2 * arch/arm/kernel/kprobes-decode.c
4 * Copyright (C) 2006, 2007 Motorola Inc.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
17 * We do not have hardware single-stepping on ARM, This
18 * effort is further complicated by the ARM not having a
19 * "next PC" register. Instructions that change the PC
20 * can't be safely single-stepped in a MP environment, so
21 * we have a lot of work to do:
23 * In the prepare phase:
24 * *) If it is an instruction that does anything
25 * with the CPU mode, we reject it for a kprobe.
26 * (This is out of laziness rather than need. The
27 * instructions could be simulated.)
29 * *) Otherwise, decode the instruction rewriting its
30 * registers to take fixed, ordered registers and
31 * setting a handler for it to run the instruction.
33 * In the execution phase by an instruction's handler:
35 * *) If the PC is written to by the instruction, the
36 * instruction must be fully simulated in software.
38 * *) Otherwise, a modified form of the instruction is
39 * directly executed. Its handler calls the
40 * instruction in insn[0]. In insn[1] is a
41 * "mov pc, lr" to return.
43 * Before calling, load up the reordered registers
44 * from the original instruction's registers. If one
45 * of the original input registers is the PC, compute
46 * and adjust the appropriate input register.
48 * After call completes, copy the output registers to
49 * the original instruction's original registers.
51 * We don't use a real breakpoint instruction since that
52 * would have us in the kernel go from SVC mode to SVC
53 * mode losing the link register. Instead we use an
54 * undefined instruction. To simplify processing, the
55 * undefined instruction used for kprobes must be reserved
56 * exclusively for kprobes use.
58 * TODO: ifdef out some instruction decoding based on architecture.
61 #include <linux/kernel.h>
62 #include <linux/kprobes.h>
66 #define sign_extend(x, signbit) ((x) | (0 - ((x) & (1 << (signbit)))))
68 #define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25)
70 #if __LINUX_ARM_ARCH__ >= 6
71 #define BLX(reg) "blx "reg" \n\t"
73 #define BLX(reg) "mov lr, pc \n\t" \
77 #define is_r15(insn, bitpos) (((insn) & (0xf << bitpos)) == (0xf << bitpos))
79 #define PSR_fs (PSR_f|PSR_s)
81 #define KPROBE_RETURN_INSTRUCTION 0xe1a0f00e /* mov pc, lr */
83 typedef long (insn_0arg_fn_t)(void);
84 typedef long (insn_1arg_fn_t)(long);
85 typedef long (insn_2arg_fn_t)(long, long);
86 typedef long (insn_3arg_fn_t)(long, long, long);
87 typedef long (insn_4arg_fn_t)(long, long, long, long);
88 typedef long long (insn_llret_0arg_fn_t)(void);
89 typedef long long (insn_llret_3arg_fn_t)(long, long, long);
90 typedef long long (insn_llret_4arg_fn_t)(long, long, long, long);
94 #ifdef __LITTLE_ENDIAN
95 struct { long r0, r1; };
97 struct { long r1, r0; };
102 * The insnslot_?arg_r[w]flags() functions below are to keep the
103 * msr -> *fn -> mrs instruction sequences indivisible so that
104 * the state of the CPSR flags aren't inadvertently modified
105 * just before or just after the call.
108 static inline long __kprobes
109 insnslot_0arg_rflags(long cpsr, insn_0arg_fn_t *fn)
111 register long ret asm("r0");
113 __asm__ __volatile__ (
114 "msr cpsr_fs, %[cpsr] \n\t"
118 : [cpsr] "r" (cpsr), [fn] "r" (fn)
124 static inline long long __kprobes
125 insnslot_llret_0arg_rflags(long cpsr, insn_llret_0arg_fn_t *fn)
127 register long ret0 asm("r0");
128 register long ret1 asm("r1");
131 __asm__ __volatile__ (
132 "msr cpsr_fs, %[cpsr] \n\t"
135 : "=r" (ret0), "=r" (ret1)
136 : [cpsr] "r" (cpsr), [fn] "r" (fn)
144 static inline long __kprobes
145 insnslot_1arg_rflags(long r0, long cpsr, insn_1arg_fn_t *fn)
147 register long rr0 asm("r0") = r0;
148 register long ret asm("r0");
150 __asm__ __volatile__ (
151 "msr cpsr_fs, %[cpsr] \n\t"
155 : "0" (rr0), [cpsr] "r" (cpsr), [fn] "r" (fn)
161 static inline long __kprobes
162 insnslot_2arg_rflags(long r0, long r1, long cpsr, insn_2arg_fn_t *fn)
164 register long rr0 asm("r0") = r0;
165 register long rr1 asm("r1") = r1;
166 register long ret asm("r0");
168 __asm__ __volatile__ (
169 "msr cpsr_fs, %[cpsr] \n\t"
173 : "0" (rr0), "r" (rr1),
174 [cpsr] "r" (cpsr), [fn] "r" (fn)
180 static inline long __kprobes
181 insnslot_3arg_rflags(long r0, long r1, long r2, long cpsr, insn_3arg_fn_t *fn)
183 register long rr0 asm("r0") = r0;
184 register long rr1 asm("r1") = r1;
185 register long rr2 asm("r2") = r2;
186 register long ret asm("r0");
188 __asm__ __volatile__ (
189 "msr cpsr_fs, %[cpsr] \n\t"
193 : "0" (rr0), "r" (rr1), "r" (rr2),
194 [cpsr] "r" (cpsr), [fn] "r" (fn)
200 static inline long long __kprobes
201 insnslot_llret_3arg_rflags(long r0, long r1, long r2, long cpsr,
202 insn_llret_3arg_fn_t *fn)
204 register long rr0 asm("r0") = r0;
205 register long rr1 asm("r1") = r1;
206 register long rr2 asm("r2") = r2;
207 register long ret0 asm("r0");
208 register long ret1 asm("r1");
211 __asm__ __volatile__ (
212 "msr cpsr_fs, %[cpsr] \n\t"
215 : "=r" (ret0), "=r" (ret1)
216 : "0" (rr0), "r" (rr1), "r" (rr2),
217 [cpsr] "r" (cpsr), [fn] "r" (fn)
225 static inline long __kprobes
226 insnslot_4arg_rflags(long r0, long r1, long r2, long r3, long cpsr,
229 register long rr0 asm("r0") = r0;
230 register long rr1 asm("r1") = r1;
231 register long rr2 asm("r2") = r2;
232 register long rr3 asm("r3") = r3;
233 register long ret asm("r0");
235 __asm__ __volatile__ (
236 "msr cpsr_fs, %[cpsr] \n\t"
240 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
241 [cpsr] "r" (cpsr), [fn] "r" (fn)
247 static inline long __kprobes
248 insnslot_1arg_rwflags(long r0, long *cpsr, insn_1arg_fn_t *fn)
250 register long rr0 asm("r0") = r0;
251 register long ret asm("r0");
252 long oldcpsr = *cpsr;
255 __asm__ __volatile__ (
256 "msr cpsr_fs, %[oldcpsr] \n\t"
259 "mrs %[newcpsr], cpsr \n\t"
260 : "=r" (ret), [newcpsr] "=r" (newcpsr)
261 : "0" (rr0), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
264 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
268 static inline long __kprobes
269 insnslot_2arg_rwflags(long r0, long r1, long *cpsr, insn_2arg_fn_t *fn)
271 register long rr0 asm("r0") = r0;
272 register long rr1 asm("r1") = r1;
273 register long ret asm("r0");
274 long oldcpsr = *cpsr;
277 __asm__ __volatile__ (
278 "msr cpsr_fs, %[oldcpsr] \n\t"
281 "mrs %[newcpsr], cpsr \n\t"
