/* We do not have hardware single-stepping on sparc64. * So we implement software single-stepping with breakpoint * traps. The top-level scheme is similar to that used * in the x86 kprobes implementation. * * In the kprobe->ainsn.insn[] array we store the original * instruction at index zero and a break instruction at * index one. * * When we hit a kprobe we: * - Run the pre-handler * - Remember "regs->tnpc" and interrupt level stored in * "regs->tstate" so we can restore them later * - Disable PIL interrupts * - Set regs->tpc to point to kprobe->ainsn.insn[0] * - Set regs->tnpc to point to kprobe->ainsn.insn[1] * - Mark that we are actively in a kprobe * * At this point we wait for the second breakpoint at * kprobe->ainsn.insn[1] to hit. When it does we: * - Run the post-handler * - Set regs->tpc to "remembered" regs->tnpc stored above, * restore the PIL interrupt level in "regs->tstate" as well * - Make any adjustments necessary to regs->tnpc in order * to handle relative branches correctly. See below. * - Mark that we are no longer actively in a kprobe.
*/
/* * We don't want to be preempted for the entire * duration of kprobe processing
*/
preempt_disable();
kcb = get_kprobe_ctlblk();
if (kprobe_running()) {
p = get_kprobe(addr); if (p) { if (kcb->kprobe_status == KPROBE_HIT_SS) {
regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
kcb->kprobe_orig_tstate_pil); goto no_kprobe;
} /* We have reentered the kprobe_handler(), since * another probe was hit while within the handler. * We here save the original kprobes variables and * just single step on the instruction of the new probe * without calling any user handlers.
*/
save_previous_kprobe(kcb);
set_current_kprobe(p, regs, kcb);
kprobes_inc_nmissed_count(p);
kcb->kprobe_status = KPROBE_REENTER;
prepare_singlestep(p, regs, kcb); return 1;
} elseif (*(u32 *)addr != BREAKPOINT_INSTRUCTION) { /* The breakpoint instruction was removed by * another cpu right after we hit, no further * handling of this interrupt is appropriate
*/
ret = 1;
} goto no_kprobe;
}
p = get_kprobe(addr); if (!p) { if (*(u32 *)addr != BREAKPOINT_INSTRUCTION) { /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed * either a probepoint or a debugger breakpoint * at this address. In either case, no further * handling of this interrupt is appropriate.
*/
ret = 1;
} /* Not one of ours: let kernel handle it */ goto no_kprobe;
}
/* If INSN is a relative control transfer instruction, * return the corrected branch destination value. * * regs->tpc and regs->tnpc still hold the values of the * program counters at the time of trap due to the execution * of the BREAKPOINT_INSTRUCTION_2 at p->ainsn.insn[1] *
*/ staticunsignedlong __kprobes relbranch_fixup(u32 insn, struct kprobe *p, struct pt_regs *regs)
{ unsignedlong real_pc = (unsignedlong) p->addr;
/* Branch not taken, no mods necessary. */ if (regs->tnpc == regs->tpc + 0x4UL) return real_pc + 0x8UL;
/* The three cases are call, branch w/prediction, * and traditional branch.
*/ if ((insn & 0xc0000000) == 0x40000000 ||
(insn & 0xc1c00000) == 0x00400000 ||
(insn & 0xc1c00000) == 0x00800000) { unsignedlong ainsn_addr;
ainsn_addr = (unsignedlong) &p->ainsn.insn[0];
/* The instruction did all the work for us * already, just apply the offset to the correct * instruction location.
*/ return (real_pc + (regs->tnpc - ainsn_addr));
}
/* It is jmpl or some other absolute PC modification instruction, * leave NPC as-is.
*/ return regs->tnpc;
}
/* If INSN is an instruction which writes its PC location * into a destination register, fix that up.
