aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorJon Medhurst <tixy@yxit.co.uk>2011-08-28 11:18:43 -0400
committerJon Medhurst <tixy@yxit.co.uk>2011-09-20 14:17:43 -0400
commita43bc69b39484a448293f2eddc7e98ff15437414 (patch)
tree5c40ccc0517618971a1e9660b6816dbf2b6b096a /arch
parent9eed1797720ae633cf17b03dd804d8744f1d3b5c (diff)
ARM: kprobes: Framework for instruction set test cases
On ARM we have to simulate/emulate CPU instructions in order to singlestep them. This patch adds a framework which can be used to construct test cases for different instruction forms. It is described in detail in the in-source comments of kprobes-test.c Signed-off-by: Jon Medhurst <tixy@yxit.co.uk> Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Diffstat (limited to 'arch')
-rw-r--r--arch/arm/kernel/kprobes-test.c840
-rw-r--r--arch/arm/kernel/kprobes-test.h384
2 files changed, 1224 insertions, 0 deletions
diff --git a/arch/arm/kernel/kprobes-test.c b/arch/arm/kernel/kprobes-test.c
index 9fff0448c320..e22c3f2aff10 100644
--- a/arch/arm/kernel/kprobes-test.c
+++ b/arch/arm/kernel/kprobes-test.c
@@ -8,11 +8,180 @@
8 * published by the Free Software Foundation. 8 * published by the Free Software Foundation.
9 */ 9 */
10 10
11/*
12 * TESTING METHODOLOGY
13 * -------------------
14 *
15 * The methodology used to test an ARM instruction 'test_insn' is to use
16 * inline assembler like:
17 *
18 * test_before: nop
19 * test_case: test_insn
20 * test_after: nop
21 *
22 * When the test case is run a kprobe is placed of each nop. The
23 * post-handler of the test_before probe is used to modify the saved CPU
24 * register context to that which we require for the test case. The
25 * pre-handler of the of the test_after probe saves a copy of the CPU
26 * register context. In this way we can execute test_insn with a specific
27 * register context and see the results afterwards.
28 *
29 * To actually test the kprobes instruction emulation we perform the above
30 * step a second time but with an additional kprobe on the test_case
31 * instruction itself. If the emulation is accurate then the results seen
32 * by the test_after probe will be identical to the first run which didn't
33 * have a probe on test_case.
34 *
35 * Each test case is run several times with a variety of variations in the
36 * flags value of stored in CPSR, and for Thumb code, different ITState.
37 *
38 * For instructions which can modify PC, a second test_after probe is used
39 * like this:
40 *
41 * test_before: nop
42 * test_case: test_insn
43 * test_after: nop
44 * b test_done
45 * test_after2: nop
46 * test_done:
47 *
48 * The test case is constructed such that test_insn branches to
49 * test_after2, or, if testing a conditional instruction, it may just
50 * continue to test_after. The probes inserted at both locations let us
51 * determine which happened. A similar approach is used for testing
52 * backwards branches...
53 *
54 * b test_before
55 * b test_done @ helps to cope with off by 1 branches
56 * test_after2: nop
57 * b test_done
58 * test_before: nop
59 * test_case: test_insn
60 * test_after: nop
61 * test_done:
62 *
63 * The macros used to generate the assembler instructions describe above
64 * are TEST_INSTRUCTION, TEST_BRANCH_F (branch forwards) and TEST_BRANCH_B
65 * (branch backwards). In these, the local variables numbered 1, 50, 2 and
66 * 99 represent: test_before, test_case, test_after2 and test_done.
67 *
68 * FRAMEWORK
69 * ---------
70 *
71 * Each test case is wrapped between the pair of macros TESTCASE_START and
72 * TESTCASE_END. As well as performing the inline assembler boilerplate,
73 * these call out to the kprobes_test_case_start() and
74 * kprobes_test_case_end() functions which drive the execution of the test
75 * case. The specific arguments to use for each test case are stored as
76 * inline data constructed using the various TEST_ARG_* macros. Putting
77 * this all together, a simple test case may look like:
78 *
79 * TESTCASE_START("Testing mov r0, r7")
80 * TEST_ARG_REG(7, 0x12345678) // Set r7=0x12345678
81 * TEST_ARG_END("")
82 * TEST_INSTRUCTION("mov r0, r7")
83 * TESTCASE_END
84 *
85 * Note, in practice the single convenience macro TEST_R would be used for this
86 * instead.
87 *
88 * The above would expand to assembler looking something like:
89 *
90 * @ TESTCASE_START
91 * bl __kprobes_test_case_start
92 * @ start of inline data...
93 * .ascii "mov r0, r7" @ text title for test case
94 * .byte 0
95 * .align 2
96 *
97 * @ TEST_ARG_REG
98 * .byte ARG_TYPE_REG
99 * .byte 7
100 * .short 0
101 * .word 0x1234567
102 *
103 * @ TEST_ARG_END
104 * .byte ARG_TYPE_END
105 * .byte TEST_ISA @ flags, including ISA being tested
106 * .short 50f-0f @ offset of 'test_before'
107 * .short 2f-0f @ offset of 'test_after2' (if relevent)
108 * .short 99f-0f @ offset of 'test_done'
109 * @ start of test case code...
110 * 0:
111 * .code TEST_ISA @ switch to ISA being tested
112 *
113 * @ TEST_INSTRUCTION
114 * 50: nop @ location for 'test_before' probe
115 * 1: mov r0, r7 @ the test case instruction 'test_insn'
116 * nop @ location for 'test_after' probe
117 *
118 * // TESTCASE_END
119 * 2:
120 * 99: bl __kprobes_test_case_end_##TEST_ISA
121 * .code NONMAL_ISA
122 *
123 * When the above is execute the following happens...
124 *
125 * __kprobes_test_case_start() is an assembler wrapper which sets up space
126 * for a stack buffer and calls the C function kprobes_test_case_start().
