1
// SPDX-License-Identifier: GPL-2.0
2
/*
3
 * x86 instruction nmemonic table to parse disasm lines for annotate.
4
 * This table is searched twice - one for exact match and another for
5
 * match without a size suffix (b, w, l, q) in case of AT&T syntax.
6
 *
7
 * So this table should not have entries with the suffix unless it's
8
 * a complete different instruction than ones without the suffix.
9
 */
10
static struct ins x86__instructions[] = {
11
	{ .name = "adc",	.ops = &mov_ops,  },
12
	{ .name = "add",	.ops = &mov_ops,  },
13
	{ .name = "addsd",	.ops = &mov_ops,  },
14
	{ .name = "and",	.ops = &mov_ops,  },
15
	{ .name = "andpd",	.ops = &mov_ops,  },
16
	{ .name = "andps",	.ops = &mov_ops,  },
17
	{ .name = "bsr",	.ops = &mov_ops,  },
18
	{ .name = "bt",		.ops = &mov_ops,  },
19
	{ .name = "btr",	.ops = &mov_ops,  },
20
	{ .name = "bts",	.ops = &mov_ops,  },
21
	{ .name = "call",	.ops = &call_ops, },
22
	{ .name = "cmovbe",	.ops = &mov_ops,  },
23
	{ .name = "cmove",	.ops = &mov_ops,  },
24
	{ .name = "cmovae",	.ops = &mov_ops,  },
25
	{ .name = "cmp",	.ops = &mov_ops,  },
26
	{ .name = "cmpxch",	.ops = &mov_ops,  },
27
	{ .name = "cmpxchg",	.ops = &mov_ops,  },
28
	{ .name = "cs",		.ops = &mov_ops,  },
29
	{ .name = "dec",	.ops = &dec_ops,  },
30
	{ .name = "divsd",	.ops = &mov_ops,  },
31
	{ .name = "divss",	.ops = &mov_ops,  },
32
	{ .name = "gs",		.ops = &mov_ops,  },
33
	{ .name = "imul",	.ops = &mov_ops,  },
34
	{ .name = "inc",	.ops = &dec_ops,  },
35
	{ .name = "ja",		.ops = &jump_ops, },
36
	{ .name = "jae",	.ops = &jump_ops, },
37
	{ .name = "jb",		.ops = &jump_ops, },
38
	{ .name = "jbe",	.ops = &jump_ops, },
39
	{ .name = "jc",		.ops = &jump_ops, },
40
	{ .name = "jcxz",	.ops = &jump_ops, },
41
	{ .name = "je",		.ops = &jump_ops, },
42
	{ .name = "jecxz",	.ops = &jump_ops, },
43
	{ .name = "jg",		.ops = &jump_ops, },
44
	{ .name = "jge",	.ops = &jump_ops, },
45
	{ .name = "jl",		.ops = &jump_ops, },
46
	{ .name = "jle",	.ops = &jump_ops, },
47
	{ .name = "jmp",	.ops = &jump_ops, },
48
	{ .name = "jna",	.ops = &jump_ops, },
49
	{ .name = "jnae",	.ops = &jump_ops, },
50
	{ .name = "jnb",	.ops = &jump_ops, },
51
	{ .name = "jnbe",	.ops = &jump_ops, },
52
	{ .name = "jnc",	.ops = &jump_ops, },
53
	{ .name = "jne",	.ops = &jump_ops, },
54
	{ .name = "jng",	.ops = &jump_ops, },
55
	{ .name = "jnge",	.ops = &jump_ops, },
56
	{ .name = "jnl",	.ops = &jump_ops, },
57
	{ .name = "jnle",	.ops = &jump_ops, },
58
	{ .name = "jno",	.ops = &jump_ops, },
59
	{ .name = "jnp",	.ops = &jump_ops, },
60
	{ .name = "jns",	.ops = &jump_ops, },
61
