summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid A. Long <dave.long@linaro.org>2014-03-07 11:16:10 -0500
committerDavid A. Long <dave.long@linaro.org>2014-03-18 16:39:35 -0400
commitc18377c303787ded44b7decd7dee694db0f205e9 (patch)
tree431abbf7243c839c40a4524e56cde343afb0f53a
parentb2531dd5e5f19ea01d67aed82d81c5f778ec0fb7 (diff)
ARM: Move generic arm instruction parsing code to new files for sharing between features
Move the arm version of the kprobes instruction parsing code into more generic files from where it can be used by uprobes and possibly other subsystems. The symbol names will be made more generic in a subsequent part of this patchset. Signed-off-by: David A. Long <dave.long@linaro.org> Acked-by: Jon Medhurst <tixy@linaro.org>
Diffstat
-rw-r--r--arch/arm/include/asm/probes.h2
-rw-r--r--arch/arm/kernel/Makefile4
-rw-r--r--arch/arm/kernel/kprobes-arm.c724
-rw-r--r--arch/arm/kernel/kprobes-common.c425
-rw-r--r--arch/arm/kernel/kprobes.h373
-rw-r--r--arch/arm/kernel/probes-arm.c731
-rw-r--r--arch/arm/kernel/probes-arm.h38
-rw-r--r--arch/arm/kernel/probes.c443
-rw-r--r--arch/arm/kernel/probes.h397
9 files changed, 1624 insertions, 1513 deletions
diff --git a/arch/arm/include/asm/probes.h b/arch/arm/include/asm/probes.h
index 90c5f5485202..737a9b310efc 100644
--- a/arch/arm/include/asm/probes.h
+++ b/arch/arm/include/asm/probes.h
@@ -19,6 +19,8 @@
19#ifndef _ASM_PROBES_H 19#ifndef _ASM_PROBES_H
20#define _ASM_PROBES_H 20#define _ASM_PROBES_H
21 21
22struct kprobe;
23
22typedef void (kprobe_insn_handler_t)(struct kprobe *, struct pt_regs *); 24typedef void (kprobe_insn_handler_t)(struct kprobe *, struct pt_regs *);
23typedef unsigned long (kprobe_check_cc)(unsigned long); 25typedef unsigned long (kprobe_check_cc)(unsigned long);
24typedef void (kprobe_insn_singlestep_t)(struct kprobe *, struct pt_regs *); 26typedef void (kprobe_insn_singlestep_t)(struct kprobe *, struct pt_regs *);
diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
index a30fc9be9e9e..4c8b13e64280 100644
--- a/arch/arm/kernel/Makefile
+++ b/arch/arm/kernel/Makefile
@@ -50,11 +50,11 @@ obj-$(CONFIG_DYNAMIC_FTRACE) += ftrace.o insn.o
50obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o insn.o 50obj-$(CONFIG_FUNCTION_GRAPH_TRACER) += ftrace.o insn.o
51obj-$(CONFIG_JUMP_LABEL) += jump_label.o insn.o patch.o 51obj-$(CONFIG_JUMP_LABEL) += jump_label.o insn.o patch.o
52obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o 52obj-$(CONFIG_KEXEC) += machine_kexec.o relocate_kernel.o
53obj-$(CONFIG_KPROBES) += kprobes.o kprobes-common.o patch.o 53obj-$(CONFIG_KPROBES) += probes.o kprobes.o kprobes-common.o patch.o
54ifdef CONFIG_THUMB2_KERNEL 54ifdef CONFIG_THUMB2_KERNEL
55obj-$(CONFIG_KPROBES) += kprobes-thumb.o 55obj-$(CONFIG_KPROBES) += kprobes-thumb.o
56else 56else
57obj-$(CONFIG_KPROBES) += kprobes-arm.o 57obj-$(CONFIG_KPROBES) += kprobes-arm.o probes-arm.o
58endif 58endif
59obj-$(CONFIG_ARM_KPROBES_TEST) += test-kprobes.o 59obj-$(CONFIG_ARM_KPROBES_TEST) += test-kprobes.o
60test-kprobes-objs := kprobes-test.o 60test-kprobes-objs := kprobes-test.o
diff --git a/arch/arm/kernel/kprobes-arm.c b/arch/arm/kernel/kprobes-arm.c
index 8a30c89da70e..a1d0a8f00f9e 100644
--- a/arch/arm/kernel/kprobes-arm.c
+++ b/arch/arm/kernel/kprobes-arm.c
@@ -60,13 +60,10 @@
60 60
61#include <linux/kernel.h> 61#include <linux/kernel.h>
62#include <linux/kprobes.h> 62#include <linux/kprobes.h>
63#include <linux/module.h> 63#include <linux/ptrace.h>
64 64
65#include "kprobes.h" 65#include "kprobes.h"
66 66#include "probes-arm.h"
67#define sign_extend(x, signbit) ((x) | (0 - ((x) & (1 << (signbit)))))
68
69#define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25)
70 67
71#if __LINUX_ARM_ARCH__ >= 6 68#if __LINUX_ARM_ARCH__ >= 6
72#define BLX(reg) "blx "reg" \n\t" 69#define BLX(reg) "blx "reg" \n\t"
@@ -75,88 +72,8 @@
75 "mov pc, "reg" \n\t" 72 "mov pc, "reg" \n\t"
76#endif 73#endif
77 74
78/*
79 * To avoid the complications of mimicing single-stepping on a
80 * processor without a Next-PC or a single-step mode, and to
81 * avoid having to deal with the side-effects of boosting, we
82 * simulate or emulate (almost) all ARM instructions.
83 *
84 * "Simulation" is where the instruction's behavior is duplicated in
85 * C code. "Emulation" is where the original instruction is rewritten
86 * and executed, often by altering its registers.
87 *
88 * By having all behavior of the kprobe'd instruction completed before
89 * returning from the kprobe_handler(), all locks (scheduler and
90 * interrupt) can safely be released. There is no need for secondary
91 * breakpoints, no race with MP or preemptable kernels, nor having to
92 * clean up resources counts at a later time impacting overall system
93 * performance. By rewriting the instruction, only the minimum registers
94 * need to be loaded and saved back optimizing performance.
95 *
96 * Calling the insnslot_*_rwflags version of a function doesn't hurt
97 * anything even when the CPSR flags aren't updated by the
98 * instruction. It's just a little slower in return for saving
99 * a little space by not having a duplicate function that doesn't
100 * update the flags. (The same optimization can be said for
101 * instructions that do or don't perform register writeback)
102 * Also, instructions can either read the flags, only write the
103 * flags, or read and write the flags. To save combinations
104 * rather than for sheer performance, flag functions just assume
105 * read and write of flags.
106 */
107
108static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs)
109{
110 kprobe_opcode_t insn = p->opcode;
111 long iaddr = (long)p->addr;
112 int disp = branch_displacement(insn);
113
114 if (insn & (1 << 24))
115 regs->ARM_lr = iaddr + 4;
116
117 regs->ARM_pc = iaddr + 8 + disp;
118}
119
120static void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs)
121{
122 kprobe_opcode_t insn = p->opcode;
123 long iaddr = (long)p->addr;
124 int disp = branch_displacement(insn);
125
126 regs->ARM_lr = iaddr + 4;
127 regs->ARM_pc = iaddr + 8 + disp + ((insn >> 23) & 0x2);
128 regs->ARM_cpsr |= PSR_T_BIT;
129}
130 75
131static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs) 76void __kprobes
132{
133 kprobe_opcode_t insn = p->opcode;
134 int rm = insn & 0xf;
135 long rmv = regs->uregs[rm];
136
137 if (insn & (1 << 5))
138 regs->ARM_lr = (long)p->addr + 4;
139
140 regs->ARM_pc = rmv & ~0x1;
141 regs->ARM_cpsr &= ~PSR_T_BIT;
142 if (rmv & 0x1)
143 regs->ARM_cpsr |= PSR_T_BIT;
144}
145
146static void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs)
147{
148 kprobe_opcode_t insn = p->opcode;
149 int rd = (insn >> 12) & 0xf;
150 unsigned long mask = 0xf8ff03df; /* Mask out execution state */
151 regs->uregs[rd] = regs->ARM_cpsr & mask;
152}
153
154static void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs)
155{
156 regs->uregs[12] = regs->uregs[13];
157}
158
159static void __kprobes
160emulate_ldrdstrd(struct kprobe *p, struct pt_regs *regs) 77emulate_ldrdstrd(struct kprobe *p, struct pt_regs *regs)
161{ 78{
162 kprobe_opcode_t insn = p->opcode; 79 kprobe_opcode_t insn = p->opcode;
@@ -185,7 +102,7 @@ emulate_ldrdstrd(struct kprobe *p, struct pt_regs *regs)
185 regs->uregs[rn] = rnv; 102 regs->uregs[rn] = rnv;
186} 103}
187 104
188static void __kprobes 105void __kprobes
189emulate_ldr(struct kprobe *p, struct pt_regs *regs) 106emulate_ldr(struct kprobe *p, struct pt_regs *regs)
190{ 107{
191 kprobe_opcode_t insn = p->opcode; 108 kprobe_opcode_t insn = p->opcode;
@@ -215,7 +132,7 @@ emulate_ldr(struct kprobe *p, struct pt_regs *regs)
215 regs->uregs[rn] = rnv; 132 regs->uregs[rn] = rnv;
216} 133}
217 134
218static void __kprobes 135void __kprobes
219emulate_str(struct kprobe *p, struct pt_regs *regs) 136emulate_str(struct kprobe *p, struct pt_regs *regs)
220{ 137{
221 kprobe_opcode_t insn = p->opcode; 138 kprobe_opcode_t insn = p->opcode;
@@ -242,7 +159,7 @@ emulate_str(struct kprobe *p, struct pt_regs *regs)
242 regs->uregs[rn] = rnv; 159 regs->uregs[rn] = rnv;
243} 160}
244 161
245static void __kprobes 162void __kprobes
246emulate_rd12rn16rm0rs8_rwflags(struct kprobe *p, struct pt_regs *regs) 163emulate_rd12rn16rm0rs8_rwflags(struct kprobe *p, struct pt_regs *regs)
247{ 164{
248 kprobe_opcode_t insn = p->opcode; 165 kprobe_opcode_t insn = p->opcode;
@@ -277,7 +194,7 @@ emulate_rd12rn16rm0rs8_rwflags(struct kprobe *p, struct pt_regs *regs)
277 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK); 194 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
278} 195}
279 196
280static void __kprobes 197void __kprobes
281emulate_rd12rn16rm0_rwflags_nopc(struct kprobe *p, struct pt_regs *regs) 198emulate_rd12rn16rm0_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
282{ 199{
283 kprobe_opcode_t insn = p->opcode; 200 kprobe_opcode_t insn = p->opcode;
@@ -304,7 +221,7 @@ emulate_rd12rn16rm0_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
304 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK); 221 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
305} 222}
306 223
307static void __kprobes 224void __kprobes
308emulate_rd16rn12rm0rs8_rwflags_nopc(struct kprobe *p, struct pt_regs *regs) 225emulate_rd16rn12rm0rs8_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
309{ 226{
310 kprobe_opcode_t insn = p->opcode; 227 kprobe_opcode_t insn = p->opcode;
@@ -333,7 +250,7 @@ emulate_rd16rn12rm0rs8_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
333 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK); 250 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
334} 251}
335 252
336static void __kprobes 253void __kprobes
337emulate_rd12rm0_noflags_nopc(struct kprobe *p, struct pt_regs *regs) 254emulate_rd12rm0_noflags_nopc(struct kprobe *p, struct pt_regs *regs)
338{ 255{
339 kprobe_opcode_t insn = p->opcode; 256 kprobe_opcode_t insn = p->opcode;
@@ -353,7 +270,7 @@ emulate_rd12rm0_noflags_nopc(struct kprobe *p, struct pt_regs *regs)
353 regs->uregs[rd] = rdv; 270 regs->uregs[rd] = rdv;
354} 271}
355 272
356static void __kprobes 273void __kprobes
357emulate_rdlo12rdhi16rn0rm8_rwflags_nopc(struct kprobe *p, struct pt_regs *regs) 274emulate_rdlo12rdhi16rn0rm8_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
358{ 275{
359 kprobe_opcode_t insn = p->opcode; 276 kprobe_opcode_t insn = p->opcode;
@@ -382,624 +299,3 @@ emulate_rdlo12rdhi16rn0rm8_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
382 regs->uregs[rdhi] = rdhiv; 299 regs->uregs[rdhi] = rdhiv;
383 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK); 300 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
384} 301}
385
386/*
387 * For the instruction masking and comparisons in all the "space_*"
388 * functions below, Do _not_ rearrange the order of tests unless
389 * you're very, very sure of what you are doing. For the sake of
390 * efficiency, the masks for some tests sometimes assume other test
391 * have been done prior to them so the number of patterns to test
392 * for an instruction set can be as broad as possible to reduce the
393 * number of tests needed.
