s390/kprobes: Avoid additional kprobe in kretprobe handling

So far, s390 registered a krobe on __kretprobe_trampoline which is
called everytime a kretprobe fires. This kprobe would then determine
the correct return address and adjust the psw accordingly, such that
the kretprobe would branch to the appropriate address after completion.

Some other archs handle kretprobes without such an additional kprobe.
This approach is adopted to s390 with this patch.
Furthermore, the __kretprobe_trampoline now uses an assembler function
to correctly gather the register and psw content to be passed to the
registered kretprobe handler as struct pt_regs. After completion, the
register content and the psw are set based on the contents of said
pt_regs struct.
Note that a change to the psw address in struct pt_regs will not have
an impact, as the probe will still return to the original return
address of the probed function.
The return address is now recovered by using the appropriate function
arch_kretprobe_fixup_return.

The no longer needed kprobe is removed.

Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Tobias Huschle <huschle@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

Author: tobias-huschle

arch/s390/include/asm/kprobes.h

@@ -71,6 +71,7 @@ struct kprobe_ctlblk {
 
 void arch_remove_kprobe(struct kprobe *p);
 void __kretprobe_trampoline(void);
+void trampoline_probe_handler(struct pt_regs *regs);
 
 int kprobe_fault_handler(struct pt_regs *regs, int trapnr);
 int kprobe_exceptions_notify(struct notifier_block *self,

arch/s390/kernel/Makefile

@@ -57,7 +57,9 @@ obj-$(CONFIG_COMPAT)		+= $(compat-obj-y)
 obj-$(CONFIG_EARLY_PRINTK)	+= early_printk.o
 obj-$(CONFIG_KPROBES)		+= kprobes.o
 obj-$(CONFIG_KPROBES)		+= kprobes_insn_page.o
-obj-$(CONFIG_FUNCTION_TRACER)	+= mcount.o ftrace.o
+obj-$(CONFIG_KPROBES)		+= mcount.o
+obj-$(CONFIG_FUNCTION_TRACER)	+= ftrace.o
+obj-$(CONFIG_FUNCTION_TRACER)	+= mcount.o
 obj-$(CONFIG_CRASH_DUMP)	+= crash_dump.o
 obj-$(CONFIG_UPROBES)		+= uprobes.o
 obj-$(CONFIG_JUMP_LABEL)	+= jump_label.o

arch/s390/kernel/kprobes.c

@@ -372,33 +372,26 @@ static int kprobe_handler(struct pt_regs *regs)
 }
 NOKPROBE_SYMBOL(kprobe_handler);
 
-/*
- * Function return probe trampoline:
- *	- init_kprobes() establishes a probepoint here
- *	- When the probed function returns, this probe
- *		causes the handlers to fire
- */
-static void __used kretprobe_trampoline_holder(void)
+void arch_kretprobe_fixup_return(struct pt_regs *regs,
+				 kprobe_opcode_t *correct_ret_addr)
 {
-	asm volatile(".global __kretprobe_trampoline\n"
-		     "__kretprobe_trampoline: bcr 0,0\n");
+	/* Replace fake return address with real one. */
+	regs->gprs[14] = (unsigned long)correct_ret_addr;
 }
+NOKPROBE_SYMBOL(arch_kretprobe_fixup_return);
 
 /*
- * Called when the probe at kretprobe trampoline is hit
+ * Called from __kretprobe_trampoline
  */
-static int trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
+void trampoline_probe_handler(struct pt_regs *regs)
 {
-	regs->psw.addr = __kretprobe_trampoline_handler(regs, NULL);
-	/*
-	 * By returning a non-zero value, we are telling
-	 * kprobe_handler() that we don't want the post_handler
-	 * to run (and have re-enabled preemption)
-	 */
-	return 1;
+	kretprobe_trampoline_handler(regs, NULL);
 }
 NOKPROBE_SYMBOL(trampoline_probe_handler);
 
