Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 0f363b250b15af0f218bb2876d101fe5cd413f8b

Authored by Peter Zijlstra
Committed by Ingo Molnar
1 parent 300176af03
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

x86: Fix off-by-one in instruction decoder 

Stephane reported that the PEBS fixup was broken by the recent commit to
the instruction decoder. The thing had an off-by-one which resulted in
not being able to decode the last instruction and always bail.

Reported-by: Stephane Eranian <eranian@google.com>
Fixes: 6ba48ff46f76 ("x86: Remove arbitrary instruction size limit in instruction decoder")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: stable@vger.kernel.org # 3.18
Cc: <ak@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Liang Kan <kan.liang@intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Jim Keniston <jkenisto@us.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Link: http://lkml.kernel.org/r/20141216104614.GV3337@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>

Showing 1 changed file with 1 additions and 1 deletions Inline Diff

1 /* 1 /*
2 * x86 instruction analysis 2 * x86 instruction analysis
3 * 3 *
4 * This program is free software; you can redistribute it and/or modify 4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by 5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or 6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version. 7 * (at your option) any later version.
8 * 8 *
9 * This program is distributed in the hope that it will be useful, 9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details. 12 * GNU General Public License for more details.
13 * 13 *
14 * You should have received a copy of the GNU General Public License 14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software 15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
17 * 17 *
18 * Copyright (C) IBM Corporation, 2002, 2004, 2009 18 * Copyright (C) IBM Corporation, 2002, 2004, 2009
19 */ 19 */
20 20
21 #ifdef __KERNEL__ 21 #ifdef __KERNEL__
22 #include <linux/string.h> 22 #include <linux/string.h>
23 #else 23 #else
24 #include <string.h> 24 #include <string.h>
25 #endif 25 #endif
26 #include <asm/inat.h> 26 #include <asm/inat.h>
27 #include <asm/insn.h> 27 #include <asm/insn.h>
28 28
29 /* Verify next sizeof(t) bytes can be on the same instruction */ 29 /* Verify next sizeof(t) bytes can be on the same instruction */
30 #define validate_next(t, insn, n) \ 30 #define validate_next(t, insn, n) \
31 ((insn)->next_byte + sizeof(t) + n < (insn)->end_kaddr) 31 ((insn)->next_byte + sizeof(t) + n <= (insn)->end_kaddr)
32 32
33 #define __get_next(t, insn) \ 33 #define __get_next(t, insn) \
34 ({ t r = *(t*)insn->next_byte; insn->next_byte += sizeof(t); r; }) 34 ({ t r = *(t*)insn->next_byte; insn->next_byte += sizeof(t); r; })
35 35
36 #define __peek_nbyte_next(t, insn, n) \ 36 #define __peek_nbyte_next(t, insn, n) \
37 ({ t r = *(t*)((insn)->next_byte + n); r; }) 37 ({ t r = *(t*)((insn)->next_byte + n); r; })
38 38
39 #define get_next(t, insn) \ 39 #define get_next(t, insn) \
40 ({ if (unlikely(!validate_next(t, insn, 0))) goto err_out; __get_next(t, insn); }) 40 ({ if (unlikely(!validate_next(t, insn, 0))) goto err_out; __get_next(t, insn); })
41 41
42 #define peek_nbyte_next(t, insn, n) \ 42 #define peek_nbyte_next(t, insn, n) \
43 ({ if (unlikely(!validate_next(t, insn, n))) goto err_out; __peek_nbyte_next(t, insn, n); }) 43 ({ if (unlikely(!validate_next(t, insn, n))) goto err_out; __peek_nbyte_next(t, insn, n); })
44 44
45 #define peek_next(t, insn) peek_nbyte_next(t, insn, 0) 45 #define peek_next(t, insn) peek_nbyte_next(t, insn, 0)
46 46
47 /** 47 /**
48 * insn_init() - initialize struct insn 48 * insn_init() - initialize struct insn
49 * @insn: &struct insn to be initialized 49 * @insn: &struct insn to be initialized
50 * @kaddr: address (in kernel memory) of instruction (or copy thereof) 50 * @kaddr: address (in kernel memory) of instruction (or copy thereof)
51 * @x86_64: !0 for 64-bit kernel or 64-bit app 51 * @x86_64: !0 for 64-bit kernel or 64-bit app
52 */ 52 */
53 void insn_init(struct insn *insn, const void *kaddr, int buf_len, int x86_64) 53 void insn_init(struct insn *insn, const void *kaddr, int buf_len, int x86_64)
54 { 54 {
55 memset(insn, 0, sizeof(*insn)); 55 memset(insn, 0, sizeof(*insn));
56 insn->kaddr = kaddr; 56 insn->kaddr = kaddr;
57 insn->end_kaddr = kaddr + buf_len; 57 insn->end_kaddr = kaddr + buf_len;
58 insn->next_byte = kaddr; 58 insn->next_byte = kaddr;
59 insn->x86_64 = x86_64 ? 1 : 0; 59 insn->x86_64 = x86_64 ? 1 : 0;
60 insn->opnd_bytes = 4; 60 insn->opnd_bytes = 4;
61 if (x86_64) 61 if (x86_64)
62 insn->addr_bytes = 8; 62 insn->addr_bytes = 8;
63 else 63 else
64 insn->addr_bytes = 4; 64 insn->addr_bytes = 4;
65 } 65 }
66 66
67 /** 67 /**
68 * insn_get_prefixes - scan x86 instruction prefix bytes 68 * insn_get_prefixes - scan x86 instruction prefix bytes
69 * @insn: &struct insn containing instruction 69 * @insn: &struct insn containing instruction
70 * 70 *
71 * Populates the @insn->prefixes bitmap, and updates @insn->next_byte 71 * Populates the @insn->prefixes bitmap, and updates @insn->next_byte
72 * to point to the (first) opcode. No effect if @insn->prefixes.got 72 * to point to the (first) opcode. No effect if @insn->prefixes.got
73 * is already set. 73 * is already set.
