Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ptrace.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2000-2007, Axis Communications AB.
3  */
4 
5 #include <linux/kernel.h>
6 #include <linux/sched.h>
7 #include <linux/mm.h>
8 #include <linux/smp.h>
9 #include <linux/errno.h>
10 #include <linux/ptrace.h>
11 #include <linux/user.h>
12 #include <linux/signal.h>
13 #include <linux/security.h>
14 
15 #include <asm/uaccess.h>
16 #include <asm/page.h>
17 #include <asm/pgtable.h>
18 #include <asm/processor.h>
19 #include <arch/hwregs/supp_reg.h>
20 
21 /*
22  * Determines which bits in CCS the user has access to.
23  * 1 = access, 0 = no access.
24  */
25 #define CCS_MASK 0x00087c00 /* SXNZVC */
26 
27 #define SBIT_USER (1 << (S_CCS_BITNR + CCS_SHIFT))
28 
29 static int put_debugreg(long pid, unsigned int regno, long data);
30 static long get_debugreg(long pid, unsigned int regno);
31 static unsigned long get_pseudo_pc(struct task_struct *child);
32 void deconfigure_bp(long pid);
33 
34 extern unsigned long cris_signal_return_page;
35 
36 /*
37  * Get contents of register REGNO in task TASK.
38  */
39 long get_reg(struct task_struct *task, unsigned int regno)
40 {
41  /* USP is a special case, it's not in the pt_regs struct but
42  * in the tasks thread struct
43  */
44  unsigned long ret;
45 
46  if (regno <= PT_EDA)
47  ret = ((unsigned long *)task_pt_regs(task))[regno];
48  else if (regno == PT_USP)
49  ret = task->thread.usp;
50  else if (regno == PT_PPC)
51  ret = get_pseudo_pc(task);
52  else if (regno <= PT_MAX)
53  ret = get_debugreg(task->pid, regno);
54  else
55  ret = 0;
56 
57  return ret;
58 }
59 
60 /*
61  * Write contents of register REGNO in task TASK.
62  */
63 int put_reg(struct task_struct *task, unsigned int regno, unsigned long data)
64 {
65  if (regno <= PT_EDA)
66  ((unsigned long *)task_pt_regs(task))[regno] = data;
67  else if (regno == PT_USP)
68  task->thread.usp = data;
69  else if (regno == PT_PPC) {
70  /* Write pseudo-PC to ERP only if changed. */
71  if (data != get_pseudo_pc(task))
72  task_pt_regs(task)->erp = data;
73  } else if (regno <= PT_MAX)
74  return put_debugreg(task->pid, regno, data);
75  else
76  return -1;
77  return 0;
78 }
79 
80 void user_enable_single_step(struct task_struct *child)
81 {
82  unsigned long tmp;
83 
84  /*
85  * Set up SPC if not set already (in which case we have no other
86  * choice but to trust it).
87  */
88  if (!get_reg(child, PT_SPC)) {
89  /* In case we're stopped in a delay slot. */
90  tmp = get_reg(child, PT_ERP) & ~1;
91  put_reg(child, PT_SPC, tmp);
92  }
93  tmp = get_reg(child, PT_CCS) | SBIT_USER;
94  put_reg(child, PT_CCS, tmp);
95 }
96 
97 void user_disable_single_step(struct task_struct *child)
98 {
99  put_reg(child, PT_SPC, 0);
100 
101  if (!get_debugreg(child->pid, PT_BP_CTRL)) {
102  unsigned long tmp;
103  /* If no h/w bp configured, disable S bit. */
104  tmp = get_reg(child, PT_CCS) & ~SBIT_USER;
105  put_reg(child, PT_CCS, tmp);
106  }
107 }
108 
109 /*
110  * Called by kernel/ptrace.c when detaching.
111  *
112  * Make sure the single step bit is not set.
113  */
114 void
115 ptrace_disable(struct task_struct *child)
116 {
117  /* Deconfigure SPC and S-bit. */
118  user_disable_single_step(child);
119  put_reg(child, PT_SPC, 0);
120 
121  /* Deconfigure any watchpoints associated with the child. */
122  deconfigure_bp(child->pid);
123 }
124 
125 
126 long arch_ptrace(struct task_struct *child, long request,
127  unsigned long addr, unsigned long data)
128 {
129  int ret;
130  unsigned int regno = addr >> 2;
131  unsigned long __user *datap = (unsigned long __user *)data;
132 
133  switch (request) {
134  /* Read word at location address. */
135  case PTRACE_PEEKTEXT:
136  case PTRACE_PEEKDATA: {
137  unsigned long tmp;
138  int copied;
139 
140  ret = -EIO;
141 
142  /* The signal trampoline page is outside the normal user-addressable
143  * space but still accessible. This is hack to make it possible to
144  * access the signal handler code in GDB.
