174fe6c29SRuslan Bukin /* 285f87cf4SRuslan Bukin * Copyright (c) 2016-2019, Intel Corporation 374fe6c29SRuslan Bukin * 474fe6c29SRuslan Bukin * Redistribution and use in source and binary forms, with or without 574fe6c29SRuslan Bukin * modification, are permitted provided that the following conditions are met: 674fe6c29SRuslan Bukin * 774fe6c29SRuslan Bukin * * Redistributions of source code must retain the above copyright notice, 874fe6c29SRuslan Bukin * this list of conditions and the following disclaimer. 974fe6c29SRuslan Bukin * * Redistributions in binary form must reproduce the above copyright notice, 1074fe6c29SRuslan Bukin * this list of conditions and the following disclaimer in the documentation 1174fe6c29SRuslan Bukin * and/or other materials provided with the distribution. 1274fe6c29SRuslan Bukin * * Neither the name of Intel Corporation nor the names of its contributors 1374fe6c29SRuslan Bukin * may be used to endorse or promote products derived from this software 1474fe6c29SRuslan Bukin * without specific prior written permission. 1574fe6c29SRuslan Bukin * 1674fe6c29SRuslan Bukin * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 1774fe6c29SRuslan Bukin * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1874fe6c29SRuslan Bukin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1974fe6c29SRuslan Bukin * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 2074fe6c29SRuslan Bukin * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2174fe6c29SRuslan Bukin * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2274fe6c29SRuslan Bukin * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2374fe6c29SRuslan Bukin * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2474fe6c29SRuslan Bukin * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2574fe6c29SRuslan Bukin * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2674fe6c29SRuslan Bukin * POSSIBILITY OF SUCH DAMAGE. 2774fe6c29SRuslan Bukin */ 2874fe6c29SRuslan Bukin 2974fe6c29SRuslan Bukin #ifndef PT_INSN_H 3074fe6c29SRuslan Bukin #define PT_INSN_H 3174fe6c29SRuslan Bukin 3274fe6c29SRuslan Bukin #include <inttypes.h> 3374fe6c29SRuslan Bukin 3474fe6c29SRuslan Bukin #include "intel-pt.h" 3574fe6c29SRuslan Bukin 3674fe6c29SRuslan Bukin struct pt_insn_ext; 3774fe6c29SRuslan Bukin 3874fe6c29SRuslan Bukin 3974fe6c29SRuslan Bukin /* A finer-grain classification of instructions used internally. */ 4074fe6c29SRuslan Bukin typedef enum { 4174fe6c29SRuslan Bukin PTI_INST_INVALID, 4274fe6c29SRuslan Bukin 4374fe6c29SRuslan Bukin PTI_INST_CALL_9A, 4474fe6c29SRuslan Bukin PTI_INST_CALL_FFr3, 4574fe6c29SRuslan Bukin PTI_INST_CALL_FFr2, 4674fe6c29SRuslan Bukin PTI_INST_CALL_E8, 4774fe6c29SRuslan Bukin PTI_INST_INT, 4874fe6c29SRuslan Bukin 4974fe6c29SRuslan Bukin PTI_INST_INT3, 5074fe6c29SRuslan Bukin PTI_INST_INT1, 5174fe6c29SRuslan Bukin PTI_INST_INTO, 5274fe6c29SRuslan Bukin PTI_INST_IRET, /* includes IRETD and IRETQ (EOSZ determines) */ 5374fe6c29SRuslan Bukin 5474fe6c29SRuslan Bukin PTI_INST_JMP_E9, 5574fe6c29SRuslan Bukin PTI_INST_JMP_EB, 5674fe6c29SRuslan Bukin PTI_INST_JMP_EA, 5774fe6c29SRuslan Bukin PTI_INST_JMP_FFr5, /* REXW? */ 5874fe6c29SRuslan Bukin PTI_INST_JMP_FFr4, 5974fe6c29SRuslan Bukin PTI_INST_JCC, 6074fe6c29SRuslan Bukin PTI_INST_JrCXZ, 6174fe6c29SRuslan Bukin PTI_INST_LOOP, 6274fe6c29SRuslan Bukin PTI_INST_LOOPE, /* aka Z */ 6374fe6c29SRuslan Bukin PTI_INST_LOOPNE, /* aka NE */ 6474fe6c29SRuslan Bukin 6574fe6c29SRuslan Bukin PTI_INST_MOV_CR3, 6674fe6c29SRuslan Bukin 6774fe6c29SRuslan Bukin PTI_INST_RET_C3, 6874fe6c29SRuslan Bukin PTI_INST_RET_C2, 6974fe6c29SRuslan Bukin PTI_INST_RET_CB, 7074fe6c29SRuslan Bukin PTI_INST_RET_CA, 7174fe6c29SRuslan Bukin 7274fe6c29SRuslan Bukin PTI_INST_SYSCALL, 7374fe6c29SRuslan Bukin PTI_INST_SYSENTER, 