aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
Diffstat (limited to 'arch')
-rw-r--r--arch/x86/kernel/step.c84
-rw-r--r--arch/x86/mm/fault_32.c15
-rw-r--r--arch/x86/mm/fault_64.c15
3 files changed, 4 insertions, 110 deletions
diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c
index 80b37181a42b..2ef1a5f8d675 100644
--- a/arch/x86/kernel/step.c
+++ b/arch/x86/kernel/step.c
@@ -5,90 +5,6 @@
5#include <linux/mm.h> 5#include <linux/mm.h>
6#include <linux/ptrace.h> 6#include <linux/ptrace.h>
7 7
8#ifdef CONFIG_X86_32
9#include <linux/uaccess.h>
10
11#include <asm/desc.h>
12
13/*
14 * Return EIP plus the CS segment base. The segment limit is also
15 * adjusted, clamped to the kernel/user address space (whichever is
16 * appropriate), and returned in *eip_limit.
17 *
18 * The segment is checked, because it might have been changed by another
19 * task between the original faulting instruction and here.
20 *
21 * If CS is no longer a valid code segment, or if EIP is beyond the
22 * limit, or if it is a kernel address when CS is not a kernel segment,
23 * then the returned value will be greater than *eip_limit.
24 *
25 * This is slow, but is very rarely executed.
26 */
27unsigned long get_segment_eip(struct pt_regs *regs,
28 unsigned long *eip_limit)
29{
30 unsigned long ip = regs->ip;
31 unsigned seg = regs->cs & 0xffff;
32 u32 seg_ar, seg_limit, base, *desc;
33
34 /* Unlikely, but must come before segment checks. */
35 if (unlikely(regs->flags & VM_MASK)) {
36 base = seg << 4;
37 *eip_limit = base + 0xffff;
38 return base + (ip & 0xffff);
39 }
40
41 /* The standard kernel/user address space limit. */
42 *eip_limit = user_mode(regs) ? USER_DS.seg : KERNEL_DS.seg;
43
44 /* By far the most common cases. */
45 if (likely(SEGMENT_IS_FLAT_CODE(seg)))
46 return ip;
47
48 /* Check the segment exists, is within the current LDT/GDT size,
49 that kernel/user (ring 0..3) has the appropriate privilege,
50 that it's a code segment, and get the limit. */
51 __asm__("larl %3,%0; lsll %3,%1"
52 : "=&r" (seg_ar), "=r" (seg_limit) : "0" (0), "rm" (seg));
53 if ((~seg_ar & 0x9800) || ip > seg_limit) {
54 *eip_limit = 0;
55 return 1; /* So that returned ip > *eip_limit. */
56 }
57
58 /* Get the GDT/LDT descriptor base.
59 When you look for races in this code remember that
60 LDT and other horrors are only used in user space. */
61 if (seg & (1<<2)) {
62 /* Must lock the LDT while reading it. */
63 mutex_lock(&current->mm->context.lock);
64 desc = current->mm->context.ldt;
65 desc = (void *)desc + (seg & ~7);
66 } else {
67 /* Must disable preemption while reading the GDT. */
68 desc = (u32 *)get_cpu_gdt_table(get_cpu());
69 desc = (void *)desc + (seg & ~7);
70 }
71
72 /* Decode the code segment base from the descriptor */
73 base = get_desc_base((struct desc_struct *)desc);
74
75 if (seg & (1<<2))
76 mutex_unlock(&current->mm->context.lock);
77 else
78 put_cpu();
79
80 /* Adjust EIP and segment limit, and clamp at the kernel limit.
