4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
21 /* Portions Copyright 2013 Justin Hibbits */
23 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
27 #include <sys/fasttrap_isa.h>
28 #include <sys/fasttrap_impl.h>
29 #include <sys/dtrace.h>
30 #include <sys/dtrace_impl.h>
31 #include <cddl/dev/dtrace/dtrace_cddl.h>
33 #include <sys/types.h>
35 #include <sys/ptrace.h>
36 #include <sys/rmlock.h>
37 #include <sys/sysent.h>
39 #define OP(x) ((x) >> 26)
40 #define OPX(x) (((x) >> 2) & 0x3FF)
41 #define OP_BO(x) (((x) & 0x03E00000) >> 21)
42 #define OP_BI(x) (((x) & 0x001F0000) >> 16)
43 #define OP_RS(x) (((x) & 0x03E00000) >> 21)
44 #define OP_RA(x) (((x) & 0x001F0000) >> 16)
45 #define OP_RB(x) (((x) & 0x0000F100) >> 11)
48 fasttrap_tracepoint_install(proc_t *p, fasttrap_tracepoint_t *tp)
50 fasttrap_instr_t instr = FASTTRAP_INSTR;
52 if (uwrite(p, &instr, 4, tp->ftt_pc) != 0)
59 fasttrap_tracepoint_remove(proc_t *p, fasttrap_tracepoint_t *tp)
64 * Distinguish between read or write failures and a changed
67 if (uread(p, &instr, 4, tp->ftt_pc) != 0)
69 if (instr != FASTTRAP_INSTR)
71 if (uwrite(p, &tp->ftt_instr, 4, tp->ftt_pc) != 0)
78 fasttrap_tracepoint_init(proc_t *p, fasttrap_tracepoint_t *tp, uintptr_t pc,
79 fasttrap_probe_type_t type)
85 * Read the instruction at the given address out of the process's
86 * address space. We don't have to worry about a debugger
87 * changing this instruction before we overwrite it with our trap
88 * instruction since P_PR_LOCK is set.
90 if (uread(p, &instr, 4, pc) != 0)
94 * Decode the instruction to fill in the probe flags. We can have
95 * the process execute most instructions on its own using a pc/npc
96 * trick, but pc-relative control transfer present a problem since
97 * we're relocating the instruction. We emulate these instructions
98 * in the kernel. We assume a default type and over-write that as
101 * pc-relative instructions must be emulated for correctness;
102 * other instructions (which represent a large set of commonly traced
103 * instructions) are emulated or otherwise optimized for performance.
105 tp->ftt_type = FASTTRAP_T_COMMON;
106 tp->ftt_instr = instr;
109 /* The following are invalid for trapping (invalid opcodes, tw/twi). */
125 else if (OPX(instr) == 444 && OP_RS(instr) == OP_RA(instr) &&
126 OP_RS(instr) == OP_RB(instr))
127 tp->ftt_type = FASTTRAP_T_NOP;
130 tp->ftt_type = FASTTRAP_T_BC;
131 tp->ftt_dest = instr & 0x0000FFFC; /* Extract target address */
132 if (instr & 0x00008000)
133 tp->ftt_dest |= 0xFFFF0000;
134 /* Use as offset if not absolute address. */
137 tp->ftt_bo = OP_BO(instr);
138 tp->ftt_bi = OP_BI(instr);
141 tp->ftt_type = FASTTRAP_T_B;
142 tp->ftt_dest = instr & 0x03FFFFFC; /* Extract target address */
143 if (instr & 0x02000000)
144 tp->ftt_dest |= 0xFC000000;
145 /* Use as offset if not absolute address. */
150 switch (OPX(instr)) {
151 case 528: /* bcctr */
152 tp->ftt_type = FASTTRAP_T_BCTR;
153 tp->ftt_bo = OP_BO(instr);
154 tp->ftt_bi = OP_BI(instr);
157 tp->ftt_type = FASTTRAP_T_BCTR;
158 tp->ftt_bo = OP_BO(instr);
159 tp->ftt_bi = OP_BI(instr);
164 if (OP_RS(instr) == OP_RA(instr) &&
165 (instr & 0x0000FFFF) == 0)
166 tp->ftt_type = FASTTRAP_T_NOP;
171 * We don't know how this tracepoint is going to be used, but in case
172 * it's used as part of a function return probe, we need to indicate
173 * whether it's always a return site or only potentially a return
174 * site. If it's part of a return probe, it's always going to be a
175 * return from that function if it's a restore instruction or if
176 * the previous instruction was a return. If we could reliably
177 * distinguish jump tables from return sites, this wouldn't be
181 if (tp->ftt_type != FASTTRAP_T_RESTORE &&
182 (uread(p, &instr, 4, pc - sizeof (instr)) != 0 ||
183 !(OP(instr) == 2 && OP3(instr) == OP3_RETURN)))
184 tp->ftt_flags |= FASTTRAP_F_RETMAYBE;