394 */
395
396static const union decode_item arm_1111_table[] = {
397 /* Unconditional instructions */
398
399 /* memory hint 1111 0100 x001 xxxx xxxx xxxx xxxx xxxx */
400 /* PLDI (immediate) 1111 0100 x101 xxxx xxxx xxxx xxxx xxxx */
401 /* PLDW (immediate) 1111 0101 x001 xxxx xxxx xxxx xxxx xxxx */
402 /* PLD (immediate) 1111 0101 x101 xxxx xxxx xxxx xxxx xxxx */
403 DECODE_SIMULATE (0xfe300000, 0xf4100000, kprobe_simulate_nop),
404
405 /* memory hint 1111 0110 x001 xxxx xxxx xxxx xxx0 xxxx */
406 /* PLDI (register) 1111 0110 x101 xxxx xxxx xxxx xxx0 xxxx */
407 /* PLDW (register) 1111 0111 x001 xxxx xxxx xxxx xxx0 xxxx */
408 /* PLD (register) 1111 0111 x101 xxxx xxxx xxxx xxx0 xxxx */
409 DECODE_SIMULATE (0xfe300010, 0xf6100000, kprobe_simulate_nop),
410
411 /* BLX (immediate) 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx */
412 DECODE_SIMULATE (0xfe000000, 0xfa000000, simulate_blx1),
413
414 /* CPS 1111 0001 0000 xxx0 xxxx xxxx xx0x xxxx */
415 /* SETEND 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */
416 /* SRS 1111 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
417 /* RFE 1111 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
418
419 /* Coprocessor instructions... */
420 /* MCRR2 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx */
421 /* MRRC2 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx */
422 /* LDC2 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
423 /* STC2 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
424 /* CDP2 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
425 /* MCR2 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
426 /* MRC2 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
427
428 /* Other unallocated instructions... */
429 DECODE_END
430};
431
432static const union decode_item arm_cccc_0001_0xx0____0xxx_table[] = {
433 /* Miscellaneous instructions */
434
435 /* MRS cpsr cccc 0001 0000 xxxx xxxx xxxx 0000 xxxx */
436 DECODE_SIMULATEX(0x0ff000f0, 0x01000000, simulate_mrs,
437 REGS(0, NOPC, 0, 0, 0)),
438
439 /* BX cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */
440 DECODE_SIMULATE (0x0ff000f0, 0x01200010, simulate_blx2bx),
441
442 /* BLX (register) cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */
443 DECODE_SIMULATEX(0x0ff000f0, 0x01200030, simulate_blx2bx,
444 REGS(0, 0, 0, 0, NOPC)),
445
446 /* CLZ cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */
447 DECODE_EMULATEX (0x0ff000f0, 0x01600010, emulate_rd12rm0_noflags_nopc,
448 REGS(0, NOPC, 0, 0, NOPC)),
449
450 /* QADD cccc 0001 0000 xxxx xxxx xxxx 0101 xxxx */
451 /* QSUB cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx */
452 /* QDADD cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx */
453 /* QDSUB cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx */
454 DECODE_EMULATEX (0x0f9000f0, 0x01000050, emulate_rd12rn16rm0_rwflags_nopc,
455 REGS(NOPC, NOPC, 0, 0, NOPC)),
456
457 /* BXJ cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */
458 /* MSR cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */
459 /* MRS spsr cccc 0001 0100 xxxx xxxx xxxx 0000 xxxx */
460 /* BKPT 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
461 /* SMC cccc 0001 0110 xxxx xxxx xxxx 0111 xxxx */
462 /* And unallocated instructions... */
463 DECODE_END
464};
465
466static const union decode_item arm_cccc_0001_0xx0____1xx0_table[] = {
467 /* Halfword multiply and multiply-accumulate */
468
469 /* SMLALxy cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */
470 DECODE_EMULATEX (0x0ff00090, 0x01400080, emulate_rdlo12rdhi16rn0rm8_rwflags_nopc,
471 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
472
473 /* SMULWy cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */
474 DECODE_OR (0x0ff000b0, 0x012000a0),
475 /* SMULxy cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */
476 DECODE_EMULATEX (0x0ff00090, 0x01600080, emulate_rd16rn12rm0rs8_rwflags_nopc,
477 REGS(NOPC, 0, NOPC, 0, NOPC)),
478
479 /* SMLAxy cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx */
480 DECODE_OR (0x0ff00090, 0x01000080),
481 /* SMLAWy cccc 0001 0010 xxxx xxxx xxxx 1x00 xxxx */
482 DECODE_EMULATEX (0x0ff000b0, 0x01200080, emulate_rd16rn12rm0rs8_rwflags_nopc,
483 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
484
485 DECODE_END
486};
487
488static const union decode_item arm_cccc_0000_____1001_table[] = {
489 /* Multiply and multiply-accumulate */
490
491 /* MUL cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx */
492 /* MULS cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx */
493 DECODE_EMULATEX (0x0fe000f0, 0x00000090, emulate_rd16rn12rm0rs8_rwflags_nopc,
494 REGS(NOPC, 0, NOPC, 0, NOPC)),
495
496 /* MLA cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx */
497 /* MLAS cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx */
498 DECODE_OR (0x0fe000f0, 0x00200090),
499 /* MLS cccc 0000 0110 xxxx xxxx xxxx 1001 xxxx */
500 DECODE_EMULATEX (0x0ff000f0, 0x00600090, emulate_rd16rn12rm0rs8_rwflags_nopc,
501 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
502
503 /* UMAAL cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx */
504 DECODE_OR (0x0ff000f0, 0x00400090),
505 /* UMULL cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx */
506 /* UMULLS cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx */
507 /* UMLAL cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx */
508 /* UMLALS cccc 0000 1011 xxxx xxxx xxxx 1001 xxxx */
509 /* SMULL cccc 0000 1100 xxxx xxxx xxxx 1001 xxxx */
510 /* SMULLS cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx */
511 /* SMLAL cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx */
512 /* SMLALS cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx */
513 DECODE_EMULATEX (0x0f8000f0, 0x00800090, emulate_rdlo12rdhi16rn0rm8_rwflags_nopc,
514 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
515
516 DECODE_END
517};
518
519static const union decode_item arm_cccc_0001_____1001_table[] = {
520 /* Synchronization primitives */
521
522#if __LINUX_ARM_ARCH__ < 6
523 /* Deprecated on ARMv6 and may be UNDEFINED on v7 */
524 /* SMP/SWPB cccc 0001 0x00 xxxx xxxx xxxx 1001 xxxx */
525 DECODE_EMULATEX (0x0fb000f0, 0x01000090, emulate_rd12rn16rm0_rwflags_nopc,
526 REGS(NOPC, NOPC, 0, 0, NOPC)),
527#endif
528 /* LDREX/STREX{,D,B,H} cccc 0001 1xxx xxxx xxxx xxxx 1001 xxxx */
529 /* And unallocated instructions... */
530 DECODE_END
531};
532
533static const union decode_item arm_cccc_000x_____1xx1_table[] = {
534 /* Extra load/store instructions */
535
536 /* STRHT cccc 0000 xx10 xxxx xxxx xxxx 1011 xxxx */
537 /* ??? cccc 0000 xx10 xxxx xxxx xxxx 11x1 xxxx */
538 /* LDRHT cccc 0000 xx11 xxxx xxxx xxxx 1011 xxxx */
539 /* LDRSBT cccc 0000 xx11 xxxx xxxx xxxx 1101 xxxx */
540 /* LDRSHT cccc 0000 xx11 xxxx xxxx xxxx 1111 xxxx */
541 DECODE_REJECT (0x0f200090, 0x00200090),
542
543 /* LDRD/STRD lr,pc,{... cccc 000x x0x0 xxxx 111x xxxx 1101 xxxx */
544 DECODE_REJECT (0x0e10e0d0, 0x0000e0d0),
545
546 /* LDRD (register) cccc 000x x0x0 xxxx xxxx xxxx 1101 xxxx */
547 /* STRD (register) cccc 000x x0x0 xxxx xxxx xxxx 1111 xxxx */
548 DECODE_EMULATEX (0x0e5000d0, 0x000000d0, emulate_ldrdstrd,
549 REGS(NOPCWB, NOPCX, 0, 0, NOPC)),
550
551 /* LDRD (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1101 xxxx */
552 /* STRD (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1111 xxxx */
553 DECODE_EMULATEX (0x0e5000d0, 0x004000d0, emulate_ldrdstrd,
554 REGS(NOPCWB, NOPCX, 0, 0, 0)),
555
556 /* STRH (register) cccc 000x x0x0 xxxx xxxx xxxx 1011 xxxx */
557 DECODE_EMULATEX (0x0e5000f0, 0x000000b0, emulate_str,
558 REGS(NOPCWB, NOPC, 0, 0, NOPC)),
559
560 /* LDRH (register) cccc 000x x0x1 xxxx xxxx xxxx 1011 xxxx */
561 /* LDRSB (register) cccc 000x x0x1 xxxx xxxx xxxx 1101 xxxx */
562 /* LDRSH (register) cccc 000x x0x1 xxxx xxxx xxxx 1111 xxxx */
563 DECODE_EMULATEX (0x0e500090, 0x00100090, emulate_ldr,
564 REGS(NOPCWB, NOPC, 0, 0, NOPC)),
565
566 /* STRH (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1011 xxxx */
567 DECODE_EMULATEX (0x0e5000f0, 0x004000b0, emulate_str,
568 REGS(NOPCWB, NOPC, 0, 0, 0)),
569
570 /* LDRH (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1011 xxxx */
571 /* LDRSB (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1101 xxxx */
572 /* LDRSH (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1111 xxxx */
573 DECODE_EMULATEX (0x0e500090, 0x00500090, emulate_ldr,
574 REGS(NOPCWB, NOPC, 0, 0, 0)),
575
576 DECODE_END
577};
578
579static const union decode_item arm_cccc_000x_table[] = {
580 /* Data-processing (register) */
581
582 /* <op>S PC, ... cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx */
583 DECODE_REJECT (0x0e10f000, 0x0010f000),
584
585 /* MOV IP, SP 1110 0001 1010 0000 1100 0000 0000 1101 */
586 DECODE_SIMULATE (0xffffffff, 0xe1a0c00d, simulate_mov_ipsp),
587
588 /* TST (register) cccc 0001 0001 xxxx xxxx xxxx xxx0 xxxx */
589 /* TEQ (register) cccc 0001 0011 xxxx xxxx xxxx xxx0 xxxx */
590 /* CMP (register) cccc 0001 0101 xxxx xxxx xxxx xxx0 xxxx */
591 /* CMN (register) cccc 0001 0111 xxxx xxxx xxxx xxx0 xxxx */
592 DECODE_EMULATEX (0x0f900010, 0x01100000, emulate_rd12rn16rm0rs8_rwflags,
593 REGS(ANY, 0, 0, 0, ANY)),
594
595 /* MOV (register) cccc 0001 101x xxxx xxxx xxxx xxx0 xxxx */
596 /* MVN (register) cccc 0001 111x xxxx xxxx xxxx xxx0 xxxx */
597 DECODE_EMULATEX (0x0fa00010, 0x01a00000, emulate_rd12rn16rm0rs8_rwflags,
598 REGS(0, ANY, 0, 0, ANY)),
599
600 /* AND (register) cccc 0000 000x xxxx xxxx xxxx xxx0 xxxx */
601 /* EOR (register) cccc 0000 001x xxxx xxxx xxxx xxx0 xxxx */
602 /* SUB (register) cccc 0000 010x xxxx xxxx xxxx xxx0 xxxx */
603 /* RSB (register) cccc 0000 011x xxxx xxxx xxxx xxx0 xxxx */
604 /* ADD (register) cccc 0000 100x xxxx xxxx xxxx xxx0 xxxx */
605 /* ADC (register) cccc 0000 101x xxxx xxxx xxxx xxx0 xxxx */
606 /* SBC (register) cccc 0000 110x xxxx xxxx xxxx xxx0 xxxx */
607 /* RSC (register) cccc 0000 111x xxxx xxxx xxxx xxx0 xxxx */
608 /* ORR (register) cccc 0001 100x xxxx xxxx xxxx xxx0 xxxx */
609 /* BIC (register) cccc 0001 110x xxxx xxxx xxxx xxx0 xxxx */
610 DECODE_EMULATEX (0x0e000010, 0x00000000, emulate_rd12rn16rm0rs8_rwflags,
611 REGS(ANY, ANY, 0, 0, ANY)),
612
613 /* TST (reg-shift reg) cccc 0001 0001 xxxx xxxx xxxx 0xx1 xxxx */
614 /* TEQ (reg-shift reg) cccc 0001 0011 xxxx xxxx xxxx 0xx1 xxxx */
615 /* CMP (reg-shift reg) cccc 0001 0101 xxxx xxxx xxxx 0xx1 xxxx */
616 /* CMN (reg-shift reg) cccc 0001 0111 xxxx xxxx xxxx 0xx1 xxxx */
617 DECODE_EMULATEX (0x0f900090, 0x01100010, emulate_rd12rn16rm0rs8_rwflags,
618 REGS(ANY, 0, NOPC, 0, ANY)),
619
620 /* MOV (reg-shift reg) cccc 0001 101x xxxx xxxx xxxx 0xx1 xxxx */
621 /* MVN (reg-shift reg) cccc 0001 111x xxxx xxxx xxxx 0xx1 xxxx */
622 DECODE_EMULATEX (0x0fa00090, 0x01a00010, emulate_rd12rn16rm0rs8_rwflags,
623 REGS(0, ANY, NOPC, 0, ANY)),
624
625 /* AND (reg-shift reg) cccc 0000 000x xxxx xxxx xxxx 0xx1 xxxx */
626 /* EOR (reg-shift reg) cccc 0000 001x xxxx xxxx xxxx 0xx1 xxxx */
627 /* SUB (reg-shift reg) cccc 0000 010x xxxx xxxx xxxx 0xx1 xxxx */
628 /* RSB (reg-shift reg) cccc 0000 011x xxxx xxxx xxxx 0xx1 xxxx */
629 /* ADD (reg-shift reg) cccc 0000 100x xxxx xxxx xxxx 0xx1 xxxx */
630 /* ADC (reg-shift reg) cccc 0000 101x xxxx xxxx xxxx 0xx1 xxxx */
631 /* SBC (reg-shift reg) cccc 0000 110x xxxx xxxx xxxx 0xx1 xxxx */
632 /* RSC (reg-shift reg) cccc 0000 111x xxxx xxxx xxxx 0xx1 xxxx */
633 /* ORR (reg-shift reg) cccc 0001 100x xxxx xxxx xxxx 0xx1 xxxx */
634 /* BIC (reg-shift reg) cccc 0001 110x xxxx xxxx xxxx 0xx1 xxxx */
635 DECODE_EMULATEX (0x0e000090, 0x00000010, emulate_rd12rn16rm0rs8_rwflags,
636 REGS(ANY, ANY, NOPC, 0, ANY)),
637
638 DECODE_END
639};
640
641static const union decode_item arm_cccc_001x_table[] = {
642 /* Data-processing (immediate) */
643
644 /* MOVW cccc 0011 0000 xxxx xxxx xxxx xxxx xxxx */
645 /* MOVT cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx */
646 DECODE_EMULATEX (0x0fb00000, 0x03000000, emulate_rd12rm0_noflags_nopc,
647 REGS(0, NOPC, 0, 0, 0)),
648
649 /* YIELD cccc 0011 0010 0000 xxxx xxxx 0000 0001 */
650 DECODE_OR (0x0fff00ff, 0x03200001),
651 /* SEV cccc 0011 0010 0000 xxxx xxxx 0000 0100 */
652 DECODE_EMULATE (0x0fff00ff, 0x03200004, kprobe_emulate_none),
653 /* NOP cccc 0011 0010 0000 xxxx xxxx 0000 0000 */
654 /* WFE cccc 0011 0010 0000 xxxx xxxx 0000 0010 */
655 /* WFI cccc 0011 0010 0000 xxxx xxxx 0000 0011 */
656 DECODE_SIMULATE (0x0fff00fc, 0x03200000, kprobe_simulate_nop),
657 /* DBG cccc 0011 0010 0000 xxxx xxxx ffff xxxx */
658 /* unallocated hints cccc 0011 0010 0000 xxxx xxxx xxxx xxxx */
659 /* MSR (immediate) cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx */
660 DECODE_REJECT (0x0fb00000, 0x03200000),
661
662 /* <op>S PC, ... cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx */
663 DECODE_REJECT (0x0e10f000, 0x0210f000),
664
665 /* TST (immediate) cccc 0011 0001 xxxx xxxx xxxx xxxx xxxx */
666 /* TEQ (immediate) cccc 0011 0011 xxxx xxxx xxxx xxxx xxxx */
667 /* CMP (immediate) cccc 0011 0101 xxxx xxxx xxxx xxxx xxxx */
668 /* CMN (immediate) cccc 0011 0111 xxxx xxxx xxxx xxxx xxxx */
669 DECODE_EMULATEX (0x0f900000, 0x03100000, emulate_rd12rn16rm0rs8_rwflags,
670 REGS(ANY, 0, 0, 0, 0)),
671
672 /* MOV (immediate) cccc 0011 101x xxxx xxxx xxxx xxxx xxxx */
673 /* MVN (immediate) cccc 0011 111x xxxx xxxx xxxx xxxx xxxx */
674 DECODE_EMULATEX (0x0fa00000, 0x03a00000, emulate_rd12rn16rm0rs8_rwflags,
675 REGS(0, ANY, 0, 0, 0)),
676
677 /* AND (immediate) cccc 0010 000x xxxx xxxx xxxx xxxx xxxx */
678 /* EOR (immediate) cccc 0010 001x xxxx xxxx xxxx xxxx xxxx */
679 /* SUB (immediate) cccc 0010 010x xxxx xxxx xxxx xxxx xxxx */
680 /* RSB (immediate) cccc 0010 011x xxxx xxxx xxxx xxxx xxxx */
681 /* ADD (immediate) cccc 0010 100x xxxx xxxx xxxx xxxx xxxx */
682 /* ADC (immediate) cccc 0010 101x xxxx xxxx xxxx xxxx xxxx */
683 /* SBC (immediate) cccc 0010 110x xxxx xxxx xxxx xxxx xxxx */
684 /* RSC (immediate) cccc 0010 111x xxxx xxxx xxxx xxxx xxxx */
685 /* ORR (immediate) cccc 0011 100x xxxx xxxx xxxx xxxx xxxx */
686 /* BIC (immediate) cccc 0011 110x xxxx xxxx xxxx xxxx xxxx */
687 DECODE_EMULATEX (0x0e000000, 0x02000000, emulate_rd12rn16rm0rs8_rwflags,
688 REGS(ANY, ANY, 0, 0, 0)),
689
690 DECODE_END
691};
692
693static const union decode_item arm_cccc_0110_____xxx1_table[] = {
694 /* Media instructions */
695
696 /* SEL cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx */
697 DECODE_EMULATEX (0x0ff000f0, 0x068000b0, emulate_rd12rn16rm0_rwflags_nopc,
698 REGS(NOPC, NOPC, 0, 0, NOPC)),
699
700 /* SSAT cccc 0110 101x xxxx xxxx xxxx xx01 xxxx */
701 /* USAT cccc 0110 111x xxxx xxxx xxxx xx01 xxxx */
702 DECODE_OR(0x0fa00030, 0x06a00010),
703 /* SSAT16 cccc 0110 1010 xxxx xxxx xxxx 0011 xxxx */
704 /* USAT16 cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx */
705 DECODE_EMULATEX (0x0fb000f0, 0x06a00030, emulate_rd12rn16rm0_rwflags_nopc,
706 REGS(0, NOPC, 0, 0, NOPC)),
707
708 /* REV cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */
709 /* REV16 cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */
710 /* RBIT cccc 0110 1111 xxxx xxxx xxxx 0011 xxxx */
711 /* REVSH cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */
712 DECODE_EMULATEX (0x0fb00070, 0x06b00030, emulate_rd12rm0_noflags_nopc,
713 REGS(0, NOPC, 0, 0, NOPC)),
714
715 /* ??? cccc 0110 0x00 xxxx xxxx xxxx xxx1 xxxx */
716 DECODE_REJECT (0x0fb00010, 0x06000010),
717 /* ??? cccc 0110 0xxx xxxx xxxx xxxx 1011 xxxx */
718 DECODE_REJECT (0x0f8000f0, 0x060000b0),
719 /* ??? cccc 0110 0xxx xxxx xxxx xxxx 1101 xxxx */
720 DECODE_REJECT (0x0f8000f0, 0x060000d0),
721 /* SADD16 cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx */
722 /* SADDSUBX cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx */
723 /* SSUBADDX cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx */
724 /* SSUB16 cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx */
725 /* SADD8 cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx */
726 /* SSUB8 cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx */
727 /* QADD16 cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx */
728 /* QADDSUBX cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx */
729 /* QSUBADDX cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx */
730 /* QSUB16 cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx */
731 /* QADD8 cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx */
732 /* QSUB8 cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx */
733 /* SHADD16 cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx */
734 /* SHADDSUBX cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx */
735 /* SHSUBADDX cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx */
736 /* SHSUB16 cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx */
737 /* SHADD8 cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx */
738 /* SHSUB8 cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx */
739 /* UADD16 cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx */
740 /* UADDSUBX cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx */
741 /* USUBADDX cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx */
742 /* USUB16 cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx */
743 /* UADD8 cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx */
744 /* USUB8 cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx */
745 /* UQADD16 cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx */
746 /* UQADDSUBX cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx */
747 /* UQSUBADDX cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx */
748 /* UQSUB16 cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx */
749 /* UQADD8 cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx */
750 /* UQSUB8 cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx */
751 /* UHADD16 cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx */
752 /* UHADDSUBX cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx */
753 /* UHSUBADDX cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx */
754 /* UHSUB16 cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx */
755 /* UHADD8 cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx */
756 /* UHSUB8 cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx */
757 DECODE_EMULATEX (0x0f800010, 0x06000010, emulate_rd12rn16rm0_rwflags_nopc,
758 REGS(NOPC, NOPC, 0, 0, NOPC)),
759
760 /* PKHBT cccc 0110 1000 xxxx xxxx xxxx x001 xxxx */
761 /* PKHTB cccc 0110 1000 xxxx xxxx xxxx x101 xxxx */
762 DECODE_EMULATEX (0x0ff00030, 0x06800010, emulate_rd12rn16rm0_rwflags_nopc,
763 REGS(NOPC, NOPC, 0, 0, NOPC)),
764
765 /* ??? cccc 0110 1001 xxxx xxxx xxxx 0111 xxxx */
766 /* ??? cccc 0110 1101 xxxx xxxx xxxx 0111 xxxx */
767 DECODE_REJECT (0x0fb000f0, 0x06900070),
768
769 /* SXTB16 cccc 0110 1000 1111 xxxx xxxx 0111 xxxx */
770 /* SXTB cccc 0110 1010 1111 xxxx xxxx 0111 xxxx */
771 /* SXTH cccc 0110 1011 1111 xxxx xxxx 0111 xxxx */
772 /* UXTB16 cccc 0110 1100 1111 xxxx xxxx 0111 xxxx */
773 /* UXTB cccc 0110 1110 1111 xxxx xxxx 0111 xxxx */
774 /* UXTH cccc 0110 1111 1111 xxxx xxxx 0111 xxxx */
775 DECODE_EMULATEX (0x0f8f00f0, 0x068f0070, emulate_rd12rm0_noflags_nopc,
776 REGS(0, NOPC, 0, 0, NOPC)),
777
778 /* SXTAB16 cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx */
779 /* SXTAB cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx */
780 /* SXTAH cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx */
781 /* UXTAB16 cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx */
782 /* UXTAB cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx */
783 /* UXTAH cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx */
784 DECODE_EMULATEX (0x0f8000f0, 0x06800070, emulate_rd12rn16rm0_rwflags_nopc,
785 REGS(NOPCX, NOPC, 0, 0, NOPC)),
786
787 DECODE_END
788};
789
790static const union decode_item arm_cccc_0111_____xxx1_table[] = {
791 /* Media instructions */
792
793 /* UNDEFINED cccc 0111 1111 xxxx xxxx xxxx 1111 xxxx */
794 DECODE_REJECT (0x0ff000f0, 0x07f000f0),
795
796 /* SMLALD cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */
797 /* SMLSLD cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */
798 DECODE_EMULATEX (0x0ff00090, 0x07400010, emulate_rdlo12rdhi16rn0rm8_rwflags_nopc,
799 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
800
801 /* SMUAD cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx */
802 /* SMUSD cccc 0111 0000 xxxx 1111 xxxx 01x1 xxxx */
803 DECODE_OR (0x0ff0f090, 0x0700f010),
804 /* SMMUL cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx */
805 DECODE_OR (0x0ff0f0d0, 0x0750f010),
806 /* USAD8 cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx */
807 DECODE_EMULATEX (0x0ff0f0f0, 0x0780f010, emulate_rd16rn12rm0rs8_rwflags_nopc,
808 REGS(NOPC, 0, NOPC, 0, NOPC)),
809
810 /* SMLAD cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx */
811 /* SMLSD cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx */
812 DECODE_OR (0x0ff00090, 0x07000010),
813 /* SMMLA cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx */
814 DECODE_OR (0x0ff000d0, 0x07500010),
815 /* USADA8 cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx */
816 DECODE_EMULATEX (0x0ff000f0, 0x07800010, emulate_rd16rn12rm0rs8_rwflags_nopc,
817 REGS(NOPC, NOPCX, NOPC, 0, NOPC)),
818
819 /* SMMLS cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx */
820 DECODE_EMULATEX (0x0ff000d0, 0x075000d0, emulate_rd16rn12rm0rs8_rwflags_nopc,
821 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
822
823 /* SBFX cccc 0111 101x xxxx xxxx xxxx x101 xxxx */
824 /* UBFX cccc 0111 111x xxxx xxxx xxxx x101 xxxx */
825 DECODE_EMULATEX (0x0fa00070, 0x07a00050, emulate_rd12rm0_noflags_nopc,
826 REGS(0, NOPC, 0, 0, NOPC)),
827
828 /* BFC cccc 0111 110x xxxx xxxx xxxx x001 1111 */
829 DECODE_EMULATEX (0x0fe0007f, 0x07c0001f, emulate_rd12rm0_noflags_nopc,
830 REGS(0, NOPC, 0, 0, 0)),
831
832 /* BFI cccc 0111 110x xxxx xxxx xxxx x001 xxxx */
833 DECODE_EMULATEX (0x0fe00070, 0x07c00010, emulate_rd12rm0_noflags_nopc,
834 REGS(0, NOPC, 0, 0, NOPCX)),
835
836 DECODE_END
837};
838
839static const union decode_item arm_cccc_01xx_table[] = {
840 /* Load/store word and unsigned byte */
841
842 /* LDRB/STRB pc,[...] cccc 01xx x0xx xxxx xxxx xxxx xxxx xxxx */
843 DECODE_REJECT (0x0c40f000, 0x0440f000),
844
845 /* STRT cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */
846 /* LDRT cccc 01x0 x011 xxxx xxxx xxxx xxxx xxxx */
847 /* STRBT cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */
848 /* LDRBT cccc 01x0 x111 xxxx xxxx xxxx xxxx xxxx */
849 DECODE_REJECT (0x0d200000, 0x04200000),
850
851 /* STR (immediate) cccc 010x x0x0 xxxx xxxx xxxx xxxx xxxx */
852 /* STRB (immediate) cccc 010x x1x0 xxxx xxxx xxxx xxxx xxxx */
853 DECODE_EMULATEX (0x0e100000, 0x04000000, emulate_str,
854 REGS(NOPCWB, ANY, 0, 0, 0)),
855
856 /* LDR (immediate) cccc 010x x0x1 xxxx xxxx xxxx xxxx xxxx */
857 /* LDRB (immediate) cccc 010x x1x1 xxxx xxxx xxxx xxxx xxxx */
858 DECODE_EMULATEX (0x0e100000, 0x04100000, emulate_ldr,
859 REGS(NOPCWB, ANY, 0, 0, 0)),
860
861 /* STR (register) cccc 011x x0x0 xxxx xxxx xxxx xxxx xxxx */
862 /* STRB (register) cccc 011x x1x0 xxxx xxxx xxxx xxxx xxxx */
863 DECODE_EMULATEX (0x0e100000, 0x06000000, emulate_str,
864 REGS(NOPCWB, ANY, 0, 0, NOPC)),
865
866 /* LDR (register) cccc 011x x0x1 xxxx xxxx xxxx xxxx xxxx */
867 /* LDRB (register) cccc 011x x1x1 xxxx xxxx xxxx xxxx xxxx */
868 DECODE_EMULATEX (0x0e100000, 0x06100000, emulate_ldr,
869 REGS(NOPCWB, ANY, 0, 0, NOPC)),
870
871 DECODE_END
872};
873
874static const union decode_item arm_cccc_100x_table[] = {
875 /* Block data transfer instructions */
876
877 /* LDM cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
878 /* STM cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */
879 DECODE_CUSTOM (0x0e400000, 0x08000000, kprobe_decode_ldmstm),
880
881 /* STM (user registers) cccc 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
882 /* LDM (user registers) cccc 100x x1x1 xxxx 0xxx xxxx xxxx xxxx */
883 /* LDM (exception ret) cccc 100x x1x1 xxxx 1xxx xxxx xxxx xxxx */
884 DECODE_END
885};
886
887const union decode_item kprobe_decode_arm_table[] = {
888 /*
889 * Unconditional instructions
890 * 1111 xxxx xxxx xxxx xxxx xxxx xxxx xxxx
891 */
892 DECODE_TABLE (0xf0000000, 0xf0000000, arm_1111_table),
893
894 /*
895 * Miscellaneous instructions
896 * cccc 0001 0xx0 xxxx xxxx xxxx 0xxx xxxx
897 */
898 DECODE_TABLE (0x0f900080, 0x01000000, arm_cccc_0001_0xx0____0xxx_table),
899
900 /*
901 * Halfword multiply and multiply-accumulate
902 * cccc 0001 0xx0 xxxx xxxx xxxx 1xx0 xxxx
903 */
904 DECODE_TABLE (0x0f900090, 0x01000080, arm_cccc_0001_0xx0____1xx0_table),
905
906 /*
907 * Multiply and multiply-accumulate
908 * cccc 0000 xxxx xxxx xxxx xxxx 1001 xxxx
909 */
910 DECODE_TABLE (0x0f0000f0, 0x00000090, arm_cccc_0000_____1001_table),
911
912 /*
913 * Synchronization primitives
914 * cccc 0001 xxxx xxxx xxxx xxxx 1001 xxxx
915 */
916 DECODE_TABLE (0x0f0000f0, 0x01000090, arm_cccc_0001_____1001_table),
917
918 /*
919 * Extra load/store instructions
920 * cccc 000x xxxx xxxx xxxx xxxx 1xx1 xxxx
921 */
922 DECODE_TABLE (0x0e000090, 0x00000090, arm_cccc_000x_____1xx1_table),
923
924 /*
925 * Data-processing (register)
926 * cccc 000x xxxx xxxx xxxx xxxx xxx0 xxxx
927 * Data-processing (register-shifted register)
928 * cccc 000x xxxx xxxx xxxx xxxx 0xx1 xxxx
929 */
930 DECODE_TABLE (0x0e000000, 0x00000000, arm_cccc_000x_table),
931
932 /*
933 * Data-processing (immediate)
934 * cccc 001x xxxx xxxx xxxx xxxx xxxx xxxx
935 */
936 DECODE_TABLE (0x0e000000, 0x02000000, arm_cccc_001x_table),
937
938 /*
939 * Media instructions
940 * cccc 011x xxxx xxxx xxxx xxxx xxx1 xxxx
941 */
942 DECODE_TABLE (0x0f000010, 0x06000010, arm_cccc_0110_____xxx1_table),
943 DECODE_TABLE (0x0f000010, 0x07000010, arm_cccc_0111_____xxx1_table),
944
945 /*
946 * Load/store word and unsigned byte
947 * cccc 01xx xxxx xxxx xxxx xxxx xxxx xxxx
948 */
949 DECODE_TABLE (0x0c000000, 0x04000000, arm_cccc_01xx_table),
950
951 /*
952 * Block data transfer instructions
953 * cccc 100x xxxx xxxx xxxx xxxx xxxx xxxx
954 */
955 DECODE_TABLE (0x0e000000, 0x08000000, arm_cccc_100x_table),
956
957 /* B cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */
958 /* BL cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */
959 DECODE_SIMULATE (0x0e000000, 0x0a000000, simulate_bbl),
960
961 /*
962 * Supervisor Call, and coprocessor instructions
963 */
964
965 /* MCRR cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx */
966 /* MRRC cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx */
967 /* LDC cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
968 /* STC cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
969 /* CDP cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
970 /* MCR cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
971 /* MRC cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
972 /* SVC cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */
973 DECODE_REJECT (0x0c000000, 0x0c000000),
974
975 DECODE_END
976};
977#ifdef CONFIG_ARM_KPROBES_TEST_MODULE
978EXPORT_SYMBOL_GPL(kprobe_decode_arm_table);
979#endif
980
981static void __kprobes arm_singlestep(struct kprobe *p, struct pt_regs *regs)
982{
983 regs->ARM_pc += 4;
984 p->ainsn.insn_handler(p, regs);
985}
986
987/* Return:
988 * INSN_REJECTED If instruction is one not allowed to kprobe,
989 * INSN_GOOD If instruction is supported and uses instruction slot,
990 * INSN_GOOD_NO_SLOT If instruction is supported but doesn't use its slot.
991 *
992 * For instructions we don't want to kprobe (INSN_REJECTED return result):
993 * These are generally ones that modify the processor state making
994 * them "hard" to simulate such as switches processor modes or
995 * make accesses in alternate modes. Any of these could be simulated
996 * if the work was put into it, but low return considering they
997 * should also be very rare.
998 */
999enum kprobe_insn __kprobes
1000arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1001{
1002 asi->insn_singlestep = arm_singlestep;
1003 asi->insn_check_cc = kprobe_condition_checks[insn>>28];
1004 return kprobe_decode_insn(insn, asi, kprobe_decode_arm_table, false);
1005}
diff --git a/arch/arm/kernel/kprobes-common.c b/arch/arm/kernel/kprobes-common.c
index 455c8003bffb..f02c038059c3 100644
--- a/arch/arm/kernel/kprobes-common.c
+++ b/arch/arm/kernel/kprobes-common.c
@@ -13,178 +13,10 @@
13 13
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/kprobes.h> 15#include <linux/kprobes.h>
16#include <asm/system_info.h>
17#include <linux/types.h>
18#include <linux/stddef.h>
19#include <linux/bug.h>
20 16
21#include "kprobes.h" 17#include "kprobes.h"
22 18
23 19
24#ifndef find_str_pc_offset
25
26/*
27 * For STR and STM instructions, an ARM core may choose to use either
28 * a +8 or a +12 displacement from the current instruction's address.
29 * Whichever value is chosen for a given core, it must be the same for
30 * both instructions and may not change. This function measures it.
31 */
32
33int str_pc_offset;
34
35void __init find_str_pc_offset(void)
36{
37 int addr, scratch, ret;
38
39 __asm__ (
40 "sub %[ret], pc, #4 \n\t"
41 "str pc, %[addr] \n\t"
42 "ldr %[scr], %[addr] \n\t"
43 "sub %[ret], %[scr], %[ret] \n\t"
44 : [ret] "=r" (ret), [scr] "=r" (scratch), [addr] "+m" (addr));
45
46 str_pc_offset = ret;
47}
48
49#endif /* !find_str_pc_offset */
50
51
52#ifndef test_load_write_pc_interworking
53
54bool load_write_pc_interworks;
55
56void __init test_load_write_pc_interworking(void)
57{
58 int arch = cpu_architecture();
59 BUG_ON(arch == CPU_ARCH_UNKNOWN);
60 load_write_pc_interworks = arch >= CPU_ARCH_ARMv5T;
61}
62
63#endif /* !test_load_write_pc_interworking */
64
65
66#ifndef test_alu_write_pc_interworking
67
68bool alu_write_pc_interworks;
69
70void __init test_alu_write_pc_interworking(void)
71{
72 int arch = cpu_architecture();
73 BUG_ON(arch == CPU_ARCH_UNKNOWN);
74 alu_write_pc_interworks = arch >= CPU_ARCH_ARMv7;
75}
76
77#endif /* !test_alu_write_pc_interworking */
78
79
80void __init arm_kprobe_decode_init(void)
81{
82 find_str_pc_offset();
83 test_load_write_pc_interworking();
84 test_alu_write_pc_interworking();
85}
86
87
88static unsigned long __kprobes __check_eq(unsigned long cpsr)
89{
90 return cpsr & PSR_Z_BIT;
91}
92
93static unsigned long __kprobes __check_ne(unsigned long cpsr)
94{
95 return (~cpsr) & PSR_Z_BIT;
96}
97
98static unsigned long __kprobes __check_cs(unsigned long cpsr)
99{
100 return cpsr & PSR_C_BIT;
101}
102
103static unsigned long __kprobes __check_cc(unsigned long cpsr)
104{
105 return (~cpsr) & PSR_C_BIT;
106}
107
108static unsigned long __kprobes __check_mi(unsigned long cpsr)
109{
110 return cpsr & PSR_N_BIT;
111}
112
113static unsigned long __kprobes __check_pl(unsigned long cpsr)
114{
115 return (~cpsr) & PSR_N_BIT;
116}
117
118static unsigned long __kprobes __check_vs(unsigned long cpsr)
119{
120 return cpsr & PSR_V_BIT;
121}
122
123static unsigned long __kprobes __check_vc(unsigned long cpsr)
124{
125 return (~cpsr) & PSR_V_BIT;
126}
127
128static unsigned long __kprobes __check_hi(unsigned long cpsr)
129{
130 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
131 return cpsr & PSR_C_BIT;
132}
133
134static unsigned long __kprobes __check_ls(unsigned long cpsr)
135{
136 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
137 return (~cpsr) & PSR_C_BIT;
138}
139
140static unsigned long __kprobes __check_ge(unsigned long cpsr)
141{
142 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
143 return (~cpsr) & PSR_N_BIT;
144}
145
146static unsigned long __kprobes __check_lt(unsigned long cpsr)
147{
148 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
149 return cpsr & PSR_N_BIT;
150}
151
152static unsigned long __kprobes __check_gt(unsigned long cpsr)
153{
154 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
155 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
156 return (~temp) & PSR_N_BIT;
157}
158
159static unsigned long __kprobes __check_le(unsigned long cpsr)
160{
161 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
162 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
163 return temp & PSR_N_BIT;
164}
165
166static unsigned long __kprobes __check_al(unsigned long cpsr)
167{
168 return true;
169}
170
171kprobe_check_cc * const kprobe_condition_checks[16] = {
172 &__check_eq, &__check_ne, &__check_cs, &__check_cc,
173 &__check_mi, &__check_pl, &__check_vs, &__check_vc,
174 &__check_hi, &__check_ls, &__check_ge, &__check_lt,
175 &__check_gt, &__check_le, &__check_al, &__check_al
176};
177
178
179void __kprobes kprobe_simulate_nop(struct kprobe *p, struct pt_regs *regs)
180{
181}
182
183void __kprobes kprobe_emulate_none(struct kprobe *p, struct pt_regs *regs)
184{
185 p->ainsn.insn_fn();
186}
187
188static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs) 20static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs)
189{ 21{
190 kprobe_opcode_t insn = p->opcode; 22 kprobe_opcode_t insn = p->opcode;
@@ -322,260 +154,3 @@ kprobe_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi)
322 return INSN_GOOD_NO_SLOT; 154 return INSN_GOOD_NO_SLOT;
323} 155}
324 156
325
326/*
327 * Prepare an instruction slot to receive an instruction for emulating.
328 * This is done by placing a subroutine return after the location where the
329 * instruction will be placed. We also modify ARM instructions to be
330 * unconditional as the condition code will already be checked before any
331 * emulation handler is called.
332 */
333static kprobe_opcode_t __kprobes
334prepare_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
335 bool thumb)
336{
337#ifdef CONFIG_THUMB2_KERNEL
338 if (thumb) {
339 u16 *thumb_insn = (u16 *)asi->insn;
340 thumb_insn[1] = 0x4770; /* Thumb bx lr */
341 thumb_insn[2] = 0x4770; /* Thumb bx lr */
342 return insn;
343 }
344 asi->insn[1] = 0xe12fff1e; /* ARM bx lr */
345#else
346 asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */
347#endif
348 /* Make an ARM instruction unconditional */
349 if (insn < 0xe0000000)
350 insn = (insn | 0xe0000000) & ~0x10000000;
351 return insn;
352}
353
354/*
355 * Write a (probably modified) instruction into the slot previously prepared by
356 * prepare_emulated_insn
357 */
358static void __kprobes
359set_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
360 bool thumb)
361{
362#ifdef CONFIG_THUMB2_KERNEL
363 if (thumb) {
364 u16 *ip = (u16 *)asi->insn;
365 if (is_wide_instruction(insn))
366 *ip++ = insn >> 16;
367 *ip++ = insn;
368 return;
369 }
370#endif
371 asi->insn[0] = insn;
372}
373
374/*
375 * When we modify the register numbers encoded in an instruction to be emulated,
376 * the new values come from this define. For ARM and 32-bit Thumb instructions
377 * this gives...
