2 * arch/arm/kernel/kprobes-decode.c
4 * Copyright (C) 2006, 2007 Motorola Inc.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * General Public License for more details.
17 * We do not have hardware single-stepping on ARM, This
18 * effort is further complicated by the ARM not having a
19 * "next PC" register. Instructions that change the PC
20 * can't be safely single-stepped in a MP environment, so
21 * we have a lot of work to do:
23 * In the prepare phase:
24 * *) If it is an instruction that does anything
25 * with the CPU mode, we reject it for a kprobe.
26 * (This is out of laziness rather than need. The
27 * instructions could be simulated.)
29 * *) Otherwise, decode the instruction rewriting its
30 * registers to take fixed, ordered registers and
31 * setting a handler for it to run the instruction.
33 * In the execution phase by an instruction's handler:
35 * *) If the PC is written to by the instruction, the
36 * instruction must be fully simulated in software.
37 * If it is a conditional instruction, the handler
38 * will use insn[0] to copy its condition code to
39 * set r0 to 1 and insn[1] to "mov pc, lr" to return.
41 * *) Otherwise, a modified form of the instruction is
42 * directly executed. Its handler calls the
43 * instruction in insn[0]. In insn[1] is a
44 * "mov pc, lr" to return.
46 * Before calling, load up the reordered registers
47 * from the original instruction's registers. If one
48 * of the original input registers is the PC, compute
49 * and adjust the appropriate input register.
51 * After call completes, copy the output registers to
52 * the original instruction's original registers.
54 * We don't use a real breakpoint instruction since that
55 * would have us in the kernel go from SVC mode to SVC
56 * mode losing the link register. Instead we use an
57 * undefined instruction. To simplify processing, the
58 * undefined instruction used for kprobes must be reserved
59 * exclusively for kprobes use.
61 * TODO: ifdef out some instruction decoding based on architecture.
64 #include <linux/kernel.h>
65 #include <linux/kprobes.h>
67 #define sign_extend(x, signbit) ((x) | (0 - ((x) & (1 << (signbit)))))
69 #define branch_displacement(insn) sign_extend(((insn) & 0xffffff) << 2, 25)
71 #define is_r15(insn, bitpos) (((insn) & (0xf << bitpos)) == (0xf << bitpos))
74 * Test if load/store instructions writeback the address register.
75 * if P (bit 24) == 0 or W (bit 21) == 1
77 #define is_writeback(insn) ((insn ^ 0x01000000) & 0x01200000)
79 #define PSR_fs (PSR_f|PSR_s)
81 #define KPROBE_RETURN_INSTRUCTION 0xe1a0f00e /* mov pc, lr */
83 typedef long (insn_0arg_fn_t)(void);
84 typedef long (insn_1arg_fn_t)(long);
85 typedef long (insn_2arg_fn_t)(long, long);
86 typedef long (insn_3arg_fn_t)(long, long, long);
87 typedef long (insn_4arg_fn_t)(long, long, long, long);
88 typedef long long (insn_llret_0arg_fn_t)(void);
89 typedef long long (insn_llret_3arg_fn_t)(long, long, long);
90 typedef long long (insn_llret_4arg_fn_t)(long, long, long, long);
94 #ifdef __LITTLE_ENDIAN
95 struct { long r0, r1; };
97 struct { long r1, r0; };
102 * For STR and STM instructions, an ARM core may choose to use either
103 * a +8 or a +12 displacement from the current instruction's address.
104 * Whichever value is chosen for a given core, it must be the same for
105 * both instructions and may not change. This function measures it.
108 static int str_pc_offset;
110 static void __init find_str_pc_offset(void)
112 int addr, scratch, ret;
115 "sub %[ret], pc, #4 \n\t"
116 "str pc, %[addr] \n\t"
117 "ldr %[scr], %[addr] \n\t"
118 "sub %[ret], %[scr], %[ret] \n\t"
119 : [ret] "=r" (ret), [scr] "=r" (scratch), [addr] "+m" (addr));
125 * The insnslot_?arg_r[w]flags() functions below are to keep the
126 * msr -> *fn -> mrs instruction sequences indivisible so that
127 * the state of the CPSR flags aren't inadvertently modified
128 * just before or just after the call.
131 static inline long __kprobes
132 insnslot_0arg_rflags(long cpsr, insn_0arg_fn_t *fn)
134 register long ret asm("r0");
136 __asm__ __volatile__ (
137 "msr cpsr_fs, %[cpsr] \n\t"
141 : [cpsr] "r" (cpsr), [fn] "r" (fn)
147 static inline long long __kprobes
148 insnslot_llret_0arg_rflags(long cpsr, insn_llret_0arg_fn_t *fn)
150 register long ret0 asm("r0");
151 register long ret1 asm("r1");
154 __asm__ __volatile__ (
155 "msr cpsr_fs, %[cpsr] \n\t"
158 : "=r" (ret0), "=r" (ret1)
159 : [cpsr] "r" (cpsr), [fn] "r" (fn)
167 static inline long __kprobes
168 insnslot_1arg_rflags(long r0, long cpsr, insn_1arg_fn_t *fn)
170 register long rr0 asm("r0") = r0;
171 register long ret asm("r0");
173 __asm__ __volatile__ (
174 "msr cpsr_fs, %[cpsr] \n\t"
178 : "0" (rr0), [cpsr] "r" (cpsr), [fn] "r" (fn)
184 static inline long __kprobes
185 insnslot_2arg_rflags(long r0, long r1, long cpsr, insn_2arg_fn_t *fn)
187 register long rr0 asm("r0") = r0;
188 register long rr1 asm("r1") = r1;
189 register long ret asm("r0");
191 __asm__ __volatile__ (
192 "msr cpsr_fs, %[cpsr] \n\t"
196 : "0" (rr0), "r" (rr1),
197 [cpsr] "r" (cpsr), [fn] "r" (fn)
203 static inline long __kprobes
204 insnslot_3arg_rflags(long r0, long r1, long r2, long cpsr, insn_3arg_fn_t *fn)
206 register long rr0 asm("r0") = r0;
207 register long rr1 asm("r1") = r1;
208 register long rr2 asm("r2") = r2;
209 register long ret asm("r0");
211 __asm__ __volatile__ (
212 "msr cpsr_fs, %[cpsr] \n\t"
216 : "0" (rr0), "r" (rr1), "r" (rr2),
217 [cpsr] "r" (cpsr), [fn] "r" (fn)
223 static inline long long __kprobes
224 insnslot_llret_3arg_rflags(long r0, long r1, long r2, long cpsr,
225 insn_llret_3arg_fn_t *fn)
227 register long rr0 asm("r0") = r0;
228 register long rr1 asm("r1") = r1;
229 register long rr2 asm("r2") = r2;
230 register long ret0 asm("r0");
231 register long ret1 asm("r1");
234 __asm__ __volatile__ (
235 "msr cpsr_fs, %[cpsr] \n\t"
238 : "=r" (ret0), "=r" (ret1)
239 : "0" (rr0), "r" (rr1), "r" (rr2),
240 [cpsr] "r" (cpsr), [fn] "r" (fn)
248 static inline long __kprobes
249 insnslot_4arg_rflags(long r0, long r1, long r2, long r3, long cpsr,
252 register long rr0 asm("r0") = r0;
253 register long rr1 asm("r1") = r1;
254 register long rr2 asm("r2") = r2;
255 register long rr3 asm("r3") = r3;
256 register long ret asm("r0");
258 __asm__ __volatile__ (
259 "msr cpsr_fs, %[cpsr] \n\t"
263 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
264 [cpsr] "r" (cpsr), [fn] "r" (fn)
270 static inline long __kprobes
271 insnslot_1arg_rwflags(long r0, long *cpsr, insn_1arg_fn_t *fn)
273 register long rr0 asm("r0") = r0;
274 register long ret asm("r0");
275 long oldcpsr = *cpsr;
278 __asm__ __volatile__ (
279 "msr cpsr_fs, %[oldcpsr] \n\t"
282 "mrs %[newcpsr], cpsr \n\t"
283 : "=r" (ret), [newcpsr] "=r" (newcpsr)
284 : "0" (rr0), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
287 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
291 static inline long __kprobes
292 insnslot_2arg_rwflags(long r0, long r1, long *cpsr, insn_2arg_fn_t *fn)
294 register long rr0 asm("r0") = r0;
295 register long rr1 asm("r1") = r1;
296 register long ret asm("r0");
297 long oldcpsr = *cpsr;
300 __asm__ __volatile__ (
301 "msr cpsr_fs, %[oldcpsr] \n\t"
304 "mrs %[newcpsr], cpsr \n\t"
305 : "=r" (ret), [newcpsr] "=r" (newcpsr)
306 : "0" (rr0), "r" (rr1), [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
309 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
313 static inline long __kprobes
314 insnslot_3arg_rwflags(long r0, long r1, long r2, long *cpsr,
317 register long rr0 asm("r0") = r0;
318 register long rr1 asm("r1") = r1;
319 register long rr2 asm("r2") = r2;
320 register long ret asm("r0");
321 long oldcpsr = *cpsr;
324 __asm__ __volatile__ (
325 "msr cpsr_fs, %[oldcpsr] \n\t"
328 "mrs %[newcpsr], cpsr \n\t"
329 : "=r" (ret), [newcpsr] "=r" (newcpsr)
330 : "0" (rr0), "r" (rr1), "r" (rr2),
331 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
334 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
338 static inline long __kprobes
339 insnslot_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
342 register long rr0 asm("r0") = r0;
343 register long rr1 asm("r1") = r1;
344 register long rr2 asm("r2") = r2;
345 register long rr3 asm("r3") = r3;
346 register long ret asm("r0");
347 long oldcpsr = *cpsr;
350 __asm__ __volatile__ (
351 "msr cpsr_fs, %[oldcpsr] \n\t"
354 "mrs %[newcpsr], cpsr \n\t"
355 : "=r" (ret), [newcpsr] "=r" (newcpsr)
356 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
357 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
360 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
364 static inline long long __kprobes
365 insnslot_llret_4arg_rwflags(long r0, long r1, long r2, long r3, long *cpsr,
366 insn_llret_4arg_fn_t *fn)
368 register long rr0 asm("r0") = r0;
369 register long rr1 asm("r1") = r1;
370 register long rr2 asm("r2") = r2;
371 register long rr3 asm("r3") = r3;
372 register long ret0 asm("r0");
373 register long ret1 asm("r1");
374 long oldcpsr = *cpsr;
378 __asm__ __volatile__ (
379 "msr cpsr_fs, %[oldcpsr] \n\t"
382 "mrs %[newcpsr], cpsr \n\t"
383 : "=r" (ret0), "=r" (ret1), [newcpsr] "=r" (newcpsr)
384 : "0" (rr0), "r" (rr1), "r" (rr2), "r" (rr3),
385 [oldcpsr] "r" (oldcpsr), [fn] "r" (fn)
388 *cpsr = (oldcpsr & ~PSR_fs) | (newcpsr & PSR_fs);
395 * To avoid the complications of mimicing single-stepping on a
396 * processor without a Next-PC or a single-step mode, and to
397 * avoid having to deal with the side-effects of boosting, we
398 * simulate or emulate (almost) all ARM instructions.
