1 files changed, 447 insertions, 0 deletions
diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c
new file mode 100644
index 000000000000..a22a98c43ca5
--- /dev/null
+++ b/arch/arm/kernel/kprobes.c
@@ -0,0 +1,447 @@
+/*
+ * arch/arm/kernel/kprobes.c
+ *
+ * Kprobes on ARM
+ *
+ * Abhishek Sagar <sagar.abhishek@gmail.com>
+ * Copyright (C) 2006, 2007 Motorola Inc.
+ *
+ * Nicolas Pitre <nico@marvell.com>
+ * Copyright (C) 2007 Marvell Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ */
+#include <linux/kernel.h>
+#include <linux/kprobes.h>
+#include <linux/module.h>
+#include <linux/stringify.h>
+#include <asm/traps.h>
+#include <asm/cacheflush.h>
+#define MIN_STACK_SIZE(addr)                            \
+        min((unsigned long)MAX_STACK_SIZE,              \
+            (unsigned long)current_thread_info() + THREAD_START_SP - (addr))
+#define flush_insns(addr, cnt)                          \
+        flush_icache_range((unsigned long)(addr),       \
+                           (unsigned long)(addr) +      \
+                           sizeof(kprobe_opcode_t) * (cnt))
+/* Used as a marker in ARM_pc to note when we're in a jprobe. */
+#define JPROBE_MAGIC_ADDR               0xffffffff
+DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
+DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
+int __kprobes arch_prepare_kprobe(struct kprobe *p)
+{
+        kprobe_opcode_t insn;
+        kprobe_opcode_t tmp_insn[MAX_INSN_SIZE];
+        unsigned long addr = (unsigned long)p->addr;
+        int is;
+        if (addr & 0x3 || in_exception_text(addr))
+                return -EINVAL;
+        insn = *p->addr;
+        p->opcode = insn;
+        p->ainsn.insn = tmp_insn;
+        switch (arm_kprobe_decode_insn(insn, &p->ainsn)) {
+        case INSN_REJECTED:     /* not supported */
+                return -EINVAL;
+        case INSN_GOOD:         /* instruction uses slot */
+                p->ainsn.insn = get_insn_slot();
+                if (!p->ainsn.insn)
+                        return -ENOMEM;
+                for (is = 0; is < MAX_INSN_SIZE; ++is)
+                        p->ainsn.insn[is] = tmp_insn[is];
+                flush_insns(&p->ainsn.insn, MAX_INSN_SIZE);
+                break;
+        case INSN_GOOD_NO_SLOT: /* instruction doesn't need insn slot */
+                p->ainsn.insn = NULL;
+                break;
+        }
+        return 0;
+}
+void __kprobes arch_arm_kprobe(struct kprobe *p)
+{
+        *p->addr = KPROBE_BREAKPOINT_INSTRUCTION;
+        flush_insns(p->addr, 1);
+}
+void __kprobes arch_disarm_kprobe(struct kprobe *p)
+{
+        *p->addr = p->opcode;
+        flush_insns(p->addr, 1);
+}
+void __kprobes arch_remove_kprobe(struct kprobe *p)
+{
+        if (p->ainsn.insn) {
+                mutex_lock(&kprobe_mutex);
+                free_insn_slot(p->ainsn.insn, 0);
+                mutex_unlock(&kprobe_mutex);
+                p->ainsn.insn = NULL;
+        }
+}
+static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
+{
+        kcb->prev_kprobe.kp = kprobe_running();
+        kcb->prev_kprobe.status = kcb->kprobe_status;
+}
+static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
+{
+        __get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
+        kcb->kprobe_status = kcb->prev_kprobe.status;
+}
+static void __kprobes set_current_kprobe(struct kprobe *p)
+{
+        __get_cpu_var(current_kprobe) = p;
+}
+static void __kprobes singlestep(struct kprobe *p, struct pt_regs *regs,
+                                 struct kprobe_ctlblk *kcb)
+{
+        regs->ARM_pc += 4;
+        p->ainsn.insn_handler(p, regs);
+}
+/*
+ * Called with IRQs disabled. IRQs must remain disabled from that point
+ * all the way until processing this kprobe is complete.  The current
+ * kprobes implementation cannot process more than one nested level of
+ * kprobe, and that level is reserved for user kprobe handlers, so we can't
+ * risk encountering a new kprobe in an interrupt handler.
