6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
11 #include <linux/kernel.h>
12 #include <linux/kprobes.h>
13 #include <linux/ptrace.h>
14 #include <linux/prefetch.h>
15 #include <asm/sstep.h>
16 #include <asm/processor.h>
17 #include <linux/uaccess.h>
18 #include <asm/cpu_has_feature.h>
19 #include <asm/cputable.h>
21 extern char system_call_common[];
24 /* Bits in SRR1 that are copied from MSR */
25 #define MSR_MASK 0xffffffff87c0ffffUL
27 #define MSR_MASK 0x87c0ffff
31 #define XER_SO 0x80000000U
32 #define XER_OV 0x40000000U
33 #define XER_CA 0x20000000U
37 * Functions in ldstfp.S
39 extern int do_lfs(int rn, unsigned long ea);
40 extern int do_lfd(int rn, unsigned long ea);
41 extern int do_stfs(int rn, unsigned long ea);
42 extern int do_stfd(int rn, unsigned long ea);
43 extern int do_lvx(int rn, unsigned long ea);
44 extern int do_stvx(int rn, unsigned long ea);
45 extern int do_lxvd2x(int rn, unsigned long ea);
46 extern int do_stxvd2x(int rn, unsigned long ea);
50 * Emulate the truncation of 64 bit values in 32-bit mode.
52 static unsigned long truncate_if_32bit(unsigned long msr, unsigned long val)
55 if ((msr & MSR_64BIT) == 0)
62 * Determine whether a conditional branch instruction would branch.
64 static int __kprobes branch_taken(unsigned int instr, struct pt_regs *regs)
66 unsigned int bo = (instr >> 21) & 0x1f;
70 /* decrement counter */
72 if (((bo >> 1) & 1) ^ (regs->ctr == 0))
75 if ((bo & 0x10) == 0) {
76 /* check bit from CR */
77 bi = (instr >> 16) & 0x1f;
78 if (((regs->ccr >> (31 - bi)) & 1) != ((bo >> 3) & 1))
85 static long __kprobes address_ok(struct pt_regs *regs, unsigned long ea, int nb)
89 return __access_ok(ea, nb, USER_DS);
93 * Calculate effective address for a D-form instruction
95 static unsigned long __kprobes dform_ea(unsigned int instr, struct pt_regs *regs)
100 ra = (instr >> 16) & 0x1f;
101 ea = (signed short) instr; /* sign-extend */
105 return truncate_if_32bit(regs->msr, ea);
110 * Calculate effective address for a DS-form instruction
112 static unsigned long __kprobes dsform_ea(unsigned int instr, struct pt_regs *regs)
117 ra = (instr >> 16) & 0x1f;
118 ea = (signed short) (instr & ~3); /* sign-extend */
122 return truncate_if_32bit(regs->msr, ea);
124 #endif /* __powerpc64 */
127 * Calculate effective address for an X-form instruction
129 static unsigned long __kprobes xform_ea(unsigned int instr,
130 struct pt_regs *regs)
135 ra = (instr >> 16) & 0x1f;
136 rb = (instr >> 11) & 0x1f;
141 return truncate_if_32bit(regs->msr, ea);
145 * Return the largest power of 2, not greater than sizeof(unsigned long),
146 * such that x is a multiple of it.
148 static inline unsigned long max_align(unsigned long x)
150 x |= sizeof(unsigned long);
151 return x & -x; /* isolates rightmost bit */
155 static inline unsigned long byterev_2(unsigned long x)
157 return ((x >> 8) & 0xff) | ((x & 0xff) << 8);
160 static inline unsigned long byterev_4(unsigned long x)
162 return ((x >> 24) & 0xff) | ((x >> 8) & 0xff00) |
163 ((x & 0xff00) << 8) | ((x & 0xff) << 24);
167 static inline unsigned long byterev_8(unsigned long x)
169 return (byterev_4(x) << 32) | byterev_4(x >> 32);
173 static int __kprobes read_mem_aligned(unsigned long *dest, unsigned long ea,
181 err = __get_user(x, (unsigned char __user *) ea);
184 err = __get_user(x, (unsigned short __user *) ea);
187 err = __get_user(x, (unsigned int __user *) ea);
191 err = __get_user(x, (unsigned long __user *) ea);
200 static int __kprobes read_mem_unaligned(unsigned long *dest, unsigned long ea,
201 int nb, struct pt_regs *regs)
204 unsigned long x, b, c;
205 #ifdef __LITTLE_ENDIAN__
206 int len = nb; /* save a copy of the length for byte reversal */
209 /* unaligned, do this in pieces */
211 for (; nb > 0; nb -= c) {
212 #ifdef __LITTLE_ENDIAN__
215 #ifdef __BIG_ENDIAN__
220 err = read_mem_aligned(&b, ea, c);
223 x = (x << (8 * c)) + b;
226 #ifdef __LITTLE_ENDIAN__
229 *dest = byterev_2(x);
232 *dest = byterev_4(x);
236 *dest = byterev_8(x);
241 #ifdef __BIG_ENDIAN__
248 * Read memory at address ea for nb bytes, return 0 for success
249 * or -EFAULT if an error occurred.