7474fe6c29SRuslan Bukin PTI_INST_SYSEXIT, 7574fe6c29SRuslan Bukin PTI_INST_SYSRET, 7674fe6c29SRuslan Bukin 7774fe6c29SRuslan Bukin PTI_INST_VMLAUNCH, 7874fe6c29SRuslan Bukin PTI_INST_VMRESUME, 7974fe6c29SRuslan Bukin PTI_INST_VMCALL, 8074fe6c29SRuslan Bukin PTI_INST_VMPTRLD, 8174fe6c29SRuslan Bukin 8274fe6c29SRuslan Bukin PTI_INST_PTWRITE, 8374fe6c29SRuslan Bukin 8474fe6c29SRuslan Bukin PTI_INST_LAST 8574fe6c29SRuslan Bukin } pti_inst_enum_t; 8674fe6c29SRuslan Bukin 8774fe6c29SRuslan Bukin /* Information about an instruction we need internally in addition to the 8874fe6c29SRuslan Bukin * information provided in struct pt_insn. 8974fe6c29SRuslan Bukin */ 9074fe6c29SRuslan Bukin struct pt_insn_ext { 9174fe6c29SRuslan Bukin /* A more detailed instruction class. */ 9274fe6c29SRuslan Bukin pti_inst_enum_t iclass; 9374fe6c29SRuslan Bukin 9474fe6c29SRuslan Bukin /* Instruction-specific information. */ 9574fe6c29SRuslan Bukin union { 9674fe6c29SRuslan Bukin /* For branch instructions. */ 9774fe6c29SRuslan Bukin struct { 9874fe6c29SRuslan Bukin /* The branch displacement. 9974fe6c29SRuslan Bukin * 10074fe6c29SRuslan Bukin * This is only valid for direct calls/jumps. 10174fe6c29SRuslan Bukin * 10274fe6c29SRuslan Bukin * The displacement is applied to the address of the 10374fe6c29SRuslan Bukin * instruction following the branch. 10474fe6c29SRuslan Bukin */ 10574fe6c29SRuslan Bukin int32_t displacement; 10674fe6c29SRuslan Bukin 10774fe6c29SRuslan Bukin /* A flag saying whether the branch is direct. 10874fe6c29SRuslan Bukin * 10974fe6c29SRuslan Bukin * non-zero: direct 11074fe6c29SRuslan Bukin * zero: indirect 11174fe6c29SRuslan Bukin * 11274fe6c29SRuslan Bukin * This is expected to go away someday when we extend 11374fe6c29SRuslan Bukin * enum pt_insn_class to distinguish direct and indirect 11474fe6c29SRuslan Bukin * branches. 11574fe6c29SRuslan Bukin */ 11674fe6c29SRuslan Bukin uint8_t is_direct; 11774fe6c29SRuslan Bukin } branch; 11874fe6c29SRuslan Bukin } variant; 11974fe6c29SRuslan Bukin }; 12074fe6c29SRuslan Bukin 12174fe6c29SRuslan Bukin 12274fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext changes the current privilege level. 12374fe6c29SRuslan Bukin * 12474fe6c29SRuslan Bukin * Returns non-zero if it does, zero if it doesn't (or @insn/@iext is NULL). 12574fe6c29SRuslan Bukin */ 12674fe6c29SRuslan Bukin extern int pt_insn_changes_cpl(const struct pt_insn *insn, 12774fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 12874fe6c29SRuslan Bukin 12974fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext changes CR3. 13074fe6c29SRuslan Bukin * 13174fe6c29SRuslan Bukin * Returns non-zero if it does, zero if it doesn't (or @insn/@iext is NULL). 13274fe6c29SRuslan Bukin */ 13374fe6c29SRuslan Bukin extern int pt_insn_changes_cr3(const struct pt_insn *insn, 13474fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 13574fe6c29SRuslan Bukin 13674fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext is a (near or far) branch. 13774fe6c29SRuslan Bukin * 13874fe6c29SRuslan Bukin * Returns non-zero if it is, zero if it isn't (or @insn/@iext is NULL). 13974fe6c29SRuslan Bukin */ 14074fe6c29SRuslan Bukin extern int pt_insn_is_branch(const struct pt_insn *insn, 14174fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 14274fe6c29SRuslan Bukin 14374fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext is a far branch. 14474fe6c29SRuslan Bukin * 14574fe6c29SRuslan Bukin * Returns non-zero if it is, zero if it isn't (or @insn/@iext is NULL). 14674fe6c29SRuslan Bukin */ 14774fe6c29SRuslan Bukin extern int pt_insn_is_far_branch(const struct pt_insn *insn, 14874fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 14974fe6c29SRuslan Bukin 15074fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext binds to a PIP packet. 