root/arch/x86/lib/insn-eval.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. is_string_insn
  2. get_seg_reg_override_idx
  3. check_seg_overrides
  4. resolve_default_seg
  5. resolve_seg_reg
  6. get_segment_selector
  7. get_reg_offset
  8. get_reg_offset_16
  9. get_desc
  10. insn_get_seg_base
  11. get_seg_limit
  12. insn_get_code_seg_params
  13. insn_get_modrm_rm_off
  14. get_seg_base_limit
  15. get_eff_addr_reg
  16. get_eff_addr_modrm
  17. get_eff_addr_modrm_16
  18. get_eff_addr_sib
  19. get_addr_ref_16
  20. get_addr_ref_32
  21. get_addr_ref_64
  22. get_addr_ref_64
  23. insn_get_addr_ref

   1 /*
   2  * Utility functions for x86 operand and address decoding
   3  *
   4  * Copyright (C) Intel Corporation 2017
   5  */
   6 #include <linux/kernel.h>
   7 #include <linux/string.h>
   8 #include <linux/ratelimit.h>
   9 #include <linux/mmu_context.h>
  10 #include <asm/desc_defs.h>
  11 #include <asm/desc.h>
  12 #include <asm/inat.h>
  13 #include <asm/insn.h>
  14 #include <asm/insn-eval.h>
  15 #include <asm/ldt.h>
  16 #include <asm/vm86.h>
  17 
  18 #undef pr_fmt
  19 #define pr_fmt(fmt) "insn: " fmt
  20 
  21 enum reg_type {
  22         REG_TYPE_RM = 0,
  23         REG_TYPE_INDEX,
  24         REG_TYPE_BASE,
  25 };
  26 
  27 /**
  28  * is_string_insn() - Determine if instruction is a string instruction
  29  * @insn:       Instruction containing the opcode to inspect
  30  *
  31  * Returns:
  32  *
  33  * true if the instruction, determined by the opcode, is any of the
  34  * string instructions as defined in the Intel Software Development manual.
  35  * False otherwise.
  36  */
  37 static bool is_string_insn(struct insn *insn)
  38 {
  39         insn_get_opcode(insn);
  40 
  41         /* All string instructions have a 1-byte opcode. */
  42         if (insn->opcode.nbytes != 1)
  43                 return false;
  44 
  45         switch (insn->opcode.bytes[0]) {
  46         case 0x6c ... 0x6f:     /* INS, OUTS */
  47         case 0xa4 ... 0xa7:     /* MOVS, CMPS */
  48         case 0xaa ... 0xaf:     /* STOS, LODS, SCAS */
  49                 return true;
  50         default:
  51                 return false;
  52         }
  53 }
  54 
  55 /**
  56  * get_seg_reg_override_idx() - obtain segment register override index
  57  * @insn:       Valid instruction with segment override prefixes
  58  *
  59  * Inspect the instruction prefixes in @insn and find segment overrides, if any.
  60  *
  61  * Returns:
  62  *
  63  * A constant identifying the segment register to use, among CS, SS, DS,
  64  * ES, FS, or GS. INAT_SEG_REG_DEFAULT is returned if no segment override
  65  * prefixes were found.
  66  *
  67  * -EINVAL in case of error.
  68  */
  69 static int get_seg_reg_override_idx(struct insn *insn)
  70 {
  71         int idx = INAT_SEG_REG_DEFAULT;
  72         int num_overrides = 0, i;
  73 
  74         insn_get_prefixes(insn);
  75 
  76         /* Look for any segment override prefixes. */
  77         for (i = 0; i < insn->prefixes.nbytes; i++) {
  78                 insn_attr_t attr;
  79 
  80                 attr = inat_get_opcode_attribute(insn->prefixes.bytes[i]);
  81                 switch (attr) {
  82                 case INAT_MAKE_PREFIX(INAT_PFX_CS):
  83                         idx = INAT_SEG_REG_CS;
  84                         num_overrides++;
  85                         break;
  86                 case INAT_MAKE_PREFIX(INAT_PFX_SS):
  87                         idx = INAT_SEG_REG_SS;
  88                         num_overrides++;
  89                         break;
  90                 case INAT_MAKE_PREFIX(INAT_PFX_DS):
  91                         idx = INAT_SEG_REG_DS;
  92                         num_overrides++;
  93                         break;
  94                 case INAT_MAKE_PREFIX(INAT_PFX_ES):
  95                         idx = INAT_SEG_REG_ES;
  96                         num_overrides++;
  97                         break;
  98                 case INAT_MAKE_PREFIX(INAT_PFX_FS):
  99                         idx = INAT_SEG_REG_FS;
 100                         num_overrides++;
 101                         break;
 102                 case INAT_MAKE_PREFIX(INAT_PFX_GS):
 103                         idx = INAT_SEG_REG_GS;
 104                         num_overrides++;
 105                         break;
 106                 /* No default action needed. */
 107                 }
 108         }
 109 
 110         /* More than one segment override prefix leads to undefined behavior. */
 111         if (num_overrides > 1)
 112                 return -EINVAL;
 113 
 114         return idx;
 115 }
 116 
 117 /**
 118  * check_seg_overrides() - check if segment override prefixes are allowed
 119  * @insn:       Valid instruction with segment override prefixes
 120  * @regoff:     Operand offset, in pt_regs, for which the check is performed
 121  *
 122  * For a particular register used in register-indirect addressing, determine if
 123  * segment override prefixes can be used. Specifically, no overrides are allowed
 124  * for rDI if used with a string instruction.
 125  *
 126  * Returns:
 127  *
 128  * True if segment override prefixes can be used with the register indicated
 129  * in @regoff. False if otherwise.
 130  */
 131 static bool check_seg_overrides(struct insn *insn, int regoff)
 132 {
 133         if (regoff == offsetof(struct pt_regs, di) && is_string_insn(insn))
 134                 return false;
 135 
 136         return true;
 137 }
 138 
 139 /**
 140  * resolve_default_seg() - resolve default segment register index for an operand
 141  * @insn:       Instruction with opcode and address size. Must be valid.
 142  * @regs:       Register values as seen when entering kernel mode
 143  * @off:        Operand offset, in pt_regs, for which resolution is needed
 144  *
 145  * Resolve the default segment register index associated with the instruction
 146  * operand register indicated by @off. Such index is resolved based on defaults
 147  * described in the Intel Software Development Manual.
 148  *
 149  * Returns:
 150  *
 151  * If in protected mode, a constant identifying the segment register to use,
 152  * among CS, SS, ES or DS. If in long mode, INAT_SEG_REG_IGNORE.
 153  *
 154  * -EINVAL in case of error.