74 */ 74 */
75 void insn_get_prefixes(struct insn *insn) 75 void insn_get_prefixes(struct insn *insn)
76 { 76 {
77 struct insn_field *prefixes = &insn->prefixes; 77 struct insn_field *prefixes = &insn->prefixes;
78 insn_attr_t attr; 78 insn_attr_t attr;
79 insn_byte_t b, lb; 79 insn_byte_t b, lb;
80 int i, nb; 80 int i, nb;
81 81
82 if (prefixes->got) 82 if (prefixes->got)
83 return; 83 return;
84 84
85 nb = 0; 85 nb = 0;
86 lb = 0; 86 lb = 0;
87 b = peek_next(insn_byte_t, insn); 87 b = peek_next(insn_byte_t, insn);
88 attr = inat_get_opcode_attribute(b); 88 attr = inat_get_opcode_attribute(b);
89 while (inat_is_legacy_prefix(attr)) { 89 while (inat_is_legacy_prefix(attr)) {
90 /* Skip if same prefix */ 90 /* Skip if same prefix */
91 for (i = 0; i < nb; i++) 91 for (i = 0; i < nb; i++)
92 if (prefixes->bytes[i] == b) 92 if (prefixes->bytes[i] == b)
93 goto found; 93 goto found;
94 if (nb == 4) 94 if (nb == 4)
95 /* Invalid instruction */ 95 /* Invalid instruction */
96 break; 96 break;
97 prefixes->bytes[nb++] = b; 97 prefixes->bytes[nb++] = b;
98 if (inat_is_address_size_prefix(attr)) { 98 if (inat_is_address_size_prefix(attr)) {
99 /* address size switches 2/4 or 4/8 */ 99 /* address size switches 2/4 or 4/8 */
100 if (insn->x86_64) 100 if (insn->x86_64)
101 insn->addr_bytes ^= 12; 101 insn->addr_bytes ^= 12;
102 else 102 else
103 insn->addr_bytes ^= 6; 103 insn->addr_bytes ^= 6;
104 } else if (inat_is_operand_size_prefix(attr)) { 104 } else if (inat_is_operand_size_prefix(attr)) {
105 /* oprand size switches 2/4 */ 105 /* oprand size switches 2/4 */
106 insn->opnd_bytes ^= 6; 106 insn->opnd_bytes ^= 6;
107 } 107 }
108 found: 108 found:
109 prefixes->nbytes++; 109 prefixes->nbytes++;
110 insn->next_byte++; 110 insn->next_byte++;
111 lb = b; 111 lb = b;
112 b = peek_next(insn_byte_t, insn); 112 b = peek_next(insn_byte_t, insn);
113 attr = inat_get_opcode_attribute(b); 113 attr = inat_get_opcode_attribute(b);
114 } 114 }
115 /* Set the last prefix */ 115 /* Set the last prefix */
116 if (lb && lb != insn->prefixes.bytes[3]) { 116 if (lb && lb != insn->prefixes.bytes[3]) {
117 if (unlikely(insn->prefixes.bytes[3])) { 117 if (unlikely(insn->prefixes.bytes[3])) {
118 /* Swap the last prefix */ 118 /* Swap the last prefix */
119 b = insn->prefixes.bytes[3]; 119 b = insn->prefixes.bytes[3];
120 for (i = 0; i < nb; i++) 120 for (i = 0; i < nb; i++)
121 if (prefixes->bytes[i] == lb) 121 if (prefixes->bytes[i] == lb)
122 prefixes->bytes[i] = b; 122 prefixes->bytes[i] = b;
123 } 123 }
124 insn->prefixes.bytes[3] = lb; 124 insn->prefixes.bytes[3] = lb;
125 } 125 }
126 126
127 /* Decode REX prefix */ 127 /* Decode REX prefix */
128 if (insn->x86_64) { 128 if (insn->x86_64) {
129 b = peek_next(insn_byte_t, insn); 129 b = peek_next(insn_byte_t, insn);
130 attr = inat_get_opcode_attribute(b); 130 attr = inat_get_opcode_attribute(b);
131 if (inat_is_rex_prefix(attr)) { 131 if (inat_is_rex_prefix(attr)) {
132 insn->rex_prefix.value = b; 132 insn->rex_prefix.value = b;
133 insn->rex_prefix.nbytes = 1; 133 insn->rex_prefix.nbytes = 1;
