2 * arch/arm/kernel/kprobes-decode.c
4 * Copyright (C) 2006, 2007 Motorola Inc.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
17 * We do not have hardware single-stepping on ARM, This
18 * effort is further complicated by the ARM not having a
19 * "next PC" register. Instructions that change the PC
20 * can't be safely single-stepped in a MP environment, so
21 * we have a lot of work to do:
23 * In the prepare phase:
24 * *) If it is an instruction that does anything
25 * with the CPU mode, we reject it for a kprobe.
26 * (This is out of laziness rather than need. The
27 * instructions could be simulated.)
29 * *) Otherwise, decode the instruction rewriting its
30 * registers to take fixed, ordered registers and
31 * setting a handler for it to run the instruction.
33 * In the execution phase by an instruction's handler:
35 * *) If the PC is written to by the instruction, the
36 * instruction must be fully simulated in software.
38 * *) Otherwise, a modified form of the instruction is
39 * directly executed. Its handler calls the
40 * instruction in insn[0]. In insn[1] is a
41 * "mov pc, lr" to return.
43 * Before calling, load up the reordered registers
44 * from the original instruction's registers. If one
45 * of the original input registers is the PC, compute
46 * and adjust the appropriate input register.
48 * After call completes, copy the output registers to
49 * the original instruction's original registers.
51 * We don't use a real breakpoint instruction since that
52 * would have us in the kernel go from SVC mode to SVC
53 * mode losing the link register. Instead we use an
54 * undefined instruction. To simplify processing, the
55 * undefined instruction used for kprobes must be reserved
56 * exclusively for kprobes use.
58 * TODO: ifdef out some instruction decoding based on architecture.
61 #include <linux/kernel.h>
62 #include <linux/kprobes.h>
66 #define sign_extend(x, signbit) ((x) | (0 - ((x) & (1 << (signbit)))))
68 #define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25)
70 #if __LINUX_ARM_ARCH__ >= 6
71 #define BLX(reg) "blx "reg" \n\t"
73 #define BLX(reg) "mov lr, pc \n\t" \
77 #define is_r15(insn, bitpos) (((insn) & (0xf << bitpos)) == (0xf << bitpos))
79 #define PSR_fs (PSR_f|PSR_s)
81 #define KPROBE_RETURN_INSTRUCTION 0xe1a0f00e /* mov pc, lr */
83 typedef long (insn_0arg_fn_t)(void);
84 typedef long (insn_1arg_fn_t)(long);
85 typedef long (insn_2arg_fn_t)(long, long);
86 typedef long (insn_3arg_fn_t)(long, long, long);
87 typedef long (insn_4arg_fn_t)(long, long, long, long);
88 typedef long long (insn_llret_0arg_fn_t)(void);
89 typedef long long (insn_llret_3arg_fn_t)(long, long, long);
90 typedef long long (insn_llret_4arg_fn_t)(long, long, long, long);
94 #ifdef __LITTLE_ENDIAN
95 struct { long r0, r1; };
97 struct { long r1, r0; };
102 * The insnslot_?arg_r[w]flags() functions below are to keep the
103 * msr -> *fn -> mrs instruction sequences indivisible so that
104 * the state of the CPSR flags aren't inadvertently modified
105 * just before or just after the call.
108 static inline long __kprobes
109 insnslot_0arg_rflags(long cpsr, insn_0arg_fn_t *fn)
111 register long ret asm("r0");
113 __asm__ __volatile__ (
114 "msr cpsr_fs, %[cpsr] \n\t"
118 : [cpsr] "r" (cpsr), [fn] "r" (fn)
124 static inline long long __kprobes
125 insnslot_llret_0arg_rflags(long cpsr, insn_llret_0arg_fn_t *fn)
127 register long ret0 asm("r0");
128 register long ret1 asm("r1");
131 __asm__ __volatile__ (
132 "msr cpsr_fs, %[cpsr] \n\t"
135 : "=r" (ret0), "=r" (ret1)
136 : [cpsr] "r" (cpsr), [fn] "r" (fn)
144 static inline long __kprobes
145 insnslot_1arg_rflags(long r0, long cpsr, insn_1arg_fn_t *fn)
147 register long rr0 asm("r0") = r0;
148 register long ret asm("r0");
150 __asm__ __volatile__ (
151 "msr cpsr_fs, %[cpsr] \n\t"
155 : "0" (rr0), [cpsr] "r" (cpsr), [fn] "r" (fn)
161 static inline long __kprobes
162 insnslot_2arg_rflags(long r0, long r1, long cpsr, insn_2arg_fn_t *fn)
164 register long rr0 asm("r0") = r0;
165 register long rr1 asm("r1") = r1;
166 register long ret asm("r0");
168 __asm__ __volatile__ (
169 "msr cpsr_fs, %[cpsr] \n\t"
173 : "0" (rr0), "r" (rr1),
174 [cpsr] "r" (cpsr), [fn] "r" (fn)
180 static inline long __kprobes
181 insnslot_3arg_rflags(long r0, long r1, long r2, long cpsr, insn_3arg_fn_t *fn)
183 register long rr0 asm("r0") = r0;
184 register long rr1 asm("r1") = r1;
185 register long rr2 asm("r2") = r2;
186 register long ret asm("r0");
188 __asm__ __volatile__ (
189 "msr cpsr_fs, %[cpsr] \n\t"
193 : "0" (rr0), "r" (rr1), "r" (rr2),
194 [cpsr] "r" (cpsr), [fn] "r" (fn)
200 static inline long long __kprobes
201 insnslot_llret_3arg_rflags(long r0, long r1, long r2, long cpsr,
202 insn_llret_3arg_fn_t *fn)
204 register long rr0 asm("r0") = r0;
205 register long rr1 asm("r1") = r1;
206 register long rr2 asm("r2") = r2;
207 register long ret0 asm("r0");
208 register long ret1 asm("r1");
211 __asm__ __volatile__ (
212 "msr cpsr_fs, %[cpsr] \n\t"
215 : "=r" (ret0), "=r" (ret1)
216 : "0" (rr0), "r" (rr1), "r" (rr2),
217 [cpsr] "r" (cpsr), [fn] "r" (fn)
225 static inline long __kprobes
226 insnslot_4arg_rflags(long r0, long r1, long r2, long r3, long cpsr,
229 register long rr0 asm("r0") = r0;
230 register long rr1 asm("r1") = r1;
231 register long rr2 asm("r2") = r2;
232 register long rr3 asm("r3") = r3;
233 register long ret asm("r0");
235 __asm__ __volatile__ (
236 "msr cpsr_fs, %[cpsr] \n\t"
240 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
241 [cpsr] "r" (cpsr), [fn] "r" (fn)
247 static inline long __kprobes
248 insnslot_1arg_rwflags(long r0, long *cpsr, insn_1arg_fn_t *fn)
250 register long rr0 asm("r0") = r0;
251 register long ret asm("r0");
252 long oldcpsr = *cpsr;
255 __asm__ __volatile__ (
256 "msr cpsr_fs, %[oldcpsr] \n\t"
259 "mrs %[newcpsr], cpsr \n\t"
260 : "=r" (ret), [newcpsr] "=r" (newcpsr)
261 : "0" (rr0), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
264 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
268 static inline long __kprobes
269 insnslot_2arg_rwflags(long r0, long r1, long *cpsr, insn_2arg_fn_t *fn)
271 register long rr0 asm("r0") = r0;
272 register long rr1 asm("r1") = r1;
273 register long ret asm("r0");
274 long oldcpsr = *cpsr;
277 __asm__ __volatile__ (
278 "msr cpsr_fs, %[oldcpsr] \n\t"
281 "mrs %[newcpsr], cpsr \n\t"
282 : "=r" (ret), [newcpsr] "=r" (newcpsr)
283 : "0" (rr0), "r" (rr1), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
286 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
290 static inline long __kprobes