 155  */
 156 static int resolve_default_seg(struct insn *insn, struct pt_regs *regs, int off)
 157 {
 158         if (user_64bit_mode(regs))
 159                 return INAT_SEG_REG_IGNORE;
 160         /*
 161          * Resolve the default segment register as described in Section 3.7.4
 162          * of the Intel Software Development Manual Vol. 1:
 163          *
 164          *  + DS for all references involving r[ABCD]X, and rSI.
 165          *  + If used in a string instruction, ES for rDI. Otherwise, DS.
 166          *  + AX, CX and DX are not valid register operands in 16-bit address
 167          *    encodings but are valid for 32-bit and 64-bit encodings.
 168          *  + -EDOM is reserved to identify for cases in which no register
 169          *    is used (i.e., displacement-only addressing). Use DS.
 170          *  + SS for rSP or rBP.
 171          *  + CS for rIP.
 172          */
 173 
 174         switch (off) {
 175         case offsetof(struct pt_regs, ax):
 176         case offsetof(struct pt_regs, cx):
 177         case offsetof(struct pt_regs, dx):
 178                 /* Need insn to verify address size. */
 179                 if (insn->addr_bytes == 2)
 180                         return -EINVAL;
 181 
 182                 /* fall through */
 183 
 184         case -EDOM:
 185         case offsetof(struct pt_regs, bx):
 186         case offsetof(struct pt_regs, si):
 187                 return INAT_SEG_REG_DS;
 188 
 189         case offsetof(struct pt_regs, di):
 190                 if (is_string_insn(insn))
 191                         return INAT_SEG_REG_ES;
 192                 return INAT_SEG_REG_DS;
 193 
 194         case offsetof(struct pt_regs, bp):
 195         case offsetof(struct pt_regs, sp):
 196                 return INAT_SEG_REG_SS;
 197 
 198         case offsetof(struct pt_regs, ip):
 199                 return INAT_SEG_REG_CS;
 200 
 201         default:
 202                 return -EINVAL;
 203         }
 204 }
 205 
 206 /**
 207  * resolve_seg_reg() - obtain segment register index
 208  * @insn:       Instruction with operands
 209  * @regs:       Register values as seen when entering kernel mode
 210  * @regoff:     Operand offset, in pt_regs, used to deterimine segment register
 211  *
 212  * Determine the segment register associated with the operands and, if
 213  * applicable, prefixes and the instruction pointed by @insn.
 214  *
 215  * The segment register associated to an operand used in register-indirect
 216  * addressing depends on:
 217  *
 218  * a) Whether running in long mode (in such a case segments are ignored, except
 219  * if FS or GS are used).
 220  *
 221  * b) Whether segment override prefixes can be used. Certain instructions and
 222  *    registers do not allow override prefixes.
 223  *
 224  * c) Whether segment overrides prefixes are found in the instruction prefixes.
 225  *
 226  * d) If there are not segment override prefixes or they cannot be used, the
 227  *    default segment register associated with the operand register is used.
 228  *
 229  * The function checks first if segment override prefixes can be used with the
 230  * operand indicated by @regoff. If allowed, obtain such overridden segment
 231  * register index. Lastly, if not prefixes were found or cannot be used, resolve
 232  * the segment register index to use based on the defaults described in the
 233  * Intel documentation. In long mode, all segment register indexes will be
 234  * ignored, except if overrides were found for FS or GS. All these operations
 235  * are done using helper functions.
 236  *
 237  * The operand register, @regoff, is represented as the offset from the base of
 238  * pt_regs.
 239  *
 240  * As stated, the main use of this function is to determine the segment register
 241  * index based on the instruction, its operands and prefixes. Hence, @insn
 242  * must be valid. However, if @regoff indicates rIP, we don't need to inspect
 243  * @insn at all as in this case CS is used in all cases. This case is checked
 244  * before proceeding further.
 245  *
 246  * Please note that this function does not return the value in the segment
 247  * register (i.e., the segment selector) but our defined index. The segment
 248  * selector needs to be obtained using get_segment_selector() and passing the
 249  * segment register index resolved by this function.
 250  *
 251  * Returns:
 252  *
 253  * An index identifying the segment register to use, among CS, SS, DS,
 254  * ES, FS, or GS. INAT_SEG_REG_IGNORE is returned if running in long mode.
 255  *
 256  * -EINVAL in case of error.
 257  */
 258 static int resolve_seg_reg(struct insn *insn, struct pt_regs *regs, int regoff)
 259 {
 260         int idx;
 261 
 262         /*
 263          * In the unlikely event of having to resolve the segment register
 264          * index for rIP, do it first. Segment override prefixes should not
 265          * be used. Hence, it is not necessary to inspect the instruction,
 266          * which may be invalid at this point.
 267          */
 268         if (regoff == offsetof(struct pt_regs, ip)) {
 269                 if (user_64bit_mode(regs))
 270                         return INAT_SEG_REG_IGNORE;
 271                 else
 272                         return INAT_SEG_REG_CS;
 273         }
 274 
 275         if (!insn)
 276                 return -EINVAL;
 277 
 278         if (!check_seg_overrides(insn, regoff))
 279                 return resolve_default_seg(insn, regs, regoff);
 280 
 281         idx = get_seg_reg_override_idx(insn);
 282         if (idx < 0)
 283                 return idx;
 284 
 285         if (idx == INAT_SEG_REG_DEFAULT)
 286                 return resolve_default_seg(insn, regs, regoff);
 287 
 288         /*
 289          * In long mode, segment override prefixes are ignored, except for
 290          * overrides for FS and GS.
 291          */
 292         if (user_64bit_mode(regs)) {
 293                 if (idx != INAT_SEG_REG_FS &&
 294                     idx != INAT_SEG_REG_GS)
 295                         idx = INAT_SEG_REG_IGNORE;
 296         }
 297 
 298         return idx;
 299 }
 300 
 301 /**
 302  * get_segment_selector() - obtain segment selector
 303  * @regs:               Register values as seen when entering kernel mode
 304  * @seg_reg_idx:        Segment register index to use
 305  *
 306  * Obtain the segment selector from any of the CS, SS, DS, ES, FS, GS segment
 307  * registers. In CONFIG_X86_32, the segment is obtained from either pt_regs or
 308  * kernel_vm86_regs as applicable. In CONFIG_X86_64, CS and SS are obtained
 309  * from pt_regs. DS, ES, FS and GS are obtained by reading the actual CPU
 310  * registers. This done for only for completeness as in CONFIG_X86_64 segment
 311  * registers are ignored.
 312  *
 313  * Returns:
 314  *
 315  * Value of the segment selector, including null when running in
 316  * long mode.
 317  *
 318  * -EINVAL on error.
