diff options
| author | Jon Medhurst <tixy@linaro.org> | 2014-03-03 10:08:30 -0500 |
|---|---|---|
| committer | Jon Medhurst <tixy@linaro.org> | 2014-07-02 07:48:36 -0400 |
| commit | 272226007f436eff953c4398c1f5509cb74889ac (patch) | |
| tree | 1444ed14ef7afb312cff32161dacb07bcb3f7f2d | |
| parent | 48f7bc86b6e75bcb71441c77378c1cde6ecbe475 (diff) | |
ARM: kprobes: Disallow instructions with PC and register specified shift
ARM data processing instructions which have a register specified shift
are defined as UNPREDICTABLE if PC is used for any register, not just
the shift value as the code was previous assuming. This issue manifests
on A15 devices as either test case failures or undefined instructions
aborts.
Reported-by: David Long <dave.long@linaro.org>
Signed-off-by: Jon Medhurst <tixy@linaro.org>
| -rw-r--r-- | arch/arm/kernel/kprobes-test-arm.c | 22 | ||||
| -rw-r--r-- | arch/arm/kernel/probes-arm.c | 6 |
2 files changed, 15 insertions, 13 deletions
diff --git a/arch/arm/kernel/kprobes-test-arm.c b/arch/arm/kernel/kprobes-test-arm.c index 9db4b659d03e..e73f9cff9225 100644 --- a/arch/arm/kernel/kprobes-test-arm.c +++ b/arch/arm/kernel/kprobes-test-arm.c | |||
| @@ -74,8 +74,6 @@ void kprobe_arm_test_cases(void) | |||
| 74 | TEST_RRR( op "lt" s " r11, r",11,VAL1,", r",14,N(val),", asr r",7, 6,"")\ | 74 | TEST_RRR( op "lt" s " r11, r",11,VAL1,", r",14,N(val),", asr r",7, 6,"")\ |
| 75 | TEST_RR( op "gt" s " r12, r13" ", r",14,val, ", ror r",14,7,"")\ | 75 | TEST_RR( op "gt" s " r12, r13" ", r",14,val, ", ror r",14,7,"")\ |
| 76 | TEST_RR( op "le" s " r14, r",0, val, ", r13" ", lsl r",14,8,"")\ | 76 | TEST_RR( op "le" s " r14, r",0, val, ", r13" ", lsl r",14,8,"")\ |
| 77 | TEST_RR( op s " r12, pc" ", r",14,val, ", ror r",14,7,"")\ | ||
| 78 | TEST_RR( op s " r14, r",0, val, ", pc" ", lsl r",14,8,"")\ | ||
| 79 | TEST_R( op "eq" s " r0, r",11,VAL1,", #0xf5") \ | 77 | TEST_R( op "eq" s " r0, r",11,VAL1,", #0xf5") \ |
| 80 | TEST_R( op "ne" s " r11, r",0, VAL1,", #0xf5000000") \ | 78 | TEST_R( op "ne" s " r11, r",0, VAL1,", #0xf5000000") \ |
| 81 | TEST_R( op s " r7, r",8, VAL2,", #0x000af000") \ | 79 | TEST_R( op s " r7, r",8, VAL2,", #0x000af000") \ |
| @@ -103,8 +101,6 @@ void kprobe_arm_test_cases(void) | |||
| 103 | TEST_RRR( op "ge r",11,VAL1,", r",14,N(val),", asr r",7, 6,"") \ | 101 | TEST_RRR( op "ge r",11,VAL1,", r",14,N(val),", asr r",7, 6,"") \ |