291 insnslot_3arg_rwflags(long r0, long r1, long r2, long *cpsr,
294 register long rr0 asm("r0") = r0;
295 register long rr1 asm("r1") = r1;
296 register long rr2 asm("r2") = r2;
297 register long ret asm("r0");
298 long oldcpsr = *cpsr;
301 __asm__ __volatile__ (
302 "msr cpsr_fs, %[oldcpsr] \n\t"
305 "mrs %[newcpsr], cpsr \n\t"
306 : "=r" (ret), [newcpsr] "=r" (newcpsr)
307 : "0" (rr0), "r" (rr1), "r" (rr2),
308 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
311 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
315 static inline long __kprobes
316 insnslot_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
319 register long rr0 asm("r0") = r0;
320 register long rr1 asm("r1") = r1;
321 register long rr2 asm("r2") = r2;
322 register long rr3 asm("r3") = r3;
323 register long ret asm("r0");
324 long oldcpsr = *cpsr;
327 __asm__ __volatile__ (
328 "msr cpsr_fs, %[oldcpsr] \n\t"
331 "mrs %[newcpsr], cpsr \n\t"
332 : "=r" (ret), [newcpsr] "=r" (newcpsr)
333 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
334 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
337 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
341 static inline long long __kprobes
342 insnslot_llret_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
343 insn_llret_4arg_fn_t *fn)
345 register long rr0 asm("r0") = r0;
346 register long rr1 asm("r1") = r1;
347 register long rr2 asm("r2") = r2;
348 register long rr3 asm("r3") = r3;
349 register long ret0 asm("r0");
350 register long ret1 asm("r1");
351 long oldcpsr = *cpsr;
355 __asm__ __volatile__ (
356 "msr cpsr_fs, %[oldcpsr] \n\t"
359 "mrs %[newcpsr], cpsr \n\t"
360 : "=r" (ret0), "=r" (ret1), [newcpsr] "=r" (newcpsr)
361 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
362 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
365 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
372 * To avoid the complications of mimicing single-stepping on a
373 * processor without a Next-PC or a single-step mode, and to
374 * avoid having to deal with the side-effects of boosting, we
375 * simulate or emulate (almost) all ARM instructions.
377 * "Simulation" is where the instruction's behavior is duplicated in
378 * C code. "Emulation" is where the original instruction is rewritten
379 * and executed, often by altering its registers.
381 * By having all behavior of the kprobe'd instruction completed before
382 * returning from the kprobe_handler(), all locks (scheduler and
383 * interrupt) can safely be released. There is no need for secondary
384 * breakpoints, no race with MP or preemptable kernels, nor having to
385 * clean up resources counts at a later time impacting overall system
386 * performance. By rewriting the instruction, only the minimum registers
387 * need to be loaded and saved back optimizing performance.
389 * Calling the insnslot_*_rwflags version of a function doesn't hurt
390 * anything even when the CPSR flags aren't updated by the
391 * instruction. It's just a little slower in return for saving
392 * a little space by not having a duplicate function that doesn't
393 * update the flags. (The same optimization can be said for
394 * instructions that do or don't perform register writeback)
395 * Also, instructions can either read the flags, only write the
396 * flags, or read and write the flags. To save combinations
397 * rather than for sheer performance, flag functions just assume
398 * read and write of flags.
401 static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs)
403 kprobe_opcode_t insn = p->opcode;
404 long iaddr = (long)p->addr;
405 int disp = branch_displacement(insn);
407 if (insn & (1 << 24))
408 regs->ARM_lr = iaddr + 4;
410 regs->ARM_pc = iaddr + 8 + disp;
413 static void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs)
415 kprobe_opcode_t insn = p->opcode;
416 long iaddr = (long)p->addr;
417 int disp = branch_displacement(insn);
419 regs->ARM_lr = iaddr + 4;
420 regs->ARM_pc = iaddr + 8 + disp + ((insn >> 23) & 0x2);
421 regs->ARM_cpsr |= PSR_T_BIT;
424 static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs)
426 kprobe_opcode_t insn = p->opcode;
428 long rmv = regs->uregs[rm];
431 regs->ARM_lr = (long)p->addr + 4;
433 regs->ARM_pc = rmv & ~0x1;
434 regs->ARM_cpsr &= ~PSR_T_BIT;
436 regs->ARM_cpsr |= PSR_T_BIT;
439 static void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs)
441 kprobe_opcode_t insn = p->opcode;
442 int rd = (insn >> 12) & 0xf;
443 unsigned long mask = 0xf8ff03df; /* Mask out execution state */
444 regs->uregs[rd] = regs->ARM_cpsr & mask;
447 static void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs)
449 regs->uregs[12] = regs->uregs[13];
452 static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs)
454 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
455 kprobe_opcode_t insn = p->opcode;
456 long ppc = (long)p->addr + 8;
457 int rd = (insn >> 12) & 0xf;
458 int rn = (insn >> 16) & 0xf;
459 int rm = insn & 0xf; /* rm may be invalid, don't care. */
460 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
461 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
463 /* Not following the C calling convention here, so need asm(). */
464 __asm__ __volatile__ (
467 "msr cpsr_fs, %[cpsr]\n\t"
469 "mov pc, %[i_fn] \n\t"
470 "str r0, %[rn] \n\t" /* in case of writeback */
471 "str r2, %[rd0] \n\t"
472 "str r3, %[rd1] \n\t"
474 [rd0] "=m" (regs->uregs[rd]),
475 [rd1] "=m" (regs->uregs[rd+1])
477 [cpsr] "r" (regs->ARM_cpsr),
479 : "r0", "r1", "r2", "r3", "lr", "cc"
481 if (is_writeback(insn))
482 regs->uregs[rn] = rnv;
485 static void __kprobes emulate_strd(struct kprobe *p, struct pt_regs *regs)
487 insn_4arg_fn_t *i_fn = (insn_4arg_fn_t *)&p->ainsn.insn[0];
488 kprobe_opcode_t insn = p->opcode;
489 long ppc = (long)p->addr + 8;
490 int rd = (insn >> 12) & 0xf;
491 int rn = (insn >> 16) & 0xf;
493 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
494 /* rm/rmv may be invalid, don't care. */
495 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
498 rnv_wb = insnslot_4arg_rflags(rnv, rmv, regs->uregs[rd],
500 regs->ARM_cpsr, i_fn);
501 if (is_writeback(insn))
502 regs->uregs[rn] = rnv_wb;
505 static void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs)
507 insn_llret_3arg_fn_t *i_fn = (insn_llret_3arg_fn_t *)&p->ainsn.insn[0];
508 kprobe_opcode_t insn = p->opcode;
509 long ppc = (long)p->addr + 8;
511 int rd = (insn >> 12) & 0xf;
512 int rn = (insn >> 16) & 0xf;
515 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
516 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
