1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * several functions that help interpret ARC instructions
4  * used for unaligned accesses, kprobes and kgdb
5  *
6  * Copyright (C) 2004, 2007-2010, 2011-2012 Synopsys, Inc. (www.synopsys.com)
7  */
8 
9 #include <linux/types.h>
10 #include <linux/kprobes.h>
11 #include <linux/slab.h>
12 #include <linux/uaccess.h>
13 #include <asm/disasm.h>
14 
15 #if defined(CONFIG_KGDB) || defined(CONFIG_ARC_EMUL_UNALIGNED) || \
16 	defined(CONFIG_KPROBES)
17 
18 /* disasm_instr: Analyses instruction at addr, stores
19  * findings in *state
20  */
disasm_instr(unsigned long addr,struct disasm_state * state,int userspace,struct pt_regs * regs,struct callee_regs * cregs)21 void __kprobes disasm_instr(unsigned long addr, struct disasm_state *state,
22 	int userspace, struct pt_regs *regs, struct callee_regs *cregs)
23 {
24 	int fieldA = 0;
25 	int fieldC = 0, fieldCisReg = 0;
26 	uint16_t word1 = 0, word0 = 0;
27 	int subopcode, is_linked, op_format;
28 	uint16_t *ins_ptr;
29 	uint16_t ins_buf[4];
30 	int bytes_not_copied = 0;
31 
32 	memset(state, 0, sizeof(struct disasm_state));
33 
34 	/* This fetches the upper part of the 32 bit instruction
35 	 * in both the cases of Little Endian or Big Endian configurations. */
36 	if (userspace) {
37 		bytes_not_copied = copy_from_user(ins_buf,
38 						(const void __user *) addr, 8);
39 		if (bytes_not_copied > 6)
40 			goto fault;
41 		ins_ptr = ins_buf;
42 	} else {
43 		ins_ptr = (uint16_t *) addr;
44 	}
45 
46 	word1 = *((uint16_t *)addr);
47 
48 	state->major_opcode = (word1 >> 11) & 0x1F;
49 
50 	/* Check if the instruction is 32 bit or 16 bit instruction */
51 	if (state->major_opcode < 0x0B) {
52 		if (bytes_not_copied > 4)
53 			goto fault;
54 		state->instr_len = 4;
55 		word0 = *((uint16_t *)(addr+2));
56 		state->words[0] = (word1 << 16) | word0;
57 	} else {
58 		state->instr_len = 2;
59 		state->words[0] = word1;
60 	}
61 
62 	/* Read the second word in case of limm */
63 	word1 = *((uint16_t *)(addr + state->instr_len));
64 	word0 = *((uint16_t *)(addr + state->instr_len + 2));
65 	state->words[1] = (word1 << 16) | word0;
66 
67 	switch (state->major_opcode) {
68 	case op_Bcc:
69 		state->is_branch = 1;
70 
71 		/* unconditional branch s25, conditional branch s21 */
72 		fieldA = (IS_BIT(state->words[0], 16)) ?
73 			FIELD_s25(state->words[0]) :
74 			FIELD_s21(state->words[0]);
75 
76 		state->delay_slot = IS_BIT(state->words[0], 5);
77 		state->target = fieldA + (addr & ~0x3);
78 		state->flow = direct_jump;
79 		break;
80 
81 	case op_BLcc:
82 		if (IS_BIT(state->words[0], 16)) {
83 			/* Branch and Link*/
84 			/* unconditional branch s25, conditional branch s21 */
85 			fieldA = (IS_BIT(state->words[0], 17)) ?