400 * "Simulation" is where the instruction's behavior is duplicated in
401 * C code. "Emulation" is where the original instruction is rewritten
402 * and executed, often by altering its registers.
404 * By having all behavior of the kprobe'd instruction completed before
405 * returning from the kprobe_handler(), all locks (scheduler and
406 * interrupt) can safely be released. There is no need for secondary
407 * breakpoints, no race with MP or preemptable kernels, nor having to
408 * clean up resources counts at a later time impacting overall system
409 * performance. By rewriting the instruction, only the minimum registers
410 * need to be loaded and saved back optimizing performance.
412 * Calling the insnslot_*_rwflags version of a function doesn't hurt
413 * anything even when the CPSR flags aren't updated by the
414 * instruction. It's just a little slower in return for saving
415 * a little space by not having a duplicate function that doesn't
416 * update the flags. (The same optimization can be said for
417 * instructions that do or don't perform register writeback)
418 * Also, instructions can either read the flags, only write the
419 * flags, or read and write the flags. To save combinations
420 * rather than for sheer performance, flag functions just assume
421 * read and write of flags.
424 static void __kprobes simulate_bbl(struct kprobe *p, struct pt_regs *regs)
426 kprobe_opcode_t insn = p->opcode;
427 long iaddr = (long)p->addr;
428 int disp = branch_displacement(insn);
430 if (insn & (1 << 24))
431 regs->ARM_lr = iaddr + 4;
433 regs->ARM_pc = iaddr + 8 + disp;
436 static void __kprobes simulate_blx1(struct kprobe *p, struct pt_regs *regs)
438 kprobe_opcode_t insn = p->opcode;
439 long iaddr = (long)p->addr;
440 int disp = branch_displacement(insn);
442 regs->ARM_lr = iaddr + 4;
443 regs->ARM_pc = iaddr + 8 + disp + ((insn >> 23) & 0x2);
444 regs->ARM_cpsr |= PSR_T_BIT;
447 static void __kprobes simulate_blx2bx(struct kprobe *p, struct pt_regs *regs)
449 kprobe_opcode_t insn = p->opcode;
451 long rmv = regs->uregs[rm];
454 regs->ARM_lr = (long)p->addr + 4;
456 regs->ARM_pc = rmv & ~0x1;
457 regs->ARM_cpsr &= ~PSR_T_BIT;
459 regs->ARM_cpsr |= PSR_T_BIT;
462 static void __kprobes simulate_mrs(struct kprobe *p, struct pt_regs *regs)
464 kprobe_opcode_t insn = p->opcode;
465 int rd = (insn >> 12) & 0xf;
466 unsigned long mask = 0xf8ff03df; /* Mask out execution state */
467 regs->uregs[rd] = regs->ARM_cpsr & mask;
470 static void __kprobes simulate_ldm1stm1(struct kprobe *p, struct pt_regs *regs)
472 kprobe_opcode_t insn = p->opcode;
473 int rn = (insn >> 16) & 0xf;
474 int lbit = insn & (1 << 20);
475 int wbit = insn & (1 << 21);
476 int ubit = insn & (1 << 23);
477 int pbit = insn & (1 << 24);
478 long *addr = (long *)regs->uregs[rn];
483 reg_bit_vector = insn & 0xffff;
484 while (reg_bit_vector) {
485 reg_bit_vector &= (reg_bit_vector - 1);
491 addr += (!pbit == !ubit);
493 reg_bit_vector = insn & 0xffff;
494 while (reg_bit_vector) {
495 int reg = __ffs(reg_bit_vector);
496 reg_bit_vector &= (reg_bit_vector - 1);
498 regs->uregs[reg] = *addr++;
500 *addr++ = regs->uregs[reg];
506 addr -= (!pbit == !ubit);
507 regs->uregs[rn] = (long)addr;
511 static void __kprobes simulate_stm1_pc(struct kprobe *p, struct pt_regs *regs)
513 regs->ARM_pc = (long)p->addr + str_pc_offset;
514 simulate_ldm1stm1(p, regs);
515 regs->ARM_pc = (long)p->addr + 4;
518 static void __kprobes simulate_mov_ipsp(struct kprobe *p, struct pt_regs *regs)
520 regs->uregs[12] = regs->uregs[13];
523 static void __kprobes emulate_ldrd(struct kprobe *p, struct pt_regs *regs)
525 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
526 kprobe_opcode_t insn = p->opcode;
527 long ppc = (long)p->addr + 8;
528 int rd = (insn >> 12) & 0xf;
529 int rn = (insn >> 16) & 0xf;
530 int rm = insn & 0xf; /* rm may be invalid, don't care. */
531 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
532 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
534 /* Not following the C calling convention here, so need asm(). */
535 __asm__ __volatile__ (
538 "msr cpsr_fs, %[cpsr]\n\t"
540 "mov pc, %[i_fn] \n\t"
541 "str r0, %[rn] \n\t" /* in case of writeback */
542 "str r2, %[rd0] \n\t"
543 "str r3, %[rd1] \n\t"
545 [rd0] "=m" (regs->uregs[rd]),
546 [rd1] "=m" (regs->uregs[rd+1])
548 [cpsr] "r" (regs->ARM_cpsr),
550 : "r0", "r1", "r2", "r3", "lr", "cc"
552 if (is_writeback(insn))
553 regs->uregs[rn] = rnv;
556 static void __kprobes emulate_strd(struct kprobe *p, struct pt_regs *regs)
558 insn_4arg_fn_t *i_fn = (insn_4arg_fn_t *)&p->ainsn.insn[0];
559 kprobe_opcode_t insn = p->opcode;
560 long ppc = (long)p->addr + 8;
561 int rd = (insn >> 12) & 0xf;
562 int rn = (insn >> 16) & 0xf;
564 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
565 /* rm/rmv may be invalid, don't care. */
566 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
569 rnv_wb = insnslot_4arg_rflags(rnv, rmv, regs->uregs[rd],
571 regs->ARM_cpsr, i_fn);
572 if (is_writeback(insn))
573 regs->uregs[rn] = rnv_wb;
576 static void __kprobes emulate_ldr(struct kprobe *p, struct pt_regs *regs)
578 insn_llret_3arg_fn_t *i_fn = (insn_llret_3arg_fn_t *)&p->ainsn.insn[0];
579 kprobe_opcode_t insn = p->opcode;
580 long ppc = (long)p->addr + 8;
582 int rd = (insn >> 12) & 0xf;
583 int rn = (insn >> 16) & 0xf;
586 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
587 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
588 long cpsr = regs->ARM_cpsr;
590 fnr.dr = insnslot_llret_3arg_rflags(rnv, 0, rmv, cpsr, i_fn);
592 regs->uregs[rn] = fnr.r0; /* Save Rn in case of writeback. */
596 #if __LINUX_ARM_ARCH__ >= 5
600 regs->ARM_cpsr = cpsr;
606 regs->uregs[rd] = rdv;
609 static void __kprobes emulate_str(struct kprobe *p, struct pt_regs *regs)
611 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
612 kprobe_opcode_t insn = p->opcode;
613 long iaddr = (long)p->addr;
614 int rd = (insn >> 12) & 0xf;
615 int rn = (insn >> 16) & 0xf;
617 long rdv = (rd == 15) ? iaddr + str_pc_offset : regs->uregs[rd];
618 long rnv = (rn == 15) ? iaddr + 8 : regs->uregs[rn];
619 long rmv = regs->uregs[rm]; /* rm/rmv may be invalid, don't care. */
622 rnv_wb = insnslot_3arg_rflags(rnv, rdv, rmv, regs->ARM_cpsr, i_fn);
624 regs->uregs[rn] = rnv_wb; /* Save Rn in case of writeback. */
627 static void __kprobes emulate_sat(struct kprobe *p, struct pt_regs *regs)
629 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
630 kprobe_opcode_t insn = p->opcode;
