1 files changed, 101 insertions, 2 deletions
diff --git a/arch/ia64/kernel/kprobes.c b/arch/ia64/kernel/kprobes.c
index 5978823d5c63..c97e18e634ca 100644
--- a/arch/ia64/kernel/kprobes.c
+++ b/arch/ia64/kernel/kprobes.c
@@ -290,6 +290,94 @@ static inline void set_current_kprobe(struct kprobe *p)
        current_kprobe = p;
 }
+static void kretprobe_trampoline(void)
+{
+}
+/*
+ * At this point the target function has been tricked into
+ * returning into our trampoline.  Lookup the associated instance
+ * and then:
+ *    - call the handler function
+ *    - cleanup by marking the instance as unused
+ *    - long jump back to the original return address
+ */
+int trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
+{
+        struct kretprobe_instance *ri = NULL;
+        struct hlist_head *head;
+        struct hlist_node *node, *tmp;
+        unsigned long orig_ret_address = 0;
+        unsigned long trampoline_address =
+                ((struct fnptr *)kretprobe_trampoline)->ip;
+        head = kretprobe_inst_table_head(current);
+        /*
+         * It is possible to have multiple instances associated with a given
+         * task either because an multiple functions in the call path
+         * have a return probe installed on them, and/or more then one return
+         * return probe was registered for a target function.
+         *
+         * We can handle this because:
+         *     - instances are always inserted at the head of the list
+         *     - when multiple return probes are registered for the same
+         *       function, the first instance's ret_addr will point to the
+         *       real return address, and all the rest will point to
+         *       kretprobe_trampoline
+         */
+        hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
+                if (ri->task != current)
+                        /* another task is sharing our hash bucket */
+                        continue;
+                if (ri->rp && ri->rp->handler)
+                        ri->rp->handler(ri, regs);
+                orig_ret_address = (unsigned long)ri->ret_addr;
+                recycle_rp_inst(ri);
+                if (orig_ret_address != trampoline_address)
+                        /*
+                         * This is the real return address. Any other
+                         * instances associated with this task are for
+                         * other calls deeper on the call stack
+                         */
+                        break;
+        }
+        BUG_ON(!orig_ret_address || (orig_ret_address == trampoline_address));
+        regs->cr_iip = orig_ret_address;
+        unlock_kprobes();
+        preempt_enable_no_resched();
+        /*
+         * By returning a non-zero value, we are telling
+         * kprobe_handler() that we have handled unlocking
+         * and re-enabling preemption.
+         */
+        return 1;
+}
+void arch_prepare_kretprobe(struct kretprobe *rp, struct pt_regs *regs)
+{
+        struct kretprobe_instance *ri;
+        if ((ri = get_free_rp_inst(rp)) != NULL) {
+                ri->rp = rp;
+                ri->task = current;
+                ri->ret_addr = (kprobe_opcode_t *)regs->b0;
+                /* Replace the return addr with trampoline addr */
+                regs->b0 = ((struct fnptr *)kretprobe_trampoline)->ip;
+                add_rp_inst(ri);
+        } else {
+                rp->nmissed++;
+        }
+}
 int arch_prepare_kprobe(struct kprobe *p)
 {
        unsigned long addr = (unsigned long) p->addr;
@@ -492,8 +580,8 @@ static int pre_kprobes_handler(struct die_args *args)
        if (p->pre_handler && p->pre_handler(p, regs))
                /*
                 * Our pre-handler is specifically requesting that we just
-                 * do a return.  This is handling the case where the
+                 * do a return.  This is used for both the jprobe pre-handler
-                 * pre-handler is really our special jprobe pre-handler.