251 static int __kprobes read_mem(unsigned long *dest, unsigned long ea, int nb,
252 struct pt_regs *regs)
254 if (!address_ok(regs, ea, nb))
256 if ((ea & (nb - 1)) == 0)
257 return read_mem_aligned(dest, ea, nb);
258 return read_mem_unaligned(dest, ea, nb, regs);
261 static int __kprobes write_mem_aligned(unsigned long val, unsigned long ea,
268 err = __put_user(val, (unsigned char __user *) ea);
271 err = __put_user(val, (unsigned short __user *) ea);
274 err = __put_user(val, (unsigned int __user *) ea);
278 err = __put_user(val, (unsigned long __user *) ea);
285 static int __kprobes write_mem_unaligned(unsigned long val, unsigned long ea,
286 int nb, struct pt_regs *regs)
291 #ifdef __LITTLE_ENDIAN__
294 val = byterev_2(val);
297 val = byterev_4(val);
301 val = byterev_8(val);
306 /* unaligned or little-endian, do this in pieces */
307 for (; nb > 0; nb -= c) {
308 #ifdef __LITTLE_ENDIAN__
311 #ifdef __BIG_ENDIAN__
316 err = write_mem_aligned(val >> (nb - c) * 8, ea, c);
325 * Write memory at address ea for nb bytes, return 0 for success
326 * or -EFAULT if an error occurred.
328 static int __kprobes write_mem(unsigned long val, unsigned long ea, int nb,
329 struct pt_regs *regs)
331 if (!address_ok(regs, ea, nb))
333 if ((ea & (nb - 1)) == 0)
334 return write_mem_aligned(val, ea, nb);
335 return write_mem_unaligned(val, ea, nb, regs);
338 #ifdef CONFIG_PPC_FPU
340 * Check the address and alignment, and call func to do the actual
343 static int __kprobes do_fp_load(int rn, int (*func)(int, unsigned long),
344 unsigned long ea, int nb,
345 struct pt_regs *regs)
352 #ifdef __BIG_ENDIAN__
356 #ifdef __LITTLE_ENDIAN__
364 if (!address_ok(regs, ea, nb))
367 return (*func)(rn, ea);
368 ptr = (unsigned long) &data.ul;
369 if (sizeof(unsigned long) == 8 || nb == 4) {
370 err = read_mem_unaligned(&data.ul[0], ea, nb, regs);
372 ptr = (unsigned long)&(data.single.word);
374 /* reading a double on 32-bit */
375 err = read_mem_unaligned(&data.ul[0], ea, 4, regs);
377 err = read_mem_unaligned(&data.ul[1], ea + 4, 4, regs);
381 return (*func)(rn, ptr);
384 static int __kprobes do_fp_store(int rn, int (*func)(int, unsigned long),
385 unsigned long ea, int nb,
386 struct pt_regs *regs)
393 #ifdef __BIG_ENDIAN__
397 #ifdef __LITTLE_ENDIAN__
405 if (!address_ok(regs, ea, nb))
408 return (*func)(rn, ea);
409 ptr = (unsigned long) &data.ul[0];
410 if (sizeof(unsigned long) == 8 || nb == 4) {
412 ptr = (unsigned long)&(data.single.word);
413 err = (*func)(rn, ptr);
416 err = write_mem_unaligned(data.ul[0], ea, nb, regs);
418 /* writing a double on 32-bit */
419 err = (*func)(rn, ptr);
422 err = write_mem_unaligned(data.ul[0], ea, 4, regs);
424 err = write_mem_unaligned(data.ul[1], ea + 4, 4, regs);
430 #ifdef CONFIG_ALTIVEC
431 /* For Altivec/VMX, no need to worry about alignment */
432 static int __kprobes do_vec_load(int rn, int (*func)(int, unsigned long),
433 unsigned long ea, struct pt_regs *regs)
435 if (!address_ok(regs, ea & ~0xfUL, 16))
437 return (*func)(rn, ea);
440 static int __kprobes do_vec_store(int rn, int (*func)(int, unsigned long),
441 unsigned long ea, struct pt_regs *regs)
443 if (!address_ok(regs, ea & ~0xfUL, 16))
445 return (*func)(rn, ea);
447 #endif /* CONFIG_ALTIVEC */
450 static int __kprobes do_vsx_load(int rn, int (*func)(int, unsigned long),
451 unsigned long ea, struct pt_regs *regs)
454 unsigned long val[2];
456 if (!address_ok(regs, ea, 16))
459 return (*func)(rn, ea);
460 err = read_mem_unaligned(&val[0], ea, 8, regs);
462 err = read_mem_unaligned(&val[1], ea + 8, 8, regs);
464 err = (*func)(rn, (unsigned long) &val[0]);
468 static int __kprobes do_vsx_store(int rn, int (*func)(int, unsigned long),
469 unsigned long ea, struct pt_regs *regs)
472 unsigned long val[2];
474 if (!address_ok(regs, ea, 16))
477 return (*func)(rn, ea);
478 err = (*func)(rn, (unsigned long) &val[0]);
481 err = write_mem_unaligned(val[0], ea, 8, regs);
483 err = write_mem_unaligned(val[1], ea + 8, 8, regs);
486 #endif /* CONFIG_VSX */
488 #define __put_user_asmx(x, addr, err, op, cr) \
489 __asm__ __volatile__( \
490 "1: " op " %2,0,%3\n" \
493 ".section .fixup,\"ax\"\n" \
498 : "=r" (err), "=r" (cr) \
499 : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err))
501 #define __get_user_asmx(x, addr, err, op) \
502 __asm__ __volatile__( \
503 "1: "op" %1,0,%2\n" \
505 ".section .fixup,\"ax\"\n" \
510 : "=r" (err), "=r" (x) \
511 : "r" (addr), "i" (-EFAULT), "0" (err))
513 #define __cacheop_user_asmx(addr, err, op) \
514 __asm__ __volatile__( \
517 ".section .fixup,\"ax\"\n" \
523 : "r" (addr), "i" (-EFAULT), "0" (err))
525 static void __kprobes set_cr0(struct pt_regs *regs, int rd)
527 long val = regs->gpr[rd];
529 regs->ccr = (regs->ccr & 0x0fffffff) | ((regs->xer >> 3) & 0x10000000);
531 if (!(regs->msr & MSR_64BIT))
535 regs->ccr |= 0x80000000;
537 regs->ccr |= 0x40000000;
539 regs->ccr |= 0x20000000;
542 static void __kprobes add_with_carry(struct pt_regs *regs, int rd,
543 unsigned long val1, unsigned long val2,
544 unsigned long carry_in)
546 unsigned long val = val1 + val2;
552 if (!(regs->msr & MSR_64BIT)) {
553 val = (unsigned int) val;
554 val1 = (unsigned int) val1;
557 if (val < val1 || (carry_in && val == val1))
560 regs->xer &= ~XER_CA;
563 static void __kprobes do_cmp_signed(struct pt_regs *regs, long v1, long v2,
566 unsigned int crval, shift;
568 crval = (regs->xer >> 31) & 1; /* get SO bit */
575 shift = (7 - crfld) * 4;
576 regs->ccr = (regs->ccr & ~(0xf << shift)) | (crval << shift);
579 static void __kprobes do_cmp_unsigned(struct pt_regs *regs, unsigned long v1,
580 unsigned long v2, int crfld)
582 unsigned int crval, shift;
584 crval = (regs->xer >> 31) & 1; /* get SO bit */
591 shift = (7 - crfld) * 4;
592 regs->ccr = (regs->ccr & ~(0xf << shift)) | (crval << shift);
595 static int __kprobes trap_compare(long v1, long v2)
605 if ((unsigned long)v1 < (unsigned long)v2)
607 else if ((unsigned long)v1 > (unsigned long)v2)
613 * Elements of 32-bit rotate and mask instructions.
