diff options
-rw-r--r-- | arch/Kconfig | 14 | ||||
-rw-r--r-- | arch/x86/include/asm/uprobes.h | 17 | ||||
-rw-r--r-- | arch/x86/kernel/uprobes.c | 129 | ||||
-rw-r--r-- | include/linux/uprobes.h | 28 | ||||
-rw-r--r-- | kernel/uprobes.c | 219 | ||||
-rw-r--r-- | mm/mmap.c | 12 |
6 files changed, 233 insertions, 186 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 284f5898f526..cca5b545d806 100644 --- a/arch/Kconfig +++ b/arch/Kconfig | |||
@@ -66,13 +66,19 @@ config OPTPROBES | |||
66 | depends on !PREEMPT | 66 | depends on !PREEMPT |
67 | 67 | ||
68 | config UPROBES | 68 | config UPROBES |
69 | bool "User-space probes (EXPERIMENTAL)" | 69 | bool "Transparent user-space probes (EXPERIMENTAL)" |
70 | depends on ARCH_SUPPORTS_UPROBES | 70 | depends on ARCH_SUPPORTS_UPROBES |
71 | default n | 71 | default n |
72 | help | 72 | help |
73 | Uprobes enables kernel subsystems to establish probepoints | 73 | Uprobes is the user-space counterpart to kprobes: they |
74 | in user applications and execute handler functions when | 74 | enable instrumentation applications (such as 'perf probe') |
75 | the probepoints are hit. | 75 | to establish unintrusive probes in user-space binaries and |
76 | libraries, by executing handler functions when the probes | ||
77 | are hit by user-space applications. | ||
78 | |||
79 | ( These probes come in the form of single-byte breakpoints, | ||
80 | managed by the kernel and kept transparent to the probed | ||
81 | application. ) | ||
76 | 82 | ||
77 | If in doubt, say "N". | 83 | If in doubt, say "N". |
78 | 84 | ||
diff --git a/arch/x86/include/asm/uprobes.h b/arch/x86/include/asm/uprobes.h index 8208234391ff..072df3902636 100644 --- a/arch/x86/include/asm/uprobes.h +++ b/arch/x86/include/asm/uprobes.h | |||
@@ -1,7 +1,7 @@ | |||
1 | #ifndef _ASM_UPROBES_H | 1 | #ifndef _ASM_UPROBES_H |
2 | #define _ASM_UPROBES_H | 2 | #define _ASM_UPROBES_H |
3 | /* | 3 | /* |
4 | * Userspace Probes (UProbes) for x86 | 4 | * User-space Probes (UProbes) for x86 |
5 | * | 5 | * |
6 | * This program is free software; you can redistribute it and/or modify | 6 | * This program is free software; you can redistribute it and/or modify |
7 | * it under the terms of the GNU General Public License as published by | 7 | * it under the terms of the GNU General Public License as published by |
@@ -24,19 +24,20 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | typedef u8 uprobe_opcode_t; | 26 | typedef u8 uprobe_opcode_t; |
27 | #define MAX_UINSN_BYTES 16 | ||
28 | #define UPROBES_XOL_SLOT_BYTES 128 /* to keep it cache aligned */ | ||
29 | 27 | ||
30 | #define UPROBES_BKPT_INSN 0xcc | 28 | #define MAX_UINSN_BYTES 16 |
31 | #define UPROBES_BKPT_INSN_SIZE 1 | 29 | #define UPROBES_XOL_SLOT_BYTES 128 /* to keep it cache aligned */ |
30 | |||
31 | #define UPROBES_BKPT_INSN 0xcc | ||
32 | #define UPROBES_BKPT_INSN_SIZE 1 | ||
32 | 33 | ||
33 | struct uprobe_arch_info { | 34 | struct uprobe_arch_info { |
34 | u16 fixups; | 35 | u16 fixups; |
35 | #ifdef CONFIG_X86_64 | 36 | #ifdef CONFIG_X86_64 |
36 | unsigned long rip_rela_target_address; | 37 | unsigned long rip_rela_target_address; |
37 | #endif | 38 | #endif |
38 | }; | 39 | }; |
39 | 40 | ||
40 | struct uprobe; | 41 | struct uprobe; |
41 | extern int analyze_insn(struct mm_struct *mm, struct uprobe *uprobe); | 42 | extern int arch_uprobes_analyze_insn(struct mm_struct *mm, struct uprobe *uprobe); |
42 | #endif /* _ASM_UPROBES_H */ | 43 | #endif /* _ASM_UPROBES_H */ |
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c index 2a301bb91bdb..cf2a18498425 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Userspace Probes (UProbes) for x86 | 2 | * User-space Probes (UProbes) for x86 |
3 | * | 3 | * |
4 | * This program is free software; you can redistribute it and/or modify | 4 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License as published by | 5 | * it under the terms of the GNU General Public License as published by |
@@ -20,7 +20,6 @@ | |||
20 | * Srikar Dronamraju | 20 | * Srikar Dronamraju |
21 | * Jim Keniston | 21 | * Jim Keniston |
22 | */ | 22 | */ |
23 | |||
24 | #include <linux/kernel.h> | 23 | #include <linux/kernel.h> |
25 | #include <linux/sched.h> | 24 | #include <linux/sched.h> |
26 | #include <linux/ptrace.h> | 25 | #include <linux/ptrace.h> |
@@ -42,10 +41,10 @@ | |||
42 | #define UPROBES_FIX_RIP_CX 0x4000 | 41 | #define UPROBES_FIX_RIP_CX 0x4000 |
43 | 42 | ||
44 | /* Adaptations for mhiramat x86 decoder v14. */ | 43 | /* Adaptations for mhiramat x86 decoder v14. */ |
45 | #define OPCODE1(insn) ((insn)->opcode.bytes[0]) | 44 | #define OPCODE1(insn) ((insn)->opcode.bytes[0]) |
46 | #define OPCODE2(insn) ((insn)->opcode.bytes[1]) | 45 | #define OPCODE2(insn) ((insn)->opcode.bytes[1]) |
47 | #define OPCODE3(insn) ((insn)->opcode.bytes[2]) | 46 | #define OPCODE3(insn) ((insn)->opcode.bytes[2]) |
48 | #define MODRM_REG(insn) X86_MODRM_REG(insn->modrm.value) | 47 | #define MODRM_REG(insn) X86_MODRM_REG(insn->modrm.value) |
49 | 48 | ||
50 | #define W(row, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, ba, bb, bc, bd, be, bf)\ | 49 | #define W(row, b0, b1, b2, b3, b4, b5, b6, b7, b8, b9, ba, bb, bc, bd, be, bf)\ |
51 | (((b0##UL << 0x0)|(b1##UL << 0x1)|(b2##UL << 0x2)|(b3##UL << 0x3) | \ | 50 | (((b0##UL << 0x0)|(b1##UL << 0x1)|(b2##UL << 0x2)|(b3##UL << 0x3) | \ |
@@ -55,7 +54,7 @@ | |||
55 | << (row % 32)) | 54 | << (row % 32)) |
56 | 55 | ||
57 | #ifdef CONFIG_X86_64 | 56 | #ifdef CONFIG_X86_64 |
58 | static volatile u32 good_insns_64[256 / 32] = { | 57 | static u32 good_insns_64[256 / 32] = { |
59 | /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */ | 58 | /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */ |
60 | /* ---------------------------------------------- */ | 59 | /* ---------------------------------------------- */ |
61 | W(0x00, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0) | /* 00 */ | 60 | W(0x00, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0) | /* 00 */ |
@@ -81,7 +80,7 @@ static volatile u32 good_insns_64[256 / 32] = { | |||
81 | 80 | ||
82 | /* Good-instruction tables for 32-bit apps */ | 81 | /* Good-instruction tables for 32-bit apps */ |
83 | 82 | ||
84 | static volatile u32 good_insns_32[256 / 32] = { | 83 | static u32 good_insns_32[256 / 32] = { |
85 | /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */ | 84 | /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */ |
86 | /* ---------------------------------------------- */ | 85 | /* ---------------------------------------------- */ |
87 | W(0x00, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0) | /* 00 */ | 86 | W(0x00, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0) | /* 00 */ |
@@ -105,7 +104,7 @@ static volatile u32 good_insns_32[256 / 32] = { | |||
105 | }; | 104 | }; |
106 | 105 | ||
107 | /* Using this for both 64-bit and 32-bit apps */ | 106 | /* Using this for both 64-bit and 32-bit apps */ |
108 | static volatile u32 good_2byte_insns[256 / 32] = { | 107 | static u32 good_2byte_insns[256 / 32] = { |
109 | /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */ | 108 | /* 0 1 2 3 4 5 6 7 8 9 a b c d e f */ |