517 long cpsr = regs->ARM_cpsr;
519 fnr.dr = insnslot_llret_3arg_rflags(rnv, 0, rmv, cpsr, i_fn);
521 regs->uregs[rn] = fnr.r0; /* Save Rn in case of writeback. */
525 #if __LINUX_ARM_ARCH__ >= 5
529 regs->ARM_cpsr = cpsr;
535 regs->uregs[rd] = rdv;
538 static void __kprobes emulate_str(struct kprobe *p, struct pt_regs *regs)
540 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
541 kprobe_opcode_t insn = p->opcode;
542 long iaddr = (long)p->addr;
543 int rd = (insn >> 12) & 0xf;
544 int rn = (insn >> 16) & 0xf;
546 long rdv = (rd == 15) ? iaddr + str_pc_offset : regs->uregs[rd];
547 long rnv = (rn == 15) ? iaddr + 8 : regs->uregs[rn];
548 long rmv = regs->uregs[rm]; /* rm/rmv may be invalid, don't care. */
551 rnv_wb = insnslot_3arg_rflags(rnv, rdv, rmv, regs->ARM_cpsr, i_fn);
553 regs->uregs[rn] = rnv_wb; /* Save Rn in case of writeback. */
556 static void __kprobes emulate_sat(struct kprobe *p, struct pt_regs *regs)
558 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
559 kprobe_opcode_t insn = p->opcode;
560 int rd = (insn >> 12) & 0xf;
562 long rmv = regs->uregs[rm];
565 regs->uregs[rd] = insnslot_1arg_rwflags(rmv, ®s->ARM_cpsr, i_fn);
568 static void __kprobes emulate_sel(struct kprobe *p, struct pt_regs *regs)
570 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
571 kprobe_opcode_t insn = p->opcode;
572 int rd = (insn >> 12) & 0xf;
573 int rn = (insn >> 16) & 0xf;
575 long rnv = regs->uregs[rn];
576 long rmv = regs->uregs[rm];
579 regs->uregs[rd] = insnslot_2arg_rflags(rnv, rmv, regs->ARM_cpsr, i_fn);
582 static void __kprobes emulate_none(struct kprobe *p, struct pt_regs *regs)
584 insn_0arg_fn_t *i_fn = (insn_0arg_fn_t *)&p->ainsn.insn[0];
586 insnslot_0arg_rflags(regs->ARM_cpsr, i_fn);
589 static void __kprobes emulate_nop(struct kprobe *p, struct pt_regs *regs)
593 static void __kprobes
594 emulate_rd12_modify(struct kprobe *p, struct pt_regs *regs)
596 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
597 kprobe_opcode_t insn = p->opcode;
598 int rd = (insn >> 12) & 0xf;
599 long rdv = regs->uregs[rd];
601 regs->uregs[rd] = insnslot_1arg_rflags(rdv, regs->ARM_cpsr, i_fn);
604 static void __kprobes
605 emulate_rd12rn0_modify(struct kprobe *p, struct pt_regs *regs)
607 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
608 kprobe_opcode_t insn = p->opcode;
609 int rd = (insn >> 12) & 0xf;
611 long rdv = regs->uregs[rd];
612 long rnv = regs->uregs[rn];
614 regs->uregs[rd] = insnslot_2arg_rflags(rdv, rnv, regs->ARM_cpsr, i_fn);
617 static void __kprobes emulate_rd12rm0(struct kprobe *p, struct pt_regs *regs)
619 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
620 kprobe_opcode_t insn = p->opcode;
621 int rd = (insn >> 12) & 0xf;
623 long rmv = regs->uregs[rm];
625 regs->uregs[rd] = insnslot_1arg_rflags(rmv, regs->ARM_cpsr, i_fn);
628 static void __kprobes
629 emulate_rd12rn16rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
631 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
632 kprobe_opcode_t insn = p->opcode;
633 int rd = (insn >> 12) & 0xf;
634 int rn = (insn >> 16) & 0xf;
636 long rnv = regs->uregs[rn];
637 long rmv = regs->uregs[rm];
640 insnslot_2arg_rwflags(rnv, rmv, ®s->ARM_cpsr, i_fn);
643 static void __kprobes
644 emulate_rd16rn12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
646 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
647 kprobe_opcode_t insn = p->opcode;
648 int rd = (insn >> 16) & 0xf;
649 int rn = (insn >> 12) & 0xf;
650 int rs = (insn >> 8) & 0xf;
652 long rnv = regs->uregs[rn];
653 long rsv = regs->uregs[rs];
654 long rmv = regs->uregs[rm];
657 insnslot_3arg_rwflags(rnv, rsv, rmv, ®s->ARM_cpsr, i_fn);
660 static void __kprobes
661 emulate_rd16rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
663 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
664 kprobe_opcode_t insn = p->opcode;
665 int rd = (insn >> 16) & 0xf;
666 int rs = (insn >> 8) & 0xf;
668 long rsv = regs->uregs[rs];
669 long rmv = regs->uregs[rm];
672 insnslot_2arg_rwflags(rsv, rmv, ®s->ARM_cpsr, i_fn);
675 static void __kprobes
676 emulate_rdhi16rdlo12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
678 insn_llret_4arg_fn_t *i_fn = (insn_llret_4arg_fn_t *)&p->ainsn.insn[0];
679 kprobe_opcode_t insn = p->opcode;
681 int rdhi = (insn >> 16) & 0xf;
682 int rdlo = (insn >> 12) & 0xf;
683 int rs = (insn >> 8) & 0xf;
685 long rsv = regs->uregs[rs];
686 long rmv = regs->uregs[rm];
688 fnr.dr = insnslot_llret_4arg_rwflags(regs->uregs[rdhi],
689 regs->uregs[rdlo], rsv, rmv,
690 ®s->ARM_cpsr, i_fn);
691 regs->uregs[rdhi] = fnr.r0;
692 regs->uregs[rdlo] = fnr.r1;
695 static void __kprobes
696 emulate_alu_imm_rflags(struct kprobe *p, struct pt_regs *regs)
698 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
699 kprobe_opcode_t insn = p->opcode;
700 int rd = (insn >> 12) & 0xf;
701 int rn = (insn >> 16) & 0xf;
702 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
704 regs->uregs[rd] = insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn);
707 static void __kprobes
708 emulate_alu_imm_rwflags(struct kprobe *p, struct pt_regs *regs)
710 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
711 kprobe_opcode_t insn = p->opcode;
712 int rd = (insn >> 12) & 0xf;
713 int rn = (insn >> 16) & 0xf;
714 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
716 regs->uregs[rd] = insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn);
719 static void __kprobes
720 emulate_alu_tests_imm(struct kprobe *p, struct pt_regs *regs)
722 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
723 kprobe_opcode_t insn = p->opcode;
724 int rn = (insn >> 16) & 0xf;
725 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
727 insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn);
730 static void __kprobes
731 emulate_alu_rflags(struct kprobe *p, struct pt_regs *regs)
733 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
734 kprobe_opcode_t insn = p->opcode;
735 long ppc = (long)p->addr + 8;
736 int rd = (insn >> 12) & 0xf;
737 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */
738 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */
740 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
741 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
742 long rsv = regs->uregs[rs];
745 insnslot_3arg_rflags(rnv, rmv, rsv, regs->ARM_cpsr, i_fn);
748 static void __kprobes
749 emulate_alu_rwflags(struct kprobe *p, struct pt_regs *regs)
751 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
752 kprobe_opcode_t insn = p->opcode;
753 long ppc = (long)p->addr + 8;
