1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright 2008 Michael Ellerman, IBM Corporation. 4 */ 5 6 #include <linux/kprobes.h> 7 #include <linux/mmu_context.h> 8 #include <linux/random.h> 9 #include <linux/vmalloc.h> 10 #include <linux/init.h> 11 #include <linux/cpuhotplug.h> 12 #include <linux/uaccess.h> 13 #include <linux/jump_label.h> 14 15 #include <asm/debug.h> 16 #include <asm/pgalloc.h> 17 #include <asm/tlb.h> 18 #include <asm/tlbflush.h> 19 #include <asm/page.h> 20 #include <asm/code-patching.h> 21 #include <asm/inst.h> 22 __patch_mem(void * exec_addr,unsigned long val,void * patch_addr,bool is_dword)23 static int __patch_mem(void *exec_addr, unsigned long val, void *patch_addr, bool is_dword) 24 { 25 if (!IS_ENABLED(CONFIG_PPC64) || likely(!is_dword)) { 26 /* For big endian correctness: plain address would use the wrong half */ 27 u32 val32 = val; 28 29 __put_kernel_nofault(patch_addr, &val32, u32, failed); 30 } else { 31 __put_kernel_nofault(patch_addr, &val, u64, failed); 32 } 33 34 asm ("dcbst 0, %0; sync; icbi 0,%1; sync; isync" :: "r" (patch_addr), 35 "r" (exec_addr)); 36 37 return 0; 38 39 failed: 40 mb(); /* sync */ 41 return -EPERM; 42 } 43 raw_patch_instruction(u32 * addr,ppc_inst_t instr)44 int raw_patch_instruction(u32 *addr, ppc_inst_t instr) 45 { 46 if (ppc_inst_prefixed(instr)) 47 return __patch_mem(addr, ppc_inst_as_ulong(instr), addr, true); 48 else 49 return __patch_mem(addr, ppc_inst_val(instr), addr, false); 50 } 51 52 struct patch_context { 53 union { 54 struct vm_struct *area; 55 struct mm_struct *mm; 56 }; 57 unsigned long addr; 58 pte_t *pte; 59 }; 60 61 static DEFINE_PER_CPU(struct patch_context, cpu_patching_context); 62 63 static int map_patch_area(void *addr, unsigned long text_poke_addr); 64 static void unmap_patch_area(unsigned long addr); 65 mm_patch_enabled(void)66 static bool mm_patch_enabled(void) 67 { 68 return IS_ENABLED(CONFIG_SMP) && radix_enabled(); 69 } 70 71 /* 72 * The following applies for Radix MMU. Hash MMU has different requirements, 73 * and so is not supported. 74 * 75 * Changing mm requires context synchronising instructions on both sides of 76 * the context switch, as well as a hwsync between the last instruction for 77 * which the address of an associated storage access was translated using 78 * the current context. 79 * 80 * switch_mm_irqs_off() performs an isync after the context switch. It is 81 * the responsibility of the caller to perform the CSI and hwsync before 82 * starting/stopping the temp mm. 83 */ start_using_temp_mm(struct mm_struct * temp_mm)84 static struct mm_struct *start_using_temp_mm(struct mm_struct *temp_mm) 85 { 86 struct mm_struct *orig_mm = current->active_mm; 87 88 lockdep_assert_irqs_disabled(); 89 switch_mm_irqs_off(orig_mm, temp_mm, current); 90 91 WARN_ON(!mm_is_thread_local(temp_mm)); 92 93 suspend_breakpoints(); 94 return orig_mm; 95 } 96 stop_using_temp_mm(struct mm_struct * temp_mm,struct mm_struct * orig_mm)97 static void stop_using_temp_mm(struct mm_struct *temp_mm, 