 319  */
 320 static short get_segment_selector(struct pt_regs *regs, int seg_reg_idx)
 321 {
 322 #ifdef CONFIG_X86_64
 323         unsigned short sel;
 324 
 325         switch (seg_reg_idx) {
 326         case INAT_SEG_REG_IGNORE:
 327                 return 0;
 328         case INAT_SEG_REG_CS:
 329                 return (unsigned short)(regs->cs & 0xffff);
 330         case INAT_SEG_REG_SS:
 331                 return (unsigned short)(regs->ss & 0xffff);
 332         case INAT_SEG_REG_DS:
 333                 savesegment(ds, sel);
 334                 return sel;
 335         case INAT_SEG_REG_ES:
 336                 savesegment(es, sel);
 337                 return sel;
 338         case INAT_SEG_REG_FS:
 339                 savesegment(fs, sel);
 340                 return sel;
 341         case INAT_SEG_REG_GS:
 342                 savesegment(gs, sel);
 343                 return sel;
 344         default:
 345                 return -EINVAL;
 346         }
 347 #else /* CONFIG_X86_32 */
 348         struct kernel_vm86_regs *vm86regs = (struct kernel_vm86_regs *)regs;
 349 
 350         if (v8086_mode(regs)) {
 351                 switch (seg_reg_idx) {
 352                 case INAT_SEG_REG_CS:
 353                         return (unsigned short)(regs->cs & 0xffff);
 354                 case INAT_SEG_REG_SS:
 355                         return (unsigned short)(regs->ss & 0xffff);
 356                 case INAT_SEG_REG_DS:
 357                         return vm86regs->ds;
 358                 case INAT_SEG_REG_ES:
 359                         return vm86regs->es;
 360                 case INAT_SEG_REG_FS:
 361                         return vm86regs->fs;
 362                 case INAT_SEG_REG_GS:
 363                         return vm86regs->gs;
 364                 case INAT_SEG_REG_IGNORE:
 365                         /* fall through */
 366                 default:
 367                         return -EINVAL;
 368                 }
 369         }
 370 
 371         switch (seg_reg_idx) {
 372         case INAT_SEG_REG_CS:
 373                 return (unsigned short)(regs->cs & 0xffff);
 374         case INAT_SEG_REG_SS:
 375                 return (unsigned short)(regs->ss & 0xffff);
 376         case INAT_SEG_REG_DS:
 377                 return (unsigned short)(regs->ds & 0xffff);
 378         case INAT_SEG_REG_ES:
 379                 return (unsigned short)(regs->es & 0xffff);
 380         case INAT_SEG_REG_FS:
 381                 return (unsigned short)(regs->fs & 0xffff);
 382         case INAT_SEG_REG_GS:
 383                 /*
 384                  * GS may or may not be in regs as per CONFIG_X86_32_LAZY_GS.
 385                  * The macro below takes care of both cases.
 386                  */
 387                 return get_user_gs(regs);
 388         case INAT_SEG_REG_IGNORE:
 389                 /* fall through */
 390         default:
 391                 return -EINVAL;
 392         }
 393 #endif /* CONFIG_X86_64 */
 394 }
 395 
 396 static int get_reg_offset(struct insn *insn, struct pt_regs *regs,
 397                           enum reg_type type)
 398 {
 399         int regno = 0;
 400 
 401         static const int regoff[] = {
 402                 offsetof(struct pt_regs, ax),
 403                 offsetof(struct pt_regs, cx),
 404                 offsetof(struct pt_regs, dx),
 405                 offsetof(struct pt_regs, bx),
 406                 offsetof(struct pt_regs, sp),
 407                 offsetof(struct pt_regs, bp),
 408                 offsetof(struct pt_regs, si),
 409                 offsetof(struct pt_regs, di),
 410 #ifdef CONFIG_X86_64
 411                 offsetof(struct pt_regs, r8),
 412                 offsetof(struct pt_regs, r9),
 413                 offsetof(struct pt_regs, r10),
 414                 offsetof(struct pt_regs, r11),
 415                 offsetof(struct pt_regs, r12),
 416                 offsetof(struct pt_regs, r13),
 417                 offsetof(struct pt_regs, r14),
 418                 offsetof(struct pt_regs, r15),
 419 #endif
 420         };
 421         int nr_registers = ARRAY_SIZE(regoff);
 422         /*
 423          * Don't possibly decode a 32-bit instructions as
 424          * reading a 64-bit-only register.
 425          */
 426         if (IS_ENABLED(CONFIG_X86_64) && !insn->x86_64)
 427                 nr_registers -= 8;
 428 
 429         switch (type) {
 430         case REG_TYPE_RM:
 431                 regno = X86_MODRM_RM(insn->modrm.value);
 432 
 433                 /*
 434                  * ModRM.mod == 0 and ModRM.rm == 5 means a 32-bit displacement
 435                  * follows the ModRM byte.
 436                  */
 437                 if (!X86_MODRM_MOD(insn->modrm.value) && regno == 5)
 438                         return -EDOM;
 439 
 440                 if (X86_REX_B(insn->rex_prefix.value))
 441                         regno += 8;
 442                 break;
 443 
 444         case REG_TYPE_INDEX:
 445                 regno = X86_SIB_INDEX(insn->sib.value);
 446                 if (X86_REX_X(insn->rex_prefix.value))
 447                         regno += 8;
 448 
 449                 /*
 450                  * If ModRM.mod != 3 and SIB.index = 4 the scale*index
 451                  * portion of the address computation is null. This is
 452                  * true only if REX.X is 0. In such a case, the SIB index
 453                  * is used in the address computation.
 454                  */
 455                 if (X86_MODRM_MOD(insn->modrm.value) != 3 && regno == 4)
 456                         return -EDOM;
 457                 break;
 458 
 459         case REG_TYPE_BASE:
 460                 regno = X86_SIB_BASE(insn->sib.value);
 461                 /*
 462                  * If ModRM.mod is 0 and SIB.base == 5, the base of the
 463                  * register-indirect addressing is 0. In this case, a
 464                  * 32-bit displacement follows the SIB byte.
 465                  */
 466                 if (!X86_MODRM_MOD(insn->modrm.value) && regno == 5)
 467                         return -EDOM;
 468 
 469                 if (X86_REX_B(insn->rex_prefix.value))
 470                         regno += 8;
 471                 break;
 472 
 473         default:
 474                 pr_err_ratelimited("invalid register type: %d\n", type);
 475                 return -EINVAL;
 476         }
 477 
 478         if (regno >= nr_registers) {
 479                 WARN_ONCE(1, "decoded an instruction with an invalid register");
 480                 return -EINVAL;
 481         }
 482         return regoff[regno];
 483 }
 484 
 485 /**
 486  * get_reg_offset_16() - Obtain offset of register indicated by instruction
 487  * @insn:       Instruction containing ModRM byte
 488  * @regs:       Register values as seen when entering kernel mode
 489  * @offs1:      Offset of the first operand register
 490  * @offs2:      Offset of the second opeand register, if applicable
 491  *
 492  * Obtain the offset, in pt_regs, of the registers indicated by the ModRM byte
 493  * in @insn. This function is to be used with 16-bit address encodings. The
 494  * @offs1 and @offs2 will be written with the offset of the two registers
 495  * indicated by the instruction. In cases where any of the registers is not
 496  * referenced by the instruction, the value will be set to -EDOM.