282 : "=r" (ret), [newcpsr] "=r" (newcpsr)
283 : "0" (rr0), "r" (rr1), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
286 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
290 static inline long __kprobes
291 insnslot_3arg_rwflags(long r0, long r1, long r2, long *cpsr,
294 register long rr0 asm("r0") = r0;
295 register long rr1 asm("r1") = r1;
296 register long rr2 asm("r2") = r2;
297 register long ret asm("r0");
298 long oldcpsr = *cpsr;
301 __asm__ __volatile__ (
302 "msr cpsr_fs, %[oldcpsr] \n\t"
305 "mrs %[newcpsr], cpsr \n\t"
306 : "=r" (ret), [newcpsr] "=r" (newcpsr)
307 : "0" (rr0), "r" (rr1), "r" (rr2),
308 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
311 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
315 static inline long __kprobes
316 insnslot_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
319 register long rr0 asm("r0") = r0;
320 register long rr1 asm("r1") = r1;
321 register long rr2 asm("r2") = r2;
322 register long rr3 asm("r3") = r3;
323 register long ret asm("r0");
324 long oldcpsr = *cpsr;
327 __asm__ __volatile__ (
328 "msr cpsr_fs, %[oldcpsr] \n\t"
331 "mrs %[newcpsr], cpsr \n\t"
332 : "=r" (ret), [newcpsr] "=r" (newcpsr)
333 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
334 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
337 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
341 static inline long long __kprobes
342 insnslot_llret_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
343 insn_llret_4arg_fn_t *fn)
345 register long rr0 asm("r0") = r0;
346 register long rr1 asm("r1") = r1;
347 register long rr2 asm("r2") = r2;
348 register long rr3 asm("r3") = r3;
349 register long ret0 asm("r0");
350 register long ret1 asm("r1");
351 long oldcpsr = *cpsr;
355 __asm__ __volatile__ (
356 "msr cpsr_fs, %[oldcpsr] \n\t"
359 "mrs %[newcpsr], cpsr \n\t"
360 : "=r" (ret0), "=r" (ret1), [newcpsr] "=r" (newcpsr)
361 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
362 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
365 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
372 * To avoid the complications of mimicing single-stepping on a
373 * processor without a Next-PC or a single-step mode, and to
374 * avoid having to deal with the side-effects of boosting, we
375 * simulate or emulate (almost) all ARM instructions.
377 * "Simulation" is where the instruction's behavior is duplicated in
378 * C code. "Emulation" is where the original instruction is rewritten
379 * and executed, often by altering its registers.
381 * By having all behavior of the kprobe'd instruction completed before
382 * returning from the kprobe_handler(), all locks (scheduler and
383 * interrupt) can safely be released. There is no need for secondary
384 * breakpoints, no race with MP or preemptable kernels, nor having to
385 * clean up resources counts at a later time impacting overall system
386 * performance. By rewriting the instruction, only the minimum registers
387 * need to be loaded and saved back optimizing performance.
389 * Calling the insnslot_*_rwflags version of a function doesn't hurt
390 * anything even when the CPSR flags aren't updated by the
391 * instruction. It's just a little slower in return for saving
392 * a little space by not having a duplicate function that doesn't
393 * update the flags. (The same optimization can be said for
394 * instructions that do or don't perform register writeback)
395 * Also, instructions can either read the flags, only write the
396 * flags, or read and write the flags. To save combinations
397 * rather than for sheer performance, flag functions just assume
398 * read and write of flags.
401 static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs)
403 kprobe_opcode_t insn = p->opcode;
404 long iaddr = (long)p->addr;
405 int disp = branch_displacement(insn);
407 if (insn & (1 << 24))
408 regs->ARM_lr = iaddr + 4;
410 regs->ARM_pc = iaddr + 8 + disp;
413 static void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs)
415 kprobe_opcode_t insn = p->opcode;
416 long iaddr = (long)p->addr;
417 int disp = branch_displacement(insn);
419 regs->ARM_lr = iaddr + 4;
420 regs->ARM_pc = iaddr + 8 + disp + ((insn >> 23) & 0x2);
421 regs->ARM_cpsr |= PSR_T_BIT;
424 static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs)
426 kprobe_opcode_t insn = p->opcode;
428 long rmv = regs->uregs[rm];
431 regs->ARM_lr = (long)p->addr + 4;
433 regs->ARM_pc = rmv & ~0x1;
434 regs->ARM_cpsr &= ~PSR_T_BIT;
436 regs->ARM_cpsr |= PSR_T_BIT;
439 static void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs)
441 kprobe_opcode_t insn = p->opcode;
442 int rd = (insn >> 12) & 0xf;
443 unsigned long mask = 0xf8ff03df; /* Mask out execution state */
444 regs->uregs[rd] = regs->ARM_cpsr & mask;
447 static void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs)
449 regs->uregs[12] = regs->uregs[13];
452 static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs)
454 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
455 kprobe_opcode_t insn = p->opcode;
456 long ppc = (long)p->addr + 8;
457 int rd = (insn >> 12) & 0xf;
458 int rn = (insn >> 16) & 0xf;
459 int rm = insn & 0xf; /* rm may be invalid, don't care. */
460 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
461 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
463 /* Not following the C calling convention here, so need asm(). */
464 __asm__ __volatile__ (
467 "msr cpsr_fs, %[cpsr]\n\t"
469 "mov pc, %[i_fn] \n\t"
470 "str r0, %[rn] \n\t" /* in case of writeback */
471 "str r2, %[rd0] \n\t"
472 "str r3, %[rd1] \n\t"
474 [rd0] "=m" (regs->uregs[rd]),
475 [rd1] "=m" (regs->uregs[rd+1])
477 [cpsr] "r" (regs->ARM_cpsr),
479 : "r0", "r1", "r2", "r3", "lr", "cc"
481 if (is_writeback(insn))
482 regs->uregs[rn] = rnv;
485 static void __kprobes emulate_strd(struct kprobe *p, struct pt_regs *regs)
487 insn_4arg_fn_t *i_fn = (insn_4arg_fn_t *)&p->ainsn.insn[0];
488 kprobe_opcode_t insn = p->opcode;
489 long ppc = (long)p->addr + 8;
490 int rd = (insn >> 12) & 0xf;
491 int rn = (insn >> 16) & 0xf;
493 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
494 /* rm/rmv may be invalid, don't care. */
495 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
498 rnv_wb = insnslot_4arg_rflags(rnv, rmv, regs->uregs[rd],
500 regs->ARM_cpsr, i_fn);
501 if (is_writeback(insn))
502 regs->uregs[rn] = rnv_wb;