378 *
379 * bit position 16 12 8 4 0
380 * ---------------+---+---+---+---+---+
381 * register r2 r0 r1 -- r3
382 */
383#define INSN_NEW_BITS 0x00020103
384
385/* Each nibble has same value as that at INSN_NEW_BITS bit 16 */
386#define INSN_SAMEAS16_BITS 0x22222222
387
388/*
389 * Validate and modify each of the registers encoded in an instruction.
390 *
391 * Each nibble in regs contains a value from enum decode_reg_type. For each
392 * non-zero value, the corresponding nibble in pinsn is validated and modified
393 * according to the type.
394 */
395static bool __kprobes decode_regs(kprobe_opcode_t* pinsn, u32 regs)
396{
397 kprobe_opcode_t insn = *pinsn;
398 kprobe_opcode_t mask = 0xf; /* Start at least significant nibble */
399
400 for (; regs != 0; regs >>= 4, mask <<= 4) {
401
402 kprobe_opcode_t new_bits = INSN_NEW_BITS;
403
404 switch (regs & 0xf) {
405
406 case REG_TYPE_NONE:
407 /* Nibble not a register, skip to next */
408 continue;
409
410 case REG_TYPE_ANY:
411 /* Any register is allowed */
412 break;
413
414 case REG_TYPE_SAMEAS16:
415 /* Replace register with same as at bit position 16 */
416 new_bits = INSN_SAMEAS16_BITS;
417 break;
418
419 case REG_TYPE_SP:
420 /* Only allow SP (R13) */
421 if ((insn ^ 0xdddddddd) & mask)
422 goto reject;
423 break;
424
425 case REG_TYPE_PC:
426 /* Only allow PC (R15) */
427 if ((insn ^ 0xffffffff) & mask)
428 goto reject;
429 break;
430
431 case REG_TYPE_NOSP:
432 /* Reject SP (R13) */
433 if (((insn ^ 0xdddddddd) & mask) == 0)
434 goto reject;
435 break;
436
437 case REG_TYPE_NOSPPC:
438 case REG_TYPE_NOSPPCX:
439 /* Reject SP and PC (R13 and R15) */
440 if (((insn ^ 0xdddddddd) & 0xdddddddd & mask) == 0)
441 goto reject;
442 break;
443
444 case REG_TYPE_NOPCWB:
445 if (!is_writeback(insn))
446 break; /* No writeback, so any register is OK */
447 /* fall through... */
448 case REG_TYPE_NOPC:
449 case REG_TYPE_NOPCX:
450 /* Reject PC (R15) */
451 if (((insn ^ 0xffffffff) & mask) == 0)
452 goto reject;
453 break;
454 }
455
456 /* Replace value of nibble with new register number... */
457 insn &= ~mask;
458 insn |= new_bits & mask;
459 }
460
461 *pinsn = insn;
462 return true;
463
464reject:
465 return false;
466}
467
468static const int decode_struct_sizes[NUM_DECODE_TYPES] = {
469 [DECODE_TYPE_TABLE] = sizeof(struct decode_table),
470 [DECODE_TYPE_CUSTOM] = sizeof(struct decode_custom),
471 [DECODE_TYPE_SIMULATE] = sizeof(struct decode_simulate),
472 [DECODE_TYPE_EMULATE] = sizeof(struct decode_emulate),
473 [DECODE_TYPE_OR] = sizeof(struct decode_or),
474 [DECODE_TYPE_REJECT] = sizeof(struct decode_reject)
475};
476
477/*
478 * kprobe_decode_insn operates on data tables in order to decode an ARM
479 * architecture instruction onto which a kprobe has been placed.
480 *
481 * These instruction decoding tables are a concatenation of entries each
482 * of which consist of one of the following structs:
483 *
484 * decode_table
485 * decode_custom
486 * decode_simulate
487 * decode_emulate
488 * decode_or
489 * decode_reject
490 *
491 * Each of these starts with a struct decode_header which has the following
492 * fields:
493 *
494 * type_regs
495 * mask
496 * value
497 *
498 * The least significant DECODE_TYPE_BITS of type_regs contains a value
499 * from enum decode_type, this indicates which of the decode_* structs
500 * the entry contains. The value DECODE_TYPE_END indicates the end of the
501 * table.
502 *
503 * When the table is parsed, each entry is checked in turn to see if it
504 * matches the instruction to be decoded using the test:
505 *
506 * (insn & mask) == value
507 *
508 * If no match is found before the end of the table is reached then decoding
509 * fails with INSN_REJECTED.
510 *
511 * When a match is found, decode_regs() is called to validate and modify each
512 * of the registers encoded in the instruction; the data it uses to do this
513 * is (type_regs >> DECODE_TYPE_BITS). A validation failure will cause decoding
514 * to fail with INSN_REJECTED.
515 *
516 * Once the instruction has passed the above tests, further processing
517 * depends on the type of the table entry's decode struct.
518 *
519 */
520int __kprobes
521kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
522 const union decode_item *table, bool thumb)
523{
524 const struct decode_header *h = (struct decode_header *)table;
525 const struct decode_header *next;
526 bool matched = false;
527
528 insn = prepare_emulated_insn(insn, asi, thumb);
529
530 for (;; h = next) {
531 enum decode_type type = h->type_regs.bits & DECODE_TYPE_MASK;
532 u32 regs = h->type_regs.bits >> DECODE_TYPE_BITS;
533
534 if (type == DECODE_TYPE_END)
535 return INSN_REJECTED;
536
537 next = (struct decode_header *)
538 ((uintptr_t)h + decode_struct_sizes[type]);
539
540 if (!matched && (insn & h->mask.bits) != h->value.bits)
541 continue;
542
543 if (!decode_regs(&insn, regs))
544 return INSN_REJECTED;
545
546 switch (type) {
547
548 case DECODE_TYPE_TABLE: {
549 struct decode_table *d = (struct decode_table *)h;
550 next = (struct decode_header *)d->table.table;
551 break;
552 }
553
554 case DECODE_TYPE_CUSTOM: {
555 struct decode_custom *d = (struct decode_custom *)h;
556 return (*d->decoder.decoder)(insn, asi);
557 }
558
559 case DECODE_TYPE_SIMULATE: {
560 struct decode_simulate *d = (struct decode_simulate *)h;
561 asi->insn_handler = d->handler.handler;
562 return INSN_GOOD_NO_SLOT;
563 }
564
565 case DECODE_TYPE_EMULATE: {
566 struct decode_emulate *d = (struct decode_emulate *)h;
567 asi->insn_handler = d->handler.handler;
568 set_emulated_insn(insn, asi, thumb);
569 return INSN_GOOD;
570 }
571
572 case DECODE_TYPE_OR:
573 matched = true;
574 break;
575
576 case DECODE_TYPE_REJECT:
577 default:
578 return INSN_REJECTED;
579 }
580 }
581 }
diff --git a/arch/arm/kernel/kprobes.h b/arch/arm/kernel/kprobes.h
index 38945f78f9f1..aa68c0ea1a0b 100644
--- a/arch/arm/kernel/kprobes.h
+++ b/arch/arm/kernel/kprobes.h
@@ -52,377 +52,6 @@ enum kprobe_insn arm_kprobe_decode_insn(kprobe_opcode_t,
52 52
53void __init arm_kprobe_decode_init(void); 53void __init arm_kprobe_decode_init(void);
54 54
55extern kprobe_check_cc * const kprobe_condition_checks[16]; 55#include "probes.h"
56
57
58#if __LINUX_ARM_ARCH__ >= 7
59
60/* str_pc_offset is architecturally defined from ARMv7 onwards */
61#define str_pc_offset 8
62#define find_str_pc_offset()
63
64#else /* __LINUX_ARM_ARCH__ < 7 */
65
66/* We need a run-time check to determine str_pc_offset */
67extern int str_pc_offset;
68void __init find_str_pc_offset(void);
69
70#endif
71
72
73/*
74 * Update ITSTATE after normal execution of an IT block instruction.
75 *
76 * The 8 IT state bits are split into two parts in CPSR:
77 * ITSTATE<1:0> are in CPSR<26:25>
78 * ITSTATE<7:2> are in CPSR<15:10>
79 */
80static inline unsigned long it_advance(unsigned long cpsr)
81 {
82 if ((cpsr & 0x06000400) == 0) {
83 /* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */
84 cpsr &= ~PSR_IT_MASK;
85 } else {
86 /* We need to shift left ITSTATE<4:0> */
87 const unsigned long mask = 0x06001c00; /* Mask ITSTATE<4:0> */
88 unsigned long it = cpsr & mask;
89 it <<= 1;
90 it |= it >> (27 - 10); /* Carry ITSTATE<2> to correct place */
91 it &= mask;
92 cpsr &= ~mask;
93 cpsr |= it;
94 }
95 return cpsr;
96}
97
98static inline void __kprobes bx_write_pc(long pcv, struct pt_regs *regs)
99{
100 long cpsr = regs->ARM_cpsr;
101 if (pcv & 0x1) {
102 cpsr |= PSR_T_BIT;
103 pcv &= ~0x1;
104 } else {
105 cpsr &= ~PSR_T_BIT;
106 pcv &= ~0x2; /* Avoid UNPREDICTABLE address allignment */
107 }
108 regs->ARM_cpsr = cpsr;
109 regs->ARM_pc = pcv;
110}
111
112
113#if __LINUX_ARM_ARCH__ >= 6
114
115/* Kernels built for >= ARMv6 should never run on <= ARMv5 hardware, so... */
116#define load_write_pc_interworks true
117#define test_load_write_pc_interworking()
118
119#else /* __LINUX_ARM_ARCH__ < 6 */
120
121/* We need run-time testing to determine if load_write_pc() should interwork. */
122extern bool load_write_pc_interworks;
123void __init test_load_write_pc_interworking(void);
124
125#endif
126
127static inline void __kprobes load_write_pc(long pcv, struct pt_regs *regs)
128{
129 if (load_write_pc_interworks)
130 bx_write_pc(pcv, regs);
131 else
132 regs->ARM_pc = pcv;
133}
134
135
136#if __LINUX_ARM_ARCH__ >= 7
137
138#define alu_write_pc_interworks true
139#define test_alu_write_pc_interworking()
140
141#elif __LINUX_ARM_ARCH__ <= 5
142
143/* Kernels built for <= ARMv5 should never run on >= ARMv6 hardware, so... */
144#define alu_write_pc_interworks false
145#define test_alu_write_pc_interworking()
146
147#else /* __LINUX_ARM_ARCH__ == 6 */
148
149/* We could be an ARMv6 binary on ARMv7 hardware so we need a run-time check. */
150extern bool alu_write_pc_interworks;
151void __init test_alu_write_pc_interworking(void);
152
153#endif /* __LINUX_ARM_ARCH__ == 6 */
154
155static inline void __kprobes alu_write_pc(long pcv, struct pt_regs *regs)
156{
157 if (alu_write_pc_interworks)
158 bx_write_pc(pcv, regs);
159 else
160 regs->ARM_pc = pcv;
161}
162
163
164void __kprobes kprobe_simulate_nop(struct kprobe *p, struct pt_regs *regs);
165void __kprobes kprobe_emulate_none(struct kprobe *p, struct pt_regs *regs);
166
167enum kprobe_insn __kprobes
168kprobe_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi);
169
170/*
171 * Test if load/store instructions writeback the address register.
172 * if P (bit 24) == 0 or W (bit 21) == 1
173 */
174#define is_writeback(insn) ((insn ^ 0x01000000) & 0x01200000)
175
176/*
177 * The following definitions and macros are used to build instruction
178 * decoding tables for use by kprobe_decode_insn.
179 *
180 * These tables are a concatenation of entries each of which consist of one of
181 * the decode_* structs. All of the fields in every type of decode structure
182 * are of the union type decode_item, therefore the entire decode table can be
183 * viewed as an array of these and declared like:
184 *
185 * static const union decode_item table_name[] = {};
186 *
187 * In order to construct each entry in the table, macros are used to
188 * initialise a number of sequential decode_item values in a layout which
189 * matches the relevant struct. E.g. DECODE_SIMULATE initialise a struct
190 * decode_simulate by initialising four decode_item objects like this...
191 *
192 * {.bits = _type},
193 * {.bits = _mask},
194 * {.bits = _value},
195 * {.handler = _handler},
196 *
197 * Initialising a specified member of the union means that the compiler
198 * will produce a warning if the argument is of an incorrect type.
199 *
200 * Below is a list of each of the macros used to initialise entries and a
201 * description of the action performed when that entry is matched to an
202 * instruction. A match is found when (instruction & mask) == value.
203 *
204 * DECODE_TABLE(mask, value, table)
205 * Instruction decoding jumps to parsing the new sub-table 'table'.
206 *
207 * DECODE_CUSTOM(mask, value, decoder)
208 * The custom function 'decoder' is called to the complete decoding
209 * of an instruction.
210 *
211 * DECODE_SIMULATE(mask, value, handler)
212 * Set the probes instruction handler to 'handler', this will be used
213 * to simulate the instruction when the probe is hit. Decoding returns
214 * with INSN_GOOD_NO_SLOT.
215 *
216 * DECODE_EMULATE(mask, value, handler)
217 * Set the probes instruction handler to 'handler', this will be used
218 * to emulate the instruction when the probe is hit. The modified
219 * instruction (see below) is placed in the probes instruction slot so it
220 * may be called by the emulation code. Decoding returns with INSN_GOOD.
221 *
222 * DECODE_REJECT(mask, value)
223 * Instruction decoding fails with INSN_REJECTED
224 *
225 * DECODE_OR(mask, value)
226 * This allows the mask/value test of multiple table entries to be
227 * logically ORed. Once an 'or' entry is matched the decoding action to
228 * be performed is that of the next entry which isn't an 'or'. E.g.
229 *
230 * DECODE_OR (mask1, value1)
231 * DECODE_OR (mask2, value2)
232 * DECODE_SIMULATE (mask3, value3, simulation_handler)
233 *
234 * This means that if any of the three mask/value pairs match the
235 * instruction being decoded, then 'simulation_handler' will be used
236 * for it.
237 *
238 * Both the SIMULATE and EMULATE macros have a second form which take an
239 * additional 'regs' argument.
240 *
241 * DECODE_SIMULATEX(mask, value, handler, regs)
242 * DECODE_EMULATEX (mask, value, handler, regs)
243 *
244 * These are used to specify what kind of CPU register is encoded in each of the
245 * least significant 5 nibbles of the instruction being decoded. The regs value
246 * is specified using the REGS macro, this takes any of the REG_TYPE_* values
247 * from enum decode_reg_type as arguments; only the '*' part of the name is
248 * given. E.g.
249 *
250 * REGS(0, ANY, NOPC, 0, ANY)
251 *
252 * This indicates an instruction is encoded like:
253 *
254 * bits 19..16 ignore
255 * bits 15..12 any register allowed here
256 * bits 11.. 8 any register except PC allowed here
257 * bits 7.. 4 ignore
258 * bits 3.. 0 any register allowed here
259 *
260 * This register specification is checked after a decode table entry is found to
261 * match an instruction (through the mask/value test). Any invalid register then
262 * found in the instruction will cause decoding to fail with INSN_REJECTED. In
263 * the above example this would happen if bits 11..8 of the instruction were
264 * 1111, indicating R15 or PC.
265 *
266 * As well as checking for legal combinations of registers, this data is also
267 * used to modify the registers encoded in the instructions so that an
268 * emulation routines can use it. (See decode_regs() and INSN_NEW_BITS.)
269 *
270 * Here is a real example which matches ARM instructions of the form
271 * "AND <Rd>,<Rn>,<Rm>,<shift> <Rs>"
272 *
273 * DECODE_EMULATEX (0x0e000090, 0x00000010, emulate_rd12rn16rm0rs8_rwflags,
274 * REGS(ANY, ANY, NOPC, 0, ANY)),
275 * ^ ^ ^ ^
276 * Rn Rd Rs Rm
277 *
278 * Decoding the instruction "AND R4, R5, R6, ASL R15" will be rejected because
279 * Rs == R15
280 *
281 * Decoding the instruction "AND R4, R5, R6, ASL R7" will be accepted and the
282 * instruction will be modified to "AND R0, R2, R3, ASL R1" and then placed into
283 * the kprobes instruction slot. This can then be called later by the handler
284 * function emulate_rd12rn16rm0rs8_rwflags in order to simulate the instruction.
285 */
286
287enum decode_type {
288 DECODE_TYPE_END,
289 DECODE_TYPE_TABLE,
290 DECODE_TYPE_CUSTOM,
291 DECODE_TYPE_SIMULATE,
292 DECODE_TYPE_EMULATE,
293 DECODE_TYPE_OR,
294 DECODE_TYPE_REJECT,
295 NUM_DECODE_TYPES /* Must be last enum */
296};
297
298#define DECODE_TYPE_BITS 4
299#define DECODE_TYPE_MASK ((1 << DECODE_TYPE_BITS) - 1)
300
301enum decode_reg_type {
302 REG_TYPE_NONE = 0, /* Not a register, ignore */
303 REG_TYPE_ANY, /* Any register allowed */
304 REG_TYPE_SAMEAS16, /* Register should be same as that at bits 19..16 */
305 REG_TYPE_SP, /* Register must be SP */
306 REG_TYPE_PC, /* Register must be PC */
307 REG_TYPE_NOSP, /* Register must not be SP */
308 REG_TYPE_NOSPPC, /* Register must not be SP or PC */
309 REG_TYPE_NOPC, /* Register must not be PC */
310 REG_TYPE_NOPCWB, /* No PC if load/store write-back flag also set */
311
312 /* The following types are used when the encoding for PC indicates
313 * another instruction form. This distiction only matters for test
314 * case coverage checks.