615 #define MASK32(mb, me) ((0xffffffffUL >> (mb)) + \
616 ((signed long)-0x80000000L >> (me)) + ((me) >= (mb)))
618 #define MASK64_L(mb) (~0UL >> (mb))
619 #define MASK64_R(me) ((signed long)-0x8000000000000000L >> (me))
620 #define MASK64(mb, me) (MASK64_L(mb) + MASK64_R(me) + ((me) >= (mb)))
621 #define DATA32(x) (((x) & 0xffffffffUL) | (((x) & 0xffffffffUL) << 32))
623 #define DATA32(x) (x)
625 #define ROTATE(x, n) ((n) ? (((x) << (n)) | ((x) >> (8 * sizeof(long) - (n)))) : (x))
628 * Decode an instruction, and execute it if that can be done just by
629 * modifying *regs (i.e. integer arithmetic and logical instructions,
630 * branches, and barrier instructions).
631 * Returns 1 if the instruction has been executed, or 0 if not.
632 * Sets *op to indicate what the instruction does.
634 int __kprobes analyse_instr(struct instruction_op *op, struct pt_regs *regs,
637 unsigned int opcode, ra, rb, rd, spr, u;
638 unsigned long int imm;
639 unsigned long int val, val2;
640 unsigned int mb, me, sh;
645 opcode = instr >> 26;
649 imm = (signed short)(instr & 0xfffc);
650 if ((instr & 2) == 0)
653 regs->nip = truncate_if_32bit(regs->msr, regs->nip);
655 regs->link = regs->nip;
656 if (branch_taken(instr, regs))
657 regs->nip = truncate_if_32bit(regs->msr, imm);
661 if ((instr & 0xfe2) == 2)
669 imm = instr & 0x03fffffc;
670 if (imm & 0x02000000)
672 if ((instr & 2) == 0)
675 regs->link = truncate_if_32bit(regs->msr, regs->nip + 4);
676 imm = truncate_if_32bit(regs->msr, imm);
680 switch ((instr >> 1) & 0x3ff) {
682 rd = (instr >> 21) & 0x1c;
683 ra = (instr >> 16) & 0x1c;
684 val = (regs->ccr >> ra) & 0xf;
685 regs->ccr = (regs->ccr & ~(0xfUL << rd)) | (val << rd);
689 case 528: /* bcctr */
691 imm = (instr & 0x400)? regs->ctr: regs->link;
692 regs->nip = truncate_if_32bit(regs->msr, regs->nip + 4);
693 imm = truncate_if_32bit(regs->msr, imm);
695 regs->link = regs->nip;
696 if (branch_taken(instr, regs))
700 case 18: /* rfid, scary */
701 if (regs->msr & MSR_PR)
706 case 150: /* isync */
712 case 129: /* crandc */
713 case 193: /* crxor */
714 case 225: /* crnand */
715 case 257: /* crand */
716 case 289: /* creqv */
717 case 417: /* crorc */
719 ra = (instr >> 16) & 0x1f;
720 rb = (instr >> 11) & 0x1f;
721 rd = (instr >> 21) & 0x1f;
722 ra = (regs->ccr >> (31 - ra)) & 1;
723 rb = (regs->ccr >> (31 - rb)) & 1;
724 val = (instr >> (6 + ra * 2 + rb)) & 1;
725 regs->ccr = (regs->ccr & ~(1UL << (31 - rd))) |
731 switch ((instr >> 1) & 0x3ff) {
735 switch ((instr >> 21) & 3) {
737 asm volatile("lwsync" : : : "memory");
739 case 2: /* ptesync */
740 asm volatile("ptesync" : : : "memory");
747 case 854: /* eieio */
755 /* Following cases refer to regs->gpr[], so we need all regs */
756 if (!FULL_REGS(regs))
759 rd = (instr >> 21) & 0x1f;
760 ra = (instr >> 16) & 0x1f;
761 rb = (instr >> 11) & 0x1f;
766 if (rd & trap_compare(regs->gpr[ra], (short) instr))
771 if (rd & trap_compare((int)regs->gpr[ra], (short) instr))
776 regs->gpr[rd] = regs->gpr[ra] * (short) instr;
781 add_with_carry(regs, rd, ~regs->gpr[ra], imm, 1);
785 imm = (unsigned short) instr;
789 val = (unsigned int) val;
791 do_cmp_unsigned(regs, val, imm, rd >> 2);
801 do_cmp_signed(regs, val, imm, rd >> 2);
806 add_with_carry(regs, rd, regs->gpr[ra], imm, 0);
809 case 13: /* addic. */
811 add_with_carry(regs, rd, regs->gpr[ra], imm, 0);
818 imm += regs->gpr[ra];
823 imm = ((short) instr) << 16;
825 imm += regs->gpr[ra];
829 case 20: /* rlwimi */
830 mb = (instr >> 6) & 0x1f;
831 me = (instr >> 1) & 0x1f;
832 val = DATA32(regs->gpr[rd]);
833 imm = MASK32(mb, me);
834 regs->gpr[ra] = (regs->gpr[ra] & ~imm) | (ROTATE(val, rb) & imm);
837 case 21: /* rlwinm */