505 static void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs)
507 insn_llret_3arg_fn_t *i_fn = (insn_llret_3arg_fn_t *)&p->ainsn.insn[0];
508 kprobe_opcode_t insn = p->opcode;
509 long ppc = (long)p->addr + 8;
511 int rd = (insn >> 12) & 0xf;
512 int rn = (insn >> 16) & 0xf;
515 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
516 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
517 long cpsr = regs->ARM_cpsr;
519 fnr.dr = insnslot_llret_3arg_rflags(rnv, 0, rmv, cpsr, i_fn);
521 regs->uregs[rn] = fnr.r0; /* Save Rn in case of writeback. */
525 #if __LINUX_ARM_ARCH__ >= 5
529 regs->ARM_cpsr = cpsr;
535 regs->uregs[rd] = rdv;
538 static void __kprobes emulate_str(struct kprobe *p, struct pt_regs *regs)
540 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
541 kprobe_opcode_t insn = p->opcode;
542 long iaddr = (long)p->addr;
543 int rd = (insn >> 12) & 0xf;
544 int rn = (insn >> 16) & 0xf;
546 long rdv = (rd == 15) ? iaddr + str_pc_offset : regs->uregs[rd];
547 long rnv = (rn == 15) ? iaddr + 8 : regs->uregs[rn];
548 long rmv = regs->uregs[rm]; /* rm/rmv may be invalid, don't care. */
551 rnv_wb = insnslot_3arg_rflags(rnv, rdv, rmv, regs->ARM_cpsr, i_fn);
553 regs->uregs[rn] = rnv_wb; /* Save Rn in case of writeback. */
556 static void __kprobes emulate_sat(struct kprobe *p, struct pt_regs *regs)
558 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
559 kprobe_opcode_t insn = p->opcode;
560 int rd = (insn >> 12) & 0xf;
562 long rmv = regs->uregs[rm];
565 regs->uregs[rd] = insnslot_1arg_rwflags(rmv, ®s->ARM_cpsr, i_fn);
568 static void __kprobes emulate_sel(struct kprobe *p, struct pt_regs *regs)
570 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
571 kprobe_opcode_t insn = p->opcode;
572 int rd = (insn >> 12) & 0xf;
573 int rn = (insn >> 16) & 0xf;
575 long rnv = regs->uregs[rn];
576 long rmv = regs->uregs[rm];
579 regs->uregs[rd] = insnslot_2arg_rflags(rnv, rmv, regs->ARM_cpsr, i_fn);
582 static void __kprobes emulate_none(struct kprobe *p, struct pt_regs *regs)
584 insn_0arg_fn_t *i_fn = (insn_0arg_fn_t *)&p->ainsn.insn[0];
586 insnslot_0arg_rflags(regs->ARM_cpsr, i_fn);
589 static void __kprobes emulate_nop(struct kprobe *p, struct pt_regs *regs)
593 static void __kprobes
594 emulate_rd12_modify(struct kprobe *p, struct pt_regs *regs)
596 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
597 kprobe_opcode_t insn = p->opcode;
598 int rd = (insn >> 12) & 0xf;
599 long rdv = regs->uregs[rd];
601 regs->uregs[rd] = insnslot_1arg_rflags(rdv, regs->ARM_cpsr, i_fn);
604 static void __kprobes
605 emulate_rd12rn0_modify(struct kprobe *p, struct pt_regs *regs)
607 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
608 kprobe_opcode_t insn = p->opcode;
609 int rd = (insn >> 12) & 0xf;
611 long rdv = regs->uregs[rd];
612 long rnv = regs->uregs[rn];
614 regs->uregs[rd] = insnslot_2arg_rflags(rdv, rnv, regs->ARM_cpsr, i_fn);
617 static void __kprobes emulate_rd12rm0(struct kprobe *p, struct pt_regs *regs)
619 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
620 kprobe_opcode_t insn = p->opcode;
621 int rd = (insn >> 12) & 0xf;
623 long rmv = regs->uregs[rm];
625 regs->uregs[rd] = insnslot_1arg_rflags(rmv, regs->ARM_cpsr, i_fn);
628 static void __kprobes
629 emulate_rd12rn16rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
631 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
632 kprobe_opcode_t insn = p->opcode;
633 int rd = (insn >> 12) & 0xf;
634 int rn = (insn >> 16) & 0xf;
636 long rnv = regs->uregs[rn];
637 long rmv = regs->uregs[rm];
640 insnslot_2arg_rwflags(rnv, rmv, ®s->ARM_cpsr, i_fn);
643 static void __kprobes
644 emulate_rd16rn12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
646 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
647 kprobe_opcode_t insn = p->opcode;
648 int rd = (insn >> 16) & 0xf;
649 int rn = (insn >> 12) & 0xf;
650 int rs = (insn >> 8) & 0xf;
652 long rnv = regs->uregs[rn];
653 long rsv = regs->uregs[rs];
654 long rmv = regs->uregs[rm];
657 insnslot_3arg_rwflags(rnv, rsv, rmv, ®s->ARM_cpsr, i_fn);
660 static void __kprobes
661 emulate_rd16rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
663 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
664 kprobe_opcode_t insn = p->opcode;
665 int rd = (insn >> 16) & 0xf;
666 int rs = (insn >> 8) & 0xf;
668 long rsv = regs->uregs[rs];
669 long rmv = regs->uregs[rm];
672 insnslot_2arg_rwflags(rsv, rmv, ®s->ARM_cpsr, i_fn);
675 static void __kprobes
676 emulate_rdhi16rdlo12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
678 insn_llret_4arg_fn_t *i_fn = (insn_llret_4arg_fn_t *)&p->ainsn.insn[0];
679 kprobe_opcode_t insn = p->opcode;
681 int rdhi = (insn >> 16) & 0xf;
682 int rdlo = (insn >> 12) & 0xf;
683 int rs = (insn >> 8) & 0xf;
685 long rsv = regs->uregs[rs];
686 long rmv = regs->uregs[rm];
688 fnr.dr = insnslot_llret_4arg_rwflags(regs->uregs[rdhi],
689 regs->uregs[rdlo], rsv, rmv,
690 ®s->ARM_cpsr, i_fn);
691 regs->uregs[rdhi] = fnr.r0;
692 regs->uregs[rdlo] = fnr.r1;
695 static void __kprobes
696 emulate_alu_imm_rflags(struct kprobe *p, struct pt_regs *regs)
698 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
699 kprobe_opcode_t insn = p->opcode;
700 int rd = (insn >> 12) & 0xf;
701 int rn = (insn >> 16) & 0xf;
702 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
704 regs->uregs[rd] = insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn);
707 static void __kprobes
708 emulate_alu_imm_rwflags(struct kprobe *p, struct pt_regs *regs)
710 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
711 kprobe_opcode_t insn = p->opcode;
712 int rd = (insn >> 12) & 0xf;
713 int rn = (insn >> 16) & 0xf;
714 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
716 regs->uregs[rd] = insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn);
719 static void __kprobes
720 emulate_alu_tests_imm(struct kprobe *p, struct pt_regs *regs)
722 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
723 kprobe_opcode_t insn = p->opcode;
724 int rn = (insn >> 16) & 0xf;
725 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
727 insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn);
730 static void __kprobes
731 emulate_alu_rflags(struct kprobe *p, struct pt_regs *regs)
733 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
734 kprobe_opcode_t insn = p->opcode;
735 long ppc = (long)p->addr + 8;
