From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933368AbdKAVIj (ORCPT ); Wed, 1 Nov 2017 17:08:39 -0400 Received: from terminus.zytor.com ([65.50.211.136]:57985 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933288AbdKAVIh (ORCPT ); Wed, 1 Nov 2017 17:08:37 -0400 Date: Wed, 1 Nov 2017 14:01:39 -0700 From: tip-bot for Ricardo Neri Message-ID: Cc: dave.hansen@linux.intel.com, mst@redhat.com, cmetcalf@mellanox.com, paul.gortmaker@windriver.com, slaoub@gmail.com, mhiramat@kernel.org, corbet@lwn.net, vbabka@suse.cz, dvyukov@google.com, qiaowei.ren@intel.com, luto@kernel.org, keescook@chromium.org, bp@suse.de, hpa@zytor.com, lstoakes@gmail.com, acme@redhat.com, shuah@kernel.org, brgerst@gmail.com, adam.buchbinder@gmail.com, ravi.v.shankar@intel.com, jslaby@suse.cz, tglx@linutronix.de, thgarnie@google.com, pbonzini@redhat.com, akpm@linux-foundation.org, linux-kernel@vger.kernel.org, adrian.hunter@intel.com, colin.king@canonical.com, ray.huang@amd.com, peterz@infradead.org, mingo@kernel.org, ricardo.neri-calderon@linux.intel.com Reply-To: peterz@infradead.org, ricardo.neri-calderon@linux.intel.com, mingo@kernel.org, adrian.hunter@intel.com, colin.king@canonical.com, linux-kernel@vger.kernel.org, ray.huang@amd.com, akpm@linux-foundation.org, thgarnie@google.com, pbonzini@redhat.com, tglx@linutronix.de, jslaby@suse.cz, ravi.v.shankar@intel.com, acme@redhat.com, adam.buchbinder@gmail.com, brgerst@gmail.com, shuah@kernel.org, lstoakes@gmail.com, hpa@zytor.com, qiaowei.ren@intel.com, luto@kernel.org, bp@suse.de, keescook@chromium.org, dvyukov@google.com, mhiramat@kernel.org, slaoub@gmail.com, corbet@lwn.net, vbabka@suse.cz, cmetcalf@mellanox.com, paul.gortmaker@windriver.com, dave.hansen@linux.intel.com, mst@redhat.com In-Reply-To: <1509135945-13762-18-git-send-email-ricardo.neri-calderon@linux.intel.com> References: <1509135945-13762-18-git-send-email-ricardo.neri-calderon@linux.intel.com> To: linux-tip-commits@vger.kernel.org Subject: [tip:x86/mpx] x86/insn-eval: Indicate a 32-bit displacement if ModRM.mod is 0 and ModRM.rm is 101b Git-Commit-ID: e526a302e425ab11111efc5f59e52449bbcc768e X-Mailer: tip-git-log-daemon Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit-ID: e526a302e425ab11111efc5f59e52449bbcc768e Gitweb: https://git.kernel.org/tip/e526a302e425ab11111efc5f59e52449bbcc768e Author: Ricardo Neri AuthorDate: Fri, 27 Oct 2017 13:25:44 -0700 Committer: Thomas Gleixner CommitDate: Wed, 1 Nov 2017 21:50:13 +0100 x86/insn-eval: Indicate a 32-bit displacement if ModRM.mod is 0 and ModRM.rm is 101b Section 2.2.1.3 of the Intel 64 and IA-32 Architectures Software Developer's Manual volume 2A states that when ModRM.mod is zero and ModRM.rm is 101b, a 32-bit displacement follows the ModRM byte. This means that none of the registers are used in the computation of the effective address. A return value of -EDOM indicates callers that they should not use the value of registers when computing the effective address for the instruction. In long mode, the effective address is given by the 32-bit displacement plus the location of the next instruction. In protected mode, only the displacement is used. The instruction decoder takes care of obtaining the displacement. Signed-off-by: Ricardo Neri Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Cc: "Michael S. Tsirkin" Cc: Peter Zijlstra Cc: Dave Hansen Cc: ricardo.neri@intel.com Cc: Adrian Hunter Cc: Paul Gortmaker Cc: Huang Rui Cc: Qiaowei Ren Cc: Shuah Khan Cc: Kees Cook Cc: Jonathan Corbet Cc: Jiri Slaby Cc: Dmitry Vyukov Cc: "Ravi V. Shankar" Cc: Chris Metcalf Cc: Brian Gerst Cc: Arnaldo Carvalho de Melo Cc: Andy Lutomirski Cc: Colin Ian King Cc: Chen Yucong Cc: Adam Buchbinder Cc: Vlastimil Babka Cc: Lorenzo Stoakes Cc: Masami Hiramatsu Cc: Paolo Bonzini Cc: Andrew Morton Cc: Thomas Garnier Link: https://lkml.kernel.org/r/1509135945-13762-18-git-send-email-ricardo.neri-calderon@linux.intel.com --- arch/x86/lib/insn-eval.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/arch/x86/lib/insn-eval.c b/arch/x86/lib/insn-eval.c index 01e36bd..6bf819f 100644 --- a/arch/x86/lib/insn-eval.c +++ b/arch/x86/lib/insn-eval.c @@ -427,6 +427,14 @@ static int get_reg_offset(struct insn *insn, struct pt_regs *regs, switch (type) { case REG_TYPE_RM: regno = X86_MODRM_RM(insn->modrm.value); + + /* + * ModRM.mod == 0 and ModRM.rm == 5 means a 32-bit displacement + * follows the ModRM byte. + */ + if (!X86_MODRM_MOD(insn->modrm.value) && regno == 5) + return -EDOM; + if (X86_REX_B(insn->rex_prefix.value)) regno += 8; break; @@ -770,10 +778,21 @@ void __user *insn_get_addr_ref(struct insn *insn, struct pt_regs *regs) eff_addr = base + indx * (1 << X86_SIB_SCALE(sib)); } else { addr_offset = get_reg_offset(insn, regs, REG_TYPE_RM); - if (addr_offset < 0) + /* + * -EDOM means that we must ignore the address_offset. + * In such a case, in 64-bit mode the effective address + * relative to the RIP of the following instruction. + */ + if (addr_offset == -EDOM) { + if (user_64bit_mode(regs)) + eff_addr = (long)regs->ip + insn->length; + else + eff_addr = 0; + } else if (addr_offset < 0) { goto out; - - eff_addr = regs_get_register(regs, addr_offset); + } else { + eff_addr = regs_get_register(regs, addr_offset); + } } eff_addr += insn->displacement.value;