110 | /* ---------------------------------------------- */ | 109 | /* ---------------------------------------------- */ |
111 | W(0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1) | /* 00 */ | 110 | W(0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 1) | /* 00 */ |
@@ -132,42 +131,47 @@ static volatile u32 good_2byte_insns[256 / 32] = { | |||
132 | 131 | ||
133 | /* | 132 | /* |
134 | * opcodes we'll probably never support: | 133 | * opcodes we'll probably never support: |
135 | * 6c-6d, e4-e5, ec-ed - in | 134 | * |
136 | * 6e-6f, e6-e7, ee-ef - out | 135 | * 6c-6d, e4-e5, ec-ed - in |
137 | * cc, cd - int3, int | 136 | * 6e-6f, e6-e7, ee-ef - out |
138 | * cf - iret | 137 | * cc, cd - int3, int |
139 | * d6 - illegal instruction | 138 | * cf - iret |
140 | * f1 - int1/icebp | 139 | * d6 - illegal instruction |
141 | * f4 - hlt | 140 | * f1 - int1/icebp |
142 | * fa, fb - cli, sti | 141 | * f4 - hlt |
143 | * 0f - lar, lsl, syscall, clts, sysret, sysenter, sysexit, invd, wbinvd, ud2 | 142 | * fa, fb - cli, sti |
143 | * 0f - lar, lsl, syscall, clts, sysret, sysenter, sysexit, invd, wbinvd, ud2 | ||
144 | * | 144 | * |
145 | * invalid opcodes in 64-bit mode: | 145 | * invalid opcodes in 64-bit mode: |
146 | * 06, 0e, 16, 1e, 27, 2f, 37, 3f, 60-62, 82, c4-c5, d4-d5 | ||
147 | * | 146 | * |
148 | * 63 - we support this opcode in x86_64 but not in i386. | 147 | * 06, 0e, 16, 1e, 27, 2f, 37, 3f, 60-62, 82, c4-c5, d4-d5 |
148 | * 63 - we support this opcode in x86_64 but not in i386. | ||
149 | * | 149 | * |
150 | * opcodes we may need to refine support for: | 150 | * opcodes we may need to refine support for: |
151 | * 0f - 2-byte instructions: For many of these instructions, the validity | 151 | * |
152 | * depends on the prefix and/or the reg field. On such instructions, we | 152 | * 0f - 2-byte instructions: For many of these instructions, the validity |
153 | * just consider the opcode combination valid if it corresponds to any | 153 | * depends on the prefix and/or the reg field. On such instructions, we |
154 | * valid instruction. | 154 | * just consider the opcode combination valid if it corresponds to any |
155 | * 8f - Group 1 - only reg = 0 is OK | 155 | * valid instruction. |
156 | * c6-c7 - Group 11 - only reg = 0 is OK | 156 | * |
157 | * d9-df - fpu insns with some illegal encodings | 157 | * 8f - Group 1 - only reg = 0 is OK |
158 | * f2, f3 - repnz, repz prefixes. These are also the first byte for | 158 | * c6-c7 - Group 11 - only reg = 0 is OK |
159 | * certain floating-point instructions, such as addsd. | 159 | * d9-df - fpu insns with some illegal encodings |
160 | * fe - Group 4 - only reg = 0 or 1 is OK | 160 | * f2, f3 - repnz, repz prefixes. These are also the first byte for |
161 | * ff - Group 5 - only reg = 0-6 is OK | 161 | * certain floating-point instructions, such as addsd. |
162 | * | ||
163 | * fe - Group 4 - only reg = 0 or 1 is OK | ||
164 | * ff - Group 5 - only reg = 0-6 is OK | ||
162 | * | 165 | * |
163 | * others -- Do we need to support these? | 166 | * others -- Do we need to support these? |
164 | * 0f - (floating-point?) prefetch instructions | 167 | * |
165 | * 07, 17, 1f - pop es, pop ss, pop ds | 168 | * 0f - (floating-point?) prefetch instructions |
166 | * 26, 2e, 36, 3e - es:, cs:, ss:, ds: segment prefixes -- | 169 | * 07, 17, 1f - pop es, pop ss, pop ds |
170 | * 26, 2e, 36, 3e - es:, cs:, ss:, ds: segment prefixes -- | ||
167 | * but 64 and 65 (fs: and gs:) seem to be used, so we support them | 171 | * but 64 and 65 (fs: and gs:) seem to be used, so we support them |
168 | * 67 - addr16 prefix | 172 | * 67 - addr16 prefix |
169 | * ce - into | 173 | * ce - into |
170 | * f0 - lock prefix | 174 | * f0 - lock prefix |
171 | */ | 175 | */ |
172 | 176 | ||
173 | /* | 177 | /* |
@@ -182,11 +186,11 @@ static bool is_prefix_bad(struct insn *insn) | |||
182 | 186 | ||
183 | for (i = 0; i < insn->prefixes.nbytes; i++) { | 187 | for (i = 0; i < insn->prefixes.nbytes; i++) { |
184 | switch (insn->prefixes.bytes[i]) { | 188 | switch (insn->prefixes.bytes[i]) { |
185 | case 0x26: /*INAT_PFX_ES */ | 189 | case 0x26: /* INAT_PFX_ES */ |
186 | case 0x2E: /*INAT_PFX_CS */ | 190 | case 0x2E: /* INAT_PFX_CS */ |
187 | case 0x36: /*INAT_PFX_DS */ | 191 | case 0x36: /* INAT_PFX_DS */ |
188 | case 0x3E: /*INAT_PFX_SS */ | 192 | case 0x3E: /* INAT_PFX_SS */ |
189 | case 0xF0: /*INAT_PFX_LOCK */ | 193 | case 0xF0: /* INAT_PFX_LOCK */ |
190 | return true; | 194 | return true; |
191 | } | 195 | } |
192 | } | 196 | } |
@@ -201,12 +205,15 @@ static int validate_insn_32bits(struct uprobe *uprobe, struct insn *insn) | |||
201 | insn_get_opcode(insn); | 205 | insn_get_opcode(insn); |
202 | if (is_prefix_bad(insn)) | 206 | if (is_prefix_bad(insn)) |
203 | return -ENOTSUPP; | 207 | return -ENOTSUPP; |
208 | |||
204 | if (test_bit(OPCODE1(insn), (unsigned long *)good_insns_32)) | 209 | if (test_bit(OPCODE1(insn), (unsigned long *)good_insns_32)) |
205 | return 0; | 210 | return 0; |
211 | |||
206 | if (insn->opcode.nbytes == 2) { | 212 | if (insn->opcode.nbytes == 2) { |
207 | if (test_bit(OPCODE2(insn), (unsigned long *)good_2byte_insns)) | 213 | if (test_bit(OPCODE2(insn), (unsigned long *)good_2byte_insns)) |
208 | return 0; | 214 | return 0; |
209 | } | 215 | } |
216 | |||
210 | return -ENOTSUPP; | 217 | return -ENOTSUPP; |
211 | } | 218 | } |
212 | 219 | ||
@@ -282,12 +289,12 @@ static void prepare_fixups(struct uprobe *uprobe, struct insn *insn) | |||
282 | * disastrous. | 289 | * disastrous. |
283 | * | 290 | * |
284 | * Some useful facts about rip-relative instructions: | 291 | * Some useful facts about rip-relative instructions: |
285 | * - There's always a modrm byte. | 292 | * |
286 | * - There's never a SIB byte. | 293 | * - There's always a modrm byte. |
287 | * - The displacement is always 4 bytes. | 294 | * - There's never a SIB byte. |
295 | * - The displacement is always 4 bytes. | ||
288 | */ | 296 | */ |
289 | static void handle_riprel_insn(struct mm_struct *mm, struct uprobe *uprobe, | 297 | static void handle_riprel_insn(struct mm_struct *mm, struct uprobe *uprobe, struct insn *insn) |
290 | struct insn *insn) | ||
291 | { | 298 | { |
292 | u8 *cursor; | 299 | u8 *cursor; |
293 | u8 reg; | 300 | u8 reg; |
@@ -342,13 +349,12 @@ static void handle_riprel_insn(struct mm_struct *mm, struct uprobe *uprobe, | |||
342 | } | 349 | } |
343 | 350 | ||
344 | /* Target address = address of next instruction + (signed) offset */ | 351 | /* Target address = address of next instruction + (signed) offset */ |
345 | uprobe->arch_info.rip_rela_target_address = (long)insn->length | 352 | uprobe->arch_info.rip_rela_target_address = (long)insn->length + insn->displacement.value; |
346 | + insn->displacement.value; | 353 | |
347 | /* Displacement field is gone; slide immediate field (if any) over. */ | 354 | /* Displacement field is gone; slide immediate field (if any) over. */ |
348 | if (insn->immediate.nbytes) { | 355 | if (insn->immediate.nbytes) { |
349 | cursor++; | 356 | cursor++; |
350 | memmove(cursor, cursor + insn->displacement.nbytes, | 357 | memmove(cursor, cursor + insn->displacement.nbytes, insn->immediate.nbytes); |
351 | insn->immediate.nbytes); | ||
