Lines Matching +full:mod +full:- +full:12 +full:b
1 // SPDX-License-Identifier: GPL-2.0-only
21 #include <asm/text-patching.h>
32 #include <asm/asm-prototypes.h>
39 #define MAX_PATCH_LEN (255-1)
60 __setup("debug-alternative", debug_alt);
69 __setup("noreplace-smp", setup_noreplace_smp);
86 for (j = 0; j < (len) - 1; j++) \
135 * eventually text-poked into the kernel image.
145 * for every single-byte NOP, try to generate the maximally available NOP of
147 * each single-byte NOPs). If @len to fill out is > ASM_NOP_MAX, pad with INT3 and
187 if (insn->opcode.bytes[0] == 0x90 && in insn_is_nop()
188 (!insn->prefixes.nbytes || insn->prefixes.bytes[0] != 0xF3)) in insn_is_nop()
192 if (insn->opcode.bytes[0] == 0x0F && insn->opcode.bytes[1] == 0x1F) in insn_is_nop()
201 * Find the offset of the first non-NOP instruction starting at @offset
242 add_nop(buf + nop, next - nop); in optimize_nops()
257 * src_imm = target - src_next_ip (1)
261 * dst_imm = target - dst_next_ip (2)
269 * dst_imm = (src_imm + src_next_ip) - dst_next_ip (3)
280 * dst_imm = src_imm + (src + ip_offset) - (dst + ip_offset)
281 * = src_imm + src - dst + ip_offset - ip_offset
282 * = src_imm + src - dst (5)
291 BUG_ON((v >> 31) != (v >> (n_-1))); \
342 repl - instr); in __apply_relocation()
350 imm += repl - instr; in __apply_relocation()
351 imm += JMP32_INSN_SIZE - JMP8_INSN_SIZE; in __apply_relocation()
356 memset(&buf[i+2], INT3_INSN_OPCODE, insn.length - 2); in __apply_relocation()
366 repl - instr); in __apply_relocation()
378 /* Low-level backend functions usable from alternative code replacements. */
400 if (a->replacementlen != 5 || insn_buff[0] != CALL_INSN_OPCODE) { in alt_replace_call()
401 pr_err("ALT_FLAG_DIRECT_CALL set for a non-call replacement instruction\n"); in alt_replace_call()
405 if (a->instrlen != 6 || in alt_replace_call()
417 target = *(void **)(instr + a->instrlen + disp); in alt_replace_call()
426 /* (BUG_func - .) + (target - BUG_func) := target - . */ in alt_replace_call()
427 *(s32 *)(insn_buff + 1) += target - bug; in alt_replace_call()
437 return (u8 *)&i->instr_offset + i->instr_offset; in instr_va()
455 struct alt_instr *a, *b; in apply_alternatives() local
457 DPRINTK(ALT, "alt table %px, -> %px", start, end); in apply_alternatives()
463 * conversion and triggers a false-positive out-of-bound report. in apply_alternatives()
487 for (b = a+1; b < end && instr_va(b) == instr_va(a); b++) { in apply_alternatives()
488 u8 len = max(a->instrlen, b->instrlen); in apply_alternatives()
489 a->instrlen = b->instrlen = len; in apply_alternatives()
493 replacement = (u8 *)&a->repl_offset + a->repl_offset; in apply_alternatives()
494 BUG_ON(a->instrlen > sizeof(insn_buff)); in apply_alternatives()
495 BUG_ON(a->cpuid >= (NCAPINTS + NBUGINTS) * 32); in apply_alternatives()
499 * - feature is present in apply_alternatives()
500 * - feature not present but ALT_FLAG_NOT is set to mean, in apply_alternatives()
503 if (!boot_cpu_has(a->cpuid) == !(a->flags & ALT_FLAG_NOT)) { in apply_alternatives()
504 memcpy(insn_buff, instr, a->instrlen); in apply_alternatives()
505 optimize_nops(instr, insn_buff, a->instrlen); in apply_alternatives()
506 text_poke_early(instr, insn_buff, a->instrlen); in apply_alternatives()
511 a->cpuid >> 5, in apply_alternatives()
512 a->cpuid & 0x1f, in apply_alternatives()
513 instr, instr, a->instrlen, in apply_alternatives()
