {
296 p = get_kprobe(addr);
298 kprobe_opcode_t insn = *p->ainsn.insn;
299 if (kcb->kprobe_status == KPROBE_HIT_SS &&
301 /* Turn off 'trace' bits */
302 regs->msr &= ~MSR_SINGLESTEP;
303 regs->msr |= kcb->kprobe_saved_msr;
306 /* We have reentered the kprobe_handler(), since
307 * another probe was hit while within the handler.
308 * We here save the original kprobes variables and
309 * just single step on the instruction of the new probe
310 * without calling any user handlers.
312 save_previous_kprobe(kcb);
313 set_current_kprobe(p, regs, kcb);
314 kprobes_inc_nmissed_count(p);
315 kcb->kprobe_status = KPROBE_REENTER;
316 if (p->ainsn.boostable >= 0) {
317 ret = try_to_emulate(p, regs);
320 restore_previous_kprobe(kcb);
321 preempt_enable_no_resched();
325 prepare_singlestep(p, regs);
328 if (*addr != BREAKPOINT_INSTRUCTION) {
329 /* If trap variant, then it belongs not to us */
330 kprobe_opcode_t cur_insn = *addr;
331 if (is_trap(cur_insn))
333 /* The breakpoint instruction was removed by
334 * another cpu right after we hit, no further
335 * handling of this interrupt is appropriate
340 p = __this_cpu_read(current_kprobe);
341 if (p->break_handler && p->break_handler(p, regs)) {
342 if (!skip_singlestep(p, regs, kcb))
350 p = get_kprobe(addr);
352 if (*addr != BREAKPOINT_INSTRUCTION) {
354 * PowerPC has multiple variants of the "trap"
355 * instruction. If the current instruction is a
356 * trap variant, it could belong to someone else
358 kprobe_opcode_t cur_insn = *addr;
359 if (is_trap(cur_insn))
362 * The breakpoint instruction was removed right
363 * after we hit it. Another cpu has removed
364 * either a probepoint or a debugger breakpoint
365 * at this address. In either case, no further
366 * handling of this interrupt is appropriate.
370 /* Not one of ours: let kernel handle it */
374 kcb->kprobe_status = KPROBE_HIT_ACTIVE;
375 set_current_kprobe(p, regs, kcb);
376 if (p->pre_handler && p->pre_handler(p, regs))
377 /* handler has already set things up, so skip ss setup */
381 if (p->ainsn.boostable >= 0) {
382 ret = try_to_emulate(p, regs);
386 p->post_handler(p, regs, 0);
388 kcb->kprobe_status = KPROBE_HIT_SSDONE;
389 reset_current_kprobe();
390 preempt_enable_no_resched();
394 prepare_singlestep(p, regs);
395 kcb->kprobe_status = KPROBE_HIT_SS;
399 preempt_enable_no_resched();
402 NOKPROBE_SYMBOL(kprobe_handler);
405 * Function return probe trampoline:
406 * - init_kprobes() establishes a probepoint here
407 * - When the probed function returns, this probe
408 * causes the handlers to fire
410 asm(".global kretprobe_trampoline\n"
411 ".type kretprobe_trampoline, @function\n"
412 "kretprobe_trampoline:\n"
415 ".size kretprobe_trampoline, .-kretprobe_trampoline\n");
418 * Called when the probe at kretprobe trampoline is hit
420 static int trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
422 struct kretprobe_instance *ri = NULL;
423 struct hlist_head *head, empty_rp;
424 struct hlist_node *tmp;
425 unsigned long flags, orig_ret_address = 0;
426 unsigned long trampoline_address =(unsigned long)&kretprobe_trampoline;
428 INIT_HLIST_HEAD(&empty_rp);
429 kretprobe_hash_lock(current, &head, &flags);
432 * It is possible to have multiple instances associated with a given
433 * task either because an multiple functions in the call path
434 * have a return probe installed on them, and/or more than one return
435 * return probe was registered for a target function.
437 * We can handle this because:
438 * - instances are always inserted at the head of the list
439 * - when multiple return probes are registered for the same
440 * function, the first instance's ret_addr will point to the
441 * real return address, and all the rest will point to
442 * kretprobe_trampoline
444 hlist_for_each_entry_safe(ri, tmp, head, hlist) {
445 if (ri->task != current)
446 /* another task is sharing our hash bucket */
449 if (ri->rp && ri->rp->handler)
450 ri->rp->handler(ri, regs);
452 orig_ret_address = (unsigned long)ri->ret_addr;
453 recycle_rp_inst(ri, &empty_rp);
455 if (orig_ret_address != trampoline_address)
457 * This is the real return address. Any other
458 * instances associated with this task are for
459 * other calls deeper on the call stack
464 kretprobe_assert(ri, orig_ret_address, trampoline_address);
465 regs->nip = orig_ret_address;
467 * Make LR point to the orig_ret_address.
468 * When the 'nop' inside the kretprobe_trampoline
469 * is optimized, we can do a 'blr' after executing the
470 * detour buffer code.
472 regs->link = orig_ret_address;
474 reset_current_kprobe();
475 kretprobe_hash_unlock(current, &flags);
476 preempt_enable_no_resched();
478 hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
479 hlist_del(&ri->hlist);
483 * By returning a non-zero value, we are telling
484 * kprobe_handler() that we don't want the post_handler
485 * to run (and have re-enabled preemption)
489 NOKPROBE_SYMBOL(trampoline_probe_handler);
492 * Called after single-stepping. p->addr is the address of the
493 * instruction whose first byte has been replaced by the "breakpoint"
494 * instruction. To avoid the SMP problems that can occur when we
495 * temporarily put back the original opcode to single-step, we
496 * single-stepped a copy of the instruction. The address of this
497 * copy is p->ainsn.insn.