 497  *
 498  * Returns:
 499  *
 500  * 0 on success, -EINVAL on error.
 501  */
 502 static int get_reg_offset_16(struct insn *insn, struct pt_regs *regs,
 503                              int *offs1, int *offs2)
 504 {
 505         /*
 506          * 16-bit addressing can use one or two registers. Specifics of
 507          * encodings are given in Table 2-1. "16-Bit Addressing Forms with the
 508          * ModR/M Byte" of the Intel Software Development Manual.
 509          */
 510         static const int regoff1[] = {
 511                 offsetof(struct pt_regs, bx),
 512                 offsetof(struct pt_regs, bx),
 513                 offsetof(struct pt_regs, bp),
 514                 offsetof(struct pt_regs, bp),
 515                 offsetof(struct pt_regs, si),
 516                 offsetof(struct pt_regs, di),
 517                 offsetof(struct pt_regs, bp),
 518                 offsetof(struct pt_regs, bx),
 519         };
 520 
 521         static const int regoff2[] = {
 522                 offsetof(struct pt_regs, si),
 523                 offsetof(struct pt_regs, di),
 524                 offsetof(struct pt_regs, si),
 525                 offsetof(struct pt_regs, di),
 526                 -EDOM,
 527                 -EDOM,
 528                 -EDOM,
 529                 -EDOM,
 530         };
 531 
 532         if (!offs1 || !offs2)
 533                 return -EINVAL;
 534 
 535         /* Operand is a register, use the generic function. */
 536         if (X86_MODRM_MOD(insn->modrm.value) == 3) {
 537                 *offs1 = insn_get_modrm_rm_off(insn, regs);
 538                 *offs2 = -EDOM;
 539                 return 0;
 540         }
 541 
 542         *offs1 = regoff1[X86_MODRM_RM(insn->modrm.value)];
 543         *offs2 = regoff2[X86_MODRM_RM(insn->modrm.value)];
 544 
 545         /*
 546          * If ModRM.mod is 0 and ModRM.rm is 110b, then we use displacement-
 547          * only addressing. This means that no registers are involved in
 548          * computing the effective address. Thus, ensure that the first
 549          * register offset is invalild. The second register offset is already
 550          * invalid under the aforementioned conditions.
 551          */
 552         if ((X86_MODRM_MOD(insn->modrm.value) == 0) &&
 553             (X86_MODRM_RM(insn->modrm.value) == 6))
 554                 *offs1 = -EDOM;
 555 
 556         return 0;
 557 }
 558 
 559 /**
 560  * get_desc() - Obtain contents of a segment descriptor
 561  * @out:        Segment descriptor contents on success
 562  * @sel:        Segment selector
 563  *
 564  * Given a segment selector, obtain a pointer to the segment descriptor.
 565  * Both global and local descriptor tables are supported.
 566  *
 567  * Returns:
 568  *
 569  * True on success, false on failure.
 570  *
 571  * NULL on error.
 572  */
 573 static bool get_desc(struct desc_struct *out, unsigned short sel)
 574 {
 575         struct desc_ptr gdt_desc = {0, 0};
 576         unsigned long desc_base;
 577 
 578 #ifdef CONFIG_MODIFY_LDT_SYSCALL
 579         if ((sel & SEGMENT_TI_MASK) == SEGMENT_LDT) {
 580                 bool success = false;
 581                 struct ldt_struct *ldt;
 582 
 583                 /* Bits [15:3] contain the index of the desired entry. */
 584                 sel >>= 3;
 585 
 586                 mutex_lock(&current->active_mm->context.lock);
 587                 ldt = current->active_mm->context.ldt;
 588                 if (ldt && sel < ldt->nr_entries) {
 589                         *out = ldt->entries[sel];
 590                         success = true;
 591                 }
 592 
 593                 mutex_unlock(&current->active_mm->context.lock);
 594 
 595                 return success;
 596         }
 597 #endif
 598         native_store_gdt(&gdt_desc);
 599 
 600         /*
 601          * Segment descriptors have a size of 8 bytes. Thus, the index is
 602          * multiplied by 8 to obtain the memory offset of the desired descriptor
 603          * from the base of the GDT. As bits [15:3] of the segment selector
 604          * contain the index, it can be regarded as multiplied by 8 already.
 605          * All that remains is to clear bits [2:0].
 606          */
 607         desc_base = sel & ~(SEGMENT_RPL_MASK | SEGMENT_TI_MASK);
 608 
 609         if (desc_base > gdt_desc.size)
 610                 return false;
 611 
 612         *out = *(struct desc_struct *)(gdt_desc.address + desc_base);
 613         return true;
 614 }
 615 
 616 /**
 617  * insn_get_seg_base() - Obtain base address of segment descriptor.
 618  * @regs:               Register values as seen when entering kernel mode
 619  * @seg_reg_idx:        Index of the segment register pointing to seg descriptor
 620  *
 621  * Obtain the base address of the segment as indicated by the segment descriptor
 622  * pointed by the segment selector. The segment selector is obtained from the
 623  * input segment register index @seg_reg_idx.
 624  *
 625  * Returns:
 626  *
 627  * In protected mode, base address of the segment. Zero in long mode,
 628  * except when FS or GS are used. In virtual-8086 mode, the segment
 629  * selector shifted 4 bits to the right.
 630  *
 631  * -1L in case of error.
 632  */
 633 unsigned long insn_get_seg_base(struct pt_regs *regs, int seg_reg_idx)
 634 {
 635         struct desc_struct desc;
 636         short sel;
 637 
 638         sel = get_segment_selector(regs, seg_reg_idx);
 639         if (sel < 0)
 640                 return -1L;
 641 
 642         if (v8086_mode(regs))
 643                 /*
 644                  * Base is simply the segment selector shifted 4
 645                  * bits to the right.
 646                  */
 647                 return (unsigned long)(sel << 4);
 648 
 649         if (user_64bit_mode(regs)) {
 650                 /*
 651                  * Only FS or GS will have a base address, the rest of
 652                  * the segments' bases are forced to 0.
 653                  */
 654                 unsigned long base;
 655 
 656                 if (seg_reg_idx == INAT_SEG_REG_FS)
 657                         rdmsrl(MSR_FS_BASE, base);
 658                 else if (seg_reg_idx == INAT_SEG_REG_GS)
 659                         /*
 660                          * swapgs was called at the kernel entry point. Thus,
 661                          * MSR_KERNEL_GS_BASE will have the user-space GS base.
