x86/insn-eval: Handle 32-bit address encodings in virtual-8086 mode

It is possible to utilize 32-bit address encodings in virtual-8086 mode via
an address override instruction prefix. However, the range of the
effective address is still limited to [0x-0xffff]. In such a case, return
error.

Also, linear addresses in virtual-8086 mode are limited to 20 bits. Enforce
such limit by truncating the most significant bytes of the computed linear
address.

Signed-off-by: Ricardo Neri <[email protected]>
Reviewed-by: Thomas Gleixner <[email protected]>
Cc: Adam Buchbinder <[email protected]>
Cc: Adrian Hunter <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Chen Yucong <[email protected]>
Cc: Chris Metcalf <[email protected]>
Cc: Colin Ian King <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Huang Rui <[email protected]>
Cc: Jiri Slaby <[email protected]>
Cc: Jonathan Corbet <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Lorenzo Stoakes <[email protected]>
Cc: Masami Hiramatsu <[email protected]>
Cc: Michael S. Tsirkin <[email protected]>
Cc: Paolo Bonzini <[email protected]>
Cc: Paul Gortmaker <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Qiaowei Ren <[email protected]>
Cc: Ravi V. Shankar <[email protected]>
Cc: Shuah Khan <[email protected]>
Cc: Thomas Garnier <[email protected]>
Cc: Tony Luck <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/1509935277-22138-5-git-send-email-ricardo.neri-calderon@linux.intel.com
Signed-off-by: Ingo Molnar <[email protected]>

diff --git a/arch/x86/lib/insn-eval.c b/arch/x86/lib/insn-eval.c
index 1ac39737826bbf63dbb36f2891167a3d2ee5fef8..ef102db43289c106a1375f82b34922adec8c661c 100644 (file)
--- a/arch/x86/lib/insn-eval.c
+++ b/arch/x86/lib/insn-eval.c
@@ -1041,6 +1041,13 @@ static void __user *get_addr_ref_32(struct insn *insn, struct pt_regs *regs)
        if (!user_64bit_mode(regs) && ((unsigned int)eff_addr > seg_limit))
                goto out;
 
+       /*
+        * Even though 32-bit address encodings are allowed in virtual-8086
+        * mode, the address range is still limited to [0x-0xffff].
+        */
+       if (v8086_mode(regs) && (eff_addr & ~0xffff))
+               goto out;
+
        /*
         * Data type long could be 64 bits in size. Ensure that our 32-bit
         * effective address is not sign-extended when computing the linear
@@ -1048,6 +1055,10 @@ static void __user *get_addr_ref_32(struct insn *insn, struct pt_regs *regs)
         */
        linear_addr = (unsigned long)(eff_addr & 0xffffffff) + seg_base;
 
+       /* Limit linear address to 20 bits */
+       if (v8086_mode(regs))
+               linear_addr &= 0xfffff;
+
 out:
        return (void __user *)linear_addr;
 }