	{ .name = "jnz",	.ops = &jump_ops, },
62
	{ .name = "jo",		.ops = &jump_ops, },
63
	{ .name = "jp",		.ops = &jump_ops, },
64
	{ .name = "jpe",	.ops = &jump_ops, },
65
	{ .name = "jpo",	.ops = &jump_ops, },
66
	{ .name = "jrcxz",	.ops = &jump_ops, },
67
	{ .name = "js",		.ops = &jump_ops, },
68
	{ .name = "jz",		.ops = &jump_ops, },
69
	{ .name = "lea",	.ops = &mov_ops,  },
70
	{ .name = "lock",	.ops = &lock_ops, },
71
	{ .name = "mov",	.ops = &mov_ops,  },
72
	{ .name = "movapd",	.ops = &mov_ops,  },
73
	{ .name = "movaps",	.ops = &mov_ops,  },
74
	{ .name = "movdqa",	.ops = &mov_ops,  },
75
	{ .name = "movdqu",	.ops = &mov_ops,  },
76
	{ .name = "movsd",	.ops = &mov_ops,  },
77
	{ .name = "movss",	.ops = &mov_ops,  },
78
	{ .name = "movsb",	.ops = &mov_ops,  },
79
	{ .name = "movsw",	.ops = &mov_ops,  },
80
	{ .name = "movsl",	.ops = &mov_ops,  },
81
	{ .name = "movupd",	.ops = &mov_ops,  },
82
	{ .name = "movups",	.ops = &mov_ops,  },
83
	{ .name = "movzb",	.ops = &mov_ops,  },
84
	{ .name = "movzw",	.ops = &mov_ops,  },
85
	{ .name = "movzl",	.ops = &mov_ops,  },
86
	{ .name = "mulsd",	.ops = &mov_ops,  },
87
	{ .name = "mulss",	.ops = &mov_ops,  },
88
	{ .name = "nop",	.ops = &nop_ops,  },
89
	{ .name = "or",		.ops = &mov_ops,  },
90
	{ .name = "orps",	.ops = &mov_ops,  },
91
	{ .name = "pand",	.ops = &mov_ops,  },
92
	{ .name = "paddq",	.ops = &mov_ops,  },
93
	{ .name = "pcmpeqb",	.ops = &mov_ops,  },
94
	{ .name = "por",	.ops = &mov_ops,  },
95
	{ .name = "rcl",	.ops = &mov_ops,  },
96
	{ .name = "ret",	.ops = &ret_ops,  },
97
	{ .name = "sbb",	.ops = &mov_ops,  },
98
	{ .name = "sete",	.ops = &mov_ops,  },
99
	{ .name = "sub",	.ops = &mov_ops,  },
100
	{ .name = "subsd",	.ops = &mov_ops,  },
101
	{ .name = "test",	.ops = &mov_ops,  },
102
	{ .name = "tzcnt",	.ops = &mov_ops,  },
103
	{ .name = "ucomisd",	.ops = &mov_ops,  },
104
	{ .name = "ucomiss",	.ops = &mov_ops,  },
105
	{ .name = "vaddsd",	.ops = &mov_ops,  },
106
	{ .name = "vandpd",	.ops = &mov_ops,  },
107
	{ .name = "vmovdqa",	.ops = &mov_ops,  },
108
	{ .name = "vmovq",	.ops = &mov_ops,  },
109
	{ .name = "vmovsd",	.ops = &mov_ops,  },
110
	{ .name = "vmulsd",	.ops = &mov_ops,  },
111
	{ .name = "vorpd",	.ops = &mov_ops,  },
112
	{ .name = "vsubsd",	.ops = &mov_ops,  },
113
	{ .name = "vucomisd",	.ops = &mov_ops,  },
114
	{ .name = "xadd",	.ops = &mov_ops,  },
115
	{ .name = "xbegin",	.ops = &jump_ops, },
116
	{ .name = "xchg",	.ops = &mov_ops,  },
117
	{ .name = "xor",	.ops = &mov_ops, },
118
	{ .name = "xorpd",	.ops = &mov_ops, },
119
	{ .name = "xorps",	.ops = &mov_ops, },
120
};
121