 662                          */
 663                         rdmsrl(MSR_KERNEL_GS_BASE, base);
 664                 else
 665                         base = 0;
 666                 return base;
 667         }
 668 
 669         /* In protected mode the segment selector cannot be null. */
 670         if (!sel)
 671                 return -1L;
 672 
 673         if (!get_desc(&desc, sel))
 674                 return -1L;
 675 
 676         return get_desc_base(&desc);
 677 }
 678 
 679 /**
 680  * get_seg_limit() - Obtain the limit of a segment descriptor
 681  * @regs:               Register values as seen when entering kernel mode
 682  * @seg_reg_idx:        Index of the segment register pointing to seg descriptor
 683  *
 684  * Obtain the limit of the segment as indicated by the segment descriptor
 685  * pointed by the segment selector. The segment selector is obtained from the
 686  * input segment register index @seg_reg_idx.
 687  *
 688  * Returns:
 689  *
 690  * In protected mode, the limit of the segment descriptor in bytes.
 691  * In long mode and virtual-8086 mode, segment limits are not enforced. Thus,
 692  * limit is returned as -1L to imply a limit-less segment.
 693  *
 694  * Zero is returned on error.
 695  */
 696 static unsigned long get_seg_limit(struct pt_regs *regs, int seg_reg_idx)
 697 {
 698         struct desc_struct desc;
 699         unsigned long limit;
 700         short sel;
 701 
 702         sel = get_segment_selector(regs, seg_reg_idx);
 703         if (sel < 0)
 704                 return 0;
 705 
 706         if (user_64bit_mode(regs) || v8086_mode(regs))
 707                 return -1L;
 708 
 709         if (!sel)
 710                 return 0;
 711 
 712         if (!get_desc(&desc, sel))
 713                 return 0;
 714 
 715         /*
 716          * If the granularity bit is set, the limit is given in multiples
 717          * of 4096. This also means that the 12 least significant bits are
 718          * not tested when checking the segment limits. In practice,
 719          * this means that the segment ends in (limit << 12) + 0xfff.
 720          */
 721         limit = get_desc_limit(&desc);
 722         if (desc.g)
 723                 limit = (limit << 12) + 0xfff;
 724 
 725         return limit;
 726 }
 727 
 728 /**
 729  * insn_get_code_seg_params() - Obtain code segment parameters
 730  * @regs:       Structure with register values as seen when entering kernel mode
 731  *
 732  * Obtain address and operand sizes of the code segment. It is obtained from the
 733  * selector contained in the CS register in regs. In protected mode, the default
 734  * address is determined by inspecting the L and D bits of the segment
 735  * descriptor. In virtual-8086 mode, the default is always two bytes for both
 736  * address and operand sizes.
 737  *
 738  * Returns:
 739  *
 740  * An int containing ORed-in default parameters on success.
 741  *
 742  * -EINVAL on error.
 743  */
 744 int insn_get_code_seg_params(struct pt_regs *regs)
 745 {
 746         struct desc_struct desc;
 747         short sel;
 748 
 749         if (v8086_mode(regs))
 750                 /* Address and operand size are both 16-bit. */
 751                 return INSN_CODE_SEG_PARAMS(2, 2);
 752 
 753         sel = get_segment_selector(regs, INAT_SEG_REG_CS);
 754         if (sel < 0)
 755                 return sel;
 756 
 757         if (!get_desc(&desc, sel))
 758                 return -EINVAL;
 759 
 760         /*
 761          * The most significant byte of the Type field of the segment descriptor
 762          * determines whether a segment contains data or code. If this is a data
 763          * segment, return error.
 764          */
 765         if (!(desc.type & BIT(3)))
 766                 return -EINVAL;
 767 
 768         switch ((desc.l << 1) | desc.d) {
 769         case 0: /*
 770                  * Legacy mode. CS.L=0, CS.D=0. Address and operand size are
 771                  * both 16-bit.
 772                  */
 773                 return INSN_CODE_SEG_PARAMS(2, 2);
 774         case 1: /*
 775                  * Legacy mode. CS.L=0, CS.D=1. Address and operand size are
 776                  * both 32-bit.
 777                  */
 778                 return INSN_CODE_SEG_PARAMS(4, 4);
 779         case 2: /*
 780                  * IA-32e 64-bit mode. CS.L=1, CS.D=0. Address size is 64-bit;
 781                  * operand size is 32-bit.
 782                  */
 783                 return INSN_CODE_SEG_PARAMS(4, 8);
 784         case 3: /* Invalid setting. CS.L=1, CS.D=1 */
 785                 /* fall through */
 786         default:
 787                 return -EINVAL;
 788         }
 789 }
 790 
 791 /**
 792  * insn_get_modrm_rm_off() - Obtain register in r/m part of the ModRM byte
 793  * @insn:       Instruction containing the ModRM byte
 794  * @regs:       Register values as seen when entering kernel mode
 795  *
 796  * Returns:
 797  *
 798  * The register indicated by the r/m part of the ModRM byte. The
 799  * register is obtained as an offset from the base of pt_regs. In specific
 800  * cases, the returned value can be -EDOM to indicate that the particular value
 801  * of ModRM does not refer to a register and shall be ignored.
 802  */
 803 int insn_get_modrm_rm_off(struct insn *insn, struct pt_regs *regs)
 804 {
 805         return get_reg_offset(insn, regs, REG_TYPE_RM);
 806 }
 807 
 808 /**
 809  * get_seg_base_limit() - obtain base address and limit of a segment
 810  * @insn:       Instruction. Must be valid.
 811  * @regs:       Register values as seen when entering kernel mode
 812  * @regoff:     Operand offset, in pt_regs, used to resolve segment descriptor
 813  * @base:       Obtained segment base
 814  * @limit:      Obtained segment limit
 815  *
 816  * Obtain the base address and limit of the segment associated with the operand
 817  * @regoff and, if any or allowed, override prefixes in @insn. This function is
 818  * different from insn_get_seg_base() as the latter does not resolve the segment
 819  * associated with the instruction operand. If a limit is not needed (e.g.,
 820  * when running in long mode), @limit can be NULL.
 821  *
 822  * Returns:
 823  *
 824  * 0 on success. @base and @limit will contain the base address and of the
 825  * resolved segment, respectively.
 826  *
 827  * -EINVAL on error.