86 				(FIELD_s25(state->words[0]) & ~0x3) :
87 				FIELD_s21(state->words[0]);
88 
89 			state->flow = direct_call;
90 		} else {
91 			/*Branch On Compare */
92 			fieldA = FIELD_s9(state->words[0]) & ~0x3;
93 			state->flow = direct_jump;
94 		}
95 
96 		state->delay_slot = IS_BIT(state->words[0], 5);
97 		state->target = fieldA + (addr & ~0x3);
98 		state->is_branch = 1;
99 		break;
100 
101 	case op_LD:  /* LD<zz> a,[b,s9] */
102 		state->write = 0;
103 		state->di = BITS(state->words[0], 11, 11);
104 		if (state->di)
105 			break;
106 		state->x = BITS(state->words[0], 6, 6);
107 		state->zz = BITS(state->words[0], 7, 8);
108 		state->aa = BITS(state->words[0], 9, 10);
109 		state->wb_reg = FIELD_B(state->words[0]);
110 		if (state->wb_reg == REG_LIMM) {
111 			state->instr_len += 4;
112 			state->aa = 0;
113 			state->src1 = state->words[1];
114 		} else {
115 			state->src1 = get_reg(state->wb_reg, regs, cregs);
116 		}
117 		state->src2 = FIELD_s9(state->words[0]);
118 		state->dest = FIELD_A(state->words[0]);
119 		state->pref = (state->dest == REG_LIMM);
120 		break;
121 
122 	case op_ST:
123 		state->write = 1;
124 		state->di = BITS(state->words[0], 5, 5);
125 		if (state->di)
126 			break;
127 		state->aa = BITS(state->words[0], 3, 4);
128 		state->zz = BITS(state->words[0], 1, 2);
129 		state->src1 = FIELD_C(state->words[0]);
130 		if (state->src1 == REG_LIMM) {
131 			state->instr_len += 4;
132 			state->src1 = state->words[1];
133 		} else {
134 			state->src1 = get_reg(state->src1, regs, cregs);
135 		}
136 		state->wb_reg = FIELD_B(state->words[0]);
137 		if (state->wb_reg == REG_LIMM) {
138 			state->aa = 0;
139 			state->instr_len += 4;
140 			state->src2 = state->words[1];
141 		} else {
142 			state->src2 = get_reg(state->wb_reg, regs, cregs);
143 		}
144 		state->src3 = FIELD_s9(state->words[0]);
145 		break;
146 
147 	case op_MAJOR_4:
148 		subopcode = MINOR_OPCODE(state->words[0]);
149 		switch (subopcode) {
150 		case 32:	/* Jcc */
151 		case 33:	/* Jcc.D */
152 		case 34:	/* JLcc */
153 		case 35:	/* JLcc.D */
154 			is_linked = 0;
155 
156 			if (subopcode == 33 || subopcode == 35)
157 				state->delay_slot = 1;
158 
159 			if (subopcode == 34 || subopcode == 35)
160 				is_linked = 1;
161 
162 			fieldCisReg = 0;
163 			op_format = BITS(state->words[0], 22, 23);
164 			if (op_format == 0 || ((op_format == 3) &&
165 				(!IS_BIT(state->words[0], 5)))) {
166 				fieldC = FIELD_C(state->words[0]);
167 
168 				if (fieldC == REG_LIMM) {
169 					fieldC = state->words[1];
170 					state->instr_len += 4;
171 				} else {
172 					fieldCisReg = 1;
173 				}
174 			} else if (op_format == 1 || ((op_format == 3)
175 				&& (IS_BIT(state->words[0], 5)))) {
176 				fieldC = FIELD_C(state->words[0]);
177 			} else  {
178 				/* op_format == 2 */
179 				fieldC = FIELD_s12(state->words[0]);
180 			}
181 
182 			if (!fieldCisReg) {
183 				state->target = fieldC;
184 				state->flow = is_linked ?
185 					direct_call : direct_jump;
186 			} else {
187 				state->target = get_reg(fieldC, regs, cregs);
188 				state->flow = is_linked ?
189 					indirect_call : indirect_jump;
190 			}
191 			state->is_branch = 1;
192 			break;
193 
194 		case 40:	/* LPcc */
195 			if (BITS(state->words[0], 22, 23) == 3) {
196 				/* Conditional LPcc u7 */
197 				fieldC = FIELD_C(state->words[0]);
198 
199 				fieldC = fieldC << 1;
200 				fieldC += (addr & ~0x03);