+ */
+void __kprobes kprobe_handler(struct pt_regs *regs)
+{
+        struct kprobe *p, *cur;
+        struct kprobe_ctlblk *kcb;
+        kprobe_opcode_t *addr = (kprobe_opcode_t *)regs->ARM_pc;
+        kcb = get_kprobe_ctlblk();
+        cur = kprobe_running();
+        p = get_kprobe(addr);
+        if (p) {
+                if (cur) {
+                        /* Kprobe is pending, so we're recursing. */
+                        switch (kcb->kprobe_status) {
+                        case KPROBE_HIT_ACTIVE:
+                        case KPROBE_HIT_SSDONE:
+                                /* A pre- or post-handler probe got us here. */
+                                kprobes_inc_nmissed_count(p);
+                                save_previous_kprobe(kcb);
+                                set_current_kprobe(p);
+                                kcb->kprobe_status = KPROBE_REENTER;
+                                singlestep(p, regs, kcb);
+                                restore_previous_kprobe(kcb);
+                                break;
+                        default:
+                                /* impossible cases */
+                                BUG();
+                        }
+                } else {
+                        set_current_kprobe(p);
+                        kcb->kprobe_status = KPROBE_HIT_ACTIVE;
+                        /*
+                         * If we have no pre-handler or it returned 0, we
+                         * continue with normal processing.  If we have a
+                         * pre-handler and it returned non-zero, it prepped
+                         * for calling the break_handler below on re-entry,
+                         * so get out doing nothing more here.
+                         */
+                        if (!p->pre_handler || !p->pre_handler(p, regs)) {
+                                kcb->kprobe_status = KPROBE_HIT_SS;
+                                singlestep(p, regs, kcb);
+                                if (p->post_handler) {
+                                        kcb->kprobe_status = KPROBE_HIT_SSDONE;
+                                        p->post_handler(p, regs, 0);
+                                }
+                                reset_current_kprobe();
+                        }
+                }
+        } else if (cur) {
+                /* We probably hit a jprobe.  Call its break handler. */
+                if (cur->break_handler && cur->break_handler(cur, regs)) {
+                        kcb->kprobe_status = KPROBE_HIT_SS;
+                        singlestep(cur, regs, kcb);
+                        if (cur->post_handler) {
+                                kcb->kprobe_status = KPROBE_HIT_SSDONE;
+                                cur->post_handler(cur, regs, 0);
+                        }
+                }
+                reset_current_kprobe();
+        } else {
+                /*
+                 * The probe was removed and a race is in progress.
+                 * There is nothing we can do about it.  Let's restart
+                 * the instruction.  By the time we can restart, the
+                 * real instruction will be there.
+                 */
+        }
+}
+int kprobe_trap_handler(struct pt_regs *regs, unsigned int instr)
+{
+        kprobe_handler(regs);
+        return 0;
+}
+int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int fsr)
+{
+        struct kprobe *cur = kprobe_running();
+        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+        switch (kcb->kprobe_status) {
+        case KPROBE_HIT_SS:
+        case KPROBE_REENTER:
+                /*
+                 * We are here because the instruction being single
+                 * stepped caused a page fault. We reset the current
+                 * kprobe and the PC to point back to the probe address
+                 * and allow the page fault handler to continue as a
+                 * normal page fault.
+                 */
+                regs->ARM_pc = (long)cur->addr;
+                if (kcb->kprobe_status == KPROBE_REENTER) {
+                        restore_previous_kprobe(kcb);
+                } else {
+                        reset_current_kprobe();
+                }
+                break;
+        case KPROBE_HIT_ACTIVE:
+        case KPROBE_HIT_SSDONE:
+                /*
+                 * We increment the nmissed count for accounting,
+                 * we can also use npre/npostfault count for accounting
+                 * these specific fault cases.
+                 */
+                kprobes_inc_nmissed_count(cur);
+                /*
+                 * We come here because instructions in the pre/post
+                 * handler caused the page_fault, this could happen
+                 * if handler tries to access user space by
+                 * copy_from_user(), get_user() etc. Let the
+                 * user-specified handler try to fix it.