122
static bool amd__ins_is_fused(struct arch *arch, const char *ins1,
123
			      const char *ins2)
124
{
125
	if (strstr(ins2, "jmp"))
126
		return false;
127

128
	/* Family >= 15h supports cmp/test + branch fusion */
129
	if (arch->family >= 0x15 && (strstarts(ins1, "test") ||
130
	    (strstarts(ins1, "cmp") && !strstr(ins1, "xchg")))) {
131
		return true;
132
	}
133

134
	/* Family >= 19h supports some ALU + branch fusion */
135
	if (arch->family >= 0x19 && (strstarts(ins1, "add") ||
136
	    strstarts(ins1, "sub") || strstarts(ins1, "and") ||
137
	    strstarts(ins1, "inc") || strstarts(ins1, "dec") ||
138
	    strstarts(ins1, "or") || strstarts(ins1, "xor"))) {
139
		return true;
140
	}
141

142
	return false;
143
}
144

145
static bool intel__ins_is_fused(struct arch *arch, const char *ins1,
146
				const char *ins2)
147
{
148
	if (arch->family != 6 || arch->model < 0x1e || strstr(ins2, "jmp"))
149
		return false;
150

151
	if (arch->model == 0x1e) {
152
		/* Nehalem */
153
		if ((strstr(ins1, "cmp") && !strstr(ins1, "xchg")) ||
154
		     strstr(ins1, "test")) {
155
			return true;
156
		}
157
	} else {
158
		/* Newer platform */
159
		if ((strstr(ins1, "cmp") && !strstr(ins1, "xchg")) ||
160
		     strstr(ins1, "test") ||
161
		     strstr(ins1, "add") ||
162
		     strstr(ins1, "sub") ||
163
		     strstr(ins1, "and") ||
164
		     strstr(ins1, "inc") ||
165
		     strstr(ins1, "dec")) {
166
			return true;
167
		}
168
	}
169

170
	return false;
171
}
172

173
static int x86__cpuid_parse(struct arch *arch, char *cpuid)
174
{
175
	unsigned int family, model, stepping;
176
	int ret;
177

178
	/*
179
	 * cpuid = "GenuineIntel,family,model,stepping"
180
	 */
181
	ret = sscanf(cpuid, "%*[^,],%u,%u,%u", &family, &model, &stepping);
182
	if (ret == 3) {
183
		arch->family = family;
184
		arch->model = model;
185
		arch->ins_is_fused = strstarts(cpuid, "AuthenticAMD") ?
186
					amd__ins_is_fused :
187
					intel__ins_is_fused;
188
		return 0;
189
	}
190

191
	return -1;
192
}
193

194
static int x86__annotate_init(struct arch *arch, char *cpuid)
195
{
196
	int err = 0;
197

198
	if (arch->initialized)
199
		return 0;
200

201
	if (cpuid) {
202
		if (x86__cpuid_parse(arch, cpuid))
203
			err = SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING;
204
	}
205
	arch->e_machine = EM_X86_64;
206
	arch->e_flags = 0;
207
	arch->initialized = true;
208
	return err;
209
}
210

211
#ifdef HAVE_LIBDW_SUPPORT
212
static void update_insn_state_x86(struct type_state *state,
213
				  struct data_loc_info *dloc, Dwarf_Die *cu_die,
214
				  struct disasm_line *dl)
215
{
216
	struct annotated_insn_loc loc;
217
	struct annotated_op_loc *src = &loc.ops[INSN_OP_SOURCE];
218
	struct annotated_op_loc *dst = &loc.ops[INSN_OP_TARGET];
219
	struct type_state_reg *tsr;
220
	Dwarf_Die type_die;
221
	u32 insn_offset = dl->al.offset;
222
	int fbreg = dloc->fbreg;
223
	int fboff = 0;
224

225
	if (annotate_get_insn_location(dloc->arch, dl, &loc) < 0)
226
		return;
227

228
	if (ins__is_call(&dl->ins)) {
229
		struct symbol *func = dl->ops.target.sym;
230

231
		if (func == NULL)
232
			return;
233

234
		/* __fentry__ will preserve all registers */
235
		if (!strcmp(func->name, "__fentry__"))
236
			return;
237

238
		pr_debug_dtp("call [%x] %s\n", insn_offset, func->name);
239

240
		/* Otherwise invalidate caller-saved registers after call */
241
		for (unsigned i = 0; i < ARRAY_SIZE(state->regs); i++) {
242
			if (state->regs[i].caller_saved)
243
				state->regs[i].ok = false;
244
		}
245