631 int rd = (insn >> 12) & 0xf;
633 long rmv = regs->uregs[rm];
636 regs->uregs[rd] = insnslot_1arg_rwflags(rmv, ®s->ARM_cpsr, i_fn);
639 static void __kprobes emulate_sel(struct kprobe *p, struct pt_regs *regs)
641 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
642 kprobe_opcode_t insn = p->opcode;
643 int rd = (insn >> 12) & 0xf;
644 int rn = (insn >> 16) & 0xf;
646 long rnv = regs->uregs[rn];
647 long rmv = regs->uregs[rm];
650 regs->uregs[rd] = insnslot_2arg_rflags(rnv, rmv, regs->ARM_cpsr, i_fn);
653 static void __kprobes emulate_none(struct kprobe *p, struct pt_regs *regs)
655 insn_0arg_fn_t *i_fn = (insn_0arg_fn_t *)&p->ainsn.insn[0];
657 insnslot_0arg_rflags(regs->ARM_cpsr, i_fn);
660 static void __kprobes emulate_nop(struct kprobe *p, struct pt_regs *regs)
664 static void __kprobes
665 emulate_rd12_modify(struct kprobe *p, struct pt_regs *regs)
667 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
668 kprobe_opcode_t insn = p->opcode;
669 int rd = (insn >> 12) & 0xf;
670 long rdv = regs->uregs[rd];
672 regs->uregs[rd] = insnslot_1arg_rflags(rdv, regs->ARM_cpsr, i_fn);
675 static void __kprobes
676 emulate_rd12rn0_modify(struct kprobe *p, struct pt_regs *regs)
678 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
679 kprobe_opcode_t insn = p->opcode;
680 int rd = (insn >> 12) & 0xf;
682 long rdv = regs->uregs[rd];
683 long rnv = regs->uregs[rn];
685 regs->uregs[rd] = insnslot_2arg_rflags(rdv, rnv, regs->ARM_cpsr, i_fn);
688 static void __kprobes emulate_rd12rm0(struct kprobe *p, struct pt_regs *regs)
690 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
691 kprobe_opcode_t insn = p->opcode;
692 int rd = (insn >> 12) & 0xf;
694 long rmv = regs->uregs[rm];
696 regs->uregs[rd] = insnslot_1arg_rflags(rmv, regs->ARM_cpsr, i_fn);
699 static void __kprobes
700 emulate_rd12rn16rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
702 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
703 kprobe_opcode_t insn = p->opcode;
704 int rd = (insn >> 12) & 0xf;
705 int rn = (insn >> 16) & 0xf;
707 long rnv = regs->uregs[rn];
708 long rmv = regs->uregs[rm];
711 insnslot_2arg_rwflags(rnv, rmv, ®s->ARM_cpsr, i_fn);
714 static void __kprobes
715 emulate_rd16rn12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
717 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
718 kprobe_opcode_t insn = p->opcode;
719 int rd = (insn >> 16) & 0xf;
720 int rn = (insn >> 12) & 0xf;
721 int rs = (insn >> 8) & 0xf;
723 long rnv = regs->uregs[rn];
724 long rsv = regs->uregs[rs];
725 long rmv = regs->uregs[rm];
728 insnslot_3arg_rwflags(rnv, rsv, rmv, ®s->ARM_cpsr, i_fn);
731 static void __kprobes
732 emulate_rd16rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
734 insn_2arg_fn_t *i_fn = (insn_2arg_fn_t *)&p->ainsn.insn[0];
735 kprobe_opcode_t insn = p->opcode;
736 int rd = (insn >> 16) & 0xf;
737 int rs = (insn >> 8) & 0xf;
739 long rsv = regs->uregs[rs];
740 long rmv = regs->uregs[rm];
743 insnslot_2arg_rwflags(rsv, rmv, ®s->ARM_cpsr, i_fn);
746 static void __kprobes
747 emulate_rdhi16rdlo12rs8rm0_rwflags(struct kprobe *p, struct pt_regs *regs)
749 insn_llret_4arg_fn_t *i_fn = (insn_llret_4arg_fn_t *)&p->ainsn.insn[0];
750 kprobe_opcode_t insn = p->opcode;
752 int rdhi = (insn >> 16) & 0xf;
753 int rdlo = (insn >> 12) & 0xf;
754 int rs = (insn >> 8) & 0xf;
756 long rsv = regs->uregs[rs];
757 long rmv = regs->uregs[rm];
759 fnr.dr = insnslot_llret_4arg_rwflags(regs->uregs[rdhi],
760 regs->uregs[rdlo], rsv, rmv,
761 ®s->ARM_cpsr, i_fn);
762 regs->uregs[rdhi] = fnr.r0;
763 regs->uregs[rdlo] = fnr.r1;
766 static void __kprobes
767 emulate_alu_imm_rflags(struct kprobe *p, struct pt_regs *regs)
769 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
770 kprobe_opcode_t insn = p->opcode;
771 int rd = (insn >> 12) & 0xf;
772 int rn = (insn >> 16) & 0xf;
773 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
775 regs->uregs[rd] = insnslot_1arg_rflags(rnv, regs->ARM_cpsr, i_fn);
778 static void __kprobes
779 emulate_alu_imm_rwflags(struct kprobe *p, struct pt_regs *regs)
781 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
782 kprobe_opcode_t insn = p->opcode;
783 int rd = (insn >> 12) & 0xf;
784 int rn = (insn >> 16) & 0xf;
785 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
787 regs->uregs[rd] = insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn);
790 static void __kprobes
791 emulate_alu_tests_imm(struct kprobe *p, struct pt_regs *regs)
793 insn_1arg_fn_t *i_fn = (insn_1arg_fn_t *)&p->ainsn.insn[0];
794 kprobe_opcode_t insn = p->opcode;
795 int rn = (insn >> 16) & 0xf;
796 long rnv = (rn == 15) ? (long)p->addr + 8 : regs->uregs[rn];
798 insnslot_1arg_rwflags(rnv, ®s->ARM_cpsr, i_fn);
801 static void __kprobes
802 emulate_alu_rflags(struct kprobe *p, struct pt_regs *regs)
804 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
805 kprobe_opcode_t insn = p->opcode;
806 long ppc = (long)p->addr + 8;
807 int rd = (insn >> 12) & 0xf;
808 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */
809 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */
811 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
812 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
813 long rsv = regs->uregs[rs];
816 insnslot_3arg_rflags(rnv, rmv, rsv, regs->ARM_cpsr, i_fn);
819 static void __kprobes
820 emulate_alu_rwflags(struct kprobe *p, struct pt_regs *regs)
822 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
823 kprobe_opcode_t insn = p->opcode;
824 long ppc = (long)p->addr + 8;
825 int rd = (insn >> 12) & 0xf;
826 int rn = (insn >> 16) & 0xf; /* rn/rnv/rs/rsv may be */
827 int rs = (insn >> 8) & 0xf; /* invalid, don't care. */
829 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
830 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
831 long rsv = regs->uregs[rs];
834 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn);
837 static void __kprobes
838 emulate_alu_tests(struct kprobe *p, struct pt_regs *regs)
840 insn_3arg_fn_t *i_fn = (insn_3arg_fn_t *)&p->ainsn.insn[0];
841 kprobe_opcode_t insn = p->opcode;
842 long ppc = (long)p->addr + 8;
843 int rn = (insn >> 16) & 0xf;
844 int rs = (insn >> 8) & 0xf; /* rs/rsv may be invalid, don't care. */
846 long rnv = (rn == 15) ? ppc : regs->uregs[rn];
847 long rmv = (rm == 15) ? ppc : regs->uregs[rm];
848 long rsv = regs->uregs[rs];
850 insnslot_3arg_rwflags(rnv, rmv, rsv, ®s->ARM_cpsr, i_fn);
853 static enum kprobe_insn __kprobes
854 prep_emulate_ldr_str(kprobe_opcode_t insn, struct arch_specific_insn *asi)