*/ staticvoid __kprobes retpc_fixup(struct pt_regs *regs, u32 insn, unsignedlong real_pc)
{ unsignedlong *slot = NULL;
/* Simplest case is 'call', which always uses %o7 */ if ((insn & 0xc0000000) == 0x40000000) {
slot = ®s->u_regs[UREG_I7];
}
/* 'jmpl' encodes the register inside of the opcode */ if ((insn & 0xc1f80000) == 0x81c00000) { unsignedlong rd = ((insn >> 25) & 0x1f);
if (rd <= 15) {
slot = ®s->u_regs[rd];
} else { /* Hard case, it goes onto the stack. */
flushw_all();
/* * Called after single-stepping. p->addr is the address of the * instruction which has been replaced by the breakpoint * instruction. To avoid the SMP problems that can occur when we * temporarily put back the original opcode to single-step, we * single-stepped a copy of the instruction. The address of this * copy is &p->ainsn.insn[0]. * * This function prepares to return from the post-single-step * breakpoint trap.
*/ staticvoid __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
{
u32 insn = p->ainsn.insn[0];
regs->tnpc = relbranch_fixup(insn, p, regs);
/* This assignment must occur after relbranch_fixup() */
regs->tpc = kcb->kprobe_orig_tnpc;
/*Restore back the original saved kprobes variables and continue. */ if (kcb->kprobe_status == KPROBE_REENTER) {
restore_previous_kprobe(kcb); goto out;
}
reset_current_kprobe();
out:
preempt_enable_no_resched();
switch(kcb->kprobe_status) { case KPROBE_HIT_SS: case KPROBE_REENTER: /* * We are here because the instruction being single * stepped caused a page fault. We reset the current * kprobe and the tpc points back to the probe address * and allow the page fault handler to continue as a * normal page fault.
*/
regs->tpc = (unsignedlong)cur->addr;
regs->tnpc = kcb->kprobe_orig_tnpc;
regs->tstate = ((regs->tstate & ~TSTATE_PIL) |
kcb->kprobe_orig_tstate_pil); if (kcb->kprobe_status == KPROBE_REENTER)
restore_previous_kprobe(kcb); else
reset_current_kprobe();
preempt_enable_no_resched(); break; case KPROBE_HIT_ACTIVE: case KPROBE_HIT_SSDONE: /* * In case the user-specified fault handler returned * zero, try to fix up.
*/
/* * fixup_exception() could not handle it, * Let do_page_fault() fix it.
*/ break; default: break;
}
return 0;
}
/* * Wrapper routine to for handling exceptions.
*/ int __kprobes kprobe_exceptions_notify(struct notifier_block *self, unsignedlong val, void *data)
{ struct die_args *args = (struct die_args *)data; int ret = NOTIFY_DONE;
if (args->regs && user_mode(args->regs)) return ret;
switch (val) { case DIE_DEBUG: if (kprobe_handler(args->regs))
ret = NOTIFY_STOP; break; case DIE_DEBUG_2: if (post_kprobe_handler(args->regs))
ret = NOTIFY_STOP; break; default: break;
} return ret;
}
/* The value stored in the return address register is actually 2 * instructions before where the callee will return to. * Sequences usually look something like this * * call some_function <--- return register points here * nop <--- call delay slot * whatever <--- where callee returns to * * To keep trampoline_probe_handler logic simpler, we normalize the * value kept in ri->ret_addr so we don't need to keep adjusting it * back and forth.
*/ void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri, struct pt_regs *regs)
{
ri->ret_addr = (kprobe_opcode_t *)(regs->u_regs[UREG_RETPC] + 8);
ri->fp = NULL;
/* Replace the return addr with trampoline addr */
regs->u_regs[UREG_RETPC] =
((unsignedlong)__kretprobe_trampoline) - 8;
}
/* * Called when the probe at kretprobe trampoline is hit
*/ staticint __kprobes trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
{ unsignedlong orig_ret_address = 0;
/* * By returning a non-zero value, we are telling * kprobe_handler() that we don't want the post_handler * to run (and have re-enabled preemption)
*/ return 1;
}
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