315 */
316 REG_TYPE_NOPCX, /* Register must not be PC */
317 REG_TYPE_NOSPPCX, /* Register must not be SP or PC */
318
319 /* Alias to allow '0' arg to be used in REGS macro. */
320 REG_TYPE_0 = REG_TYPE_NONE
321};
322
323#define REGS(r16, r12, r8, r4, r0) \
324 ((REG_TYPE_##r16) << 16) + \
325 ((REG_TYPE_##r12) << 12) + \
326 ((REG_TYPE_##r8) << 8) + \
327 ((REG_TYPE_##r4) << 4) + \
328 (REG_TYPE_##r0)
329
330union decode_item {
331 u32 bits;
332 const union decode_item *table;
333 kprobe_insn_handler_t *handler;
334 kprobe_decode_insn_t *decoder;
335};
336
337
338#define DECODE_END \
339 {.bits = DECODE_TYPE_END}
340
341
342struct decode_header {
343 union decode_item type_regs;
344 union decode_item mask;
345 union decode_item value;
346};
347
348#define DECODE_HEADER(_type, _mask, _value, _regs) \
349 {.bits = (_type) | ((_regs) << DECODE_TYPE_BITS)}, \
350 {.bits = (_mask)}, \
351 {.bits = (_value)}
352
353
354struct decode_table {
355 struct decode_header header;
356 union decode_item table;
357};
358
359#define DECODE_TABLE(_mask, _value, _table) \
360 DECODE_HEADER(DECODE_TYPE_TABLE, _mask, _value, 0), \
361 {.table = (_table)}
362
363
364struct decode_custom {
365 struct decode_header header;
366 union decode_item decoder;
367};
368
369#define DECODE_CUSTOM(_mask, _value, _decoder) \
370 DECODE_HEADER(DECODE_TYPE_CUSTOM, _mask, _value, 0), \
371 {.decoder = (_decoder)}
372
373
374struct decode_simulate {
375 struct decode_header header;
376 union decode_item handler;
377};
378
379#define DECODE_SIMULATEX(_mask, _value, _handler, _regs) \
380 DECODE_HEADER(DECODE_TYPE_SIMULATE, _mask, _value, _regs), \
381 {.handler = (_handler)}
382
383#define DECODE_SIMULATE(_mask, _value, _handler) \
384 DECODE_SIMULATEX(_mask, _value, _handler, 0)
385
386
387struct decode_emulate {
388 struct decode_header header;
389 union decode_item handler;
390};
391
392#define DECODE_EMULATEX(_mask, _value, _handler, _regs) \
393 DECODE_HEADER(DECODE_TYPE_EMULATE, _mask, _value, _regs), \
394 {.handler = (_handler)}
395
396#define DECODE_EMULATE(_mask, _value, _handler) \
397 DECODE_EMULATEX(_mask, _value, _handler, 0)
398
399
400struct decode_or {
401 struct decode_header header;
402};
403
404#define DECODE_OR(_mask, _value) \
405 DECODE_HEADER(DECODE_TYPE_OR, _mask, _value, 0)
406
407
408struct decode_reject {
409 struct decode_header header;
410};
411
412#define DECODE_REJECT(_mask, _value) \
413 DECODE_HEADER(DECODE_TYPE_REJECT, _mask, _value, 0)
414
415
416#ifdef CONFIG_THUMB2_KERNEL
417extern const union decode_item kprobe_decode_thumb16_table[];
418extern const union decode_item kprobe_decode_thumb32_table[];
419#else
420extern const union decode_item kprobe_decode_arm_table[];
421#endif
422
423
424int kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
425 const union decode_item *table, bool thumb16);
426
427 56
428#endif /* _ARM_KERNEL_KPROBES_H */ 57#endif /* _ARM_KERNEL_KPROBES_H */
diff --git a/arch/arm/kernel/probes-arm.c b/arch/arm/kernel/probes-arm.c
new file mode 100644
index 000000000000..57e08b28e87f
--- /dev/null
+++ b/arch/arm/kernel/probes-arm.c
@@ -0,0 +1,731 @@
1/*
2 * arch/arm/kernel/probes-arm.c
3 *
4 * Some code moved here from arch/arm/kernel/kprobes-arm.c
5 *
6 * Copyright (C) 2006, 2007 Motorola Inc.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 */
17
18#include <linux/kernel.h>
19#include <linux/module.h>
20#include <linux/stddef.h>
21#include <linux/ptrace.h>
22#include <linux/kprobes.h>
23
24#include "kprobes.h"
25#include "probes-arm.h"
26
27#define sign_extend(x, signbit) ((x) | (0 - ((x) & (1 << (signbit)))))
28
29#define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25)
30
31/*
32 * To avoid the complications of mimicing single-stepping on a
33 * processor without a Next-PC or a single-step mode, and to
34 * avoid having to deal with the side-effects of boosting, we
35 * simulate or emulate (almost) all ARM instructions.
36 *
37 * "Simulation" is where the instruction's behavior is duplicated in
38 * C code. "Emulation" is where the original instruction is rewritten
39 * and executed, often by altering its registers.
40 *
41 * By having all behavior of the kprobe'd instruction completed before
42 * returning from the kprobe_handler(), all locks (scheduler and
43 * interrupt) can safely be released. There is no need for secondary
44 * breakpoints, no race with MP or preemptable kernels, nor having to
45 * clean up resources counts at a later time impacting overall system
46 * performance. By rewriting the instruction, only the minimum registers
47 * need to be loaded and saved back optimizing performance.
48 *
49 * Calling the insnslot_*_rwflags version of a function doesn't hurt
50 * anything even when the CPSR flags aren't updated by the
51 * instruction. It's just a little slower in return for saving
52 * a little space by not having a duplicate function that doesn't
53 * update the flags. (The same optimization can be said for
54 * instructions that do or don't perform register writeback)
55 * Also, instructions can either read the flags, only write the
56 * flags, or read and write the flags. To save combinations
57 * rather than for sheer performance, flag functions just assume
58 * read and write of flags.
59 */
60
61void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs)
62{
63 kprobe_opcode_t insn = p->opcode;
64 long iaddr = (long)p->addr;
65 int disp = branch_displacement(insn);
66
67 if (insn & (1 << 24))
68 regs->ARM_lr = iaddr + 4;
69
70 regs->ARM_pc = iaddr + 8 + disp;
71}
72
73void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs)
74{
75 kprobe_opcode_t insn = p->opcode;
76 long iaddr = (long)p->addr;
77 int disp = branch_displacement(insn);
78
79 regs->ARM_lr = iaddr + 4;
80 regs->ARM_pc = iaddr + 8 + disp + ((insn >> 23) & 0x2);
81 regs->ARM_cpsr |= PSR_T_BIT;
82}
83
84void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs)
85{
86 kprobe_opcode_t insn = p->opcode;
87 int rm = insn & 0xf;
88 long rmv = regs->uregs[rm];
89
90 if (insn & (1 << 5))
91 regs->ARM_lr = (long)p->addr + 4;
92
93 regs->ARM_pc = rmv & ~0x1;
94 regs->ARM_cpsr &= ~PSR_T_BIT;
95 if (rmv & 0x1)
96 regs->ARM_cpsr |= PSR_T_BIT;
97}
98
99void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs)
100{
101 kprobe_opcode_t insn = p->opcode;
102 int rd = (insn >> 12) & 0xf;
103 unsigned long mask = 0xf8ff03df; /* Mask out execution state */
104 regs->uregs[rd] = regs->ARM_cpsr & mask;
105}
106
107void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs)
108{
109 regs->uregs[12] = regs->uregs[13];
110}
111
112/*
113 * For the instruction masking and comparisons in all the "space_*"
114 * functions below, Do _not_ rearrange the order of tests unless
115 * you're very, very sure of what you are doing. For the sake of
116 * efficiency, the masks for some tests sometimes assume other test
117 * have been done prior to them so the number of patterns to test
118 * for an instruction set can be as broad as possible to reduce the
119 * number of tests needed.
120 */
121
122static const union decode_item arm_1111_table[] = {
123 /* Unconditional instructions */
124
125 /* memory hint 1111 0100 x001 xxxx xxxx xxxx xxxx xxxx */
126 /* PLDI (immediate) 1111 0100 x101 xxxx xxxx xxxx xxxx xxxx */
127 /* PLDW (immediate) 1111 0101 x001 xxxx xxxx xxxx xxxx xxxx */
128 /* PLD (immediate) 1111 0101 x101 xxxx xxxx xxxx xxxx xxxx */
129 DECODE_SIMULATE (0xfe300000, 0xf4100000, kprobe_simulate_nop),
130
131 /* memory hint 1111 0110 x001 xxxx xxxx xxxx xxx0 xxxx */
132 /* PLDI (register) 1111 0110 x101 xxxx xxxx xxxx xxx0 xxxx */
133 /* PLDW (register) 1111 0111 x001 xxxx xxxx xxxx xxx0 xxxx */
134 /* PLD (register) 1111 0111 x101 xxxx xxxx xxxx xxx0 xxxx */
135 DECODE_SIMULATE (0xfe300010, 0xf6100000, kprobe_simulate_nop),
136
137 /* BLX (immediate) 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx */
138 DECODE_SIMULATE (0xfe000000, 0xfa000000, simulate_blx1),
139
140 /* CPS 1111 0001 0000 xxx0 xxxx xxxx xx0x xxxx */
141 /* SETEND 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */
142 /* SRS 1111 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
143 /* RFE 1111 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
144
145 /* Coprocessor instructions... */
146 /* MCRR2 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx */
147 /* MRRC2 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx */
148 /* LDC2 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
149 /* STC2 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
150 /* CDP2 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
151 /* MCR2 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
152 /* MRC2 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
153
154 /* Other unallocated instructions... */
155 DECODE_END
156};
157
158static const union decode_item arm_cccc_0001_0xx0____0xxx_table[] = {
159 /* Miscellaneous instructions */
160
161 /* MRS cpsr cccc 0001 0000 xxxx xxxx xxxx 0000 xxxx */
162 DECODE_SIMULATEX(0x0ff000f0, 0x01000000, simulate_mrs,
163 REGS(0, NOPC, 0, 0, 0)),
164
165 /* BX cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */
166 DECODE_SIMULATE (0x0ff000f0, 0x01200010, simulate_blx2bx),
167
168 /* BLX (register) cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */
169 DECODE_SIMULATEX(0x0ff000f0, 0x01200030, simulate_blx2bx,
170 REGS(0, 0, 0, 0, NOPC)),
171
172 /* CLZ cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */
173 DECODE_EMULATEX (0x0ff000f0, 0x01600010, emulate_rd12rm0_noflags_nopc,
174 REGS(0, NOPC, 0, 0, NOPC)),
175
176 /* QADD cccc 0001 0000 xxxx xxxx xxxx 0101 xxxx */
177 /* QSUB cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx */
178 /* QDADD cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx */
179 /* QDSUB cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx */
180 DECODE_EMULATEX (0x0f9000f0, 0x01000050, emulate_rd12rn16rm0_rwflags_nopc,
181 REGS(NOPC, NOPC, 0, 0, NOPC)),
182
183 /* BXJ cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */
184 /* MSR cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */
185 /* MRS spsr cccc 0001 0100 xxxx xxxx xxxx 0000 xxxx */
186 /* BKPT 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
187 /* SMC cccc 0001 0110 xxxx xxxx xxxx 0111 xxxx */
188 /* And unallocated instructions... */
189 DECODE_END
190};
191
192static const union decode_item arm_cccc_0001_0xx0____1xx0_table[] = {
193 /* Halfword multiply and multiply-accumulate */
194
195 /* SMLALxy cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */
196 DECODE_EMULATEX (0x0ff00090, 0x01400080, emulate_rdlo12rdhi16rn0rm8_rwflags_nopc,
197 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
198
199 /* SMULWy cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */
200 DECODE_OR (0x0ff000b0, 0x012000a0),
201 /* SMULxy cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */
202 DECODE_EMULATEX (0x0ff00090, 0x01600080, emulate_rd16rn12rm0rs8_rwflags_nopc,
203 REGS(NOPC, 0, NOPC, 0, NOPC)),
204
205 /* SMLAxy cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx */
206 DECODE_OR (0x0ff00090, 0x01000080),
207 /* SMLAWy cccc 0001 0010 xxxx xxxx xxxx 1x00 xxxx */
208 DECODE_EMULATEX (0x0ff000b0, 0x01200080, emulate_rd16rn12rm0rs8_rwflags_nopc,
209 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
210
211 DECODE_END
212};
213
214static const union decode_item arm_cccc_0000_____1001_table[] = {
215 /* Multiply and multiply-accumulate */
216
217 /* MUL cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx */
218 /* MULS cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx */
219 DECODE_EMULATEX (0x0fe000f0, 0x00000090, emulate_rd16rn12rm0rs8_rwflags_nopc,
220 REGS(NOPC, 0, NOPC, 0, NOPC)),
221
222 /* MLA cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx */
223 /* MLAS cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx */
224 DECODE_OR (0x0fe000f0, 0x00200090),
225 /* MLS cccc 0000 0110 xxxx xxxx xxxx 1001 xxxx */
226 DECODE_EMULATEX (0x0ff000f0, 0x00600090, emulate_rd16rn12rm0rs8_rwflags_nopc,
227 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
228
229 /* UMAAL cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx */
230 DECODE_OR (0x0ff000f0, 0x00400090),
231 /* UMULL cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx */
232 /* UMULLS cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx */
233 /* UMLAL cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx */
234 /* UMLALS cccc 0000 1011 xxxx xxxx xxxx 1001 xxxx */
235 /* SMULL cccc 0000 1100 xxxx xxxx xxxx 1001 xxxx */
236 /* SMULLS cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx */
237 /* SMLAL cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx */
238 /* SMLALS cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx */
239 DECODE_EMULATEX (0x0f8000f0, 0x00800090, emulate_rdlo12rdhi16rn0rm8_rwflags_nopc,
240 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
241
242 DECODE_END
243};
244
245static const union decode_item arm_cccc_0001_____1001_table[] = {
246 /* Synchronization primitives */
247
248#if __LINUX_ARM_ARCH__ < 6
249 /* Deprecated on ARMv6 and may be UNDEFINED on v7 */
250 /* SMP/SWPB cccc 0001 0x00 xxxx xxxx xxxx 1001 xxxx */
251 DECODE_EMULATEX (0x0fb000f0, 0x01000090, emulate_rd12rn16rm0_rwflags_nopc,
252 REGS(NOPC, NOPC, 0, 0, NOPC)),
253#endif
254 /* LDREX/STREX{,D,B,H} cccc 0001 1xxx xxxx xxxx xxxx 1001 xxxx */
255 /* And unallocated instructions... */
256 DECODE_END
257};
258
259static const union decode_item arm_cccc_000x_____1xx1_table[] = {
260 /* Extra load/store instructions */
261
262 /* STRHT cccc 0000 xx10 xxxx xxxx xxxx 1011 xxxx */
263 /* ??? cccc 0000 xx10 xxxx xxxx xxxx 11x1 xxxx */
264 /* LDRHT cccc 0000 xx11 xxxx xxxx xxxx 1011 xxxx */
265 /* LDRSBT cccc 0000 xx11 xxxx xxxx xxxx 1101 xxxx */
266 /* LDRSHT cccc 0000 xx11 xxxx xxxx xxxx 1111 xxxx */
267 DECODE_REJECT (0x0f200090, 0x00200090),
268
269 /* LDRD/STRD lr,pc,{... cccc 000x x0x0 xxxx 111x xxxx 1101 xxxx */
270 DECODE_REJECT (0x0e10e0d0, 0x0000e0d0),
271
272 /* LDRD (register) cccc 000x x0x0 xxxx xxxx xxxx 1101 xxxx */
273 /* STRD (register) cccc 000x x0x0 xxxx xxxx xxxx 1111 xxxx */
274 DECODE_EMULATEX (0x0e5000d0, 0x000000d0, emulate_ldrdstrd,
275 REGS(NOPCWB, NOPCX, 0, 0, NOPC)),
276
277 /* LDRD (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1101 xxxx */
278 /* STRD (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1111 xxxx */
279 DECODE_EMULATEX (0x0e5000d0, 0x004000d0, emulate_ldrdstrd,
280 REGS(NOPCWB, NOPCX, 0, 0, 0)),
281
282 /* STRH (register) cccc 000x x0x0 xxxx xxxx xxxx 1011 xxxx */
283 DECODE_EMULATEX (0x0e5000f0, 0x000000b0, emulate_str,
284 REGS(NOPCWB, NOPC, 0, 0, NOPC)),
285
286 /* LDRH (register) cccc 000x x0x1 xxxx xxxx xxxx 1011 xxxx */
287 /* LDRSB (register) cccc 000x x0x1 xxxx xxxx xxxx 1101 xxxx */
288 /* LDRSH (register) cccc 000x x0x1 xxxx xxxx xxxx 1111 xxxx */
289 DECODE_EMULATEX (0x0e500090, 0x00100090, emulate_ldr,
290 REGS(NOPCWB, NOPC, 0, 0, NOPC)),
291
292 /* STRH (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1011 xxxx */
293 DECODE_EMULATEX (0x0e5000f0, 0x004000b0, emulate_str,
294 REGS(NOPCWB, NOPC, 0, 0, 0)),
295
296 /* LDRH (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1011 xxxx */
297 /* LDRSB (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1101 xxxx */
298 /* LDRSH (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1111 xxxx */
299 DECODE_EMULATEX (0x0e500090, 0x00500090, emulate_ldr,
300 REGS(NOPCWB, NOPC, 0, 0, 0)),
301
302 DECODE_END
303};
304
305static const union decode_item arm_cccc_000x_table[] = {
306 /* Data-processing (register) */
307
308 /* <op>S PC, ... cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx */
309 DECODE_REJECT (0x0e10f000, 0x0010f000),
310
311 /* MOV IP, SP 1110 0001 1010 0000 1100 0000 0000 1101 */
312 DECODE_SIMULATE (0xffffffff, 0xe1a0c00d, simulate_mov_ipsp),
313
314 /* TST (register) cccc 0001 0001 xxxx xxxx xxxx xxx0 xxxx */
315 /* TEQ (register) cccc 0001 0011 xxxx xxxx xxxx xxx0 xxxx */
316 /* CMP (register) cccc 0001 0101 xxxx xxxx xxxx xxx0 xxxx */
317 /* CMN (register) cccc 0001 0111 xxxx xxxx xxxx xxx0 xxxx */
318 DECODE_EMULATEX (0x0f900010, 0x01100000, emulate_rd12rn16rm0rs8_rwflags,
319 REGS(ANY, 0, 0, 0, ANY)),
320
321 /* MOV (register) cccc 0001 101x xxxx xxxx xxxx xxx0 xxxx */
322 /* MVN (register) cccc 0001 111x xxxx xxxx xxxx xxx0 xxxx */
323 DECODE_EMULATEX (0x0fa00010, 0x01a00000, emulate_rd12rn16rm0rs8_rwflags,
324 REGS(0, ANY, 0, 0, ANY)),
325
326 /* AND (register) cccc 0000 000x xxxx xxxx xxxx xxx0 xxxx */
327 /* EOR (register) cccc 0000 001x xxxx xxxx xxxx xxx0 xxxx */
328 /* SUB (register) cccc 0000 010x xxxx xxxx xxxx xxx0 xxxx */
329 /* RSB (register) cccc 0000 011x xxxx xxxx xxxx xxx0 xxxx */
330 /* ADD (register) cccc 0000 100x xxxx xxxx xxxx xxx0 xxxx */
331 /* ADC (register) cccc 0000 101x xxxx xxxx xxxx xxx0 xxxx */
332 /* SBC (register) cccc 0000 110x xxxx xxxx xxxx xxx0 xxxx */
333 /* RSC (register) cccc 0000 111x xxxx xxxx xxxx xxx0 xxxx */
334 /* ORR (register) cccc 0001 100x xxxx xxxx xxxx xxx0 xxxx */
335 /* BIC (register) cccc 0001 110x xxxx xxxx xxxx xxx0 xxxx */
336 DECODE_EMULATEX (0x0e000010, 0x00000000, emulate_rd12rn16rm0rs8_rwflags,
337 REGS(ANY, ANY, 0, 0, ANY)),
338
339 /* TST (reg-shift reg) cccc 0001 0001 xxxx xxxx xxxx 0xx1 xxxx */