856 int not_imm = (insn & (1 << 26)) ? (insn & (1 << 25))
857 : (~insn & (1 << 22));
859 if (is_writeback(insn) && is_r15(insn, 16))
860 return INSN_REJECTED; /* Writeback to PC */
863 insn |= 0x00001000; /* Rn = r0, Rd = r1 */
866 insn |= 2; /* Rm = r2 */
869 asi->insn_handler = (insn & (1 << 20)) ? emulate_ldr : emulate_str;
873 static enum kprobe_insn __kprobes
874 prep_emulate_rd12_modify(kprobe_opcode_t insn, struct arch_specific_insn *asi)
876 if (is_r15(insn, 12))
877 return INSN_REJECTED; /* Rd is PC */
879 insn &= 0xffff0fff; /* Rd = r0 */
881 asi->insn_handler = emulate_rd12_modify;
885 static enum kprobe_insn __kprobes
886 prep_emulate_rd12rn0_modify(kprobe_opcode_t insn,
887 struct arch_specific_insn *asi)
889 if (is_r15(insn, 12))
890 return INSN_REJECTED; /* Rd is PC */
892 insn &= 0xffff0ff0; /* Rd = r0 */
893 insn |= 0x00000001; /* Rn = r1 */
895 asi->insn_handler = emulate_rd12rn0_modify;
899 static enum kprobe_insn __kprobes
900 prep_emulate_rd12rm0(kprobe_opcode_t insn, struct arch_specific_insn *asi)
902 if (is_r15(insn, 12))
903 return INSN_REJECTED; /* Rd is PC */
905 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
907 asi->insn_handler = emulate_rd12rm0;
911 static enum kprobe_insn __kprobes
912 prep_emulate_rd12rn16rm0_wflags(kprobe_opcode_t insn,
913 struct arch_specific_insn *asi)
915 if (is_r15(insn, 12))
916 return INSN_REJECTED; /* Rd is PC */
918 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
919 insn |= 0x00000001; /* Rm = r1 */
921 asi->insn_handler = emulate_rd12rn16rm0_rwflags;
925 static enum kprobe_insn __kprobes
926 prep_emulate_rd16rs8rm0_wflags(kprobe_opcode_t insn,
927 struct arch_specific_insn *asi)
929 if (is_r15(insn, 16))
930 return INSN_REJECTED; /* Rd is PC */
932 insn &= 0xfff0f0f0; /* Rd = r0, Rs = r0 */
933 insn |= 0x00000001; /* Rm = r1 */
935 asi->insn_handler = emulate_rd16rs8rm0_rwflags;
939 static enum kprobe_insn __kprobes
940 prep_emulate_rd16rn12rs8rm0_wflags(kprobe_opcode_t insn,
941 struct arch_specific_insn *asi)
943 if (is_r15(insn, 16))
944 return INSN_REJECTED; /* Rd is PC */
946 insn &= 0xfff000f0; /* Rd = r0, Rn = r0 */
947 insn |= 0x00000102; /* Rs = r1, Rm = r2 */
949 asi->insn_handler = emulate_rd16rn12rs8rm0_rwflags;
953 static enum kprobe_insn __kprobes
954 prep_emulate_rdhi16rdlo12rs8rm0_wflags(kprobe_opcode_t insn,
955 struct arch_specific_insn *asi)
957 if (is_r15(insn, 16) || is_r15(insn, 12))
958 return INSN_REJECTED; /* RdHi or RdLo is PC */
960 insn &= 0xfff000f0; /* RdHi = r0, RdLo = r1 */
961 insn |= 0x00001203; /* Rs = r2, Rm = r3 */
963 asi->insn_handler = emulate_rdhi16rdlo12rs8rm0_rwflags;
968 * For the instruction masking and comparisons in all the "space_*"
969 * functions below, Do _not_ rearrange the order of tests unless
970 * you're very, very sure of what you are doing. For the sake of
971 * efficiency, the masks for some tests sometimes assume other test
972 * have been done prior to them so the number of patterns to test
973 * for an instruction set can be as broad as possible to reduce the
974 * number of tests needed.
977 static enum kprobe_insn __kprobes
978 space_1111(kprobe_opcode_t insn, struct arch_specific_insn *asi)
980 /* memory hint : 1111 0100 x001 xxxx xxxx xxxx xxxx xxxx : */
981 /* PLDI : 1111 0100 x101 xxxx xxxx xxxx xxxx xxxx : */
982 /* PLDW : 1111 0101 x001 xxxx xxxx xxxx xxxx xxxx : */
983 /* PLD : 1111 0101 x101 xxxx xxxx xxxx xxxx xxxx : */
984 if ((insn & 0xfe300000) == 0xf4100000) {
985 asi->insn_handler = emulate_nop;
986 return INSN_GOOD_NO_SLOT;
989 /* BLX(1) : 1111 101x xxxx xxxx xxxx xxxx xxxx xxxx : */
990 if ((insn & 0xfe000000) == 0xfa000000) {
991 asi->insn_handler = simulate_blx1;
992 return INSN_GOOD_NO_SLOT;
995 /* CPS : 1111 0001 0000 xxx0 xxxx xxxx xx0x xxxx */
996 /* SETEND: 1111 0001 0000 0001 xxxx xxxx 0000 xxxx */
998 /* SRS : 1111 100x x1x0 xxxx xxxx xxxx xxxx xxxx */
999 /* RFE : 1111 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
1001 /* Coprocessor instructions... */
1002 /* MCRR2 : 1111 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd != Rn) */
1003 /* MRRC2 : 1111 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd != Rn) */
1004 /* LDC2 : 1111 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
1005 /* STC2 : 1111 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1006 /* CDP2 : 1111 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
1007 /* MCR2 : 1111 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1008 /* MRC2 : 1111 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1010 return INSN_REJECTED;
1013 static enum kprobe_insn __kprobes
1014 space_cccc_000x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1016 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx xxx0 xxxx */
1017 if ((insn & 0x0f900010) == 0x01000000) {
1019 /* MRS cpsr : cccc 0001 0000 xxxx xxxx xxxx 0000 xxxx */
1020 if ((insn & 0x0ff000f0) == 0x01000000) {
1021 if (is_r15(insn, 12))
1022 return INSN_REJECTED; /* Rd is PC */
1023 asi->insn_handler = simulate_mrs;
1024 return INSN_GOOD_NO_SLOT;
1027 /* SMLALxy : cccc 0001 0100 xxxx xxxx xxxx 1xx0 xxxx */
1028 if ((insn & 0x0ff00090) == 0x01400080)
1029 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi);
1031 /* SMULWy : cccc 0001 0010 xxxx xxxx xxxx 1x10 xxxx */
1032 /* SMULxy : cccc 0001 0110 xxxx xxxx xxxx 1xx0 xxxx */
1033 if ((insn & 0x0ff000b0) == 0x012000a0 ||
1034 (insn & 0x0ff00090) == 0x01600080)
1035 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1037 /* SMLAxy : cccc 0001 0000 xxxx xxxx xxxx 1xx0 xxxx : Q */
1038 /* SMLAWy : cccc 0001 0010 xxxx xxxx xxxx 1x00 xxxx : Q */
1039 if ((insn & 0x0ff00090) == 0x01000080 ||
1040 (insn & 0x0ff000b0) == 0x01200080)
1041 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1043 /* BXJ : cccc 0001 0010 xxxx xxxx xxxx 0010 xxxx */
1044 /* MSR : cccc 0001 0x10 xxxx xxxx xxxx 0000 xxxx */
1045 /* MRS spsr : cccc 0001 0100 xxxx xxxx xxxx 0000 xxxx */
1047 /* Other instruction encodings aren't yet defined */
1048 return INSN_REJECTED;
1051 /* cccc 0001 0xx0 xxxx xxxx xxxx xxxx 0xx1 xxxx */
1052 else if ((insn & 0x0f900090) == 0x01000010) {
1054 /* BLX(2) : cccc 0001 0010 xxxx xxxx xxxx 0011 xxxx */
1055 /* BX : cccc 0001 0010 xxxx xxxx xxxx 0001 xxxx */
1056 if ((insn & 0x0ff000d0) == 0x01200010) {
1057 if ((insn & 0x0ff000ff) == 0x0120003f)
1058 return INSN_REJECTED; /* BLX pc */
1059 asi->insn_handler = simulate_blx2bx;
1060 return INSN_GOOD_NO_SLOT;
1063 /* CLZ : cccc 0001 0110 xxxx xxxx xxxx 0001 xxxx */