127 * This C function will do some initial processing of the inline data and
128 * setup some global state. It then inserts the test_before and test_after
129 * kprobes and returns a value which causes the assembler wrapper to jump
130 * to the start of the test case code, (local label '0').
131 *
132 * When the test case code executes, the test_before probe will be hit and
133 * test_before_post_handler will call setup_test_context(). This fills the
134 * stack buffer and CPU registers with a test pattern and then processes
135 * the test case arguments. In our example there is one TEST_ARG_REG which
136 * indicates that R7 should be loaded with the value 0x12345678.
137 *
138 * When the test_before probe ends, the test case continues and executes
139 * the "mov r0, r7" instruction. It then hits the test_after probe and the
140 * pre-handler for this (test_after_pre_handler) will save a copy of the
141 * CPU register context. This should now have R0 holding the same value as
142 * R7.
143 *
144 * Finally we get to the call to __kprobes_test_case_end_{32,16}. This is
145 * an assembler wrapper which switches back to the ISA used by the test
146 * code and calls the C function kprobes_test_case_end().
147 *
148 * For each run through the test case, test_case_run_count is incremented
149 * by one. For even runs, kprobes_test_case_end() saves a copy of the
150 * register and stack buffer contents from the test case just run. It then
151 * inserts a kprobe on the test case instruction 'test_insn' and returns a
152 * value to cause the test case code to be re-run.
153 *
154 * For odd numbered runs, kprobes_test_case_end() compares the register and
155 * stack buffer contents to those that were saved on the previous even
156 * numbered run (the one without the kprobe on test_insn). These should be
157 * the same if the kprobe instruction simulation routine is correct.
158 *
159 * The pair of test case runs is repeated with different combinations of
160 * flag values in CPSR and, for Thumb, different ITState. This is
161 * controlled by test_context_cpsr().
162 *
163 * BUILDING TEST CASES
164 * -------------------
165 *
166 *
167 * As an aid to building test cases, the stack buffer is initialised with
168 * some special values:
169 *
170 * [SP+13*4] Contains SP+120. This can be used to test instructions
171 * which load a value into SP.
172 *
173 * [SP+15*4] When testing branching instructions using TEST_BRANCH_{F,B},
174 * this holds the target address of the branch, 'test_after2'.
175 * This can be used to test instructions which load a PC value
176 * from memory.
177 */
178
11#include <linux/kernel.h> 179#include <linux/kernel.h>
12#include <linux/module.h> 180#include <linux/module.h>
13#include <linux/kprobes.h> 181#include <linux/kprobes.h>
14 182
15#include "kprobes.h" 183#include "kprobes.h"
184#include "kprobes-test.h"
16 185
17 186
18/* 187/*
@@ -274,6 +443,677 @@ static int run_api_tests(long (*func)(long, long))
274 443
275 444
276/* 445/*
446 * Framework for instruction set test cases
447 */
448
449void __naked __kprobes_test_case_start(void)
450{
451 __asm__ __volatile__ (
452 "stmdb sp!, {r4-r11} \n\t"
453 "sub sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t"
454 "bic r0, lr, #1 @ r0 = inline title string \n\t"
455 "mov r1, sp \n\t"
456 "bl kprobes_test_case_start \n\t"
457 "bx r0 \n\t"
458 );
459}
460
461#ifndef CONFIG_THUMB2_KERNEL
462
463void __naked __kprobes_test_case_end_32(void)
464{
465 __asm__ __volatile__ (
466 "mov r4, lr \n\t"
467 "bl kprobes_test_case_end \n\t"
468 "cmp r0, #0 \n\t"
469 "movne pc, r0 \n\t"
470 "mov r0, r4 \n\t"
471 "add sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t"
472 "ldmia sp!, {r4-r11} \n\t"
473 "mov pc, r0 \n\t"
474 );
475}
476
477#else /* CONFIG_THUMB2_KERNEL */
478
479void __naked __kprobes_test_case_end_16(void)
480{
481 __asm__ __volatile__ (
482 "mov r4, lr \n\t"
483 "bl kprobes_test_case_end \n\t"
484 "cmp r0, #0 \n\t"
485 "bxne r0 \n\t"
486 "mov r0, r4 \n\t"
487 "add sp, sp, #"__stringify(TEST_MEMORY_SIZE)"\n\t"
488 "ldmia sp!, {r4-r11} \n\t"
489 "bx r0 \n\t"
490 );
491}
492
493void __naked __kprobes_test_case_end_32(void)
494{
495 __asm__ __volatile__ (
496 ".arm \n\t"
497 "orr lr, lr, #1 @ will return to Thumb code \n\t"
498 "ldr pc, 1f \n\t"
499 "1: \n\t"
500 ".word __kprobes_test_case_end_16 \n\t"
501 );
502}
503
504#endif
505
506
507int kprobe_test_flags;
508int kprobe_test_cc_position;
509
510static int test_try_count;
511static int test_pass_count;
512static int test_fail_count;
513
514static struct pt_regs initial_regs;
515static struct pt_regs expected_regs;
516static struct pt_regs result_regs;
517
518static u32 expected_memory[TEST_MEMORY_SIZE/sizeof(u32)];
519
520static const char *current_title;
521static struct test_arg *current_args;
522static u32 *current_stack;
523static uintptr_t current_branch_target;
524
525static uintptr_t current_code_start;
526static kprobe_opcode_t current_instruction;
527
528
529#define TEST_CASE_PASSED -1
530#define TEST_CASE_FAILED -2
531
532static int test_case_run_count;
533static bool test_case_is_thumb;
534static int test_instance;
535
536/*
537 * We ignore the state of the imprecise abort disable flag (CPSR.A) because this
538 * can change randomly as the kernel doesn't take care to preserve or initialise
539 * this across context switches. Also, with Security Extentions, the flag may
540 * not be under control of the kernel; for this reason we ignore the state of
541 * the FIQ disable flag CPSR.F as well.