15174fe6c29SRuslan Bukin * 15274fe6c29SRuslan Bukin * Returns non-zero if it does, zero if it doesn't (or @insn/@iext is NULL). 15374fe6c29SRuslan Bukin */ 15474fe6c29SRuslan Bukin extern int pt_insn_binds_to_pip(const struct pt_insn *insn, 15574fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 15674fe6c29SRuslan Bukin 15774fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext binds to a VMCS packet. 15874fe6c29SRuslan Bukin * 15974fe6c29SRuslan Bukin * Returns non-zero if it does, zero if it doesn't (or @insn/@iext is NULL). 16074fe6c29SRuslan Bukin */ 16174fe6c29SRuslan Bukin extern int pt_insn_binds_to_vmcs(const struct pt_insn *insn, 16274fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 16374fe6c29SRuslan Bukin 16474fe6c29SRuslan Bukin /* Check if the instruction @insn/@iext is a ptwrite instruction. 16574fe6c29SRuslan Bukin * 16674fe6c29SRuslan Bukin * Returns non-zero if it is, zero if it isn't (or @insn/@iext is NULL). 16774fe6c29SRuslan Bukin */ 16874fe6c29SRuslan Bukin extern int pt_insn_is_ptwrite(const struct pt_insn *insn, 16974fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 17074fe6c29SRuslan Bukin 17174fe6c29SRuslan Bukin /* Determine the IP of the next instruction. 17274fe6c29SRuslan Bukin * 17374fe6c29SRuslan Bukin * Tries to determine the IP of the next instruction without using trace and 17474fe6c29SRuslan Bukin * provides it in @ip unless @ip is NULL. 17574fe6c29SRuslan Bukin * 17674fe6c29SRuslan Bukin * Returns zero on success, a negative error code otherwise. 17774fe6c29SRuslan Bukin * Returns -pte_bad_query if the IP can't be determined. 17874fe6c29SRuslan Bukin * Returns -pte_internal if @insn or @iext is NULL. 17974fe6c29SRuslan Bukin */ 18074fe6c29SRuslan Bukin extern int pt_insn_next_ip(uint64_t *ip, const struct pt_insn *insn, 18174fe6c29SRuslan Bukin const struct pt_insn_ext *iext); 18274fe6c29SRuslan Bukin 18374fe6c29SRuslan Bukin /* Decode and analyze one instruction. 18474fe6c29SRuslan Bukin * 18574fe6c29SRuslan Bukin * Decodes the instructruction at @insn->ip in @insn->mode into @insn and @iext. 18674fe6c29SRuslan Bukin * 18774fe6c29SRuslan Bukin * If the instruction can not be decoded using a single memory read in a single 18874fe6c29SRuslan Bukin * section, sets @insn->truncated and reads the missing bytes from one or more 18974fe6c29SRuslan Bukin * other sections until either the instruction can be decoded or we're sure it 19074fe6c29SRuslan Bukin * is invalid. 19174fe6c29SRuslan Bukin * 19274fe6c29SRuslan Bukin * Returns the size in bytes on success, a negative error code otherwise. 19374fe6c29SRuslan Bukin * Returns -pte_bad_insn if the instruction could not be decoded. 19474fe6c29SRuslan Bukin */ 19574fe6c29SRuslan Bukin extern int pt_insn_decode(struct pt_insn *insn, struct pt_insn_ext *iext, 19674fe6c29SRuslan Bukin struct pt_image *image, const struct pt_asid *asid); 19774fe6c29SRuslan Bukin 19874fe6c29SRuslan Bukin /* Determine if a range of instructions is contiguous. 19974fe6c29SRuslan Bukin * 20074fe6c29SRuslan Bukin * Try to proceed from IP @begin to IP @end in @asid without using trace. 20174fe6c29SRuslan Bukin * 20274fe6c29SRuslan Bukin * Returns a positive integer if we reach @end from @begin. 20374fe6c29SRuslan Bukin * Returns zero if we couldn't reach @end within @nsteps steps. 20474fe6c29SRuslan Bukin * Returns a negative error code otherwise. 20574fe6c29SRuslan Bukin */ 20674fe6c29SRuslan Bukin extern int pt_insn_range_is_contiguous(uint64_t begin, uint64_t end, 20774fe6c29SRuslan Bukin enum pt_exec_mode mode, 20874fe6c29SRuslan Bukin struct pt_image *image, 20974fe6c29SRuslan Bukin const struct pt_asid *asid, 21074fe6c29SRuslan Bukin size_t nsteps); 21174fe6c29SRuslan Bukin 21274fe6c29SRuslan Bukin #endif /* PT_INSN_H */ 213