+                 * and the kretprobe trampoline
                 */
                return 1;
@@ -599,3 +687,14 @@ int longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
        *regs = jprobe_saved_regs;
        return 1;
 }
+static struct kprobe trampoline_p = {
+        .pre_handler = trampoline_probe_handler
+};
+int __init arch_init(void)
+{
+        trampoline_p.addr =
+                (kprobe_opcode_t *)((struct fnptr *)kretprobe_trampoline)->ip;
+        return register_kprobe(&trampoline_p);
+}

diff --git a/arch/ia64/kernel/kprobes.c b/arch/ia64/kernel/kprobes.c index 5978823d5c63..c97e18e634ca 100644 --- a/arch/ia64/kernel/kprobes.c +++ b/arch/ia64/kernel/kprobes.c
@@ -290,6 +290,94 @@ static inline void set_current_kprobe(struct kprobe *p)
290	current_kprobe = p;	290	current_kprobe = p;
291	}	291	}
292		292
		293	static void kretprobe_trampoline(void)
		294	{
		295	}
		296
		297	/*
		298	* At this point the target function has been tricked into
		299	* returning into our trampoline. Lookup the associated instance
		300	* and then:
		301	* - call the handler function
		302	* - cleanup by marking the instance as unused
		303	* - long jump back to the original return address
		304	*/
		305	int trampoline_probe_handler(struct kprobe p, struct pt_regs regs)
		306	{
		307	struct kretprobe_instance *ri = NULL;
		308	struct hlist_head *head;
		309	struct hlist_node node, tmp;
		310	unsigned long orig_ret_address = 0;
		311	unsigned long trampoline_address =
		312	((struct fnptr *)kretprobe_trampoline)->ip;
		313
		314	head = kretprobe_inst_table_head(current);
		315
		316	/*
		317	* It is possible to have multiple instances associated with a given
		318	* task either because an multiple functions in the call path
		319	* have a return probe installed on them, and/or more then one return
		320	* return probe was registered for a target function.
		321	*
		322	* We can handle this because:
		323	* - instances are always inserted at the head of the list
		324	* - when multiple return probes are registered for the same
		325	* function, the first instance's ret_addr will point to the
		326	* real return address, and all the rest will point to
		327	* kretprobe_trampoline
		328	*/
		329	hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
		330	if (ri->task != current)
		331	/* another task is sharing our hash bucket */
		332	continue;
		333
		334	if (ri->rp && ri->rp->handler)
		335	ri->rp->handler(ri, regs);
		336
		337	orig_ret_address = (unsigned long)ri->ret_addr;
		338	recycle_rp_inst(ri);
		339
		340	if (orig_ret_address != trampoline_address)
		341	/*
		342	* This is the real return address. Any other
		343	* instances associated with this task are for
		344	* other calls deeper on the call stack
		345	*/
		346	break;
		347	}
		348
		349	BUG_ON(!orig_ret_address \|\| (orig_ret_address == trampoline_address));
		350	regs->cr_iip = orig_ret_address;
		351
		352	unlock_kprobes();
		353	preempt_enable_no_resched();
		354
		355	/*
		356	* By returning a non-zero value, we are telling
		357	* kprobe_handler() that we have handled unlocking
		358	* and re-enabling preemption.
		359	*/
		360	return 1;
		361	}
		362
		363	void arch_prepare_kretprobe(struct kretprobe rp, struct pt_regs regs)
		364	{
		365	struct kretprobe_instance *ri;
		366
		367	if ((ri = get_free_rp_inst(rp)) != NULL) {
		368	ri->rp = rp;
		369	ri->task = current;
		370	ri->ret_addr = (kprobe_opcode_t *)regs->b0;
		371
		372	/* Replace the return addr with trampoline addr */
		373	regs->b0 = ((struct fnptr *)kretprobe_trampoline)->ip;
		374
		375	add_rp_inst(ri);
		376	} else {
		377	rp->nmissed++;
		378	}
		379	}
		380
293	int arch_prepare_kprobe(struct kprobe *p)	381	int arch_prepare_kprobe(struct kprobe *p)
294	{	382	{
295	unsigned long addr = (unsigned long) p->addr;	383	unsigned long addr = (unsigned long) p->addr;
@@ -492,8 +580,8 @@ static int pre_kprobes_handler(struct die_args *args)
492	if (p->pre_handler && p->pre_handler(p, regs))	580	if (p->pre_handler && p->pre_handler(p, regs))
493	/*	581	/*
494	* Our pre-handler is specifically requesting that we just	582	* Our pre-handler is specifically requesting that we just
495	* do a return. This is handling the case where the	583	* do a return. This is used for both the jprobe pre-handler
496	* pre-handler is really our special jprobe pre-handler.	584	* and the kretprobe trampoline
497	*/	585	*/
498	return 1;	586	return 1;
499		587
@@ -599,3 +687,14 @@ int longjmp_break_handler(struct kprobe p, struct pt_regs regs)
599	*regs = jprobe_saved_regs;	687	*regs = jprobe_saved_regs;
600	return 1;	688	return 1;
601	}	689	}
		690
		691	static struct kprobe trampoline_p = {
		692	.pre_handler = trampoline_probe_handler
		693	};
		694
		695	int __init arch_init(void)
		696	{
		697	trampoline_p.addr =
		698	(kprobe_opcode_t )((struct fnptr )kretprobe_trampoline)->ip;
		699	return register_kprobe(&trampoline_p);
		700	}