98 struct mm_struct *orig_mm) 99 { 100 lockdep_assert_irqs_disabled(); 101 switch_mm_irqs_off(temp_mm, orig_mm, current); 102 restore_breakpoints(); 103 } 104 text_area_cpu_up(unsigned int cpu)105 static int text_area_cpu_up(unsigned int cpu) 106 { 107 struct vm_struct *area; 108 unsigned long addr; 109 int err; 110 111 area = get_vm_area(PAGE_SIZE, VM_ALLOC); 112 if (!area) { 113 WARN_ONCE(1, "Failed to create text area for cpu %d\n", 114 cpu); 115 return -1; 116 } 117 118 // Map/unmap the area to ensure all page tables are pre-allocated 119 addr = (unsigned long)area->addr; 120 err = map_patch_area(empty_zero_page, addr); 121 if (err) 122 return err; 123 124 unmap_patch_area(addr); 125 126 this_cpu_write(cpu_patching_context.area, area); 127 this_cpu_write(cpu_patching_context.addr, addr); 128 this_cpu_write(cpu_patching_context.pte, virt_to_kpte(addr)); 129 130 return 0; 131 } 132 text_area_cpu_down(unsigned int cpu)133 static int text_area_cpu_down(unsigned int cpu) 134 { 135 free_vm_area(this_cpu_read(cpu_patching_context.area)); 136 this_cpu_write(cpu_patching_context.area, NULL); 137 this_cpu_write(cpu_patching_context.addr, 0); 138 this_cpu_write(cpu_patching_context.pte, NULL); 139 return 0; 140 } 141 put_patching_mm(struct mm_struct * mm,unsigned long patching_addr)142 static void put_patching_mm(struct mm_struct *mm, unsigned long patching_addr) 143 { 144 struct mmu_gather tlb; 145 146 tlb_gather_mmu(&tlb, mm); 147 free_pgd_range(&tlb, patching_addr, patching_addr + PAGE_SIZE, 0, 0); 148 mmput(mm); 149 } 150 text_area_cpu_up_mm(unsigned int cpu)151 static int text_area_cpu_up_mm(unsigned int cpu) 152 { 153 struct mm_struct *mm; 154 unsigned long addr; 155 pte_t *pte; 156 spinlock_t *ptl; 157 158 mm = mm_alloc(); 159 if (WARN_ON(!mm)) 160 goto fail_no_mm; 161 162 /* 163 * Choose a random page-aligned address from the interval 164 * [PAGE_SIZE .. DEFAULT_MAP_WINDOW - PAGE_SIZE]. 165 * The lower address bound is PAGE_SIZE to avoid the zero-page. 166 */ 167 addr = (1 + (get_random_long() % (DEFAULT_MAP_WINDOW / PAGE_SIZE - 2))) << PAGE_SHIFT; 168 169 /* 170 * PTE allocation uses GFP_KERNEL which means we need to 171 * pre-allocate the PTE here because we cannot do the 172 * allocation during patching when IRQs are disabled. 173 * 174 * Using get_locked_pte() to avoid open coding, the lock 175 * is unnecessary. 176 */ 177 pte = get_locked_pte(mm, addr, &ptl); 178 if (!pte) 179 goto fail_no_pte; 180 pte_unmap_unlock(pte, ptl); 181 182 this_cpu_write(cpu_patching_context.mm, mm); 183 this_cpu_write(cpu_patching_context.addr, addr); 184 185 return 0; 186 187 fail_no_pte: 188 put_patching_mm(mm, addr); 189 fail_no_mm: 190 return -ENOMEM; 191 } 192 text_area_cpu_down_mm(unsigned int cpu)193 static int text_area_cpu_down_mm(unsigned int cpu) 194 { 195 put_patching_mm(this_cpu_read(cpu_patching_context.mm), 196 this_cpu_read(cpu_patching_context.addr)); 197 198 this_cpu_write(cpu_patching_context.mm, NULL); 199 this_cpu_write(cpu_patching_context.addr, 0); 200 201 