81 It's legitimate for segments to wrap at 0xffffffff. */
82 seg_limit += base;
83 if (seg_limit < *eip_limit && seg_limit >= base)
84 *eip_limit = seg_limit;
85 return ip + base;
86}
87#endif
88
89#ifdef CONFIG_X86_32
90static
91#endif
92unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs) 8unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs)
93{ 9{
94 unsigned long addr, seg; 10 unsigned long addr, seg;
diff --git a/arch/x86/mm/fault_32.c b/arch/x86/mm/fault_32.c
index b4d19c2d4f05..36cb67e02b04 100644
--- a/arch/x86/mm/fault_32.c
+++ b/arch/x86/mm/fault_32.c
@@ -81,7 +81,6 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr,
81 unsigned char *max_instr; 81 unsigned char *max_instr;
82 82
83#ifdef CONFIG_X86_32 83#ifdef CONFIG_X86_32
84 unsigned long limit;
85 if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD && 84 if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
86 boot_cpu_data.x86 >= 6)) { 85 boot_cpu_data.x86 >= 6)) {
87 /* Catch an obscure case of prefetch inside an NX page. */ 86 /* Catch an obscure case of prefetch inside an NX page. */
@@ -90,30 +89,23 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr,
90 } else { 89 } else {
91 return 0; 90 return 0;
92 } 91 }
93 instr = (unsigned char *)get_segment_eip(regs, &limit);
94#else 92#else
95 /* If it was a exec fault ignore */ 93 /* If it was a exec fault ignore */
96 if (error_code & PF_INSTR) 94 if (error_code & PF_INSTR)
97 return 0; 95 return 0;
98 instr = (unsigned char __user *)convert_ip_to_linear(current, regs);
99#endif 96#endif
100 97
98 instr = (unsigned char *)convert_ip_to_linear(current, regs);
101 max_instr = instr + 15; 99 max_instr = instr + 15;
102 100
103#ifdef CONFIG_X86_64
104 if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE) 101 if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE)
105 return 0; 102 return 0;
106#endif
107 103
108 while (scan_more && instr < max_instr) { 104 while (scan_more && instr < max_instr) {
109 unsigned char opcode; 105 unsigned char opcode;
110 unsigned char instr_hi; 106 unsigned char instr_hi;
111 unsigned char instr_lo; 107 unsigned char instr_lo;
112 108
113#ifdef CONFIG_X86_32
114 if (instr > (unsigned char *)limit)
115 break;
116#endif
117 if (probe_kernel_address(instr, opcode)) 109 if (probe_kernel_address(instr, opcode))
118 break; 110 break;
119 111
@@ -155,10 +147,7 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr,
155 case 0x00: 147 case 0x00:
156 /* Prefetch instruction is 0x0F0D or 0x0F18 */ 148 /* Prefetch instruction is 0x0F0D or 0x0F18 */
157 scan_more = 0; 149 scan_more = 0;
158#ifdef CONFIG_X86_32 150
159 if (instr > (unsigned char *)limit)
160 break;
161#endif
162 if (probe_kernel_address(instr, opcode)) 151 if (probe_kernel_address(instr, opcode))
163 break; 152 break;
164 prefetch = (instr_lo == 0xF) && 153 prefetch = (instr_lo == 0xF) &&
diff --git a/arch/x86/mm/fault_64.c b/arch/x86/mm/fault_64.c
index d519b41f1962..80f8436ac8b2 100644
--- a/arch/x86/mm/fault_64.c
+++ b/arch/x86/mm/fault_64.c
@@ -84,7 +84,6 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr,
84 unsigned char *max_instr; 84 unsigned char *max_instr;
85 85
86#ifdef CONFIG_X86_32 86#ifdef CONFIG_X86_32
87 unsigned long limit;
88 if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD && 87 if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
89 boot_cpu_data.x86 >= 6)) { 88 boot_cpu_data.x86 >= 6)) {
90 /* Catch an obscure case of prefetch inside an NX page. */ 89 /* Catch an obscure case of prefetch inside an NX page. */
@@ -93,30 +92,23 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr,
93 } else { 92 } else {
94 return 0; 93 return 0;
95 } 94 }
96 instr = (unsigned char *)get_segment_eip(regs, &limit);
97#else 95#else
98 /* If it was a exec fault ignore */ 96 /* If it was a exec fault ignore */
99 if (error_code & PF_INSTR) 97 if (error_code & PF_INSTR)
100 return 0; 98 return 0;
101 instr = (unsigned char __user *)convert_ip_to_linear(current, regs);
102#endif 99#endif
103 100
101 instr = (unsigned char *)convert_ip_to_linear(current, regs);
104 max_instr = instr + 15; 102 max_instr = instr + 15;
105 103
106#ifdef CONFIG_X86_64
107 if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE) 104 if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE)
108 return 0; 105 return 0;
109#endif
110 106
111 while (scan_more && instr < max_instr) { 107 while (scan_more && instr < max_instr) {
112 unsigned char opcode; 108 unsigned char opcode;
113 unsigned char instr_hi; 109 unsigned char instr_hi;
114 unsigned char instr_lo; 110 unsigned char instr_lo;
115 111
116#ifdef CONFIG_X86_32
117 if (instr > (unsigned char *)limit)
118 break;
119#endif
120 if (probe_kernel_address(instr, opcode)) 112 if (probe_kernel_address(instr, opcode))
121 break; 113 break;
122 114
@@ -158,10 +150,7 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr,
158 case 0x00: 150 case 0x00:
159 /* Prefetch instruction is 0x0F0D or 0x0F18 */ 151 /* Prefetch instruction is 0x0F0D or 0x0F18 */
160 scan_more = 0; 152 scan_more = 0;
161#ifdef CONFIG_X86_32 153
162 if (instr > (unsigned char *)limit)
163 break;
164#endif
165 if (probe_kernel_address(instr, opcode)) 154 if (probe_kernel_address(instr, opcode))
166 break; 155 break;
167 prefetch = (instr_lo == 0xF) && 156 prefetch = (instr_lo == 0xF) &&