736 int rd = (insn >> 12) & 0xf;
737 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */
738 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */
740 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
741 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
742 long rsv = regs->uregs[rs];
745 insnslot_3arg_rflags(rnv, rmv, rsv, regs->ARM_cpsr, i_fn);
748 static void __kprobes
749 emulate_alu_rwflags(struct kprobe *p, struct pt_regs *regs)
751 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
752 kprobe_opcode_t insn = p->opcode;
753 long ppc = (long)p->addr + 8;
754 int rd = (insn >> 12) & 0xf;
755 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */
756 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */
758 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
759 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
760 long rsv = regs->uregs[rs];
763 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn);
766 static void __kprobes
767 emulate_alu_tests(struct kprobe *p, struct pt_regs *regs)
769 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
770 kprobe_opcode_t insn = p->opcode;
771 long ppc = (long)p->addr + 8;
772 int rn = (insn >> 16) & 0xf;
773 int rs = (insn >> 8) & 0xf; /* rs/rsv may be invalid, don't care. */
775 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
776 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
777 long rsv = regs->uregs[rs];
779 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn);
782 static enum kprobe_insn __kprobes
783 prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi)
785 int not_imm = (insn & (1 << 26)) ? (insn & (1 << 25))
786 : (~insn & (1 << 22));
788 if (is_writeback(insn) && is_r15(insn, 16))
789 return INSN_REJECTED; /* Writeback to PC */
792 insn |= 0x00001000; /* Rn = r0, Rd = r1 */
795 insn |= 2; /* Rm = r2 */
798 asi->insn_handler = (insn & (1 << 20)) ? emulate_ldr : emulate_str;
802 static enum kprobe_insn __kprobes
803 prep_emulate_rd12_modify(kprobe_opcode_t insn, struct arch_specific_insn *asi)
805 if (is_r15(insn, 12))
806 return INSN_REJECTED; /* Rd is PC */
808 insn &= 0xffff0fff; /* Rd = r0 */
810 asi->insn_handler = emulate_rd12_modify;
814 static enum kprobe_insn __kprobes
815 prep_emulate_rd12rn0_modify(kprobe_opcode_t insn,
816 struct arch_specific_insn *asi)
818 if (is_r15(insn, 12))
819 return INSN_REJECTED; /* Rd is PC */
821 insn &= 0xffff0ff0; /* Rd = r0 */
822 insn |= 0x00000001; /* Rn = r1 */
824 asi->insn_handler = emulate_rd12rn0_modify;
828 static enum kprobe_insn __kprobes
829 prep_emulate_rd12rm0(kprobe_opcode_t insn, struct arch_specific_insn *asi)
831 if (is_r15(insn, 12))
832 return INSN_REJECTED; /* Rd is PC */
834 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
836 asi->insn_handler = emulate_rd12rm0;
840 static enum kprobe_insn __kprobes
841 prep_emulate_rd12rn16rm0_wflags(kprobe_opcode_t insn,
842 struct arch_specific_insn *asi)
844 if (is_r15(insn, 12))
845 return INSN_REJECTED; /* Rd is PC */
847 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
848 insn |= 0x00000001; /* Rm = r1 */
850 asi->insn_handler = emulate_rd12rn16rm0_rwflags;
854 static enum kprobe_insn __kprobes
855 prep_emulate_rd16rs8rm0_wflags(kprobe_opcode_t insn,
856 struct arch_specific_insn *asi)
858 if (is_r15(insn, 16))
859 return INSN_REJECTED; /* Rd is PC */
861 insn &= 0xfff0f0f0; /* Rd = r0, Rs = r0 */
862 insn |= 0x00000001; /* Rm = r1 */
864 asi->insn_handler = emulate_rd16rs8rm0_rwflags;
868 static enum kprobe_insn __kprobes
869 prep_emulate_rd16rn12rs8rm0_wflags(kprobe_opcode_t insn,
870 struct arch_specific_insn *asi)
872 if (is_r15(insn, 16))
873 return INSN_REJECTED; /* Rd is PC */
875 insn &= 0xfff000f0; /* Rd = r0, Rn = r0 */
876 insn |= 0x00000102; /* Rs = r1, Rm = r2 */
878 asi->insn_handler = emulate_rd16rn12rs8rm0_rwflags;
882 static enum kprobe_insn __kprobes
883 prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn,
884 struct arch_specific_insn *asi)
886 if (is_r15(insn, 16) || is_r15(insn, 12))
887 return INSN_REJECTED; /* RdHi or RdLo is PC */
889 insn &= 0xfff000f0; /* RdHi = r0, RdLo = r1 */
890 insn |= 0x00001203; /* Rs = r2, Rm = r3 */
892 asi->insn_handler = emulate_rdhi16rdlo12rs8rm0_rwflags;
896 static void __kprobes
897 emulate_ldrdstrd(struct kprobe *p, struct pt_regs *regs)
899 kprobe_opcode_t insn = p->opcode;
900 unsigned long pc = (unsigned long)p->addr + 8;
901 int rt = (insn >> 12) & 0xf;
902 int rn = (insn >> 16) & 0xf;
905 register unsigned long rtv asm("r0") = regs->uregs[rt];
906 register unsigned long rt2v asm("r1") = regs->uregs[rt+1];
907 register unsigned long rnv asm("r2") = (rn == 15) ? pc
909 register unsigned long rmv asm("r3") = regs->uregs[rm];
911 __asm__ __volatile__ (
913 : "=r" (rtv), "=r" (rt2v), "=r" (rnv)
914 : "0" (rtv), "1" (rt2v), "2" (rnv), "r" (rmv),
915 [fn] "r" (p->ainsn.insn_fn)
916 : "lr", "memory", "cc"
919 regs->uregs[rt] = rtv;
920 regs->uregs[rt+1] = rt2v;
921 if (is_writeback(insn))
922 regs->uregs[rn] = rnv;
925 static void __kprobes
926 emulate_rd12rn16rm0rs8_rwflags(struct kprobe *p, struct pt_regs *regs)
928 kprobe_opcode_t insn = p->opcode;
929 unsigned long pc = (unsigned long)p->addr + 8;
930 int rd = (insn >> 12) & 0xf;
931 int rn = (insn >> 16) & 0xf;
933 int rs = (insn >> 8) & 0xf;
935 register unsigned long rdv asm("r0") = regs->uregs[rd];
936 register unsigned long rnv asm("r2") = (rn == 15) ? pc
938 register unsigned long rmv asm("r3") = (rm == 15) ? pc
940 register unsigned long rsv asm("r1") = regs->uregs[rs];
941 unsigned long cpsr = regs->ARM_cpsr;
943 __asm__ __volatile__ (
944 "msr cpsr_fs, %[cpsr] \n\t"
946 "mrs %[cpsr], cpsr \n\t"
947 : "=r" (rdv), [cpsr] "=r" (cpsr)
948 : "0" (rdv), "r" (rnv), "r" (rmv), "r" (rsv),
949 "1" (cpsr), [fn] "r" (p->ainsn.insn_fn)
950 : "lr", "memory", "cc"
954 alu_write_pc(rdv, regs);
956 regs->uregs[rd] = rdv;
957 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
961 * For the instruction masking and comparisons in all the "space_*"
962 * functions below, Do _not_ rearrange the order of tests unless
963 * you're very, very sure of what you are doing. For the sake of
964 * efficiency, the masks for some tests sometimes assume other test
965 * have been done prior to them so the number of patterns to test
966 * for an instruction set can be as broad as possible to reduce the
967 * number of tests needed.