+                 */
+                if (cur->fault_handler && cur->fault_handler(cur, regs, fsr))
+                        return 1;
+                break;
+        default:
+                break;
+        }
+        return 0;
+}
+int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
+                                       unsigned long val, void *data)
+{
+        /*
+         * notify_die() is currently never called on ARM,
+         * so this callback is currently empty.
+         */
+        return NOTIFY_DONE;
+}
+/*
+ * When a retprobed function returns, trampoline_handler() is called,
+ * calling the kretprobe's handler. We construct a struct pt_regs to
+ * give a view of registers r0-r11 to the user return-handler.  This is
+ * not a complete pt_regs structure, but that should be plenty sufficient
+ * for kretprobe handlers which should normally be interested in r0 only
+ * anyway.
+ */
+static void __attribute__((naked)) __kprobes kretprobe_trampoline(void)
+{
+        __asm__ __volatile__ (
+                "stmdb  sp!, {r0 - r11}         \n\t"
+                "mov    r0, sp                  \n\t"
+                "bl     trampoline_handler      \n\t"
+                "mov    lr, r0                  \n\t"
+                "ldmia  sp!, {r0 - r11}         \n\t"
+                "mov    pc, lr                  \n\t"
+                : : : "memory");
+}
+/* Called from kretprobe_trampoline */
+static __used __kprobes void *trampoline_handler(struct pt_regs *regs)
+{
+        struct kretprobe_instance *ri = NULL;
+        struct hlist_head *head, empty_rp;
+        struct hlist_node *node, *tmp;
+        unsigned long flags, orig_ret_address = 0;
+        unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
+        INIT_HLIST_HEAD(&empty_rp);
+        spin_lock_irqsave(&kretprobe_lock, flags);
+        head = kretprobe_inst_table_head(current);
+        /*
+         * It is possible to have multiple instances associated with a given
+         * task either because multiple functions in the call path have
+         * a return probe installed on them, and/or more than one return
+         * probe was registered for a target function.
+         *
+         * We can handle this because:
+         *     - instances are always inserted at the head of the list
+         *     - when multiple return probes are registered for the same
+         *       function, the first instance's ret_addr will point to the
+         *       real return address, and all the rest will point to
+         *       kretprobe_trampoline
+         */
+        hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
+                if (ri->task != current)
+                        /* another task is sharing our hash bucket */
+                        continue;
+                if (ri->rp && ri->rp->handler) {
+                        __get_cpu_var(current_kprobe) = &ri->rp->kp;
+                        get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE;
+                        ri->rp->handler(ri, regs);
+                        __get_cpu_var(current_kprobe) = NULL;
+                }
+                orig_ret_address = (unsigned long)ri->ret_addr;
+                recycle_rp_inst(ri, &empty_rp);
+                if (orig_ret_address != trampoline_address)
+                        /*
+                         * This is the real return address. Any other
+                         * instances associated with this task are for
+                         * other calls deeper on the call stack
+                         */
+                        break;
+        }
+        kretprobe_assert(ri, orig_ret_address, trampoline_address);
+        spin_unlock_irqrestore(&kretprobe_lock, flags);
+        hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
+                hlist_del(&ri->hlist);
+                kfree(ri);
+        }
+        return (void *)orig_ret_address;
+}
+/* Called with kretprobe_lock held. */
+void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
+                                      struct pt_regs *regs)
+{
+        ri->ret_addr = (kprobe_opcode_t *)regs->ARM_lr;
+        /* Replace the return addr with trampoline addr. */
+        regs->ARM_lr = (unsigned long)&kretprobe_trampoline;
+}
+int __kprobes setjmp_pre_handler(struct kprobe *p, struct pt_regs *regs)
+{
+        struct jprobe *jp = container_of(p, struct jprobe, kp);
+        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+        long sp_addr = regs->ARM_sp;
+        kcb->jprobe_saved_regs = *regs;
+        memcpy(kcb->jprobes_stack, (void *)sp_addr, MIN_STACK_SIZE(sp_addr));
+        regs->ARM_pc = (long)jp->entry;
+        regs->ARM_cpsr |= PSR_I_BIT;
+        preempt_disable();
+        return 1;
+}
+void __kprobes jprobe_return(void)
+{
+        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+        __asm__ __volatile__ (
+                /*
+                 * Setup an empty pt_regs. Fill SP and PC fields as
+                 * they're needed by longjmp_break_handler.