| 104 | TEST_RR( op "le r13" ", r",14,val, ", ror r",14,7,"") \ | 102 | TEST_RR( op "le r13" ", r",14,val, ", ror r",14,7,"") \ |
| 105 | TEST_RR( op "gt r",0, val, ", r13" ", lsl r",14,8,"") \ | 103 | TEST_RR( op "gt r",0, val, ", r13" ", lsl r",14,8,"") \ |
| 106 | TEST_RR( op " pc" ", r",14,val, ", ror r",14,7,"") \ | ||
| 107 | TEST_RR( op " r",0, val, ", pc" ", lsl r",14,8,"") \ | ||
| 108 | TEST_R( op "eq r",11,VAL1,", #0xf5") \ | 104 | TEST_R( op "eq r",11,VAL1,", #0xf5") \ |
| 109 | TEST_R( op "ne r",0, VAL1,", #0xf5000000") \ | 105 | TEST_R( op "ne r",0, VAL1,", #0xf5000000") \ |
| 110 | TEST_R( op " r",8, VAL2,", #0x000af000") | 106 | TEST_R( op " r",8, VAL2,", #0x000af000") |
| @@ -125,7 +121,6 @@ void kprobe_arm_test_cases(void) | |||
| 125 | TEST_RR( op "ge" s " r11, r",11,N(val),", asr r",7, 6,"") \ | 121 | TEST_RR( op "ge" s " r11, r",11,N(val),", asr r",7, 6,"") \ |
| 126 | TEST_RR( op "lt" s " r12, r",11,val, ", ror r",14,7,"") \ | 122 | TEST_RR( op "lt" s " r12, r",11,val, ", ror r",14,7,"") \ |
| 127 | TEST_R( op "gt" s " r14, r13" ", lsl r",14,8,"") \ | 123 | TEST_R( op "gt" s " r14, r13" ", lsl r",14,8,"") \ |
| 128 | TEST_R( op "le" s " r14, pc" ", lsl r",14,8,"") \ | ||
| 129 | TEST( op "eq" s " r0, #0xf5") \ | 124 | TEST( op "eq" s " r0, #0xf5") \ |
| 130 | TEST( op "ne" s " r11, #0xf5000000") \ | 125 | TEST( op "ne" s " r11, #0xf5000000") \ |
| 131 | TEST( op s " r7, #0x000af000") \ | 126 | TEST( op s " r7, #0x000af000") \ |
| @@ -159,12 +154,19 @@ void kprobe_arm_test_cases(void) | |||
| 159 | TEST_SUPPORTED("cmp pc, #0x1000"); | 154 | TEST_SUPPORTED("cmp pc, #0x1000"); |
| 160 | TEST_SUPPORTED("cmp sp, #0x1000"); | 155 | TEST_SUPPORTED("cmp sp, #0x1000"); |
| 161 | 156 | ||
| 162 | /* Data-processing with PC as shift*/ | 157 | /* Data-processing with PC and a shift count in a register */ |
| 163 | TEST_UNSUPPORTED(__inst_arm(0xe15c0f1e) " @ cmp r12, r14, asl pc") | 158 | TEST_UNSUPPORTED(__inst_arm(0xe15c0f1e) " @ cmp r12, r14, asl pc") |
| 164 | TEST_UNSUPPORTED(__inst_arm(0xe1a0cf1e) " @ mov r12, r14, asl pc") | 159 | TEST_UNSUPPORTED(__inst_arm(0xe1a0cf1e) " @ mov r12, r14, asl pc") |
| 165 | TEST_UNSUPPORTED(__inst_arm(0xe08caf1e) " @ add r10, r12, r14, asl pc") | 160 | TEST_UNSUPPORTED(__inst_arm(0xe08caf1e) " @ add r10, r12, r14, asl pc") |
| 166 | 161 | TEST_UNSUPPORTED(__inst_arm(0xe151021f) " @ cmp r1, pc, lsl r2") | |