201 				state->is_branch = 1;
202 				state->flow = direct_jump;
203 				state->target = fieldC;
204 			}
205 			/* For Unconditional lp, next pc is the fall through
206 			 * which is updated */
207 			break;
208 
209 		case 48 ... 55:	/* LD a,[b,c] */
210 			state->di = BITS(state->words[0], 15, 15);
211 			if (state->di)
212 				break;
213 			state->x = BITS(state->words[0], 16, 16);
214 			state->zz = BITS(state->words[0], 17, 18);
215 			state->aa = BITS(state->words[0], 22, 23);
216 			state->wb_reg = FIELD_B(state->words[0]);
217 			if (state->wb_reg == REG_LIMM) {
218 				state->instr_len += 4;
219 				state->src1 = state->words[1];
220 			} else {
221 				state->src1 = get_reg(state->wb_reg, regs,
222 						cregs);
223 			}
224 			state->src2 = FIELD_C(state->words[0]);
225 			if (state->src2 == REG_LIMM) {
226 				state->instr_len += 4;
227 				state->src2 = state->words[1];
228 			} else {
229 				state->src2 = get_reg(state->src2, regs,
230 					cregs);
231 			}
232 			state->dest = FIELD_A(state->words[0]);
233 			if (state->dest == REG_LIMM)
234 				state->pref = 1;
235 			break;
236 
237 		case 10:	/* MOV */
238 			/* still need to check for limm to extract instr len */
239 			/* MOV is special case because it only takes 2 args */
240 			switch (BITS(state->words[0], 22, 23)) {
241 			case 0: /* OP a,b,c */
242 				if (FIELD_C(state->words[0]) == REG_LIMM)
243 					state->instr_len += 4;
244 				break;
245 			case 1: /* OP a,b,u6 */
246 				break;
247 			case 2: /* OP b,b,s12 */
248 				break;
249 			case 3: /* OP.cc b,b,c/u6 */
250 				if ((!IS_BIT(state->words[0], 5)) &&
251 				    (FIELD_C(state->words[0]) == REG_LIMM))
252 					state->instr_len += 4;
253 				break;
254 			}
255 			break;
256 
257 
258 		default:
259 			/* Not a Load, Jump or Loop instruction */
260 			/* still need to check for limm to extract instr len */
261 			switch (BITS(state->words[0], 22, 23)) {
262 			case 0: /* OP a,b,c */
263 				if ((FIELD_B(state->words[0]) == REG_LIMM) ||
264 				    (FIELD_C(state->words[0]) == REG_LIMM))
265 					state->instr_len += 4;
266 				break;
267 			case 1: /* OP a,b,u6 */
268 				break;
269 			case 2: /* OP b,b,s12 */
270 				break;
271 			case 3: /* OP.cc b,b,c/u6 */
272 				if ((!IS_BIT(state->words[0], 5)) &&
273 				   ((FIELD_B(state->words[0]) == REG_LIMM) ||
274 				    (FIELD_C(state->words[0]) == REG_LIMM)))
275 					state->instr_len += 4;
276 				break;
277 			}
278 			break;
279 		}
280 		break;
281 
282 	/* 16 Bit Instructions */
283 	case op_LD_ADD: /* LD_S|LDB_S|LDW_S a,[b,c] */
284 		state->zz = BITS(state->words[0], 3, 4);
285 		state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, cregs);
286 		state->src2 = get_reg(FIELD_S_C(state->words[0]), regs, cregs);
287 		state->dest = FIELD_S_A(state->words[0]);
288 		break;
289 
290 	case op_ADD_MOV_CMP:
291 		/* check for limm, ignore mov_s h,b (== mov_s 0,b) */
292 		if ((BITS(state->words[0], 3, 4) < 3) &&
293 		    (FIELD_S_H(state->words[0]) == REG_LIMM))
294 			state->instr_len += 4;
295 		break;
296 
297 	case op_S:
298 		subopcode = BITS(state->words[0], 5, 7);
299 		switch (subopcode) {
300 		case 0:	/* j_s */
301 		case 1:	/* j_s.d */
302 		case 2:	/* jl_s */
303 		case 3:	/* jl_s.d */
304 			state->target = get_reg(FIELD_S_B(state->words[0]),
305 						regs, cregs);
306 			state->delay_slot = subopcode & 1;
307 			state->flow = (subopcode >= 2) ?