1064 if ((insn & 0x0ff000f0) == 0x01600010)
1065 return prep_emulate_rd12rm0(insn, asi);
1067 /* QADD : cccc 0001 0000 xxxx xxxx xxxx 0101 xxxx :Q */
1068 /* QSUB : cccc 0001 0010 xxxx xxxx xxxx 0101 xxxx :Q */
1069 /* QDADD : cccc 0001 0100 xxxx xxxx xxxx 0101 xxxx :Q */
1070 /* QDSUB : cccc 0001 0110 xxxx xxxx xxxx 0101 xxxx :Q */
1071 if ((insn & 0x0f9000f0) == 0x01000050)
1072 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1074 /* BKPT : 1110 0001 0010 xxxx xxxx xxxx 0111 xxxx */
1075 /* SMC : cccc 0001 0110 xxxx xxxx xxxx 0111 xxxx */
1077 /* Other instruction encodings aren't yet defined */
1078 return INSN_REJECTED;
1081 /* cccc 0000 xxxx xxxx xxxx xxxx xxxx 1001 xxxx */
1082 else if ((insn & 0x0f0000f0) == 0x00000090) {
1084 /* MUL : cccc 0000 0000 xxxx xxxx xxxx 1001 xxxx : */
1085 /* MULS : cccc 0000 0001 xxxx xxxx xxxx 1001 xxxx :cc */
1086 /* MLA : cccc 0000 0010 xxxx xxxx xxxx 1001 xxxx : */
1087 /* MLAS : cccc 0000 0011 xxxx xxxx xxxx 1001 xxxx :cc */
1088 /* UMAAL : cccc 0000 0100 xxxx xxxx xxxx 1001 xxxx : */
1089 /* undef : cccc 0000 0101 xxxx xxxx xxxx 1001 xxxx : */
1090 /* MLS : cccc 0000 0110 xxxx xxxx xxxx 1001 xxxx : */
1091 /* undef : cccc 0000 0111 xxxx xxxx xxxx 1001 xxxx : */
1092 /* UMULL : cccc 0000 1000 xxxx xxxx xxxx 1001 xxxx : */
1093 /* UMULLS : cccc 0000 1001 xxxx xxxx xxxx 1001 xxxx :cc */
1094 /* UMLAL : cccc 0000 1010 xxxx xxxx xxxx 1001 xxxx : */
1095 /* UMLALS : cccc 0000 1011 xxxx xxxx xxxx 1001 xxxx :cc */
1096 /* SMULL : cccc 0000 1100 xxxx xxxx xxxx 1001 xxxx : */
1097 /* SMULLS : cccc 0000 1101 xxxx xxxx xxxx 1001 xxxx :cc */
1098 /* SMLAL : cccc 0000 1110 xxxx xxxx xxxx 1001 xxxx : */
1099 /* SMLALS : cccc 0000 1111 xxxx xxxx xxxx 1001 xxxx :cc */
1100 if ((insn & 0x00d00000) == 0x00500000) {
1101 return INSN_REJECTED;
1102 } else if ((insn & 0x00e00000) == 0x00000000) {
1103 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1104 } else if ((insn & 0x00a00000) == 0x00200000) {
1105 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1107 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi);
1111 /* cccc 000x xxxx xxxx xxxx xxxx xxxx 1xx1 xxxx */
1112 else if ((insn & 0x0e000090) == 0x00000090) {
1114 /* SWP : cccc 0001 0000 xxxx xxxx xxxx 1001 xxxx */
1115 /* SWPB : cccc 0001 0100 xxxx xxxx xxxx 1001 xxxx */
1116 /* ??? : cccc 0001 0x01 xxxx xxxx xxxx 1001 xxxx */
1117 /* ??? : cccc 0001 0x10 xxxx xxxx xxxx 1001 xxxx */
1118 /* ??? : cccc 0001 0x11 xxxx xxxx xxxx 1001 xxxx */
1119 /* STREX : cccc 0001 1000 xxxx xxxx xxxx 1001 xxxx */
1120 /* LDREX : cccc 0001 1001 xxxx xxxx xxxx 1001 xxxx */
1121 /* STREXD: cccc 0001 1010 xxxx xxxx xxxx 1001 xxxx */
1122 /* LDREXD: cccc 0001 1011 xxxx xxxx xxxx 1001 xxxx */
1123 /* STREXB: cccc 0001 1100 xxxx xxxx xxxx 1001 xxxx */
1124 /* LDREXB: cccc 0001 1101 xxxx xxxx xxxx 1001 xxxx */
1125 /* STREXH: cccc 0001 1110 xxxx xxxx xxxx 1001 xxxx */
1126 /* LDREXH: cccc 0001 1111 xxxx xxxx xxxx 1001 xxxx */
1128 /* LDRD : cccc 000x xxx0 xxxx xxxx xxxx 1101 xxxx */
1129 /* STRD : cccc 000x xxx0 xxxx xxxx xxxx 1111 xxxx */
1130 /* LDRH : cccc 000x xxx1 xxxx xxxx xxxx 1011 xxxx */
1131 /* STRH : cccc 000x xxx0 xxxx xxxx xxxx 1011 xxxx */
1132 /* LDRSB : cccc 000x xxx1 xxxx xxxx xxxx 1101 xxxx */
1133 /* LDRSH : cccc 000x xxx1 xxxx xxxx xxxx 1111 xxxx */
1134 if ((insn & 0x0f0000f0) == 0x01000090) {
1135 if ((insn & 0x0fb000f0) == 0x01000090) {
1137 return prep_emulate_rd12rn16rm0_wflags(insn,
1140 /* STREX/LDREX variants and unallocaed space */
1141 return INSN_REJECTED;
1144 } else if ((insn & 0x0e1000d0) == 0x00000d0) {
1146 if ((insn & 0x0000e000) == 0x0000e000)
1147 return INSN_REJECTED; /* Rd is LR or PC */
1148 if (is_writeback(insn) && is_r15(insn, 16))
1149 return INSN_REJECTED; /* Writeback to PC */
1152 insn |= 0x00002000; /* Rn = r0, Rd = r2 */
1153 if (!(insn & (1 << 22))) {
1154 /* Register index */
1156 insn |= 1; /* Rm = r1 */
1158 asi->insn[0] = insn;
1160 (insn & (1 << 5)) ? emulate_strd : emulate_ldrd;
1164 /* LDRH/STRH/LDRSB/LDRSH */
1165 if (is_r15(insn, 12))
1166 return INSN_REJECTED; /* Rd is PC */
1167 return prep_emulate_ldr_str(insn, asi);
1170 /* cccc 000x xxxx xxxx xxxx xxxx xxxx xxxx xxxx */
1173 * ALU op with S bit and Rd == 15 :
1174 * cccc 000x xxx1 xxxx 1111 xxxx xxxx xxxx
1176 if ((insn & 0x0e10f000) == 0x0010f000)
1177 return INSN_REJECTED;
1180 * "mov ip, sp" is the most common kprobe'd instruction by far.
1181 * Check and optimize for it explicitly.
1183 if (insn == 0xe1a0c00d) {
1184 asi->insn_handler = simulate_mov_ipsp;
1185 return INSN_GOOD_NO_SLOT;
1189 * Data processing: Immediate-shift / Register-shift
1190 * ALU op : cccc 000x xxxx xxxx xxxx xxxx xxxx xxxx
1191 * CPY : cccc 0001 1010 xxxx xxxx 0000 0000 xxxx
1192 * MOV : cccc 0001 101x xxxx xxxx xxxx xxxx xxxx
1193 * *S (bit 20) updates condition codes
1194 * ADC/SBC/RSC reads the C flag
1196 insn &= 0xfff00ff0; /* Rn = r0, Rd = r0 */
1197 insn |= 0x00000001; /* Rm = r1 */
1199 insn &= 0xfffff0ff; /* register shift */
1200 insn |= 0x00000200; /* Rs = r2 */
1202 asi->insn[0] = insn;
1204 if ((insn & 0x0f900000) == 0x01100000) {
1206 * TST : cccc 0001 0001 xxxx xxxx xxxx xxxx xxxx
1207 * TEQ : cccc 0001 0011 xxxx xxxx xxxx xxxx xxxx
1208 * CMP : cccc 0001 0101 xxxx xxxx xxxx xxxx xxxx
1209 * CMN : cccc 0001 0111 xxxx xxxx xxxx xxxx xxxx
1211 asi->insn_handler = emulate_alu_tests;
1213 /* ALU ops which write to Rd */
1214 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */
1215 emulate_alu_rwflags : emulate_alu_rflags;
1220 static enum kprobe_insn __kprobes
1221 space_cccc_001x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1223 /* MOVW : cccc 0011 0000 xxxx xxxx xxxx xxxx xxxx */
1224 /* MOVT : cccc 0011 0100 xxxx xxxx xxxx xxxx xxxx */
1225 if ((insn & 0x0fb00000) == 0x03000000)
1226 return prep_emulate_rd12_modify(insn, asi);
1228 /* hints : cccc 0011 0010 0000 xxxx xxxx xxxx xxxx */
1229 if ((insn & 0x0fff0000) == 0x03200000) {
1230 unsigned op2 = insn & 0x000000ff;
1231 if (op2 == 0x01 || op2 == 0x04) {
1232 /* YIELD : cccc 0011 0010 0000 xxxx xxxx 0000 0001 */
1233 /* SEV : cccc 0011 0010 0000 xxxx xxxx 0000 0100 */
1234 asi->insn[0] = insn;
1235 asi->insn_handler = emulate_none;
1237 } else if (op2 <= 0x03) {
1238 /* NOP : cccc 0011 0010 0000 xxxx xxxx 0000 0000 */
1239 /* WFE : cccc 0011 0010 0000 xxxx xxxx 0000 0010 */
1240 /* WFI : cccc 0011 0010 0000 xxxx xxxx 0000 0011 */
1242 * We make WFE and WFI true NOPs to avoid stalls due
1243 * to missing events whilst processing the probe.