 828  */
 829 static int get_seg_base_limit(struct insn *insn, struct pt_regs *regs,
 830                               int regoff, unsigned long *base,
 831                               unsigned long *limit)
 832 {
 833         int seg_reg_idx;
 834 
 835         if (!base)
 836                 return -EINVAL;
 837 
 838         seg_reg_idx = resolve_seg_reg(insn, regs, regoff);
 839         if (seg_reg_idx < 0)
 840                 return seg_reg_idx;
 841 
 842         *base = insn_get_seg_base(regs, seg_reg_idx);
 843         if (*base == -1L)
 844                 return -EINVAL;
 845 
 846         if (!limit)
 847                 return 0;
 848 
 849         *limit = get_seg_limit(regs, seg_reg_idx);
 850         if (!(*limit))
 851                 return -EINVAL;
 852 
 853         return 0;
 854 }
 855 
 856 /**
 857  * get_eff_addr_reg() - Obtain effective address from register operand
 858  * @insn:       Instruction. Must be valid.
 859  * @regs:       Register values as seen when entering kernel mode
 860  * @regoff:     Obtained operand offset, in pt_regs, with the effective address
 861  * @eff_addr:   Obtained effective address
 862  *
 863  * Obtain the effective address stored in the register operand as indicated by
 864  * the ModRM byte. This function is to be used only with register addressing
 865  * (i.e.,  ModRM.mod is 3). The effective address is saved in @eff_addr. The
 866  * register operand, as an offset from the base of pt_regs, is saved in @regoff;
 867  * such offset can then be used to resolve the segment associated with the
 868  * operand. This function can be used with any of the supported address sizes
 869  * in x86.
 870  *
 871  * Returns:
 872  *
 873  * 0 on success. @eff_addr will have the effective address stored in the
 874  * operand indicated by ModRM. @regoff will have such operand as an offset from
 875  * the base of pt_regs.
 876  *
 877  * -EINVAL on error.
 878  */
 879 static int get_eff_addr_reg(struct insn *insn, struct pt_regs *regs,
 880                             int *regoff, long *eff_addr)
 881 {
 882         insn_get_modrm(insn);
 883 
 884         if (!insn->modrm.nbytes)
 885                 return -EINVAL;
 886 
 887         if (X86_MODRM_MOD(insn->modrm.value) != 3)
 888                 return -EINVAL;
 889 
 890         *regoff = get_reg_offset(insn, regs, REG_TYPE_RM);
 891         if (*regoff < 0)
 892                 return -EINVAL;
 893 
 894         /* Ignore bytes that are outside the address size. */
 895         if (insn->addr_bytes == 2)
 896                 *eff_addr = regs_get_register(regs, *regoff) & 0xffff;
 897         else if (insn->addr_bytes == 4)
 898                 *eff_addr = regs_get_register(regs, *regoff) & 0xffffffff;
 899         else /* 64-bit address */
 900                 *eff_addr = regs_get_register(regs, *regoff);
 901 
 902         return 0;
 903 }
 904 
 905 /**
 906  * get_eff_addr_modrm() - Obtain referenced effective address via ModRM
 907  * @insn:       Instruction. Must be valid.
 908  * @regs:       Register values as seen when entering kernel mode
 909  * @regoff:     Obtained operand offset, in pt_regs, associated with segment
 910  * @eff_addr:   Obtained effective address
 911  *
 912  * Obtain the effective address referenced by the ModRM byte of @insn. After
 913  * identifying the registers involved in the register-indirect memory reference,
 914  * its value is obtained from the operands in @regs. The computed address is
 915  * stored @eff_addr. Also, the register operand that indicates the associated
 916  * segment is stored in @regoff, this parameter can later be used to determine
 917  * such segment.
 918  *
 919  * Returns:
 920  *
 921  * 0 on success. @eff_addr will have the referenced effective address. @regoff
 922  * will have a register, as an offset from the base of pt_regs, that can be used
 923  * to resolve the associated segment.
 924  *
 925  * -EINVAL on error.
 926  */
 927 static int get_eff_addr_modrm(struct insn *insn, struct pt_regs *regs,
 928                               int *regoff, long *eff_addr)
 929 {
 930         long tmp;
 931 
 932         if (insn->addr_bytes != 8 && insn->addr_bytes != 4)
 933                 return -EINVAL;
 934 
 935         insn_get_modrm(insn);
 936 
 937         if (!insn->modrm.nbytes)
 938                 return -EINVAL;
 939 
 940         if (X86_MODRM_MOD(insn->modrm.value) > 2)
 941                 return -EINVAL;
 942 
 943         *regoff = get_reg_offset(insn, regs, REG_TYPE_RM);
 944 
 945         /*
 946          * -EDOM means that we must ignore the address_offset. In such a case,
 947          * in 64-bit mode the effective address relative to the rIP of the
 948          * following instruction.
 949          */
 950         if (*regoff == -EDOM) {
 951                 if (user_64bit_mode(regs))
 952                         tmp = regs->ip + insn->length;
 953                 else
 954                         tmp = 0;
 955         } else if (*regoff < 0) {
 956                 return -EINVAL;
 957         } else {
 958                 tmp = regs_get_register(regs, *regoff);
 959         }
 960 
 961         if (insn->addr_bytes == 4) {
 962                 int addr32 = (int)(tmp & 0xffffffff) + insn->displacement.value;
 963 
 964                 *eff_addr = addr32 & 0xffffffff;
 965         } else {
 966                 *eff_addr = tmp + insn->displacement.value;
 967         }
 968 
 969         return 0;
 970 }
 971 
 972 /**
 973  * get_eff_addr_modrm_16() - Obtain referenced effective address via ModRM
 974  * @insn:       Instruction. Must be valid.
 975  * @regs:       Register values as seen when entering kernel mode
 976  * @regoff:     Obtained operand offset, in pt_regs, associated with segment
 977  * @eff_addr:   Obtained effective address
 978  *
 979  * Obtain the 16-bit effective address referenced by the ModRM byte of @insn.
 980  * After identifying the registers involved in the register-indirect memory
 981  * reference, its value is obtained from the operands in @regs. The computed
 982  * address is stored @eff_addr. Also, the register operand that indicates
 983  * the associated segment is stored in @regoff, this parameter can later be used
 984  * to determine such segment.
 985  *
 986  * Returns:
 987  *
 988  * 0 on success. @eff_addr will have the referenced effective address. @regoff
 989  * will have a register, as an offset from the base of pt_regs, that can be used
 990  * to resolve the associated segment.
 991  *
 992  * -EINVAL on error.
 993  */
 994 static int get_eff_addr_modrm_16(struct insn *insn, struct pt_regs *regs,
 995                                  int *regoff, short *eff_addr)
 996 {
 997         int addr_offset1, addr_offset2, ret;
 998         short addr1 = 0, addr2 = 0, displacement;
 999 
1000         if (insn->addr_bytes != 2)
1001                 return -EINVAL;
1002 
1003         insn_get_modrm(insn);
1004 
1005         if (!insn->modrm.nbytes)
1006                 return -EINVAL;
1007 
1008         if (X86_MODRM_MOD(insn->modrm.value) > 2)
1009                 return -EINVAL;
1010 
1011         ret = get_reg_offset_16(insn, regs, &addr_offset1, &addr_offset2);
1012         if (ret < 0)
1013                 return -EINVAL;
1014 
1015         /*
1016          * Don't fail on invalid offset values. They might be invalid because
1017          * they cannot be used for this particular value of ModRM. Instead, use
1018          * them in the computation only if they contain a valid value.