134 insn->next_byte++; 134 insn->next_byte++;
135 if (X86_REX_W(b)) 135 if (X86_REX_W(b))
136 /* REX.W overrides opnd_size */ 136 /* REX.W overrides opnd_size */
137 insn->opnd_bytes = 8; 137 insn->opnd_bytes = 8;
138 } 138 }
139 } 139 }
140 insn->rex_prefix.got = 1; 140 insn->rex_prefix.got = 1;
141 141
142 /* Decode VEX prefix */ 142 /* Decode VEX prefix */
143 b = peek_next(insn_byte_t, insn); 143 b = peek_next(insn_byte_t, insn);
144 attr = inat_get_opcode_attribute(b); 144 attr = inat_get_opcode_attribute(b);
145 if (inat_is_vex_prefix(attr)) { 145 if (inat_is_vex_prefix(attr)) {
146 insn_byte_t b2 = peek_nbyte_next(insn_byte_t, insn, 1); 146 insn_byte_t b2 = peek_nbyte_next(insn_byte_t, insn, 1);
147 if (!insn->x86_64) { 147 if (!insn->x86_64) {
148 /* 148 /*
149 * In 32-bits mode, if the [7:6] bits (mod bits of 149 * In 32-bits mode, if the [7:6] bits (mod bits of
150 * ModRM) on the second byte are not 11b, it is 150 * ModRM) on the second byte are not 11b, it is
151 * LDS or LES. 151 * LDS or LES.
152 */ 152 */
153 if (X86_MODRM_MOD(b2) != 3) 153 if (X86_MODRM_MOD(b2) != 3)
154 goto vex_end; 154 goto vex_end;
155 } 155 }
156 insn->vex_prefix.bytes[0] = b; 156 insn->vex_prefix.bytes[0] = b;
157 insn->vex_prefix.bytes[1] = b2; 157 insn->vex_prefix.bytes[1] = b2;
158 if (inat_is_vex3_prefix(attr)) { 158 if (inat_is_vex3_prefix(attr)) {
159 b2 = peek_nbyte_next(insn_byte_t, insn, 2); 159 b2 = peek_nbyte_next(insn_byte_t, insn, 2);
160 insn->vex_prefix.bytes[2] = b2; 160 insn->vex_prefix.bytes[2] = b2;
161 insn->vex_prefix.nbytes = 3; 161 insn->vex_prefix.nbytes = 3;
162 insn->next_byte += 3; 162 insn->next_byte += 3;
163 if (insn->x86_64 && X86_VEX_W(b2)) 163 if (insn->x86_64 && X86_VEX_W(b2))
164 /* VEX.W overrides opnd_size */ 164 /* VEX.W overrides opnd_size */
165 insn->opnd_bytes = 8; 165 insn->opnd_bytes = 8;
166 } else { 166 } else {
167 insn->vex_prefix.nbytes = 2; 167 insn->vex_prefix.nbytes = 2;
168 insn->next_byte += 2; 168 insn->next_byte += 2;
169 } 169 }
170 } 170 }
171 vex_end: 171 vex_end:
172 insn->vex_prefix.got = 1; 172 insn->vex_prefix.got = 1;
173 173
174 prefixes->got = 1; 174 prefixes->got = 1;
175 175
176 err_out: 176 err_out:
177 return; 177 return;
178 } 178 }
179 179
180 /** 180 /**
181 * insn_get_opcode - collect opcode(s) 181 * insn_get_opcode - collect opcode(s)
182 * @insn: &struct insn containing instruction 182 * @insn: &struct insn containing instruction
183 * 183 *
184 * Populates @insn->opcode, updates @insn->next_byte to point past the 184 * Populates @insn->opcode, updates @insn->next_byte to point past the
185 * opcode byte(s), and set @insn->attr (except for groups). 185 * opcode byte(s), and set @insn->attr (except for groups).
186 * If necessary, first collects any preceding (prefix) bytes. 186 * If necessary, first collects any preceding (prefix) bytes.
187 * Sets @insn->opcode.value = opcode1. No effect if @insn->opcode.got 187 * Sets @insn->opcode.value = opcode1. No effect if @insn->opcode.got
188 * is already 1. 188 * is already 1.