1245 asi->insn_handler = emulate_nop;
1246 return INSN_GOOD_NO_SLOT;
1248 /* For DBG and unallocated hints it's safest to reject them */
1249 return INSN_REJECTED;
1253 * MSR : cccc 0011 0x10 xxxx xxxx xxxx xxxx xxxx
1254 * ALU op with S bit and Rd == 15 :
1255 * cccc 001x xxx1 xxxx 1111 xxxx xxxx xxxx
1257 if ((insn & 0x0fb00000) == 0x03200000 || /* MSR */
1258 (insn & 0x0e10f000) == 0x0210f000) /* ALU s-bit, R15 */
1259 return INSN_REJECTED;
1262 * Data processing: 32-bit Immediate
1263 * ALU op : cccc 001x xxxx xxxx xxxx xxxx xxxx xxxx
1264 * MOV : cccc 0011 101x xxxx xxxx xxxx xxxx xxxx
1265 * *S (bit 20) updates condition codes
1266 * ADC/SBC/RSC reads the C flag
1268 insn &= 0xfff00fff; /* Rn = r0 and Rd = r0 */
1269 asi->insn[0] = insn;
1271 if ((insn & 0x0f900000) == 0x03100000) {
1273 * TST : cccc 0011 0001 xxxx xxxx xxxx xxxx xxxx
1274 * TEQ : cccc 0011 0011 xxxx xxxx xxxx xxxx xxxx
1275 * CMP : cccc 0011 0101 xxxx xxxx xxxx xxxx xxxx
1276 * CMN : cccc 0011 0111 xxxx xxxx xxxx xxxx xxxx
1278 asi->insn_handler = emulate_alu_tests_imm;
1280 /* ALU ops which write to Rd */
1281 asi->insn_handler = (insn & (1 << 20)) ? /* S-bit */
1282 emulate_alu_imm_rwflags : emulate_alu_imm_rflags;
1287 static enum kprobe_insn __kprobes
1288 space_cccc_0110__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1290 /* SEL : cccc 0110 1000 xxxx xxxx xxxx 1011 xxxx GE: !!! */
1291 if ((insn & 0x0ff000f0) == 0x068000b0) {
1292 if (is_r15(insn, 12))
1293 return INSN_REJECTED; /* Rd is PC */
1294 insn &= 0xfff00ff0; /* Rd = r0, Rn = r0 */
1295 insn |= 0x00000001; /* Rm = r1 */
1296 asi->insn[0] = insn;
1297 asi->insn_handler = emulate_sel;
1301 /* SSAT : cccc 0110 101x xxxx xxxx xxxx xx01 xxxx :Q */
1302 /* USAT : cccc 0110 111x xxxx xxxx xxxx xx01 xxxx :Q */
1303 /* SSAT16 : cccc 0110 1010 xxxx xxxx xxxx 0011 xxxx :Q */
1304 /* USAT16 : cccc 0110 1110 xxxx xxxx xxxx 0011 xxxx :Q */
1305 if ((insn & 0x0fa00030) == 0x06a00010 ||
1306 (insn & 0x0fb000f0) == 0x06a00030) {
1307 if (is_r15(insn, 12))
1308 return INSN_REJECTED; /* Rd is PC */
1309 insn &= 0xffff0ff0; /* Rd = r0, Rm = r0 */
1310 asi->insn[0] = insn;
1311 asi->insn_handler = emulate_sat;
1315 /* REV : cccc 0110 1011 xxxx xxxx xxxx 0011 xxxx */
1316 /* REV16 : cccc 0110 1011 xxxx xxxx xxxx 1011 xxxx */
1317 /* RBIT : cccc 0110 1111 xxxx xxxx xxxx 0011 xxxx */
1318 /* REVSH : cccc 0110 1111 xxxx xxxx xxxx 1011 xxxx */
1319 if ((insn & 0x0ff00070) == 0x06b00030 ||
1320 (insn & 0x0ff00070) == 0x06f00030)
1321 return prep_emulate_rd12rm0(insn, asi);
1323 /* ??? : cccc 0110 0000 xxxx xxxx xxxx xxx1 xxxx : */
1324 /* SADD16 : cccc 0110 0001 xxxx xxxx xxxx 0001 xxxx :GE */
1325 /* SADDSUBX : cccc 0110 0001 xxxx xxxx xxxx 0011 xxxx :GE */
1326 /* SSUBADDX : cccc 0110 0001 xxxx xxxx xxxx 0101 xxxx :GE */
1327 /* SSUB16 : cccc 0110 0001 xxxx xxxx xxxx 0111 xxxx :GE */
1328 /* SADD8 : cccc 0110 0001 xxxx xxxx xxxx 1001 xxxx :GE */
1329 /* ??? : cccc 0110 0001 xxxx xxxx xxxx 1011 xxxx : */
1330 /* ??? : cccc 0110 0001 xxxx xxxx xxxx 1101 xxxx : */
1331 /* SSUB8 : cccc 0110 0001 xxxx xxxx xxxx 1111 xxxx :GE */
1332 /* QADD16 : cccc 0110 0010 xxxx xxxx xxxx 0001 xxxx : */
1333 /* QADDSUBX : cccc 0110 0010 xxxx xxxx xxxx 0011 xxxx : */
1334 /* QSUBADDX : cccc 0110 0010 xxxx xxxx xxxx 0101 xxxx : */
1335 /* QSUB16 : cccc 0110 0010 xxxx xxxx xxxx 0111 xxxx : */
1336 /* QADD8 : cccc 0110 0010 xxxx xxxx xxxx 1001 xxxx : */
1337 /* ??? : cccc 0110 0010 xxxx xxxx xxxx 1011 xxxx : */
1338 /* ??? : cccc 0110 0010 xxxx xxxx xxxx 1101 xxxx : */
1339 /* QSUB8 : cccc 0110 0010 xxxx xxxx xxxx 1111 xxxx : */
1340 /* SHADD16 : cccc 0110 0011 xxxx xxxx xxxx 0001 xxxx : */
1341 /* SHADDSUBX : cccc 0110 0011 xxxx xxxx xxxx 0011 xxxx : */
1342 /* SHSUBADDX : cccc 0110 0011 xxxx xxxx xxxx 0101 xxxx : */
1343 /* SHSUB16 : cccc 0110 0011 xxxx xxxx xxxx 0111 xxxx : */
1344 /* SHADD8 : cccc 0110 0011 xxxx xxxx xxxx 1001 xxxx : */
1345 /* ??? : cccc 0110 0011 xxxx xxxx xxxx 1011 xxxx : */
1346 /* ??? : cccc 0110 0011 xxxx xxxx xxxx 1101 xxxx : */
1347 /* SHSUB8 : cccc 0110 0011 xxxx xxxx xxxx 1111 xxxx : */
1348 /* ??? : cccc 0110 0100 xxxx xxxx xxxx xxx1 xxxx : */
1349 /* UADD16 : cccc 0110 0101 xxxx xxxx xxxx 0001 xxxx :GE */
1350 /* UADDSUBX : cccc 0110 0101 xxxx xxxx xxxx 0011 xxxx :GE */
1351 /* USUBADDX : cccc 0110 0101 xxxx xxxx xxxx 0101 xxxx :GE */
1352 /* USUB16 : cccc 0110 0101 xxxx xxxx xxxx 0111 xxxx :GE */
1353 /* UADD8 : cccc 0110 0101 xxxx xxxx xxxx 1001 xxxx :GE */
1354 /* ??? : cccc 0110 0101 xxxx xxxx xxxx 1011 xxxx : */
1355 /* ??? : cccc 0110 0101 xxxx xxxx xxxx 1101 xxxx : */
1356 /* USUB8 : cccc 0110 0101 xxxx xxxx xxxx 1111 xxxx :GE */
1357 /* UQADD16 : cccc 0110 0110 xxxx xxxx xxxx 0001 xxxx : */
1358 /* UQADDSUBX : cccc 0110 0110 xxxx xxxx xxxx 0011 xxxx : */
1359 /* UQSUBADDX : cccc 0110 0110 xxxx xxxx xxxx 0101 xxxx : */
1360 /* UQSUB16 : cccc 0110 0110 xxxx xxxx xxxx 0111 xxxx : */
1361 /* UQADD8 : cccc 0110 0110 xxxx xxxx xxxx 1001 xxxx : */
1362 /* ??? : cccc 0110 0110 xxxx xxxx xxxx 1011 xxxx : */
1363 /* ??? : cccc 0110 0110 xxxx xxxx xxxx 1101 xxxx : */
1364 /* UQSUB8 : cccc 0110 0110 xxxx xxxx xxxx 1111 xxxx : */
1365 /* UHADD16 : cccc 0110 0111 xxxx xxxx xxxx 0001 xxxx : */
1366 /* UHADDSUBX : cccc 0110 0111 xxxx xxxx xxxx 0011 xxxx : */
1367 /* UHSUBADDX : cccc 0110 0111 xxxx xxxx xxxx 0101 xxxx : */
1368 /* UHSUB16 : cccc 0110 0111 xxxx xxxx xxxx 0111 xxxx : */
1369 /* UHADD8 : cccc 0110 0111 xxxx xxxx xxxx 1001 xxxx : */
1370 /* ??? : cccc 0110 0111 xxxx xxxx xxxx 1011 xxxx : */
1371 /* ??? : cccc 0110 0111 xxxx xxxx xxxx 1101 xxxx : */
1372 /* UHSUB8 : cccc 0110 0111 xxxx xxxx xxxx 1111 xxxx : */
1373 if ((insn & 0x0f800010) == 0x06000010) {
1374 if ((insn & 0x00300000) == 0x00000000 ||
1375 (insn & 0x000000e0) == 0x000000a0 ||
1376 (insn & 0x000000e0) == 0x000000c0)
1377 return INSN_REJECTED; /* Unallocated space */
1378 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1381 /* PKHBT : cccc 0110 1000 xxxx xxxx xxxx x001 xxxx : */
1382 /* PKHTB : cccc 0110 1000 xxxx xxxx xxxx x101 xxxx : */
1383 if ((insn & 0x0ff00030) == 0x06800010)
1384 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1386 /* SXTAB16 : cccc 0110 1000 xxxx xxxx xxxx 0111 xxxx : */
1387 /* SXTB16 : cccc 0110 1000 1111 xxxx xxxx 0111 xxxx : */
1388 /* ??? : cccc 0110 1001 xxxx xxxx xxxx 0111 xxxx : */
1389 /* SXTAB : cccc 0110 1010 xxxx xxxx xxxx 0111 xxxx : */
1390 /* SXTB : cccc 0110 1010 1111 xxxx xxxx 0111 xxxx : */
1391 /* SXTAH : cccc 0110 1011 xxxx xxxx xxxx 0111 xxxx : */
1392 /* SXTH : cccc 0110 1011 1111 xxxx xxxx 0111 xxxx : */
1393 /* UXTAB16 : cccc 0110 1100 xxxx xxxx xxxx 0111 xxxx : */
1394 /* UXTB16 : cccc 0110 1100 1111 xxxx xxxx 0111 xxxx : */
1395 /* ??? : cccc 0110 1101 xxxx xxxx xxxx 0111 xxxx : */
1396 /* UXTAB : cccc 0110 1110 xxxx xxxx xxxx 0111 xxxx : */
1397 /* UXTB : cccc 0110 1110 1111 xxxx xxxx 0111 xxxx : */
1398 /* UXTAH : cccc 0110 1111 xxxx xxxx xxxx 0111 xxxx : */
1399 /* UXTH : cccc 0110 1111 1111 xxxx xxxx 0111 xxxx : */
1400 if ((insn & 0x0f8000f0) == 0x06800070) {