1019          */
1020         if (addr_offset1 != -EDOM)
1021                 addr1 = regs_get_register(regs, addr_offset1) & 0xffff;
1022 
1023         if (addr_offset2 != -EDOM)
1024                 addr2 = regs_get_register(regs, addr_offset2) & 0xffff;
1025 
1026         displacement = insn->displacement.value & 0xffff;
1027         *eff_addr = addr1 + addr2 + displacement;
1028 
1029         /*
1030          * The first operand register could indicate to use of either SS or DS
1031          * registers to obtain the segment selector.  The second operand
1032          * register can only indicate the use of DS. Thus, the first operand
1033          * will be used to obtain the segment selector.
1034          */
1035         *regoff = addr_offset1;
1036 
1037         return 0;
1038 }
1039 
1040 /**
1041  * get_eff_addr_sib() - Obtain referenced effective address via SIB
1042  * @insn:       Instruction. Must be valid.
1043  * @regs:       Register values as seen when entering kernel mode
1044  * @regoff:     Obtained operand offset, in pt_regs, associated with segment
1045  * @eff_addr:   Obtained effective address
1046  *
1047  * Obtain the effective address referenced by the SIB byte of @insn. After
1048  * identifying the registers involved in the indexed, register-indirect memory
1049  * reference, its value is obtained from the operands in @regs. The computed
1050  * address is stored @eff_addr. Also, the register operand that indicates the
1051  * associated segment is stored in @regoff, this parameter can later be used to
1052  * determine such segment.
1053  *
1054  * Returns:
1055  *
1056  * 0 on success. @eff_addr will have the referenced effective address.
1057  * @base_offset will have a register, as an offset from the base of pt_regs,
1058  * that can be used to resolve the associated segment.
1059  *
1060  * -EINVAL on error.
1061  */
1062 static int get_eff_addr_sib(struct insn *insn, struct pt_regs *regs,
1063                             int *base_offset, long *eff_addr)
1064 {
1065         long base, indx;
1066         int indx_offset;
1067 
1068         if (insn->addr_bytes != 8 && insn->addr_bytes != 4)
1069                 return -EINVAL;
1070 
1071         insn_get_modrm(insn);
1072 
1073         if (!insn->modrm.nbytes)
1074                 return -EINVAL;
1075 
1076         if (X86_MODRM_MOD(insn->modrm.value) > 2)
1077                 return -EINVAL;
1078 
1079         insn_get_sib(insn);
1080 
1081         if (!insn->sib.nbytes)
1082                 return -EINVAL;
1083 
1084         *base_offset = get_reg_offset(insn, regs, REG_TYPE_BASE);
1085         indx_offset = get_reg_offset(insn, regs, REG_TYPE_INDEX);
1086 
1087         /*
1088          * Negative values in the base and index offset means an error when
1089          * decoding the SIB byte. Except -EDOM, which means that the registers
1090          * should not be used in the address computation.
1091          */
1092         if (*base_offset == -EDOM)
1093                 base = 0;
1094         else if (*base_offset < 0)
1095                 return -EINVAL;
1096         else
1097                 base = regs_get_register(regs, *base_offset);
1098 
1099         if (indx_offset == -EDOM)
1100                 indx = 0;
1101         else if (indx_offset < 0)
1102                 return -EINVAL;
1103         else
1104                 indx = regs_get_register(regs, indx_offset);
1105 
1106         if (insn->addr_bytes == 4) {
1107                 int addr32, base32, idx32;
1108 
1109                 base32 = base & 0xffffffff;
1110                 idx32 = indx & 0xffffffff;
1111 
1112                 addr32 = base32 + idx32 * (1 << X86_SIB_SCALE(insn->sib.value));
1113                 addr32 += insn->displacement.value;
1114 
1115                 *eff_addr = addr32 & 0xffffffff;
1116         } else {
1117                 *eff_addr = base + indx * (1 << X86_SIB_SCALE(insn->sib.value));
1118                 *eff_addr += insn->displacement.value;
1119         }
1120 
1121         return 0;
1122 }
1123 
1124 /**
1125  * get_addr_ref_16() - Obtain the 16-bit address referred by instruction
1126  * @insn:       Instruction containing ModRM byte and displacement
1127  * @regs:       Register values as seen when entering kernel mode
1128  *
1129  * This function is to be used with 16-bit address encodings. Obtain the memory
1130  * address referred by the instruction's ModRM and displacement bytes. Also, the
1131  * segment used as base is determined by either any segment override prefixes in
1132  * @insn or the default segment of the registers involved in the address
1133  * computation. In protected mode, segment limits are enforced.
1134  *
1135  * Returns:
1136  *
1137  * Linear address referenced by the instruction operands on success.
1138  *
1139  * -1L on error.
1140  */
1141 static void __user *get_addr_ref_16(struct insn *insn, struct pt_regs *regs)
1142 {
1143         unsigned long linear_addr = -1L, seg_base, seg_limit;
1144         int ret, regoff;
1145         short eff_addr;
1146         long tmp;
1147 
1148         insn_get_modrm(insn);
1149         insn_get_displacement(insn);
1150 
1151         if (insn->addr_bytes != 2)
1152                 goto out;
1153 
1154         if (X86_MODRM_MOD(insn->modrm.value) == 3) {
1155                 ret = get_eff_addr_reg(insn, regs, &regoff, &tmp);
1156                 if (ret)
1157                         goto out;
1158 
1159                 eff_addr = tmp;
1160         } else {
1161                 ret = get_eff_addr_modrm_16(insn, regs, &regoff, &eff_addr);
1162                 if (ret)
1163                         goto out;
1164         }
1165 
1166         ret = get_seg_base_limit(insn, regs, regoff, &seg_base, &seg_limit);
1167         if (ret)
1168                 goto out;
1169 
1170         /*
1171          * Before computing the linear address, make sure the effective address
1172          * is within the limits of the segment. In virtual-8086 mode, segment
1173          * limits are not enforced. In such a case, the segment limit is -1L to
1174          * reflect this fact.