838 mb = (instr >> 6) & 0x1f;
839 me = (instr >> 1) & 0x1f;
840 val = DATA32(regs->gpr[rd]);
841 regs->gpr[ra] = ROTATE(val, rb) & MASK32(mb, me);
845 mb = (instr >> 6) & 0x1f;
846 me = (instr >> 1) & 0x1f;
847 rb = regs->gpr[rb] & 0x1f;
848 val = DATA32(regs->gpr[rd]);
849 regs->gpr[ra] = ROTATE(val, rb) & MASK32(mb, me);
853 imm = (unsigned short) instr;
854 regs->gpr[ra] = regs->gpr[rd] | imm;
858 imm = (unsigned short) instr;
859 regs->gpr[ra] = regs->gpr[rd] | (imm << 16);
863 imm = (unsigned short) instr;
864 regs->gpr[ra] = regs->gpr[rd] ^ imm;
868 imm = (unsigned short) instr;
869 regs->gpr[ra] = regs->gpr[rd] ^ (imm << 16);
873 imm = (unsigned short) instr;
874 regs->gpr[ra] = regs->gpr[rd] & imm;
878 case 29: /* andis. */
879 imm = (unsigned short) instr;
880 regs->gpr[ra] = regs->gpr[rd] & (imm << 16);
886 mb = ((instr >> 6) & 0x1f) | (instr & 0x20);
888 if ((instr & 0x10) == 0) {
889 sh = rb | ((instr & 2) << 4);
890 val = ROTATE(val, sh);
891 switch ((instr >> 2) & 3) {
893 regs->gpr[ra] = val & MASK64_L(mb);
896 regs->gpr[ra] = val & MASK64_R(mb);
899 regs->gpr[ra] = val & MASK64(mb, 63 - sh);
902 imm = MASK64(mb, 63 - sh);
903 regs->gpr[ra] = (regs->gpr[ra] & ~imm) |
908 sh = regs->gpr[rb] & 0x3f;
909 val = ROTATE(val, sh);
910 switch ((instr >> 1) & 7) {
912 regs->gpr[ra] = val & MASK64_L(mb);
915 regs->gpr[ra] = val & MASK64_R(mb);
920 break; /* illegal instruction */
923 switch ((instr >> 1) & 0x3ff) {
926 (rd & trap_compare((int)regs->gpr[ra],
927 (int)regs->gpr[rb])))
932 if (rd & trap_compare(regs->gpr[ra], regs->gpr[rb]))
937 if (regs->msr & MSR_PR)
942 case 146: /* mtmsr */
943 if (regs->msr & MSR_PR)
947 op->val = 0xffffffff & ~(MSR_ME | MSR_LE);
950 case 178: /* mtmsrd */
951 if (regs->msr & MSR_PR)
955 /* only MSR_EE and MSR_RI get changed if bit 15 set */
956 /* mtmsrd doesn't change MSR_HV, MSR_ME or MSR_LE */
957 imm = (instr & 0x10000)? 0x8002: 0xefffffffffffeffeUL;
963 regs->gpr[rd] = regs->ccr;
964 regs->gpr[rd] &= 0xffffffffUL;
967 case 144: /* mtcrf */
970 for (sh = 0; sh < 8; ++sh) {
971 if (instr & (0x80000 >> sh))
972 regs->ccr = (regs->ccr & ~imm) |
978 case 339: /* mfspr */
979 spr = ((instr >> 16) & 0x1f) | ((instr >> 6) & 0x3e0);
981 case SPRN_XER: /* mfxer */
982 regs->gpr[rd] = regs->xer;
983 regs->gpr[rd] &= 0xffffffffUL;
985 case SPRN_LR: /* mflr */
986 regs->gpr[rd] = regs->link;
988 case SPRN_CTR: /* mfctr */
989 regs->gpr[rd] = regs->ctr;
999 case 467: /* mtspr */
1000 spr = ((instr >> 16) & 0x1f) | ((instr >> 6) & 0x3e0);
1002 case SPRN_XER: /* mtxer */
1003 regs->xer = (regs->gpr[rd] & 0xffffffffUL);
1005 case SPRN_LR: /* mtlr */
1006 regs->link = regs->gpr[rd];
1008 case SPRN_CTR: /* mtctr */
1009 regs->ctr = regs->gpr[rd];
1013 op->val = regs->gpr[rd];
1020 * Compare instructions
1023 val = regs->gpr[ra];
1024 val2 = regs->gpr[rb];
1025 #ifdef __powerpc64__
1026 if ((rd & 1) == 0) {
1027 /* word (32-bit) compare */
1032 do_cmp_signed(regs, val, val2, rd >> 2);
1036 val = regs->gpr[ra];
1037 val2 = regs->gpr[rb];
1038 #ifdef __powerpc64__
1039 if ((rd & 1) == 0) {
1040 /* word (32-bit) compare */
1041 val = (unsigned int) val;
1042 val2 = (unsigned int) val2;
1045 do_cmp_unsigned(regs, val, val2, rd >> 2);
1049 * Arithmetic instructions
1052 add_with_carry(regs, rd, ~regs->gpr[ra],
1055 #ifdef __powerpc64__
1056 case 9: /* mulhdu */
1057 asm("mulhdu %0,%1,%2" : "=r" (regs->gpr[rd]) :
1058 "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1062 add_with_carry(regs, rd, regs->gpr[ra],
1066 case 11: /* mulhwu */
1067 asm("mulhwu %0,%1,%2" : "=r" (regs->gpr[rd]) :
1068 "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1072 regs->gpr[rd] = regs->gpr[rb] - regs->gpr[ra];