754 int rd = (insn >> 12) & 0xf;
755 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */
756 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */
758 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
759 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
760 long rsv = regs->uregs[rs];
763 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn);
766 static void __kprobes
767 emulate_alu_tests(struct kprobe *p, struct pt_regs *regs)
769 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
770 kprobe_opcode_t insn = p->opcode;
771 long ppc = (long)p->addr + 8;
772 int rn = (insn >> 16) & 0xf;
773 int rs = (insn >> 8) & 0xf; /* rs/rsv may be invalid, don't care. */
775 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
776 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
777 long rsv = regs->uregs[rs];
779 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn);
782 static enum kprobe_insn __kprobes
783 prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi)
785 int not_imm = (insn & (1 << 26)) ? (insn & (1 << 25))
786 : (~insn & (1 << 22));
788 if (is_writeback(insn) && is_r15(insn, 16))
789 return INSN_REJECTED; /* Writeback to PC */
792 insn |= 0x00001000; /* Rn = r0, Rd = r1 */
795 insn |= 2; /* Rm = r2 */
798 asi->insn_handler = (insn & (1 << 20)) ? emulate_ldr : emulate_str;
802 static enum kprobe_insn __kprobes
803 prep_emulate_rd12_modify(kprobe_opcode_t insn, struct arch_specific_insn *asi)
805 if (is_r15(insn, 12))
806 return INSN_REJECTED; /* Rd is PC */
808 insn &= 0xffff0fff; /* Rd = r0 */
810 asi->insn_handler = emulate_rd12_modify;
814 static enum kprobe_insn __kprobes
815 prep_emulate_rd12rn0_modify(kprobe_opcode_t insn,
816 struct arch_specific_insn *asi)
818 if (is_r15(insn, 12))
819 return INSN_REJECTED; /* Rd is PC */
821 insn &= 0xffff0ff0; /* Rd = r0 */
822 insn |= 0x00000001; /* Rn = r1 */
824 asi->insn_handler = emulate_rd12rn0_modify;
828 static enum kprobe_insn __kprobes
829 prep_emulate_rd12rm0(kprobe_opcode_t insn, struct arch_specific_insn *asi)
831 if (is_r15(insn, 12))
832 return INSN_REJECTED; /* Rd is PC */
834 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
836 asi->insn_handler = emulate_rd12rm0;
840 static enum kprobe_insn __kprobes
841 prep_emulate_rd12rn16rm0_wflags(kprobe_opcode_t insn,
842 struct arch_specific_insn *asi)
844 if (is_r15(insn, 12))
845 return INSN_REJECTED; /* Rd is PC */
847 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
848 insn |= 0x00000001; /* Rm = r1 */
850 asi->insn_handler = emulate_rd12rn16rm0_rwflags;
854 static enum kprobe_insn __kprobes
855 prep_emulate_rd16rs8rm0_wflags(kprobe_opcode_t insn,
856 struct arch_specific_insn *asi)
858 if (is_r15(insn, 16))
859 return INSN_REJECTED; /* Rd is PC */
861 insn &= 0xfff0f0f0; /* Rd = r0, Rs = r0 */
862 insn |= 0x00000001; /* Rm = r1 */
864 asi->insn_handler = emulate_rd16rs8rm0_rwflags;
868 static enum kprobe_insn __kprobes
869 prep_emulate_rd16rn12rs8rm0_wflags(kprobe_opcode_t insn,
870 struct arch_specific_insn *asi)
872 if (is_r15(insn, 16))
873 return INSN_REJECTED; /* Rd is PC */
875 insn &= 0xfff000f0; /* Rd = r0, Rn = r0 */
876 insn |= 0x00000102; /* Rs = r1, Rm = r2 */
878 asi->insn_handler = emulate_rd16rn12rs8rm0_rwflags;
882 static enum kprobe_insn __kprobes
883 prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn,
884 struct arch_specific_insn *asi)
886 if (is_r15(insn, 16) || is_r15(insn, 12))
887 return INSN_REJECTED; /* RdHi or RdLo is PC */
889 insn &= 0xfff000f0; /* RdHi = r0, RdLo = r1 */
890 insn |= 0x00001203; /* Rs = r2, Rm = r3 */
892 asi->insn_handler = emulate_rdhi16rdlo12rs8rm0_rwflags;
896 static void __kprobes
897 emulate_ldrdstrd(struct kprobe *p, struct pt_regs *regs)
899 kprobe_opcode_t insn = p->opcode;
900 unsigned long pc = (unsigned long)p->addr + 8;
901 int rt = (insn >> 12) & 0xf;
902 int rn = (insn >> 16) & 0xf;
905 register unsigned long rtv asm("r0") = regs->uregs[rt];
906 register unsigned long rt2v asm("r1") = regs->uregs[rt+1];
907 register unsigned long rnv asm("r2") = (rn == 15) ? pc
909 register unsigned long rmv asm("r3") = regs->uregs[rm];
911 __asm__ __volatile__ (
913 : "=r" (rtv), "=r" (rt2v), "=r" (rnv)
914 : "0" (rtv), "1" (rt2v), "2" (rnv), "r" (rmv),
915 [fn] "r" (p->ainsn.insn_fn)
916 : "lr", "memory", "cc"
919 regs->uregs[rt] = rtv;
920 regs->uregs[rt+1] = rt2v;
921 if (is_writeback(insn))
922 regs->uregs[rn] = rnv;
925 static void __kprobes
926 emulate_rd12rn16rm0rs8_rwflags(struct kprobe *p, struct pt_regs *regs)
928 kprobe_opcode_t insn = p->opcode;
929 unsigned long pc = (unsigned long)p->addr + 8;
930 int rd = (insn >> 12) & 0xf;
931 int rn = (insn >> 16) & 0xf;
933 int rs = (insn >> 8) & 0xf;
935 register unsigned long rdv asm("r0") = regs->uregs[rd];
936 register unsigned long rnv asm("r2") = (rn == 15) ? pc
938 register unsigned long rmv asm("r3") = (rm == 15) ? pc
940 register unsigned long rsv asm("r1") = regs->uregs[rs];
941 unsigned long cpsr = regs->ARM_cpsr;
943 __asm__ __volatile__ (
944 "msr cpsr_fs, %[cpsr] \n\t"
946 "mrs %[cpsr], cpsr \n\t"
947 : "=r" (rdv), [cpsr] "=r" (cpsr)
948 : "0" (rdv), "r" (rnv), "r" (rmv), "r" (rsv),
949 "1" (cpsr), [fn] "r" (p->ainsn.insn_fn)
950 : "lr", "memory", "cc"
954 alu_write_pc(rdv, regs);
956 regs->uregs[rd] = rdv;
957 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
960 static void __kprobes
961 emulate_rd12rn16rm0_rwflags_nopc(struct kprobe *p, struct pt_regs *regs)
963 kprobe_opcode_t insn = p->opcode;
964 int rd = (insn >> 12) & 0xf;
965 int rn = (insn >> 16) & 0xf;
968 register unsigned long rdv asm("r0") = regs->uregs[rd];
969 register unsigned long rnv asm("r2") = regs->uregs[rn];
970 register unsigned long rmv asm("r3") = regs->uregs[rm];
971 unsigned long cpsr = regs->ARM_cpsr;
973 __asm__ __volatile__ (
974 "msr cpsr_fs, %[cpsr] \n\t"
976 "mrs %[cpsr], cpsr \n\t"
977 : "=r" (rdv), [cpsr] "=r" (cpsr)
978 : "0" (rdv), "r" (rnv), "r" (rmv),
979 "1" (cpsr), [fn] "r" (p->ainsn.insn_fn)
980 : "lr", "memory", "cc"
983 regs->uregs[rd] = rdv;
984 regs->ARM_cpsr = (regs->ARM_cpsr & ~APSR_MASK) | (cpsr & APSR_MASK);
988 * For the instruction masking and comparisons in all the "space_*"
989 * functions below, Do _not_ rearrange the order of tests unless
990 * you're very, very sure of what you are doing. For the sake of
991 * efficiency, the masks for some tests sometimes assume other test
992 * have been done prior to them so the number of patterns to test
993 * for an instruction set can be as broad as possible to reduce the
994 * number of tests needed.