352 | } | 358 | } |
353 | return; | 359 | return; |
354 | } | 360 | } |
@@ -361,8 +367,10 @@ static int validate_insn_64bits(struct uprobe *uprobe, struct insn *insn) | |||
361 | insn_get_opcode(insn); | 367 | insn_get_opcode(insn); |
362 | if (is_prefix_bad(insn)) | 368 | if (is_prefix_bad(insn)) |
363 | return -ENOTSUPP; | 369 | return -ENOTSUPP; |
370 | |||
364 | if (test_bit(OPCODE1(insn), (unsigned long *)good_insns_64)) | 371 | if (test_bit(OPCODE1(insn), (unsigned long *)good_insns_64)) |
365 | return 0; | 372 | return 0; |
373 | |||
366 | if (insn->opcode.nbytes == 2) { | 374 | if (insn->opcode.nbytes == 2) { |
367 | if (test_bit(OPCODE2(insn), (unsigned long *)good_2byte_insns)) | 375 | if (test_bit(OPCODE2(insn), (unsigned long *)good_2byte_insns)) |
368 | return 0; | 376 | return 0; |
@@ -370,34 +378,31 @@ static int validate_insn_64bits(struct uprobe *uprobe, struct insn *insn) | |||
370 | return -ENOTSUPP; | 378 | return -ENOTSUPP; |
371 | } | 379 | } |
372 | 380 | ||
373 | static int validate_insn_bits(struct mm_struct *mm, struct uprobe *uprobe, | 381 | static int validate_insn_bits(struct mm_struct *mm, struct uprobe *uprobe, struct insn *insn) |
374 | struct insn *insn) | ||
375 | { | 382 | { |
376 | if (mm->context.ia32_compat) | 383 | if (mm->context.ia32_compat) |
377 | return validate_insn_32bits(uprobe, insn); | 384 | return validate_insn_32bits(uprobe, insn); |
378 | return validate_insn_64bits(uprobe, insn); | 385 | return validate_insn_64bits(uprobe, insn); |
379 | } | 386 | } |
380 | #else | 387 | #else /* 32-bit: */ |
381 | static void handle_riprel_insn(struct mm_struct *mm, struct uprobe *uprobe, | 388 | static void handle_riprel_insn(struct mm_struct *mm, struct uprobe *uprobe, struct insn *insn) |
382 | struct insn *insn) | ||
383 | { | 389 | { |
384 | return; | 390 | /* No RIP-relative addressing on 32-bit */ |
385 | } | 391 | } |
386 | 392 | ||
387 | static int validate_insn_bits(struct mm_struct *mm, struct uprobe *uprobe, | 393 | static int validate_insn_bits(struct mm_struct *mm, struct uprobe *uprobe, struct insn *insn) |
388 | struct insn *insn) | ||
389 | { | 394 | { |
390 | return validate_insn_32bits(uprobe, insn); | 395 | return validate_insn_32bits(uprobe, insn); |
391 | } | 396 | } |
392 | #endif /* CONFIG_X86_64 */ | 397 | #endif /* CONFIG_X86_64 */ |
393 | 398 | ||
394 | /** | 399 | /** |
395 | * analyze_insn - instruction analysis including validity and fixups. | 400 | * arch_uprobes_analyze_insn - instruction analysis including validity and fixups. |
396 | * @mm: the probed address space. | 401 | * @mm: the probed address space. |
397 | * @uprobe: the probepoint information. | 402 | * @uprobe: the probepoint information. |
398 | * Return 0 on success or a -ve number on error. | 403 | * Return 0 on success or a -ve number on error. |
399 | */ | 404 | */ |
400 | int analyze_insn(struct mm_struct *mm, struct uprobe *uprobe) | 405 | int arch_uprobes_analyze_insn(struct mm_struct *mm, struct uprobe *uprobe) |
401 | { | 406 | { |
402 | int ret; | 407 | int ret; |
403 | struct insn insn; | 408 | struct insn insn; |
@@ -406,7 +411,9 @@ int analyze_insn(struct mm_struct *mm, struct uprobe *uprobe) | |||
406 | ret = validate_insn_bits(mm, uprobe, &insn); | 411 | ret = validate_insn_bits(mm, uprobe, &insn); |
407 | if (ret != 0) | 412 | if (ret != 0) |
408 | return ret; | 413 | return ret; |
414 | |||
409 | handle_riprel_insn(mm, uprobe, &insn); | 415 | handle_riprel_insn(mm, uprobe, &insn); |
410 | prepare_fixups(uprobe, &insn); | 416 | prepare_fixups(uprobe, &insn); |
417 | |||
411 | return 0; | 418 | return 0; |
412 | } | 419 | } |
diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h index f1d13fd140f2..64e45f116b2a 100644 --- a/include/linux/uprobes.h +++ b/include/linux/uprobes.h | |||
@@ -1,7 +1,7 @@ | |||
1 | #ifndef _LINUX_UPROBES_H | 1 | #ifndef _LINUX_UPROBES_H |
2 | #define _LINUX_UPROBES_H | 2 | #define _LINUX_UPROBES_H |
3 | /* | 3 | /* |
4 | * Userspace Probes (UProbes) | 4 | * User-space Probes (UProbes) |
5 | * | 5 | * |
6 | * This program is free software; you can redistribute it and/or modify | 6 | * This program is free software; you can redistribute it and/or modify |
7 | * it under the terms of the GNU General Public License as published by | 7 | * it under the terms of the GNU General Public License as published by |
@@ -40,8 +40,10 @@ struct uprobe_arch_info {}; | |||
40 | #define uprobe_opcode_sz sizeof(uprobe_opcode_t) | 40 | #define uprobe_opcode_sz sizeof(uprobe_opcode_t) |
41 | 41 | ||
42 | /* flags that denote/change uprobes behaviour */ | 42 | /* flags that denote/change uprobes behaviour */ |
43 | |||
43 | /* Have a copy of original instruction */ | 44 | /* Have a copy of original instruction */ |
44 | #define UPROBES_COPY_INSN 0x1 | 45 | #define UPROBES_COPY_INSN 0x1 |
46 | |||
45 | /* Dont run handlers when first register/ last unregister in progress*/ | 47 | /* Dont run handlers when first register/ last unregister in progress*/ |
46 | #define UPROBES_RUN_HANDLER 0x2 | 48 | #define UPROBES_RUN_HANDLER 0x2 |
47 | 49 | ||
@@ -70,27 +72,23 @@ struct uprobe { | |||
70 | }; | 72 | }; |
71 | 73 | ||
72 | #ifdef CONFIG_UPROBES | 74 | #ifdef CONFIG_UPROBES |
73 | extern int __weak set_bkpt(struct mm_struct *mm, struct uprobe *uprobe, | 75 | extern int __weak set_bkpt(struct mm_struct *mm, struct uprobe *uprobe, unsigned long vaddr); |
74 | unsigned long vaddr); | 76 | extern int __weak set_orig_insn(struct mm_struct *mm, struct uprobe *uprobe, unsigned long vaddr, bool verify); |
75 | extern int __weak set_orig_insn(struct mm_struct *mm, struct uprobe *uprobe, | ||
76 | unsigned long vaddr, bool verify); | ||
77 | extern bool __weak is_bkpt_insn(uprobe_opcode_t *insn); | 77 | extern bool __weak is_bkpt_insn(uprobe_opcode_t *insn); |
78 | extern int register_uprobe(struct inode *inode, loff_t offset, | 78 | extern int uprobe_register(struct inode *inode, loff_t offset, struct uprobe_consumer *consumer); |
79 | struct uprobe_consumer *consumer); | 79 | extern void uprobe_unregister(struct inode *inode, loff_t offset, struct uprobe_consumer *consumer); |
80 | extern void unregister_uprobe(struct inode *inode, loff_t offset, | 80 | extern int uprobe_mmap(struct vm_area_struct *vma); |
81 | struct uprobe_consumer *consumer); | ||
82 | extern int mmap_uprobe(struct vm_area_struct *vma); | ||
83 | #else /* CONFIG_UPROBES is not defined */ | 81 | #else /* CONFIG_UPROBES is not defined */ |
84 | static inline int register_uprobe(struct inode *inode, loff_t offset, | 82 | static inline int |
85 | struct uprobe_consumer *consumer) | 83 | uprobe_register(struct inode *inode, loff_t offset, struct uprobe_consumer *consumer) |
86 | { | 84 | { |
87 | return -ENOSYS; | 85 | return -ENOSYS; |
88 | } | 86 | } |
89 | static inline void unregister_uprobe(struct inode *inode, loff_t offset, | 87 | static inline void |
90 | struct uprobe_consumer *consumer) | 88 | uprobe_unregister(struct inode *inode, loff_t offset, struct uprobe_consumer *consumer) |
91 | { | 89 | { |
92 | } | 90 | } |
93 | static inline int mmap_uprobe(struct vm_area_struct *vma) | 91 | static inline int uprobe_mmap(struct vm_area_struct *vma) |