1175          */
1176         if ((unsigned long)(eff_addr & 0xffff) > seg_limit)
1177                 goto out;
1178 
1179         linear_addr = (unsigned long)(eff_addr & 0xffff) + seg_base;
1180 
1181         /* Limit linear address to 20 bits */
1182         if (v8086_mode(regs))
1183                 linear_addr &= 0xfffff;
1184 
1185 out:
1186         return (void __user *)linear_addr;
1187 }
1188 
1189 /**
1190  * get_addr_ref_32() - Obtain a 32-bit linear address
1191  * @insn:       Instruction with ModRM, SIB bytes and displacement
1192  * @regs:       Register values as seen when entering kernel mode
1193  *
1194  * This function is to be used with 32-bit address encodings to obtain the
1195  * linear memory address referred by the instruction's ModRM, SIB,
1196  * displacement bytes and segment base address, as applicable. If in protected
1197  * mode, segment limits are enforced.
1198  *
1199  * Returns:
1200  *
1201  * Linear address referenced by instruction and registers on success.
1202  *
1203  * -1L on error.
1204  */
1205 static void __user *get_addr_ref_32(struct insn *insn, struct pt_regs *regs)
1206 {
1207         unsigned long linear_addr = -1L, seg_base, seg_limit;
1208         int eff_addr, regoff;
1209         long tmp;
1210         int ret;
1211 
1212         if (insn->addr_bytes != 4)
1213                 goto out;
1214 
1215         if (X86_MODRM_MOD(insn->modrm.value) == 3) {
1216                 ret = get_eff_addr_reg(insn, regs, &regoff, &tmp);
1217                 if (ret)
1218                         goto out;
1219 
1220                 eff_addr = tmp;
1221 
1222         } else {
1223                 if (insn->sib.nbytes) {
1224                         ret = get_eff_addr_sib(insn, regs, &regoff, &tmp);
1225                         if (ret)
1226                                 goto out;
1227 
1228                         eff_addr = tmp;
1229                 } else {
1230                         ret = get_eff_addr_modrm(insn, regs, &regoff, &tmp);
1231                         if (ret)
1232                                 goto out;
1233 
1234                         eff_addr = tmp;
1235                 }
1236         }
1237 
1238         ret = get_seg_base_limit(insn, regs, regoff, &seg_base, &seg_limit);
1239         if (ret)
1240                 goto out;
1241 
1242         /*
1243          * In protected mode, before computing the linear address, make sure
1244          * the effective address is within the limits of the segment.
1245          * 32-bit addresses can be used in long and virtual-8086 modes if an
1246          * address override prefix is used. In such cases, segment limits are
1247          * not enforced. When in virtual-8086 mode, the segment limit is -1L
1248          * to reflect this situation.
1249          *
1250          * After computed, the effective address is treated as an unsigned
1251          * quantity.
1252          */
1253         if (!user_64bit_mode(regs) && ((unsigned int)eff_addr > seg_limit))
1254                 goto out;
1255 
1256         /*
1257          * Even though 32-bit address encodings are allowed in virtual-8086
1258          * mode, the address range is still limited to [0x-0xffff].
1259          */
1260         if (v8086_mode(regs) && (eff_addr & ~0xffff))
1261                 goto out;
1262 
1263         /*
1264          * Data type long could be 64 bits in size. Ensure that our 32-bit
1265          * effective address is not sign-extended when computing the linear
1266          * address.
1267          */
1268         linear_addr = (unsigned long)(eff_addr & 0xffffffff) + seg_base;
1269 
1270         /* Limit linear address to 20 bits */
1271         if (v8086_mode(regs))
1272                 linear_addr &= 0xfffff;
1273 
1274 out:
1275         return (void __user *)linear_addr;
1276 }
1277 
1278 /**
1279  * get_addr_ref_64() - Obtain a 64-bit linear address
1280  * @insn:       Instruction struct with ModRM and SIB bytes and displacement
1281  * @regs:       Structure with register values as seen when entering kernel mode
1282  *
1283  * This function is to be used with 64-bit address encodings to obtain the
1284  * linear memory address referred by the instruction's ModRM, SIB,
1285  * displacement bytes and segment base address, as applicable.
1286  *
1287  * Returns:
1288  *
1289  * Linear address referenced by instruction and registers on success.
1290  *
1291  * -1L on error.
1292  */
1293 #ifndef CONFIG_X86_64
1294 static void __user *get_addr_ref_64(struct insn *insn, struct pt_regs *regs)
1295 {
1296         return (void __user *)-1L;
1297 }
1298 #else
1299 static void __user *get_addr_ref_64(struct insn *insn, struct pt_regs *regs)
1300 {
1301         unsigned long linear_addr = -1L, seg_base;
1302         int regoff, ret;
1303         long eff_addr;
1304 
1305         if (insn->addr_bytes != 8)
1306                 goto out;
1307 
1308         if (X86_MODRM_MOD(insn->modrm.value) == 3) {
1309                 ret = get_eff_addr_reg(insn, regs, &regoff, &eff_addr);
1310                 if (ret)
1311                         goto out;
1312 
1313         } else {
1314                 if (insn->sib.nbytes) {
1315                         ret = get_eff_addr_sib(insn, regs, &regoff, &eff_addr);
1316                         if (ret)
1317                                 goto out;
1318                 } else {
1319                         ret = get_eff_addr_modrm(insn, regs, &regoff, &eff_addr);
1320                         if (ret)
1321                                 goto out;
1322                 }
1323 
1324         }
1325 
1326         ret = get_seg_base_limit(insn, regs, regoff, &seg_base, NULL);
1327         if (ret)
1328                 goto out;
1329 
1330         linear_addr = (unsigned long)eff_addr + seg_base;
1331 
1332 out:
1333         return (void __user *)linear_addr;
1334 }
1335 #endif /* CONFIG_X86_64 */
1336 
1337 /**
1338  * insn_get_addr_ref() - Obtain the linear address referred by instruction
1339  * @insn:       Instruction structure containing ModRM byte and displacement
1340  * @regs:       Structure with register values as seen when entering kernel mode
1341  *
1342  * Obtain the linear address referred by the instruction's ModRM, SIB and
1343  * displacement bytes, and segment base, as applicable. In protected mode,
1344  * segment limits are enforced.
1345  *
1346  * Returns:
1347  *
1348  * Linear address referenced by instruction and registers on success.
1349  *
1350  * -1L on error.
1351  */
1352 void __user *insn_get_addr_ref(struct insn *insn, struct pt_regs *regs)
1353 {
1354         if (!insn || !regs)
1355                 return (void __user *)-1L;
1356 
1357         switch (insn->addr_bytes) {
1358         case 2:
1359                 return get_addr_ref_16(insn, regs);
1360         case 4:
1361                 return get_addr_ref_32(insn, regs);
1362         case 8:
1363                 return get_addr_ref_64(insn, regs);
1364         default:
1365                 return (void __user *)-1L;
1366         }
1367 }

/* [<][>][^][v][top][bottom][index][help] */