+                 */
+                "sub    sp, %0, %1              \n\t"
+                "ldr    r0, ="__stringify(JPROBE_MAGIC_ADDR)"\n\t"
+                "str    %0, [sp, %2]            \n\t"
+                "str    r0, [sp, %3]            \n\t"
+                "mov    r0, sp                  \n\t"
+                "bl     kprobe_handler          \n\t"
+                /*
+                 * Return to the context saved by setjmp_pre_handler
+                 * and restored by longjmp_break_handler.
+                 */
+                "ldr    r0, [sp, %4]            \n\t"
+                "msr    cpsr_cxsf, r0           \n\t"
+                "ldmia  sp, {r0 - pc}           \n\t"
+                :
+                : "r" (kcb->jprobe_saved_regs.ARM_sp),
+                  "I" (sizeof(struct pt_regs)),
+                  "J" (offsetof(struct pt_regs, ARM_sp)),
+                  "J" (offsetof(struct pt_regs, ARM_pc)),
+                  "J" (offsetof(struct pt_regs, ARM_cpsr))
+                : "memory", "cc");
+}
+int __kprobes longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
+{
+        struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
+        long stack_addr = kcb->jprobe_saved_regs.ARM_sp;
+        long orig_sp = regs->ARM_sp;
+        struct jprobe *jp = container_of(p, struct jprobe, kp);
+        if (regs->ARM_pc == JPROBE_MAGIC_ADDR) {
+                if (orig_sp != stack_addr) {
+                        struct pt_regs *saved_regs =
+                                (struct pt_regs *)kcb->jprobe_saved_regs.ARM_sp;
+                        printk("current sp %lx does not match saved sp %lx\n",
+                               orig_sp, stack_addr);
+                        printk("Saved registers for jprobe %p\n", jp);
+                        show_regs(saved_regs);
+                        printk("Current registers\n");
+                        show_regs(regs);
+                        BUG();
+                }
+                *regs = kcb->jprobe_saved_regs;
+                memcpy((void *)stack_addr, kcb->jprobes_stack,
+                       MIN_STACK_SIZE(stack_addr));
+                preempt_enable_no_resched();
+                return 1;
+        }
+        return 0;
+}
+static struct undef_hook kprobes_break_hook = {
+        .instr_mask     = 0xffffffff,
+        .instr_val      = KPROBE_BREAKPOINT_INSTRUCTION,
+        .cpsr_mask      = MODE_MASK,
+        .cpsr_val       = SVC_MODE,
+        .fn             = kprobe_trap_handler,
+};
+int __init arch_init_kprobes()
+{
+        arm_kprobe_decode_init();
+        register_undef_hook(&kprobes_break_hook);
+        return 0;
+}

diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c new file mode 100644 index 000000000000..a22a98c43ca5 --- /dev/null +++ b/arch/arm/kernel/kprobes.c
@@ -0,0 +1,447 @@
	1	/*
	2	* arch/arm/kernel/kprobes.c
	3	*
	4	* Kprobes on ARM
	5	*
	6	* Abhishek Sagar <sagar.abhishek@gmail.com>
	7	* Copyright (C) 2006, 2007 Motorola Inc.
	8	*
	9	* Nicolas Pitre <nico@marvell.com>
	10	* Copyright (C) 2007 Marvell Ltd.
	11	*
	12	* This program is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU General Public License version 2 as
	14	* published by the Free Software Foundation.
	15	*
	16	* This program is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	19	* General Public License for more details.