997 static const union decode_item arm_1111_table[] = {
998 /* Unconditional instructions */
1000 /* memory hint 1111 0100 x001 xxxx xxxx xxxx xxxx xxxx */
1001 /* PLDI (immediate) 1111 0100 x101 xxxx xxxx xxxx xxxx xxxx */
1002 /* PLDW (immediate) 1111 0101 x001 xxxx xxxx xxxx xxxx xxxx */
1003 /* PLD (immediate) 1111 0101 x101 xxxx xxxx xxxx xxxx xxxx */
1004 DECODE_SIMULATE (0xfe300000, 0xf4100000, kprobe_simulate_nop),
1006 /* BLX (immediate) 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx */
1007 DECODE_SIMULATE (0xfe000000, 0xfa000000, simulate_blx1),
1009 /* CPS 1111 0001 0000 xxx0 xxxx xxxx xx0x xxxx */
1010 /* SETEND 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */
1011 /* SRS 1111 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
1012 /* RFE 1111 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
1014 /* Coprocessor instructions... */
1015 /* MCRR2 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx */
1016 /* MRRC2 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx */
1017 /* LDC2 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
1018 /* STC2 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1019 /* CDP2 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
1020 /* MCR2 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1021 /* MRC2 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1023 /* Other unallocated instructions... */
1027 static const union decode_item arm_cccc_0001_0xx0____0xxx_table[] = {
1028 /* Miscellaneous instructions */
1030 /* MRS cpsr cccc 0001 0000 xxxx xxxx xxxx 0000 xxxx */
1031 DECODE_SIMULATEX(0x0ff000f0, 0x01000000, simulate_mrs,
1032 REGS(0, NOPC, 0, 0, 0)),
1034 /* BX cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */
1035 DECODE_SIMULATE (0x0ff000f0, 0x01200010, simulate_blx2bx),
1037 /* BLX (register) cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */
1038 DECODE_SIMULATEX(0x0ff000f0, 0x01200030, simulate_blx2bx,
1039 REGS(0, 0, 0, 0, NOPC)),
1041 /* CLZ cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */
1042 DECODE_CUSTOM (0x0ff000f0, 0x01600010, prep_emulate_rd12rm0),
1044 /* QADD cccc 0001 0000 xxxx xxxx xxxx 0101 xxxx */
1045 /* QSUB cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx */
1046 /* QDADD cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx */
1047 /* QDSUB cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx */
1048 DECODE_CUSTOM (0x0f9000f0, 0x01000050, prep_emulate_rd12rn16rm0_wflags),
1050 /* BXJ cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */
1051 /* MSR cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */
1052 /* MRS spsr cccc 0001 0100 xxxx xxxx xxxx 0000 xxxx */
1053 /* BKPT 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
1054 /* SMC cccc 0001 0110 xxxx xxxx xxxx 0111 xxxx */
1055 /* And unallocated instructions... */
1059 static const union decode_item arm_cccc_0001_0xx0____1xx0_table[] = {
1060 /* Halfword multiply and multiply-accumulate */
1062 /* SMLALxy cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */
1063 DECODE_CUSTOM (0x0ff00090, 0x01400080, prep_emulate_rdhi16rdlo12rs8rm0_wflags),
1065 /* SMULWy cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */
1066 DECODE_OR (0x0ff000b0, 0x012000a0),
1067 /* SMULxy cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */
1068 DECODE_CUSTOM (0x0ff00090, 0x01600080, prep_emulate_rd16rs8rm0_wflags),
1070 /* SMLAxy cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx */
1071 DECODE_OR (0x0ff00090, 0x01000080),
1072 /* SMLAWy cccc 0001 0010 xxxx xxxx xxxx 1x00 xxxx */
1073 DECODE_CUSTOM (0x0ff000b0, 0x01200080, prep_emulate_rd16rn12rs8rm0_wflags),
1078 static const union decode_item arm_cccc_0000_____1001_table[] = {
1079 /* Multiply and multiply-accumulate */
1081 /* MUL cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx */
1082 /* MULS cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx */
1083 DECODE_CUSTOM (0x0fe000f0, 0x00000090, prep_emulate_rd16rs8rm0_wflags),
1085 /* MLA cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx */
1086 /* MLAS cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx */
1087 DECODE_OR (0x0fe000f0, 0x00200090),
1088 /* MLS cccc 0000 0110 xxxx xxxx xxxx 1001 xxxx */
1089 DECODE_CUSTOM (0x0ff000f0, 0x00600090, prep_emulate_rd16rn12rs8rm0_wflags),
1091 /* UMAAL cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx */
1092 DECODE_OR (0x0ff000f0, 0x00400090),
1093 /* UMULL cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx */
1094 /* UMULLS cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx */
1095 /* UMLAL cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx */
1096 /* UMLALS cccc 0000 1011 xxxx xxxx xxxx 1001 xxxx */
1097 /* SMULL cccc 0000 1100 xxxx xxxx xxxx 1001 xxxx */
1098 /* SMULLS cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx */
1099 /* SMLAL cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx */
1100 /* SMLALS cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx */
1101 DECODE_CUSTOM (0x0f8000f0, 0x00800090, prep_emulate_rdhi16rdlo12rs8rm0_wflags),
1106 static const union decode_item arm_cccc_0001_____1001_table[] = {
1107 /* Synchronization primitives */
1109 /* SMP/SWPB cccc 0001 0x00 xxxx xxxx xxxx 1001 xxxx */
1110 DECODE_CUSTOM (0x0fb000f0, 0x01000090, prep_emulate_rd12rn16rm0_wflags),
1112 /* LDREX/STREX{,D,B,H} cccc 0001 1xxx xxxx xxxx xxxx 1001 xxxx */
1113 /* And unallocated instructions... */
1117 static const union decode_item arm_cccc_000x_____1xx1_table[] = {
1118 /* Extra load/store instructions */
1120 /* LDRD/STRD lr,pc,{... cccc 000x x0x0 xxxx 111x xxxx 1101 xxxx */
1121 DECODE_REJECT (0x0e10e0d0, 0x0000e0d0),
1123 /* LDRD (register) cccc 000x x0x0 xxxx xxxx xxxx 1101 xxxx */
1124 /* STRD (register) cccc 000x x0x0 xxxx xxxx xxxx 1111 xxxx */
1125 DECODE_EMULATEX (0x0e5000d0, 0x000000d0, emulate_ldrdstrd,
1126 REGS(NOPCWB, NOPCX, 0, 0, NOPC)),
1128 /* LDRD (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1101 xxxx */
1129 /* STRD (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1111 xxxx */
1130 DECODE_EMULATEX (0x0e5000d0, 0x004000d0, emulate_ldrdstrd,
1131 REGS(NOPCWB, NOPCX, 0, 0, 0)),
1133 /* Reject Rd is PC */
1134 /* TODO: fold this into next entry when it is made a DECODE_EMULATE */
1135 DECODE_REJECT (0x0000f000, 0x0000f000),
