| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <49FF1A17.5040706@redhat.com> Date: Mon, 04 May 2009 12:38:47 -0400 From: Masami Hiramatsu <mhiramat@...hat.com> To: "H. Peter Anvin" <hpa@...or.com>, Jim Keniston <jkenisto@...ibm.com> CC: Ingo Molnar <mingo@...e.hu>, Ananth N Mavinakayanahalli <ananth@...ibm.com>, Andi Kleen <andi@...stfloor.org>, kvm@...r.kernel.org, Steven Rostedt <rostedt@...dmis.org>, Frederic Weisbecker <fweisbec@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, Arnaldo Carvalho de Melo <acme@...hat.com>, systemtap-ml <systemtap@...rces.redhat.com>, LKML <linux-kernel@...r.kernel.org>, Vegard Nossum <vegard.nossum@...il.com>, Avi Kivity <avi@...hat.com>, Roland McGrath <roland@...hat.com> Subject: [RFC] x86 instruction decoder with userspace test code Hi, I've rewritten the x86(-64) instruction decoder with instruction attribute table and a generator according to Peter's comments. Currently, an opcode map file (x86-opcode-map.txt) is based on opcode maps in Intel(R) Software Developers Manual Vol.2: Appendix.A, and it contains below two types of opcode tables. 1-byte/2-bytes/3-bytes opcodes, which has 256 elements, are written as below; --- Table: table-name Referrer: escaped-name opcode: mnemonic|GrpXXX [operand1[,operand2...]] [(extra1)[,(extra2)...] [| 2nd-mnemonic ...] (or) opcode: escape # escaped-name EndTable --- Group opcodes, which has 8 elements, are written as below; --- GrpTable: GrpXXX reg: mnemonic [operand1[,operand2...]] [(extra1)[,(extra2)...] [| 2nd-mnemonic ...] EndTable --- These opcode maps do NOT include SSE and most of FP opcodes, because those opcodes are not used in the kernel. The generator(gen-insn-attr-x86.awk) translates the opcode maps into a file which defines instruction attribute tables. The instruction attributes are defined in inat.h and inat.c. I attached insn decoder with user space test, which was originally written by Jim. You can test the decoder can decode instruction length, as following: > Pull all the attached files into a directory and have a go -- e.g., > $ make > $ objdump -d vmlinux | awk -f distill.awk | ./test_get_len [x86_64] Known issues: - 0x9b is an instruction (fwait), but the objdump treats it as a prefix. For example 9b df ... can be disassembled as fstsw ... // wait, then store status word or fwait // wait fnstsw ... // store status word without waiting and this instruction decoder decode 0x9b as an instruction. Anyway, according to Jim's investigation, the single-step stopped after the fwait, so it's no problem. - Illegal instruction sequences(in some data/note sections), such as an x86_64 instruction that starts with 0x40, or a misplaced 0x65 prefix. We can filtered out those instructions which start with "rex" or includes "(bad)". I'll put x86-opcode-map.txt under arch/x86/lib, gen-insn-attr-x86.awk under arch/x86/scripts/ and generate attribute tables at build time. Thank you, -- Masami Hiramatsu Software Engineer Hitachi Computer Products (America) Inc. Software Solutions Division e-mail: mhiramat@...hat.com View attachment "Makefile" of type "text/plain" (328 bytes) View attachment "distill.awk" of type "text/plain" (714 bytes) View attachment "gen-insn-attr-x86.awk" of type "text/plain" (7208 bytes) View attachment "inat.c" of type "text/plain" (2218 bytes) View attachment "inat.h" of type "text/plain" (4633 bytes) View attachment "insn.c" of type "text/plain" (11601 bytes) View attachment "insn.h" of type "text/plain" (4083 bytes) View attachment "insn_x86_user.h" of type "text/plain" (1595 bytes) View attachment "test_get_len.c" of type "text/plain" (1907 bytes) View attachment "x86-opcode-map.txt" of type "text/plain" (9934 bytes)
Powered by blists - more mailing lists