189 */ 189 */
190 void insn_get_opcode(struct insn *insn) 190 void insn_get_opcode(struct insn *insn)
191 { 191 {
192 struct insn_field *opcode = &insn->opcode; 192 struct insn_field *opcode = &insn->opcode;
193 insn_byte_t op; 193 insn_byte_t op;
194 int pfx_id; 194 int pfx_id;
195 if (opcode->got) 195 if (opcode->got)
196 return; 196 return;
197 if (!insn->prefixes.got) 197 if (!insn->prefixes.got)
198 insn_get_prefixes(insn); 198 insn_get_prefixes(insn);
199 199
200 /* Get first opcode */ 200 /* Get first opcode */
201 op = get_next(insn_byte_t, insn); 201 op = get_next(insn_byte_t, insn);
202 opcode->bytes[0] = op; 202 opcode->bytes[0] = op;
203 opcode->nbytes = 1; 203 opcode->nbytes = 1;
204 204
205 /* Check if there is VEX prefix or not */ 205 /* Check if there is VEX prefix or not */
206 if (insn_is_avx(insn)) { 206 if (insn_is_avx(insn)) {
207 insn_byte_t m, p; 207 insn_byte_t m, p;
208 m = insn_vex_m_bits(insn); 208 m = insn_vex_m_bits(insn);
209 p = insn_vex_p_bits(insn); 209 p = insn_vex_p_bits(insn);
210 insn->attr = inat_get_avx_attribute(op, m, p); 210 insn->attr = inat_get_avx_attribute(op, m, p);
211 if (!inat_accept_vex(insn->attr) && !inat_is_group(insn->attr)) 211 if (!inat_accept_vex(insn->attr) && !inat_is_group(insn->attr))
212 insn->attr = 0; /* This instruction is bad */ 212 insn->attr = 0; /* This instruction is bad */
213 goto end; /* VEX has only 1 byte for opcode */ 213 goto end; /* VEX has only 1 byte for opcode */
214 } 214 }
215 215
216 insn->attr = inat_get_opcode_attribute(op); 216 insn->attr = inat_get_opcode_attribute(op);
217 while (inat_is_escape(insn->attr)) { 217 while (inat_is_escape(insn->attr)) {
218 /* Get escaped opcode */ 218 /* Get escaped opcode */
219 op = get_next(insn_byte_t, insn); 219 op = get_next(insn_byte_t, insn);
220 opcode->bytes[opcode->nbytes++] = op; 220 opcode->bytes[opcode->nbytes++] = op;
221 pfx_id = insn_last_prefix_id(insn); 221 pfx_id = insn_last_prefix_id(insn);
222 insn->attr = inat_get_escape_attribute(op, pfx_id, insn->attr); 222 insn->attr = inat_get_escape_attribute(op, pfx_id, insn->attr);
223 } 223 }
224 if (inat_must_vex(insn->attr)) 224 if (inat_must_vex(insn->attr))
225 insn->attr = 0; /* This instruction is bad */ 225 insn->attr = 0; /* This instruction is bad */
226 end: 226 end:
227 opcode->got = 1; 227 opcode->got = 1;
228 228
229 err_out: 229 err_out:
230 return; 230 return;
231 } 231 }
232 232
233 /** 233 /**
234 * insn_get_modrm - collect ModRM byte, if any 234 * insn_get_modrm - collect ModRM byte, if any
235 * @insn: &struct insn containing instruction 235 * @insn: &struct insn containing instruction
236 * 236 *
237 * Populates @insn->modrm and updates @insn->next_byte to point past the 237 * Populates @insn->modrm and updates @insn->next_byte to point past the
238 * ModRM byte, if any. If necessary, first collects the preceding bytes 238 * ModRM byte, if any. If necessary, first collects the preceding bytes
239 * (prefixes and opcode(s)). No effect if @insn->modrm.got is already 1. 239 * (prefixes and opcode(s)). No effect if @insn->modrm.got is already 1.
240 */ 240 */
241 void insn_get_modrm(struct insn *insn) 241 void insn_get_modrm(struct insn *insn)
242 { 242 {
243 struct insn_field *modrm = &insn->modrm; 243 struct insn_field *modrm = &insn->modrm;
244 insn_byte_t pfx_id, mod; 244 insn_byte_t pfx_id, mod;
245 if (modrm->got) 245 if (modrm->got)
246 return; 246 return;
247 if (!insn->opcode.got) 247 if (!insn->opcode.got)
248 insn_get_opcode(insn); 248 insn_get_opcode(insn);
249 249
250 if (inat_has_modrm(insn->attr)) { 250 if (inat_has_modrm(insn->attr)) {
251 mod = get_next(insn_byte_t, insn); 251 mod = get_next(insn_byte_t, insn);
252 modrm->value = mod; 252 modrm->value = mod;
253 modrm->nbytes = 1; 253 modrm->nbytes = 1;
254 if (inat_is_group(insn->attr)) { 254 if (inat_is_group(insn->attr)) {
255 pfx_id = insn_last_prefix_id(insn); 255 pfx_id = insn_last_prefix_id(insn);
256 insn->attr = inat_get_group_attribute(mod, pfx_id, 256 insn->attr = inat_get_group_attribute(mod, pfx_id,
257 insn->attr); 257 insn->attr);
258 if (insn_is_avx(insn) && !inat_accept_vex(insn->attr)) 258 if (insn_is_avx(insn) && !inat_accept_vex(insn->attr))
259 insn->attr = 0; /* This is bad */ 259 insn->attr = 0; /* This is bad */
260 } 260 }
261 } 261 }
262 262
263 if (insn->x86_64 && inat_is_force64(insn->attr)) 263 if (insn->x86_64 && inat_is_force64(insn->attr))
264 insn->opnd_bytes = 8; 264 insn->opnd_bytes = 8;
265 modrm->got = 1; 265 modrm->got = 1;
266 266
267 err_out: 267 err_out:
268 return; 268 return;
269 } 269 }
270 270
271 271
272 /** 272 /**
273 * insn_rip_relative() - Does instruction use RIP-relative addressing mode? 273 * insn_rip_relative() - Does instruction use RIP-relative addressing mode?
