search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / lib / libdtrace / i386 / dt_isadep.c
blobd16b393f3d9b88d28b2540038c84551cbffff4d2
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * Copyright (c) 2012 by Delphix. All rights reserved.
29 */
30
31 #include <stdlib.h>
32 #include <assert.h>
33 #include <errno.h>
34 #include <string.h>
35 #include <libgen.h>
36
37 #include <dt_impl.h>
38 #include <dt_pid.h>
39
40 #include <dis_tables.h>
41
42 #define DT_POPL_EBP 0x5d
43 #define DT_RET 0xc3
44 #define DT_RET16 0xc2
45 #define DT_LEAVE 0xc9
46 #define DT_JMP32 0xe9
47 #define DT_JMP8 0xeb
48 #define DT_REP 0xf3
49
50 #define DT_MOVL_EBP_ESP 0xe58b
51
52 #define DT_ISJ32(op16) (((op16) & 0xfff0) == 0x0f80)
53 #define DT_ISJ8(op8) (((op8) & 0xf0) == 0x70)
54
55 #define DT_MODRM_REG(modrm) (((modrm) >> 3) & 0x7)
56
57 static int dt_instr_size(uchar_t *, dtrace_hdl_t *, pid_t, uintptr_t, char);
58
59 /*ARGSUSED*/
60 int
61 dt_pid_create_entry_probe(struct ps_prochandle *P, dtrace_hdl_t *dtp,
62 fasttrap_probe_spec_t *ftp, const GElf_Sym *symp)
63 {
64 ftp->ftps_type = DTFTP_ENTRY;
65 ftp->ftps_pc = (uintptr_t)symp->st_value;
66 ftp->ftps_size = (size_t)symp->st_size;
67 ftp->ftps_noffs = 1;
68 ftp->ftps_offs[0] = 0;
69
70 if (ioctl(dtp->dt_ftfd, FASTTRAPIOC_MAKEPROBE, ftp) != 0) {
71 dt_dprintf("fasttrap probe creation ioctl failed: %s\n",
72 strerror(errno));
73 return (dt_set_errno(dtp, errno));
74 }
75
76 return (1);
77 }
78
79 static int
80 dt_pid_has_jump_table(struct ps_prochandle *P, dtrace_hdl_t *dtp,
81 uint8_t *text, fasttrap_probe_spec_t *ftp, const GElf_Sym *symp)
82 {
83 ulong_t i;
84 int size;
85 pid_t pid = Pstatus(P)->pr_pid;
86 char dmodel = Pstatus(P)->pr_dmodel;
87
88 /*
89 * Take a pass through the function looking for a register-dependant
90 * jmp instruction. This could be a jump table so we have to be
91 * ultra conservative.
92 */
93 for (i = 0; i < ftp->ftps_size; i += size) {
94 size = dt_instr_size(&text[i], dtp, pid, symp->st_value + i,
95 dmodel);
96
97 /*
98 * Assume the worst if we hit an illegal instruction.
99 */
100 if (size <= 0) {
101 dt_dprintf("error at %#lx (assuming jump table)\n", i);
102 return (1);
103 }
104
105 /*
106 * Register-dependant jmp instructions start with a 0xff byte
107 * and have the modrm.reg field set to 4. They can have an
108 * optional REX prefix on the 64-bit ISA.
109 */
110 if ((text[i] == 0xff && DT_MODRM_REG(text[i + 1]) == 4) ||
111 (dmodel == PR_MODEL_LP64 && (text[i] & 0xf0) == 0x40 &&
112 text[i + 1] == 0xff && DT_MODRM_REG(text[i + 2]) == 4)) {
113 dt_dprintf("found a suspected jump table at %s:%lx\n",
114 ftp->ftps_func, i);
115 return (1);
116 }
117 }
118
119 return (0);
120 }
121
122 /*ARGSUSED*/
123 int
124 dt_pid_create_return_probe(struct ps_prochandle *P, dtrace_hdl_t *dtp,
125 fasttrap_probe_spec_t *ftp, const GElf_Sym *symp, uint64_t *stret)
126 {
127 uint8_t *text;
128 ulong_t i, end;
129 int size;
130 pid_t pid = Pstatus(P)->pr_pid;
131 char dmodel = Pstatus(P)->pr_dmodel;
132
133 /*
134 * We allocate a few extra bytes at the end so we don't have to check
135 * for overrunning the buffer.