| 167 | /* Data-processing with PC as shift*/ | 162 | TEST_UNSUPPORTED(__inst_arm(0xe17f0211) " @ cmn pc, r1, lsl r2") |
| 163 | TEST_UNSUPPORTED(__inst_arm(0xe1a0121f) " @ mov r1, pc, lsl r2") | ||
| 164 | TEST_UNSUPPORTED(__inst_arm(0xe1a0f211) " @ mov pc, r1, lsl r2") | ||
| 165 | TEST_UNSUPPORTED(__inst_arm(0xe042131f) " @ sub r1, r2, pc, lsl r3") | ||
| 166 | TEST_UNSUPPORTED(__inst_arm(0xe1cf1312) " @ bic r1, pc, r2, lsl r3") | ||
| 167 | TEST_UNSUPPORTED(__inst_arm(0xe081f312) " @ add pc, r1, r2, lsl r3") | ||
| 168 | |||
| 169 | /* Data-processing with PC as a target and status registers updated */ | ||
| 168 | TEST_UNSUPPORTED("movs pc, r1") | 170 | TEST_UNSUPPORTED("movs pc, r1") |
| 169 | TEST_UNSUPPORTED("movs pc, r1, lsl r2") | 171 | TEST_UNSUPPORTED("movs pc, r1, lsl r2") |
| 170 | TEST_UNSUPPORTED("movs pc, #0x10000") | 172 | TEST_UNSUPPORTED("movs pc, #0x10000") |
| @@ -187,14 +189,14 @@ void kprobe_arm_test_cases(void) | |||
| 187 | TEST_BF_R ("add pc, pc, r",14,2f-1f-8,"") | 189 | TEST_BF_R ("add pc, pc, r",14,2f-1f-8,"") |
| 188 | TEST_BF_R ("add pc, r",14,2f-1f-8,", pc") | 190 | TEST_BF_R ("add pc, r",14,2f-1f-8,", pc") |
| 189 | TEST_BF_R ("mov pc, r",0,2f,"") | 191 | TEST_BF_R ("mov pc, r",0,2f,"") |
| 190 | TEST_BF_RR("mov pc, r",0,2f,", asl r",1,0,"") | 192 | TEST_BF_R ("add pc, pc, r",14,(2f-1f-8)*2,", asr #1") |
| 191 | TEST_BB( "sub pc, pc, #1b-2b+8") | 193 | TEST_BB( "sub pc, pc, #1b-2b+8") |
| 192 | #if __LINUX_ARM_ARCH__ == 6 && !defined(CONFIG_CPU_V7) | 194 | #if __LINUX_ARM_ARCH__ == 6 && !defined(CONFIG_CPU_V7) |
| 193 | TEST_BB( "sub pc, pc, #1b-2b+8-2") /* UNPREDICTABLE before and after ARMv6 */ | 195 | TEST_BB( "sub pc, pc, #1b-2b+8-2") /* UNPREDICTABLE before and after ARMv6 */ |
| 194 | #endif | 196 | #endif |
| 195 | TEST_BB_R( "sub pc, pc, r",14, 1f-2f+8,"") | 197 | TEST_BB_R( "sub pc, pc, r",14, 1f-2f+8,"") |
| 196 | TEST_BB_R( "rsb pc, r",14,1f-2f+8,", pc") | 198 | TEST_BB_R( "rsb pc, r",14,1f-2f+8,", pc") |
| 197 | TEST_RR( "add pc, pc, r",10,-2,", asl r",11,1,"") | 199 | TEST_R( "add pc, pc, r",10,-2,", asl #1") |
| 198 | #ifdef CONFIG_THUMB2_KERNEL | 200 | #ifdef CONFIG_THUMB2_KERNEL |
| 199 | TEST_ARM_TO_THUMB_INTERWORK_R("add pc, pc, r",0,3f-1f-8+1,"") | 201 | TEST_ARM_TO_THUMB_INTERWORK_R("add pc, pc, r",0,3f-1f-8+1,"") |
| 200 | TEST_ARM_TO_THUMB_INTERWORK_R("sub pc, r",0,3f+8+1,", #8") | 202 | TEST_ARM_TO_THUMB_INTERWORK_R("sub pc, r",0,3f+8+1,", #8") |