246
		/* Update register with the return type (if any) */
247
		if (die_find_func_rettype(cu_die, func->name, &type_die)) {
248
			tsr = &state->regs[state->ret_reg];
249
			tsr->type = type_die;
250
			tsr->kind = TSR_KIND_TYPE;
251
			tsr->offset = 0;
252
			tsr->ok = true;
253

254
			pr_debug_dtp("call [%x] return -> reg%d",
255
				     insn_offset, state->ret_reg);
256
			pr_debug_type_name(&type_die, tsr->kind);
257
		}
258
		return;
259
	}
260

261
	if (!strncmp(dl->ins.name, "add", 3)) {
262
		u64 imm_value = -1ULL;
263
		int offset;
264
		const char *var_name = NULL;
265
		struct map_symbol *ms = dloc->ms;
266
		u64 ip = ms->sym->start + dl->al.offset;
267

268
		if (!has_reg_type(state, dst->reg1))
269
			return;
270

271
		tsr = &state->regs[dst->reg1];
272
		tsr->copied_from = -1;
273

274
		if (src->imm)
275
			imm_value = src->offset;
276
		else if (has_reg_type(state, src->reg1) &&
277
			 state->regs[src->reg1].kind == TSR_KIND_CONST)
278
			imm_value = state->regs[src->reg1].imm_value;
279
		else if (src->reg1 == DWARF_REG_PC) {
280
			u64 var_addr = annotate_calc_pcrel(dloc->ms, ip,
281
							   src->offset, dl);
282

283
			if (get_global_var_info(dloc, var_addr,
284
						&var_name, &offset) &&
285
			    !strcmp(var_name, "this_cpu_off") &&
286
			    tsr->kind == TSR_KIND_CONST) {
287
				tsr->kind = TSR_KIND_PERCPU_BASE;
288
				tsr->offset = 0;
289
				tsr->ok = true;
290
				imm_value = tsr->imm_value;
291
			}
292
		}
293
		else
294
			return;
295

296
		/* Ignore add to non-pointer or non-const types */
297
		if (tsr->kind == TSR_KIND_POINTER ||
298
		    (dwarf_tag(&tsr->type) == DW_TAG_pointer_type &&
299
		     src->reg1 != DWARF_REG_PC && tsr->kind == TSR_KIND_TYPE && !dst->mem_ref)) {
300
			tsr->offset += imm_value;
301
			pr_debug_dtp("add [%x] offset %#"PRIx64" to reg%d",
302
				     insn_offset, imm_value, dst->reg1);
303
			pr_debug_type_name(&tsr->type, tsr->kind);
304
		}
305

306
		if (tsr->kind == TSR_KIND_CONST)
307
			tsr->imm_value += imm_value;
308

309
		if (tsr->kind != TSR_KIND_PERCPU_BASE)
310
			return;
311

312
		if (get_global_var_type(cu_die, dloc, ip, imm_value, &offset,
313
					&type_die) && offset == 0) {
314
			/*
315
			 * This is not a pointer type, but it should be treated
316
			 * as a pointer.
317
			 */
318
			tsr->type = type_die;
319
			tsr->kind = TSR_KIND_PERCPU_POINTER;
320
			tsr->offset = 0;
321
			tsr->ok = true;
322

323
			pr_debug_dtp("add [%x] percpu %#"PRIx64" -> reg%d",
324
				     insn_offset, imm_value, dst->reg1);
325
			pr_debug_type_name(&tsr->type, tsr->kind);
326
		}
327
		return;
328
	}
329

330
	if (!strncmp(dl->ins.name, "sub", 3)) {
331
		u64 imm_value = -1ULL;
332

333
		if (!has_reg_type(state, dst->reg1))
334
			return;
335

336
		tsr = &state->regs[dst->reg1];
337
		tsr->copied_from = -1;
338

339
		if (src->imm)
340
			imm_value = src->offset;
341
		else if (has_reg_type(state, src->reg1) &&
342
			 state->regs[src->reg1].kind == TSR_KIND_CONST)
343
			imm_value = state->regs[src->reg1].imm_value;
344