191 fasttrap_anarg(struct reg *rp, int argno)
196 /* The first 8 arguments are in registers. */
198 return rp->fixreg[argno + 3];
200 /* Arguments on stack start after SP+LR (2 register slots). */
201 if (SV_PROC_FLAG(p, SV_ILP32)) {
202 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
203 value = dtrace_fuword32((void *)(rp->fixreg[1] + 8 +
204 ((argno - 8) * sizeof(uint32_t))));
205 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT | CPU_DTRACE_BADADDR);
207 DTRACE_CPUFLAG_SET(CPU_DTRACE_NOFAULT);
208 value = dtrace_fuword64((void *)(rp->fixreg[1] + 48 +
209 ((argno - 8) * sizeof(uint64_t))));
210 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT | CPU_DTRACE_BADADDR);
216 fasttrap_pid_getarg(void *arg, dtrace_id_t id, void *parg, int argno,
221 fill_regs(curthread, &r);
223 return (fasttrap_anarg(&r, argno));
227 fasttrap_usdt_getarg(void *arg, dtrace_id_t id, void *parg, int argno,
232 fill_regs(curthread, &r);
234 return (fasttrap_anarg(&r, argno));
238 fasttrap_usdt_args(fasttrap_probe_t *probe, struct reg *rp, int argc,
241 int i, x, cap = MIN(argc, probe->ftp_nargs);
243 for (i = 0; i < cap; i++) {
244 x = probe->ftp_argmap[i];
247 argv[i] = rp->fixreg[x];
249 if (SV_PROC_FLAG(curproc, SV_ILP32))
250 argv[i] = fuword32((void *)(rp->fixreg[1] + 8 +
251 (x * sizeof(uint32_t))));
253 argv[i] = fuword64((void *)(rp->fixreg[1] + 48 +
254 (x * sizeof(uint64_t))));
257 for (; i < argc; i++) {
263 fasttrap_return_common(struct reg *rp, uintptr_t pc, pid_t pid,
266 struct rm_priotracker tracker;
267 fasttrap_tracepoint_t *tp;
268 fasttrap_bucket_t *bucket;
271 rm_rlock(&fasttrap_tp_lock, &tracker);
272 bucket = &fasttrap_tpoints.fth_table[FASTTRAP_TPOINTS_INDEX(pid, pc)];
274 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) {
275 if (pid == tp->ftt_pid && pc == tp->ftt_pc &&
276 tp->ftt_proc->ftpc_acount != 0)
281 * Don't sweat it if we can't find the tracepoint again; unlike
282 * when we're in fasttrap_pid_probe(), finding the tracepoint here
283 * is not essential to the correct execution of the process.
286 rm_runlock(&fasttrap_tp_lock, &tracker);
290 for (id = tp->ftt_retids; id != NULL; id = id->fti_next) {
292 * If there's a branch that could act as a return site, we
293 * need to trace it, and check here if the program counter is
294 * external to the function.
296 /* Skip function-local branches. */
297 if ((new_pc - id->fti_probe->ftp_faddr) < id->fti_probe->ftp_fsize)
300 dtrace_probe(id->fti_probe->ftp_id,
301 pc - id->fti_probe->ftp_faddr,
302 rp->fixreg[3], rp->fixreg[4], 0, 0);
304 rm_runlock(&fasttrap_tp_lock, &tracker);
309 fasttrap_branch_taken(int bo, int bi, struct reg *regs)
314 if ((bo & 0x14) == 0x14)
317 /* Handle decrementing ctr */
320 crzero = (regs->ctr == 0);
322 return (!(crzero ^ (bo >> 1)));
326 return (crzero | (((regs->cr >> (31 - bi)) ^ (bo >> 3)) ^ 1));
331 fasttrap_pid_probe(struct reg *rp)
333 struct rm_priotracker tracker;
335 uintptr_t pc = rp->pc;
336 uintptr_t new_pc = 0;
337 fasttrap_bucket_t *bucket;
338 fasttrap_tracepoint_t *tp, tp_local;
340 dtrace_icookie_t cookie;
341 uint_t is_enabled = 0;
344 * It's possible that a user (in a veritable orgy of bad planning)
345 * could redirect this thread's flow of control before it reached the
346 * return probe fasttrap. In this case we need to kill the process
347 * since it's in a unrecoverable state.
349 if (curthread->t_dtrace_step) {
350 ASSERT(curthread->t_dtrace_on);
351 fasttrap_sigtrap(p, curthread, pc);
356 * Clear all user tracing flags.
358 curthread->t_dtrace_ft = 0;
359 curthread->t_dtrace_pc = 0;
360 curthread->t_dtrace_npc = 0;
361 curthread->t_dtrace_scrpc = 0;
362 curthread->t_dtrace_astpc = 0;
364 rm_rlock(&fasttrap_tp_lock, &tracker);
366 bucket = &fasttrap_tpoints.fth_table[FASTTRAP_TPOINTS_INDEX(pid, pc)];
369 * Lookup the tracepoint that the process just hit.