94 | { | 92 | { |
95 | return 0; | 93 | return 0; |
96 | } | 94 | } |
diff --git a/kernel/uprobes.c b/kernel/uprobes.c index 72e8bb3b52cd..884817f1b0d3 100644 --- a/kernel/uprobes.c +++ b/kernel/uprobes.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Userspace Probes (UProbes) | 2 | * User-space Probes (UProbes) |
3 | * | 3 | * |
4 | * This program is free software; you can redistribute it and/or modify | 4 | * This program is free software; you can redistribute it and/or modify |
5 | * it under the terms of the GNU General Public License as published by | 5 | * it under the terms of the GNU General Public License as published by |
@@ -29,24 +29,26 @@ | |||
29 | #include <linux/rmap.h> /* anon_vma_prepare */ | 29 | #include <linux/rmap.h> /* anon_vma_prepare */ |
30 | #include <linux/mmu_notifier.h> /* set_pte_at_notify */ | 30 | #include <linux/mmu_notifier.h> /* set_pte_at_notify */ |
31 | #include <linux/swap.h> /* try_to_free_swap */ | 31 | #include <linux/swap.h> /* try_to_free_swap */ |
32 | |||
32 | #include <linux/uprobes.h> | 33 | #include <linux/uprobes.h> |
33 | 34 | ||
34 | static struct rb_root uprobes_tree = RB_ROOT; | 35 | static struct rb_root uprobes_tree = RB_ROOT; |
36 | |||
35 | static DEFINE_SPINLOCK(uprobes_treelock); /* serialize rbtree access */ | 37 | static DEFINE_SPINLOCK(uprobes_treelock); /* serialize rbtree access */ |
36 | 38 | ||
37 | #define UPROBES_HASH_SZ 13 | 39 | #define UPROBES_HASH_SZ 13 |
40 | |||
38 | /* serialize (un)register */ | 41 | /* serialize (un)register */ |
39 | static struct mutex uprobes_mutex[UPROBES_HASH_SZ]; | 42 | static struct mutex uprobes_mutex[UPROBES_HASH_SZ]; |
40 | #define uprobes_hash(v) (&uprobes_mutex[((unsigned long)(v)) %\ | 43 | |
41 | UPROBES_HASH_SZ]) | 44 | #define uprobes_hash(v) (&uprobes_mutex[((unsigned long)(v)) % UPROBES_HASH_SZ]) |
42 | 45 | ||
43 | /* serialize uprobe->pending_list */ | 46 | /* serialize uprobe->pending_list */ |
44 | static struct mutex uprobes_mmap_mutex[UPROBES_HASH_SZ]; | 47 | static struct mutex uprobes_mmap_mutex[UPROBES_HASH_SZ]; |
45 | #define uprobes_mmap_hash(v) (&uprobes_mmap_mutex[((unsigned long)(v)) %\ | 48 | #define uprobes_mmap_hash(v) (&uprobes_mmap_mutex[((unsigned long)(v)) % UPROBES_HASH_SZ]) |
46 | UPROBES_HASH_SZ]) | ||
47 | 49 | ||
48 | /* | 50 | /* |
49 | * uprobe_events allows us to skip the mmap_uprobe if there are no uprobe | 51 | * uprobe_events allows us to skip the uprobe_mmap if there are no uprobe |
50 | * events active at this time. Probably a fine grained per inode count is | 52 | * events active at this time. Probably a fine grained per inode count is |
51 | * better? | 53 | * better? |
52 | */ | 54 | */ |
@@ -58,9 +60,9 @@ static atomic_t uprobe_events = ATOMIC_INIT(0); | |||
58 | * vm_area_struct wasnt recommended. | 60 | * vm_area_struct wasnt recommended. |
59 | */ | 61 | */ |
60 | struct vma_info { | 62 | struct vma_info { |
61 | struct list_head probe_list; | 63 | struct list_head probe_list; |
62 | struct mm_struct *mm; | 64 | struct mm_struct *mm; |
63 | loff_t vaddr; | 65 | loff_t vaddr; |
64 | }; | 66 | }; |
65 | 67 | ||
66 | /* | 68 | /* |
@@ -79,8 +81,7 @@ static bool valid_vma(struct vm_area_struct *vma, bool is_register) | |||
79 | if (!is_register) | 81 | if (!is_register) |
80 | return true; | 82 | return true; |
81 | 83 | ||
82 | if ((vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)) == | 84 | if ((vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)) == (VM_READ|VM_EXEC)) |
83 | (VM_READ|VM_EXEC)) | ||
84 | return true; | 85 | return true; |
85 | 86 | ||
86 | return false; | 87 | return false; |
@@ -92,6 +93,7 @@ static loff_t vma_address(struct vm_area_struct *vma, loff_t offset) | |||
92 | 93 | ||
93 | vaddr = vma->vm_start + offset; | 94 | vaddr = vma->vm_start + offset; |
94 | vaddr -= vma->vm_pgoff << PAGE_SHIFT; | 95 | vaddr -= vma->vm_pgoff << PAGE_SHIFT; |
96 | |||
95 | return vaddr; | 97 | return vaddr; |
96 | } | 98 | } |
97 | 99 | ||
@@ -105,8 +107,7 @@ static loff_t vma_address(struct vm_area_struct *vma, loff_t offset) | |||
105 | * | 107 | * |
106 | * Returns 0 on success, -EFAULT on failure. | 108 | * Returns 0 on success, -EFAULT on failure. |
107 | */ | 109 | */ |
108 | static int __replace_page(struct vm_area_struct *vma, struct page *page, | 110 | static int __replace_page(struct vm_area_struct *vma, struct page *page, struct page *kpage) |
109 | struct page *kpage) | ||
110 | { | 111 | { |
111 | struct mm_struct *mm = vma->vm_mm; | 112 | struct mm_struct *mm = vma->vm_mm; |
112 | pgd_t *pgd; | 113 | pgd_t *pgd; |
@@ -163,7 +164,7 @@ out: | |||
163 | */ | 164 | */ |
164 | bool __weak is_bkpt_insn(uprobe_opcode_t *insn) | 165 | bool __weak is_bkpt_insn(uprobe_opcode_t *insn) |
165 | { | 166 | { |
166 | return (*insn == UPROBES_BKPT_INSN); | 167 | return *insn == UPROBES_BKPT_INSN; |
167 | } | 168 | } |
168 | 169 | ||
169 | /* | 170 | /* |
@@ -203,6 +204,7 @@ static int write_opcode(struct mm_struct *mm, struct uprobe *uprobe, | |||
203 | ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &old_page, &vma); | 204 | ret = get_user_pages(NULL, mm, vaddr, 1, 0, 0, &old_page, &vma); |
204 | if (ret <= 0) | 205 | if (ret <= 0) |
205 | return ret; | 206 | return ret; |
207 | |||
206 | ret = -EINVAL; | 208 | ret = -EINVAL; |
207 | 209 | ||
208 | /* | 210 | /* |
@@ -239,6 +241,7 @@ static int write_opcode(struct mm_struct *mm, struct uprobe *uprobe, | |||
239 | vaddr_new = kmap_atomic(new_page); | 241 | vaddr_new = kmap_atomic(new_page); |
240 | 242 | ||
241 | memcpy(vaddr_new, vaddr_old, PAGE_SIZE); | 243 | memcpy(vaddr_new, vaddr_old, PAGE_SIZE); |
244 | |||
242 | /* poke the new insn in, ASSUMES we don't cross page boundary */ | 245 | /* poke the new insn in, ASSUMES we don't cross page boundary */ |
243 | vaddr &= ~PAGE_MASK; | 246 | vaddr &= ~PAGE_MASK; |
244 | BUG_ON(vaddr + uprobe_opcode_sz > PAGE_SIZE); | 247 | BUG_ON(vaddr + uprobe_opcode_sz > PAGE_SIZE); |
@@ -260,7 +263,8 @@ unlock_out: | |||
260 | page_cache_release(new_page); | 263 | page_cache_release(new_page); |
261 | 264 | ||
262 | put_out: | 265 | put_out: |
263 | put_page(old_page); /* we did a get_page in the beginning */ | 266 | put_page(old_page); |
267 | |||
264 | return ret; | 268 | return ret; |
265 | } | 269 | } |
266 | 270 | ||
@@ -276,8 +280,7 @@ put_out: | |||
276 | * For mm @mm, read the opcode at @vaddr and store it in @opcode. | 280 | * For mm @mm, read the opcode at @vaddr and store it in @opcode. |
277 | * Return 0 (success) or a negative errno. | 281 | * Return 0 (success) or a negative errno. |
278 | */ | 282 | */ |
279 | static int read_opcode(struct mm_struct *mm, unsigned long vaddr, | 283 | static int read_opcode(struct mm_struct *mm, unsigned long vaddr, uprobe_opcode_t *opcode) |
280 | uprobe_opcode_t *opcode) | ||
281 | { | 284 | { |
282 | struct page *page; | 285 | struct page *page; |
283 | void *vaddr_new; | 286 | void *vaddr_new; |
@@ -293,15 +296,18 @@ static int read_opcode(struct mm_struct *mm, unsigned long vaddr, | |||
293 | memcpy(opcode, vaddr_new + vaddr, uprobe_opcode_sz); | 296 | memcpy(opcode, vaddr_new + vaddr, uprobe_opcode_sz); |
294 | kunmap_atomic(vaddr_new); | 297 | kunmap_atomic(vaddr_new); |