+/* assembler function that handles the kretprobes must not be probed itself */
+NOKPROBE_SYMBOL(__kretprobe_trampoline);
+
 /*
  * Called after single-stepping.  p->addr is the address of the
  * instruction whose first byte has been replaced by the "breakpoint"
@@ -551,18 +544,13 @@ int kprobe_exceptions_notify(struct notifier_block *self,
 }
 NOKPROBE_SYMBOL(kprobe_exceptions_notify);
 
-static struct kprobe trampoline = {
-	.addr = (kprobe_opcode_t *) &__kretprobe_trampoline,
-	.pre_handler = trampoline_probe_handler
-};
-
 int __init arch_init_kprobes(void)
 {
-	return register_kprobe(&trampoline);
+	return 0;
 }
 
 int arch_trampoline_kprobe(struct kprobe *p)
 {
-	return p->addr == (kprobe_opcode_t *) &__kretprobe_trampoline;
+	return 0;
 }
 NOKPROBE_SYMBOL(arch_trampoline_kprobe);

arch/s390/kernel/mcount.S

@@ -11,14 +11,6 @@
 #include <asm/ptrace.h>
 #include <asm/export.h>
 
-	GEN_BR_THUNK %r1
-	GEN_BR_THUNK %r14
-
-	.section .kprobes.text, "ax"
-
-ENTRY(ftrace_stub)
-	BR_EX	%r14
-ENDPROC(ftrace_stub)
 
 #define STACK_FRAME_SIZE	(STACK_FRAME_OVERHEAD + __PT_SIZE)
 #define STACK_PTREGS		(STACK_FRAME_OVERHEAD)
@@ -29,6 +21,17 @@ ENDPROC(ftrace_stub)
 /* packed stack: allocate just enough for r14, r15 and backchain */
 #define TRACED_FUNC_FRAME_SIZE	24
 
+#ifdef CONFIG_FUNCTION_TRACER
+
+	GEN_BR_THUNK %r1
+	GEN_BR_THUNK %r14
+
+	.section .kprobes.text, "ax"
+
+ENTRY(ftrace_stub)
+	BR_EX	%r14
+ENDPROC(ftrace_stub)
+
 	.macro	ftrace_regs_entry, allregs=0
 	stg	%r14,(__SF_GPRS+8*8)(%r15)	# save traced function caller
 
@@ -130,3 +133,35 @@ SYM_FUNC_START(return_to_handler)
 SYM_FUNC_END(return_to_handler)
 
 #endif
+#endif /* CONFIG_FUNCTION_TRACER */
+
+#ifdef CONFIG_KPROBES
+
+SYM_FUNC_START(__kretprobe_trampoline)
+
+	stg	%r14,(__SF_GPRS+8*8)(%r15)
+	lay	%r15,-STACK_FRAME_SIZE(%r15)
+	stmg	%r0,%r14,STACK_PTREGS_GPRS(%r15)
+
+	# store original stack pointer in backchain and pt_regs
+	lay	%r7,STACK_FRAME_SIZE(%r15)
+	stg	%r7,__SF_BACKCHAIN(%r15)
+	stg	%r7,STACK_PTREGS_GPRS+(15*8)(%r15)
+
+	# store full psw
+	epsw	%r2,%r3
+	risbg	%r3,%r2,0,31,32
+	stg	%r3,STACK_PTREGS_PSW(%r15)
+	larl	%r1,__kretprobe_trampoline
+	stg	%r1,STACK_PTREGS_PSW+8(%r15)
+
+	lay	%r2,STACK_PTREGS(%r15)
+	brasl	%r14,trampoline_probe_handler
+
+	mvc	__SF_EMPTY(16,%r7),STACK_PTREGS_PSW(%r15)
+	lmg	%r0,%r15,STACK_PTREGS_GPRS(%r15)
+	lpswe	__SF_EMPTY(%r15)
+
+SYM_FUNC_END(__kretprobe_trampoline)
+
+#endif /* CONFIG_KPROBES */