308 				direct_call : indirect_jump;
309 			break;
310 		case 7:
311 			switch (BITS(state->words[0], 8, 10)) {
312 			case 4:	/* jeq_s [blink] */
313 			case 5:	/* jne_s [blink] */
314 			case 6:	/* j_s [blink] */
315 			case 7:	/* j_s.d [blink] */
316 				state->delay_slot = (subopcode == 7);
317 				state->flow = indirect_jump;
318 				state->target = get_reg(31, regs, cregs);
319 			default:
320 				break;
321 			}
322 		default:
323 			break;
324 		}
325 		break;
326 
327 	case op_LD_S:	/* LD_S c, [b, u7] */
328 		state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, cregs);
329 		state->src2 = FIELD_S_u7(state->words[0]);
330 		state->dest = FIELD_S_C(state->words[0]);
331 		break;
332 
333 	case op_LDB_S:
334 	case op_STB_S:
335 		/* no further handling required as byte accesses should not
336 		 * cause an unaligned access exception */
337 		state->zz = 1;
338 		break;
339 
340 	case op_LDWX_S:	/* LDWX_S c, [b, u6] */
341 		state->x = 1;
342 		fallthrough;
343 
344 	case op_LDW_S:	/* LDW_S c, [b, u6] */
345 		state->zz = 2;
346 		state->src1 = get_reg(FIELD_S_B(state->words[0]), regs, cregs);
347 		state->src2 = FIELD_S_u6(state->words[0]);
348 		state->dest = FIELD_S_C(state->words[0]);
349 		break;
350 
351 	case op_ST_S:	/* ST_S c, [b, u7] */
352 		state->write = 1;
353 		state->src1 = get_reg(FIELD_S_C(state->words[0]), regs, cregs);
354 		state->src2 = get_reg(FIELD_S_B(state->words[0]), regs, cregs);
355 		state->src3 = FIELD_S_u7(state->words[0]);
356 		break;
357 
358 	case op_STW_S:	/* STW_S c,[b,u6] */
359 		state->write = 1;
360 		state->zz = 2;
361 		state->src1 = get_reg(FIELD_S_C(state->words[0]), regs, cregs);
362 		state->src2 = get_reg(FIELD_S_B(state->words[0]), regs, cregs);
363 		state->src3 = FIELD_S_u6(state->words[0]);
364 		break;
365 
366 	case op_SP:	/* LD_S|LDB_S b,[sp,u7], ST_S|STB_S b,[sp,u7] */
367 		/* note: we are ignoring possibility of:
368 		 * ADD_S, SUB_S, PUSH_S, POP_S as these should not
369 		 * cause unaligned exception anyway */
370 		state->write = BITS(state->words[0], 6, 6);
371 		state->zz = BITS(state->words[0], 5, 5);
372 		if (state->zz)
373 			break;	/* byte accesses should not come here */
374 		if (!state->write) {
375 			state->src1 = get_reg(28, regs, cregs);
376 			state->src2 = FIELD_S_u7(state->words[0]);
377 			state->dest = FIELD_S_B(state->words[0]);
378 		} else {
379 			state->src1 = get_reg(FIELD_S_B(state->words[0]), regs,
380 					cregs);
381 			state->src2 = get_reg(28, regs, cregs);
382 			state->src3 = FIELD_S_u7(state->words[0]);
383 		}
384 		break;
385 
386 	case op_GP:	/* LD_S|LDB_S|LDW_S r0,[gp,s11/s9/s10] */
387 		/* note: ADD_S r0, gp, s11 is ignored */
388 		state->zz = BITS(state->words[0], 9, 10);
389 		state->src1 = get_reg(26, regs, cregs);
390 		state->src2 = state->zz ? FIELD_S_s10(state->words[0]) :
391 			FIELD_S_s11(state->words[0]);
392 		state->dest = 0;
393 		break;
394 
395 	case op_Pcl:	/* LD_S b,[pcl,u10] */
396 		state->src1 = regs->ret & ~3;
397 		state->src2 = FIELD_S_u10(state->words[0]);
398 		state->dest = FIELD_S_B(state->words[0]);
399 		break;
400 
401 	case op_BR_S:
402 		state->target = FIELD_S_s8(state->words[0]) + (addr & ~0x03);
403 		state->flow = direct_jump;
404 		state->is_branch = 1;
405 		break;
406 
407 	case op_B_S:
408 		fieldA = (BITS(state->words[0], 9, 10) == 3) ?
409 			FIELD_S_s7(state->words[0]) :
410 			FIELD_S_s10(state->words[0]);
411 		state->target = fieldA + (addr & ~0x03);
412 		state->flow = direct_jump;
413 		state->is_branch = 1;
414 		break;
415 
416 	case op_BL_S:
417 		state->target = FIELD_S_s13(state->words[0]) + (addr & ~0x03);
418 		state->flow = direct_call;
419 		state->is_branch = 1;
420 		break;
421 
422 	default:
423 		break;
424 	}
425 
426 	if (bytes_not_copied <= (8 - state->instr_len))
427 		return;
428 
429 fault:	state->fault = 1;
430 }
431 