136 */
137 if ((text = calloc(1, symp->st_size + 4)) == NULL) {
138 dt_dprintf("mr sparkle: malloc() failed\n");
139 return (DT_PROC_ERR);
140 }
141
142 if (Pread(P, text, symp->st_size, symp->st_value) != symp->st_size) {
143 dt_dprintf("mr sparkle: Pread() failed\n");
144 free(text);
145 return (DT_PROC_ERR);
146 }
147
148 ftp->ftps_type = DTFTP_RETURN;
149 ftp->ftps_pc = (uintptr_t)symp->st_value;
150 ftp->ftps_size = (size_t)symp->st_size;
151 ftp->ftps_noffs = 0;
152
153 /*
154 * If there's a jump table in the function we're only willing to
155 * instrument these specific (and equivalent) instruction sequences:
156 * leave
157 * [rep] ret
158 * and
159 * movl %ebp,%esp
160 * popl %ebp
161 * [rep] ret
162 *
163 * We do this to avoid accidentally interpreting jump table
164 * offsets as actual instructions.
165 */
166 if (dt_pid_has_jump_table(P, dtp, text, ftp, symp)) {
167 for (i = 0, end = ftp->ftps_size; i < end; i += size) {
168 size = dt_instr_size(&text[i], dtp, pid,
169 symp->st_value + i, dmodel);
170
171 /* bail if we hit an invalid opcode */
172 if (size <= 0)
173 break;
174
175 if (text[i] == DT_LEAVE && text[i + 1] == DT_RET) {
176 dt_dprintf("leave/ret at %lx\n", i + 1);
177 ftp->ftps_offs[ftp->ftps_noffs++] = i + 1;
178 size = 2;
179 } else if (text[i] == DT_LEAVE &&
180 text[i + 1] == DT_REP && text[i + 2] == DT_RET) {
181 dt_dprintf("leave/rep ret at %lx\n", i + 1);
182 ftp->ftps_offs[ftp->ftps_noffs++] = i + 1;
183 size = 3;
184 } else if (*(uint16_t *)&text[i] == DT_MOVL_EBP_ESP &&
185 text[i + 2] == DT_POPL_EBP &&
186 text[i + 3] == DT_RET) {
187 dt_dprintf("movl/popl/ret at %lx\n", i + 3);
188 ftp->ftps_offs[ftp->ftps_noffs++] = i + 3;
189 size = 4;
190 } else if (*(uint16_t *)&text[i] == DT_MOVL_EBP_ESP &&
191 text[i + 2] == DT_POPL_EBP &&
192 text[i + 3] == DT_REP &&
193 text[i + 4] == DT_RET) {
194 dt_dprintf("movl/popl/rep ret at %lx\n", i + 3);
195 ftp->ftps_offs[ftp->ftps_noffs++] = i + 3;
196 size = 5;
197 }
198 }
199 } else {
200 for (i = 0, end = ftp->ftps_size; i < end; i += size) {
201 size = dt_instr_size(&text[i], dtp, pid,
202 symp->st_value + i, dmodel);
203
204 /* bail if we hit an invalid opcode */
205 if (size <= 0)
206 break;
207
208 /* ordinary ret */
209 if (size == 1 && text[i] == DT_RET)
210 goto is_ret;
211
212 /* two-byte ret */
213 if (size == 2 && text[i] == DT_REP &&
214 text[i + 1] == DT_RET)
215 goto is_ret;
216
217 /* ret <imm16> */
218 if (size == 3 && text[i] == DT_RET16)
219 goto is_ret;
220
221 /* two-byte ret <imm16> */
222 if (size == 4 && text[i] == DT_REP &&
223 text[i + 1] == DT_RET16)
224 goto is_ret;
225
226 /* 32-bit displacement jmp outside of the function */
227 if (size == 5 && text[i] == DT_JMP32 && symp->st_size <=
228 (uintptr_t)(i + size + *(int32_t *)&text[i + 1]))
229 goto is_ret;
230
231 /* 8-bit displacement jmp outside of the function */
232 if (size == 2 && text[i] == DT_JMP8 && symp->st_size <=
233 (uintptr_t)(i + size + *(int8_t *)&text[i + 1]))
234 goto is_ret;
235
236 /* 32-bit disp. conditional jmp outside of the func. */
237 if (size == 6 && DT_ISJ32(*(uint16_t *)&text[i]) &&
238 symp->st_size <=
239 (uintptr_t)(i + size + *(int32_t *)&text[i + 2]))
240 goto is_ret;
241
242 /* 8-bit disp. conditional jmp outside of the func. */
243 if (size == 2 && DT_ISJ8(text[i]) && symp->st_size <=
244 (uintptr_t)(i + size + *(int8_t *)&text[i + 1]))