340 /* TEQ (reg-shift reg) cccc 0001 0011 xxxx xxxx xxxx 0xx1 xxxx */
341 /* CMP (reg-shift reg) cccc 0001 0101 xxxx xxxx xxxx 0xx1 xxxx */
342 /* CMN (reg-shift reg) cccc 0001 0111 xxxx xxxx xxxx 0xx1 xxxx */
343 DECODE_EMULATEX (0x0f900090, 0x01100010, emulate_rd12rn16rm0rs8_rwflags,
344 REGS(ANY, 0, NOPC, 0, ANY)),
345
346 /* MOV (reg-shift reg) cccc 0001 101x xxxx xxxx xxxx 0xx1 xxxx */
347 /* MVN (reg-shift reg) cccc 0001 111x xxxx xxxx xxxx 0xx1 xxxx */
348 DECODE_EMULATEX (0x0fa00090, 0x01a00010, emulate_rd12rn16rm0rs8_rwflags,
349 REGS(0, ANY, NOPC, 0, ANY)),
350
351 /* AND (reg-shift reg) cccc 0000 000x xxxx xxxx xxxx 0xx1 xxxx */
352 /* EOR (reg-shift reg) cccc 0000 001x xxxx xxxx xxxx 0xx1 xxxx */
353 /* SUB (reg-shift reg) cccc 0000 010x xxxx xxxx xxxx 0xx1 xxxx */
354 /* RSB (reg-shift reg) cccc 0000 011x xxxx xxxx xxxx 0xx1 xxxx */
355 /* ADD (reg-shift reg) cccc 0000 100x xxxx xxxx xxxx 0xx1 xxxx */
356 /* ADC (reg-shift reg) cccc 0000 101x xxxx xxxx xxxx 0xx1 xxxx */
357 /* SBC (reg-shift reg) cccc 0000 110x xxxx xxxx xxxx 0xx1 xxxx */
358 /* RSC (reg-shift reg) cccc 0000 111x xxxx xxxx xxxx 0xx1 xxxx */
359 /* ORR (reg-shift reg) cccc 0001 100x xxxx xxxx xxxx 0xx1 xxxx */
360 /* BIC (reg-shift reg) cccc 0001 110x xxxx xxxx xxxx 0xx1 xxxx */
361 DECODE_EMULATEX (0x0e000090, 0x00000010, emulate_rd12rn16rm0rs8_rwflags,
362 REGS(ANY, ANY, NOPC, 0, ANY)),
363
364 DECODE_END
365};
366
367static const union decode_item arm_cccc_001x_table[] = {
368 /* Data-processing (immediate) */
369
370 /* MOVW cccc 0011 0000 xxxx xxxx xxxx xxxx xxxx */
371 /* MOVT cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx */
372 DECODE_EMULATEX (0x0fb00000, 0x03000000, emulate_rd12rm0_noflags_nopc,
373 REGS(0, NOPC, 0, 0, 0)),
374
375 /* YIELD cccc 0011 0010 0000 xxxx xxxx 0000 0001 */
376 DECODE_OR (0x0fff00ff, 0x03200001),
377 /* SEV cccc 0011 0010 0000 xxxx xxxx 0000 0100 */
378 DECODE_EMULATE (0x0fff00ff, 0x03200004, kprobe_emulate_none),
379 /* NOP cccc 0011 0010 0000 xxxx xxxx 0000 0000 */
380 /* WFE cccc 0011 0010 0000 xxxx xxxx 0000 0010 */
381 /* WFI cccc 0011 0010 0000 xxxx xxxx 0000 0011 */
382 DECODE_SIMULATE (0x0fff00fc, 0x03200000, kprobe_simulate_nop),
383 /* DBG cccc 0011 0010 0000 xxxx xxxx ffff xxxx */
384 /* unallocated hints cccc 0011 0010 0000 xxxx xxxx xxxx xxxx */
385 /* MSR (immediate) cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx */
386 DECODE_REJECT (0x0fb00000, 0x03200000),
387
388 /* <op>S PC, ... cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx */
389 DECODE_REJECT (0x0e10f000, 0x0210f000),
390
391 /* TST (immediate) cccc 0011 0001 xxxx xxxx xxxx xxxx xxxx */
392 /* TEQ (immediate) cccc 0011 0011 xxxx xxxx xxxx xxxx xxxx */
393 /* CMP (immediate) cccc 0011 0101 xxxx xxxx xxxx xxxx xxxx */
394 /* CMN (immediate) cccc 0011 0111 xxxx xxxx xxxx xxxx xxxx */
395 DECODE_EMULATEX (0x0f900000, 0x03100000, emulate_rd12rn16rm0rs8_rwflags,
396 REGS(ANY, 0, 0, 0, 0)),
397
398 /* MOV (immediate) cccc 0011 101x xxxx xxxx xxxx xxxx xxxx */
399 /* MVN (immediate) cccc 0011 111x xxxx xxxx xxxx xxxx xxxx */
400 DECODE_EMULATEX (0x0fa00000, 0x03a00000, emulate_rd12rn16rm0rs8_rwflags,
401 REGS(0, ANY, 0, 0, 0)),
402
403 /* AND (immediate) cccc 0010 000x xxxx xxxx xxxx xxxx xxxx */
404 /* EOR (immediate) cccc 0010 001x xxxx xxxx xxxx xxxx xxxx */
405 /* SUB (immediate) cccc 0010 010x xxxx xxxx xxxx xxxx xxxx */
406 /* RSB (immediate) cccc 0010 011x xxxx xxxx xxxx xxxx xxxx */
407 /* ADD (immediate) cccc 0010 100x xxxx xxxx xxxx xxxx xxxx */
408 /* ADC (immediate) cccc 0010 101x xxxx xxxx xxxx xxxx xxxx */
409 /* SBC (immediate) cccc 0010 110x xxxx xxxx xxxx xxxx xxxx */
410 /* RSC (immediate) cccc 0010 111x xxxx xxxx xxxx xxxx xxxx */
411 /* ORR (immediate) cccc 0011 100x xxxx xxxx xxxx xxxx xxxx */
412 /* BIC (immediate) cccc 0011 110x xxxx xxxx xxxx xxxx xxxx */
413 DECODE_EMULATEX (0x0e000000, 0x02000000, emulate_rd12rn16rm0rs8_rwflags,
414 REGS(ANY, ANY, 0, 0, 0)),
415
416 DECODE_END
417};
418
419static const union decode_item arm_cccc_0110_____xxx1_table[] = {
420 /* Media instructions */
421
422 /* SEL cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx */
423 DECODE_EMULATEX (0x0ff000f0, 0x068000b0, emulate_rd12rn16rm0_rwflags_nopc,
424 REGS(NOPC, NOPC, 0, 0, NOPC)),
425
426 /* SSAT cccc 0110 101x xxxx xxxx xxxx xx01 xxxx */
427 /* USAT cccc 0110 111x xxxx xxxx xxxx xx01 xxxx */
428 DECODE_OR(0x0fa00030, 0x06a00010),
429 /* SSAT16 cccc 0110 1010 xxxx xxxx xxxx 0011 xxxx */
430 /* USAT16 cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx */
431 DECODE_EMULATEX (0x0fb000f0, 0x06a00030, emulate_rd12rn16rm0_rwflags_nopc,
432 REGS(0, NOPC, 0, 0, NOPC)),
433
434 /* REV cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */
435 /* REV16 cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */
436 /* RBIT cccc 0110 1111 xxxx xxxx xxxx 0011 xxxx */
437 /* REVSH cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */
438 DECODE_EMULATEX (0x0fb00070, 0x06b00030, emulate_rd12rm0_noflags_nopc,
439 REGS(0, NOPC, 0, 0, NOPC)),
440
441 /* ??? cccc 0110 0x00 xxxx xxxx xxxx xxx1 xxxx */
442 DECODE_REJECT (0x0fb00010, 0x06000010),
443 /* ??? cccc 0110 0xxx xxxx xxxx xxxx 1011 xxxx */
444 DECODE_REJECT (0x0f8000f0, 0x060000b0),
445 /* ??? cccc 0110 0xxx xxxx xxxx xxxx 1101 xxxx */
446 DECODE_REJECT (0x0f8000f0, 0x060000d0),
447 /* SADD16 cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx */
448 /* SADDSUBX cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx */
449 /* SSUBADDX cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx */
450 /* SSUB16 cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx */
451 /* SADD8 cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx */
452 /* SSUB8 cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx */
453 /* QADD16 cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx */
454 /* QADDSUBX cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx */
455 /* QSUBADDX cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx */
456 /* QSUB16 cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx */
457 /* QADD8 cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx */
458 /* QSUB8 cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx */
459 /* SHADD16 cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx */
460 /* SHADDSUBX cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx */
461 /* SHSUBADDX cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx */
462 /* SHSUB16 cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx */
463 /* SHADD8 cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx */
464 /* SHSUB8 cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx */
465 /* UADD16 cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx */
466 /* UADDSUBX cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx */
467 /* USUBADDX cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx */
468 /* USUB16 cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx */
469 /* UADD8 cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx */
470 /* USUB8 cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx */
471 /* UQADD16 cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx */
472 /* UQADDSUBX cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx */
473 /* UQSUBADDX cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx */
474 /* UQSUB16 cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx */
475 /* UQADD8 cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx */
476 /* UQSUB8 cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx */
477 /* UHADD16 cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx */
478 /* UHADDSUBX cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx */
479 /* UHSUBADDX cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx */
480 /* UHSUB16 cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx */
481 /* UHADD8 cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx */
482 /* UHSUB8 cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx */
483 DECODE_EMULATEX (0x0f800010, 0x06000010, emulate_rd12rn16rm0_rwflags_nopc,
484 REGS(NOPC, NOPC, 0, 0, NOPC)),
485
486 /* PKHBT cccc 0110 1000 xxxx xxxx xxxx x001 xxxx */
487 /* PKHTB cccc 0110 1000 xxxx xxxx xxxx x101 xxxx */
488 DECODE_EMULATEX (0x0ff00030, 0x06800010, emulate_rd12rn16rm0_rwflags_nopc,
489 REGS(NOPC, NOPC, 0, 0, NOPC)),
490
491 /* ??? cccc 0110 1001 xxxx xxxx xxxx 0111 xxxx */
492 /* ??? cccc 0110 1101 xxxx xxxx xxxx 0111 xxxx */
493 DECODE_REJECT (0x0fb000f0, 0x06900070),
494
495 /* SXTB16 cccc 0110 1000 1111 xxxx xxxx 0111 xxxx */
496 /* SXTB cccc 0110 1010 1111 xxxx xxxx 0111 xxxx */
497 /* SXTH cccc 0110 1011 1111 xxxx xxxx 0111 xxxx */
498 /* UXTB16 cccc 0110 1100 1111 xxxx xxxx 0111 xxxx */
499 /* UXTB cccc 0110 1110 1111 xxxx xxxx 0111 xxxx */
500 /* UXTH cccc 0110 1111 1111 xxxx xxxx 0111 xxxx */
501 DECODE_EMULATEX (0x0f8f00f0, 0x068f0070, emulate_rd12rm0_noflags_nopc,
502 REGS(0, NOPC, 0, 0, NOPC)),
503
504 /* SXTAB16 cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx */
505 /* SXTAB cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx */
506 /* SXTAH cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx */
507 /* UXTAB16 cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx */
508 /* UXTAB cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx */
509 /* UXTAH cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx */
510 DECODE_EMULATEX (0x0f8000f0, 0x06800070, emulate_rd12rn16rm0_rwflags_nopc,
511 REGS(NOPCX, NOPC, 0, 0, NOPC)),
512
513 DECODE_END
514};
515
516static const union decode_item arm_cccc_0111_____xxx1_table[] = {
517 /* Media instructions */
518
519 /* UNDEFINED cccc 0111 1111 xxxx xxxx xxxx 1111 xxxx */
520 DECODE_REJECT (0x0ff000f0, 0x07f000f0),
521
522 /* SMLALD cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */
523 /* SMLSLD cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */
524 DECODE_EMULATEX (0x0ff00090, 0x07400010, emulate_rdlo12rdhi16rn0rm8_rwflags_nopc,
525 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
526
527 /* SMUAD cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx */
528 /* SMUSD cccc 0111 0000 xxxx 1111 xxxx 01x1 xxxx */
529 DECODE_OR (0x0ff0f090, 0x0700f010),
530 /* SMMUL cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx */
531 DECODE_OR (0x0ff0f0d0, 0x0750f010),
532 /* USAD8 cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx */
533 DECODE_EMULATEX (0x0ff0f0f0, 0x0780f010, emulate_rd16rn12rm0rs8_rwflags_nopc,
534 REGS(NOPC, 0, NOPC, 0, NOPC)),
535
536 /* SMLAD cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx */
537 /* SMLSD cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx */
538 DECODE_OR (0x0ff00090, 0x07000010),
539 /* SMMLA cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx */
540 DECODE_OR (0x0ff000d0, 0x07500010),
541 /* USADA8 cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx */
542 DECODE_EMULATEX (0x0ff000f0, 0x07800010, emulate_rd16rn12rm0rs8_rwflags_nopc,
543 REGS(NOPC, NOPCX, NOPC, 0, NOPC)),
544
545 /* SMMLS cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx */
546 DECODE_EMULATEX (0x0ff000d0, 0x075000d0, emulate_rd16rn12rm0rs8_rwflags_nopc,
547 REGS(NOPC, NOPC, NOPC, 0, NOPC)),
548
549 /* SBFX cccc 0111 101x xxxx xxxx xxxx x101 xxxx */
550 /* UBFX cccc 0111 111x xxxx xxxx xxxx x101 xxxx */
551 DECODE_EMULATEX (0x0fa00070, 0x07a00050, emulate_rd12rm0_noflags_nopc,
552 REGS(0, NOPC, 0, 0, NOPC)),
553
554 /* BFC cccc 0111 110x xxxx xxxx xxxx x001 1111 */
555 DECODE_EMULATEX (0x0fe0007f, 0x07c0001f, emulate_rd12rm0_noflags_nopc,
556 REGS(0, NOPC, 0, 0, 0)),
557
558 /* BFI cccc 0111 110x xxxx xxxx xxxx x001 xxxx */
559 DECODE_EMULATEX (0x0fe00070, 0x07c00010, emulate_rd12rm0_noflags_nopc,
560 REGS(0, NOPC, 0, 0, NOPCX)),
561
562 DECODE_END
563};
564
565static const union decode_item arm_cccc_01xx_table[] = {
566 /* Load/store word and unsigned byte */
567
568 /* LDRB/STRB pc,[...] cccc 01xx x0xx xxxx xxxx xxxx xxxx xxxx */
569 DECODE_REJECT (0x0c40f000, 0x0440f000),
570
571 /* STRT cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */
572 /* LDRT cccc 01x0 x011 xxxx xxxx xxxx xxxx xxxx */
573 /* STRBT cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */
574 /* LDRBT cccc 01x0 x111 xxxx xxxx xxxx xxxx xxxx */
575 DECODE_REJECT (0x0d200000, 0x04200000),
576
577 /* STR (immediate) cccc 010x x0x0 xxxx xxxx xxxx xxxx xxxx */
578 /* STRB (immediate) cccc 010x x1x0 xxxx xxxx xxxx xxxx xxxx */
579 DECODE_EMULATEX (0x0e100000, 0x04000000, emulate_str,
580 REGS(NOPCWB, ANY, 0, 0, 0)),
581
582 /* LDR (immediate) cccc 010x x0x1 xxxx xxxx xxxx xxxx xxxx */
583 /* LDRB (immediate) cccc 010x x1x1 xxxx xxxx xxxx xxxx xxxx */
584 DECODE_EMULATEX (0x0e100000, 0x04100000, emulate_ldr,
585 REGS(NOPCWB, ANY, 0, 0, 0)),
586
587 /* STR (register) cccc 011x x0x0 xxxx xxxx xxxx xxxx xxxx */
588 /* STRB (register) cccc 011x x1x0 xxxx xxxx xxxx xxxx xxxx */
589 DECODE_EMULATEX (0x0e100000, 0x06000000, emulate_str,
590 REGS(NOPCWB, ANY, 0, 0, NOPC)),
591
592 /* LDR (register) cccc 011x x0x1 xxxx xxxx xxxx xxxx xxxx */
593 /* LDRB (register) cccc 011x x1x1 xxxx xxxx xxxx xxxx xxxx */
594 DECODE_EMULATEX (0x0e100000, 0x06100000, emulate_ldr,
595 REGS(NOPCWB, ANY, 0, 0, NOPC)),
596
597 DECODE_END
598};
599
600static const union decode_item arm_cccc_100x_table[] = {
601 /* Block data transfer instructions */
602
603 /* LDM cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
604 /* STM cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */
605 DECODE_CUSTOM (0x0e400000, 0x08000000, kprobe_decode_ldmstm),
606
607 /* STM (user registers) cccc 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
608 /* LDM (user registers) cccc 100x x1x1 xxxx 0xxx xxxx xxxx xxxx */
609 /* LDM (exception ret) cccc 100x x1x1 xxxx 1xxx xxxx xxxx xxxx */
610 DECODE_END
611};
612
613const union decode_item kprobe_decode_arm_table[] = {
614 /*
615 * Unconditional instructions
616 * 1111 xxxx xxxx xxxx xxxx xxxx xxxx xxxx
617 */
618 DECODE_TABLE (0xf0000000, 0xf0000000, arm_1111_table),
619
620 /*
621 * Miscellaneous instructions
622 * cccc 0001 0xx0 xxxx xxxx xxxx 0xxx xxxx
623 */
624 DECODE_TABLE (0x0f900080, 0x01000000, arm_cccc_0001_0xx0____0xxx_table),
625
626 /*
627 * Halfword multiply and multiply-accumulate
628 * cccc 0001 0xx0 xxxx xxxx xxxx 1xx0 xxxx
629 */
630 DECODE_TABLE (0x0f900090, 0x01000080, arm_cccc_0001_0xx0____1xx0_table),
631
632 /*
633 * Multiply and multiply-accumulate
634 * cccc 0000 xxxx xxxx xxxx xxxx 1001 xxxx
635 */
636 DECODE_TABLE (0x0f0000f0, 0x00000090, arm_cccc_0000_____1001_table),
637
638 /*
639 * Synchronization primitives
640 * cccc 0001 xxxx xxxx xxxx xxxx 1001 xxxx
641 */
642 DECODE_TABLE (0x0f0000f0, 0x01000090, arm_cccc_0001_____1001_table),
643
644 /*
645 * Extra load/store instructions
646 * cccc 000x xxxx xxxx xxxx xxxx 1xx1 xxxx
647 */
648 DECODE_TABLE (0x0e000090, 0x00000090, arm_cccc_000x_____1xx1_table),
649
650 /*
651 * Data-processing (register)
652 * cccc 000x xxxx xxxx xxxx xxxx xxx0 xxxx
653 * Data-processing (register-shifted register)
654 * cccc 000x xxxx xxxx xxxx xxxx 0xx1 xxxx
655 */
656 DECODE_TABLE (0x0e000000, 0x00000000, arm_cccc_000x_table),
657
658 /*
659 * Data-processing (immediate)
660 * cccc 001x xxxx xxxx xxxx xxxx xxxx xxxx
661 */
662 DECODE_TABLE (0x0e000000, 0x02000000, arm_cccc_001x_table),
663
664 /*
665 * Media instructions
666 * cccc 011x xxxx xxxx xxxx xxxx xxx1 xxxx
667 */
668 DECODE_TABLE (0x0f000010, 0x06000010, arm_cccc_0110_____xxx1_table),
669 DECODE_TABLE (0x0f000010, 0x07000010, arm_cccc_0111_____xxx1_table),
670
671 /*
672 * Load/store word and unsigned byte
673 * cccc 01xx xxxx xxxx xxxx xxxx xxxx xxxx
674 */
675 DECODE_TABLE (0x0c000000, 0x04000000, arm_cccc_01xx_table),
676
677 /*
678 * Block data transfer instructions
679 * cccc 100x xxxx xxxx xxxx xxxx xxxx xxxx
680 */
681 DECODE_TABLE (0x0e000000, 0x08000000, arm_cccc_100x_table),
682
683 /* B cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */
684 /* BL cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */
685 DECODE_SIMULATE (0x0e000000, 0x0a000000, simulate_bbl),
686
687 /*
688 * Supervisor Call, and coprocessor instructions
689 */
690
691 /* MCRR cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx */
692 /* MRRC cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx */
693 /* LDC cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
694 /* STC cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
695 /* CDP cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
696 /* MCR cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
697 /* MRC cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
698 /* SVC cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */
699 DECODE_REJECT (0x0c000000, 0x0c000000),
700
701 DECODE_END
702};
703#ifdef CONFIG_ARM_KPROBES_TEST_MODULE
704EXPORT_SYMBOL_GPL(kprobe_decode_arm_table);
705#endif
706
707static void __kprobes arm_singlestep(struct kprobe *p, struct pt_regs *regs)
708{
709 regs->ARM_pc += 4;
710 p->ainsn.insn_handler(p, regs);
711}
712
713/* Return:
714 * INSN_REJECTED If instruction is one not allowed to kprobe,
715 * INSN_GOOD If instruction is supported and uses instruction slot,
716 * INSN_GOOD_NO_SLOT If instruction is supported but doesn't use its slot.