1074 #ifdef __powerpc64__
1075 case 73: /* mulhd */
1076 asm("mulhd %0,%1,%2" : "=r" (regs->gpr[rd]) :
1077 "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1080 case 75: /* mulhw */
1081 asm("mulhw %0,%1,%2" : "=r" (regs->gpr[rd]) :
1082 "r" (regs->gpr[ra]), "r" (regs->gpr[rb]));
1086 regs->gpr[rd] = -regs->gpr[ra];
1089 case 136: /* subfe */
1090 add_with_carry(regs, rd, ~regs->gpr[ra], regs->gpr[rb],
1091 regs->xer & XER_CA);
1094 case 138: /* adde */
1095 add_with_carry(regs, rd, regs->gpr[ra], regs->gpr[rb],
1096 regs->xer & XER_CA);
1099 case 200: /* subfze */
1100 add_with_carry(regs, rd, ~regs->gpr[ra], 0L,
1101 regs->xer & XER_CA);
1104 case 202: /* addze */
1105 add_with_carry(regs, rd, regs->gpr[ra], 0L,
1106 regs->xer & XER_CA);
1109 case 232: /* subfme */
1110 add_with_carry(regs, rd, ~regs->gpr[ra], -1L,
1111 regs->xer & XER_CA);
1113 #ifdef __powerpc64__
1114 case 233: /* mulld */
1115 regs->gpr[rd] = regs->gpr[ra] * regs->gpr[rb];
1118 case 234: /* addme */
1119 add_with_carry(regs, rd, regs->gpr[ra], -1L,
1120 regs->xer & XER_CA);
1123 case 235: /* mullw */
1124 regs->gpr[rd] = (unsigned int) regs->gpr[ra] *
1125 (unsigned int) regs->gpr[rb];
1129 regs->gpr[rd] = regs->gpr[ra] + regs->gpr[rb];
1131 #ifdef __powerpc64__
1132 case 457: /* divdu */
1133 regs->gpr[rd] = regs->gpr[ra] / regs->gpr[rb];
1136 case 459: /* divwu */
1137 regs->gpr[rd] = (unsigned int) regs->gpr[ra] /
1138 (unsigned int) regs->gpr[rb];
1140 #ifdef __powerpc64__
1141 case 489: /* divd */
1142 regs->gpr[rd] = (long int) regs->gpr[ra] /
1143 (long int) regs->gpr[rb];
1146 case 491: /* divw */
1147 regs->gpr[rd] = (int) regs->gpr[ra] /
1148 (int) regs->gpr[rb];
1153 * Logical instructions
1155 case 26: /* cntlzw */
1156 asm("cntlzw %0,%1" : "=r" (regs->gpr[ra]) :
1157 "r" (regs->gpr[rd]));
1159 #ifdef __powerpc64__
1160 case 58: /* cntlzd */
1161 asm("cntlzd %0,%1" : "=r" (regs->gpr[ra]) :
1162 "r" (regs->gpr[rd]));
1166 regs->gpr[ra] = regs->gpr[rd] & regs->gpr[rb];
1170 regs->gpr[ra] = regs->gpr[rd] & ~regs->gpr[rb];
1174 regs->gpr[ra] = ~(regs->gpr[rd] | regs->gpr[rb]);
1178 regs->gpr[ra] = ~(regs->gpr[rd] ^ regs->gpr[rb]);
1182 regs->gpr[ra] = regs->gpr[rd] ^ regs->gpr[rb];
1186 regs->gpr[ra] = regs->gpr[rd] | ~regs->gpr[rb];
1190 regs->gpr[ra] = regs->gpr[rd] | regs->gpr[rb];
1193 case 476: /* nand */
1194 regs->gpr[ra] = ~(regs->gpr[rd] & regs->gpr[rb]);
1197 case 922: /* extsh */
1198 regs->gpr[ra] = (signed short) regs->gpr[rd];
1201 case 954: /* extsb */
1202 regs->gpr[ra] = (signed char) regs->gpr[rd];
1204 #ifdef __powerpc64__
1205 case 986: /* extsw */
1206 regs->gpr[ra] = (signed int) regs->gpr[rd];
1211 * Shift instructions
1214 sh = regs->gpr[rb] & 0x3f;
1216 regs->gpr[ra] = (regs->gpr[rd] << sh) & 0xffffffffUL;
1222 sh = regs->gpr[rb] & 0x3f;
1224 regs->gpr[ra] = (regs->gpr[rd] & 0xffffffffUL) >> sh;
1229 case 792: /* sraw */
1230 sh = regs->gpr[rb] & 0x3f;
1231 ival = (signed int) regs->gpr[rd];
1232 regs->gpr[ra] = ival >> (sh < 32 ? sh : 31);
1233 if (ival < 0 && (sh >= 32 || (ival & ((1ul << sh) - 1)) != 0))
1234 regs->xer |= XER_CA;
1236 regs->xer &= ~XER_CA;
1239 case 824: /* srawi */
1241 ival = (signed int) regs->gpr[rd];
1242 regs->gpr[ra] = ival >> sh;
1243 if (ival < 0 && (ival & ((1ul << sh) - 1)) != 0)
1244 regs->xer |= XER_CA;
1246 regs->xer &= ~XER_CA;
1249 #ifdef __powerpc64__
1251 sh = regs->gpr[rb] & 0x7f;
1253 regs->gpr[ra] = regs->gpr[rd] << sh;
1259 sh = regs->gpr[rb] & 0x7f;
1261 regs->gpr[ra] = regs->gpr[rd] >> sh;
1266 case 794: /* srad */
1267 sh = regs->gpr[rb] & 0x7f;
1268 ival = (signed long int) regs->gpr[rd];
1269 regs->gpr[ra] = ival >> (sh < 64 ? sh : 63);