1401 if ((insn & 0x00300000) == 0x00100000)
1402 return INSN_REJECTED; /* Unallocated space */
1404 if ((insn & 0x000f0000) == 0x000f0000) {
1405 return prep_emulate_rd12rm0(insn, asi);
1407 return prep_emulate_rd12rn16rm0_wflags(insn, asi);
1411 /* Other instruction encodings aren't yet defined */
1412 return INSN_REJECTED;
1415 static enum kprobe_insn __kprobes
1416 space_cccc_0111__1(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1418 /* Undef : cccc 0111 1111 xxxx xxxx xxxx 1111 xxxx */
1419 if ((insn & 0x0ff000f0) == 0x03f000f0)
1420 return INSN_REJECTED;
1422 /* SMLALD : cccc 0111 0100 xxxx xxxx xxxx 00x1 xxxx */
1423 /* SMLSLD : cccc 0111 0100 xxxx xxxx xxxx 01x1 xxxx */
1424 if ((insn & 0x0ff00090) == 0x07400010)
1425 return prep_emulate_rdhi16rdlo12rs8rm0_wflags(insn, asi);
1427 /* SMLAD : cccc 0111 0000 xxxx xxxx xxxx 00x1 xxxx :Q */
1428 /* SMUAD : cccc 0111 0000 xxxx 1111 xxxx 00x1 xxxx :Q */
1429 /* SMLSD : cccc 0111 0000 xxxx xxxx xxxx 01x1 xxxx :Q */
1430 /* SMUSD : cccc 0111 0000 xxxx 1111 xxxx 01x1 xxxx : */
1431 /* SMMLA : cccc 0111 0101 xxxx xxxx xxxx 00x1 xxxx : */
1432 /* SMMUL : cccc 0111 0101 xxxx 1111 xxxx 00x1 xxxx : */
1433 /* USADA8 : cccc 0111 1000 xxxx xxxx xxxx 0001 xxxx : */
1434 /* USAD8 : cccc 0111 1000 xxxx 1111 xxxx 0001 xxxx : */
1435 if ((insn & 0x0ff00090) == 0x07000010 ||
1436 (insn & 0x0ff000d0) == 0x07500010 ||
1437 (insn & 0x0ff000f0) == 0x07800010) {
1439 if ((insn & 0x0000f000) == 0x0000f000) {
1440 return prep_emulate_rd16rs8rm0_wflags(insn, asi);
1442 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1446 /* SMMLS : cccc 0111 0101 xxxx xxxx xxxx 11x1 xxxx : */
1447 if ((insn & 0x0ff000d0) == 0x075000d0)
1448 return prep_emulate_rd16rn12rs8rm0_wflags(insn, asi);
1450 /* SBFX : cccc 0111 101x xxxx xxxx xxxx x101 xxxx : */
1451 /* UBFX : cccc 0111 111x xxxx xxxx xxxx x101 xxxx : */
1452 if ((insn & 0x0fa00070) == 0x07a00050)
1453 return prep_emulate_rd12rm0(insn, asi);
1455 /* BFI : cccc 0111 110x xxxx xxxx xxxx x001 xxxx : */
1456 /* BFC : cccc 0111 110x xxxx xxxx xxxx x001 1111 : */
1457 if ((insn & 0x0fe00070) == 0x07c00010) {
1459 if ((insn & 0x0000000f) == 0x0000000f)
1460 return prep_emulate_rd12_modify(insn, asi);
1462 return prep_emulate_rd12rn0_modify(insn, asi);
1465 return INSN_REJECTED;
1468 static enum kprobe_insn __kprobes
1469 space_cccc_01xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1471 /* LDR : cccc 01xx x0x1 xxxx xxxx xxxx xxxx xxxx */
1472 /* LDRB : cccc 01xx x1x1 xxxx xxxx xxxx xxxx xxxx */
1473 /* LDRBT : cccc 01x0 x111 xxxx xxxx xxxx xxxx xxxx */
1474 /* LDRT : cccc 01x0 x011 xxxx xxxx xxxx xxxx xxxx */
1475 /* STR : cccc 01xx x0x0 xxxx xxxx xxxx xxxx xxxx */
1476 /* STRB : cccc 01xx x1x0 xxxx xxxx xxxx xxxx xxxx */
1477 /* STRBT : cccc 01x0 x110 xxxx xxxx xxxx xxxx xxxx */
1478 /* STRT : cccc 01x0 x010 xxxx xxxx xxxx xxxx xxxx */
1480 if ((insn & 0x00500000) == 0x00500000 && is_r15(insn, 12))
1481 return INSN_REJECTED; /* LDRB into PC */
1483 return prep_emulate_ldr_str(insn, asi);
1486 static enum kprobe_insn __kprobes
1487 space_cccc_100x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1489 /* LDM(2) : cccc 100x x101 xxxx 0xxx xxxx xxxx xxxx */
1490 /* LDM(3) : cccc 100x x1x1 xxxx 1xxx xxxx xxxx xxxx */
1491 if ((insn & 0x0e708000) == 0x85000000 ||
1492 (insn & 0x0e508000) == 0x85010000)
1493 return INSN_REJECTED;
1495 /* LDM(1) : cccc 100x x0x1 xxxx xxxx xxxx xxxx xxxx */
1496 /* STM(1) : cccc 100x x0x0 xxxx xxxx xxxx xxxx xxxx */
1497 asi->insn_handler = ((insn & 0x108000) == 0x008000) ? /* STM & R15 */
1498 simulate_stm1_pc : simulate_ldm1stm1;
1499 return INSN_GOOD_NO_SLOT;
1502 static enum kprobe_insn __kprobes
1503 space_cccc_101x(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1505 /* B : cccc 1010 xxxx xxxx xxxx xxxx xxxx xxxx */
1506 /* BL : cccc 1011 xxxx xxxx xxxx xxxx xxxx xxxx */
1507 asi->insn_handler = simulate_bbl;
1508 return INSN_GOOD_NO_SLOT;
1511 static enum kprobe_insn __kprobes
1512 space_cccc_11xx(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1514 /* Coprocessor instructions... */
1515 /* MCRR : cccc 1100 0100 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1516 /* MRRC : cccc 1100 0101 xxxx xxxx xxxx xxxx xxxx : (Rd!=Rn) */
1517 /* LDC : cccc 110x xxx1 xxxx xxxx xxxx xxxx xxxx */
1518 /* STC : cccc 110x xxx0 xxxx xxxx xxxx xxxx xxxx */
1519 /* CDP : cccc 1110 xxxx xxxx xxxx xxxx xxx0 xxxx */
1520 /* MCR : cccc 1110 xxx0 xxxx xxxx xxxx xxx1 xxxx */
1521 /* MRC : cccc 1110 xxx1 xxxx xxxx xxxx xxx1 xxxx */
1523 /* SVC : cccc 1111 xxxx xxxx xxxx xxxx xxxx xxxx */
1525 return INSN_REJECTED;
1528 static unsigned long __kprobes __check_eq(unsigned long cpsr)
1530 return cpsr & PSR_Z_BIT;
1533 static unsigned long __kprobes __check_ne(unsigned long cpsr)
1535 return (~cpsr) & PSR_Z_BIT;
1538 static unsigned long __kprobes __check_cs(unsigned long cpsr)
1540 return cpsr & PSR_C_BIT;
1543 static unsigned long __kprobes __check_cc(unsigned long cpsr)
1545 return (~cpsr) & PSR_C_BIT;
1548 static unsigned long __kprobes __check_mi(unsigned long cpsr)
1550 return cpsr & PSR_N_BIT;
1553 static unsigned long __kprobes __check_pl(unsigned long cpsr)
1555 return (~cpsr) & PSR_N_BIT;
1558 static unsigned long __kprobes __check_vs(unsigned long cpsr)
1560 return cpsr & PSR_V_BIT;
1563 static unsigned long __kprobes __check_vc(unsigned long cpsr)
1565 return (~cpsr) & PSR_V_BIT;
1568 static unsigned long __kprobes __check_hi(unsigned long cpsr)
1570 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
1571 return cpsr & PSR_C_BIT;
1574 static unsigned long __kprobes __check_ls(unsigned long cpsr)
1576 cpsr &= ~(cpsr >> 1); /* PSR_C_BIT &= ~PSR_Z_BIT */
1577 return (~cpsr) & PSR_C_BIT;
1580 static unsigned long __kprobes __check_ge(unsigned long cpsr)
1582 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1583 return (~cpsr) & PSR_N_BIT;
1586 static unsigned long __kprobes __check_lt(unsigned long cpsr)
1588 cpsr ^= (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1589 return cpsr & PSR_N_BIT;
1592 static unsigned long __kprobes __check_gt(unsigned long cpsr)
1594 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1595 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
1596 return (~temp) & PSR_N_BIT;
1599 static unsigned long __kprobes __check_le(unsigned long cpsr)
1601 unsigned long temp = cpsr ^ (cpsr << 3); /* PSR_N_BIT ^= PSR_V_BIT */
1602 temp |= (cpsr << 1); /* PSR_N_BIT |= PSR_Z_BIT */
1603 return temp & PSR_N_BIT;
1606 static unsigned long __kprobes __check_al(unsigned long cpsr)
1611 static kprobe_check_cc * const condition_checks[16] = {
1612 &__check_eq, &__check_ne, &__check_cs, &__check_cc,
1613 &__check_mi, &__check_pl, &__check_vs, &__check_vc,
1614 &__check_hi, &__check_ls, &__check_ge, &__check_lt,
1615 &__check_gt, &__check_le, &__check_al, &__check_al
1619 * INSN_REJECTED If instruction is one not allowed to kprobe,
1620 * INSN_GOOD If instruction is supported and uses instruction slot,
1621 * INSN_GOOD_NO_SLOT If instruction is supported but doesn't use its slot.