145  */
146  if ((addr & PAGE_MASK) == cris_signal_return_page) {
147  /* The trampoline page is globally mapped, no page table to traverse.*/
148  tmp = *(unsigned long*)addr;
149  } else {
150  copied = access_process_vm(child, addr, &tmp, sizeof(tmp), 0);
151 
152  if (copied != sizeof(tmp))
153  break;
154  }
155 
156  ret = put_user(tmp,datap);
157  break;
158  }
159 
160  /* Read the word at location address in the USER area. */
161  case PTRACE_PEEKUSR: {
162  unsigned long tmp;
163 
164  ret = -EIO;
165  if ((addr & 3) || regno > PT_MAX)
166  break;
167 
168  tmp = get_reg(child, regno);
169  ret = put_user(tmp, datap);
170  break;
171  }
172 
173  /* Write the word at location address. */
174  case PTRACE_POKETEXT:
175  case PTRACE_POKEDATA:
176  ret = generic_ptrace_pokedata(child, addr, data);
177  break;
178 
179  /* Write the word at location address in the USER area. */
180  case PTRACE_POKEUSR:
181  ret = -EIO;
182  if ((addr & 3) || regno > PT_MAX)
183  break;
184 
185  if (regno == PT_CCS) {
186  /* don't allow the tracing process to change stuff like
187  * interrupt enable, kernel/user bit, dma enables etc.
188  */
189  data &= CCS_MASK;
190  data |= get_reg(child, PT_CCS) & ~CCS_MASK;
191  }
192  if (put_reg(child, regno, data))
193  break;
194  ret = 0;
195  break;
196 
197  /* Get all GP registers from the child. */
198  case PTRACE_GETREGS: {
199  int i;
200  unsigned long tmp;
201 
202  for (i = 0; i <= PT_MAX; i++) {
203  tmp = get_reg(child, i);
204 
205  if (put_user(tmp, datap)) {
206  ret = -EFAULT;
207  goto out_tsk;
208  }
209 
210  datap++;
211  }
212 
213  ret = 0;
214  break;
215  }
216 
217  /* Set all GP registers in the child. */
218  case PTRACE_SETREGS: {
219  int i;
220  unsigned long tmp;
221 
222  for (i = 0; i <= PT_MAX; i++) {
223  if (get_user(tmp, datap)) {
224  ret = -EFAULT;
225  goto out_tsk;
226  }
227 
228  if (i == PT_CCS) {
229  tmp &= CCS_MASK;
230  tmp |= get_reg(child, PT_CCS) & ~CCS_MASK;
231  }
232 
233  put_reg(child, i, tmp);
234  datap++;
235  }
236 
237  ret = 0;
238  break;
239  }
240 
241  default:
242  ret = ptrace_request(child, request, addr, data);
243  break;
244  }
245 
246 out_tsk:
247  return ret;
248 }
249 
250 void do_syscall_trace(void)
251 {
252  if (!test_thread_flag(TIF_SYSCALL_TRACE))
253  return;
254 
255  if (!(current->ptrace & PT_PTRACED))
256  return;
257 
258  /* the 0x80 provides a way for the tracing parent to distinguish
259  between a syscall stop and SIGTRAP delivery */
260  ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
261  ? 0x80 : 0));
262 
263  /*
264  * This isn't the same as continuing with a signal, but it will do for
265  * normal use.
266  */
267  if (current->exit_code) {
268  send_sig(current->exit_code, current, 1);
269  current->exit_code = 0;
270  }
271 }
272 
273 /* Returns the size of an instruction that has a delay slot. */
274 
275 static int insn_size(struct task_struct *child, unsigned long pc)
276 {
277  unsigned long opcode;
278  int copied;
279  int opsize = 0;
280 
281  /* Read the opcode at pc (do what PTRACE_PEEKTEXT would do). */
282  copied = access_process_vm(child, pc, &opcode, sizeof(opcode), 0);
283  if (copied != sizeof(opcode))
284  return 0;
285 
286  switch ((opcode & 0x0f00) >> 8) {
287  case 0x0:
288  case 0x9:
289  case 0xb:
290  opsize = 2;
291  break;
292  case 0xe:
293  case 0xf:
294  opsize = 6;
295  break;
296  case 0xd:
297  /* Could be 4 or 6; check more bits. */
298  if ((opcode & 0xff) == 0xff)
299  opsize = 4;
300  else
301  opsize = 6;
302  break;
303  default:
304  panic("ERROR: Couldn't find size of opcode 0x%lx at 0x%lx\n",
305  opcode, pc);
306  }
307 
308  return opsize;
309 }
310 
311 static unsigned long get_pseudo_pc(struct task_struct *child)
312 {
313  /* Default value for PC is ERP. */
314  unsigned long pc = get_reg(child, PT_ERP);
315 
316  if (pc & 0x1) {
317  unsigned long spc = get_reg(child, PT_SPC);
318  /* Delay slot bit set. Report as stopped on proper
319  instruction. */
320  if (spc) {
321  /* Rely on SPC if set. FIXME: We might want to check