514 replacement, a->replacementlen, a->flags); in apply_alternatives()
516 memcpy(insn_buff, replacement, a->replacementlen); in apply_alternatives()
517 insn_buff_sz = a->replacementlen; in apply_alternatives()
519 if (a->flags & ALT_FLAG_DIRECT_CALL) { in apply_alternatives()
525 for (; insn_buff_sz < a->instrlen; insn_buff_sz++) in apply_alternatives()
528 apply_relocation(insn_buff, instr, a->instrlen, replacement, a->replacementlen); in apply_alternatives()
530 DUMP_BYTES(ALT, instr, a->instrlen, "%px: old_insn: ", instr); in apply_alternatives()
531 DUMP_BYTES(ALT, replacement, a->replacementlen, "%px: rpl_insn: ", replacement); in apply_alternatives()
542 /* Jcc.d32 second opcode byte is in the range: 0x80-0x8f */ in is_jcc32()
543 return insn->opcode.bytes[0] == 0x0f && (insn->opcode.bytes[1] & 0xf0) == 0x80; in is_jcc32()
567 return -1; in emit_indirect()
571 bytes[i++] = 0x41; /* REX.B prefix */ in emit_indirect()
572 reg -= 8; in emit_indirect()
575 modrm |= 0xc0; /* Mod = 3 */ in emit_indirect()
586 u8 op = insn->opcode.bytes[0]; in emit_call_track_retpoline()
591 * tail-calls. Deal with them. in emit_call_track_retpoline()
595 op = insn->opcode.bytes[1]; in emit_call_track_retpoline()
599 if (insn->length == 6) in emit_call_track_retpoline()
600 bytes[i++] = 0x2e; /* CS-prefix */ in emit_call_track_retpoline()
620 return -1; in emit_call_track_retpoline()
623 WARN_ON_ONCE(i != insn->length); in emit_call_track_retpoline()
650 target = addr + insn->length + insn->immediate.value; in patch_retpoline()
651 reg = target - __x86_indirect_thunk_array; in patch_retpoline()
654 return -1; in patch_retpoline()
664 return -1; in patch_retpoline()
667 op = insn->opcode.bytes[0]; in patch_retpoline()
683 cc = insn->opcode.bytes[1] & 0xf; in patch_retpoline()
687 bytes[i++] = insn->length - 2; /* sizeof(Jcc.d8) == 2 */ in patch_retpoline()
713 if (op == JMP32_INSN_OPCODE && i < insn->length) in patch_retpoline()
716 for (; i < insn->length;) in patch_retpoline()
723 * Generated by 'objtool --retpoline'.
774 * Rewrite the compiler generated return thunk tail-calls.
797 for (; i < insn->length;) in patch_return()
826 "missing return thunk: %pS-%pS: %*ph", in apply_returns()
880 * Generated by: objtool --ibt
894 poison_cfi(addr - 16); in apply_seal_endbr()
960 func -= cfi_get_offset(); in cfi_get_func_hash()
985 * Re-hash the CFI hash with a boot-time seed while making sure the result is
991 while (unlikely(is_endbr(hash) || is_endbr(-hash))) { in cfi_rehash()
1003 return -EINVAL; in cfi_parse_cmdline()
1053 * movl $(-0x12345678),%r10d // 6 movl $0x12345678,%r10d // 6
1054 * addl $-15(%r11),%r10d // 4 sub $16,%r11 // 4
1075 #define fineibt_preamble_size (fineibt_preamble_end - fineibt_preamble_start)
1090 #define fineibt_caller_size (fineibt_caller_end - fineibt_caller_start)
1093 #define fineibt_caller_jmp (fineibt_caller_size - 2)
1099 /* b8 78 56 34 12 mov $0x12345678,%eax */ in decode_preamble_hash()
1110 /* 41 ba 78 56 34 12 mov $0x12345678,%r10d */ in decode_caller_hash()
1112 return -*(u32 *)(addr + 2); in decode_caller_hash()
1114 /* e8 0c 78 56 34 12 jmp.d8 +12 */ in decode_caller_hash()
1116 return -*(u32 *)(addr + 2); in decode_caller_hash()
1136 addr -= fineibt_caller_size; in cfi_disable_callers()
1150 * Re-enable kCFI, undo what cfi_disable_callers() did. in cfi_enable_callers()
1159 addr -= fineibt_caller_size; in cfi_enable_callers()
1182 return -EINVAL; in cfi_rand_preamble()