	20	*/
	21
	22	#include <linux/kernel.h>
	23	#include <linux/kprobes.h>
	24	#include <linux/module.h>
	25	#include <linux/stringify.h>
	26	#include <asm/traps.h>
	27	#include <asm/cacheflush.h>
	28
	29	#define MIN_STACK_SIZE(addr) \
	30	min((unsigned long)MAX_STACK_SIZE, \
	31	(unsigned long)current_thread_info() + THREAD_START_SP - (addr))
	32
	33	#define flush_insns(addr, cnt) \
	34	flush_icache_range((unsigned long)(addr), \
	35	(unsigned long)(addr) + \
	36	sizeof(kprobe_opcode_t) * (cnt))
	37
	38	/* Used as a marker in ARM_pc to note when we're in a jprobe. */
	39	#define JPROBE_MAGIC_ADDR 0xffffffff
	40
	41	DEFINE_PER_CPU(struct kprobe *, current_kprobe) = NULL;
	42	DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk);
	43
	44
	45	int __kprobes arch_prepare_kprobe(struct kprobe *p)
	46	{
	47	kprobe_opcode_t insn;
	48	kprobe_opcode_t tmp_insn[MAX_INSN_SIZE];
	49	unsigned long addr = (unsigned long)p->addr;
	50	int is;
	51
	52	if (addr & 0x3 \|\| in_exception_text(addr))
	53	return -EINVAL;
	54
	55	insn = *p->addr;
	56	p->opcode = insn;
	57	p->ainsn.insn = tmp_insn;
	58
	59	switch (arm_kprobe_decode_insn(insn, &p->ainsn)) {
	60	case INSN_REJECTED: /* not supported */
	61	return -EINVAL;
	62
	63	case INSN_GOOD: /* instruction uses slot */
	64	p->ainsn.insn = get_insn_slot();
	65	if (!p->ainsn.insn)
	66	return -ENOMEM;
	67	for (is = 0; is < MAX_INSN_SIZE; ++is)
	68	p->ainsn.insn[is] = tmp_insn[is];
	69	flush_insns(&p->ainsn.insn, MAX_INSN_SIZE);
	70	break;
	71
	72	case INSN_GOOD_NO_SLOT: /* instruction doesn't need insn slot */
	73	p->ainsn.insn = NULL;
	74	break;
	75	}
	76
	77	return 0;
	78	}
	79
	80	void __kprobes arch_arm_kprobe(struct kprobe *p)
	81	{
	82	*p->addr = KPROBE_BREAKPOINT_INSTRUCTION;
	83	flush_insns(p->addr, 1);
	84	}
	85
	86	void __kprobes arch_disarm_kprobe(struct kprobe *p)
	87	{
	88	*p->addr = p->opcode;
	89	flush_insns(p->addr, 1);
	90	}
	91
	92	void __kprobes arch_remove_kprobe(struct kprobe *p)
	93	{
	94	if (p->ainsn.insn) {
	95	mutex_lock(&kprobe_mutex);
	96	free_insn_slot(p->ainsn.insn, 0);
	97	mutex_unlock(&kprobe_mutex);
	98	p->ainsn.insn = NULL;
	99	}
	100	}
	101
	102	static void __kprobes save_previous_kprobe(struct kprobe_ctlblk *kcb)
	103	{
	104	kcb->prev_kprobe.kp = kprobe_running();
	105	kcb->prev_kprobe.status = kcb->kprobe_status;
	106	}
	107
	108	static void __kprobes restore_previous_kprobe(struct kprobe_ctlblk *kcb)
	109	{
	110	__get_cpu_var(current_kprobe) = kcb->prev_kprobe.kp;
	111	kcb->kprobe_status = kcb->prev_kprobe.status;
	112	}
	113
	114	static void __kprobes set_current_kprobe(struct kprobe *p)
	115	{
	116	__get_cpu_var(current_kprobe) = p;
	117	}
	118
	119	static void __kprobes singlestep(struct kprobe p, struct pt_regs regs,
	120	struct kprobe_ctlblk *kcb)
	121	{
	122	regs->ARM_pc += 4;
	123	p->ainsn.insn_handler(p, regs);
	124	}
	125
	126	/*
	127	* Called with IRQs disabled. IRQs must remain disabled from that point
	128	* all the way until processing this kprobe is complete. The current
	129	* kprobes implementation cannot process more than one nested level of
	130	* kprobe, and that level is reserved for user kprobe handlers, so we can't
	131	* risk encountering a new kprobe in an interrupt handler.
