[PATCH] Return probe redesign: i386 specific changes

The following patch contains the i386 specific changes for the new
return probe design.  Changes include:

 * Removing the architecture specific functions for querying a return probe
   instance off a stack address
 * Complete rework onf arch_prepare_kretprobe() and trampoline_probe_handler()
 * Removing trampoline_post_handler()
 * Adding arch_init() so that now we handle registering the return probe
   trampoline instead of kernel/kprobes.c doing it

Signed-off-by: Rusty Lynch <rusty.lynch@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

arch/i386/kernel/kprobes.c

@@ -127,48 +127,23 @@ static inline void prepare_singlestep(struct kprobe *p, struct pt_regs *regs)
 		regs->eip = (unsigned long)&p->ainsn.insn;
 }
 
-struct task_struct  *arch_get_kprobe_task(void *ptr)
-{
-	return ((struct thread_info *) (((unsigned long) ptr) &
-					(~(THREAD_SIZE -1))))->task;
-}
-
 void arch_prepare_kretprobe(struct kretprobe *rp, struct pt_regs *regs)
 {
 	unsigned long *sara = (unsigned long *)&regs->esp;
-	struct kretprobe_instance *ri;
+        struct kretprobe_instance *ri;
-	static void *orig_ret_addr;
 
-	/*
+        if ((ri = get_free_rp_inst(rp)) != NULL) {
-	 * Save the return address when the return probe hits
+                ri->rp = rp;
-	 * the first time, and use it to populate the (krprobe
+                ri->task = current;
-	 * instance)->ret_addr for subsequent return probes at
+		ri->ret_addr = (kprobe_opcode_t *) *sara;
-	 * the same addrress since stack address would have
-	 * the kretprobe_trampoline by then.
-	 */
-	if (((void*) *sara) != kretprobe_trampoline)
-		orig_ret_addr = (void*) *sara;
 
-	if ((ri = get_free_rp_inst(rp)) != NULL) {
-		ri->rp = rp;
-		ri->stack_addr = sara;
-		ri->ret_addr = orig_ret_addr;
-		add_rp_inst(ri);
 		/* Replace the return addr with trampoline addr */
 		*sara = (unsigned long) &kretprobe_trampoline;
-	} else {
-		rp->nmissed++;
-	}
-}
 
-void arch_kprobe_flush_task(struct task_struct *tk)
+                add_rp_inst(ri);
-{
+        } else {
-	struct kretprobe_instance *ri;
+                rp->nmissed++;
-	while ((ri = get_rp_inst_tsk(tk)) != NULL) {
+        }
-		*((unsigned long *)(ri->stack_addr)) =
-					(unsigned long) ri->ret_addr;
-		recycle_rp_inst(ri);
-	}
 }
 
 /*
@@ -286,36 +261,59 @@ static int kprobe_handler(struct pt_regs *regs)
  */
 int trampoline_probe_handler(struct kprobe *p, struct pt_regs *regs)
 {
-	struct task_struct *tsk;
+        struct kretprobe_instance *ri = NULL;
-	struct kretprobe_instance *ri;
+        struct hlist_head *head;
-	struct hlist_head *head;
+        struct hlist_node *node, *tmp;
-	struct hlist_node *node;
+	unsigned long orig_ret_address = 0;
-	unsigned long *sara = ((unsigned long *) &regs->esp) - 1;
+	unsigned long trampoline_address =(unsigned long)&kretprobe_trampoline;
 
-	tsk = arch_get_kprobe_task(sara);
+        head = kretprobe_inst_table_head(current);
-	head = kretprobe_inst_table_head(tsk);
 
-	hlist_for_each_entry(ri, node, head, hlist) {
+	/*
-		if (ri->stack_addr == sara && ri->rp) {
+	 * It is possible to have multiple instances associated with a given
-			if (ri->rp->handler)
+	 * task either because an multiple functions in the call path
-				ri->rp->handler(ri, regs);
+	 * have a return probe installed on them, and/or more then one return
-		}
+	 * return probe was registered for a target function.
-	}
+	 *
-	return 0;
+	 * We can handle this because:
-}
+	 *     - instances are always inserted at the head of the list
+	 *     - when multiple return probes are registered for the same
+         *       function, the first instance's ret_addr will point to the
+	 *       real return address, and all the rest will point to
+	 *       kretprobe_trampoline
+	 */
+	hlist_for_each_entry_safe(ri, node, tmp, head, hlist) {
+                if (ri->task != current)
+			/* another task is sharing our hash bucket */
+                        continue;
 
-void trampoline_post_handler(struct kprobe *p, struct pt_regs *regs,
+		if (ri->rp && ri->rp->handler)
-						unsigned long flags)
+			ri->rp->handler(ri, regs);
-{
-	struct kretprobe_instance *ri;
-	/* RA already popped */
-	unsigned long *sara = ((unsigned long *)&regs->esp) - 1;
 
-	while ((ri = get_rp_inst(sara))) {
+		orig_ret_address = (unsigned long)ri->ret_addr;
-		regs->eip = (unsigned long)ri->ret_addr;
 		recycle_rp_inst(ri);
+
+		if (orig_ret_address != trampoline_address)
+			/*
+			 * This is the real return address. Any other
+			 * instances associated with this task are for
+			 * other calls deeper on the call stack
+			 */
+			break;
 	}
-	regs->eflags &= ~TF_MASK;
+
+	BUG_ON(!orig_ret_address || (orig_ret_address == trampoline_address));
+	regs->eip = orig_ret_address;
+
+	unlock_kprobes();
+	preempt_enable_no_resched();
+
+        /*
+         * By returning a non-zero value, we are telling
+         * kprobe_handler() that we have handled unlocking
+         * and re-enabling preemption.
+         */
+        return 1;
 }
 
 /*
@@ -403,8 +401,7 @@ static inline int post_kprobe_handler(struct pt_regs *regs)
 		current_kprobe->post_handler(current_kprobe, regs, 0);
 	}
 
-	if (current_kprobe->post_handler != trampoline_post_handler)
+	resume_execution(current_kprobe, regs);
-		resume_execution(current_kprobe, regs);
 	regs->eflags |= kprobe_saved_eflags;
 
 	/*Restore back the original saved kprobes variables and continue. */
@@ -534,3 +531,13 @@ int longjmp_break_handler(struct kprobe *p, struct pt_regs *regs)
 	}
 	return 0;
 }
+
+static struct kprobe trampoline_p = {
+	.addr = (kprobe_opcode_t *) &kretprobe_trampoline,
+	.pre_handler = trampoline_probe_handler
+};
+
+int __init arch_init(void)
+{
+	return register_kprobe(&trampoline_p);
+}