274 * @insn: &struct insn containing instruction 274 * @insn: &struct insn containing instruction
275 * 275 *
276 * If necessary, first collects the instruction up to and including the 276 * If necessary, first collects the instruction up to and including the
277 * ModRM byte. No effect if @insn->x86_64 is 0. 277 * ModRM byte. No effect if @insn->x86_64 is 0.
278 */ 278 */
279 int insn_rip_relative(struct insn *insn) 279 int insn_rip_relative(struct insn *insn)
280 { 280 {
281 struct insn_field *modrm = &insn->modrm; 281 struct insn_field *modrm = &insn->modrm;
282 282
283 if (!insn->x86_64) 283 if (!insn->x86_64)
284 return 0; 284 return 0;
285 if (!modrm->got) 285 if (!modrm->got)
286 insn_get_modrm(insn); 286 insn_get_modrm(insn);
287 /* 287 /*
288 * For rip-relative instructions, the mod field (top 2 bits) 288 * For rip-relative instructions, the mod field (top 2 bits)
289 * is zero and the r/m field (bottom 3 bits) is 0x5. 289 * is zero and the r/m field (bottom 3 bits) is 0x5.
290 */ 290 */
291 return (modrm->nbytes && (modrm->value & 0xc7) == 0x5); 291 return (modrm->nbytes && (modrm->value & 0xc7) == 0x5);
292 } 292 }
293 293
294 /** 294 /**
295 * insn_get_sib() - Get the SIB byte of instruction 295 * insn_get_sib() - Get the SIB byte of instruction
296 * @insn: &struct insn containing instruction 296 * @insn: &struct insn containing instruction
297 * 297 *
298 * If necessary, first collects the instruction up to and including the 298 * If necessary, first collects the instruction up to and including the
299 * ModRM byte. 299 * ModRM byte.
300 */ 300 */
301 void insn_get_sib(struct insn *insn) 301 void insn_get_sib(struct insn *insn)
302 { 302 {
303 insn_byte_t modrm; 303 insn_byte_t modrm;
304 304
305 if (insn->sib.got) 305 if (insn->sib.got)
306 return; 306 return;
307 if (!insn->modrm.got) 307 if (!insn->modrm.got)
308 insn_get_modrm(insn); 308 insn_get_modrm(insn);
309 if (insn->modrm.nbytes) { 309 if (insn->modrm.nbytes) {
310 modrm = (insn_byte_t)insn->modrm.value; 310 modrm = (insn_byte_t)insn->modrm.value;
311 if (insn->addr_bytes != 2 && 311 if (insn->addr_bytes != 2 &&
312 X86_MODRM_MOD(modrm) != 3 && X86_MODRM_RM(modrm) == 4) { 312 X86_MODRM_MOD(modrm) != 3 && X86_MODRM_RM(modrm) == 4) {
313 insn->sib.value = get_next(insn_byte_t, insn); 313 insn->sib.value = get_next(insn_byte_t, insn);
314 insn->sib.nbytes = 1; 314 insn->sib.nbytes = 1;
315 } 315 }
316 } 316 }
317 insn->sib.got = 1; 317 insn->sib.got = 1;
318 318
319 err_out: 319 err_out:
320 return; 320 return;
321 } 321 }
322 322
323 323
324 /** 324 /**
325 * insn_get_displacement() - Get the displacement of instruction 325 * insn_get_displacement() - Get the displacement of instruction
326 * @insn: &struct insn containing instruction 326 * @insn: &struct insn containing instruction
327 * 327 *
328 * If necessary, first collects the instruction up to and including the 328 * If necessary, first collects the instruction up to and including the
329 * SIB byte. 329 * SIB byte.
330 * Displacement value is sign-expanded. 330 * Displacement value is sign-expanded.
331 */ 331 */
332 void insn_get_displacement(struct insn *insn) 332 void insn_get_displacement(struct insn *insn)
333 { 333 {
334 insn_byte_t mod, rm, base; 334 insn_byte_t mod, rm, base;
335 335
336 if (insn->displacement.got) 336 if (insn->displacement.got)
337 return; 337 return;
338 if (!insn->sib.got) 338 if (!insn->sib.got)
339 insn_get_sib(insn); 339 insn_get_sib(insn);
340 if (insn->modrm.nbytes) { 340 if (insn->modrm.nbytes) {
341 /* 341 /*
342 * Interpreting the modrm byte: 342 * Interpreting the modrm byte:
343 * mod = 00 - no displacement fields (exceptions below) 343 * mod = 00 - no displacement fields (exceptions below)
344 * mod = 01 - 1-byte displacement field 344 * mod = 01 - 1-byte displacement field
345 * mod = 10 - displacement field is 4 bytes, or 2 bytes if 345 * mod = 10 - displacement field is 4 bytes, or 2 bytes if
346 * address size = 2 (0x67 prefix in 32-bit mode) 346 * address size = 2 (0x67 prefix in 32-bit mode)
347 * mod = 11 - no memory operand 347 * mod = 11 - no memory operand
348 * 348 *
349 * If address size = 2... 349 * If address size = 2...