542 */
543#define PSR_IGNORE_BITS (PSR_A_BIT | PSR_F_BIT)
544
545static unsigned long test_check_cc(int cc, unsigned long cpsr)
546{
547 unsigned long temp;
548
549 switch (cc) {
550 case 0x0: /* eq */
551 return cpsr & PSR_Z_BIT;
552
553 case 0x1: /* ne */
554 return (~cpsr) & PSR_Z_BIT;
555
556 case 0x2: /* cs */
557 return cpsr & PSR_C_BIT;
558
559 case 0x3: /* cc */
560 return (~cpsr) & PSR_C_BIT;
561
562 case 0x4: /* mi */
563 return cpsr & PSR_N_BIT;
564
565 case 0x5: /* pl */
566 return (~cpsr) & PSR_N_BIT;
567
568 case 0x6: /* vs */
569 return cpsr & PSR_V_BIT;
570
571 case 0x7: /* vc */
572 return (~cpsr) & PSR_V_BIT;
573
574 case 0x8: /* hi */
575 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
576 return cpsr & PSR_C_BIT;
577
578 case 0x9: /* ls */
579 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
580 return (~cpsr) & PSR_C_BIT;
581
582 case 0xa: /* ge */
583 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
584 return (~cpsr) & PSR_N_BIT;
585
586 case 0xb: /* lt */
587 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
588 return cpsr & PSR_N_BIT;
589
590 case 0xc: /* gt */
591 temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
592 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
593 return (~temp) & PSR_N_BIT;
594
595 case 0xd: /* le */
596 temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
597 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
598 return temp & PSR_N_BIT;
599
600 case 0xe: /* al */
601 case 0xf: /* unconditional */
602 return true;
603 }
604 BUG();
605 return false;
606}
607
608static int is_last_scenario;
609static int probe_should_run; /* 0 = no, 1 = yes, -1 = unknown */
610static int memory_needs_checking;
611
612static unsigned long test_context_cpsr(int scenario)
613{
614 unsigned long cpsr;
615
616 probe_should_run = 1;
617
618 /* Default case is that we cycle through 16 combinations of flags */
619 cpsr = (scenario & 0xf) << 28; /* N,Z,C,V flags */
620 cpsr |= (scenario & 0xf) << 16; /* GE flags */
621 cpsr |= (scenario & 0x1) << 27; /* Toggle Q flag */
622
623 if (!test_case_is_thumb) {
624 /* Testing ARM code */
625 probe_should_run = test_check_cc(current_instruction >> 28, cpsr) != 0;
626 if (scenario == 15)
627 is_last_scenario = true;
628
629 } else if (kprobe_test_flags & TEST_FLAG_NO_ITBLOCK) {
630 /* Testing Thumb code without setting ITSTATE */
631 if (kprobe_test_cc_position) {
632 int cc = (current_instruction >> kprobe_test_cc_position) & 0xf;
633 probe_should_run = test_check_cc(cc, cpsr) != 0;
634 }
635
636 if (scenario == 15)
637 is_last_scenario = true;
638
639 } else if (kprobe_test_flags & TEST_FLAG_FULL_ITBLOCK) {
640 /* Testing Thumb code with all combinations of ITSTATE */
641 unsigned x = (scenario >> 4);
642 unsigned cond_base = x % 7; /* ITSTATE<7:5> */
643 unsigned mask = x / 7 + 2; /* ITSTATE<4:0>, bits reversed */
644
645 if (mask > 0x1f) {
646 /* Finish by testing state from instruction 'itt al' */
647 cond_base = 7;
648 mask = 0x4;
649 if ((scenario & 0xf) == 0xf)
650 is_last_scenario = true;
651 }
652
653 cpsr |= cond_base << 13; /* ITSTATE<7:5> */
654 cpsr |= (mask & 0x1) << 12; /* ITSTATE<4> */
655 cpsr |= (mask & 0x2) << 10; /* ITSTATE<3> */
656 cpsr |= (mask & 0x4) << 8; /* ITSTATE<2> */
657 cpsr |= (mask & 0x8) << 23; /* ITSTATE<1> */
658 cpsr |= (mask & 0x10) << 21; /* ITSTATE<0> */
659
660 probe_should_run = test_check_cc((cpsr >> 12) & 0xf, cpsr) != 0;
661
662 } else {
663 /* Testing Thumb code with several combinations of ITSTATE */
664 switch (scenario) {
665 case 16: /* Clear NZCV flags and 'it eq' state (false as Z=0) */
666 cpsr = 0x00000800;
667 probe_should_run = 0;
668 break;
669 case 17: /* Set NZCV flags and 'it vc' state (false as V=1) */
670 cpsr = 0xf0007800;
671 probe_should_run = 0;
672 break;
673 case 18: /* Clear NZCV flags and 'it ls' state (true as C=0) */
674 cpsr = 0x00009800;
675 break;
676 case 19: /* Set NZCV flags and 'it cs' state (true as C=1) */
677 cpsr = 0xf0002800;
678 is_last_scenario = true;
679 break;
680 }
681 }
682
683 return cpsr;
684}
685
686static void setup_test_context(struct pt_regs *regs)
687{
688 int scenario = test_case_run_count>>1;
689 unsigned long val;
690 struct test_arg *args;
691 int i;
692
693 is_last_scenario = false;
694 memory_needs_checking = false;
695
696 /* Initialise test memory on stack */
697 val = (scenario & 1) ? VALM : ~VALM;
698 for (i = 0; i < TEST_MEMORY_SIZE / sizeof(current_stack[0]); ++i)
699 current_stack[i] = val + (i << 8);
700 /* Put target of branch on stack for tests which load PC from memory */
701 if (current_branch_target)
702 current_stack[15] = current_branch_target;
703 /* Put a value for SP on stack for tests which load SP from memory */
704 current_stack[13] = (u32)current_stack + 120;
705
706 /* Initialise register values to their default state */
707 val = (scenario & 2) ? VALR : ~VALR;
708 for (i = 0; i < 13; ++i)
709 regs->uregs[i] = val ^ (i << 8);