717 *
718 * For instructions we don't want to kprobe (INSN_REJECTED return result):
719 * These are generally ones that modify the processor state making
720 * them "hard" to simulate such as switches processor modes or
721 * make accesses in alternate modes. Any of these could be simulated
722 * if the work was put into it, but low return considering they
723 * should also be very rare.
724 */
725enum kprobe_insn __kprobes
726arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi)
727{
728 asi->insn_singlestep = arm_singlestep;
729 asi->insn_check_cc = kprobe_condition_checks[insn>>28];
730 return kprobe_decode_insn(insn, asi, kprobe_decode_arm_table, false);
731}
diff --git a/arch/arm/kernel/probes-arm.h b/arch/arm/kernel/probes-arm.h
new file mode 100644
index 000000000000..86084727d36d
--- /dev/null
+++ b/arch/arm/kernel/probes-arm.h
@@ -0,0 +1,38 @@
1/*
2 * arch/arm/kernel/probes-arm.h
3 *
4 * Copyright 2013 Linaro Ltd.
5 * Written by: David A. Long
6 *
7 * The code contained herein is licensed under the GNU General Public
8 * License. You may obtain a copy of the GNU General Public License
9 * Version 2 or later at the following locations:
10 *
11 * http://www.opensource.org/licenses/gpl-license.html
12 * http://www.gnu.org/copyleft/gpl.html
13 */
14
15#ifndef _ARM_KERNEL_PROBES_ARM_H
16#define _ARM_KERNEL_PROBES_ARM_H
17
18void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs);
19void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs);
20void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs);
21void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs);
22void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs);
23
24void __kprobes emulate_ldrdstrd(struct kprobe *p, struct pt_regs *regs);
25void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs);
26void __kprobes emulate_str(struct kprobe *p, struct pt_regs *regs);
27void __kprobes emulate_rd12rn16rm0rs8_rwflags(struct kprobe *p,
28 struct pt_regs *regs);
29void __kprobes emulate_rd12rn16rm0_rwflags_nopc(struct kprobe *p,
30 struct pt_regs *regs);
31void __kprobes emulate_rd16rn12rm0rs8_rwflags_nopc(struct kprobe *p,
32 struct pt_regs *regs);
33void __kprobes emulate_rd12rm0_noflags_nopc(struct kprobe *p,
34 struct pt_regs *regs);
35void __kprobes emulate_rdlo12rdhi16rn0rm8_rwflags_nopc(struct kprobe *p,
36 struct pt_regs *regs);
37
38#endif
diff --git a/arch/arm/kernel/probes.c b/arch/arm/kernel/probes.c
new file mode 100644
index 000000000000..3a63f8f83cf8
--- /dev/null
+++ b/arch/arm/kernel/probes.c
@@ -0,0 +1,443 @@
1/*
2 * arch/arm/kernel/probes.c
3 *
4 * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
5 *
6 * Some contents moved here from arch/arm/include/asm/kprobes-arm.c which is
7 * Copyright (C) 2006, 2007 Motorola Inc.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 */
13
14#include <linux/kernel.h>
15#include <linux/types.h>
16#include <linux/kprobes.h>
17#include <asm/system_info.h>
18#include <asm/ptrace.h>
19#include <linux/bug.h>
20
21#include "kprobes.h"
22
23
24#ifndef find_str_pc_offset
25
26/*
27 * For STR and STM instructions, an ARM core may choose to use either
28 * a +8 or a +12 displacement from the current instruction's address.
29 * Whichever value is chosen for a given core, it must be the same for
30 * both instructions and may not change. This function measures it.
31 */
32
33int str_pc_offset;
34
35void __init find_str_pc_offset(void)
36{
37 int addr, scratch, ret;
38
39 __asm__ (
40 "sub %[ret], pc, #4 \n\t"
41 "str pc, %[addr] \n\t"
42 "ldr %[scr], %[addr] \n\t"
43 "sub %[ret], %[scr], %[ret] \n\t"
44 : [ret] "=r" (ret), [scr] "=r" (scratch), [addr] "+m" (addr));
45
46 str_pc_offset = ret;
47}
48
49#endif /* !find_str_pc_offset */
50
51
52#ifndef test_load_write_pc_interworking
53
54bool load_write_pc_interworks;
55
56void __init test_load_write_pc_interworking(void)
57{
58 int arch = cpu_architecture();
59 BUG_ON(arch == CPU_ARCH_UNKNOWN);
60 load_write_pc_interworks = arch >= CPU_ARCH_ARMv5T;
61}
62
63#endif /* !test_load_write_pc_interworking */
64
65
66#ifndef test_alu_write_pc_interworking
67
68bool alu_write_pc_interworks;
69
70void __init test_alu_write_pc_interworking(void)
71{
72 int arch = cpu_architecture();
73 BUG_ON(arch == CPU_ARCH_UNKNOWN);
74 alu_write_pc_interworks = arch >= CPU_ARCH_ARMv7;
75}
76
77#endif /* !test_alu_write_pc_interworking */
78
79
80void __init arm_kprobe_decode_init(void)
81{
82 find_str_pc_offset();
83 test_load_write_pc_interworking();
84 test_alu_write_pc_interworking();
85}
86
87
88static unsigned long __kprobes __check_eq(unsigned long cpsr)
89{
90 return cpsr & PSR_Z_BIT;
91}
92
93static unsigned long __kprobes __check_ne(unsigned long cpsr)
94{
95 return (~cpsr) & PSR_Z_BIT;
96}
97
98static unsigned long __kprobes __check_cs(unsigned long cpsr)
99{
100 return cpsr & PSR_C_BIT;
101}
102
103static unsigned long __kprobes __check_cc(unsigned long cpsr)
104{
105 return (~cpsr) & PSR_C_BIT;
106}
107
108static unsigned long __kprobes __check_mi(unsigned long cpsr)
109{
110 return cpsr & PSR_N_BIT;
111}
112
113static unsigned long __kprobes __check_pl(unsigned long cpsr)
114{
115 return (~cpsr) & PSR_N_BIT;
116}
117
118static unsigned long __kprobes __check_vs(unsigned long cpsr)
119{
120 return cpsr & PSR_V_BIT;
121}
122
123static unsigned long __kprobes __check_vc(unsigned long cpsr)
124{
125 return (~cpsr) & PSR_V_BIT;
126}
127
128static unsigned long __kprobes __check_hi(unsigned long cpsr)
129{
130 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
131 return cpsr & PSR_C_BIT;
132}
133
134static unsigned long __kprobes __check_ls(unsigned long cpsr)
135{
136 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
137 return (~cpsr) & PSR_C_BIT;
138}
139
140static unsigned long __kprobes __check_ge(unsigned long cpsr)
141{
142 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
143 return (~cpsr) & PSR_N_BIT;
144}
145
146static unsigned long __kprobes __check_lt(unsigned long cpsr)
147{
148 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
149 return cpsr & PSR_N_BIT;
150}
151
152static unsigned long __kprobes __check_gt(unsigned long cpsr)
153{
154 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
155 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
156 return (~temp) & PSR_N_BIT;
157}
158
159static unsigned long __kprobes __check_le(unsigned long cpsr)
160{
161 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
162 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
163 return temp & PSR_N_BIT;
164}
165
166static unsigned long __kprobes __check_al(unsigned long cpsr)
167{
168 return true;
169}
170
171kprobe_check_cc * const kprobe_condition_checks[16] = {
172 &__check_eq, &__check_ne, &__check_cs, &__check_cc,
173 &__check_mi, &__check_pl, &__check_vs, &__check_vc,
174 &__check_hi, &__check_ls, &__check_ge, &__check_lt,
175 &__check_gt, &__check_le, &__check_al, &__check_al
176};
177
178
179void __kprobes kprobe_simulate_nop(struct kprobe *p, struct pt_regs *regs)
180{
181}
182
183void __kprobes kprobe_emulate_none(struct kprobe *p, struct pt_regs *regs)
184{
185 p->ainsn.insn_fn();
186}
187
188/*
189 * Prepare an instruction slot to receive an instruction for emulating.
190 * This is done by placing a subroutine return after the location where the
191 * instruction will be placed. We also modify ARM instructions to be
192 * unconditional as the condition code will already be checked before any
193 * emulation handler is called.
194 */
195static kprobe_opcode_t __kprobes
196prepare_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
197 bool thumb)
198{
199#ifdef CONFIG_THUMB2_KERNEL
200 if (thumb) {
201 u16 *thumb_insn = (u16 *)asi->insn;
202 thumb_insn[1] = 0x4770; /* Thumb bx lr */
203 thumb_insn[2] = 0x4770; /* Thumb bx lr */
204 return insn;
205 }
206 asi->insn[1] = 0xe12fff1e; /* ARM bx lr */
207#else
208 asi->insn[1] = 0xe1a0f00e; /* mov pc, lr */
209#endif
210 /* Make an ARM instruction unconditional */
211 if (insn < 0xe0000000)
212 insn = (insn | 0xe0000000) & ~0x10000000;
213 return insn;
214}
215
216/*
217 * Write a (probably modified) instruction into the slot previously prepared by
218 * prepare_emulated_insn
219 */
220static void __kprobes
221set_emulated_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
222 bool thumb)
223{
224#ifdef CONFIG_THUMB2_KERNEL
225 if (thumb) {
226 u16 *ip = (u16 *)asi->insn;
227 if (is_wide_instruction(insn))
228 *ip++ = insn >> 16;
229 *ip++ = insn;
230 return;
231 }
232#endif
233 asi->insn[0] = insn;
234}
235
236/*
237 * When we modify the register numbers encoded in an instruction to be emulated,
238 * the new values come from this define. For ARM and 32-bit Thumb instructions
239 * this gives...
240 *
241 * bit position 16 12 8 4 0
242 * ---------------+---+---+---+---+---+
243 * register r2 r0 r1 -- r3
244 */
245#define INSN_NEW_BITS 0x00020103
246
247/* Each nibble has same value as that at INSN_NEW_BITS bit 16 */
248#define INSN_SAMEAS16_BITS 0x22222222
249
250/*
251 * Validate and modify each of the registers encoded in an instruction.
252 *
253 * Each nibble in regs contains a value from enum decode_reg_type. For each
254 * non-zero value, the corresponding nibble in pinsn is validated and modified
255 * according to the type.
256 */
257static bool __kprobes decode_regs(kprobe_opcode_t *pinsn, u32 regs)
258{
259 kprobe_opcode_t insn = *pinsn;
260 kprobe_opcode_t mask = 0xf; /* Start at least significant nibble */
261
262 for (; regs != 0; regs >>= 4, mask <<= 4) {
263
264 kprobe_opcode_t new_bits = INSN_NEW_BITS;
265
266 switch (regs & 0xf) {
267
268 case REG_TYPE_NONE:
269 /* Nibble not a register, skip to next */
270 continue;
271
272 case REG_TYPE_ANY:
273 /* Any register is allowed */
274 break;
275
276 case REG_TYPE_SAMEAS16:
277 /* Replace register with same as at bit position 16 */
278 new_bits = INSN_SAMEAS16_BITS;
279 break;
280
281 case REG_TYPE_SP:
282 /* Only allow SP (R13) */
283 if ((insn ^ 0xdddddddd) & mask)
284 goto reject;
285 break;
286
287 case REG_TYPE_PC:
288 /* Only allow PC (R15) */
289 if ((insn ^ 0xffffffff) & mask)
290 goto reject;
291 break;
292
293 case REG_TYPE_NOSP:
294 /* Reject SP (R13) */
295 if (((insn ^ 0xdddddddd) & mask) == 0)
296 goto reject;
297 break;
298
299 case REG_TYPE_NOSPPC:
300 case REG_TYPE_NOSPPCX:
301 /* Reject SP and PC (R13 and R15) */
302 if (((insn ^ 0xdddddddd) & 0xdddddddd & mask) == 0)
303 goto reject;
304 break;
305
306 case REG_TYPE_NOPCWB:
307 if (!is_writeback(insn))
308 break; /* No writeback, so any register is OK */
309 /* fall through... */
310 case REG_TYPE_NOPC:
311 case REG_TYPE_NOPCX:
312 /* Reject PC (R15) */
313 if (((insn ^ 0xffffffff) & mask) == 0)
314 goto reject;
315 break;
316 }
317
318 /* Replace value of nibble with new register number... */
319 insn &= ~mask;
320 insn |= new_bits & mask;
321 }
322
323 *pinsn = insn;
324 return true;
325
326reject:
327 return false;
328}
329
330static const int decode_struct_sizes[NUM_DECODE_TYPES] = {
331 [DECODE_TYPE_TABLE] = sizeof(struct decode_table),
332 [DECODE_TYPE_CUSTOM] = sizeof(struct decode_custom),
333 [DECODE_TYPE_SIMULATE] = sizeof(struct decode_simulate),
334 [DECODE_TYPE_EMULATE] = sizeof(struct decode_emulate),
335 [DECODE_TYPE_OR] = sizeof(struct decode_or),
336 [DECODE_TYPE_REJECT] = sizeof(struct decode_reject)
337};
338
339/*
340 * kprobe_decode_insn operates on data tables in order to decode an ARM
341 * architecture instruction onto which a kprobe has been placed.