245 goto is_ret;
246
247 continue;
248 is_ret:
249 dt_dprintf("return at offset %lx\n", i);
250 ftp->ftps_offs[ftp->ftps_noffs++] = i;
251 }
252 }
253
254 free(text);
255 if (ftp->ftps_noffs > 0) {
256 if (ioctl(dtp->dt_ftfd, FASTTRAPIOC_MAKEPROBE, ftp) != 0) {
257 dt_dprintf("fasttrap probe creation ioctl failed: %s\n",
258 strerror(errno));
259 return (dt_set_errno(dtp, errno));
260 }
261 }
262
263 return (ftp->ftps_noffs);
264 }
265
266 /*ARGSUSED*/
267 int
268 dt_pid_create_offset_probe(struct ps_prochandle *P, dtrace_hdl_t *dtp,
269 fasttrap_probe_spec_t *ftp, const GElf_Sym *symp, ulong_t off)
270 {
271 ftp->ftps_type = DTFTP_OFFSETS;
272 ftp->ftps_pc = (uintptr_t)symp->st_value;
273 ftp->ftps_size = (size_t)symp->st_size;
274 ftp->ftps_noffs = 1;
275
276 if (strcmp("-", ftp->ftps_func) == 0) {
277 ftp->ftps_offs[0] = off;
278 } else {
279 uint8_t *text;
280 ulong_t i;
281 int size;
282 pid_t pid = Pstatus(P)->pr_pid;
283 char dmodel = Pstatus(P)->pr_dmodel;
284
285 if ((text = malloc(symp->st_size)) == NULL) {
286 dt_dprintf("mr sparkle: malloc() failed\n");
287 return (DT_PROC_ERR);
288 }
289
290 if (Pread(P, text, symp->st_size, symp->st_value) !=
291 symp->st_size) {
292 dt_dprintf("mr sparkle: Pread() failed\n");
293 free(text);
294 return (DT_PROC_ERR);
295 }
296
297 /*
298 * We can't instrument offsets in functions with jump tables
299 * as we might interpret a jump table offset as an
300 * instruction.
301 */
302 if (dt_pid_has_jump_table(P, dtp, text, ftp, symp)) {
303 free(text);
304 return (0);
305 }
306
307 for (i = 0; i < symp->st_size; i += size) {
308 if (i == off) {
309 ftp->ftps_offs[0] = i;
310 break;
311 }
312
313 /*
314 * If we've passed the desired offset without a
315 * match, then the given offset must not lie on a
316 * instruction boundary.
317 */
318 if (i > off) {
319 free(text);
320 return (DT_PROC_ALIGN);
321 }
322
323 size = dt_instr_size(&text[i], dtp, pid,
324 symp->st_value + i, dmodel);
325
326 /*
327 * If we hit an invalid instruction, bail as if we
328 * couldn't find the offset.
329 */
330 if (size <= 0) {
331 free(text);
332 return (DT_PROC_ALIGN);
333 }
334 }
335
336 free(text);
337 }
338
339 if (ioctl(dtp->dt_ftfd, FASTTRAPIOC_MAKEPROBE, ftp) != 0) {
340 dt_dprintf("fasttrap probe creation ioctl failed: %s\n",
341 strerror(errno));
342 return (dt_set_errno(dtp, errno));
343 }
344
345 return (ftp->ftps_noffs);
346 }
347
348 /*ARGSUSED*/
349 int
350 dt_pid_create_glob_offset_probes(struct ps_prochandle *P, dtrace_hdl_t *dtp,
351 fasttrap_probe_spec_t *ftp, const GElf_Sym *symp, const char *pattern)
352 {
353 uint8_t *text;
354 int size;
355 ulong_t i, end = symp->st_size;
356 pid_t pid = Pstatus(P)->pr_pid;
357 char dmodel = Pstatus(P)->pr_dmodel;
358
359 ftp->ftps_type = DTFTP_OFFSETS;
360 ftp->ftps_pc = (uintptr_t)symp->st_value;
361 ftp->ftps_size = (size_t)symp->st_size;
362 ftp->ftps_noffs = 0;
363
364 if ((text = malloc(symp->st_size)) == NULL) {
365 dt_dprintf("mr sparkle: malloc() failed\n");
366 return (DT_PROC_ERR);
367 }
368
369 if (Pread(P, text, symp->st_size, symp->st_value) != symp->st_size) {
370 dt_dprintf("mr sparkle: Pread() failed\n");
371 free(text);
372 return (DT_PROC_ERR);
373 }
374
375 /*
376 * We can't instrument offsets in functions with jump tables as
377 * we might interpret a jump table offset as an instruction.