970 static const union decode_item arm_1111_table[] = {
971 /* Unconditional instructions */
973 /* memory hint 1111 0100 x001 xxxx xxxx xxxx xxxx xxxx */
974 /* PLDI (immediate) 1111 0100 x101 xxxx xxxx xxxx xxxx xxxx */
975 /* PLDW (immediate) 1111 0101 x001 xxxx xxxx xxxx xxxx xxxx */
976 /* PLD (immediate) 1111 0101 x101 xxxx xxxx xxxx xxxx xxxx */
977 DECODE_SIMULATE (0xfe300000, 0xf4100000, kprobe_simulate_nop),
979 /* BLX (immediate) 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx */
980 DECODE_SIMULATE (0xfe000000, 0xfa000000, simulate_blx1),
982 /* CPS 1111 0001 0000 xxx0 xxxx xxxx xx0x xxxx */
983 /* SETEND 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */
984 /* SRS 1111 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
985 /* RFE 1111 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
987 /* Coprocessor instructions... */
988 /* MCRR2 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx */
989 /* MRRC2 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx */
990 /* LDC2 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
991 /* STC2 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
992 /* CDP2 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
993 /* MCR2 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
994 /* MRC2 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
996 /* Other unallocated instructions... */
1000 static const union decode_item arm_cccc_000x_table[] = {
1001 /* Data-processing (register) */
1003 /* <op>S PC, ... cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx */
1004 DECODE_REJECT (0x0e10f000, 0x0010f000),
1006 /* MOV IP, SP 1110 0001 1010 0000 1100 0000 0000 1101 */
1007 DECODE_SIMULATE (0xffffffff, 0xe1a0c00d, simulate_mov_ipsp),
1009 /* TST (register) cccc 0001 0001 xxxx xxxx xxxx xxx0 xxxx */
1010 /* TEQ (register) cccc 0001 0011 xxxx xxxx xxxx xxx0 xxxx */
1011 /* CMP (register) cccc 0001 0101 xxxx xxxx xxxx xxx0 xxxx */
1012 /* CMN (register) cccc 0001 0111 xxxx xxxx xxxx xxx0 xxxx */
1013 DECODE_EMULATEX (0x0f900010, 0x01100000, emulate_rd12rn16rm0rs8_rwflags,
1014 REGS(ANY, 0, 0, 0, ANY)),
1016 /* MOV (register) cccc 0001 101x xxxx xxxx xxxx xxx0 xxxx */
1017 /* MVN (register) cccc 0001 111x xxxx xxxx xxxx xxx0 xxxx */
1018 DECODE_EMULATEX (0x0fa00010, 0x01a00000, emulate_rd12rn16rm0rs8_rwflags,
1019 REGS(0, ANY, 0, 0, ANY)),
1021 /* AND (register) cccc 0000 000x xxxx xxxx xxxx xxx0 xxxx */
1022 /* EOR (register) cccc 0000 001x xxxx xxxx xxxx xxx0 xxxx */
1023 /* SUB (register) cccc 0000 010x xxxx xxxx xxxx xxx0 xxxx */
1024 /* RSB (register) cccc 0000 011x xxxx xxxx xxxx xxx0 xxxx */
1025 /* ADD (register) cccc 0000 100x xxxx xxxx xxxx xxx0 xxxx */
1026 /* ADC (register) cccc 0000 101x xxxx xxxx xxxx xxx0 xxxx */
1027 /* SBC (register) cccc 0000 110x xxxx xxxx xxxx xxx0 xxxx */
1028 /* RSC (register) cccc 0000 111x xxxx xxxx xxxx xxx0 xxxx */
1029 /* ORR (register) cccc 0001 100x xxxx xxxx xxxx xxx0 xxxx */
1030 /* BIC (register) cccc 0001 110x xxxx xxxx xxxx xxx0 xxxx */
1031 DECODE_EMULATEX (0x0e000010, 0x00000000, emulate_rd12rn16rm0rs8_rwflags,
1032 REGS(ANY, ANY, 0, 0, ANY)),
1034 /* TST (reg-shift reg) cccc 0001 0001 xxxx xxxx xxxx 0xx1 xxxx */
1035 /* TEQ (reg-shift reg) cccc 0001 0011 xxxx xxxx xxxx 0xx1 xxxx */
1036 /* CMP (reg-shift reg) cccc 0001 0101 xxxx xxxx xxxx 0xx1 xxxx */
1037 /* CMN (reg-shift reg) cccc 0001 0111 xxxx xxxx xxxx 0xx1 xxxx */
1038 DECODE_EMULATEX (0x0f900090, 0x01100010, emulate_rd12rn16rm0rs8_rwflags,
1039 REGS(ANY, 0, NOPC, 0, ANY)),
1041 /* MOV (reg-shift reg) cccc 0001 101x xxxx xxxx xxxx 0xx1 xxxx */
1042 /* MVN (reg-shift reg) cccc 0001 111x xxxx xxxx xxxx 0xx1 xxxx */
1043 DECODE_EMULATEX (0x0fa00090, 0x01a00010, emulate_rd12rn16rm0rs8_rwflags,
1044 REGS(0, ANY, NOPC, 0, ANY)),
1046 /* AND (reg-shift reg) cccc 0000 000x xxxx xxxx xxxx 0xx1 xxxx */
1047 /* EOR (reg-shift reg) cccc 0000 001x xxxx xxxx xxxx 0xx1 xxxx */
1048 /* SUB (reg-shift reg) cccc 0000 010x xxxx xxxx xxxx 0xx1 xxxx */
1049 /* RSB (reg-shift reg) cccc 0000 011x xxxx xxxx xxxx 0xx1 xxxx */
1050 /* ADD (reg-shift reg) cccc 0000 100x xxxx xxxx xxxx 0xx1 xxxx */
1051 /* ADC (reg-shift reg) cccc 0000 101x xxxx xxxx xxxx 0xx1 xxxx */
1052 /* SBC (reg-shift reg) cccc 0000 110x xxxx xxxx xxxx 0xx1 xxxx */
1053 /* RSC (reg-shift reg) cccc 0000 111x xxxx xxxx xxxx 0xx1 xxxx */
1054 /* ORR (reg-shift reg) cccc 0001 100x xxxx xxxx xxxx 0xx1 xxxx */
1055 /* BIC (reg-shift reg) cccc 0001 110x xxxx xxxx xxxx 0xx1 xxxx */
1056 DECODE_EMULATEX (0x0e000090, 0x00000010, emulate_rd12rn16rm0rs8_rwflags,
1057 REGS(ANY, ANY, NOPC, 0, ANY)),
1062 static enum kprobe_insn __kprobes
1063 space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1065 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx xxx0 xxxx */
1066 if ((insn & 0x0f900010) == 0x01000000) {
1068 /* MRS cpsr : cccc 0001 0000 xxxx xxxx xxxx 0000 xxxx */
1069 if ((insn & 0x0ff000f0) == 0x01000000) {
1070 if (is_r15(insn, 12))
1071 return INSN_REJECTED; /* Rd is PC */
1072 asi->insn_handler = simulate_mrs;
1073 return INSN_GOOD_NO_SLOT;
1076 /* SMLALxy : cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */
1077 if ((insn & 0x0ff00090) == 0x01400080)
1078 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn,
1081 /* SMULWy : cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */
1082 /* SMULxy : cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */
1083 if ((insn & 0x0ff000b0) == 0x012000a0 ||
1084 (insn & 0x0ff00090) == 0x01600080)
1085 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1087 /* SMLAxy : cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx : Q */
1088 /* SMLAWy : cccc 0001 0010 xxxx xxxx xxxx 1x00 xxxx : Q */
1089 if ((insn & 0x0ff00090) == 0x01000080 ||
1090 (insn & 0x0ff000b0) == 0x01200080)
1091 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1093 /* BXJ : cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */
1094 /* MSR : cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */
1095 /* MRS spsr : cccc 0001 0100 xxxx xxxx xxxx 0000 xxxx */
