x86/traps: Cleanup and robustify decode_bug()

#define SECOND_BYTE_OPCODE_UD2	0x0b

#define BUG_NONE		0xffff

#define BUG_UD1			0xfffe

#define BUG_UD2			0xfffd

#define BUG_UD2			0xfffe

#define BUG_UD1			0xfffd

#define BUG_UD1_UBSAN		0xfffc

#ifdef CONFIG_GENERIC_BUG

	_ASM_PTR fname "\n\t"				\

	".popsection\n\t"

static inline __attribute_const__ u32 gen_endbr(void)

static __always_inline __attribute_const__ u32 gen_endbr(void)

{

	u32 endbr;

	return endbr;

}

static inline __attribute_const__ u32 gen_endbr_poison(void)

static __always_inline __attribute_const__ u32 gen_endbr_poison(void)

{

	/*

	 * 4 byte NOP that isn't NOP4 (in fact it is OSP NOP3), such that it

/*

 * Check for UD1 or UD2, accounting for Address Size Override Prefixes.

 * If it's a UD1, get the ModRM byte to pass along to UBSan.

 * If it's a UD1, further decode to determine its use:

 *

 * UBSan{0}:     67 0f b9 00             ud1    (%eax),%eax

 * UBSan{10}:    67 0f b9 40 10          ud1    0x10(%eax),%eax

 * static_call:  0f b9 cc                ud1    %esp,%ecx

 *

 * Notably UBSAN uses EAX, static_call uses ECX.

 */

__always_inline int decode_bug(unsigned long addr, u32 *imm)

__always_inline int decode_bug(unsigned long addr, s32 *imm, int *len)

{

	unsigned long start = addr;

	u8 v;

	if (addr < TASK_SIZE_MAX)

		return BUG_NONE;

	v = *(u8 *)(addr++);

	if (v == SECOND_BYTE_OPCODE_UD2)

	if (v == SECOND_BYTE_OPCODE_UD2) {

		*len = addr - start;

		return BUG_UD2;

	}

	if (!IS_ENABLED(CONFIG_UBSAN_TRAP) || v != SECOND_BYTE_OPCODE_UD1)

	if (v != SECOND_BYTE_OPCODE_UD1)

		return BUG_NONE;

	/* Retrieve the immediate (type value) for the UBSAN UD1 */

	v = *(u8 *)(addr++);

	if (X86_MODRM_RM(v) == 4)

		addr++;

	*imm = 0;

	if (X86_MODRM_MOD(v) == 1)

		*imm = *(u8 *)addr;

	else if (X86_MODRM_MOD(v) == 2)

		*imm = *(u32 *)addr;

	else

		WARN_ONCE(1, "Unexpected MODRM_MOD: %u\n", X86_MODRM_MOD(v));

	v = *(u8 *)(addr++);		/* ModRM */

	if (X86_MODRM_MOD(v) != 3 && X86_MODRM_RM(v) == 4)

		addr++;			/* SIB */

	/* Decode immediate, if present */

	switch (X86_MODRM_MOD(v)) {

	case 0: if (X86_MODRM_RM(v) == 5)

			addr += 4; /* RIP + disp32 */

		break;

	case 1: *imm = *(s8 *)addr;

		addr += 1;

		break;

	case 2: *imm = *(s32 *)addr;

		addr += 4;

		break;

	case 3: break;

	}

	/* record instruction length */

	*len = addr - start;

	if (X86_MODRM_REG(v) == 0)	/* EAX */

		return BUG_UD1_UBSAN;

	return BUG_UD1;

}

static noinstr bool handle_bug(struct pt_regs *regs)

{

	bool handled = false;

	int ud_type;

	u32 imm;

	int ud_type, ud_len;

	s32 ud_imm;

	ud_type = decode_bug(regs->ip, &imm);

	ud_type = decode_bug(regs->ip, &ud_imm, &ud_len);

	if (ud_type == BUG_NONE)

		return handled;

	 */

	if (regs->flags & X86_EFLAGS_IF)

		raw_local_irq_enable();

	if (ud_type == BUG_UD2) {

	switch (ud_type) {

	case BUG_UD2:

		if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN ||

		    handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) {

			regs->ip += LEN_UD2;

			regs->ip += ud_len;

			handled = true;

		}

	} else if (IS_ENABLED(CONFIG_UBSAN_TRAP)) {

		pr_crit("%s at %pS\n", report_ubsan_failure(regs, imm), (void *)regs->ip);

		break;

	case BUG_UD1_UBSAN:

		if (IS_ENABLED(CONFIG_UBSAN_TRAP)) {

			pr_crit("%s at %pS\n",

				report_ubsan_failure(regs, ud_imm),

				(void *)regs->ip);

		}

		break;

	default:

		break;

	}

	if (regs->flags & X86_EFLAGS_IF)

		raw_local_irq_disable();

	instrumentation_end();