	132	*/
	133	void __kprobes kprobe_handler(struct pt_regs *regs)
	134	{
	135	struct kprobe p, cur;
	136	struct kprobe_ctlblk *kcb;
	137	kprobe_opcode_t addr = (kprobe_opcode_t )regs->ARM_pc;
	138
	139	kcb = get_kprobe_ctlblk();
	140	cur = kprobe_running();
	141	p = get_kprobe(addr);
	142
	143	if (p) {
	144	if (cur) {
	145	/* Kprobe is pending, so we're recursing. */
	146	switch (kcb->kprobe_status) {
	147	case KPROBE_HIT_ACTIVE:
	148	case KPROBE_HIT_SSDONE:
	149	/* A pre- or post-handler probe got us here. */
	150	kprobes_inc_nmissed_count(p);
	151	save_previous_kprobe(kcb);
	152	set_current_kprobe(p);
	153	kcb->kprobe_status = KPROBE_REENTER;
	154	singlestep(p, regs, kcb);
	155	restore_previous_kprobe(kcb);
	156	break;
	157	default:
	158	/* impossible cases */
	159	BUG();
	160	}
	161	} else {
	162	set_current_kprobe(p);
	163	kcb->kprobe_status = KPROBE_HIT_ACTIVE;
	164
	165	/*
	166	* If we have no pre-handler or it returned 0, we
	167	* continue with normal processing. If we have a
	168	* pre-handler and it returned non-zero, it prepped
	169	* for calling the break_handler below on re-entry,
	170	* so get out doing nothing more here.
	171	*/
	172	if (!p->pre_handler \|\| !p->pre_handler(p, regs)) {
	173	kcb->kprobe_status = KPROBE_HIT_SS;
	174	singlestep(p, regs, kcb);
	175	if (p->post_handler) {
	176	kcb->kprobe_status = KPROBE_HIT_SSDONE;
	177	p->post_handler(p, regs, 0);
	178	}
	179	reset_current_kprobe();
	180	}
	181	}
	182	} else if (cur) {
	183	/* We probably hit a jprobe. Call its break handler. */
	184	if (cur->break_handler && cur->break_handler(cur, regs)) {
	185	kcb->kprobe_status = KPROBE_HIT_SS;
	186	singlestep(cur, regs, kcb);
	187	if (cur->post_handler) {
	188	kcb->kprobe_status = KPROBE_HIT_SSDONE;
	189	cur->post_handler(cur, regs, 0);
	190	}
	191	}
	192	reset_current_kprobe();
	193	} else {
	194	/*
	195	* The probe was removed and a race is in progress.
	196	* There is nothing we can do about it. Let's restart
	197	* the instruction. By the time we can restart, the
	198	* real instruction will be there.
	199	*/
	200	}
	201	}
	202
	203	int kprobe_trap_handler(struct pt_regs *regs, unsigned int instr)
	204	{
	205	kprobe_handler(regs);
	206	return 0;
	207	}
	208
	209	int __kprobes kprobe_fault_handler(struct pt_regs *regs, unsigned int fsr)
	210	{
	211	struct kprobe *cur = kprobe_running();
	212	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
	213
	214	switch (kcb->kprobe_status) {
	215	case KPROBE_HIT_SS:
	216	case KPROBE_REENTER:
	217	/*
	218	* We are here because the instruction being single
	219	* stepped caused a page fault. We reset the current
	220	* kprobe and the PC to point back to the probe address
	221	* and allow the page fault handler to continue as a
	222	* normal page fault.
	223	*/
	224	regs->ARM_pc = (long)cur->addr;
	225	if (kcb->kprobe_status == KPROBE_REENTER) {
	226	restore_previous_kprobe(kcb);
	227	} else {
	228	reset_current_kprobe();
	229	}
	230	break;
	231
	232	case KPROBE_HIT_ACTIVE:
	233	case KPROBE_HIT_SSDONE:
	234	/*
	235	* We increment the nmissed count for accounting,
	236	* we can also use npre/npostfault count for accounting
	237	* these specific fault cases.