710 regs->ARM_lr = val ^ (14 << 8);
711 regs->ARM_cpsr &= ~(APSR_MASK | PSR_IT_MASK);
712 regs->ARM_cpsr |= test_context_cpsr(scenario);
713
714 /* Perform testcase specific register setup */
715 args = current_args;
716 for (; args[0].type != ARG_TYPE_END; ++args)
717 switch (args[0].type) {
718 case ARG_TYPE_REG: {
719 struct test_arg_regptr *arg =
720 (struct test_arg_regptr *)args;
721 regs->uregs[arg->reg] = arg->val;
722 break;
723 }
724 case ARG_TYPE_PTR: {
725 struct test_arg_regptr *arg =
726 (struct test_arg_regptr *)args;
727 regs->uregs[arg->reg] =
728 (unsigned long)current_stack + arg->val;
729 memory_needs_checking = true;
730 break;
731 }
732 case ARG_TYPE_MEM: {
733 struct test_arg_mem *arg = (struct test_arg_mem *)args;
734 current_stack[arg->index] = arg->val;
735 break;
736 }
737 default:
738 break;
739 }
740}
741
742struct test_probe {
743 struct kprobe kprobe;
744 bool registered;
745 int hit;
746};
747
748static void unregister_test_probe(struct test_probe *probe)
749{
750 if (probe->registered) {
751 unregister_kprobe(&probe->kprobe);
752 probe->kprobe.flags = 0; /* Clear disable flag to allow reuse */
753 }
754 probe->registered = false;
755}
756
757static int register_test_probe(struct test_probe *probe)
758{
759 int ret;
760
761 if (probe->registered)
762 BUG();
763
764 ret = register_kprobe(&probe->kprobe);
765 if (ret >= 0) {
766 probe->registered = true;
767 probe->hit = -1;
768 }
769 return ret;
770}
771
772static int __kprobes
773test_before_pre_handler(struct kprobe *p, struct pt_regs *regs)
774{
775 container_of(p, struct test_probe, kprobe)->hit = test_instance;
776 return 0;
777}
778
779static void __kprobes
780test_before_post_handler(struct kprobe *p, struct pt_regs *regs,
781 unsigned long flags)
782{
783 setup_test_context(regs);
784 initial_regs = *regs;
785 initial_regs.ARM_cpsr &= ~PSR_IGNORE_BITS;
786}
787
788static int __kprobes
789test_case_pre_handler(struct kprobe *p, struct pt_regs *regs)
790{
791 container_of(p, struct test_probe, kprobe)->hit = test_instance;
792 return 0;
793}
794
795static int __kprobes
796test_after_pre_handler(struct kprobe *p, struct pt_regs *regs)
797{
798 if (container_of(p, struct test_probe, kprobe)->hit == test_instance)
799 return 0; /* Already run for this test instance */
800
801 result_regs = *regs;
802 result_regs.ARM_cpsr &= ~PSR_IGNORE_BITS;
803
804 /* Undo any changes done to SP by the test case */
805 regs->ARM_sp = (unsigned long)current_stack;
806
807 container_of(p, struct test_probe, kprobe)->hit = test_instance;
808 return 0;
809}
810
811static struct test_probe test_before_probe = {
812 .kprobe.pre_handler = test_before_pre_handler,
813 .kprobe.post_handler = test_before_post_handler,
814};
815
816static struct test_probe test_case_probe = {
817 .kprobe.pre_handler = test_case_pre_handler,
818};
819
820static struct test_probe test_after_probe = {
821 .kprobe.pre_handler = test_after_pre_handler,
822};
823
824static struct test_probe test_after2_probe = {
825 .kprobe.pre_handler = test_after_pre_handler,
826};
827
828static void test_case_cleanup(void)
829{
830 unregister_test_probe(&test_before_probe);
831 unregister_test_probe(&test_case_probe);
832 unregister_test_probe(&test_after_probe);
833 unregister_test_probe(&test_after2_probe);
834}
835
836static void print_registers(struct pt_regs *regs)
837{
838 pr_err("r0 %08lx | r1 %08lx | r2 %08lx | r3 %08lx\n",
839 regs->ARM_r0, regs->ARM_r1, regs->ARM_r2, regs->ARM_r3);
840 pr_err("r4 %08lx | r5 %08lx | r6 %08lx | r7 %08lx\n",
841 regs->ARM_r4, regs->ARM_r5, regs->ARM_r6, regs->ARM_r7);
842 pr_err("r8 %08lx | r9 %08lx | r10 %08lx | r11 %08lx\n",
843 regs->ARM_r8, regs->ARM_r9, regs->ARM_r10, regs->ARM_fp);
844 pr_err("r12 %08lx | sp %08lx | lr %08lx | pc %08lx\n",
845 regs->ARM_ip, regs->ARM_sp, regs->ARM_lr, regs->ARM_pc);
846 pr_err("cpsr %08lx\n", regs->ARM_cpsr);
847}
848
849static void print_memory(u32 *mem, size_t size)
850{
851 int i;
852 for (i = 0; i < size / sizeof(u32); i += 4)
853 pr_err("%08x %08x %08x %08x\n", mem[i], mem[i+1],
854 mem[i+2], mem[i+3]);
855}
856
857static size_t expected_memory_size(u32 *sp)
858{
859 size_t size = sizeof(expected_memory);
860 int offset = (uintptr_t)sp - (uintptr_t)current_stack;
861 if (offset > 0)
862 size -= offset;
863 return size;
864}
865
866static void test_case_failed(const char *message)
867{
868 test_case_cleanup();
869
870 pr_err("FAIL: %s\n", message);
871 pr_err("FAIL: Test %s\n", current_title);
872 pr_err("FAIL: Scenario %d\n", test_case_run_count >> 1);
873}
874
875static unsigned long next_instruction(unsigned long pc)
876{
877#ifdef CONFIG_THUMB2_KERNEL
878 if ((pc & 1) && !is_wide_instruction(*(u16 *)(pc - 1)))
879 return pc + 2;
880 else
881#endif
882 return pc + 4;
883}
884
885static uintptr_t __used kprobes_test_case_start(const char *title, void *stack)
886{
887 struct test_arg *args;
888 struct test_arg_end *end_arg;
889 unsigned long test_code;