371 for (tp = bucket->ftb_data; tp != NULL; tp = tp->ftt_next) {
372 if (pid == tp->ftt_pid && pc == tp->ftt_pc &&
373 tp->ftt_proc->ftpc_acount != 0)
378 * If we couldn't find a matching tracepoint, either a tracepoint has
379 * been inserted without using the pid<pid> ioctl interface (see
380 * fasttrap_ioctl), or somehow we have mislaid this tracepoint.
383 rm_runlock(&fasttrap_tp_lock, &tracker);
387 if (tp->ftt_ids != NULL) {
390 for (id = tp->ftt_ids; id != NULL; id = id->fti_next) {
391 fasttrap_probe_t *probe = id->fti_probe;
393 if (id->fti_ptype == DTFTP_ENTRY) {
395 * We note that this was an entry
396 * probe to help ustack() find the
399 cookie = dtrace_interrupt_disable();
400 DTRACE_CPUFLAG_SET(CPU_DTRACE_ENTRY);
401 dtrace_probe(probe->ftp_id, rp->fixreg[3],
402 rp->fixreg[4], rp->fixreg[5], rp->fixreg[6],
404 DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_ENTRY);
405 dtrace_interrupt_enable(cookie);
406 } else if (id->fti_ptype == DTFTP_IS_ENABLED) {
408 * Note that in this case, we don't
409 * call dtrace_probe() since it's only
410 * an artificial probe meant to change
411 * the flow of control so that it
412 * encounters the true probe.
415 } else if (probe->ftp_argmap == NULL) {
416 dtrace_probe(probe->ftp_id, rp->fixreg[3],
417 rp->fixreg[4], rp->fixreg[5], rp->fixreg[6],
422 fasttrap_usdt_args(probe, rp,
423 sizeof (t) / sizeof (t[0]), t);
425 dtrace_probe(probe->ftp_id, t[0], t[1],
432 * We're about to do a bunch of work so we cache a local copy of
433 * the tracepoint to emulate the instruction, and then find the
434 * tracepoint again later if we need to light up any return probes.
437 rm_runlock(&fasttrap_tp_lock, &tracker);
441 * If there's an is-enabled probe connected to this tracepoint it
442 * means that there was a 'xor r3, r3, r3'
443 * instruction that was placed there by DTrace when the binary was
444 * linked. As this probe is, in fact, enabled, we need to stuff 1
445 * into R3. Accordingly, we can bypass all the instruction
446 * emulation logic since we know the inevitable result. It's possible
447 * that a user could construct a scenario where the 'is-enabled'
448 * probe was on some other instruction, but that would be a rather
449 * exotic way to shoot oneself in the foot.
458 switch (tp->ftt_type) {
463 if (!fasttrap_branch_taken(tp->ftt_bo, tp->ftt_bi, rp))
467 if (tp->ftt_instr & 0x01)
469 new_pc = tp->ftt_dest;
472 case FASTTRAP_T_BCTR:
473 if (!fasttrap_branch_taken(tp->ftt_bo, tp->ftt_bi, rp))
476 if (tp->ftt_type == FASTTRAP_T_BCTR)
480 if (tp->ftt_instr & 0x01)
483 case FASTTRAP_T_COMMON:
488 * If there were no return probes when we first found the tracepoint,
489 * we should feel no obligation to honor any return probes that were
490 * subsequently enabled -- they'll just have to wait until the next
493 if (tp->ftt_retids != NULL) {
495 * We need to wait until the results of the instruction are
496 * apparent before invoking any return probes. If this
497 * instruction was emulated we can just call
498 * fasttrap_return_common(); if it needs to be executed, we
499 * need to wait until the user thread returns to the kernel.
501 if (tp->ftt_type != FASTTRAP_T_COMMON) {
502 fasttrap_return_common(rp, pc, pid, new_pc);
504 ASSERT(curthread->t_dtrace_ret != 0);
505 ASSERT(curthread->t_dtrace_pc == pc);
506 ASSERT(curthread->t_dtrace_scrpc != 0);
507 ASSERT(new_pc == curthread->t_dtrace_astpc);
512 set_regs(curthread, rp);
518 fasttrap_return_probe(struct reg *rp)
521 uintptr_t pc = curthread->t_dtrace_pc;
522 uintptr_t npc = curthread->t_dtrace_npc;
524 curthread->t_dtrace_pc = 0;
525 curthread->t_dtrace_npc = 0;
526 curthread->t_dtrace_scrpc = 0;
527 curthread->t_dtrace_astpc = 0;
530 * We set rp->pc to the address of the traced instruction so
531 * that it appears to dtrace_probe() that we're on the original
532 * instruction, and so that the user can't easily detect our
533 * complex web of lies. dtrace_return_probe() (our caller)
534 * will correctly set %pc after we return.
538 fasttrap_return_common(rp, pc, p->p_pid, npc);
projects / FreeBSD / FreeBSD.git / blob