	238	*/
	239	kprobes_inc_nmissed_count(cur);
	240
	241	/*
	242	* We come here because instructions in the pre/post
	243	* handler caused the page_fault, this could happen
	244	* if handler tries to access user space by
	245	* copy_from_user(), get_user() etc. Let the
	246	* user-specified handler try to fix it.
	247	*/
	248	if (cur->fault_handler && cur->fault_handler(cur, regs, fsr))
	249	return 1;
	250	break;
	251
	252	default:
	253	break;
	254	}
	255
	256	return 0;
	257	}
	258
	259	int __kprobes kprobe_exceptions_notify(struct notifier_block *self,
	260	unsigned long val, void *data)
	261	{
	262	/*
	263	* notify_die() is currently never called on ARM,
	264	* so this callback is currently empty.
	265	*/
	266	return NOTIFY_DONE;
	267	}
	268
	269	/*
	270	* When a retprobed function returns, trampoline_handler() is called,
	271	* calling the kretprobe's handler. We construct a struct pt_regs to
	272	* give a view of registers r0-r11 to the user return-handler. This is
	273	* not a complete pt_regs structure, but that should be plenty sufficient
	274	* for kretprobe handlers which should normally be interested in r0 only
	275	* anyway.
	276	*/
	277	static void __attribute__((naked)) __kprobes kretprobe_trampoline(void)
	278	{
	279	__asm__ __volatile__ (
	280	"stmdb sp!, {r0 - r11} \n\t"
	281	"mov r0, sp \n\t"
	282	"bl trampoline_handler \n\t"
	283	"mov lr, r0 \n\t"
	284	"ldmia sp!, {r0 - r11} \n\t"
	285	"mov pc, lr \n\t"
	286	: : : "memory");
	287	}
	288
	289	/* Called from kretprobe_trampoline */
	290	static __used __kprobes void trampoline_handler(struct pt_regs regs)
	291	{
	292	struct kretprobe_instance *ri = NULL;
	293	struct hlist_head *head, empty_rp;
	294	struct hlist_node node, tmp;
	295	unsigned long flags, orig_ret_address = 0;
	296	unsigned long trampoline_address = (unsigned long)&kretprobe_trampoline;
	297
	298	INIT_HLIST_HEAD(&empty_rp);
	299	spin_lock_irqsave(&kretprobe_lock, flags);
	300	head = kretprobe_inst_table_head(current);
	301
	302	/*
	303	* It is possible to have multiple instances associated with a given
	304	* task either because multiple functions in the call path have
	305	* a return probe installed on them, and/or more than one return
	306	* probe was registered for a target function.
	307	*
	308	* We can handle this because:
	309	* - instances are always inserted at the head of the list
	310	* - when multiple return probes are registered for the same
	311	* function, the first instance's ret_addr will point to the
	312	* real return address, and all the rest will point to
	313	* kretprobe_trampoline
	314	*/
	315	hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
	316	if (ri->task != current)
	317	/* another task is sharing our hash bucket */
	318	continue;
	319
	320	if (ri->rp && ri->rp->handler) {
	321	__get_cpu_var(current_kprobe) = &ri->rp->kp;
	322	get_kprobe_ctlblk()->kprobe_status = KPROBE_HIT_ACTIVE;
	323	ri->rp->handler(ri, regs);
	324	__get_cpu_var(current_kprobe) = NULL;
	325	}
	326
	327	orig_ret_address = (unsigned long)ri->ret_addr;
	328	recycle_rp_inst(ri, &empty_rp);
	329
	330	if (orig_ret_address != trampoline_address)
	331	/*
	332	* This is the real return address. Any other
	333	* instances associated with this task are for
	334	* other calls deeper on the call stack
	335	*/
	336	break;
	337	}
	338
	339	kretprobe_assert(ri, orig_ret_address, trampoline_address);
	340	spin_unlock_irqrestore(&kretprobe_lock, flags);
	341
	342	hlist_for_each_entry_safe(ri, node, tmp, &empty_rp, hlist) {
	343	hlist_del(&ri->hlist);
	344	kfree(ri);
	345	}
	346
	347	return (void *)orig_ret_address;
	348	}
	349
	350	/* Called with kretprobe_lock held. */
	351	void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
	352	struct pt_regs *regs)
	353	{
	354	ri->ret_addr = (kprobe_opcode_t *)regs->ARM_lr;
	355
	356	/* Replace the return addr with trampoline addr. */
	357	regs->ARM_lr = (unsigned long)&kretprobe_trampoline;
	358	}
	359
	360	int __kprobes setjmp_pre_handler(struct kprobe p, struct pt_regs regs)
	361	{
	362	struct jprobe *jp = container_of(p, struct jprobe, kp);
	363	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
	364	long sp_addr = regs->ARM_sp;
	365
	366	kcb->jprobe_saved_regs = *regs;
	367	memcpy(kcb->jprobes_stack, (void *)sp_addr, MIN_STACK_SIZE(sp_addr));
	368	regs->ARM_pc = (long)jp->entry;
	369	regs->ARM_cpsr \|= PSR_I_BIT;
	370	preempt_disable();
	371	return 1;
	372	}
	373
	374	void __kprobes jprobe_return(void)
	375	{
	376	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
	377
	378	__asm__ __volatile__ (
	379	/*
	380	* Setup an empty pt_regs. Fill SP and PC fields as
	381	* they're needed by longjmp_break_handler.