890
891 args = (struct test_arg *)PTR_ALIGN(title + strlen(title) + 1, 4);
892
893 current_title = title;
894 current_args = args;
895 current_stack = stack;
896
897 ++test_try_count;
898
899 while (args->type != ARG_TYPE_END)
900 ++args;
901 end_arg = (struct test_arg_end *)args;
902
903 test_code = (unsigned long)(args + 1); /* Code starts after args */
904
905 test_case_is_thumb = end_arg->flags & ARG_FLAG_THUMB;
906 if (test_case_is_thumb)
907 test_code |= 1;
908
909 current_code_start = test_code;
910
911 current_branch_target = 0;
912 if (end_arg->branch_offset != end_arg->end_offset)
913 current_branch_target = test_code + end_arg->branch_offset;
914
915 test_code += end_arg->code_offset;
916 test_before_probe.kprobe.addr = (kprobe_opcode_t *)test_code;
917
918 test_code = next_instruction(test_code);
919 test_case_probe.kprobe.addr = (kprobe_opcode_t *)test_code;
920
921 if (test_case_is_thumb) {
922 u16 *p = (u16 *)(test_code & ~1);
923 current_instruction = p[0];
924 if (is_wide_instruction(current_instruction)) {
925 current_instruction <<= 16;
926 current_instruction |= p[1];
927 }
928 } else {
929 current_instruction = *(u32 *)test_code;
930 }
931
932 if (current_title[0] == '.')
933 verbose("%s\n", current_title);
934 else
935 verbose("%s\t@ %0*x\n", current_title,
936 test_case_is_thumb ? 4 : 8,
937 current_instruction);
938
939 test_code = next_instruction(test_code);
940 test_after_probe.kprobe.addr = (kprobe_opcode_t *)test_code;
941
942 if (kprobe_test_flags & TEST_FLAG_NARROW_INSTR) {
943 if (!test_case_is_thumb ||
944 is_wide_instruction(current_instruction)) {
945 test_case_failed("expected 16-bit instruction");
946 goto fail;
947 }
948 } else {
949 if (test_case_is_thumb &&
950 !is_wide_instruction(current_instruction)) {
951 test_case_failed("expected 32-bit instruction");
952 goto fail;
953 }
954 }
955
956 if (end_arg->flags & ARG_FLAG_UNSUPPORTED) {
957 if (register_test_probe(&test_case_probe) < 0)
958 goto pass;
959 test_case_failed("registered probe for unsupported instruction");
960 goto fail;
961 }
962
963 if (end_arg->flags & ARG_FLAG_SUPPORTED) {
964 if (register_test_probe(&test_case_probe) >= 0)
965 goto pass;
966 test_case_failed("couldn't register probe for supported instruction");
967 goto fail;
968 }
969
970 if (register_test_probe(&test_before_probe) < 0) {
971 test_case_failed("register test_before_probe failed");
972 goto fail;
973 }
974 if (register_test_probe(&test_after_probe) < 0) {
975 test_case_failed("register test_after_probe failed");
976 goto fail;
977 }
978 if (current_branch_target) {
979 test_after2_probe.kprobe.addr =
980 (kprobe_opcode_t *)current_branch_target;
981 if (register_test_probe(&test_after2_probe) < 0) {
982 test_case_failed("register test_after2_probe failed");
983 goto fail;
984 }
985 }
986
987 /* Start first run of test case */
988 test_case_run_count = 0;
989 ++test_instance;
990 return current_code_start;
991pass:
992 test_case_run_count = TEST_CASE_PASSED;
993 return (uintptr_t)test_after_probe.kprobe.addr;
994fail:
995 test_case_run_count = TEST_CASE_FAILED;
996 return (uintptr_t)test_after_probe.kprobe.addr;
997}
998
999static bool check_test_results(void)
1000{
1001 size_t mem_size = 0;
1002 u32 *mem = 0;
1003
1004 if (memcmp(&expected_regs, &result_regs, sizeof(expected_regs))) {
1005 test_case_failed("registers differ");
1006 goto fail;
1007 }
1008
1009 if (memory_needs_checking) {
1010 mem = (u32 *)result_regs.ARM_sp;
1011 mem_size = expected_memory_size(mem);
1012 if (memcmp(expected_memory, mem, mem_size)) {
1013 test_case_failed("test memory differs");
1014 goto fail;
1015 }
1016 }
1017
1018 return true;
1019
1020fail:
1021 pr_err("initial_regs:\n");
1022 print_registers(&initial_regs);
1023 pr_err("expected_regs:\n");
1024 print_registers(&expected_regs);
1025 pr_err("result_regs:\n");
1026 print_registers(&result_regs);
1027
1028 if (mem) {
1029 pr_err("current_stack=%p\n", current_stack);
1030 pr_err("expected_memory:\n");
1031 print_memory(expected_memory, mem_size);
1032 pr_err("result_memory:\n");
1033 print_memory(mem, mem_size);
1034 }
1035
1036 return false;
1037}
1038
1039static uintptr_t __used kprobes_test_case_end(void)
1040{
1041 if (test_case_run_count < 0) {
1042 if (test_case_run_count == TEST_CASE_PASSED)
1043 /* kprobes_test_case_start did all the needed testing */
1044 goto pass;
1045 else
1046 /* kprobes_test_case_start failed */
1047 goto fail;
1048 }
1049
1050 if (test_before_probe.hit != test_instance) {
1051 test_case_failed("test_before_handler not run");
1052 goto fail;
1053 }
1054
1055 if (test_after_probe.hit != test_instance &&
1056 test_after2_probe.hit != test_instance) {
1057 test_case_failed("test_after_handler not run");
1058 goto fail;
1059 }
1060
1061 /*
1062 * Even numbered test runs ran without a probe on the test case so
1063 * we can gather reference results. The subsequent odd numbered run
1064 * will have the probe inserted.