295 | unlock_page(page); | 298 | unlock_page(page); |
296 | put_page(page); /* we did a get_user_pages in the beginning */ | 299 | |
300 | put_page(page); | ||
301 | |||
297 | return 0; | 302 | return 0; |
298 | } | 303 | } |
299 | 304 | ||
300 | static int is_bkpt_at_addr(struct mm_struct *mm, unsigned long vaddr) | 305 | static int is_bkpt_at_addr(struct mm_struct *mm, unsigned long vaddr) |
301 | { | 306 | { |
302 | uprobe_opcode_t opcode; | 307 | uprobe_opcode_t opcode; |
303 | int result = read_opcode(mm, vaddr, &opcode); | 308 | int result; |
304 | 309 | ||
310 | result = read_opcode(mm, vaddr, &opcode); | ||
305 | if (result) | 311 | if (result) |
306 | return result; | 312 | return result; |
307 | 313 | ||
@@ -320,11 +326,11 @@ static int is_bkpt_at_addr(struct mm_struct *mm, unsigned long vaddr) | |||
320 | * For mm @mm, store the breakpoint instruction at @vaddr. | 326 | * For mm @mm, store the breakpoint instruction at @vaddr. |
321 | * Return 0 (success) or a negative errno. | 327 | * Return 0 (success) or a negative errno. |
322 | */ | 328 | */ |
323 | int __weak set_bkpt(struct mm_struct *mm, struct uprobe *uprobe, | 329 | int __weak set_bkpt(struct mm_struct *mm, struct uprobe *uprobe, unsigned long vaddr) |
324 | unsigned long vaddr) | ||
325 | { | 330 | { |
326 | int result = is_bkpt_at_addr(mm, vaddr); | 331 | int result; |
327 | 332 | ||
333 | result = is_bkpt_at_addr(mm, vaddr); | ||
328 | if (result == 1) | 334 | if (result == 1) |
329 | return -EEXIST; | 335 | return -EEXIST; |
330 | 336 | ||
@@ -344,35 +350,35 @@ int __weak set_bkpt(struct mm_struct *mm, struct uprobe *uprobe, | |||
344 | * For mm @mm, restore the original opcode (opcode) at @vaddr. | 350 | * For mm @mm, restore the original opcode (opcode) at @vaddr. |
345 | * Return 0 (success) or a negative errno. | 351 | * Return 0 (success) or a negative errno. |
346 | */ | 352 | */ |
347 | int __weak set_orig_insn(struct mm_struct *mm, struct uprobe *uprobe, | 353 | int __weak |
348 | unsigned long vaddr, bool verify) | 354 | set_orig_insn(struct mm_struct *mm, struct uprobe *uprobe, unsigned long vaddr, bool verify) |
349 | { | 355 | { |
350 | if (verify) { | 356 | if (verify) { |
351 | int result = is_bkpt_at_addr(mm, vaddr); | 357 | int result; |
352 | 358 | ||
359 | result = is_bkpt_at_addr(mm, vaddr); | ||
353 | if (!result) | 360 | if (!result) |
354 | return -EINVAL; | 361 | return -EINVAL; |
355 | 362 | ||
356 | if (result != 1) | 363 | if (result != 1) |
357 | return result; | 364 | return result; |
358 | } | 365 | } |
359 | return write_opcode(mm, uprobe, vaddr, | 366 | return write_opcode(mm, uprobe, vaddr, *(uprobe_opcode_t *)uprobe->insn); |
360 | *(uprobe_opcode_t *)uprobe->insn); | ||
361 | } | 367 | } |
362 | 368 | ||
363 | static int match_uprobe(struct uprobe *l, struct uprobe *r) | 369 | static int match_uprobe(struct uprobe *l, struct uprobe *r) |
364 | { | 370 | { |
365 | if (l->inode < r->inode) | 371 | if (l->inode < r->inode) |
366 | return -1; | 372 | return -1; |
373 | |||
367 | if (l->inode > r->inode) | 374 | if (l->inode > r->inode) |
368 | return 1; | 375 | return 1; |
369 | else { | ||
370 | if (l->offset < r->offset) | ||
371 | return -1; | ||
372 | 376 | ||
373 | if (l->offset > r->offset) | 377 | if (l->offset < r->offset) |
374 | return 1; | 378 | return -1; |
375 | } | 379 | |
380 | if (l->offset > r->offset) | ||
381 | return 1; | ||
376 | 382 | ||
377 | return 0; | 383 | return 0; |
378 | } | 384 | } |
@@ -391,6 +397,7 @@ static struct uprobe *__find_uprobe(struct inode *inode, loff_t offset) | |||
391 | atomic_inc(&uprobe->ref); | 397 | atomic_inc(&uprobe->ref); |
392 | return uprobe; | 398 | return uprobe; |
393 | } | 399 | } |
400 | |||
394 | if (match < 0) | 401 | if (match < 0) |
395 | n = n->rb_left; | 402 | n = n->rb_left; |
396 | else | 403 | else |
@@ -411,6 +418,7 @@ static struct uprobe *find_uprobe(struct inode *inode, loff_t offset) | |||
411 | spin_lock_irqsave(&uprobes_treelock, flags); | 418 | spin_lock_irqsave(&uprobes_treelock, flags); |
412 | uprobe = __find_uprobe(inode, offset); | 419 | uprobe = __find_uprobe(inode, offset); |
413 | spin_unlock_irqrestore(&uprobes_treelock, flags); | 420 | spin_unlock_irqrestore(&uprobes_treelock, flags); |
421 | |||
414 | return uprobe; | 422 | return uprobe; |
415 | } | 423 | } |
416 | 424 | ||
@@ -436,16 +444,18 @@ static struct uprobe *__insert_uprobe(struct uprobe *uprobe) | |||
436 | p = &parent->rb_right; | 444 | p = &parent->rb_right; |
437 | 445 | ||
438 | } | 446 | } |
447 | |||
439 | u = NULL; | 448 | u = NULL; |
440 | rb_link_node(&uprobe->rb_node, parent, p); | 449 | rb_link_node(&uprobe->rb_node, parent, p); |
441 | rb_insert_color(&uprobe->rb_node, &uprobes_tree); | 450 | rb_insert_color(&uprobe->rb_node, &uprobes_tree); |
442 | /* get access + creation ref */ | 451 | /* get access + creation ref */ |
443 | atomic_set(&uprobe->ref, 2); | 452 | atomic_set(&uprobe->ref, 2); |
453 | |||
444 | return u; | 454 | return u; |
445 | } | 455 | } |
446 | 456 | ||
447 | /* | 457 | /* |
448 | * Acquires uprobes_treelock. | 458 | * Acquire uprobes_treelock. |
449 | * Matching uprobe already exists in rbtree; | 459 | * Matching uprobe already exists in rbtree; |
450 | * increment (access refcount) and return the matching uprobe. | 460 | * increment (access refcount) and return the matching uprobe. |
451 | * | 461 | * |
@@ -460,6 +470,7 @@ static struct uprobe *insert_uprobe(struct uprobe *uprobe) | |||
460 | spin_lock_irqsave(&uprobes_treelock, flags); | 470 | spin_lock_irqsave(&uprobes_treelock, flags); |
461 | u = __insert_uprobe(uprobe); | 471 | u = __insert_uprobe(uprobe); |
462 | spin_unlock_irqrestore(&uprobes_treelock, flags); | 472 | spin_unlock_irqrestore(&uprobes_treelock, flags); |
473 | |||
463 | return u; | 474 | return u; |
464 | } | 475 | } |
465 | 476 | ||
@@ -490,19 +501,22 @@ static struct uprobe *alloc_uprobe(struct inode *inode, loff_t offset) | |||
490 | kfree(uprobe); | 501 | kfree(uprobe); |
491 | uprobe = cur_uprobe; | 502 | uprobe = cur_uprobe; |
492 | iput(inode); | 503 | iput(inode); |
493 | } else | 504 | } else { |
494 | atomic_inc(&uprobe_events); | 505 | atomic_inc(&uprobe_events); |
506 | } | ||
507 | |||
495 | return uprobe; | 508 | return uprobe; |
496 | } | 509 | } |
497 | 510 | ||
498 | /* Returns the previous consumer */ | 511 | /* Returns the previous consumer */ |
499 | static struct uprobe_consumer *add_consumer(struct uprobe *uprobe, | 512 | static struct uprobe_consumer * |
500 | struct uprobe_consumer *consumer) | 513 | consumer_add(struct uprobe *uprobe, struct uprobe_consumer *consumer) |
501 | { | 514 | { |
502 | down_write(&uprobe->consumer_rwsem); | 515 | down_write(&uprobe->consumer_rwsem); |
503 | consumer->next = uprobe->consumers; | 516 | consumer->next = uprobe->consumers; |
504 | uprobe->consumers = consumer; | 517 | uprobe->consumers = consumer; |
505 | up_write(&uprobe->consumer_rwsem); | 518 | up_write(&uprobe->consumer_rwsem); |
519 | |||
506 | return consumer->next; | 520 | return consumer->next; |
507 | } | 521 | } |
508 | 522 | ||
@@ -511,8 +525,7 @@ static struct uprobe_consumer *add_consumer(struct uprobe *uprobe, | |||
