From patchwork Sat Oct 25 06:42:52 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wang Nan X-Patchwork-Id: 39511 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f71.google.com (mail-la0-f71.google.com [209.85.215.71]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 7878E2145E for ; Sat, 25 Oct 2014 06:49:17 +0000 (UTC) Received: by mail-la0-f71.google.com with SMTP id gi9sf2489222lab.2 for ; Fri, 24 Oct 2014 23:49:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id :in-reply-to:references:mime-version:cc:precedence:list-id :list-unsubscribe:list-archive:list-post:list-help:list-subscribe :sender:errors-to:x-original-sender :x-original-authentication-results:mailing-list:content-type :content-transfer-encoding; bh=zTkbhAaXOHMIiiX2XJtX7kotL6yIs/i+uWpMF99sfBQ=; b=hWuJMMMA+ofzq5o4dxaBB7Cm6kx5zDylhG9MvAbehGAnZwzC9APhnpR8MR4Pws266q rg6dCAd/6ZDZEjpnLejDADkBhR0j3+420mnBrGizMD0un/n1qW5a5wNoXx0620EGO6JF J7wwUBolgBEkUpwhnoljjUqocSukeFLY3aGksMiOYLt2iLDh6EEk4JfWsa+tvWecCnGr wQn/81WPrbrLHtpza+HmyrnNmn1mnBjmRCYvoOM7CnJV9YITtwavv5Rwde/rpPu7f/Vw E3CpYYObrfmop1+woxeiiKtfzC0ez8VpO1zLYHe0xnT2X8Vlsyj4qrst9mVOcX4Igryo oq+Q== X-Gm-Message-State: ALoCoQmWeIC8iKUOmMp+lN6NOC8xwGlC8OM6oA1C4oy1M6OEyveKbTWiEfwONwlvMixW1OFZMaac X-Received: by 10.112.95.133 with SMTP id dk5mr3293196lbb.3.1414219756113; Fri, 24 Oct 2014 23:49:16 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.87.82 with SMTP id v18ls492449laz.46.gmail; Fri, 24 Oct 2014 23:49:15 -0700 (PDT) X-Received: by 10.112.201.201 with SMTP id kc9mr9376138lbc.76.1414219755709; Fri, 24 Oct 2014 23:49:15 -0700 (PDT) Received: from mail-la0-f44.google.com (mail-la0-f44.google.com. [209.85.215.44]) by mx.google.com with ESMTPS id xv1si9938605lbb.119.2014.10.24.23.49.15 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 24 Oct 2014 23:49:15 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.44 as permitted sender) client-ip=209.85.215.44; Received: by mail-la0-f44.google.com with SMTP id hs14so3690489lab.3 for ; Fri, 24 Oct 2014 23:49:15 -0700 (PDT) X-Received: by 10.112.12.35 with SMTP id v3mr9120175lbb.80.1414219755219; Fri, 24 Oct 2014 23:49:15 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.84.229 with SMTP id c5csp1696lbz; Fri, 24 Oct 2014 23:49:14 -0700 (PDT) X-Received: by 10.66.253.105 with SMTP id zz9mr9638007pac.49.1414219751527; Fri, 24 Oct 2014 23:49:11 -0700 (PDT) Received: from bombadil.infradead.org (bombadil.infradead.org. [2001:1868:205::9]) by mx.google.com with ESMTPS id hk4si5796721pbc.190.2014.10.24.23.49.10 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Oct 2014 23:49:11 -0700 (PDT) Received-SPF: none (google.com: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org does not designate permitted sender hosts) client-ip=2001:1868:205::9; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1Xhv6q-0008Jx-RU; Sat, 25 Oct 2014 06:45:56 +0000 Received: from szxga03-in.huawei.com ([119.145.14.66]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1Xhv6m-0007dn-8c for linux-arm-kernel@lists.infradead.org; Sat, 25 Oct 2014 06:45:54 +0000 Received: from 172.24.2.119 (EHLO lggeml421-hub.china.huawei.com) ([172.24.2.119]) by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued) with ESMTP id AWB64679; Sat, 25 Oct 2014 14:44:45 +0800 (CST) Received: from kernel-host.huawei (10.107.197.247) by lggeml421-hub.china.huawei.com (10.72.61.31) with Microsoft SMTP Server id 14.3.158.1; Sat, 25 Oct 2014 14:44:34 +0800 From: Wang Nan To: , Subject: [PATCH 3/4] ARM: kprobes: collects stack consumption for store instructions Date: Sat, 25 Oct 2014 14:42:52 +0800 Message-ID: <1414219373-20070-4-git-send-email-wangnan0@huawei.com> X-Mailer: git-send-email 1.8.4 In-Reply-To: <1414219373-20070-1-git-send-email-wangnan0@huawei.com> References: <1414219373-20070-1-git-send-email-wangnan0@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.107.197.247] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020205.544B46E0.012C, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: e8172fc82fe2d29389878911cb2d8861 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20141024_234552_989405_A4CB4303 X-CRM114-Status: GOOD ( 18.32 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [119.145.14.66 listed in list.dnswl.org] -1.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [119.145.14.66 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Cc: lizefan@huawei.com, linux@arm.linux.org.uk, taras.kondratiuk@linaro.org, will.deacon@arm.com, linux-kernel@vger.kernel.org, rabin@rab.in, ben.dooks@codethink.co.uk, dave.long@linaro.org, cl@linux.com, davem@davemloft.net, linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: wangnan0@huawei.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.44 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 This patch use previous introduced checker on store instructions, record stack consumption informations to arch_probes_insn. With such information, kprobe opt can decide how much stack needs to be protected. Signed-off-by: Wang Nan --- arch/arm/include/asm/probes.h | 1 + arch/arm/kernel/kprobes.c | 15 +++++++- arch/arm/kernel/probes-arm.c | 25 +++++++++++++ arch/arm/kernel/probes-arm.h | 1 + arch/arm/kernel/probes-thumb.c | 80 ++++++++++++++++++++++++++++++++++++++++++ arch/arm/kernel/probes-thumb.h | 2 ++ arch/arm/kernel/probes.c | 64 +++++++++++++++++++++++++++++++++ arch/arm/kernel/probes.h | 13 +++++++ 8 files changed, 200 insertions(+), 1 deletion(-) diff --git a/arch/arm/include/asm/probes.h b/arch/arm/include/asm/probes.h index 806cfe6..ccf9af3 100644 --- a/arch/arm/include/asm/probes.h +++ b/arch/arm/include/asm/probes.h @@ -38,6 +38,7 @@ struct arch_probes_insn { probes_check_cc *insn_check_cc; probes_insn_singlestep_t *insn_singlestep; probes_insn_fn_t *insn_fn; + int stack_space; }; #endif diff --git a/arch/arm/kernel/kprobes.c b/arch/arm/kernel/kprobes.c index 3302983..618531d 100644 --- a/arch/arm/kernel/kprobes.c +++ b/arch/arm/kernel/kprobes.c @@ -61,6 +61,16 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) kprobe_decode_insn_t *decode_insn; const union decode_action *actions; int is; + const struct decode_checker **checkers; +#ifdef CONFIG_THUMB2_KERNEL + const struct decode_checker *t32_checkers[] = + {t32_stack_checker, NULL}; + const struct decode_checker *t16_checkers[] = + {t16_stack_checker, NULL}; +#else + const struct decode_checker *arm_checkers[] = + {arm_stack_checker, NULL}; +#endif if (in_exception_text(addr)) return -EINVAL; @@ -74,9 +84,11 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) insn = __opcode_thumb32_compose(insn, inst2); decode_insn = thumb32_probes_decode_insn; actions = kprobes_t32_actions; + checkers = t32_checkers; } else { decode_insn = thumb16_probes_decode_insn; actions = kprobes_t16_actions; + checkers = t16_checkers; } #else /* !CONFIG_THUMB2_KERNEL */ thumb = false; @@ -85,12 +97,13 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) insn = __mem_to_opcode_arm(*p->addr); decode_insn = arm_probes_decode_insn; actions = kprobes_arm_actions; + checkers = arm_checkers; #endif p->opcode = insn; p->ainsn.insn = tmp_insn; - switch ((*decode_insn)(insn, &p->ainsn, true, actions, NULL)) { + switch ((*decode_insn)(insn, &p->ainsn, true, actions, checkers)) { case