1065 */
1066 if ((test_case_run_count & 1) == 0) {
1067 /* Save results from run without probe */
1068 u32 *mem = (u32 *)result_regs.ARM_sp;
1069 expected_regs = result_regs;
1070 memcpy(expected_memory, mem, expected_memory_size(mem));
1071
1072 /* Insert probe onto test case instruction */
1073 if (register_test_probe(&test_case_probe) < 0) {
1074 test_case_failed("register test_case_probe failed");
1075 goto fail;
1076 }
1077 } else {
1078 /* Check probe ran as expected */
1079 if (probe_should_run == 1) {
1080 if (test_case_probe.hit != test_instance) {
1081 test_case_failed("test_case_handler not run");
1082 goto fail;
1083 }
1084 } else if (probe_should_run == 0) {
1085 if (test_case_probe.hit == test_instance) {
1086 test_case_failed("test_case_handler ran");
1087 goto fail;
1088 }
1089 }
1090
1091 /* Remove probe for any subsequent reference run */
1092 unregister_test_probe(&test_case_probe);
1093
1094 if (!check_test_results())
1095 goto fail;
1096
1097 if (is_last_scenario)
1098 goto pass;
1099 }
1100
1101 /* Do next test run */
1102 ++test_case_run_count;
1103 ++test_instance;
1104 return current_code_start;
1105fail:
1106 ++test_fail_count;
1107 goto end;
1108pass:
1109 ++test_pass_count;
1110end:
1111 test_case_cleanup();
1112 return 0;
1113}
1114
1115
1116/*
277 * Top level test functions 1117 * Top level test functions
278 */ 1118 */
279 1119
diff --git a/arch/arm/kernel/kprobes-test.h b/arch/arm/kernel/kprobes-test.h
new file mode 100644
index 000000000000..50ecc2a36434
--- /dev/null
+++ b/arch/arm/kernel/kprobes-test.h
@@ -0,0 +1,384 @@
1/*
2 * arch/arm/kernel/kprobes-test.h
3 *
4 * Copyright (C) 2011 Jon Medhurst <tixy@yxit.co.uk>.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#define VERBOSE 0 /* Set to '1' for more logging of test cases */
12
13#ifdef CONFIG_THUMB2_KERNEL
14#define NORMAL_ISA "16"
15#else
16#define NORMAL_ISA "32"
17#endif
18
19
20/* Flags used in kprobe_test_flags */
21#define TEST_FLAG_NO_ITBLOCK (1<<0)
22#define TEST_FLAG_FULL_ITBLOCK (1<<1)
23#define TEST_FLAG_NARROW_INSTR (1<<2)
24
25extern int kprobe_test_flags;
26extern int kprobe_test_cc_position;
27
28
29#define TEST_MEMORY_SIZE 256
30
31
32/*
33 * Test case structures.
34 *
35 * The arguments given to test cases can be one of three types.
36 *
37 * ARG_TYPE_REG
38 * Load a register with the given value.
39 *
40 * ARG_TYPE_PTR
41 * Load a register with a pointer into the stack buffer (SP + given value).
42 *
43 * ARG_TYPE_MEM
44 * Store the given value into the stack buffer at [SP+index].
45 *
46 */
47
48#define ARG_TYPE_END 0
49#define ARG_TYPE_REG 1
50#define ARG_TYPE_PTR 2
51#define ARG_TYPE_MEM 3
52
53#define ARG_FLAG_UNSUPPORTED 0x01
54#define ARG_FLAG_SUPPORTED 0x02
55#define ARG_FLAG_THUMB 0x10 /* Must be 16 so TEST_ISA can be used */
56#define ARG_FLAG_ARM 0x20 /* Must be 32 so TEST_ISA can be used */
57
58struct test_arg {
59 u8 type; /* ARG_TYPE_x */
60 u8 _padding[7];
61};
62
63struct test_arg_regptr {
64 u8 type; /* ARG_TYPE_REG or ARG_TYPE_PTR */
65 u8 reg;
66 u8 _padding[2];
67 u32 val;
68};
69
70struct test_arg_mem {
71 u8 type; /* ARG_TYPE_MEM */
72 u8 index;
73 u8 _padding[2];
74 u32 val;
75};
76
77struct test_arg_end {
78 u8 type; /* ARG_TYPE_END */
79 u8 flags; /* ARG_FLAG_x */
80 u16 code_offset;
81 u16 branch_offset;
82 u16 end_offset;
83};
84
85
86/*
87 * Building blocks for test cases.
88 *
89 * Each test case is wrapped between TESTCASE_START and TESTCASE_END.
90 *
91 * To specify arguments for a test case the TEST_ARG_{REG,PTR,MEM} macros are
92 * used followed by a terminating TEST_ARG_END.
93 *
94 * After this, the instruction to be tested is defined with TEST_INSTRUCTION.
95 * Or for branches, TEST_BRANCH_B and TEST_BRANCH_F (branch forwards/backwards).
96 *
97 * Some specific test cases may make use of other custom constructs.
98 */
99
100#if VERBOSE
101#define verbose(fmt, ...) pr_info(fmt, ##__VA_ARGS__)
102#else
103#define verbose(fmt, ...)