1270 if (ival < 0 && (sh >= 64 || (ival & ((1ul << sh) - 1)) != 0))
1271 regs->xer |= XER_CA;
1273 regs->xer &= ~XER_CA;
1276 case 826: /* sradi with sh_5 = 0 */
1277 case 827: /* sradi with sh_5 = 1 */
1278 sh = rb | ((instr & 2) << 4);
1279 ival = (signed long int) regs->gpr[rd];
1280 regs->gpr[ra] = ival >> sh;
1281 if (ival < 0 && (ival & ((1ul << sh) - 1)) != 0)
1282 regs->xer |= XER_CA;
1284 regs->xer &= ~XER_CA;
1286 #endif /* __powerpc64__ */
1289 * Cache instructions
1291 case 54: /* dcbst */
1292 op->type = MKOP(CACHEOP, DCBST, 0);
1293 op->ea = xform_ea(instr, regs);
1297 op->type = MKOP(CACHEOP, DCBF, 0);
1298 op->ea = xform_ea(instr, regs);
1301 case 246: /* dcbtst */
1302 op->type = MKOP(CACHEOP, DCBTST, 0);
1303 op->ea = xform_ea(instr, regs);
1307 case 278: /* dcbt */
1308 op->type = MKOP(CACHEOP, DCBTST, 0);
1309 op->ea = xform_ea(instr, regs);
1313 case 982: /* icbi */
1314 op->type = MKOP(CACHEOP, ICBI, 0);
1315 op->ea = xform_ea(instr, regs);
1325 op->update_reg = ra;
1327 op->val = regs->gpr[rd];
1328 u = (instr >> 20) & UPDATE;
1333 op->ea = xform_ea(instr, regs);
1334 switch ((instr >> 1) & 0x3ff) {
1335 case 20: /* lwarx */
1336 op->type = MKOP(LARX, 0, 4);
1339 case 150: /* stwcx. */
1340 op->type = MKOP(STCX, 0, 4);
1343 #ifdef __powerpc64__
1344 case 84: /* ldarx */
1345 op->type = MKOP(LARX, 0, 8);
1348 case 214: /* stdcx. */
1349 op->type = MKOP(STCX, 0, 8);
1354 op->type = MKOP(LOAD, u, 8);
1359 case 55: /* lwzux */
1360 op->type = MKOP(LOAD, u, 4);
1364 case 119: /* lbzux */
1365 op->type = MKOP(LOAD, u, 1);
1368 #ifdef CONFIG_ALTIVEC
1370 case 359: /* lvxl */
1371 if (!(regs->msr & MSR_VEC))
1373 op->type = MKOP(LOAD_VMX, 0, 16);
1376 case 231: /* stvx */
1377 case 487: /* stvxl */
1378 if (!(regs->msr & MSR_VEC))
1380 op->type = MKOP(STORE_VMX, 0, 16);
1382 #endif /* CONFIG_ALTIVEC */
1384 #ifdef __powerpc64__
1385 case 149: /* stdx */
1386 case 181: /* stdux */
1387 op->type = MKOP(STORE, u, 8);
1391 case 151: /* stwx */
1392 case 183: /* stwux */
1393 op->type = MKOP(STORE, u, 4);
1396 case 215: /* stbx */
1397 case 247: /* stbux */
1398 op->type = MKOP(STORE, u, 1);
1401 case 279: /* lhzx */
1402 case 311: /* lhzux */
1403 op->type = MKOP(LOAD, u, 2);
1406 #ifdef __powerpc64__
1407 case 341: /* lwax */
1408 case 373: /* lwaux */
1409 op->type = MKOP(LOAD, SIGNEXT | u, 4);
1413 case 343: /* lhax */
1414 case 375: /* lhaux */
1415 op->type = MKOP(LOAD, SIGNEXT | u, 2);
1418 case 407: /* sthx */
1419 case 439: /* sthux */
1420 op->type = MKOP(STORE, u, 2);
1423 #ifdef __powerpc64__
1424 case 532: /* ldbrx */
1425 op->type = MKOP(LOAD, BYTEREV, 8);
1429 case 533: /* lswx */
1430 op->type = MKOP(LOAD_MULTI, 0, regs->xer & 0x7f);
1433 case 534: /* lwbrx */
1434 op->type = MKOP(LOAD, BYTEREV, 4);
1437 case 597: /* lswi */
1439 rb = 32; /* # bytes to load */
1440 op->type = MKOP(LOAD_MULTI, 0, rb);
1443 op->ea = truncate_if_32bit(regs->msr,
1447 #ifdef CONFIG_PPC_FPU
1448 case 535: /* lfsx */
1449 case 567: /* lfsux */
1450 if (!(regs->msr & MSR_FP))
1452 op->type = MKOP(LOAD_FP, u, 4);
1455 case 599: /* lfdx */
1456 case 631: /* lfdux */
1457 if (!(regs->msr & MSR_FP))
1459 op->type = MKOP(LOAD_FP, u, 8);
1462 case 663: /* stfsx */
1463 case 695: /* stfsux */
1464 if (!(regs->msr & MSR_FP))
1466 op->type = MKOP(STORE_FP, u, 4);
1469 case 727: /* stfdx */
1470 case 759: /* stfdux */
1471 if (!(regs->msr & MSR_FP))
1473 op->type = MKOP(STORE_FP, u, 8);
1477 #ifdef __powerpc64__
1478 case 660: /* stdbrx */
1479 op->type = MKOP(STORE, BYTEREV, 8);
1480 op->val = byterev_8(regs->gpr[rd]);
1484 case 661: /* stswx */
1485 op->type = MKOP(STORE_MULTI, 0, regs->xer & 0x7f);