350 * mod = 00, r/m = 110 - displacement field is 2 bytes 350 * mod = 00, r/m = 110 - displacement field is 2 bytes
351 * 351 *
352 * If address size != 2... 352 * If address size != 2...
353 * mod != 11, r/m = 100 - SIB byte exists 353 * mod != 11, r/m = 100 - SIB byte exists
354 * mod = 00, SIB base = 101 - displacement field is 4 bytes 354 * mod = 00, SIB base = 101 - displacement field is 4 bytes
355 * mod = 00, r/m = 101 - rip-relative addressing, displacement 355 * mod = 00, r/m = 101 - rip-relative addressing, displacement
356 * field is 4 bytes 356 * field is 4 bytes
357 */ 357 */
358 mod = X86_MODRM_MOD(insn->modrm.value); 358 mod = X86_MODRM_MOD(insn->modrm.value);
359 rm = X86_MODRM_RM(insn->modrm.value); 359 rm = X86_MODRM_RM(insn->modrm.value);
360 base = X86_SIB_BASE(insn->sib.value); 360 base = X86_SIB_BASE(insn->sib.value);
361 if (mod == 3) 361 if (mod == 3)
362 goto out; 362 goto out;
363 if (mod == 1) { 363 if (mod == 1) {
364 insn->displacement.value = get_next(char, insn); 364 insn->displacement.value = get_next(char, insn);
365 insn->displacement.nbytes = 1; 365 insn->displacement.nbytes = 1;
366 } else if (insn->addr_bytes == 2) { 366 } else if (insn->addr_bytes == 2) {
367 if ((mod == 0 && rm == 6) || mod == 2) { 367 if ((mod == 0 && rm == 6) || mod == 2) {
368 insn->displacement.value = 368 insn->displacement.value =
369 get_next(short, insn); 369 get_next(short, insn);
370 insn->displacement.nbytes = 2; 370 insn->displacement.nbytes = 2;
371 } 371 }
372 } else { 372 } else {
373 if ((mod == 0 && rm == 5) || mod == 2 || 373 if ((mod == 0 && rm == 5) || mod == 2 ||
374 (mod == 0 && base == 5)) { 374 (mod == 0 && base == 5)) {
375 insn->displacement.value = get_next(int, insn); 375 insn->displacement.value = get_next(int, insn);
376 insn->displacement.nbytes = 4; 376 insn->displacement.nbytes = 4;
377 } 377 }
378 } 378 }
379 } 379 }
380 out: 380 out:
381 insn->displacement.got = 1; 381 insn->displacement.got = 1;
382 382
383 err_out: 383 err_out:
384 return; 384 return;
385 } 385 }
386 386
387 /* Decode moffset16/32/64. Return 0 if failed */ 387 /* Decode moffset16/32/64. Return 0 if failed */
388 static int __get_moffset(struct insn *insn) 388 static int __get_moffset(struct insn *insn)
389 { 389 {
390 switch (insn->addr_bytes) { 390 switch (insn->addr_bytes) {
391 case 2: 391 case 2:
392 insn->moffset1.value = get_next(short, insn); 392 insn->moffset1.value = get_next(short, insn);
393 insn->moffset1.nbytes = 2; 393 insn->moffset1.nbytes = 2;
394 break; 394 break;
395 case 4: 395 case 4:
396 insn->moffset1.value = get_next(int, insn); 396 insn->moffset1.value = get_next(int, insn);
397 insn->moffset1.nbytes = 4; 397 insn->moffset1.nbytes = 4;
398 break; 398 break;
399 case 8: 399 case 8:
400 insn->moffset1.value = get_next(int, insn); 400 insn->moffset1.value = get_next(int, insn);
401 insn->moffset1.nbytes = 4; 401 insn->moffset1.nbytes = 4;
402 insn->moffset2.value = get_next(int, insn); 402 insn->moffset2.value = get_next(int, insn);
403 insn->moffset2.nbytes = 4; 403 insn->moffset2.nbytes = 4;
404 break; 404 break;
405 default: /* opnd_bytes must be modified manually */ 405 default: /* opnd_bytes must be modified manually */
406 goto err_out; 406 goto err_out;
407 } 407 }
408 insn->moffset1.got = insn->moffset2.got = 1; 408 insn->moffset1.got = insn->moffset2.got = 1;
409 409
410 return 1; 410 return 1;
411 411
412 err_out: 412 err_out:
413 return 0; 413 return 0;
414 } 414 }
415 415
416 /* Decode imm v32(Iz). Return 0 if failed */ 416 /* Decode imm v32(Iz). Return 0 if failed */
417 static int __get_immv32(struct insn *insn) 417 static int __get_immv32(struct insn *insn)
418 { 418 {
419 switch (insn->opnd_bytes) { 419 switch (insn->opnd_bytes) {
420 case 2: 420 case 2:
421 insn->immediate.value = get_next(short, insn); 421 insn->immediate.value = get_next(short, insn);