1202 return -EINVAL; in cfi_rewrite_preamble()
1232 addr -= fineibt_caller_size; in cfi_rand_callers()
1235 hash = -cfi_rehash(hash); in cfi_rand_callers()
1251 addr -= fineibt_caller_size; in cfi_rewrite_callers()
1320 /* place the FineIBT preamble at func()-16 */ in __apply_fineibt()
1325 /* rewrite the callers to target func()-16 */ in __apply_fineibt()
1436 struct module *mod; member
1452 void __init_or_module alternatives_smp_module_add(struct module *mod, in alternatives_smp_module_add() argument
1472 smp->mod = mod; in alternatives_smp_module_add()
1473 smp->name = name; in alternatives_smp_module_add()
1474 smp->locks = locks; in alternatives_smp_module_add()
1475 smp->locks_end = locks_end; in alternatives_smp_module_add()
1476 smp->text = text; in alternatives_smp_module_add()
1477 smp->text_end = text_end; in alternatives_smp_module_add()
1478 DPRINTK(SMP, "locks %p -> %p, text %p -> %p, name %s\n", in alternatives_smp_module_add()
1479 smp->locks, smp->locks_end, in alternatives_smp_module_add()
1480 smp->text, smp->text_end, smp->name); in alternatives_smp_module_add()
1482 list_add_tail(&smp->next, &smp_alt_modules); in alternatives_smp_module_add()
1489 void __init_or_module alternatives_smp_module_del(struct module *mod) in alternatives_smp_module_del() argument
1495 if (mod != item->mod) in alternatives_smp_module_del()
1497 list_del(&item->next); in alternatives_smp_module_del()
1506 struct smp_alt_module *mod; in alternatives_enable_smp() local
1518 list_for_each_entry(mod, &smp_alt_modules, next) in alternatives_enable_smp()
1519 alternatives_smp_lock(mod->locks, mod->locks_end, in alternatives_enable_smp()
1520 mod->text, mod->text_end); in alternatives_enable_smp()
1527 * Return 1 if the address range is reserved for SMP-alternatives.
1532 struct smp_alt_module *mod; in alternatives_text_reserved() local
1539 list_for_each_entry(mod, &smp_alt_modules, next) { in alternatives_text_reserved()
1540 if (mod->text > text_end || mod->text_end < text_start) in alternatives_text_reserved()
1542 for (poff = mod->locks; poff < mod->locks_end; poff++) { in alternatives_text_reserved()
1555 * Self-test for the INT3 based CALL emulation code.
1579 " .size int3_magic, .-int3_magic\n"
1590 struct pt_regs *regs = args->regs; in int3_exception_notify()
1600 if (regs->ip - INT3_INSN_SIZE != selftest) in int3_exception_notify()
1612 .priority = INT_MAX-1, /* last */ in int3_selftest()
1619 * Basically: int3_magic(&val); but really complicated :-) in int3_selftest()
1650 * instruction and additionally on x86_64 we get a RIP-relative LEA: in alt_reloc_selftest()
1653 * call +0 # 5d5: R_X86_64_PLT32 __alt_reloc_selftest-0x4 in alt_reloc_selftest()
1740 * text_poke_early - Update instructions on a live kernel at boot time
1759 * Modules text is marked initially as non-executable, so the in text_poke_early()
1760 * code cannot be running and speculative code-fetches are in text_poke_early()
1785 * temporary page-table mappings that are required for these write operations to
1892 * flush_tlb_mm_range(), which is intended for non-global PTEs. in __text_poke()
1897 * The lock is not really needed, but this allows to avoid open-coding. in __text_poke()
1937 * Loading the previous page-table hierarchy requires a serializing in __text_poke()
1939 * Xen-PV is assumed to serialize execution in a similar manner. in __text_poke()
1965 * text_poke - Update instructions on a live kernel