342 *
343 * These instruction decoding tables are a concatenation of entries each
344 * of which consist of one of the following structs:
345 *
346 * decode_table
347 * decode_custom
348 * decode_simulate
349 * decode_emulate
350 * decode_or
351 * decode_reject
352 *
353 * Each of these starts with a struct decode_header which has the following
354 * fields:
355 *
356 * type_regs
357 * mask
358 * value
359 *
360 * The least significant DECODE_TYPE_BITS of type_regs contains a value
361 * from enum decode_type, this indicates which of the decode_* structs
362 * the entry contains. The value DECODE_TYPE_END indicates the end of the
363 * table.
364 *
365 * When the table is parsed, each entry is checked in turn to see if it
366 * matches the instruction to be decoded using the test:
367 *
368 * (insn & mask) == value
369 *
370 * If no match is found before the end of the table is reached then decoding
371 * fails with INSN_REJECTED.
372 *
373 * When a match is found, decode_regs() is called to validate and modify each
374 * of the registers encoded in the instruction; the data it uses to do this
375 * is (type_regs >> DECODE_TYPE_BITS). A validation failure will cause decoding
376 * to fail with INSN_REJECTED.
377 *
378 * Once the instruction has passed the above tests, further processing
379 * depends on the type of the table entry's decode struct.
380 *
381 */
382int __kprobes
383kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
384 const union decode_item *table, bool thumb)
385{
386 const struct decode_header *h = (struct decode_header *)table;
387 const struct decode_header *next;
388 bool matched = false;
389
390 insn = prepare_emulated_insn(insn, asi, thumb);
391
392 for (;; h = next) {
393 enum decode_type type = h->type_regs.bits & DECODE_TYPE_MASK;
394 u32 regs = h->type_regs.bits >> DECODE_TYPE_BITS;
395
396 if (type == DECODE_TYPE_END)
397 return INSN_REJECTED;
398
399 next = (struct decode_header *)
400 ((uintptr_t)h + decode_struct_sizes[type]);
401
402 if (!matched && (insn & h->mask.bits) != h->value.bits)
403 continue;
404
405 if (!decode_regs(&insn, regs))
406 return INSN_REJECTED;
407
408 switch (type) {
409
410 case DECODE_TYPE_TABLE: {
411 struct decode_table *d = (struct decode_table *)h;
412 next = (struct decode_header *)d->table.table;
413 break;
414 }
415
416 case DECODE_TYPE_CUSTOM: {
417 struct decode_custom *d = (struct decode_custom *)h;
418 return (*d->decoder.decoder)(insn, asi);
419 }
420
421 case DECODE_TYPE_SIMULATE: {
422 struct decode_simulate *d = (struct decode_simulate *)h;
423 asi->insn_handler = d->handler.handler;
424 return INSN_GOOD_NO_SLOT;
425 }
426
427 case DECODE_TYPE_EMULATE: {
428 struct decode_emulate *d = (struct decode_emulate *)h;
429 asi->insn_handler = d->handler.handler;
430 set_emulated_insn(insn, asi, thumb);
431 return INSN_GOOD;
432 }
433
434 case DECODE_TYPE_OR:
435 matched = true;
436 break;
437
438 case DECODE_TYPE_REJECT:
439 default:
440 return INSN_REJECTED;
441 }
442 }
443}
diff --git a/arch/arm/kernel/probes.h b/arch/arm/kernel/probes.h
new file mode 100644
index 000000000000..17f656011aa3
--- /dev/null
+++ b/arch/arm/kernel/probes.h
@@ -0,0 +1,397 @@
1/*
2 * arch/arm/kernel/probes.h
3 *
4 * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
5 *
6 * Some contents moved here from arch/arm/include/asm/kprobes.h which is
7 * Copyright (C) 2006, 2007 Motorola Inc.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as
11 * published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 */
18
19#ifndef _ARM_KERNEL_PROBES_H
20#define _ARM_KERNEL_PROBES_H
21
22#include <linux/types.h>
23#include <linux/stddef.h>
24#include <linux/kprobes.h>
25
26#if __LINUX_ARM_ARCH__ >= 7
27
28/* str_pc_offset is architecturally defined from ARMv7 onwards */
29#define str_pc_offset 8
30#define find_str_pc_offset()
31
32#else /* __LINUX_ARM_ARCH__ < 7 */
33
34/* We need a run-time check to determine str_pc_offset */
35extern int str_pc_offset;
36void __init find_str_pc_offset(void);
37
38#endif
39
40
41/*
42 * Update ITSTATE after normal execution of an IT block instruction.
43 *
44 * The 8 IT state bits are split into two parts in CPSR:
45 * ITSTATE<1:0> are in CPSR<26:25>
46 * ITSTATE<7:2> are in CPSR<15:10>
47 */
48static inline unsigned long it_advance(unsigned long cpsr)
49 {
50 if ((cpsr & 0x06000400) == 0) {
51 /* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */
52 cpsr &= ~PSR_IT_MASK;
53 } else {
54 /* We need to shift left ITSTATE<4:0> */
55 const unsigned long mask = 0x06001c00; /* Mask ITSTATE<4:0> */
56 unsigned long it = cpsr & mask;
57 it <<= 1;
58 it |= it >> (27 - 10); /* Carry ITSTATE<2> to correct place */
59 it &= mask;
60 cpsr &= ~mask;
61 cpsr |= it;
62 }
63 return cpsr;
64}
65
66static inline void __kprobes bx_write_pc(long pcv, struct pt_regs *regs)
67{
68 long cpsr = regs->ARM_cpsr;
69 if (pcv & 0x1) {
70 cpsr |= PSR_T_BIT;
71 pcv &= ~0x1;
72 } else {
73 cpsr &= ~PSR_T_BIT;
74 pcv &= ~0x2; /* Avoid UNPREDICTABLE address allignment */
75 }
76 regs->ARM_cpsr = cpsr;
77 regs->ARM_pc = pcv;
78}
79
80
81#if __LINUX_ARM_ARCH__ >= 6
82
83/* Kernels built for >= ARMv6 should never run on <= ARMv5 hardware, so... */
84#define load_write_pc_interworks true
85#define test_load_write_pc_interworking()
86
87#else /* __LINUX_ARM_ARCH__ < 6 */
88
89/* We need run-time testing to determine if load_write_pc() should interwork. */
90extern bool load_write_pc_interworks;
91void __init test_load_write_pc_interworking(void);
92
93#endif
94
95static inline void __kprobes load_write_pc(long pcv, struct pt_regs *regs)
96{
97 if (load_write_pc_interworks)
98 bx_write_pc(pcv, regs);
99 else
100 regs->ARM_pc = pcv;
101}
102
103
104#if __LINUX_ARM_ARCH__ >= 7
105
106#define alu_write_pc_interworks true
107#define test_alu_write_pc_interworking()
108
109#elif __LINUX_ARM_ARCH__ <= 5
110
111/* Kernels built for <= ARMv5 should never run on >= ARMv6 hardware, so... */
112#define alu_write_pc_interworks false
113#define test_alu_write_pc_interworking()
114
115#else /* __LINUX_ARM_ARCH__ == 6 */
116
117/* We could be an ARMv6 binary on ARMv7 hardware so we need a run-time check. */
118extern bool alu_write_pc_interworks;
119void __init test_alu_write_pc_interworking(void);
120
121#endif /* __LINUX_ARM_ARCH__ == 6 */
122
123static inline void __kprobes alu_write_pc(long pcv, struct pt_regs *regs)
124{
125 if (alu_write_pc_interworks)
126 bx_write_pc(pcv, regs);
127 else
128 regs->ARM_pc = pcv;
129}
130
131
132void __kprobes kprobe_simulate_nop(struct kprobe *p, struct pt_regs *regs);
133void __kprobes kprobe_emulate_none(struct kprobe *p, struct pt_regs *regs);
134
135enum kprobe_insn __kprobes
136kprobe_decode_ldmstm(kprobe_opcode_t insn, struct arch_specific_insn *asi);
137
138/*
139 * Test if load/store instructions writeback the address register.
140 * if P (bit 24) == 0 or W (bit 21) == 1
141 */
142#define is_writeback(insn) ((insn ^ 0x01000000) & 0x01200000)
143
144/*
145 * The following definitions and macros are used to build instruction
146 * decoding tables for use by kprobe_decode_insn.
147 *
148 * These tables are a concatenation of entries each of which consist of one of
149 * the decode_* structs. All of the fields in every type of decode structure
150 * are of the union type decode_item, therefore the entire decode table can be
151 * viewed as an array of these and declared like:
152 *
153 * static const union decode_item table_name[] = {};
154 *
155 * In order to construct each entry in the table, macros are used to
156 * initialise a number of sequential decode_item values in a layout which
157 * matches the relevant struct. E.g. DECODE_SIMULATE initialise a struct
158 * decode_simulate by initialising four decode_item objects like this...
159 *
160 * {.bits = _type},
161 * {.bits = _mask},
162 * {.bits = _value},
163 * {.handler = _handler},
164 *
165 * Initialising a specified member of the union means that the compiler
166 * will produce a warning if the argument is of an incorrect type.
167 *
168 * Below is a list of each of the macros used to initialise entries and a
169 * description of the action performed when that entry is matched to an
170 * instruction. A match is found when (instruction & mask) == value.
171 *
172 * DECODE_TABLE(mask, value, table)
173 * Instruction decoding jumps to parsing the new sub-table 'table'.
174 *
175 * DECODE_CUSTOM(mask, value, decoder)
176 * The custom function 'decoder' is called to the complete decoding
177 * of an instruction.
178 *
179 * DECODE_SIMULATE(mask, value, handler)
180 * Set the probes instruction handler to 'handler', this will be used
181 * to simulate the instruction when the probe is hit. Decoding returns
182 * with INSN_GOOD_NO_SLOT.
183 *
184 * DECODE_EMULATE(mask, value, handler)
185 * Set the probes instruction handler to 'handler', this will be used
186 * to emulate the instruction when the probe is hit. The modified
187 * instruction (see below) is placed in the probes instruction slot so it
188 * may be called by the emulation code. Decoding returns with INSN_GOOD.
189 *
190 * DECODE_REJECT(mask, value)
191 * Instruction decoding fails with INSN_REJECTED
192 *
193 * DECODE_OR(mask, value)
194 * This allows the mask/value test of multiple table entries to be
195 * logically ORed. Once an 'or' entry is matched the decoding action to
196 * be performed is that of the next entry which isn't an 'or'. E.g.
197 *
198 * DECODE_OR (mask1, value1)
199 * DECODE_OR (mask2, value2)
200 * DECODE_SIMULATE (mask3, value3, simulation_handler)
201 *
202 * This means that if any of the three mask/value pairs match the
203 * instruction being decoded, then 'simulation_handler' will be used
204 * for it.
205 *
206 * Both the SIMULATE and EMULATE macros have a second form which take an
207 * additional 'regs' argument.
208 *
209 * DECODE_SIMULATEX(mask, value, handler, regs)
210 * DECODE_EMULATEX (mask, value, handler, regs)
211 *
212 * These are used to specify what kind of CPU register is encoded in each of the
213 * least significant 5 nibbles of the instruction being decoded. The regs value
214 * is specified using the REGS macro, this takes any of the REG_TYPE_* values
215 * from enum decode_reg_type as arguments; only the '*' part of the name is
216 * given. E.g.
217 *
218 * REGS(0, ANY, NOPC, 0, ANY)
219 *
220 * This indicates an instruction is encoded like:
221 *
222 * bits 19..16 ignore
223 * bits 15..12 any register allowed here
224 * bits 11.. 8 any register except PC allowed here
225 * bits 7.. 4 ignore
226 * bits 3.. 0 any register allowed here
227 *
228 * This register specification is checked after a decode table entry is found to
229 * match an instruction (through the mask/value test). Any invalid register then
230 * found in the instruction will cause decoding to fail with INSN_REJECTED. In
231 * the above example this would happen if bits 11..8 of the instruction were
232 * 1111, indicating R15 or PC.
233 *
234 * As well as checking for legal combinations of registers, this data is also
235 * used to modify the registers encoded in the instructions so that an
236 * emulation routines can use it. (See decode_regs() and INSN_NEW_BITS.)
237 *
238 * Here is a real example which matches ARM instructions of the form
239 * "AND <Rd>,<Rn>,<Rm>,<shift> <Rs>"
240 *
241 * DECODE_EMULATEX (0x0e000090, 0x00000010, emulate_rd12rn16rm0rs8_rwflags,
242 * REGS(ANY, ANY, NOPC, 0, ANY)),
243 * ^ ^ ^ ^
244 * Rn Rd Rs Rm
245 *
246 * Decoding the instruction "AND R4, R5, R6, ASL R15" will be rejected because
247 * Rs == R15
248 *
249 * Decoding the instruction "AND R4, R5, R6, ASL R7" will be accepted and the
250 * instruction will be modified to "AND R0, R2, R3, ASL R1" and then placed into
251 * the kprobes instruction slot. This can then be called later by the handler
252 * function emulate_rd12rn16rm0rs8_rwflags in order to simulate the instruction.
253 */
254
255enum decode_type {
256 DECODE_TYPE_END,
257 DECODE_TYPE_TABLE,
258 DECODE_TYPE_CUSTOM,
259 DECODE_TYPE_SIMULATE,
260 DECODE_TYPE_EMULATE,
261 DECODE_TYPE_OR,
262 DECODE_TYPE_REJECT,
263 NUM_DECODE_TYPES /* Must be last enum */
264};
265
266#define DECODE_TYPE_BITS 4
267#define DECODE_TYPE_MASK ((1 << DECODE_TYPE_BITS) - 1)
268
269enum decode_reg_type {
270 REG_TYPE_NONE = 0, /* Not a register, ignore */
271 REG_TYPE_ANY, /* Any register allowed */
272 REG_TYPE_SAMEAS16, /* Register should be same as that at bits 19..16 */
273 REG_TYPE_SP, /* Register must be SP */
274 REG_TYPE_PC, /* Register must be PC */
275 REG_TYPE_NOSP, /* Register must not be SP */
276 REG_TYPE_NOSPPC, /* Register must not be SP or PC */
277 REG_TYPE_NOPC, /* Register must not be PC */
278 REG_TYPE_NOPCWB, /* No PC if load/store write-back flag also set */
279
280 /* The following types are used when the encoding for PC indicates
281 * another instruction form. This distiction only matters for test
282 * case coverage checks.
283 */
284 REG_TYPE_NOPCX, /* Register must not be PC */
285 REG_TYPE_NOSPPCX, /* Register must not be SP or PC */
286
287 /* Alias to allow '0' arg to be used in REGS macro. */
288 REG_TYPE_0 = REG_TYPE_NONE
289};
290
291#define REGS(r16, r12, r8, r4, r0) \
292 (((REG_TYPE_##r16) << 16) + \
293 ((REG_TYPE_##r12) << 12) + \
294 ((REG_TYPE_##r8) << 8) + \
295 ((REG_TYPE_##r4) << 4) + \
296 (REG_TYPE_##r0))
297
298union decode_item {
299 u32 bits;
300 const union decode_item *table;
301 kprobe_insn_handler_t *handler;
302 kprobe_decode_insn_t *decoder;
303};
304
305
306#define DECODE_END \
307 {.bits = DECODE_TYPE_END}
308
309
310struct decode_header {
311 union decode_item type_regs;
312 union decode_item mask;
313 union decode_item value;
314};
315
316#define DECODE_HEADER(_type, _mask, _value, _regs) \
317 {.bits = (_type) | ((_regs) << DECODE_TYPE_BITS)}, \
318 {.bits = (_mask)}, \
319 {.bits = (_value)}
320
321
322struct decode_table {
323 struct decode_header header;
324 union decode_item table;
325};
326
327#define DECODE_TABLE(_mask, _value, _table) \
328 DECODE_HEADER(DECODE_TYPE_TABLE, _mask, _value, 0), \
329 {.table = (_table)}
330
331
332struct decode_custom {
333 struct decode_header header;
334 union decode_item decoder;
335};
336
337#define DECODE_CUSTOM(_mask, _value, _decoder) \
338 DECODE_HEADER(DECODE_TYPE_CUSTOM, _mask, _value, 0), \
339 {.decoder = (_decoder)}
340
341
342struct decode_simulate {
343 struct decode_header header;
344 union decode_item handler;
345};
346
347#define DECODE_SIMULATEX(_mask, _value, _handler, _regs) \
348 DECODE_HEADER(DECODE_TYPE_SIMULATE, _mask, _value, _regs), \
349 {.handler = (_handler)}
350
351#define DECODE_SIMULATE(_mask, _value, _handler) \
352 DECODE_SIMULATEX(_mask, _value, _handler, 0)
353
354
355struct decode_emulate {
356 struct decode_header header;
357 union decode_item handler;
358};
359
360#define DECODE_EMULATEX(_mask, _value, _handler, _regs) \
361 DECODE_HEADER(DECODE_TYPE_EMULATE, _mask, _value, _regs), \
362 {.handler = (_handler)}
363
364#define DECODE_EMULATE(_mask, _value, _handler) \
365 DECODE_EMULATEX(_mask, _value, _handler, 0)
366
367
368struct decode_or {
369 struct decode_header header;
370};
371
372#define DECODE_OR(_mask, _value) \
373 DECODE_HEADER(DECODE_TYPE_OR, _mask, _value, 0)
374
375
376struct decode_reject {
377 struct decode_header header;
378};
379
380#define DECODE_REJECT(_mask, _value) \
381 DECODE_HEADER(DECODE_TYPE_REJECT, _mask, _value, 0)
382
383
384#ifdef CONFIG_THUMB2_KERNEL
385extern const union decode_item kprobe_decode_thumb16_table[];
386extern const union decode_item kprobe_decode_thumb32_table[];
387#else
388extern const union decode_item kprobe_decode_arm_table[];
389#endif
390
391extern kprobe_check_cc * const kprobe_condition_checks[16];
392
393
394int kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi,
395 const union decode_item *table, bool thumb16);
396
397#endif
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-10 22:32:57 -0500