511 | * Return true if the @consumer is deleted successfully | 525 | * Return true if the @consumer is deleted successfully |
512 | * or return false. | 526 | * or return false. |
513 | */ | 527 | */ |
514 | static bool del_consumer(struct uprobe *uprobe, | 528 | static bool consumer_del(struct uprobe *uprobe, struct uprobe_consumer *consumer) |
515 | struct uprobe_consumer *consumer) | ||
516 | { | 529 | { |
517 | struct uprobe_consumer **con; | 530 | struct uprobe_consumer **con; |
518 | bool ret = false; | 531 | bool ret = false; |
@@ -526,6 +539,7 @@ static bool del_consumer(struct uprobe *uprobe, | |||
526 | } | 539 | } |
527 | } | 540 | } |
528 | up_write(&uprobe->consumer_rwsem); | 541 | up_write(&uprobe->consumer_rwsem); |
542 | |||
529 | return ret; | 543 | return ret; |
530 | } | 544 | } |
531 | 545 | ||
@@ -557,15 +571,15 @@ static int __copy_insn(struct address_space *mapping, | |||
557 | memcpy(insn, vaddr + off1, nbytes); | 571 | memcpy(insn, vaddr + off1, nbytes); |
558 | kunmap_atomic(vaddr); | 572 | kunmap_atomic(vaddr); |
559 | page_cache_release(page); | 573 | page_cache_release(page); |
574 | |||
560 | return 0; | 575 | return 0; |
561 | } | 576 | } |
562 | 577 | ||
563 | static int copy_insn(struct uprobe *uprobe, struct vm_area_struct *vma, | 578 | static int copy_insn(struct uprobe *uprobe, struct vm_area_struct *vma, unsigned long addr) |
564 | unsigned long addr) | ||
565 | { | 579 | { |
566 | struct address_space *mapping; | 580 | struct address_space *mapping; |
567 | int bytes; | ||
568 | unsigned long nbytes; | 581 | unsigned long nbytes; |
582 | int bytes; | ||
569 | 583 | ||
570 | addr &= ~PAGE_MASK; | 584 | addr &= ~PAGE_MASK; |
571 | nbytes = PAGE_SIZE - addr; | 585 | nbytes = PAGE_SIZE - addr; |
@@ -605,6 +619,7 @@ static int install_breakpoint(struct mm_struct *mm, struct uprobe *uprobe, | |||
605 | return -EEXIST; | 619 | return -EEXIST; |
606 | 620 | ||
607 | addr = (unsigned long)vaddr; | 621 | addr = (unsigned long)vaddr; |
622 | |||
608 | if (!(uprobe->flags & UPROBES_COPY_INSN)) { | 623 | if (!(uprobe->flags & UPROBES_COPY_INSN)) { |
609 | ret = copy_insn(uprobe, vma, addr); | 624 | ret = copy_insn(uprobe, vma, addr); |
610 | if (ret) | 625 | if (ret) |
@@ -613,7 +628,7 @@ static int install_breakpoint(struct mm_struct *mm, struct uprobe *uprobe, | |||
613 | if (is_bkpt_insn((uprobe_opcode_t *)uprobe->insn)) | 628 | if (is_bkpt_insn((uprobe_opcode_t *)uprobe->insn)) |
614 | return -EEXIST; | 629 | return -EEXIST; |
615 | 630 | ||
616 | ret = analyze_insn(mm, uprobe); | 631 | ret = arch_uprobes_analyze_insn(mm, uprobe); |
617 | if (ret) | 632 | if (ret) |
618 | return ret; | 633 | return ret; |
619 | 634 | ||
@@ -624,8 +639,7 @@ static int install_breakpoint(struct mm_struct *mm, struct uprobe *uprobe, | |||
624 | return ret; | 639 | return ret; |
625 | } | 640 | } |
626 | 641 | ||
627 | static void remove_breakpoint(struct mm_struct *mm, struct uprobe *uprobe, | 642 | static void remove_breakpoint(struct mm_struct *mm, struct uprobe *uprobe, loff_t vaddr) |
628 | loff_t vaddr) | ||
629 | { | 643 | { |
630 | set_orig_insn(mm, uprobe, (unsigned long)vaddr, true); | 644 | set_orig_insn(mm, uprobe, (unsigned long)vaddr, true); |
631 | } | 645 | } |
@@ -649,9 +663,11 @@ static struct vma_info *__find_next_vma_info(struct list_head *head, | |||
649 | struct prio_tree_iter iter; | 663 | struct prio_tree_iter iter; |
650 | struct vm_area_struct *vma; | 664 | struct vm_area_struct *vma; |
651 | struct vma_info *tmpvi; | 665 | struct vma_info *tmpvi; |
652 | loff_t vaddr; | 666 | unsigned long pgoff; |
653 | unsigned long pgoff = offset >> PAGE_SHIFT; | ||
654 | int existing_vma; | 667 | int existing_vma; |
668 | loff_t vaddr; | ||
669 | |||
670 | pgoff = offset >> PAGE_SHIFT; | ||
655 | 671 | ||
656 | vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) { | 672 | vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, pgoff, pgoff) { |
657 | if (!valid_vma(vma, is_register)) | 673 | if (!valid_vma(vma, is_register)) |
@@ -659,6 +675,7 @@ static struct vma_info *__find_next_vma_info(struct list_head *head, | |||
659 | 675 | ||
660 | existing_vma = 0; | 676 | existing_vma = 0; |
661 | vaddr = vma_address(vma, offset); | 677 | vaddr = vma_address(vma, offset); |
678 | |||
662 | list_for_each_entry(tmpvi, head, probe_list) { | 679 | list_for_each_entry(tmpvi, head, probe_list) { |
663 | if (tmpvi->mm == vma->vm_mm && tmpvi->vaddr == vaddr) { | 680 | if (tmpvi->mm == vma->vm_mm && tmpvi->vaddr == vaddr) { |
664 | existing_vma = 1; | 681 | existing_vma = 1; |
@@ -670,14 +687,15 @@ static struct vma_info *__find_next_vma_info(struct list_head *head, | |||
670 | * Another vma needs a probe to be installed. However skip | 687 | * Another vma needs a probe to be installed. However skip |
671 | * installing the probe if the vma is about to be unlinked. | 688 | * installing the probe if the vma is about to be unlinked. |
672 | */ | 689 | */ |
673 | if (!existing_vma && | 690 | if (!existing_vma && atomic_inc_not_zero(&vma->vm_mm->mm_users)) { |
674 | atomic_inc_not_zero(&vma->vm_mm->mm_users)) { | ||
675 | vi->mm = vma->vm_mm; | 691 | vi->mm = vma->vm_mm; |
676 | vi->vaddr = vaddr; | 692 | vi->vaddr = vaddr; |
677 | list_add(&vi->probe_list, head); | 693 | list_add(&vi->probe_list, head); |
694 | |||
678 | return vi; | 695 | return vi; |
679 | } | 696 | } |
680 | } | 697 | } |
698 | |||
681 | return NULL; | 699 | return NULL; |
682 | } | 700 | } |
683 | 701 | ||
@@ -685,11 +703,12 @@ static struct vma_info *__find_next_vma_info(struct list_head *head, | |||
685 | * Iterate in the rmap prio tree and find a vma where a probe has not | 703 | * Iterate in the rmap prio tree and find a vma where a probe has not |
686 | * yet been inserted. | 704 | * yet been inserted. |
687 | */ | 705 | */ |
688 | static struct vma_info *find_next_vma_info(struct list_head *head, | 706 | static struct vma_info * |
689 | loff_t offset, struct address_space *mapping, | 707 | find_next_vma_info(struct list_head *head, loff_t offset, struct address_space *mapping, |
690 | bool is_register) | 708 | bool is_register) |
691 | { | 709 | { |
692 | struct vma_info *vi, *retvi; | 710 | struct vma_info *vi, *retvi; |
711 | |||
693 | vi = kzalloc(sizeof(struct vma_info), GFP_KERNEL); | 712 | vi = kzalloc(sizeof(struct vma_info), GFP_KERNEL); |
694 | if (!vi) | 713 | if (!vi) |
695 | return ERR_PTR(-ENOMEM); | 714 | return ERR_PTR(-ENOMEM); |
@@ -700,6 +719,7 @@ static struct vma_info *find_next_vma_info(struct list_head *head, | |||
700 | 719 | ||
701 | if (!retvi) | 720 | if (!retvi) |
702 | kfree(vi); | 721 | kfree(vi); |
722 | |||
703 | return retvi; | 723 | return retvi; |
704 | } | 724 | } |
705 | 725 | ||
@@ -711,16 +731,23 @@ static int register_for_each_vma(struct uprobe *uprobe, bool is_register) | |||
711 | struct vma_info *vi, *tmpvi; | 731 | struct vma_info *vi, *tmpvi; |
712 | struct mm_struct *mm; | 732 | struct mm_struct *mm; |
713 | loff_t vaddr; | 733 | loff_t vaddr; |
714 | int ret = 0; | 734 | int ret; |
715 | 735 | ||
716 | mapping = uprobe->inode->i_mapping; | 736 | mapping = uprobe->inode->i_mapping; |
717 | INIT_LIST_HEAD(&try_list); | 737 | INIT_LIST_HEAD(&try_list); |