499 int kprobe_post_handler(struct pt_regs *regs)
501 struct kprobe *cur = kprobe_running();
502 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
504 if (!cur || user_mode(regs))
507 /* make sure we got here for instruction we have a kprobe on */
508 if (((unsigned long)cur->ainsn.insn + 4) != regs->nip)
511 if ((kcb->kprobe_status != KPROBE_REENTER) && cur->post_handler) {
512 kcb->kprobe_status = KPROBE_HIT_SSDONE;
513 cur->post_handler(cur, regs, 0);
516 /* Adjust nip to after the single-stepped instruction */
517 regs->nip = (unsigned long)cur->addr + 4;
518 regs->msr |= kcb->kprobe_saved_msr;
520 /*Restore back the original saved kprobes variables and continue. */
521 if (kcb->kprobe_status == KPROBE_REENTER) {
522 restore_previous_kprobe(kcb);
525 reset_current_kprobe();
527 preempt_enable_no_resched();
530 * if somebody else is singlestepping across a probe point, msr
531 * will have DE/SE set, in which case, continue the remaining processing
532 * of do_debug, as if this is not a probe hit.
534 if (regs->msr & MSR_SINGLESTEP)
539 NOKPROBE_SYMBOL(kprobe_post_handler);
541 int kprobe_fault_handler(struct pt_regs *regs, int trapnr)
543 struct kprobe *cur = kprobe_running();
544 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
545 const struct exception_table_entry *entry;
547 switch(kcb->kprobe_status) {
551 * We are here because the instruction being single
552 * stepped caused a page fault. We reset the current
553 * kprobe and the nip points back to the probe address
554 * and allow the page fault handler to continue as a
557 regs->nip = (unsigned long)cur->addr;
558 regs->msr &= ~MSR_SINGLESTEP; /* Turn off 'trace' bits */
559 regs->msr |= kcb->kprobe_saved_msr;
560 if (kcb->kprobe_status == KPROBE_REENTER)
561 restore_previous_kprobe(kcb);
563 reset_current_kprobe();
564 preempt_enable_no_resched();
566 case KPROBE_HIT_ACTIVE:
567 case KPROBE_HIT_SSDONE:
569 * We increment the nmissed count for accounting,
570 * we can also use npre/npostfault count for accounting
571 * these specific fault cases.
573 kprobes_inc_nmissed_count(cur);
576 * We come here because instructions in the pre/post
577 * handler caused the page_fault, this could happen
578 * if handler tries to access user space by
579 * copy_from_user(), get_user() etc. Let the
580 * user-specified handler try to fix it first.
582 if (cur->fault_handler && cur->fault_handler(cur, regs, trapnr))
586 * In case the user-specified fault handler returned
587 * zero, try to fix up.
589 if ((entry = search_exception_tables(regs->nip)) != NULL) {
590 regs->nip = extable_fixup(entry);
595 * fixup_exception() could not handle it,
596 * Let do_page_fault() fix it.
604 NOKPROBE_SYMBOL(kprobe_fault_handler);
606 unsigned long arch_deref_entry_point(void *entry)
608 return ppc_global_function_entry(entry);
610 NOKPROBE_SYMBOL(arch_deref_entry_point);
612 int setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
614 struct jprobe *jp = container_of(p, struct jprobe, kp);
615 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
617 memcpy(&kcb->jprobe_saved_regs, regs, sizeof(struct pt_regs));
619 /* setup return addr to the jprobe handler routine */
620 regs->nip = arch_deref_entry_point(jp->entry);
621 #ifdef PPC64_ELF_ABI_v2
622 regs->gpr[12] = (unsigned long)jp->entry;
623 #elif defined(PPC64_ELF_ABI_v1)
624 regs->gpr[2] = (unsigned long)(((func_descr_t *)jp->entry)->toc);
628 * jprobes use jprobe_return() which skips the normal return
629 * path of the function, and this messes up the accounting of the
630 * function graph tracer.
632 * Pause function graph tracing while performing the jprobe function.
634 pause_graph_tracing();
638 NOKPROBE_SYMBOL(setjmp_pre_handler);
640 void __used jprobe_return(void)
642 asm volatile("jprobe_return_trap:\n"
646 NOKPROBE_SYMBOL(jprobe_return);
648 int longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
650 struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
652 if (regs->nip != ppc_kallsyms_lookup_name("jprobe_return_trap")) {
653 pr_debug("longjmp_break_handler NIP (0x%lx) does not match jprobe_return_trap (0x%lx)\n",
654 regs->nip, ppc_kallsyms_lookup_name("jprobe_return_trap"));
658 memcpy(regs, &kcb->jprobe_saved_regs, sizeof(struct pt_regs));
659 /* It's OK to start function graph tracing again */
660 unpause_graph_tracing();
661 preempt_enable_no_resched();
664 NOKPROBE_SYMBOL(longjmp_break_handler);
666 static struct kprobe trampoline_p = {
667 .addr = (kprobe_opcode_t *) &kretprobe_trampoline,
668 .pre_handler = trampoline_probe_handler
671 int __init arch_init_kprobes(void)
673 return register_kprobe(&trampoline_p);
676 int arch_trampoline_kprobe(struct kprobe *p)
678 if (p->addr == (kprobe_opcode_t *)&kretprobe_trampoline)
683 NOKPROBE_SYMBOL(arch_trampoline_kprobe);
OSDN Git Service