return 0; 202 } 203 204 static __ro_after_init DEFINE_STATIC_KEY_FALSE(poking_init_done); 205 poking_init(void)206 void __init poking_init(void) 207 { 208 int ret; 209 210 if (mm_patch_enabled()) 211 ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, 212 "powerpc/text_poke_mm:online", 213 text_area_cpu_up_mm, 214 text_area_cpu_down_mm); 215 else 216 ret = cpuhp_setup_state(CPUHP_AP_ONLINE_DYN, 217 "powerpc/text_poke:online", 218 text_area_cpu_up, 219 text_area_cpu_down); 220 221 /* cpuhp_setup_state returns >= 0 on success */ 222 if (WARN_ON(ret < 0)) 223 return; 224 225 static_branch_enable(&poking_init_done); 226 } 227 get_patch_pfn(void * addr)228 static unsigned long get_patch_pfn(void *addr) 229 { 230 if (IS_ENABLED(CONFIG_EXECMEM) && is_vmalloc_or_module_addr(addr)) 231 return vmalloc_to_pfn(addr); 232 else 233 return __pa_symbol(addr) >> PAGE_SHIFT; 234 } 235 236 /* 237 * This can be called for kernel text or a module. 238 */ map_patch_area(void * addr,unsigned long text_poke_addr)239 static int map_patch_area(void *addr, unsigned long text_poke_addr) 240 { 241 unsigned long pfn = get_patch_pfn(addr); 242 243 return map_kernel_page(text_poke_addr, (pfn << PAGE_SHIFT), PAGE_KERNEL); 244 } 245 unmap_patch_area(unsigned long addr)246 static void unmap_patch_area(unsigned long addr) 247 { 248 pte_t *ptep; 249 pmd_t *pmdp; 250 pud_t *pudp; 251 p4d_t *p4dp; 252 pgd_t *pgdp; 253 254 pgdp = pgd_offset_k(addr); 255 if (WARN_ON(pgd_none(*pgdp))) 256 return; 257 258 p4dp = p4d_offset(pgdp, addr); 259 if (WARN_ON(p4d_none(*p4dp))) 260 return; 261 262 pudp = pud_offset(p4dp, addr); 263 if (WARN_ON(pud_none(*pudp))) 264 return; 265 266 pmdp = pmd_offset(pudp, addr); 267 if (WARN_ON(pmd_none(*pmdp))) 268 return; 269 270 ptep = pte_offset_kernel(pmdp, addr); 271 if (WARN_ON(pte_none(*ptep))) 272 return; 273 274 /* 275 * In hash, pte_clear flushes the tlb, in radix, we have to 276 */ 277 pte_clear(&init_mm, addr, ptep); 278 flush_tlb_kernel_range(addr, addr + PAGE_SIZE); 279 } 280 __do_patch_mem_mm(void * addr,unsigned long val,bool is_dword)281 static int __do_patch_mem_mm(void *addr, unsigned long val, bool is_dword) 282 { 283 int err; 284 u32 *patch_addr; 285 unsigned long text_poke_addr; 286 pte_t *pte; 287 unsigned long pfn = get_patch_pfn(addr); 288 struct mm_struct *patching_mm; 289 struct mm_struct *orig_mm; 290 spinlock_t *ptl; 291 292 patching_mm = __this_cpu_read(cpu_patching_context.mm); 293 text_poke_addr = __this_cpu_read(cpu_patching_context.addr); 294 patch_addr = (u32 *)(text_poke_addr + offset_in_page(addr)); 295 296 pte = get_locked_pte(patching_mm, text_poke_addr, &ptl); 297 if (!pte) 298 return -ENOMEM; 299 300 __set_pte_at(patching_mm, text_poke_addr, pte, pfn_pte(pfn, PAGE_KERNEL), 0); 301 302 /* order PTE update before use, also serves as the hwsync */ 303 asm volatile("ptesync": : :"memory"); 304 305 /* order context switch after arbitrary prior code */ 306 isync(); 307 308 orig_mm = start_using_temp_mm(patching_mm); 309 310 err = __patch_mem(addr, val, patch_addr, is_dword); 311 312 /* context synchronisation performed by __patch_instruction (isync or exception) */ 313 stop_using_temp_mm(patching_mm, orig_mm); 314 315 pte_clear(patching_mm, text_poke_addr, pte); 316 /* 317 * ptesync to order PTE update before TLB invalidation done 318 * by radix__local_flush_tlb_page_psize (in _tlbiel_va) 319 */ 320 local_flush_tlb_page_psize(patching_mm, text_poke_addr, mmu_virtual_psize); 321 322 pte_unmap_unlock(pte, ptl); 323 324 return err; 325 } 326 __do_patch_mem(void * addr,unsigned long val,bool is_dword)327 static int __do_patch_mem(void *addr, unsigned long val, bool is_dword) 328 { 329 int err; 330 u32 *patch_addr; 331 unsigned long text_poke_addr; 332 pte_t *pte; 333 unsigned long pfn = get_patch_pfn(addr); 334 335 text_poke_addr = (unsigned long)__this_cpu_read(cpu_patching_context.addr) & PAGE_MASK; 336 patch_addr = (u32 *)(text_poke_addr + offset_in_page(addr)); 337 338 pte = __this_cpu_read(cpu_patching_context.pte); 339 __set_pte_at(&init_mm, text_poke_addr, pte, pfn_pte(pfn, PAGE_KERNEL), 0); 340 /* See ptesync comment in radix__set_pte_at() */ 341 if (radix_enabled()) 342 asm volatile("ptesync": : :"memory"); 343 344 err = __patch_mem(addr, val, patch_addr, is_dword); 345 346 pte_clear(&init_mm, text_poke_addr, pte); 347 flush_tlb_kernel_range(text_poke_addr, text_poke_addr + PAGE_SIZE); 348 349 return err; 350 } 351 patch_mem(void * addr,unsigned long val,bool is_dword)352 static int patch_mem(void *addr, unsigned long val, bool is_dword) 353 { 354 int err; 355 unsigned long flags; 356 357 /* 358 * During early early boot patch_instruction is called 359 * when text_poke_area is not ready, but we still need 360 * to allow patching. We just do the plain old patching 361 */ 362 if (!IS_ENABLED(CONFIG_STRICT_KERNEL_RWX) || 363 !static_branch_likely(&poking_init_done)) 364 return __patch_mem(addr, val, addr, is_dword); 365 366 local_irq_save(flags); 367 if (mm_patch_enabled()) 368 err = __do_patch_mem_mm(addr, val, is_dword); 369 else 370 err = __do_patch_mem(addr, val, is_dword); 371 local_irq_restore(flags); 372 373 return err; 374 } 375 376 #ifdef CONFIG_PPC64 377 patch_instruction(u32 * addr,ppc_inst_t instr)378 int patch_instruction(u32 *addr, ppc_inst_t instr) 379 { 380 if (ppc_inst_prefixed(instr)) 381 return patch_mem(addr, ppc_inst_as_ulong(instr), true); 382 else 383 return patch_mem(addr, ppc_inst_val(instr), false); 384 } 385 NOKPROBE_SYMBOL(patch_instruction); 386 patch_uint(void * addr,unsigned int val)387 int patch_uint(void *addr, unsigned int val) 388 { 389 if (!IS_ALIGNED((unsigned long)addr, sizeof(unsigned int))) 390 return -EINVAL; 391 392 return patch_mem(addr, val, false); 393 } 394 NOKPROBE_SYMBOL(patch_uint); 395 patch_ulong(void * addr,unsigned long val)396 int patch_ulong(void *addr, unsigned long val) 397 { 398 if (!IS_ALIGNED((unsigned long)addr, sizeof(unsigned long))) 399 return -EINVAL; 400 401 return patch_mem(addr, val, true); 402 } 403 NOKPROBE_SYMBOL(patch_ulong); 404 405 #else 406 patch_instruction(u32 * addr,ppc_inst_t instr)407 int patch_instruction(u32 *addr, ppc_inst_t instr) 408 { 409 return patch_mem(addr, ppc_inst_val(instr), false); 410 } NOKPROBE_SYMBOL(patch_instruction)411 NOKPROBE_SYMBOL(patch_instruction) 412 413 #endif 414 415 static int patch_memset64(u64 *addr, u64 val, size_t count) 416 { 417 for (u64 *end = addr + count; addr < end; addr++) 418 __put_kernel_nofault(addr, &val, u64, failed); 419 420 return 0; 421 422 failed: 423 return -EPERM; 424 } 425 patch_memset32(u32 * addr,u32 val,size_t count)426 static int patch_memset32(u32 *addr, u32 val, size_t count) 427 { 428 for (u32 *end = addr + count; addr < end; addr++) 429 __put_kernel_nofault(addr, &val, u32, failed); 430 431 return 0; 432 433 failed: 434 return -EPERM; 435 } 436 __patch_instructions(u32 * patch_addr,u32 * code,size_t len,bool repeat_instr)437 static int __patch_instructions(u32 *patch_addr, u32 *code, size_t len, bool repeat_instr) 438 { 439 unsigned long start = (unsigned long)patch_addr; 440 int err; 441 442 /* Repeat instruction */ 443 if (repeat_instr) { 444 ppc_inst_t instr = ppc_inst_read(code); 445 446 if (ppc_inst_prefixed(instr)) { 447 u64 val = ppc_inst_as_ulong(instr); 448 449 err = patch_memset64((u64 *)patch_addr, val, len / 8); 450 } else { 451 u32 val = ppc_inst_val(instr); 452 453 err = patch_memset32(patch_addr, val, len / 4); 454 } 455 } else { 456 err = copy_to_kernel_nofault(patch_addr, code, len); 457 } 458 459 smp_wmb(); /* smp write barrier */ 460 flush_icache_range(start, start + len); 461 return err; 462 } 463 464 /* 465 * A page is mapped and instructions that fit the page are patched. 466 * Assumes 'len' to be (PAGE_SIZE - offset_in_page(addr)) or below. 467 */ __do_patch_instructions_mm(u32 * addr,u32 * code,size_t len,bool repeat_instr)468 static int __do_patch_instructions_mm(u32 *addr, u32 *code, size_t len, bool repeat_instr) 469 { 470 struct mm_struct *patching_mm, *orig_mm; 471 unsigned long pfn = get_patch_pfn(addr); 472 unsigned long text_poke_addr; 473 spinlock_t *ptl; 474 u32 *patch_addr; 475 pte_t *pte; 476 int err; 477 478 patching_mm = __this_cpu_read(cpu_patching_context.mm); 479 text_poke_addr = __this_cpu_read(cpu_patching_context.addr); 480 patch_addr = (u32 *)(text_poke_addr + offset_in_page(addr)); 481 482 pte = get_locked_pte(patching_mm, text_poke_addr, &ptl); 483 if (!pte) 484 return -ENOMEM; 485 486 __set_pte_at(patching_mm, text_poke_addr, pte, pfn_pte(pfn, PAGE_KERNEL), 0); 487 488 /* order PTE update before use, also serves as the hwsync */ 489 asm volatile("ptesync" ::: "memory"); 490 491 /* order context switch after arbitrary prior code */ 492 isync(); 493 494 orig_mm = start_using_temp_mm(patching_mm); 495 496 err = __patch_instructions(patch_addr, code, len, repeat_instr); 497 498 /* context synchronisation performed by __patch_instructions */ 499 stop_using_temp_mm(patching_mm, orig_mm); 500 501 pte_clear(patching_mm, text_poke_addr, pte); 502 /* 503 * ptesync to order PTE update before TLB invalidation done 504 * by radix__local_flush_tlb_page_psize (in _tlbiel_va) 505 */ 506 local_flush_tlb_page_psize(patching_mm, text_poke_addr, mmu_virtual_psize); 507 508 pte_unmap_unlock(pte, ptl); 509 510 return err; 511 } 512 513 /* 514 * A page is mapped and instructions that fit the page are patched. 