get_reg(int reg,struct pt_regs * regs,struct callee_regs * cregs)432 long __kprobes get_reg(int reg, struct pt_regs *regs,
433 		       struct callee_regs *cregs)
434 {
435 	long *p;
436 
437 #if defined(CONFIG_ISA_ARCOMPACT)
438 	if (reg <= 12) {
439 		p = &regs->r0;
440 		return p[-reg];
441 	}
442 #else /* CONFIG_ISA_ARCV2 */
443 	if (reg <= 11) {
444 		p = &regs->r0;
445 		return p[reg];
446 	}
447 
448 	if (reg == 12)
449 		return regs->r12;
450 	if (reg == 30)
451 		return regs->r30;
452 #ifdef CONFIG_ARC_HAS_ACCL_REGS
453 	if (reg == 58)
454 		return regs->r58;
455 	if (reg == 59)
456 		return regs->r59;
457 #endif
458 #endif
459 	if (cregs && (reg <= 25)) {
460 		p = &cregs->r13;
461 		return p[13 - reg];
462 	}
463 
464 	if (reg == 26)
465 		return regs->r26;
466 	if (reg == 27)
467 		return regs->fp;
468 	if (reg == 28)
469 		return regs->sp;
470 	if (reg == 31)
471 		return regs->blink;
472 
473 	return 0;
474 }
475 
set_reg(int reg,long val,struct pt_regs * regs,struct callee_regs * cregs)476 void __kprobes set_reg(int reg, long val, struct pt_regs *regs,
477 		struct callee_regs *cregs)
478 {
479 	long *p;
480 
481 #if defined(CONFIG_ISA_ARCOMPACT)
482 	switch (reg) {
483 	case 0 ... 12:
484 		p = &regs->r0;
485 		p[-reg] = val;
486 		break;
487 	case 13 ... 25:
488 		if (cregs) {
489 			p = &cregs->r13;
490 			p[13 - reg] = val;
491 		}
492 		break;
493 	case 26:
494 		regs->r26 = val;
495 		break;
496 	case 27:
497 		regs->fp = val;
498 		break;
499 	case 28:
500 		regs->sp = val;
501 		break;
502 	case 31:
503 		regs->blink = val;
504 		break;
505 	default:
506 		break;
507 	}
508 #else /* CONFIG_ISA_ARCV2 */
509 	switch (reg) {
510 	case 0 ... 11:
511 		p = &regs->r0;
512 		p[reg] = val;
513 		break;
514 	case 12:
515 		regs->r12 = val;
516 		break;
517 	case 13 ... 25:
518 		if (cregs) {
519 			p = &cregs->r13;
520 			p[13 - reg] = val;
521 		}
522 		break;
523 	case 26:
524 		regs->r26 = val;
525 		break;
526 	case 27:
527 		regs->fp = val;
528 		break;
529 	case 28:
530 		regs->sp = val;
531 		break;
532 	case 30:
533 		regs->r30 = val;
534 		break;
535 	case 31:
536 		regs->blink = val;
537 		break;
538 #ifdef CONFIG_ARC_HAS_ACCL_REGS
539 	case 58:
540 		regs->r58 = val;
541 		break;
542 	case 59:
543 		regs->r59 = val;
544 		break;
545 #endif
546 	default:
547 		break;
548 	}
549 #endif
550 }
551 
552 /*
553  * Disassembles the insn at @pc and sets @next_pc to next PC (which could be
554  * @pc +2/4/6 (ARCompact ISA allows free intermixing of 16/32 bit insns).
555  *
556  * If @pc is a branch
557  *	-@tgt_if_br is set to branch target.
558  *	-If branch has delay slot, @next_pc updated with actual next PC.
559  */
disasm_next_pc(unsigned long pc,struct pt_regs * regs,struct callee_regs * cregs,unsigned long * next_pc,unsigned long * tgt_if_br)560 int __kprobes disasm_next_pc(unsigned long pc, struct pt_regs *regs,
561 			     struct callee_regs *cregs,
562 			     unsigned long *next_pc, unsigned long *tgt_if_br)
563 {
564 	struct disasm_state instr;
565 
566 	disasm_instr(pc, &instr, 0, regs, cregs);
567 
568 	*next_pc = pc + instr.instr_len;
569 
570 	/* Instruction with possible two targets branch, jump and loop */
571 	if (instr.is_branch)
572 		*tgt_if_br = instr.target;
573 
574 	/* For the instructions with delay slots, the fall through is the
575 	 * instruction following the instruction in delay slot.
576 	 */
577 	 if (instr.delay_slot) {
578 		struct disasm_state instr_d;
579 
580 		disasm_instr(*next_pc, &instr_d, 0, regs, cregs);
581 
582 		*next_pc += instr_d.instr_len;
583 	 }
584 
585 	 /* Zero Overhead Loop - end of the loop */
586 	if (!(regs->status32 & STATUS32_L) && (*next_pc == regs->lp_end)
587 		&& (regs->lp_count > 1)) {
588 		*next_pc = regs->lp_start;
589 	}
590 
591 	return instr.is_branch;
592 }
593 
594 #endif /* CONFIG_KGDB || CONFIG_ARC_EMUL_UNALIGNED || CONFIG_KPROBES */
595