422 insn->immediate.nbytes = 2; 422 insn->immediate.nbytes = 2;
423 break; 423 break;
424 case 4: 424 case 4:
425 case 8: 425 case 8:
426 insn->immediate.value = get_next(int, insn); 426 insn->immediate.value = get_next(int, insn);
427 insn->immediate.nbytes = 4; 427 insn->immediate.nbytes = 4;
428 break; 428 break;
429 default: /* opnd_bytes must be modified manually */ 429 default: /* opnd_bytes must be modified manually */
430 goto err_out; 430 goto err_out;
431 } 431 }
432 432
433 return 1; 433 return 1;
434 434
435 err_out: 435 err_out:
436 return 0; 436 return 0;
437 } 437 }
438 438
439 /* Decode imm v64(Iv/Ov), Return 0 if failed */ 439 /* Decode imm v64(Iv/Ov), Return 0 if failed */
440 static int __get_immv(struct insn *insn) 440 static int __get_immv(struct insn *insn)
441 { 441 {
442 switch (insn->opnd_bytes) { 442 switch (insn->opnd_bytes) {
443 case 2: 443 case 2:
444 insn->immediate1.value = get_next(short, insn); 444 insn->immediate1.value = get_next(short, insn);
445 insn->immediate1.nbytes = 2; 445 insn->immediate1.nbytes = 2;
446 break; 446 break;
447 case 4: 447 case 4:
448 insn->immediate1.value = get_next(int, insn); 448 insn->immediate1.value = get_next(int, insn);
449 insn->immediate1.nbytes = 4; 449 insn->immediate1.nbytes = 4;
450 break; 450 break;
451 case 8: 451 case 8:
452 insn->immediate1.value = get_next(int, insn); 452 insn->immediate1.value = get_next(int, insn);
453 insn->immediate1.nbytes = 4; 453 insn->immediate1.nbytes = 4;
454 insn->immediate2.value = get_next(int, insn); 454 insn->immediate2.value = get_next(int, insn);
455 insn->immediate2.nbytes = 4; 455 insn->immediate2.nbytes = 4;
456 break; 456 break;
457 default: /* opnd_bytes must be modified manually */ 457 default: /* opnd_bytes must be modified manually */
458 goto err_out; 458 goto err_out;
459 } 459 }
460 insn->immediate1.got = insn->immediate2.got = 1; 460 insn->immediate1.got = insn->immediate2.got = 1;
461 461
462 return 1; 462 return 1;
463 err_out: 463 err_out:
464 return 0; 464 return 0;
465 } 465 }
466 466
467 /* Decode ptr16:16/32(Ap) */ 467 /* Decode ptr16:16/32(Ap) */
468 static int __get_immptr(struct insn *insn) 468 static int __get_immptr(struct insn *insn)
469 { 469 {
470 switch (insn->opnd_bytes) { 470 switch (insn->opnd_bytes) {
471 case 2: 471 case 2:
472 insn->immediate1.value = get_next(short, insn); 472 insn->immediate1.value = get_next(short, insn);
473 insn->immediate1.nbytes = 2; 473 insn->immediate1.nbytes = 2;
474 break; 474 break;
475 case 4: 475 case 4:
476 insn->immediate1.value = get_next(int, insn); 476 insn->immediate1.value = get_next(int, insn);
477 insn->immediate1.nbytes = 4; 477 insn->immediate1.nbytes = 4;
478 break; 478 break;
479 case 8: 479 case 8:
480 /* ptr16:64 is not exist (no segment) */ 480 /* ptr16:64 is not exist (no segment) */
481 return 0; 481 return 0;
482 default: /* opnd_bytes must be modified manually */ 482 default: /* opnd_bytes must be modified manually */
483 goto err_out; 483 goto err_out;
484 } 484 }
485 insn->immediate2.value = get_next(unsigned short, insn); 485 insn->immediate2.value = get_next(unsigned short, insn);
486 insn->immediate2.nbytes = 2; 486 insn->immediate2.nbytes = 2;
487 insn->immediate1.got = insn->immediate2.got = 1; 487 insn->immediate1.got = insn->immediate2.got = 1;
488 488
489 return 1; 489 return 1;
490 err_out: 490 err_out:
491 return 0; 491 return 0;
492 } 492 }
493 493
494 /** 494 /**
495 * insn_get_immediate() - Get the immediates of instruction 495 * insn_get_immediate() - Get the immediates of instruction
496 * @insn: &struct insn containing instruction 496 * @insn: &struct insn containing instruction
497 * 497 *
498 * If necessary, first collects the instruction up to and including the 498 * If necessary, first collects the instruction up to and including the
499 * displacement bytes. 499 * displacement bytes.