1137 /* STRH (register) cccc 000x x0x0 xxxx xxxx xxxx 1011 xxxx */
1138 /* LDRH (register) cccc 000x x0x1 xxxx xxxx xxxx 1011 xxxx */
1139 /* LDRSB (register) cccc 000x x0x1 xxxx xxxx xxxx 1101 xxxx */
1140 /* LDRSH (register) cccc 000x x0x1 xxxx xxxx xxxx 1111 xxxx */
1141 /* STRH (immediate) cccc 000x x1x0 xxxx xxxx xxxx 1011 xxxx */
1142 /* LDRH (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1011 xxxx */
1143 /* LDRSB (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1101 xxxx */
1144 /* LDRSH (immediate) cccc 000x x1x1 xxxx xxxx xxxx 1111 xxxx */
1145 DECODE_CUSTOM (0x0e000090, 0x00000090, prep_emulate_ldr_str),
1150 static const union decode_item arm_cccc_000x_table[] = {
1151 /* Data-processing (register) */
1153 /* <op>S PC, ... cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx */
1154 DECODE_REJECT (0x0e10f000, 0x0010f000),
1156 /* MOV IP, SP 1110 0001 1010 0000 1100 0000 0000 1101 */
1157 DECODE_SIMULATE (0xffffffff, 0xe1a0c00d, simulate_mov_ipsp),
1159 /* TST (register) cccc 0001 0001 xxxx xxxx xxxx xxx0 xxxx */
1160 /* TEQ (register) cccc 0001 0011 xxxx xxxx xxxx xxx0 xxxx */
1161 /* CMP (register) cccc 0001 0101 xxxx xxxx xxxx xxx0 xxxx */
1162 /* CMN (register) cccc 0001 0111 xxxx xxxx xxxx xxx0 xxxx */
1163 DECODE_EMULATEX (0x0f900010, 0x01100000, emulate_rd12rn16rm0rs8_rwflags,
1164 REGS(ANY, 0, 0, 0, ANY)),
1166 /* MOV (register) cccc 0001 101x xxxx xxxx xxxx xxx0 xxxx */
1167 /* MVN (register) cccc 0001 111x xxxx xxxx xxxx xxx0 xxxx */
1168 DECODE_EMULATEX (0x0fa00010, 0x01a00000, emulate_rd12rn16rm0rs8_rwflags,
1169 REGS(0, ANY, 0, 0, ANY)),
1171 /* AND (register) cccc 0000 000x xxxx xxxx xxxx xxx0 xxxx */
1172 /* EOR (register) cccc 0000 001x xxxx xxxx xxxx xxx0 xxxx */
1173 /* SUB (register) cccc 0000 010x xxxx xxxx xxxx xxx0 xxxx */
1174 /* RSB (register) cccc 0000 011x xxxx xxxx xxxx xxx0 xxxx */
1175 /* ADD (register) cccc 0000 100x xxxx xxxx xxxx xxx0 xxxx */
1176 /* ADC (register) cccc 0000 101x xxxx xxxx xxxx xxx0 xxxx */
1177 /* SBC (register) cccc 0000 110x xxxx xxxx xxxx xxx0 xxxx */
1178 /* RSC (register) cccc 0000 111x xxxx xxxx xxxx xxx0 xxxx */
1179 /* ORR (register) cccc 0001 100x xxxx xxxx xxxx xxx0 xxxx */
1180 /* BIC (register) cccc 0001 110x xxxx xxxx xxxx xxx0 xxxx */
1181 DECODE_EMULATEX (0x0e000010, 0x00000000, emulate_rd12rn16rm0rs8_rwflags,
1182 REGS(ANY, ANY, 0, 0, ANY)),
1184 /* TST (reg-shift reg) cccc 0001 0001 xxxx xxxx xxxx 0xx1 xxxx */
1185 /* TEQ (reg-shift reg) cccc 0001 0011 xxxx xxxx xxxx 0xx1 xxxx */
1186 /* CMP (reg-shift reg) cccc 0001 0101 xxxx xxxx xxxx 0xx1 xxxx */
1187 /* CMN (reg-shift reg) cccc 0001 0111 xxxx xxxx xxxx 0xx1 xxxx */
1188 DECODE_EMULATEX (0x0f900090, 0x01100010, emulate_rd12rn16rm0rs8_rwflags,
1189 REGS(ANY, 0, NOPC, 0, ANY)),
1191 /* MOV (reg-shift reg) cccc 0001 101x xxxx xxxx xxxx 0xx1 xxxx */
1192 /* MVN (reg-shift reg) cccc 0001 111x xxxx xxxx xxxx 0xx1 xxxx */
1193 DECODE_EMULATEX (0x0fa00090, 0x01a00010, emulate_rd12rn16rm0rs8_rwflags,
1194 REGS(0, ANY, NOPC, 0, ANY)),
1196 /* AND (reg-shift reg) cccc 0000 000x xxxx xxxx xxxx 0xx1 xxxx */
1197 /* EOR (reg-shift reg) cccc 0000 001x xxxx xxxx xxxx 0xx1 xxxx */
1198 /* SUB (reg-shift reg) cccc 0000 010x xxxx xxxx xxxx 0xx1 xxxx */
1199 /* RSB (reg-shift reg) cccc 0000 011x xxxx xxxx xxxx 0xx1 xxxx */
1200 /* ADD (reg-shift reg) cccc 0000 100x xxxx xxxx xxxx 0xx1 xxxx */
1201 /* ADC (reg-shift reg) cccc 0000 101x xxxx xxxx xxxx 0xx1 xxxx */
1202 /* SBC (reg-shift reg) cccc 0000 110x xxxx xxxx xxxx 0xx1 xxxx */
1203 /* RSC (reg-shift reg) cccc 0000 111x xxxx xxxx xxxx 0xx1 xxxx */
1204 /* ORR (reg-shift reg) cccc 0001 100x xxxx xxxx xxxx 0xx1 xxxx */
1205 /* BIC (reg-shift reg) cccc 0001 110x xxxx xxxx xxxx 0xx1 xxxx */
1206 DECODE_EMULATEX (0x0e000090, 0x00000010, emulate_rd12rn16rm0rs8_rwflags,
1207 REGS(ANY, ANY, NOPC, 0, ANY)),
1212 static enum kprobe_insn __kprobes
1213 space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1215 if ((insn & 0x0f900080) == 0x01000000)
1216 return kprobe_decode_insn(insn, asi, arm_cccc_0001_0xx0____0xxx_table, false);
1218 if ((insn & 0x0f900090) == 0x01000080)
1219 return kprobe_decode_insn(insn, asi, arm_cccc_0001_0xx0____1xx0_table, false);
1221 if ((insn & 0x0f0000f0) == 0x00000090)
1222 return kprobe_decode_insn(insn, asi, arm_cccc_0000_____1001_table, false);
1224 if ((insn & 0x0f0000f0) == 0x01000090)
1225 return kprobe_decode_insn(insn, asi, arm_cccc_0001_____1001_table, false);
1227 if ((insn & 0x0e000090) == 0x00000090)
1228 return kprobe_decode_insn(insn, asi, arm_cccc_000x_____1xx1_table, false);
1230 return kprobe_decode_insn(insn, asi, arm_cccc_000x_table, false);
1233 static const union decode_item arm_cccc_001x_table[] = {
1234 /* Data-processing (immediate) */
1236 /* MOVW cccc 0011 0000 xxxx xxxx xxxx xxxx xxxx */
1237 /* MOVT cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx */
1238 DECODE_CUSTOM (0x0fb00000, 0x03000000, prep_emulate_rd12_modify),
1240 /* YIELD cccc 0011 0010 0000 xxxx xxxx 0000 0001 */
1241 DECODE_OR (0x0fff00ff, 0x03200001),
1242 /* SEV cccc 0011 0010 0000 xxxx xxxx 0000 0100 */
1243 DECODE_EMULATE (0x0fff00ff, 0x03200004, kprobe_emulate_none),
1244 /* NOP cccc 0011 0010 0000 xxxx xxxx 0000 0000 */
1245 /* WFE cccc 0011 0010 0000 xxxx xxxx 0000 0010 */
1246 /* WFI cccc 0011 0010 0000 xxxx xxxx 0000 0011 */
1247 DECODE_SIMULATE (0x0fff00fc, 0x03200000, kprobe_simulate_nop),
1248 /* DBG cccc 0011 0010 0000 xxxx xxxx ffff xxxx */
1249 /* unallocated hints cccc 0011 0010 0000 xxxx xxxx xxxx xxxx */
1250 /* MSR (immediate) cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx */
1251 DECODE_REJECT (0x0fb00000, 0x03200000),
1253 /* <op>S PC, ... cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx */
1254 DECODE_REJECT (0x0e10f000, 0x0210f000),
1256 /* TST (immediate) cccc 0011 0001 xxxx xxxx xxxx xxxx xxxx */
1257 /* TEQ (immediate) cccc 0011 0011 xxxx xxxx xxxx xxxx xxxx */
1258 /* CMP (immediate) cccc 0011 0101 xxxx xxxx xxxx xxxx xxxx */
1259 /* CMN (immediate) cccc 0011 0111 xxxx xxxx xxxx xxxx xxxx */
1260 DECODE_EMULATEX (0x0f900000, 0x03100000, emulate_rd12rn16rm0rs8_rwflags,
1261 REGS(ANY, 0, 0, 0, 0)),
1263 /* MOV (immediate) cccc 0011 101x xxxx xxxx xxxx xxxx xxxx */
1264 /* MVN (immediate) cccc 0011 111x xxxx xxxx xxxx xxxx xxxx */