1623 * For instructions we don't want to kprobe (INSN_REJECTED return result):
1624 * These are generally ones that modify the processor state making
1625 * them "hard" to simulate such as switches processor modes or
1626 * make accesses in alternate modes. Any of these could be simulated
1627 * if the work was put into it, but low return considering they
1628 * should also be very rare.
1630 enum kprobe_insn __kprobes
1631 arm_kprobe_decode_insn(kprobe_opcode_t insn, struct arch_specific_insn *asi)
1633 asi->insn_check_cc = condition_checks[insn>>28];
1634 asi->insn[1] = KPROBE_RETURN_INSTRUCTION;
1636 if ((insn & 0xf0000000) == 0xf0000000) {
1638 return space_1111(insn, asi);
1640 } else if ((insn & 0x0e000000) == 0x00000000) {
1642 return space_cccc_000x(insn, asi);
1644 } else if ((insn & 0x0e000000) == 0x02000000) {
1646 return space_cccc_001x(insn, asi);
1648 } else if ((insn & 0x0f000010) == 0x06000010) {
1650 return space_cccc_0110__1(insn, asi);
1652 } else if ((insn & 0x0f000010) == 0x07000010) {
1654 return space_cccc_0111__1(insn, asi);
1656 } else if ((insn & 0x0c000000) == 0x04000000) {
1658 return space_cccc_01xx(insn, asi);
1660 } else if ((insn & 0x0e000000) == 0x08000000) {
1662 return space_cccc_100x(insn, asi);
1664 } else if ((insn & 0x0e000000) == 0x0a000000) {
1666 return space_cccc_101x(insn, asi);
1670 return space_cccc_11xx(insn, asi);
1673 void __init arm_kprobe_decode_init(void)
1675 find_str_pc_offset();
1680 * All ARM instructions listed below.
1682 * Instructions and their general purpose registers are given.
1683 * If a particular register may not use R15, it is prefixed with a "!".
1684 * If marked with a "*" means the value returned by reading R15
1685 * is implementation defined.
1687 * ADC/ADD/AND/BIC/CMN/CMP/EOR/MOV/MVN/ORR/RSB/RSC/SBC/SUB/TEQ
1688 * TST: Rd, Rn, Rm, !Rs
1691 * BX: Rm (R15 legal, but discouraged)
1695 * LDC/2,STC/2 immediate offset & unindex: Rn
1696 * LDC/2,STC/2 immediate pre/post-indexed: !Rn
1697 * LDM(1/3): !Rn, register_list
1698 * LDM(2): !Rn, !register_list
1699 * LDR,STR,PLD immediate offset: Rd, Rn
1700 * LDR,STR,PLD register offset: Rd, Rn, !Rm
1701 * LDR,STR,PLD scaled register offset: Rd, !Rn, !Rm
1702 * LDR,STR immediate pre/post-indexed: Rd, !Rn
1703 * LDR,STR register pre/post-indexed: Rd, !Rn, !Rm
1704 * LDR,STR scaled register pre/post-indexed: Rd, !Rn, !Rm
1705 * LDRB,STRB immediate offset: !Rd, Rn
1706 * LDRB,STRB register offset: !Rd, Rn, !Rm
1707 * LDRB,STRB scaled register offset: !Rd, !Rn, !Rm
1708 * LDRB,STRB immediate pre/post-indexed: !Rd, !Rn
1709 * LDRB,STRB register pre/post-indexed: !Rd, !Rn, !Rm
1710 * LDRB,STRB scaled register pre/post-indexed: !Rd, !Rn, !Rm
1711 * LDRT,LDRBT,STRBT immediate pre/post-indexed: !Rd, !Rn
1712 * LDRT,LDRBT,STRBT register pre/post-indexed: !Rd, !Rn, !Rm
1713 * LDRT,LDRBT,STRBT scaled register pre/post-indexed: !Rd, !Rn, !Rm
1714 * LDRH/SH/SB/D,STRH/SH/SB/D immediate offset: !Rd, Rn
1715 * LDRH/SH/SB/D,STRH/SH/SB/D register offset: !Rd, Rn, !Rm
1716 * LDRH/SH/SB/D,STRH/SH/SB/D immediate pre/post-indexed: !Rd, !Rn
1717 * LDRH/SH/SB/D,STRH/SH/SB/D register pre/post-indexed: !Rd, !Rn, !Rm
1720 * MCRR/2,MRRC/2: !Rd, !Rn
1721 * MLA: !Rd, !Rn, !Rm, !Rs
1723 * MRC/2: !Rd (if Rd==15, only changes cond codes, not the register)
1725 * MUL: !Rd, !Rm, !Rs
1726 * PKH{BT,TB}: !Rd, !Rn, !Rm
1727 * QDADD,[U]QADD/16/8/SUBX: !Rd, !Rm, !Rn
1728 * QDSUB,[U]QSUB/16/8/ADDX: !Rd, !Rm, !Rn
1729 * REV/16/SH: !Rd, !Rm
1731 * {S,U}[H]ADD{16,8,SUBX},{S,U}[H]SUB{16,8,ADDX}: !Rd, !Rn, !Rm
1732 * SEL: !Rd, !Rn, !Rm
1733 * SMLA<x><y>,SMLA{D,W<y>},SMLSD,SMML{A,S}: !Rd, !Rn, !Rm, !Rs
1734 * SMLAL<x><y>,SMLA{D,LD},SMLSLD,SMMULL,SMULW<y>: !RdHi, !RdLo, !Rm, !Rs
1735 * SMMUL,SMUAD,SMUL<x><y>,SMUSD: !Rd, !Rm, !Rs
1737 * STM(1/2): !Rn, register_list* (R15 in reg list not recommended)
1738 * STRT immediate pre/post-indexed: Rd*, !Rn
1739 * STRT register pre/post-indexed: Rd*, !Rn, !Rm
1740 * STRT scaled register pre/post-indexed: Rd*, !Rn, !Rm
1741 * STREX: !Rd, !Rn, !Rm
1742 * SWP/B: !Rd, !Rn, !Rm
1743 * {S,U}XTA{B,B16,H}: !Rd, !Rn, !Rm
1744 * {S,U}XT{B,B16,H}: !Rd, !Rm
1745 * UM{AA,LA,UL}L: !RdHi, !RdLo, !Rm, !Rs
1746 * USA{D8,A8,T,T16}: !Rd, !Rm, !Rs
1748 * May transfer control by writing R15 (possible mode changes or alternate
1749 * mode accesses marked by "*"):
1750 * ALU op (* with s-bit), B, BL, BKPT, BLX(1/2), BX, BXJ, CPS*, CPY,
1751 * LDM(1), LDM(2/3)*, LDR, MOV, RFE*, SWI*
1753 * Instructions that do not take general registers, nor transfer control:
1754 * CDP/2, SETEND, SRS*
projects / cascardo / linux.git / blob