1488 case 662: /* stwbrx */
1489 op->type = MKOP(STORE, BYTEREV, 4);
1490 op->val = byterev_4(regs->gpr[rd]);
1495 rb = 32; /* # bytes to store */
1496 op->type = MKOP(STORE_MULTI, 0, rb);
1499 op->ea = truncate_if_32bit(regs->msr,
1503 case 790: /* lhbrx */
1504 op->type = MKOP(LOAD, BYTEREV, 2);
1507 case 918: /* sthbrx */
1508 op->type = MKOP(STORE, BYTEREV, 2);
1509 op->val = byterev_2(regs->gpr[rd]);
1513 case 844: /* lxvd2x */
1514 case 876: /* lxvd2ux */
1515 if (!(regs->msr & MSR_VSX))
1517 op->reg = rd | ((instr & 1) << 5);
1518 op->type = MKOP(LOAD_VSX, u, 16);
1521 case 972: /* stxvd2x */
1522 case 1004: /* stxvd2ux */
1523 if (!(regs->msr & MSR_VSX))
1525 op->reg = rd | ((instr & 1) << 5);
1526 op->type = MKOP(STORE_VSX, u, 16);
1529 #endif /* CONFIG_VSX */
1535 op->type = MKOP(LOAD, u, 4);
1536 op->ea = dform_ea(instr, regs);
1541 op->type = MKOP(LOAD, u, 1);
1542 op->ea = dform_ea(instr, regs);
1547 op->type = MKOP(STORE, u, 4);
1548 op->ea = dform_ea(instr, regs);
1553 op->type = MKOP(STORE, u, 1);
1554 op->ea = dform_ea(instr, regs);
1559 op->type = MKOP(LOAD, u, 2);
1560 op->ea = dform_ea(instr, regs);
1565 op->type = MKOP(LOAD, SIGNEXT | u, 2);
1566 op->ea = dform_ea(instr, regs);
1571 op->type = MKOP(STORE, u, 2);
1572 op->ea = dform_ea(instr, regs);
1577 break; /* invalid form, ra in range to load */
1578 op->type = MKOP(LOAD_MULTI, 0, 4 * (32 - rd));
1579 op->ea = dform_ea(instr, regs);
1583 op->type = MKOP(STORE_MULTI, 0, 4 * (32 - rd));
1584 op->ea = dform_ea(instr, regs);
1587 #ifdef CONFIG_PPC_FPU
1590 if (!(regs->msr & MSR_FP))
1592 op->type = MKOP(LOAD_FP, u, 4);
1593 op->ea = dform_ea(instr, regs);
1598 if (!(regs->msr & MSR_FP))
1600 op->type = MKOP(LOAD_FP, u, 8);
1601 op->ea = dform_ea(instr, regs);
1605 case 53: /* stfsu */
1606 if (!(regs->msr & MSR_FP))
1608 op->type = MKOP(STORE_FP, u, 4);
1609 op->ea = dform_ea(instr, regs);
1613 case 55: /* stfdu */
1614 if (!(regs->msr & MSR_FP))
1616 op->type = MKOP(STORE_FP, u, 8);
1617 op->ea = dform_ea(instr, regs);
1621 #ifdef __powerpc64__
1622 case 58: /* ld[u], lwa */
1623 op->ea = dsform_ea(instr, regs);
1624 switch (instr & 3) {
1626 op->type = MKOP(LOAD, 0, 8);
1629 op->type = MKOP(LOAD, UPDATE, 8);
1632 op->type = MKOP(LOAD, SIGNEXT, 4);
1637 case 62: /* std[u] */
1638 op->ea = dsform_ea(instr, regs);
1639 switch (instr & 3) {
1641 op->type = MKOP(STORE, 0, 8);
1644 op->type = MKOP(STORE, UPDATE, 8);
1648 #endif /* __powerpc64__ */
1663 regs->nip = truncate_if_32bit(regs->msr, regs->nip + 4);
1667 op->type = INTERRUPT | 0x700;
1668 op->val = SRR1_PROGPRIV;
1672 op->type = INTERRUPT | 0x700;
1673 op->val = SRR1_PROGTRAP;
1676 #ifdef CONFIG_PPC_FPU
1678 op->type = INTERRUPT | 0x800;
1682 #ifdef CONFIG_ALTIVEC
1684 op->type = INTERRUPT | 0xf20;
1690 op->type = INTERRUPT | 0xf40;
1694 EXPORT_SYMBOL_GPL(analyse_instr);
1697 * For PPC32 we always use stwu with r1 to change the stack pointer.
1698 * So this emulated store may corrupt the exception frame, now we
1699 * have to provide the exception frame trampoline, which is pushed
1700 * below the kprobed function stack. So we only update gpr[1] but
1701 * don't emulate the real store operation. We will do real store
1702 * operation safely in exception return code by checking this flag.
1704 static __kprobes int handle_stack_update(unsigned long ea, struct pt_regs *regs)
1708 * Check if we will touch kernel stack overflow
1710 if (ea - STACK_INT_FRAME_SIZE <= current->thread.ksp_limit) {
1711 printk(KERN_CRIT "Can't kprobe this since kernel stack would overflow.\n");
1714 #endif /* CONFIG_PPC32 */
1716 * Check if we already set since that means we'll
1717 * lose the previous value.