1265 DECODE_EMULATEX (0x0fa00000, 0x03a00000, emulate_rd12rn16rm0rs8_rwflags,
1266 REGS(0, ANY, 0, 0, 0)),
1268 /* AND (immediate) cccc 0010 000x xxxx xxxx xxxx xxxx xxxx */
1269 /* EOR (immediate) cccc 0010 001x xxxx xxxx xxxx xxxx xxxx */
1270 /* SUB (immediate) cccc 0010 010x xxxx xxxx xxxx xxxx xxxx */
1271 /* RSB (immediate) cccc 0010 011x xxxx xxxx xxxx xxxx xxxx */
1272 /* ADD (immediate) cccc 0010 100x xxxx xxxx xxxx xxxx xxxx */
1273 /* ADC (immediate) cccc 0010 101x xxxx xxxx xxxx xxxx xxxx */
1274 /* SBC (immediate) cccc 0010 110x xxxx xxxx xxxx xxxx xxxx */
1275 /* RSC (immediate) cccc 0010 111x xxxx xxxx xxxx xxxx xxxx */
1276 /* ORR (immediate) cccc 0011 100x xxxx xxxx xxxx xxxx xxxx */
1277 /* BIC (immediate) cccc 0011 110x xxxx xxxx xxxx xxxx xxxx */
1278 DECODE_EMULATEX (0x0e000000, 0x02000000, emulate_rd12rn16rm0rs8_rwflags,
1279 REGS(ANY, ANY, 0, 0, 0)),
1284 static const union decode_item arm_cccc_0110_____xxx1_table[] = {
1285 /* Media instructions */
1287 /* SEL cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx */
1288 DECODE_EMULATEX (0x0ff000f0, 0x068000b0, emulate_rd12rn16rm0_rwflags_nopc,
1289 REGS(NOPC, NOPC, 0, 0, NOPC)),
1291 /* SSAT cccc 0110 101x xxxx xxxx xxxx xx01 xxxx */
1292 /* USAT cccc 0110 111x xxxx xxxx xxxx xx01 xxxx */
1293 DECODE_OR(0x0fa00030, 0x06a00010),
1294 /* SSAT16 cccc 0110 1010 xxxx xxxx xxxx 0011 xxxx */
1295 /* USAT16 cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx */
1296 DECODE_EMULATEX (0x0fb000f0, 0x06a00030, emulate_rd12rn16rm0_rwflags_nopc,
1297 REGS(0, NOPC, 0, 0, NOPC)),
1299 /* REV cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */
1300 /* REV16 cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */
1301 /* RBIT cccc 0110 1111 xxxx xxxx xxxx 0011 xxxx */
1302 /* REVSH cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */
1303 DECODE_CUSTOM (0x0fb00070, 0x06b00030, prep_emulate_rd12rm0),
1305 /* ??? cccc 0110 0x00 xxxx xxxx xxxx xxx1 xxxx */
1306 DECODE_REJECT (0x0fb00010, 0x06000010),
1307 /* ??? cccc 0110 0xxx xxxx xxxx xxxx 1011 xxxx */
1308 DECODE_REJECT (0x0f8000f0, 0x060000b0),
1309 /* ??? cccc 0110 0xxx xxxx xxxx xxxx 1101 xxxx */
1310 DECODE_REJECT (0x0f8000f0, 0x060000d0),
1311 /* SADD16 cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx */
1312 /* SADDSUBX cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx */
1313 /* SSUBADDX cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx */
1314 /* SSUB16 cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx */
1315 /* SADD8 cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx */
1316 /* SSUB8 cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx */
1317 /* QADD16 cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx */
1318 /* QADDSUBX cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx */
1319 /* QSUBADDX cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx */
1320 /* QSUB16 cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx */
1321 /* QADD8 cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx */
1322 /* QSUB8 cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx */
1323 /* SHADD16 cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx */
1324 /* SHADDSUBX cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx */
1325 /* SHSUBADDX cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx */
1326 /* SHSUB16 cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx */
1327 /* SHADD8 cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx */
1328 /* SHSUB8 cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx */
1329 /* UADD16 cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx */
1330 /* UADDSUBX cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx */
1331 /* USUBADDX cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx */
1332 /* USUB16 cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx */
1333 /* UADD8 cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx */
1334 /* USUB8 cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx */
1335 /* UQADD16 cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx */
1336 /* UQADDSUBX cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx */
1337 /* UQSUBADDX cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx */
1338 /* UQSUB16 cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx */
1339 /* UQADD8 cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx */
1340 /* UQSUB8 cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx */
1341 /* UHADD16 cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx */
1342 /* UHADDSUBX cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx */
1343 /* UHSUBADDX cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx */
1344 /* UHSUB16 cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx */
1345 /* UHADD8 cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx */
1346 /* UHSUB8 cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx */
1347 DECODE_CUSTOM (0x0f800010, 0x06000010, prep_emulate_rd12rn16rm0_wflags),
1349 /* PKHBT cccc 0110 1000 xxxx xxxx xxxx x001 xxxx */
1350 /* PKHTB cccc 0110 1000 xxxx xxxx xxxx x101 xxxx */
1351 DECODE_CUSTOM (0x0ff00030, 0x06800010, prep_emulate_rd12rn16rm0_wflags),
1353 /* ??? cccc 0110 1001 xxxx xxxx xxxx 0111 xxxx */
1354 /* ??? cccc 0110 1101 xxxx xxxx xxxx 0111 xxxx */
1355 DECODE_REJECT (0x0fb000f0, 0x06900070),
1357 /* SXTB16 cccc 0110 1000 1111 xxxx xxxx 0111 xxxx */
1358 /* SXTB cccc 0110 1010 1111 xxxx xxxx 0111 xxxx */
1359 /* SXTH cccc 0110 1011 1111 xxxx xxxx 0111 xxxx */
1360 /* UXTB16 cccc 0110 1100 1111 xxxx xxxx 0111 xxxx */
1361 /* UXTB cccc 0110 1110 1111 xxxx xxxx 0111 xxxx */
1362 /* UXTH cccc 0110 1111 1111 xxxx xxxx 0111 xxxx */
1363 DECODE_CUSTOM (0x0f8f00f0, 0x068f0070, prep_emulate_rd12rm0),
1365 /* SXTAB16 cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx */
1366 /* SXTAB cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx */
1367 /* SXTAH cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx */
1368 /* UXTAB16 cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx */
1369 /* UXTAB cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx */
1370 /* UXTAH cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx */
1371 DECODE_CUSTOM (0x0f8000f0, 0x06800070, prep_emulate_rd12rn16rm0_wflags),
1376 static const union decode_item arm_cccc_0111_____xxx1_table[] = {