378 */
379 if (dt_pid_has_jump_table(P, dtp, text, ftp, symp)) {
380 free(text);
381 return (0);
382 }
383
384 if (strcmp("*", pattern) == 0) {
385 for (i = 0; i < end; i += size) {
386 ftp->ftps_offs[ftp->ftps_noffs++] = i;
387
388 size = dt_instr_size(&text[i], dtp, pid,
389 symp->st_value + i, dmodel);
390
391 /* bail if we hit an invalid opcode */
392 if (size <= 0)
393 break;
394 }
395 } else {
396 char name[sizeof (i) * 2 + 1];
397
398 for (i = 0; i < end; i += size) {
399 (void) snprintf(name, sizeof (name), "%x", i);
400 if (gmatch(name, pattern))
401 ftp->ftps_offs[ftp->ftps_noffs++] = i;
402
403 size = dt_instr_size(&text[i], dtp, pid,
404 symp->st_value + i, dmodel);
405
406 /* bail if we hit an invalid opcode */
407 if (size <= 0)
408 break;
409 }
410 }
411
412 free(text);
413 if (ftp->ftps_noffs > 0) {
414 if (ioctl(dtp->dt_ftfd, FASTTRAPIOC_MAKEPROBE, ftp) != 0) {
415 dt_dprintf("fasttrap probe creation ioctl failed: %s\n",
416 strerror(errno));
417 return (dt_set_errno(dtp, errno));
418 }
419 }
420
421 return (ftp->ftps_noffs);
422 }
423
424 typedef struct dtrace_dis {
425 uchar_t *instr;
426 dtrace_hdl_t *dtp;
427 pid_t pid;
428 uintptr_t addr;
429 } dtrace_dis_t;
430
431 static int
432 dt_getbyte(void *data)
433 {
434 dtrace_dis_t *dis = data;
435 int ret = *dis->instr;
436
437 if (ret == FASTTRAP_INSTR) {
438 fasttrap_instr_query_t instr;
439
440 instr.ftiq_pid = dis->pid;
441 instr.ftiq_pc = dis->addr;
442
443 /*
444 * If we hit a byte that looks like the fasttrap provider's
445 * trap instruction (which doubles as the breakpoint
446 * instruction for debuggers) we need to query the kernel
447 * for the real value. This may just be part of an immediate
448 * value so there's no need to return an error if the
449 * kernel doesn't know about this address.
450 */
451 if (ioctl(dis->dtp->dt_ftfd, FASTTRAPIOC_GETINSTR, &instr) == 0)
452 ret = instr.ftiq_instr;
453 }
454
455 dis->addr++;
456 dis->instr++;
457
458 return (ret);
459 }
460
461 static int
462 dt_instr_size(uchar_t *instr, dtrace_hdl_t *dtp, pid_t pid, uintptr_t addr,
463 char dmodel)
464 {
465 dtrace_dis_t data;
466 dis86_t x86dis;
467 uint_t cpu_mode;
468
469 data.instr = instr;
470 data.dtp = dtp;
471 data.pid = pid;
472 data.addr = addr;
473
474 x86dis.d86_data = &data;
475 x86dis.d86_get_byte = dt_getbyte;
476 x86dis.d86_check_func = NULL;
477
478 cpu_mode = (dmodel == PR_MODEL_ILP32) ? SIZE32 : SIZE64;
479
480 if (dtrace_disx86(&x86dis, cpu_mode) != 0)
481 return (-1);
482
483 /*
484 * If the instruction was a single-byte breakpoint, there may be
485 * another debugger attached to this process. The original instruction
486 * can't be recovered so this must fail.
487 */
488 if (x86dis.d86_len == 1 &&
489 (uchar_t)x86dis.d86_bytes[0] == FASTTRAP_INSTR)
490 return (-1);
491
492 return (x86dis.d86_len);
493 }
unleashed repo fork