	382	*/
	383	"sub sp, %0, %1 \n\t"
	384	"ldr r0, ="__stringify(JPROBE_MAGIC_ADDR)"\n\t"
	385	"str %0, [sp, %2] \n\t"
	386	"str r0, [sp, %3] \n\t"
	387	"mov r0, sp \n\t"
	388	"bl kprobe_handler \n\t"
	389
	390	/*
	391	* Return to the context saved by setjmp_pre_handler
	392	* and restored by longjmp_break_handler.
	393	*/
	394	"ldr r0, [sp, %4] \n\t"
	395	"msr cpsr_cxsf, r0 \n\t"
	396	"ldmia sp, {r0 - pc} \n\t"
	397	:
	398	: "r" (kcb->jprobe_saved_regs.ARM_sp),
	399	"I" (sizeof(struct pt_regs)),
	400	"J" (offsetof(struct pt_regs, ARM_sp)),
	401	"J" (offsetof(struct pt_regs, ARM_pc)),
	402	"J" (offsetof(struct pt_regs, ARM_cpsr))
	403	: "memory", "cc");
	404	}
	405
	406	int __kprobes longjmp_break_handler(struct kprobe p, struct pt_regs regs)
	407	{
	408	struct kprobe_ctlblk *kcb = get_kprobe_ctlblk();
	409	long stack_addr = kcb->jprobe_saved_regs.ARM_sp;
	410	long orig_sp = regs->ARM_sp;
	411	struct jprobe *jp = container_of(p, struct jprobe, kp);
	412
	413	if (regs->ARM_pc == JPROBE_MAGIC_ADDR) {
	414	if (orig_sp != stack_addr) {
	415	struct pt_regs *saved_regs =
	416	(struct pt_regs *)kcb->jprobe_saved_regs.ARM_sp;
	417	printk("current sp %lx does not match saved sp %lx\n",
	418	orig_sp, stack_addr);
	419	printk("Saved registers for jprobe %p\n", jp);
	420	show_regs(saved_regs);
	421	printk("Current registers\n");
	422	show_regs(regs);
	423	BUG();
	424	}
	425	*regs = kcb->jprobe_saved_regs;
	426	memcpy((void *)stack_addr, kcb->jprobes_stack,
	427	MIN_STACK_SIZE(stack_addr));
	428	preempt_enable_no_resched();
	429	return 1;
	430	}
	431	return 0;
	432	}
	433
	434	static struct undef_hook kprobes_break_hook = {
	435	.instr_mask = 0xffffffff,
	436	.instr_val = KPROBE_BREAKPOINT_INSTRUCTION,
	437	.cpsr_mask = MODE_MASK,
	438	.cpsr_val = SVC_MODE,
	439	.fn = kprobe_trap_handler,
	440	};
	441
	442	int __init arch_init_kprobes()
	443	{
	444	arm_kprobe_decode_init();
	445	register_undef_hook(&kprobes_break_hook);
	446	return 0;
	447	}