1097 /* Other instruction encodings aren't yet defined */
1098 return INSN_REJECTED;
1101 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx 0xx1 xxxx */
1102 else if ((insn & 0x0f900090) == 0x01000010) {
1104 /* BLX(2) : cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */
1105 /* BX : cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */
1106 if ((insn & 0x0ff000d0) == 0x01200010) {
1107 if ((insn & 0x0ff000ff) == 0x0120003f)
1108 return INSN_REJECTED; /* BLX pc */
1109 asi->insn_handler = simulate_blx2bx;
1110 return INSN_GOOD_NO_SLOT;
1113 /* CLZ : cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */
1114 if ((insn & 0x0ff000f0) == 0x01600010)
1115 return prep_emulate_rd12rm0(insn, asi);
1117 /* QADD : cccc 0001 0000 xxxx xxxx xxxx 0101 xxxx :Q */
1118 /* QSUB : cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx :Q */
1119 /* QDADD : cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx :Q */
1120 /* QDSUB : cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx :Q */
1121 if ((insn & 0x0f9000f0) == 0x01000050)
1122 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1124 /* BKPT : 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
1125 /* SMC : cccc 0001 0110 xxxx xxxx xxxx 0111 xxxx */
1127 /* Other instruction encodings aren't yet defined */
1128 return INSN_REJECTED;
1131 /* cccc 0000 xxxx xxxx xxxx xxxx xxxx 1001 xxxx */
1132 else if ((insn & 0x0f0000f0) == 0x00000090) {
1134 /* MUL : cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx : */
1135 /* MULS : cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx :cc */
1136 /* MLA : cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx : */
1137 /* MLAS : cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx :cc */
1138 /* UMAAL : cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx : */
1139 /* undef : cccc 0000 0101 xxxx xxxx xxxx 1001 xxxx : */
1140 /* MLS : cccc 0000 0110 xxxx xxxx xxxx 1001 xxxx : */
1141 /* undef : cccc 0000 0111 xxxx xxxx xxxx 1001 xxxx : */
1142 /* UMULL : cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx : */
1143 /* UMULLS : cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx :cc */
1144 /* UMLAL : cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx : */
1145 /* UMLALS : cccc 0000 1011 xxxx xxxx xxxx 1001 xxxx :cc */
1146 /* SMULL : cccc 0000 1100 xxxx xxxx xxxx 1001 xxxx : */
1147 /* SMULLS : cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx :cc */
1148 /* SMLAL : cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx : */
1149 /* SMLALS : cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx :cc */
1150 if ((insn & 0x00d00000) == 0x00500000)
1151 return INSN_REJECTED;
1152 else if ((insn & 0x00e00000) == 0x00000000)
1153 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1154 else if ((insn & 0x00a00000) == 0x00200000)
1155 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1157 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn,
1161 /* cccc 000x xxxx xxxx xxxx xxxx xxxx 1xx1 xxxx */
1162 else if ((insn & 0x0e000090) == 0x00000090) {
1164 /* SWP : cccc 0001 0000 xxxx xxxx xxxx 1001 xxxx */
1165 /* SWPB : cccc 0001 0100 xxxx xxxx xxxx 1001 xxxx */
1166 /* ??? : cccc 0001 0x01 xxxx xxxx xxxx 1001 xxxx */
1167 /* ??? : cccc 0001 0x10 xxxx xxxx xxxx 1001 xxxx */
1168 /* ??? : cccc 0001 0x11 xxxx xxxx xxxx 1001 xxxx */
1169 /* STREX : cccc 0001 1000 xxxx xxxx xxxx 1001 xxxx */
1170 /* LDREX : cccc 0001 1001 xxxx xxxx xxxx 1001 xxxx */
1171 /* STREXD: cccc 0001 1010 xxxx xxxx xxxx 1001 xxxx */
1172 /* LDREXD: cccc 0001 1011 xxxx xxxx xxxx 1001 xxxx */
1173 /* STREXB: cccc 0001 1100 xxxx xxxx xxxx 1001 xxxx */
1174 /* LDREXB: cccc 0001 1101 xxxx xxxx xxxx 1001 xxxx */
1175 /* STREXH: cccc 0001 1110 xxxx xxxx xxxx 1001 xxxx */
1176 /* LDREXH: cccc 0001 1111 xxxx xxxx xxxx 1001 xxxx */
1178 /* LDRD : cccc 000x xxx0 xxxx xxxx xxxx 1101 xxxx */
1179 /* STRD : cccc 000x xxx0 xxxx xxxx xxxx 1111 xxxx */
1180 /* LDRH : cccc 000x xxx1 xxxx xxxx xxxx 1011 xxxx */
1181 /* STRH : cccc 000x xxx0 xxxx xxxx xxxx 1011 xxxx */
1182 /* LDRSB : cccc 000x xxx1 xxxx xxxx xxxx 1101 xxxx */
1183 /* LDRSH : cccc 000x xxx1 xxxx xxxx xxxx 1111 xxxx */
1184 if ((insn & 0x0f0000f0) == 0x01000090) {
1185 if ((insn & 0x0fb000f0) == 0x01000090) {
1187 return prep_emulate_rd12rn16rm0_wflags(insn,
1190 /* STREX/LDREX variants and unallocaed space */
1191 return INSN_REJECTED;
1194 } else if ((insn & 0x0e1000d0) == 0x00000d0) {
1196 if ((insn & 0x0000e000) == 0x0000e000)
1197 return INSN_REJECTED; /* Rd is LR or PC */
1198 if (is_writeback(insn) && is_r15(insn, 16))
1199 return INSN_REJECTED; /* Writeback to PC */
1202 insn |= 0x00002000; /* Rn = r0, Rd = r2 */
1203 if (!(insn & (1 << 22))) {
1204 /* Register index */
1206 insn |= 1; /* Rm = r1 */
1208 asi->insn[0] = insn;
1210 (insn & (1 << 5)) ? emulate_strd : emulate_ldrd;
1214 /* LDRH/STRH/LDRSB/LDRSH */
1215 if (is_r15(insn, 12))
1216 return INSN_REJECTED; /* Rd is PC */
1217 return prep_emulate_ldr_str(insn, asi);
1220 return kprobe_decode_insn(insn, asi, arm_cccc_000x_table, false);
1223 static enum kprobe_insn __kprobes
1224 space_cccc_001x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1226 /* MOVW : cccc 0011 0000 xxxx xxxx xxxx xxxx xxxx */
1227 /* MOVT : cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx */
1228 if ((insn & 0x0fb00000) == 0x03000000)
1229 return prep_emulate_rd12_modify(insn, asi);
1231 /* hints : cccc 0011 0010 0000 xxxx xxxx xxxx xxxx */
1232 if ((insn & 0x0fff0000) == 0x03200000) {
1233 unsigned op2 = insn & 0x000000ff;
1234 if (op2 == 0x01 || op2 == 0x04) {
1235 /* YIELD : cccc 0011 0010 0000 xxxx xxxx 0000 0001 */
1236 /* SEV : cccc 0011 0010 0000 xxxx xxxx 0000 0100 */
1237 asi->insn[0] = insn;
1238 asi->insn_handler = emulate_none;
1240 } else if (op2 <= 0x03) {
1241 /* NOP : cccc 0011 0010 0000 xxxx xxxx 0000 0000 */
1242 /* WFE : cccc 0011 0010 0000 xxxx xxxx 0000 0010 */
1243 /* WFI : cccc 0011 0010 0000 xxxx xxxx 0000 0011 */
1245 * We make WFE and WFI true NOPs to avoid stalls due
1246 * to missing events whilst processing the probe.