718 | while ((vi = find_next_vma_info(&try_list, uprobe->offset, | 738 | |
719 | mapping, is_register)) != NULL) { | 739 | ret = 0; |
740 | |||
741 | for (;;) { | ||
742 | vi = find_next_vma_info(&try_list, uprobe->offset, mapping, is_register); | ||
743 | if (!vi) | ||
744 | break; | ||
745 | |||
720 | if (IS_ERR(vi)) { | 746 | if (IS_ERR(vi)) { |
721 | ret = PTR_ERR(vi); | 747 | ret = PTR_ERR(vi); |
722 | break; | 748 | break; |
723 | } | 749 | } |
750 | |||
724 | mm = vi->mm; | 751 | mm = vi->mm; |
725 | down_read(&mm->mmap_sem); | 752 | down_read(&mm->mmap_sem); |
726 | vma = find_vma(mm, (unsigned long)vi->vaddr); | 753 | vma = find_vma(mm, (unsigned long)vi->vaddr); |
@@ -755,19 +782,21 @@ static int register_for_each_vma(struct uprobe *uprobe, bool is_register) | |||
755 | break; | 782 | break; |
756 | } | 783 | } |
757 | } | 784 | } |
785 | |||
758 | list_for_each_entry_safe(vi, tmpvi, &try_list, probe_list) { | 786 | list_for_each_entry_safe(vi, tmpvi, &try_list, probe_list) { |
759 | list_del(&vi->probe_list); | 787 | list_del(&vi->probe_list); |
760 | kfree(vi); | 788 | kfree(vi); |
761 | } | 789 | } |
790 | |||
762 | return ret; | 791 | return ret; |
763 | } | 792 | } |
764 | 793 | ||
765 | static int __register_uprobe(struct uprobe *uprobe) | 794 | static int __uprobe_register(struct uprobe *uprobe) |
766 | { | 795 | { |
767 | return register_for_each_vma(uprobe, true); | 796 | return register_for_each_vma(uprobe, true); |
768 | } | 797 | } |
769 | 798 | ||
770 | static void __unregister_uprobe(struct uprobe *uprobe) | 799 | static void __uprobe_unregister(struct uprobe *uprobe) |
771 | { | 800 | { |
772 | if (!register_for_each_vma(uprobe, false)) | 801 | if (!register_for_each_vma(uprobe, false)) |
773 | delete_uprobe(uprobe); | 802 | delete_uprobe(uprobe); |
@@ -776,15 +805,15 @@ static void __unregister_uprobe(struct uprobe *uprobe) | |||
776 | } | 805 | } |
777 | 806 | ||
778 | /* | 807 | /* |
779 | * register_uprobe - register a probe | 808 | * uprobe_register - register a probe |
780 | * @inode: the file in which the probe has to be placed. | 809 | * @inode: the file in which the probe has to be placed. |
781 | * @offset: offset from the start of the file. | 810 | * @offset: offset from the start of the file. |
782 | * @consumer: information on howto handle the probe.. | 811 | * @consumer: information on howto handle the probe.. |
783 | * | 812 | * |
784 | * Apart from the access refcount, register_uprobe() takes a creation | 813 | * Apart from the access refcount, uprobe_register() takes a creation |
785 | * refcount (thro alloc_uprobe) if and only if this @uprobe is getting | 814 | * refcount (thro alloc_uprobe) if and only if this @uprobe is getting |
786 | * inserted into the rbtree (i.e first consumer for a @inode:@offset | 815 | * inserted into the rbtree (i.e first consumer for a @inode:@offset |
787 | * tuple). Creation refcount stops unregister_uprobe from freeing the | 816 | * tuple). Creation refcount stops uprobe_unregister from freeing the |
788 | * @uprobe even before the register operation is complete. Creation | 817 | * @uprobe even before the register operation is complete. Creation |
789 | * refcount is released when the last @consumer for the @uprobe | 818 | * refcount is released when the last @consumer for the @uprobe |
790 | * unregisters. | 819 | * unregisters. |
@@ -792,28 +821,29 @@ static void __unregister_uprobe(struct uprobe *uprobe) | |||
792 | * Return errno if it cannot successully install probes | 821 | * Return errno if it cannot successully install probes |
793 | * else return 0 (success) | 822 | * else return 0 (success) |
794 | */ | 823 | */ |
795 | int register_uprobe(struct inode *inode, loff_t offset, | 824 | int uprobe_register(struct inode *inode, loff_t offset, struct uprobe_consumer *consumer) |
796 | struct uprobe_consumer *consumer) | ||
797 | { | 825 | { |
798 | struct uprobe *uprobe; | 826 | struct uprobe *uprobe; |
799 | int ret = -EINVAL; | 827 | int ret; |
800 | 828 | ||
801 | if (!inode || !consumer || consumer->next) | 829 | if (!inode || !consumer || consumer->next) |
802 | return ret; | 830 | return -EINVAL; |
803 | 831 | ||
804 | if (offset > i_size_read(inode)) | 832 | if (offset > i_size_read(inode)) |
805 | return ret; | 833 | return -EINVAL; |
806 | 834 | ||
807 | ret = 0; | 835 | ret = 0; |
808 | mutex_lock(uprobes_hash(inode)); | 836 | mutex_lock(uprobes_hash(inode)); |
809 | uprobe = alloc_uprobe(inode, offset); | 837 | uprobe = alloc_uprobe(inode, offset); |
810 | if (uprobe && !add_consumer(uprobe, consumer)) { | 838 | |
811 | ret = __register_uprobe(uprobe); | 839 | if (uprobe && !consumer_add(uprobe, consumer)) { |
840 | ret = __uprobe_register(uprobe); | ||
812 | if (ret) { | 841 | if (ret) { |
813 | uprobe->consumers = NULL; | 842 | uprobe->consumers = NULL; |
814 | __unregister_uprobe(uprobe); | 843 | __uprobe_unregister(uprobe); |
815 | } else | 844 | } else { |
816 | uprobe->flags |= UPROBES_RUN_HANDLER; | 845 | uprobe->flags |= UPROBES_RUN_HANDLER; |
846 | } | ||
817 | } | 847 | } |
818 | 848 | ||
819 | mutex_unlock(uprobes_hash(inode)); | 849 | mutex_unlock(uprobes_hash(inode)); |
@@ -823,15 +853,14 @@ int register_uprobe(struct inode *inode, loff_t offset, | |||
823 | } | 853 | } |
824 | 854 | ||
825 | /* | 855 | /* |
826 | * unregister_uprobe - unregister a already registered probe. | 856 | * uprobe_unregister - unregister a already registered probe. |
827 | * @inode: the file in which the probe has to be removed. | 857 | * @inode: the file in which the probe has to be removed. |
828 | * @offset: offset from the start of the file. | 858 | * @offset: offset from the start of the file. |
829 | * @consumer: identify which probe if multiple probes are colocated. | 859 | * @consumer: identify which probe if multiple probes are colocated. |
830 | */ | 860 | */ |
831 | void unregister_uprobe(struct inode *inode, loff_t offset, | 861 | void uprobe_unregister(struct inode *inode, loff_t offset, struct uprobe_consumer *consumer) |
832 | struct uprobe_consumer *consumer) | ||
833 | { | 862 | { |
834 | struct uprobe *uprobe = NULL; | 863 | struct uprobe *uprobe; |
835 | 864 | ||
836 | if (!inode || !consumer) | 865 | if (!inode || !consumer) |
837 | return; | 866 | return; |
@@ -841,15 +870,14 @@ void unregister_uprobe(struct inode *inode, loff_t offset, | |||
841 | return; | 870 | return; |
842 | 871 | ||
843 | mutex_lock(uprobes_hash(inode)); | 872 | mutex_lock(uprobes_hash(inode)); |
844 | if (!del_consumer(uprobe, consumer)) | ||
845 | goto unreg_out; | ||
846 | 873 | ||
847 | if (!uprobe->consumers) { | 874 | if (consumer_del(uprobe, consumer)) { |
848 | __unregister_uprobe(uprobe); | 875 | if (!uprobe->consumers) { |
849 | uprobe->flags &= ~UPROBES_RUN_HANDLER; | 876 | __uprobe_unregister(uprobe); |
877 | uprobe->flags &= ~UPROBES_RUN_HANDLER; | ||
878 | } | ||
850 | } | 879 | } |
851 | 880 | ||
852 | unreg_out: | ||
853 | mutex_unlock(uprobes_hash(inode)); | 881 | mutex_unlock(uprobes_hash(inode)); |
854 | if (uprobe) | 882 | if (uprobe) |
855 | put_uprobe(uprobe); | 883 | put_uprobe(uprobe); |
@@ -870,6 +898,7 @@ static struct rb_node *find_least_offset_node(struct inode *inode) | |||