INSN_REJECTED: /* not supported */ return -EINVAL; diff --git a/arch/arm/kernel/probes-arm.c b/arch/arm/kernel/probes-arm.c index d280e825..20e95c0 100644 --- a/arch/arm/kernel/probes-arm.c +++ b/arch/arm/kernel/probes-arm.c @@ -109,6 +109,31 @@ void __kprobes simulate_mov_ipsp(probes_opcode_t insn, regs->uregs[12] = regs->uregs[13]; } +enum probes_insn __kprobes chk_stack_arm_store(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h) +{ + int imm = insn & 0xfff; + check_insn_stack_regs(insn, asi, h, imm); + return INSN_GOOD; +} + +enum probes_insn __kprobes chk_stack_arm_store_extra(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h) +{ + int imm = ((insn & 0xf00) >> 4) + (insn & 0xf); + check_insn_stack_regs(insn, asi, h, imm); + return INSN_GOOD; +} + +const struct decode_checker arm_stack_checker[NUM_PROBES_ARM_ACTIONS] = { + [PROBES_STRD] = {.checker = chk_stack_arm_store_extra}, + [PROBES_STORE_EXTRA] = {.checker = chk_stack_arm_store_extra}, + [PROBES_STRD] = {.checker = chk_stack_arm_store}, + [PROBES_STM] = {.checker = chk_stack_stm}, +}; + /* * For the instruction masking and comparisons in all the "space_*" * functions below, Do _not_ rearrange the order of tests unless diff --git a/arch/arm/kernel/probes-arm.h b/arch/arm/kernel/probes-arm.h index 185adaf..4d63cf8 100644 --- a/arch/arm/kernel/probes-arm.h +++ b/arch/arm/kernel/probes-arm.h @@ -73,4 +73,5 @@ enum probes_insn arm_probes_decode_insn(probes_opcode_t, const union decode_action *actions, const struct decode_checker *checkers[]); +extern const struct decode_checker arm_stack_checker[]; #endif diff --git a/arch/arm/kernel/probes-thumb.c b/arch/arm/kernel/probes-thumb.c index 56925e4..8e7c5be 100644 --- a/arch/arm/kernel/probes-thumb.c +++ b/arch/arm/kernel/probes-thumb.c @@ -15,6 +15,86 @@ #include "probes.h" #include "probes-thumb.h" +enum probes_insn __kprobes chk_stack_t32_strd(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h) +{ + int imm = insn & 0xff; + check_insn_stack_regs(insn, asi, h, imm); + return INSN_GOOD; +} + +/* + * Note: This function doesn't process PROBES_T32_STRD. + */ +enum probes_insn __kprobes chk_stack_t32_check_str(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h) +{ + int rn = -1, rm = -1; + u32 regs = h->type_regs.bits >> DECODE_TYPE_BITS; + int index, add; + + /* Rn is used in every cases */ + BUG_ON((regs & 0xf0000) == 0); + rn = (insn & 0xf0000) >> 16; + if ((regs & 0xf) != 0) + rm = insn & 0xf; + + /* + * Rn is not SP. Rm can't be sp in any case. + * So it is not a stack store. + */ + if (rn != 0xd) + return INSN_GOOD; + + /* + * For 'str? rx, [sp, ry]', ry can be negative. In addition, + * index is true in every cases, so unable to determine stack + * consumption. + */ + if (rm != -1) { + asi->stack_space = -1; + return INSN_GOOD; + } + + /* + * For 'str? rx, [sp, #+/-]', if bit 23 is set, index + * and add are both set. Else, index and add are determined + * by P bit and U bit (bit 10, 9) + */ + if (insn & 0x800000) + index = add = 1; + else { + index = (insn & (1 << 10)); + add = (insn &(1 << 9)); + } + + if (!index || add) + return INSN_GOOD; + + asi->stack_space = insn & 0xff; + return INSN_GOOD; +} + +enum probes_insn __kprobes chk_stack_t16_push(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h) +{ + unsigned int reglist = insn & 0x1ff; + asi->stack_space = hweight32(reglist) * 4; + return INSN_GOOD; +} + +const struct decode_checker t32_stack_checker[NUM_PROBES_T32_ACTIONS] = { + [PROBES_T32_STM] = {.checker = chk_stack_stm}, + [PROBES_T32_STRD] = {.checker = chk_stack_t32_strd}, + [PROBES_T32_STR] = {.checker = chk_stack_t32_check_str}, +}; + +const struct decode_checker t16_stack_checker[NUM_PROBES_T16_ACTIONS] = { + [PROBES_T16_PUSH] = {.checker = chk_stack_t16_push}, +}; static const union decode_item t32_table_1110_100x_x0xx[] = { /* Load/store multiple instructions */ diff --git a/arch/arm/kernel/probes-thumb.h b/arch/arm/kernel/probes-thumb.h index 2277744..a5783d0 100644 --- a/arch/arm/kernel/probes-thumb.h +++ b/arch/arm/kernel/probes-thumb.h @@ -102,4 +102,6 @@ thumb32_probes_decode_insn(probes_opcode_t insn, struct arch_probes_insn *asi, bool emulate, const union decode_action *actions, const struct decode_checker *checkers[]); +extern const struct decode_checker t32_stack_checker[]; +extern const struct decode_checker t16_stack_checker[]; #endif diff --git a/arch/arm/kernel/probes.c b/arch/arm/kernel/probes.c index 02598da..4ef4087 100644 --- a/arch/arm/kernel/probes.c +++ b/arch/arm/kernel/probes.c @@ -188,6 +188,25 @@ void __kprobes probes_emulate_none(probes_opcode_t opcode, asi->insn_fn(); } +/* ARM and Thumb can share this checker */ +enum probes_insn __kprobes chk_stack_stm(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h) +{ + unsigned int reglist = insn & 0xffff; + int ubit = insn & (1 << 23); + int pbit = insn & (1 << 24); + int rn = (insn >> 16) & 0xf; + + /* This is stmi?, doesn't require extra stack */ + if (ubit) + return INSN_GOOD; + /* If pbit == ubit (== 0), this is stmda, one dword is saved */ + asi->stack_space = (rn == 0xd) ? + (hweight32(reglist) - ((!pbit == !ubit) ? 1 : 0)) * 4 : 0; + return INSN_GOOD; +} + /* * Prepare an instruction slot to receive an instruction for emulating. * This is done by placing a subroutine return after the location where the @@ -425,6 +444,8 @@ probes_decode_insn(probes_opcode_t insn, struct arch_probes_insn *asi, */ probes_opcode_t origin_insn = insn; + asi->stack_space = 0; + if (emulate) insn = prepare_emulated_insn(insn, asi, thumb); @@ -503,3 +524,46 @@ probes_decode_insn(probes_opcode_t insn, struct arch_probes_insn *asi, } } } + +int __kprobes check_insn_stack_regs(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h, + int imm) +{ + u32 regs = h->type_regs.bits >> DECODE_TYPE_BITS; + int rn = -1, rm = -1, index, add; + asi->stack_space = 0; + + if (((regs >> 16) & 0xf) != REG_TYPE_NONE) + rn = (insn >> 16) & 0xf; + + if ((regs & 0xf) != REG_TYPE_NONE) + rm = insn & 0xf; + + if ((rn != 13) && (rm != 13)) + return NOT_STACK_STORE; + + index = insn & (1 << 24); + add = insn & (1 << 23); + + if (!index) + return NOT_STACK_STORE; + + /* + * Even if insn is 'str r0, [sp], +', Rm may less than 0. + * Therefore if both Rn and Rm are registers and !index, + * We are unable to determine whether it is a stack store. + */ + if ((rn != -1) && (rm != -1)) { + asi->stack_space = -1; + return STACK_REG; + } + + /* 'str(d/h) r0, [sp], #+/-' */ + /* or 'str(d/h) r0, [sp, #+'] */ + if (add) + return NOT_STACK_STORE; + + asi->stack_space = imm; + return STACK_IMM; +} diff --git a/arch/arm/kernel/probes.h b/arch/arm/kernel/probes.h index b4bf1f5..b52629c 100644 --- a/arch/arm/kernel/probes.h +++ b/arch/arm/kernel/probes.h @@ -413,4 +413,17 @@ probes_decode_insn(probes_opcode_t insn, struct arch_probes_insn *asi, const union decode_action *actions, const struct decode_checker **checkers); +enum probes_insn __kprobes chk_stack_stm(probes_opcode_t, + struct arch_probes_insn *, + const struct decode_header *); + +enum { + NOT_STACK_STORE, + STACK_REG, + STACK_IMM, +}; +int __kprobes check_insn_stack_regs(probes_opcode_t insn, + struct arch_probes_insn *asi, + const struct decode_header *h, + int imm); #endif