500 * Basically, most of immediates are sign-expanded. Unsigned-value can be 500 * Basically, most of immediates are sign-expanded. Unsigned-value can be
501 * get by bit masking with ((1 << (nbytes * 8)) - 1) 501 * get by bit masking with ((1 << (nbytes * 8)) - 1)
502 */ 502 */
503 void insn_get_immediate(struct insn *insn) 503 void insn_get_immediate(struct insn *insn)
504 { 504 {
505 if (insn->immediate.got) 505 if (insn->immediate.got)
506 return; 506 return;
507 if (!insn->displacement.got) 507 if (!insn->displacement.got)
508 insn_get_displacement(insn); 508 insn_get_displacement(insn);
509 509
510 if (inat_has_moffset(insn->attr)) { 510 if (inat_has_moffset(insn->attr)) {
511 if (!__get_moffset(insn)) 511 if (!__get_moffset(insn))
512 goto err_out; 512 goto err_out;
513 goto done; 513 goto done;
514 } 514 }
515 515
516 if (!inat_has_immediate(insn->attr)) 516 if (!inat_has_immediate(insn->attr))
517 /* no immediates */ 517 /* no immediates */
518 goto done; 518 goto done;
519 519
520 switch (inat_immediate_size(insn->attr)) { 520 switch (inat_immediate_size(insn->attr)) {
521 case INAT_IMM_BYTE: 521 case INAT_IMM_BYTE:
522 insn->immediate.value = get_next(char, insn); 522 insn->immediate.value = get_next(char, insn);
523 insn->immediate.nbytes = 1; 523 insn->immediate.nbytes = 1;
524 break; 524 break;
525 case INAT_IMM_WORD: 525 case INAT_IMM_WORD:
526 insn->immediate.value = get_next(short, insn); 526 insn->immediate.value = get_next(short, insn);
527 insn->immediate.nbytes = 2; 527 insn->immediate.nbytes = 2;
528 break; 528 break;
529 case INAT_IMM_DWORD: 529 case INAT_IMM_DWORD:
530 insn->immediate.value = get_next(int, insn); 530 insn->immediate.value = get_next(int, insn);
531 insn->immediate.nbytes = 4; 531 insn->immediate.nbytes = 4;
532 break; 532 break;
533 case INAT_IMM_QWORD: 533 case INAT_IMM_QWORD:
534 insn->immediate1.value = get_next(int, insn); 534 insn->immediate1.value = get_next(int, insn);
535 insn->immediate1.nbytes = 4; 535 insn->immediate1.nbytes = 4;
536 insn->immediate2.value = get_next(int, insn); 536 insn->immediate2.value = get_next(int, insn);
537 insn->immediate2.nbytes = 4; 537 insn->immediate2.nbytes = 4;
538 break; 538 break;
539 case INAT_IMM_PTR: 539 case INAT_IMM_PTR:
540 if (!__get_immptr(insn)) 540 if (!__get_immptr(insn))
541 goto err_out; 541 goto err_out;
542 break; 542 break;
543 case INAT_IMM_VWORD32: 543 case INAT_IMM_VWORD32:
544 if (!__get_immv32(insn)) 544 if (!__get_immv32(insn))
545 goto err_out; 545 goto err_out;
546 break; 546 break;
547 case INAT_IMM_VWORD: 547 case INAT_IMM_VWORD:
548 if (!__get_immv(insn)) 548 if (!__get_immv(insn))
549 goto err_out; 549 goto err_out;
550 break; 550 break;
551 default: 551 default:
552 /* Here, insn must have an immediate, but failed */ 552 /* Here, insn must have an immediate, but failed */
553 goto err_out; 553 goto err_out;
554 } 554 }
555 if (inat_has_second_immediate(insn->attr)) { 555 if (inat_has_second_immediate(insn->attr)) {
556 insn->immediate2.value = get_next(char, insn); 556 insn->immediate2.value = get_next(char, insn);
557 insn->immediate2.nbytes = 1; 557 insn->immediate2.nbytes = 1;
558 } 558 }
559 done: 559 done:
560 insn->immediate.got = 1; 560 insn->immediate.got = 1;
561 561
562 err_out: 562 err_out:
563 return; 563 return;
564 } 564 }
565 565
566 /** 566 /**
567 * insn_get_length() - Get the length of instruction 567 * insn_get_length() - Get the length of instruction
568 * @insn: &struct insn containing instruction 568 * @insn: &struct insn containing instruction
569 * 569 *
570 * If necessary, first collects the instruction up to and including the 570 * If necessary, first collects the instruction up to and including the
571 * immediates bytes. 571 * immediates bytes.
572 */ 572 */
573 void insn_get_length(struct insn *insn) 573 void insn_get_length(struct insn *insn)
574 { 574 {
575 if (insn->length) 575 if (insn->length)
576 return; 576 return;
577 if (!insn->immediate.got) 577 if (!insn->immediate.got)
578 insn_get_immediate(insn); 578 insn_get_immediate(insn);
579 insn->length = (unsigned char)((unsigned long)insn->next_byte 579 insn->length = (unsigned char)((unsigned long)insn->next_byte
580 - (unsigned long)insn->kaddr); 580 - (unsigned long)insn->kaddr);
581 } 581 }
582 582