104#endif
105
106#define TEST_GROUP(title) \
107 verbose("\n"); \
108 verbose(title"\n"); \
109 verbose("---------------------------------------------------------\n");
110
111#define TESTCASE_START(title) \
112 __asm__ __volatile__ ( \
113 "bl __kprobes_test_case_start \n\t" \
114 /* don't use .asciz here as 'title' may be */ \
115 /* multiple strings to be concatenated. */ \
116 ".ascii "#title" \n\t" \
117 ".byte 0 \n\t" \
118 ".align 2 \n\t"
119
120#define TEST_ARG_REG(reg, val) \
121 ".byte "__stringify(ARG_TYPE_REG)" \n\t" \
122 ".byte "#reg" \n\t" \
123 ".short 0 \n\t" \
124 ".word "#val" \n\t"
125
126#define TEST_ARG_PTR(reg, val) \
127 ".byte "__stringify(ARG_TYPE_PTR)" \n\t" \
128 ".byte "#reg" \n\t" \
129 ".short 0 \n\t" \
130 ".word "#val" \n\t"
131
132#define TEST_ARG_MEM(index, val) \
133 ".byte "__stringify(ARG_TYPE_MEM)" \n\t" \
134 ".byte "#index" \n\t" \
135 ".short 0 \n\t" \
136 ".word "#val" \n\t"
137
138#define TEST_ARG_END(flags) \
139 ".byte "__stringify(ARG_TYPE_END)" \n\t" \
140 ".byte "TEST_ISA flags" \n\t" \
141 ".short 50f-0f \n\t" \
142 ".short 2f-0f \n\t" \
143 ".short 99f-0f \n\t" \
144 ".code "TEST_ISA" \n\t" \
145 "0: \n\t"
146
147#define TEST_INSTRUCTION(instruction) \
148 "50: nop \n\t" \
149 "1: "instruction" \n\t" \
150 " nop \n\t"
151
152#define TEST_BRANCH_F(instruction, xtra_dist) \
153 TEST_INSTRUCTION(instruction) \
154 ".if "#xtra_dist" \n\t" \
155 " b 99f \n\t" \
156 ".space "#xtra_dist" \n\t" \
157 ".endif \n\t" \
158 " b 99f \n\t" \
159 "2: nop \n\t"
160
161#define TEST_BRANCH_B(instruction, xtra_dist) \
162 " b 50f \n\t" \
163 " b 99f \n\t" \
164 "2: nop \n\t" \
165 " b 99f \n\t" \
166 ".if "#xtra_dist" \n\t" \
167 ".space "#xtra_dist" \n\t" \
168 ".endif \n\t" \
169 TEST_INSTRUCTION(instruction)
170
171#define TESTCASE_END \
172 "2: \n\t" \
173 "99: \n\t" \
174 " bl __kprobes_test_case_end_"TEST_ISA" \n\t" \
175 ".code "NORMAL_ISA" \n\t" \
176 : : \
177 : "r0", "r1", "r2", "r3", "ip", "lr", "memory", "cc" \
178 );
179
180
181/*
182 * Macros to define test cases.
183 *
184 * Those of the form TEST_{R,P,M}* can be used to define test cases
185 * which take combinations of the three basic types of arguments. E.g.
186 *
187 * TEST_R One register argument
188 * TEST_RR Two register arguments
189 * TEST_RPR A register, a pointer, then a register argument
190 *
191 * For testing instructions which may branch, there are macros TEST_BF_*
192 * and TEST_BB_* for branching forwards and backwards.
193 *
194 * TEST_SUPPORTED and TEST_UNSUPPORTED don't cause the code to be executed,
195 * the just verify that a kprobe is or is not allowed on the given instruction.
196 */
197
198#define TEST(code) \
199 TESTCASE_START(code) \
200 TEST_ARG_END("") \
201 TEST_INSTRUCTION(code) \
202 TESTCASE_END
203
204#define TEST_UNSUPPORTED(code) \
205 TESTCASE_START(code) \
206 TEST_ARG_END("|"__stringify(ARG_FLAG_UNSUPPORTED)) \
207 TEST_INSTRUCTION(code) \
208 TESTCASE_END
209
210#define TEST_SUPPORTED(code) \
211 TESTCASE_START(code) \
212 TEST_ARG_END("|"__stringify(ARG_FLAG_SUPPORTED)) \
213 TEST_INSTRUCTION(code) \
214 TESTCASE_END
215
216#define TEST_R(code1, reg, val, code2) \
217 TESTCASE_START(code1 #reg code2) \
218 TEST_ARG_REG(reg, val) \
219 TEST_ARG_END("") \
220 TEST_INSTRUCTION(code1 #reg code2) \
221 TESTCASE_END
222
223#define TEST_RR(code1, reg1, val1, code2, reg2, val2, code3) \
224 TESTCASE_START(code1 #reg1 code2 #reg2 code3) \
225 TEST_ARG_REG(reg1, val1) \
226 TEST_ARG_REG(reg2, val2) \
227 TEST_ARG_END("") \
228 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3) \
229 TESTCASE_END
230
231#define TEST_RRR(code1, reg1, val1, code2, reg2, val2, code3, reg3, val3, code4)\
232 TESTCASE_START(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
233 TEST_ARG_REG(reg1, val1) \
234 TEST_ARG_REG(reg2, val2) \
235 TEST_ARG_REG(reg3, val3) \
236 TEST_ARG_END("") \
237 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
238 TESTCASE_END
239
240#define TEST_RRRR(code1, reg1, val1, code2, reg2, val2, code3, reg3, val3, code4, reg4, val4) \
241 TESTCASE_START(code1 #reg1 code2 #reg2 code3 #reg3 code4 #reg4) \
242 TEST_ARG_REG(reg1, val1) \
243 TEST_ARG_REG(reg2, val2) \
244 TEST_ARG_REG(reg3, val3) \
245 TEST_ARG_REG(reg4, val4) \
246 TEST_ARG_END("") \
247 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3 #reg3 code4 #reg4) \
248 TESTCASE_END
249
250#define TEST_P(code1, reg1, val1, code2) \