322  that EXS indicates we stopped due to a single-step
323  exception. */
324  pc = spc;
325  } else {
326  /* Calculate the PC from the size of the instruction
327  that the delay slot we're in belongs to. */
328  pc += insn_size(child, pc & ~1) - 1;
329  }
330  }
331  return pc;
332 }
333 
334 static long bp_owner = 0;
335 
336 /* Reachable from exit_thread in signal.c, so not static. */
337 void deconfigure_bp(long pid)
338 {
339  int bp;
340 
341  /* Only deconfigure if the pid is the owner. */
342  if (bp_owner != pid)
343  return;
344 
345  for (bp = 0; bp < 6; bp++) {
346  unsigned long tmp;
347  /* Deconfigure start and end address (also gets rid of ownership). */
348  put_debugreg(pid, PT_BP + 3 + (bp * 2), 0);
349  put_debugreg(pid, PT_BP + 4 + (bp * 2), 0);
350 
351  /* Deconfigure relevant bits in control register. */
352  tmp = get_debugreg(pid, PT_BP_CTRL) & ~(3 << (2 + (bp * 4)));
353  put_debugreg(pid, PT_BP_CTRL, tmp);
354  }
355  /* No owner now. */
356  bp_owner = 0;
357 }
358 
359 static int put_debugreg(long pid, unsigned int regno, long data)
360 {
361  int ret = 0;
362  register int old_srs;
363 
364 #ifdef CONFIG_ETRAX_KGDB
365  /* Ignore write, but pretend it was ok if value is 0
366  (we don't want POKEUSR/SETREGS failing unnessecarily). */
367  return (data == 0) ? ret : -1;
368 #endif
369 
370  /* Simple owner management. */
371  if (!bp_owner)
372  bp_owner = pid;
373  else if (bp_owner != pid) {
374  /* Ignore write, but pretend it was ok if value is 0
375  (we don't want POKEUSR/SETREGS failing unnessecarily). */
376  return (data == 0) ? ret : -1;
377  }
378 
379  /* Remember old SRS. */
380  SPEC_REG_RD(SPEC_REG_SRS, old_srs);
381  /* Switch to BP bank. */
382  SUPP_BANK_SEL(BANK_BP);
383 
384  switch (regno - PT_BP) {
385  case 0:
386  SUPP_REG_WR(0, data); break;
387  case 1:
388  case 2:
389  if (data)
390  ret = -1;
391  break;
392  case 3:
393  SUPP_REG_WR(3, data); break;
394  case 4:
395  SUPP_REG_WR(4, data); break;
396  case 5:
397  SUPP_REG_WR(5, data); break;
398  case 6:
399  SUPP_REG_WR(6, data); break;
400  case 7:
401  SUPP_REG_WR(7, data); break;
402  case 8:
403  SUPP_REG_WR(8, data); break;
404  case 9:
405  SUPP_REG_WR(9, data); break;
406  case 10:
407  SUPP_REG_WR(10, data); break;
408  case 11:
409  SUPP_REG_WR(11, data); break;
410  case 12:
411  SUPP_REG_WR(12, data); break;
412  case 13:
413  SUPP_REG_WR(13, data); break;
414  case 14:
415  SUPP_REG_WR(14, data); break;
416  default:
417  ret = -1;
418  break;
419  }
420 
421  /* Restore SRS. */
422  SPEC_REG_WR(SPEC_REG_SRS, old_srs);
423  /* Just for show. */
424  NOP();
425  NOP();
426  NOP();
427 
428  return ret;
429 }
430 
431 static long get_debugreg(long pid, unsigned int regno)
432 {
433  register int old_srs;
434  register long data;
435 
436  if (pid != bp_owner) {
437  return 0;
438  }
439 
440  /* Remember old SRS. */
441  SPEC_REG_RD(SPEC_REG_SRS, old_srs);
442  /* Switch to BP bank. */
443  SUPP_BANK_SEL(BANK_BP);
444 
445  switch (regno - PT_BP) {
446  case 0:
447  SUPP_REG_RD(0, data); break;
448  case 1:
449  case 2:
450  /* error return value? */
451  data = 0;
452  break;
453  case 3:
454  SUPP_REG_RD(3, data); break;
455  case 4:
456  SUPP_REG_RD(4, data); break;
457  case 5:
458  SUPP_REG_RD(5, data); break;
459  case 6:
460  SUPP_REG_RD(6, data); break;
461  case 7:
462  SUPP_REG_RD(7, data); break;
463  case 8:
464  SUPP_REG_RD(8, data); break;
465  case 9:
466  SUPP_REG_RD(9, data); break;
467  case 10:
468  SUPP_REG_RD(10, data); break;
469  case 11:
470  SUPP_REG_RD(11, data); break;
471  case 12:
472  SUPP_REG_RD(12, data); break;
473  case 13:
474  SUPP_REG_RD(13, data); break;
475  case 14:
476  SUPP_REG_RD(14, data); break;
477  default:
478  /* error return value? */
479  data = 0;
480  }
481 
482  /* Restore SRS. */
483  SPEC_REG_WR(SPEC_REG_SRS, old_srs);
484  /* Just for show. */
485  NOP();
486  NOP();
487  NOP();
488 
489  return data;
490 }
Generated on Thu Jan 10 2013 12:52:31 for Linux Kernel by   doxygen 1.8.2