1988 * text_poke_kgdb - Update instructions on a live kernel by kgdb
2019 s = min_t(size_t, PAGE_SIZE * 2 - offset_in_page(ptr), len - patched); in text_poke_copy_locked()
2028 * text_poke_copy - Copy instructions into (an unused part of) RX memory
2048 * text_poke_set - memset into (an unused part of) RX memory
2069 s = min_t(size_t, PAGE_SIZE * 2 - offset_in_page(ptr), len - patched); in text_poke_set()
2117 if (!raw_atomic_inc_not_zero(&desc->refs)) in try_get_desc()
2128 raw_atomic_dec(&desc->refs); in put_desc()
2133 return _stext + tp->rel_addr; in text_poke_addr()
2141 return -1; in patch_cmp()
2159 * bp_desc with non-zero refcount: in poke_int3_handler()
2174 ip = (void *) regs->ip - INT3_INSN_SIZE; in poke_int3_handler()
2179 if (unlikely(desc->nr_entries > 1)) { in poke_int3_handler()
2180 tp = __inline_bsearch(ip, desc->vec, desc->nr_entries, in poke_int3_handler()
2186 tp = desc->vec; in poke_int3_handler()
2191 ip += tp->len; in poke_int3_handler()
2193 switch (tp->opcode) { in poke_int3_handler()
2206 int3_emulate_call(regs, (long)ip + tp->disp); in poke_int3_handler()
2211 int3_emulate_jmp(regs, (long)ip + tp->disp); in poke_int3_handler()
2215 int3_emulate_jcc(regs, tp->opcode & 0xf, (long)ip, tp->disp); in poke_int3_handler()
2234 * text_poke_bp_batch() -- update instructions on live kernel on SMP
2238 * Modify multi-byte instruction by using int3 breakpoint on SMP.
2243 * - For each entry in the vector:
2244 * - add a int3 trap to the address that will be patched
2245 * - sync cores
2246 * - For each entry in the vector:
2247 * - update all but the first byte of the patched range
2248 * - sync cores
2249 * - For each entry in the vector:
2250 * - replace the first byte (int3) by the first byte of
2252 * - sync cores
2267 * ensure reading a non-zero refcount provides up to date bp_desc data. in text_poke_bp_batch()
2306 if (len - INT3_INSN_SIZE > 0) { in text_poke_bp_batch()
2309 len - INT3_INSN_SIZE); in text_poke_bp_batch()
2319 len - INT3_INSN_SIZE); in text_poke_bp_batch()
2328 * - write INT3 byte in text_poke_bp_batch()
2329 * - IPI-SYNC in text_poke_bp_batch()
2330 * - write instruction tail in text_poke_bp_batch()
2335 * - emit RECORD_TEXT_POKE with the new instruction in text_poke_bp_batch()
2336 * - IPI-SYNC in text_poke_bp_batch()
2337 * - write first byte in text_poke_bp_batch()
2338 * - IPI-SYNC in text_poke_bp_batch()
2395 memcpy((void *)tp->text, opcode+i, len-i); in text_poke_loc_init()
2402 tp->rel_addr = addr - (void *)_stext; in text_poke_loc_init()
2403 tp->len = len; in text_poke_loc_init()
2404 tp->opcode = insn.opcode.bytes[0]; in text_poke_loc_init()
2410 tp->opcode = insn.opcode.bytes[1] - 0x10; in text_poke_loc_init()
2413 switch (tp->opcode) { in text_poke_loc_init()
2422 BUG_ON(tp->text[i] != INT3_INSN_OPCODE); in text_poke_loc_init()
2429 switch (tp->opcode) { in text_poke_loc_init()
2438 tp->disp = insn.immediate.value; in text_poke_loc_init()
2443 case 2: /* NOP2 -- emulate as JMP8+0 */ in text_poke_loc_init()
2445 tp->opcode = JMP8_INSN_OPCODE; in text_poke_loc_init()
2446 tp->disp = 0; in text_poke_loc_init()
2449 case 5: /* NOP5 -- emulate as JMP32+0 */ in text_poke_loc_init()
2451 tp->opcode = JMP32_INSN_OPCODE; in text_poke_loc_init()
2452 tp->disp = 0; in text_poke_loc_init()
2476 tp = &tp_vec[tp_vec_nr - 1]; in tp_order_fail()
2507 * text_poke_bp() -- update instructions on live kernel on SMP