diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c index 80b37181a42b0cd5bbfcafb9f8ed7de917385f19..2ef1a5f8d6758043b6ce2204da47cb71e5cc1614 100644 --- a/arch/x86/kernel/step.c +++ b/arch/x86/kernel/step.c @@ -5,90 +5,6 @@ #include #include -#ifdef CONFIG_X86_32 -#include - -#include - -/* - * Return EIP plus the CS segment base. The segment limit is also - * adjusted, clamped to the kernel/user address space (whichever is - * appropriate), and returned in *eip_limit. - * - * The segment is checked, because it might have been changed by another - * task between the original faulting instruction and here. - * - * If CS is no longer a valid code segment, or if EIP is beyond the - * limit, or if it is a kernel address when CS is not a kernel segment, - * then the returned value will be greater than *eip_limit. - * - * This is slow, but is very rarely executed. - */ -unsigned long get_segment_eip(struct pt_regs *regs, - unsigned long *eip_limit) -{ - unsigned long ip = regs->ip; - unsigned seg = regs->cs & 0xffff; - u32 seg_ar, seg_limit, base, *desc; - - /* Unlikely, but must come before segment checks. */ - if (unlikely(regs->flags & VM_MASK)) { - base = seg << 4; - *eip_limit = base + 0xffff; - return base + (ip & 0xffff); - } - - /* The standard kernel/user address space limit. */ - *eip_limit = user_mode(regs) ? USER_DS.seg : KERNEL_DS.seg; - - /* By far the most common cases. */ - if (likely(SEGMENT_IS_FLAT_CODE(seg))) - return ip; - - /* Check the segment exists, is within the current LDT/GDT size, - that kernel/user (ring 0..3) has the appropriate privilege, - that it's a code segment, and get the limit. */ - __asm__("larl %3,%0; lsll %3,%1" - : "=&r" (seg_ar), "=r" (seg_limit) : "0" (0), "rm" (seg)); - if ((~seg_ar & 0x9800) || ip > seg_limit) { - *eip_limit = 0; - return 1; /* So that returned ip > *eip_limit. */ - } - - /* Get the GDT/LDT descriptor base. - When you look for races in this code remember that - LDT and other horrors are only used in user space. */ - if (seg & (1<<2)) { - /* Must lock the LDT while reading it. */ - mutex_lock(¤t->mm->context.lock); - desc = current->mm->context.ldt; - desc = (void *)desc + (seg & ~7); - } else { - /* Must disable preemption while reading the GDT. */ - desc = (u32 *)get_cpu_gdt_table(get_cpu()); - desc = (void *)desc + (seg & ~7); - } - - /* Decode the code segment base from the descriptor */ - base = get_desc_base((struct desc_struct *)desc); - - if (seg & (1<<2)) - mutex_unlock(¤t->mm->context.lock); - else - put_cpu(); - - /* Adjust EIP and segment limit, and clamp at the kernel limit. - It's legitimate for segments to wrap at 0xffffffff. */ - seg_limit += base; - if (seg_limit < *eip_limit && seg_limit >= base) - *eip_limit = seg_limit; - return ip + base; -} -#endif - -#ifdef CONFIG_X86_32 -static -#endif unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs) { unsigned long addr, seg; diff --git a/arch/x86/mm/fault_32.c b/arch/x86/mm/fault_32.c index b4d19c2d4f05453daf2d1b19176e42930d065b34..36cb67e02b043492ec3fe881bded7a4221fe600a 100644 --- a/arch/x86/mm/fault_32.c +++ b/arch/x86/mm/fault_32.c @@ -81,7 +81,6 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr, unsigned char *max_instr; #ifdef CONFIG_X86_32 - unsigned long limit; if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD && boot_cpu_data.x86 >= 6)) { /* Catch an obscure case of prefetch inside an NX page. */ @@ -90,30 +89,23 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr, } else { return 0; } - instr = (unsigned char *)get_segment_eip(regs, &limit); #else /* If it was a exec fault ignore */ if (error_code & PF_INSTR) return 0; - instr = (unsigned char __user *)convert_ip_to_linear(current, regs); #endif + instr = (unsigned char *)convert_ip_to_linear(current, regs); max_instr = instr + 15; -#ifdef CONFIG_X86_64 if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE) return 0; -#endif while (scan_more && instr < max_instr) { unsigned char opcode; unsigned char instr_hi; unsigned char instr_lo; -#ifdef CONFIG_X86_32 - if (instr > (unsigned char *)limit) - break; -#endif if (probe_kernel_address(instr, opcode)) break; @@ -155,10 +147,7 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr, case 0x00: /* Prefetch instruction is 0x0F0D or 0x0F18 */ scan_more = 0; -#ifdef CONFIG_X86_32 - if (instr > (unsigned char *)limit) - break; -#endif + if (probe_kernel_address(instr, opcode)) break; prefetch = (instr_lo == 0xF) && diff --git a/arch/x86/mm/fault_64.c b/arch/x86/mm/fault_64.c index d519b41f1962953ef70532bc28b413075abdc892..80f8436ac8b29a2e87680c5b0d8b98d449592f0d 100644 --- a/arch/x86/mm/fault_64.c +++ b/arch/x86/mm/fault_64.c @@ -84,7 +84,6 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr, unsigned char *max_instr; #ifdef CONFIG_X86_32 - unsigned long limit; if (unlikely(boot_cpu_data.x86_vendor == X86_VENDOR_AMD && boot_cpu_data.x86 >= 6)) { /* Catch an obscure case of prefetch inside an NX page. */ @@ -93,30 +92,23 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr, } else { return 0; } - instr = (unsigned char *)get_segment_eip(regs, &limit); #else /* If it was a exec fault ignore */ if (error_code & PF_INSTR) return 0; - instr = (unsigned char __user *)convert_ip_to_linear(current, regs); #endif + instr = (unsigned char *)convert_ip_to_linear(current, regs); max_instr = instr + 15; -#ifdef CONFIG_X86_64 if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE) return 0; -#endif while (scan_more && instr < max_instr) { unsigned char opcode; unsigned char instr_hi; unsigned char instr_lo; -#ifdef CONFIG_X86_32 - if (instr > (unsigned char *)limit) - break; -#endif if (probe_kernel_address(instr, opcode)) break; @@ -158,10 +150,7 @@ static int is_prefetch(struct pt_regs *regs, unsigned long addr, case 0x00: /* Prefetch instruction is 0x0F0D or 0x0F18 */ scan_more = 0; -#ifdef CONFIG_X86_32 - if (instr > (unsigned char *)limit) - break; -#endif + if (probe_kernel_address(instr, opcode)) break; prefetch = (instr_lo == 0xF) && diff --git a/include/asm-x86/ptrace.h b/include/asm-x86/ptrace.h index 35c103714906d88bf439cba33acc8235ec1cbd9a..ee4b595e1ccc4ffbeb4a6306015d93d004ece504 100644 --- a/include/asm-x86/ptrace.h +++ b/include/asm-x86/ptrace.h @@ -70,6 +70,10 @@ struct pt_regs { #include struct task_struct; + +extern unsigned long +convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs); + extern void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, int error_code); /* @@ -184,8 +188,6 @@ convert_ip_to_linear(struct task_struct *child, struct pt_regs *regs); #ifdef __KERNEL__ -unsigned long get_segment_eip(struct pt_regs *regs, unsigned long *eip_limit); - /* * These are defined as per linux/ptrace.h, which see. */