1719 WARN_ON(test_thread_flag(TIF_EMULATE_STACK_STORE));
1720 set_thread_flag(TIF_EMULATE_STACK_STORE);
1724 static __kprobes void do_signext(unsigned long *valp, int size)
1728 *valp = (signed short) *valp;
1731 *valp = (signed int) *valp;
1736 static __kprobes void do_byterev(unsigned long *valp, int size)
1740 *valp = byterev_2(*valp);
1743 *valp = byterev_4(*valp);
1745 #ifdef __powerpc64__
1747 *valp = byterev_8(*valp);
1754 * Emulate instructions that cause a transfer of control,
1755 * loads and stores, and a few other instructions.
1756 * Returns 1 if the step was emulated, 0 if not,
1757 * or -1 if the instruction is one that should not be stepped,
1758 * such as an rfid, or a mtmsrd that would clear MSR_RI.
1760 int __kprobes emulate_step(struct pt_regs *regs, unsigned int instr)
1762 struct instruction_op op;
1768 r = analyse_instr(&op, regs, instr);
1773 size = GETSIZE(op.type);
1774 switch (op.type & INSTR_TYPE_MASK) {
1776 if (!address_ok(regs, op.ea, 8))
1778 switch (op.type & CACHEOP_MASK) {
1780 __cacheop_user_asmx(op.ea, err, "dcbst");
1783 __cacheop_user_asmx(op.ea, err, "dcbf");
1787 prefetchw((void *) op.ea);
1791 prefetch((void *) op.ea);
1794 __cacheop_user_asmx(op.ea, err, "icbi");
1802 if (op.ea & (size - 1))
1803 break; /* can't handle misaligned */
1804 if (!address_ok(regs, op.ea, size))
1809 __get_user_asmx(val, op.ea, err, "lwarx");
1811 #ifdef __powerpc64__
1813 __get_user_asmx(val, op.ea, err, "ldarx");
1820 regs->gpr[op.reg] = val;
1824 if (op.ea & (size - 1))
1825 break; /* can't handle misaligned */
1826 if (!address_ok(regs, op.ea, size))
1831 __put_user_asmx(op.val, op.ea, err, "stwcx.", cr);
1833 #ifdef __powerpc64__
1835 __put_user_asmx(op.val, op.ea, err, "stdcx.", cr);
1842 regs->ccr = (regs->ccr & 0x0fffffff) |
1844 ((regs->xer >> 3) & 0x10000000);
1848 err = read_mem(®s->gpr[op.reg], op.ea, size, regs);
1850 if (op.type & SIGNEXT)
1851 do_signext(®s->gpr[op.reg], size);
1852 if (op.type & BYTEREV)
1853 do_byterev(®s->gpr[op.reg], size);
1857 #ifdef CONFIG_PPC_FPU
1860 err = do_fp_load(op.reg, do_lfs, op.ea, size, regs);
1862 err = do_fp_load(op.reg, do_lfd, op.ea, size, regs);
1865 #ifdef CONFIG_ALTIVEC
1867 err = do_vec_load(op.reg, do_lvx, op.ea & ~0xfUL, regs);
1872 err = do_vsx_load(op.reg, do_lxvd2x, op.ea, regs);
1876 if (regs->msr & MSR_LE)
1879 for (i = 0; i < size; i += 4) {
1883 err = read_mem(®s->gpr[rd], op.ea, nb, regs);
1886 if (nb < 4) /* left-justify last bytes */
1887 regs->gpr[rd] <<= 32 - 8 * nb;
1894 if ((op.type & UPDATE) && size == sizeof(long) &&
1895 op.reg == 1 && op.update_reg == 1 &&
1896 !(regs->msr & MSR_PR) &&
1897 op.ea >= regs->gpr[1] - STACK_INT_FRAME_SIZE) {
1898 err = handle_stack_update(op.ea, regs);
1901 err = write_mem(op.val, op.ea, size, regs);
1904 #ifdef CONFIG_PPC_FPU
1907 err = do_fp_store(op.reg, do_stfs, op.ea, size, regs);
1909 err = do_fp_store(op.reg, do_stfd, op.ea, size, regs);
1912 #ifdef CONFIG_ALTIVEC
1914 err = do_vec_store(op.reg, do_stvx, op.ea & ~0xfUL, regs);
1919 err = do_vsx_store(op.reg, do_stxvd2x, op.ea, regs);
1923 if (regs->msr & MSR_LE)
1926 for (i = 0; i < size; i += 4) {
1927 val = regs->gpr[rd];
1932 val >>= 32 - 8 * nb;
1933 err = write_mem(val, op.ea, nb, regs);
1942 regs->gpr[op.reg] = regs->msr & MSR_MASK;
1946 val = regs->gpr[op.reg];
1947 if ((val & MSR_RI) == 0)
1948 /* can't step mtmsr[d] that would clear MSR_RI */
1950 /* here op.val is the mask of bits to change */
1951 regs->msr = (regs->msr & ~op.val) | (val & op.val);
1955 case SYSCALL: /* sc */
1957 * N.B. this uses knowledge about how the syscall
1958 * entry code works. If that is changed, this will
1959 * need to be changed also.
1961 if (regs->gpr[0] == 0x1ebe &&
1962 cpu_has_feature(CPU_FTR_REAL_LE)) {
1963 regs->msr ^= MSR_LE;
1966 regs->gpr[9] = regs->gpr[13];
1967 regs->gpr[10] = MSR_KERNEL;
1968 regs->gpr[11] = regs->nip + 4;
1969 regs->gpr[12] = regs->msr & MSR_MASK;
1970 regs->gpr[13] = (unsigned long) get_paca();
1971 regs->nip = (unsigned long) &system_call_common;
1972 regs->msr = MSR_KERNEL;
1984 if (op.type & UPDATE)
1985 regs->gpr[op.update_reg] = op.ea;
1988 regs->nip = truncate_if_32bit(regs->msr, regs->nip + 4);
projects / linux.git / blob