515 * Assumes 'len' to be (PAGE_SIZE - offset_in_page(addr)) or below. 516 */ __do_patch_instructions(u32 * addr,u32 * code,size_t len,bool repeat_instr)517 static int __do_patch_instructions(u32 *addr, u32 *code, size_t len, bool repeat_instr) 518 { 519 unsigned long pfn = get_patch_pfn(addr); 520 unsigned long text_poke_addr; 521 u32 *patch_addr; 522 pte_t *pte; 523 int err; 524 525 text_poke_addr = (unsigned long)__this_cpu_read(cpu_patching_context.addr) & PAGE_MASK; 526 patch_addr = (u32 *)(text_poke_addr + offset_in_page(addr)); 527 528 pte = __this_cpu_read(cpu_patching_context.pte); 529 __set_pte_at(&init_mm, text_poke_addr, pte, pfn_pte(pfn, PAGE_KERNEL), 0); 530 /* See ptesync comment in radix__set_pte_at() */ 531 if (radix_enabled()) 532 asm volatile("ptesync" ::: "memory"); 533 534 err = __patch_instructions(patch_addr, code, len, repeat_instr); 535 536 pte_clear(&init_mm, text_poke_addr, pte); 537 flush_tlb_kernel_range(text_poke_addr, text_poke_addr + PAGE_SIZE); 538 539 return err; 540 } 541 542 /* 543 * Patch 'addr' with 'len' bytes of instructions from 'code'. 544 * 545 * If repeat_instr is true, the same instruction is filled for 546 * 'len' bytes. 547 */ patch_instructions(u32 * addr,u32 * code,size_t len,bool repeat_instr)548 int patch_instructions(u32 *addr, u32 *code, size_t len, bool repeat_instr) 549 { 550 while (len > 0) { 551 unsigned long flags; 552 size_t plen; 553 int err; 554 555 plen = min_t(size_t, PAGE_SIZE - offset_in_page(addr), len); 556 557 local_irq_save(flags); 558 if (mm_patch_enabled()) 559 err = __do_patch_instructions_mm(addr, code, plen, repeat_instr); 560 else 561 err = __do_patch_instructions(addr, code, plen, repeat_instr); 562 local_irq_restore(flags); 563 if (err) 564 return err; 565 566 len -= plen; 567 addr = (u32 *)((unsigned long)addr + plen); 568 if (!repeat_instr) 569 code = (u32 *)((unsigned long)code + plen); 570 } 571 572 return 0; 573 } 574 NOKPROBE_SYMBOL(patch_instructions); 575 patch_branch(u32 * addr,unsigned long target,int flags)576 int patch_branch(u32 *addr, unsigned long target, int flags) 577 { 578 ppc_inst_t instr; 579 580 if (create_branch(&instr, addr, target, flags)) 581 return -ERANGE; 582 583 return patch_instruction(addr, instr); 584 } 585 586 /* 587 * Helper to check if a given instruction is a conditional branch 588 * Derived from the conditional checks in analyse_instr() 589 */ is_conditional_branch(ppc_inst_t instr)590 bool is_conditional_branch(ppc_inst_t instr) 591 { 592 unsigned int opcode = ppc_inst_primary_opcode(instr); 593 594 if (opcode == 16) /* bc, bca, bcl, bcla */ 595 return true; 596 if (opcode == 19) { 597 switch ((ppc_inst_val(instr) >> 1) & 0x3ff) { 598 case 16: /* bclr, bclrl */ 599 case 528: /* bcctr, bcctrl */ 600 case 560: /* bctar, bctarl */ 601 return true; 602 } 603 } 604 return false; 605 } 606 NOKPROBE_SYMBOL(is_conditional_branch); 607 create_cond_branch(ppc_inst_t * instr,const u32 * addr,unsigned long target,int flags)608 int create_cond_branch(ppc_inst_t *instr, const u32 *addr, 609 unsigned long target, int flags) 610 { 611 long offset; 612 613 offset = target; 614 if (! (flags & BRANCH_ABSOLUTE)) 615 offset = offset - (unsigned long)addr; 616 617 /* Check we can represent the target in the instruction format */ 618 if (!is_offset_in_cond_branch_range(offset)) 619 return 1; 620 621 /* Mask out the flags and target, so they don't step on each other. */ 622 *instr = ppc_inst(0x40000000 | (flags & 0x3FF0003) | (offset & 0xFFFC)); 623 624 return 0; 625 } 626 instr_is_relative_branch(ppc_inst_t instr)627 int instr_is_relative_branch(ppc_inst_t instr) 628 { 629 if (ppc_inst_val(instr) & BRANCH_ABSOLUTE) 630 return 0; 631 632 return instr_is_branch_iform(instr) || instr_is_branch_bform(instr); 633 } 634 instr_is_relative_link_branch(ppc_inst_t instr)635 int instr_is_relative_link_branch(ppc_inst_t instr) 636 { 637 return instr_is_relative_branch(instr) && (ppc_inst_val(instr) & BRANCH_SET_LINK); 638 } 639 branch_iform_target(const u32 * instr)640 static unsigned long branch_iform_target(const u32 *instr) 641 { 642 signed long imm; 643 644 imm = ppc_inst_val(ppc_inst_read(instr)) & 0x3FFFFFC; 645 646 /* If the top bit of the immediate value is set this is negative */ 647 if (imm & 0x2000000) 648 imm -= 0x4000000; 649 650 if ((ppc_inst_val(ppc_inst_read(instr)) & BRANCH_ABSOLUTE) == 0) 651 imm += (unsigned long)instr; 652 653 return (unsigned long)imm; 654 } 655 branch_bform_target(const u32 * instr)656 static unsigned long branch_bform_target(const u32 *instr) 657 { 658 signed long imm; 659 660 imm = ppc_inst_val(ppc_inst_read(instr)) & 0xFFFC; 661 662 /* If the top bit of the immediate value is set this is negative */ 663 if (imm & 0x8000) 664 imm -= 0x10000; 665 666 if ((ppc_inst_val(ppc_inst_read(instr)) & BRANCH_ABSOLUTE) == 0) 667 imm += (unsigned long)instr; 668 669 return (unsigned long)imm; 670 } 671 branch_target(const u32 * instr)672 unsigned long branch_target(const u32 *instr) 673 { 674 if (instr_is_branch_iform(ppc_inst_read(instr))) 675 return branch_iform_target(instr); 676 else if (instr_is_branch_bform(ppc_inst_read(instr))) 677 return branch_bform_target(instr); 678 679 return 0; 680 } 681 translate_branch(ppc_inst_t * instr,const u32 * dest,const u32 * src)682 int translate_branch(ppc_inst_t *instr, const u32 *dest, const u32 *src) 683 { 684 unsigned long target; 685 target = branch_target(src); 686 687 if (instr_is_branch_iform(ppc_inst_read(src))) 688 return create_branch(instr, dest, target, 689 ppc_inst_val(ppc_inst_read(src))); 690 else if (instr_is_branch_bform(ppc_inst_read(src))) 691 return create_cond_branch(instr, dest, target, 692 ppc_inst_val(ppc_inst_read(src))); 693 694 return 1; 695 } 696