1377 /* Media instructions */
1379 /* UNDEFINED cccc 0111 1111 xxxx xxxx xxxx 1111 xxxx */
1380 DECODE_REJECT (0x0ff000f0, 0x07f000f0),
1382 /* SMLALD cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */
1383 /* SMLSLD cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */
1384 DECODE_CUSTOM (0x0ff00090, 0x07400010, prep_emulate_rdhi16rdlo12rs8rm0_wflags),
1386 /* SMUAD cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx */
1387 /* SMUSD cccc 0111 0000 xxxx 1111 xxxx 01x1 xxxx */
1388 DECODE_OR (0x0ff0f090, 0x0700f010),
1389 /* SMMUL cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx */
1390 DECODE_OR (0x0ff0f0d0, 0x0750f010),
1391 /* USAD8 cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx */
1392 DECODE_CUSTOM (0x0ff0f0f0, 0x0780f010, prep_emulate_rd16rs8rm0_wflags),
1394 /* SMLAD cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx */
1395 /* SMLSD cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx */
1396 DECODE_OR (0x0ff00090, 0x07000010),
1397 /* SMMLA cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx */
1398 DECODE_OR (0x0ff000d0, 0x07500010),
1399 /* USADA8 cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx */
1400 DECODE_CUSTOM (0x0ff000f0, 0x07800010, prep_emulate_rd16rn12rs8rm0_wflags),
1402 /* SMMLS cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx */
1403 DECODE_CUSTOM (0x0ff000d0, 0x075000d0, prep_emulate_rd16rn12rs8rm0_wflags),
1405 /* SBFX cccc 0111 101x xxxx xxxx xxxx x101 xxxx */
1406 /* UBFX cccc 0111 111x xxxx xxxx xxxx x101 xxxx */
1407 DECODE_CUSTOM (0x0fa00070, 0x07a00050, prep_emulate_rd12rm0),
1409 /* BFC cccc 0111 110x xxxx xxxx xxxx x001 1111 */
1410 DECODE_CUSTOM (0x0fe0007f, 0x07c0001f, prep_emulate_rd12_modify),
1412 /* BFI cccc 0111 110x xxxx xxxx xxxx x001 xxxx */
1413 DECODE_CUSTOM (0x0fe00070, 0x07c00010, prep_emulate_rd12rn0_modify),
1418 static const union decode_item arm_cccc_01xx_table[] = {
1419 /* Load/store word and unsigned byte */
1421 /* LDRB/STRB pc,[...] cccc 01xx x0xx xxxx xxxx xxxx xxxx xxxx */
1422 DECODE_REJECT (0x0c40f000, 0x0440f000),
1424 /* LDR cccc 01xx x0x1 xxxx xxxx xxxx xxxx xxxx */
1425 /* LDRB cccc 01xx x1x1 xxxx xxxx xxxx xxxx xxxx */
1426 /* LDRBT cccc 01x0 x111 xxxx xxxx xxxx xxxx xxxx */
1427 /* LDRT cccc 01x0 x011 xxxx xxxx xxxx xxxx xxxx */
1428 /* STR cccc 01xx x0x0 xxxx xxxx xxxx xxxx xxxx */
1429 /* STRB cccc 01xx x1x0 xxxx xxxx xxxx xxxx xxxx */
1430 /* STRBT cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */
1431 /* STRT cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */
1432 DECODE_CUSTOM (0x0c000000, 0x04000000, prep_emulate_ldr_str),
1437 static enum kprobe_insn __kprobes
1438 space_cccc_100x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1440 /* LDM(2) : cccc 100x x101 xxxx 0xxx xxxx xxxx xxxx */
1441 /* LDM(3) : cccc 100x x1x1 xxxx 1xxx xxxx xxxx xxxx */
1442 if ((insn & 0x0e708000) == 0x85000000 ||
1443 (insn & 0x0e508000) == 0x85010000)
1444 return INSN_REJECTED;
1446 /* LDM(1) : cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
1447 /* STM(1) : cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */
1450 * Make the instruction unconditional because the new emulation
1451 * functions don't bother to setup the PSR context.
1453 insn = (insn | 0xe0000000) & ~0x10000000;
1454 return kprobe_decode_ldmstm(insn, asi);
1457 static enum kprobe_insn __kprobes
1458 space_cccc_101x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1460 /* B : cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */
1461 /* BL : cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */
1462 asi->insn_handler = simulate_bbl;
1463 return INSN_GOOD_NO_SLOT;
1466 static enum kprobe_insn __kprobes
1467 space_cccc_11xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1469 /* Coprocessor instructions... */
1470 /* MCRR : cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1471 /* MRRC : cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1472 /* LDC : cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
1473 /* STC : cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1474 /* CDP : cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
1475 /* MCR : cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1476 /* MRC : cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1478 /* SVC : cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */
1480 return INSN_REJECTED;
1483 static void __kprobes arm_singlestep(struct kprobe *p, struct pt_regs *regs)
1486 p->ainsn.insn_handler(p, regs);
1490 * INSN_REJECTED If instruction is one not allowed to kprobe,
1491 * INSN_GOOD If instruction is supported and uses instruction slot,
1492 * INSN_GOOD_NO_SLOT If instruction is supported but doesn't use its slot.
1494 * For instructions we don't want to kprobe (INSN_REJECTED return result):
1495 * These are generally ones that modify the processor state making
1496 * them "hard" to simulate such as switches processor modes or
1497 * make accesses in alternate modes. Any of these could be simulated
1498 * if the work was put into it, but low return considering they
1499 * should also be very rare.
1501 enum kprobe_insn __kprobes
1502 arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1504 asi->insn_singlestep = arm_singlestep;
1505 asi->insn_check_cc = kprobe_condition_checks[insn>>28];
1506 asi->insn[1] = KPROBE_RETURN_INSTRUCTION;
1508 if ((insn & 0xf0000000) == 0xf0000000)
1510 return kprobe_decode_insn(insn, asi, arm_1111_table, false);
1512 else if ((insn & 0x0e000000) == 0x00000000)
1514 return space_cccc_000x(insn, asi);
1516 else if ((insn & 0x0e000000) == 0x02000000)
1518 return kprobe_decode_insn(insn, asi, arm_cccc_001x_table, false);
1520 else if ((insn & 0x0f000010) == 0x06000010)
1522 return kprobe_decode_insn(insn, asi, arm_cccc_0110_____xxx1_table, false);
1524 else if ((insn & 0x0f000010) == 0x07000010)
1526 return kprobe_decode_insn(insn, asi, arm_cccc_0111_____xxx1_table, false);
1528 else if ((insn & 0x0c000000) == 0x04000000)
1530 return kprobe_decode_insn(insn, asi, arm_cccc_01xx_table, false);
1532 else if ((insn & 0x0e000000) == 0x08000000)
1534 return space_cccc_100x(insn, asi);
1536 else if ((insn & 0x0e000000) == 0x0a000000)
1538 return space_cccc_101x(insn, asi);
1540 return space_cccc_11xx(insn, asi);
projects / firefly-linux-kernel-4.4.55.git / blob