1248 asi->insn_handler = emulate_nop;
1249 return INSN_GOOD_NO_SLOT;
1251 /* For DBG and unallocated hints it's safest to reject them */
1252 return INSN_REJECTED;
1256 * MSR : cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx
1257 * ALU op with S bit and Rd == 15 :
1258 * cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx
1260 if ((insn & 0x0fb00000) == 0x03200000 || /* MSR */
1261 (insn & 0x0e10f000) == 0x0210f000) /* ALU s-bit, R15 */
1262 return INSN_REJECTED;
1265 * Data processing: 32-bit Immediate
1266 * ALU op : cccc 001x xxxx xxxx xxxx xxxx xxxx xxxx
1267 * MOV : cccc 0011 101x xxxx xxxx xxxx xxxx xxxx
1268 * *S (bit 20) updates condition codes
1269 * ADC/SBC/RSC reads the C flag
1271 insn &= 0xfff00fff; /* Rn = r0 and Rd = r0 */
1272 asi->insn[0] = insn;
1274 if ((insn & 0x0f900000) == 0x03100000) {
1276 * TST : cccc 0011 0001 xxxx xxxx xxxx xxxx xxxx
1277 * TEQ : cccc 0011 0011 xxxx xxxx xxxx xxxx xxxx
1278 * CMP : cccc 0011 0101 xxxx xxxx xxxx xxxx xxxx
1279 * CMN : cccc 0011 0111 xxxx xxxx xxxx xxxx xxxx
1281 asi->insn_handler = emulate_alu_tests_imm;
1283 /* ALU ops which write to Rd */
1284 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */
1285 emulate_alu_imm_rwflags : emulate_alu_imm_rflags;
1290 static enum kprobe_insn __kprobes
1291 space_cccc_0110__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1293 /* SEL : cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx GE: !!! */
1294 if ((insn & 0x0ff000f0) == 0x068000b0) {
1295 if (is_r15(insn, 12))
1296 return INSN_REJECTED; /* Rd is PC */
1297 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
1298 insn |= 0x00000001; /* Rm = r1 */
1299 asi->insn[0] = insn;
1300 asi->insn_handler = emulate_sel;
1304 /* SSAT : cccc 0110 101x xxxx xxxx xxxx xx01 xxxx :Q */
1305 /* USAT : cccc 0110 111x xxxx xxxx xxxx xx01 xxxx :Q */
1306 /* SSAT16 : cccc 0110 1010 xxxx xxxx xxxx 0011 xxxx :Q */
1307 /* USAT16 : cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx :Q */
1308 if ((insn & 0x0fa00030) == 0x06a00010 ||
1309 (insn & 0x0fb000f0) == 0x06a00030) {
1310 if (is_r15(insn, 12))
1311 return INSN_REJECTED; /* Rd is PC */
1312 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
1313 asi->insn[0] = insn;
1314 asi->insn_handler = emulate_sat;
1318 /* REV : cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */
1319 /* REV16 : cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */
1320 /* RBIT : cccc 0110 1111 xxxx xxxx xxxx 0011 xxxx */
1321 /* REVSH : cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */
1322 if ((insn & 0x0ff00070) == 0x06b00030 ||
1323 (insn & 0x0ff00070) == 0x06f00030)
1324 return prep_emulate_rd12rm0(insn, asi);
1326 /* ??? : cccc 0110 0000 xxxx xxxx xxxx xxx1 xxxx : */
1327 /* SADD16 : cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx :GE */
1328 /* SADDSUBX : cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx :GE */
1329 /* SSUBADDX : cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx :GE */
1330 /* SSUB16 : cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx :GE */
1331 /* SADD8 : cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx :GE */
1332 /* ??? : cccc 0110 0001 xxxx xxxx xxxx 1011 xxxx : */
1333 /* ??? : cccc 0110 0001 xxxx xxxx xxxx 1101 xxxx : */
1334 /* SSUB8 : cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx :GE */
1335 /* QADD16 : cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx : */
1336 /* QADDSUBX : cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx : */
1337 /* QSUBADDX : cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx : */
1338 /* QSUB16 : cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx : */
1339 /* QADD8 : cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx : */
1340 /* ??? : cccc 0110 0010 xxxx xxxx xxxx 1011 xxxx : */
1341 /* ??? : cccc 0110 0010 xxxx xxxx xxxx 1101 xxxx : */
1342 /* QSUB8 : cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx : */
1343 /* SHADD16 : cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx : */
1344 /* SHADDSUBX : cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx : */
1345 /* SHSUBADDX : cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx : */
1346 /* SHSUB16 : cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx : */
1347 /* SHADD8 : cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx : */
1348 /* ??? : cccc 0110 0011 xxxx xxxx xxxx 1011 xxxx : */
1349 /* ??? : cccc 0110 0011 xxxx xxxx xxxx 1101 xxxx : */
1350 /* SHSUB8 : cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx : */
1351 /* ??? : cccc 0110 0100 xxxx xxxx xxxx xxx1 xxxx : */
1352 /* UADD16 : cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx :GE */
1353 /* UADDSUBX : cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx :GE */
1354 /* USUBADDX : cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx :GE */
1355 /* USUB16 : cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx :GE */
1356 /* UADD8 : cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx :GE */
1357 /* ??? : cccc 0110 0101 xxxx xxxx xxxx 1011 xxxx : */
1358 /* ??? : cccc 0110 0101 xxxx xxxx xxxx 1101 xxxx : */
1359 /* USUB8 : cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx :GE */
1360 /* UQADD16 : cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx : */
1361 /* UQADDSUBX : cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx : */
1362 /* UQSUBADDX : cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx : */
1363 /* UQSUB16 : cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx : */
1364 /* UQADD8 : cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx : */
1365 /* ??? : cccc 0110 0110 xxxx xxxx xxxx 1011 xxxx : */
1366 /* ??? : cccc 0110 0110 xxxx xxxx xxxx 1101 xxxx : */
1367 /* UQSUB8 : cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx : */
1368 /* UHADD16 : cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx : */
1369 /* UHADDSUBX : cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx : */
1370 /* UHSUBADDX : cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx : */
1371 /* UHSUB16 : cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx : */
1372 /* UHADD8 : cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx : */
1373 /* ??? : cccc 0110 0111 xxxx xxxx xxxx 1011 xxxx : */
1374 /* ??? : cccc 0110 0111 xxxx xxxx xxxx 1101 xxxx : */
1375 /* UHSUB8 : cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx : */
1376 if ((insn & 0x0f800010) == 0x06000010) {
1377 if ((insn & 0x00300000) == 0x00000000 ||
1378 (insn & 0x000000e0) == 0x000000a0 ||
1379 (insn & 0x000000e0) == 0x000000c0)
1380 return INSN_REJECTED; /* Unallocated space */
1381 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1384 /* PKHBT : cccc 0110 1000 xxxx xxxx xxxx x001 xxxx : */
1385 /* PKHTB : cccc 0110 1000 xxxx xxxx xxxx x101 xxxx : */
1386 if ((insn & 0x0ff00030) == 0x06800010)
1387 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1389 /* SXTAB16 : cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx : */
1390 /* SXTB16 : cccc 0110 1000 1111 xxxx xxxx 0111 xxxx : */
1391 /* ??? : cccc 0110 1001 xxxx xxxx xxxx 0111 xxxx : */
1392 /* SXTAB : cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx : */
1393 /* SXTB : cccc 0110 1010 1111 xxxx xxxx 0111 xxxx : */
1394 /* SXTAH : cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx : */
1395 /* SXTH : cccc 0110 1011 1111 xxxx xxxx 0111 xxxx : */
1396 /* UXTAB16 : cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx : */
1397 /* UXTB16 : cccc 0110 1100 1111 xxxx xxxx 0111 xxxx : */
1398 /* ??? : cccc 0110 1101 xxxx xxxx xxxx 0111 xxxx : */
1399 /* UXTAB : cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx : */
1400 /* UXTB : cccc 0110 1110 1111 xxxx xxxx 0111 xxxx : */
1401 /* UXTAH : cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx : */
1402 /* UXTH : cccc 0110 1111 1111 xxxx xxxx 0111 xxxx : */
1403 if ((insn & 0x0f8000f0) == 0x06800070) {
1404 if ((insn & 0x00300000) == 0x00100000)
1405 return INSN_REJECTED; /* Unallocated space */
1407 if ((insn & 0x000f0000) == 0x000f0000)
1408 return prep_emulate_rd12rm0(insn, asi);
1410 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1413 /* Other instruction encodings aren't yet defined */
1414 return INSN_REJECTED;
1417 static enum kprobe_insn __kprobes
1418 space_cccc_0111__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1420 /* Undef : cccc 0111 1111 xxxx xxxx xxxx 1111 xxxx */
1421 if ((insn & 0x0ff000f0) == 0x03f000f0)
1422 return INSN_REJECTED;
1424 /* SMLALD : cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */
1425 /* SMLSLD : cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */
1426 if ((insn & 0x0ff00090) == 0x07400010)
1427 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi);
1429 /* SMLAD : cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx :Q */
1430 /* SMUAD : cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx :Q */
1431 /* SMLSD : cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx :Q */
1432 /* SMUSD : cccc 0111 0000 xxxx 1111 xxxx 01x1 xxxx : */
1433 /* SMMLA : cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx : */
1434 /* SMMUL : cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx : */
1435 /* USADA8 : cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx : */
1436 /* USAD8 : cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx : */
1437 if ((insn & 0x0ff00090) == 0x07000010 ||
1438 (insn & 0x0ff000d0) == 0x07500010 ||
1439 (insn & 0x0ff000f0) == 0x07800010) {
1441 if ((insn & 0x0000f000) == 0x0000f000)
1442 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1444 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1447 /* SMMLS : cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx : */
1448 if ((insn & 0x0ff000d0) == 0x075000d0)
1449 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1451 /* SBFX : cccc 0111 101x xxxx xxxx xxxx x101 xxxx : */
1452 /* UBFX : cccc 0111 111x xxxx xxxx xxxx x101 xxxx : */
1453 if ((insn & 0x0fa00070) == 0x07a00050)
1454 return prep_emulate_rd12rm0(insn, asi);
1456 /* BFI : cccc 0111 110x xxxx xxxx xxxx x001 xxxx : */
1457 /* BFC : cccc 0111 110x xxxx xxxx xxxx x001 1111 : */
1458 if ((insn & 0x0fe00070) == 0x07c00010) {
1460 if ((insn & 0x0000000f) == 0x0000000f)
1461 return prep_emulate_rd12_modify(insn, asi);
1463 return prep_emulate_rd12rn0_modify(insn, asi);
1466 return INSN_REJECTED;
1469 static enum kprobe_insn __kprobes
1470 space_cccc_01xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1472 /* LDR : cccc 01xx x0x1 xxxx xxxx xxxx xxxx xxxx */
1473 /* LDRB : cccc 01xx x1x1 xxxx xxxx xxxx xxxx xxxx */
1474 /* LDRBT : cccc 01x0 x111 xxxx xxxx xxxx xxxx xxxx */
1475 /* LDRT : cccc 01x0 x011 xxxx xxxx xxxx xxxx xxxx */
1476 /* STR : cccc 01xx x0x0 xxxx xxxx xxxx xxxx xxxx */
1477 /* STRB : cccc 01xx x1x0 xxxx xxxx xxxx xxxx xxxx */
1478 /* STRBT : cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */
1479 /* STRT : cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */
1481 if ((insn & 0x00500000) == 0x00500000 && is_r15(insn, 12))
1482 return INSN_REJECTED; /* LDRB into PC */
1484 return prep_emulate_ldr_str(insn, asi);
1487 static enum kprobe_insn __kprobes
1488 space_cccc_100x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1490 /* LDM(2) : cccc 100x x101 xxxx 0xxx xxxx xxxx xxxx */
1491 /* LDM(3) : cccc 100x x1x1 xxxx 1xxx xxxx xxxx xxxx */
1492 if ((insn & 0x0e708000) == 0x85000000 ||
1493 (insn & 0x0e508000) == 0x85010000)
1494 return INSN_REJECTED;
1496 /* LDM(1) : cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
1497 /* STM(1) : cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */
1500 * Make the instruction unconditional because the new emulation
1501 * functions don't bother to setup the PSR context.
1503 insn = (insn | 0xe0000000) & ~0x10000000;
1504 return kprobe_decode_ldmstm(insn, asi);
1507 static enum kprobe_insn __kprobes
1508 space_cccc_101x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1510 /* B : cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */
1511 /* BL : cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */
1512 asi->insn_handler = simulate_bbl;
1513 return INSN_GOOD_NO_SLOT;
1516 static enum kprobe_insn __kprobes
1517 space_cccc_11xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1519 /* Coprocessor instructions... */
1520 /* MCRR : cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1521 /* MRRC : cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1522 /* LDC : cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
1523 /* STC : cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1524 /* CDP : cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
1525 /* MCR : cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1526 /* MRC : cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1528 /* SVC : cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */
1530 return INSN_REJECTED;
1533 static void __kprobes arm_singlestep(struct kprobe *p, struct pt_regs *regs)
1536 p->ainsn.insn_handler(p, regs);
1540 * INSN_REJECTED If instruction is one not allowed to kprobe,
1541 * INSN_GOOD If instruction is supported and uses instruction slot,
1542 * INSN_GOOD_NO_SLOT If instruction is supported but doesn't use its slot.
1544 * For instructions we don't want to kprobe (INSN_REJECTED return result):
1545 * These are generally ones that modify the processor state making
1546 * them "hard" to simulate such as switches processor modes or
1547 * make accesses in alternate modes. Any of these could be simulated
1548 * if the work was put into it, but low return considering they
1549 * should also be very rare.
1551 enum kprobe_insn __kprobes
1552 arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1554 asi->insn_singlestep = arm_singlestep;
1555 asi->insn_check_cc = kprobe_condition_checks[insn>>28];
1556 asi->insn[1] = KPROBE_RETURN_INSTRUCTION;
1558 if ((insn & 0xf0000000) == 0xf0000000)
1560 return kprobe_decode_insn(insn, asi, arm_1111_table, false);
1562 else if ((insn & 0x0e000000) == 0x00000000)
1564 return space_cccc_000x(insn, asi);
1566 else if ((insn & 0x0e000000) == 0x02000000)
1568 return space_cccc_001x(insn, asi);
1570 else if ((insn & 0x0f000010) == 0x06000010)
1572 return space_cccc_0110__1(insn, asi);
1574 else if ((insn & 0x0f000010) == 0x07000010)
1576 return space_cccc_0111__1(insn, asi);
1578 else if ((insn & 0x0c000000) == 0x04000000)
1580 return space_cccc_01xx(insn, asi);
1582 else if ((insn & 0x0e000000) == 0x08000000)
1584 return space_cccc_100x(insn, asi);
1586 else if ((insn & 0x0e000000) == 0x0a000000)
1588 return space_cccc_101x(insn, asi);
1590 return space_cccc_11xx(insn, asi);
projects / firefly-linux-kernel-4.4.55.git / blob