251 TESTCASE_START(code1 #reg1 code2) \
252 TEST_ARG_PTR(reg1, val1) \
253 TEST_ARG_END("") \
254 TEST_INSTRUCTION(code1 #reg1 code2) \
255 TESTCASE_END
256
257#define TEST_PR(code1, reg1, val1, code2, reg2, val2, code3) \
258 TESTCASE_START(code1 #reg1 code2 #reg2 code3) \
259 TEST_ARG_PTR(reg1, val1) \
260 TEST_ARG_REG(reg2, val2) \
261 TEST_ARG_END("") \
262 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3) \
263 TESTCASE_END
264
265#define TEST_RP(code1, reg1, val1, code2, reg2, val2, code3) \
266 TESTCASE_START(code1 #reg1 code2 #reg2 code3) \
267 TEST_ARG_REG(reg1, val1) \
268 TEST_ARG_PTR(reg2, val2) \
269 TEST_ARG_END("") \
270 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3) \
271 TESTCASE_END
272
273#define TEST_PRR(code1, reg1, val1, code2, reg2, val2, code3, reg3, val3, code4)\
274 TESTCASE_START(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
275 TEST_ARG_PTR(reg1, val1) \
276 TEST_ARG_REG(reg2, val2) \
277 TEST_ARG_REG(reg3, val3) \
278 TEST_ARG_END("") \
279 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
280 TESTCASE_END
281
282#define TEST_RPR(code1, reg1, val1, code2, reg2, val2, code3, reg3, val3, code4)\
283 TESTCASE_START(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
284 TEST_ARG_REG(reg1, val1) \
285 TEST_ARG_PTR(reg2, val2) \
286 TEST_ARG_REG(reg3, val3) \
287 TEST_ARG_END("") \
288 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
289 TESTCASE_END
290
291#define TEST_RRP(code1, reg1, val1, code2, reg2, val2, code3, reg3, val3, code4)\
292 TESTCASE_START(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
293 TEST_ARG_REG(reg1, val1) \
294 TEST_ARG_REG(reg2, val2) \
295 TEST_ARG_PTR(reg3, val3) \
296 TEST_ARG_END("") \
297 TEST_INSTRUCTION(code1 #reg1 code2 #reg2 code3 #reg3 code4) \
298 TESTCASE_END
299
300#define TEST_BF_P(code1, reg1, val1, code2) \
301 TESTCASE_START(code1 #reg1 code2) \
302 TEST_ARG_PTR(reg1, val1) \
303 TEST_ARG_END("") \
304 TEST_BRANCH_F(code1 #reg1 code2, 0) \
305 TESTCASE_END
306
307#define TEST_BF_X(code, xtra_dist) \
308 TESTCASE_START(code) \
309 TEST_ARG_END("") \
310 TEST_BRANCH_F(code, xtra_dist) \
311 TESTCASE_END
312
313#define TEST_BB_X(code, xtra_dist) \
314 TESTCASE_START(code) \
315 TEST_ARG_END("") \
316 TEST_BRANCH_B(code, xtra_dist) \
317 TESTCASE_END
318
319#define TEST_BF_RX(code1, reg, val, code2, xtra_dist) \
320 TESTCASE_START(code1 #reg code2) \
321 TEST_ARG_REG(reg, val) \
322 TEST_ARG_END("") \
323 TEST_BRANCH_F(code1 #reg code2, xtra_dist) \
324 TESTCASE_END
325
326#define TEST_BB_RX(code1, reg, val, code2, xtra_dist) \
327 TESTCASE_START(code1 #reg code2) \
328 TEST_ARG_REG(reg, val) \
329 TEST_ARG_END("") \
330 TEST_BRANCH_B(code1 #reg code2, xtra_dist) \
331 TESTCASE_END
332
333#define TEST_BF(code) TEST_BF_X(code, 0)
334#define TEST_BB(code) TEST_BB_X(code, 0)
335
336#define TEST_BF_R(code1, reg, val, code2) TEST_BF_RX(code1, reg, val, code2, 0)
337#define TEST_BB_R(code1, reg, val, code2) TEST_BB_RX(code1, reg, val, code2, 0)
338
339#define TEST_BF_RR(code1, reg1, val1, code2, reg2, val2, code3) \
340 TESTCASE_START(code1 #reg1 code2 #reg2 code3) \
341 TEST_ARG_REG(reg1, val1) \
342 TEST_ARG_REG(reg2, val2) \
343 TEST_ARG_END("") \
344 TEST_BRANCH_F(code1 #reg1 code2 #reg2 code3, 0) \
345 TESTCASE_END
346
347#define TEST_X(code, codex) \
348 TESTCASE_START(code) \
349 TEST_ARG_END("") \
350 TEST_INSTRUCTION(code) \
351 " b 99f \n\t" \
352 " "codex" \n\t" \
353 TESTCASE_END
354
355#define TEST_RX(code1, reg, val, code2, codex) \
356 TESTCASE_START(code1 #reg code2) \
357 TEST_ARG_REG(reg, val) \
358 TEST_ARG_END("") \
359 TEST_INSTRUCTION(code1 __stringify(reg) code2) \
360 " b 99f \n\t" \
361 " "codex" \n\t" \
362 TESTCASE_END
363
364#define TEST_RRX(code1, reg1, val1, code2, reg2, val2, code3, codex) \
365 TESTCASE_START(code1 #reg1 code2 #reg2 code3) \
366 TEST_ARG_REG(reg1, val1) \
367 TEST_ARG_REG(reg2, val2) \
368 TEST_ARG_END("") \
369 TEST_INSTRUCTION(code1 __stringify(reg1) code2 __stringify(reg2) code3) \
370 " b 99f \n\t" \
371 " "codex" \n\t" \
372 TESTCASE_END
373
374
375/* Various values used in test cases... */
376#define N(val) (val ^ 0xffffffff)
377#define VAL1 0x12345678
378#define VAL2 N(VAL1)
379#define VAL3 0xa5f801
380#define VAL4 N(VAL3)
381#define VALM 0x456789ab
382#define VALR 0xdeaddead
383#define HH1 0x0123fecb
384#define HH2 0xa9874567
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-25 02:39:16 -0400