diff --git a/arch/arm/kernel/probes-arm.c b/arch/arm/kernel/probes-arm.c index 51a13a027989..8eaef81d8344 100644 --- a/arch/arm/kernel/probes-arm.c +++ b/arch/arm/kernel/probes-arm.c | |||
| @@ -341,12 +341,12 @@ static const union decode_item arm_cccc_000x_table[] = { | |||
| 341 | /* CMP (reg-shift reg) cccc 0001 0101 xxxx xxxx xxxx 0xx1 xxxx */ | 341 | /* CMP (reg-shift reg) cccc 0001 0101 xxxx xxxx xxxx 0xx1 xxxx */ |
| 342 | /* CMN (reg-shift reg) cccc 0001 0111 xxxx xxxx xxxx 0xx1 xxxx */ | 342 | /* CMN (reg-shift reg) cccc 0001 0111 xxxx xxxx xxxx 0xx1 xxxx */ |
| 343 | DECODE_EMULATEX (0x0f900090, 0x01100010, PROBES_DATA_PROCESSING_REG, | 343 | DECODE_EMULATEX (0x0f900090, 0x01100010, PROBES_DATA_PROCESSING_REG, |
| 344 | REGS(ANY, 0, NOPC, 0, ANY)), | 344 | REGS(NOPC, 0, NOPC, 0, NOPC)), |
| 345 | 345 | ||
| 346 | /* MOV (reg-shift reg) cccc 0001 101x xxxx xxxx xxxx 0xx1 xxxx */ | 346 | /* MOV (reg-shift reg) cccc 0001 101x xxxx xxxx xxxx 0xx1 xxxx */ |
| 347 | /* MVN (reg-shift reg) cccc 0001 111x xxxx xxxx xxxx 0xx1 xxxx */ | 347 | /* MVN (reg-shift reg) cccc 0001 111x xxxx xxxx xxxx 0xx1 xxxx */ |
| 348 | DECODE_EMULATEX (0x0fa00090, 0x01a00010, PROBES_DATA_PROCESSING_REG, | 348 | DECODE_EMULATEX (0x0fa00090, 0x01a00010, PROBES_DATA_PROCESSING_REG, |
| 349 | REGS(0, ANY, NOPC, 0, ANY)), | 349 | REGS(0, NOPC, NOPC, 0, NOPC)), |
| 350 | 350 | ||
| 351 | /* AND (reg-shift reg) cccc 0000 000x xxxx xxxx xxxx 0xx1 xxxx */ | 351 | /* AND (reg-shift reg) cccc 0000 000x xxxx xxxx xxxx 0xx1 xxxx */ |
| 352 | /* EOR (reg-shift reg) cccc 0000 001x xxxx xxxx xxxx 0xx1 xxxx */ | 352 | /* EOR (reg-shift reg) cccc 0000 001x xxxx xxxx xxxx 0xx1 xxxx */ |
| @@ -359,7 +359,7 @@ static const union decode_item arm_cccc_000x_table[] = { | |||
| 359 | /* ORR (reg-shift reg) cccc 0001 100x xxxx xxxx xxxx 0xx1 xxxx */ | 359 | /* ORR (reg-shift reg) cccc 0001 100x xxxx xxxx xxxx 0xx1 xxxx */ |
| 360 | /* BIC (reg-shift reg) cccc 0001 110x xxxx xxxx xxxx 0xx1 xxxx */ | 360 | /* BIC (reg-shift reg) cccc 0001 110x xxxx xxxx xxxx 0xx1 xxxx */ |
| 361 | DECODE_EMULATEX (0x0e000090, 0x00000010, PROBES_DATA_PROCESSING_REG, | 361 | DECODE_EMULATEX (0x0e000090, 0x00000010, PROBES_DATA_PROCESSING_REG, |
| 362 | REGS(ANY, ANY, NOPC, 0, ANY)), | 362 | REGS(NOPC, NOPC, NOPC, 0, NOPC)), |
| 363 | 363 | ||
| 364 | DECODE_END | 364 | DECODE_END |
| 365 | }; | 365 | }; |