870 | while (n) { | 898 | while (n) { |
871 | uprobe = rb_entry(n, struct uprobe, rb_node); | 899 | uprobe = rb_entry(n, struct uprobe, rb_node); |
872 | match = match_uprobe(&u, uprobe); | 900 | match = match_uprobe(&u, uprobe); |
901 | |||
873 | if (uprobe->inode == inode) | 902 | if (uprobe->inode == inode) |
874 | close_node = n; | 903 | close_node = n; |
875 | 904 | ||
@@ -881,6 +910,7 @@ static struct rb_node *find_least_offset_node(struct inode *inode) | |||
881 | else | 910 | else |
882 | n = n->rb_right; | 911 | n = n->rb_right; |
883 | } | 912 | } |
913 | |||
884 | return close_node; | 914 | return close_node; |
885 | } | 915 | } |
886 | 916 | ||
@@ -890,11 +920,13 @@ static struct rb_node *find_least_offset_node(struct inode *inode) | |||
890 | static void build_probe_list(struct inode *inode, struct list_head *head) | 920 | static void build_probe_list(struct inode *inode, struct list_head *head) |
891 | { | 921 | { |
892 | struct uprobe *uprobe; | 922 | struct uprobe *uprobe; |
893 | struct rb_node *n; | ||
894 | unsigned long flags; | 923 | unsigned long flags; |
924 | struct rb_node *n; | ||
895 | 925 | ||
896 | spin_lock_irqsave(&uprobes_treelock, flags); | 926 | spin_lock_irqsave(&uprobes_treelock, flags); |
927 | |||
897 | n = find_least_offset_node(inode); | 928 | n = find_least_offset_node(inode); |
929 | |||
898 | for (; n; n = rb_next(n)) { | 930 | for (; n; n = rb_next(n)) { |
899 | uprobe = rb_entry(n, struct uprobe, rb_node); | 931 | uprobe = rb_entry(n, struct uprobe, rb_node); |
900 | if (uprobe->inode != inode) | 932 | if (uprobe->inode != inode) |
@@ -903,6 +935,7 @@ static void build_probe_list(struct inode *inode, struct list_head *head) | |||
903 | list_add(&uprobe->pending_list, head); | 935 | list_add(&uprobe->pending_list, head); |
904 | atomic_inc(&uprobe->ref); | 936 | atomic_inc(&uprobe->ref); |
905 | } | 937 | } |
938 | |||
906 | spin_unlock_irqrestore(&uprobes_treelock, flags); | 939 | spin_unlock_irqrestore(&uprobes_treelock, flags); |
907 | } | 940 | } |
908 | 941 | ||
@@ -912,42 +945,44 @@ static void build_probe_list(struct inode *inode, struct list_head *head) | |||
912 | * | 945 | * |
913 | * Return -ve no if we fail to insert probes and we cannot | 946 | * Return -ve no if we fail to insert probes and we cannot |
914 | * bail-out. | 947 | * bail-out. |
915 | * Return 0 otherwise. i.e : | 948 | * Return 0 otherwise. i.e: |
949 | * | ||
916 | * - successful insertion of probes | 950 | * - successful insertion of probes |
917 | * - (or) no possible probes to be inserted. | 951 | * - (or) no possible probes to be inserted. |
918 | * - (or) insertion of probes failed but we can bail-out. | 952 | * - (or) insertion of probes failed but we can bail-out. |
919 | */ | 953 | */ |
920 | int mmap_uprobe(struct vm_area_struct *vma) | 954 | int uprobe_mmap(struct vm_area_struct *vma) |
921 | { | 955 | { |
922 | struct list_head tmp_list; | 956 | struct list_head tmp_list; |
923 | struct uprobe *uprobe, *u; | 957 | struct uprobe *uprobe, *u; |
924 | struct inode *inode; | 958 | struct inode *inode; |
925 | int ret = 0; | 959 | int ret; |
926 | 960 | ||
927 | if (!atomic_read(&uprobe_events) || !valid_vma(vma, true)) | 961 | if (!atomic_read(&uprobe_events) || !valid_vma(vma, true)) |
928 | return ret; /* Bail-out */ | 962 | return 0; |
929 | 963 | ||
930 | inode = vma->vm_file->f_mapping->host; | 964 | inode = vma->vm_file->f_mapping->host; |
931 | if (!inode) | 965 | if (!inode) |
932 | return ret; | 966 | return 0; |
933 | 967 | ||
934 | INIT_LIST_HEAD(&tmp_list); | 968 | INIT_LIST_HEAD(&tmp_list); |
935 | mutex_lock(uprobes_mmap_hash(inode)); | 969 | mutex_lock(uprobes_mmap_hash(inode)); |
936 | build_probe_list(inode, &tmp_list); | 970 | build_probe_list(inode, &tmp_list); |
971 | |||
972 | ret = 0; | ||
973 | |||
937 | list_for_each_entry_safe(uprobe, u, &tmp_list, pending_list) { | 974 | list_for_each_entry_safe(uprobe, u, &tmp_list, pending_list) { |
938 | loff_t vaddr; | 975 | loff_t vaddr; |
939 | 976 | ||
940 | list_del(&uprobe->pending_list); | 977 | list_del(&uprobe->pending_list); |
941 | if (!ret) { | 978 | if (!ret) { |
942 | vaddr = vma_address(vma, uprobe->offset); | 979 | vaddr = vma_address(vma, uprobe->offset); |
943 | if (vaddr < vma->vm_start || vaddr >= vma->vm_end) { | 980 | if (vaddr >= vma->vm_start && vaddr < vma->vm_end) { |
944 | put_uprobe(uprobe); | 981 | ret = install_breakpoint(vma->vm_mm, uprobe, vma, vaddr); |
945 | continue; | 982 | /* Ignore double add: */ |
983 | if (ret == -EEXIST) | ||
984 | ret = 0; | ||
946 | } | 985 | } |
947 | ret = install_breakpoint(vma->vm_mm, uprobe, vma, | ||
948 | vaddr); | ||
949 | if (ret == -EEXIST) | ||
950 | ret = 0; | ||
951 | } | 986 | } |
952 | put_uprobe(uprobe); | 987 | put_uprobe(uprobe); |
953 | } | 988 | } |
@@ -618,10 +618,10 @@ again: remove_next = 1 + (end > next->vm_end); | |||
618 | mutex_unlock(&mapping->i_mmap_mutex); | 618 | mutex_unlock(&mapping->i_mmap_mutex); |
619 | 619 | ||
620 | if (root) { | 620 | if (root) { |
621 | mmap_uprobe(vma); | 621 | uprobe_mmap(vma); |
622 | 622 | ||
623 | if (adjust_next) | 623 | if (adjust_next) |
624 | mmap_uprobe(next); | 624 | uprobe_mmap(next); |
625 | } | 625 | } |
626 | 626 | ||
627 | if (remove_next) { | 627 | if (remove_next) { |
@@ -646,7 +646,7 @@ again: remove_next = 1 + (end > next->vm_end); | |||
646 | } | 646 | } |
647 | } | 647 | } |
648 | if (insert && file) | 648 | if (insert && file) |
649 | mmap_uprobe(insert); | 649 | uprobe_mmap(insert); |
650 | 650 | ||
651 | validate_mm(mm); | 651 | validate_mm(mm); |
652 | 652 | ||
@@ -1340,7 +1340,7 @@ out: | |||
1340 | } else if ((flags & MAP_POPULATE) && !(flags & MAP_NONBLOCK)) | 1340 | } else if ((flags & MAP_POPULATE) && !(flags & MAP_NONBLOCK)) |
1341 | make_pages_present(addr, addr + len); | 1341 | make_pages_present(addr, addr + len); |
1342 | 1342 | ||
1343 | if (file && mmap_uprobe(vma)) | 1343 | if (file && uprobe_mmap(vma)) |
1344 | /* matching probes but cannot insert */ | 1344 | /* matching probes but cannot insert */ |
1345 | goto unmap_and_free_vma; | 1345 | goto unmap_and_free_vma; |
1346 | 1346 | ||
@@ -2301,7 +2301,7 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) | |||
2301 | security_vm_enough_memory_mm(mm, vma_pages(vma))) | 2301 | security_vm_enough_memory_mm(mm, vma_pages(vma))) |
2302 | return -ENOMEM; | 2302 | return -ENOMEM; |
2303 | 2303 | ||
2304 | if (vma->vm_file && mmap_uprobe(vma)) | 2304 | if (vma->vm_file && uprobe_mmap(vma)) |
2305 | return -EINVAL; | 2305 | return -EINVAL; |
2306 | 2306 | ||
2307 | vma_link(mm, vma, prev, rb_link, rb_parent); | 2307 | vma_link(mm, vma, prev, rb_link, rb_parent); |
@@ -2374,7 +2374,7 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, | |||
2374 | if (new_vma->vm_file) { | 2374 | if (new_vma->vm_file) { |
2375 | get_file(new_vma->vm_file); | 2375 | get_file(new_vma->vm_file); |
2376 | 2376 | ||
2377 | if (mmap_uprobe(new_vma)) | 2377 | if (uprobe_mmap(new_vma)) |
2378 | goto out_free_mempol; | 2378 | goto out_free_mempol; |
2379 | 2379 | ||
2380 | if (vma->vm_flags & VM_EXECUTABLE) | 2380 | if (vma->vm_flags & VM_EXECUTABLE) |