345
		if (tsr->kind == TSR_KIND_POINTER ||
346
		    (dwarf_tag(&tsr->type) == DW_TAG_pointer_type &&
347
		     src->reg1 != DWARF_REG_PC && tsr->kind == TSR_KIND_TYPE && !dst->mem_ref)) {
348
			tsr->offset -= imm_value;
349
			pr_debug_dtp("sub [%x] offset %#"PRIx64" to reg%d",
350
				     insn_offset, imm_value, dst->reg1);
351
			pr_debug_type_name(&tsr->type, tsr->kind);
352
		}
353

354
		if (tsr->kind == TSR_KIND_CONST)
355
			tsr->imm_value -= imm_value;
356

357
		return;
358
	}
359

360
	if (!strncmp(dl->ins.name, "lea", 3)) {
361
		int sreg = src->reg1;
362
		struct type_state_reg src_tsr;
363

364
		if (!has_reg_type(state, sreg) ||
365
		    !has_reg_type(state, dst->reg1) ||
366
		    !src->mem_ref)
367
			return;
368

369
		src_tsr = state->regs[sreg];
370
		tsr = &state->regs[dst->reg1];
371

372
		tsr->copied_from = -1;
373
		tsr->ok = false;
374

375
		/* Case 1: Based on stack pointer or frame pointer */
376
		if (sreg == fbreg || sreg == state->stack_reg) {
377
			struct type_state_stack *stack;
378
			int offset = src->offset - fboff;
379

380
			stack = find_stack_state(state, offset);
381
			if (!stack)
382
				return;
383

384
			tsr->type = stack->type;
385
			tsr->kind = TSR_KIND_POINTER;
386
			tsr->offset = offset - stack->offset;
387
			tsr->ok = true;
388

389
			if (sreg == fbreg) {
390
				pr_debug_dtp("lea [%x] address of -%#x(stack) -> reg%d",
391
					     insn_offset, -src->offset, dst->reg1);
392
			} else {
393
				pr_debug_dtp("lea [%x] address of %#x(reg%d) -> reg%d",
394
					     insn_offset, src->offset, sreg, dst->reg1);
395
			}
396

397
			pr_debug_type_name(&tsr->type, tsr->kind);
398
		}
399
		/* Case 2: Based on a register holding a typed pointer */
400
		else if (src_tsr.ok && (src_tsr.kind == TSR_KIND_POINTER ||
401
			 (dwarf_tag(&src_tsr.type) == DW_TAG_pointer_type &&
402
			  src_tsr.kind == TSR_KIND_TYPE))) {
403

404
			if (src_tsr.kind == TSR_KIND_TYPE &&
405
			    __die_get_real_type(&state->regs[sreg].type, &type_die) == NULL)
406
				return;
407

408
			if (src_tsr.kind == TSR_KIND_POINTER)
409
				type_die = state->regs[sreg].type;
410

411
			/* Check if the target type has a member at the new offset */
412
			if (die_get_member_type(&type_die,
413
						src->offset + src_tsr.offset, &type_die) == NULL)
414
				return;
415

416
			tsr->type = src_tsr.type;
417
			tsr->kind = src_tsr.kind;
418
			tsr->offset = src->offset + src_tsr.offset;
419
			tsr->ok = true;
420

421
			pr_debug_dtp("lea [%x] address of %s%#x(reg%d) -> reg%d",
422
						insn_offset, src->offset < 0 ? "-" : "",
423
						abs(src->offset), sreg, dst->reg1);
424

425
			pr_debug_type_name(&tsr->type, tsr->kind);
426
		}
427
		return;
428
	}
429

430
	/* Invalidate register states for other ops which may change pointers */
431
	if (has_reg_type(state, dst->reg1) && !dst->mem_ref &&
432
	    dwarf_tag(&state->regs[dst->reg1].type) == DW_TAG_pointer_type) {
433
		if (!strncmp(dl->ins.name, "imul", 4) || !strncmp(dl->ins.name, "mul", 3) ||
434
		    !strncmp(dl->ins.name, "idiv", 4) || !strncmp(dl->ins.name, "div", 3) ||
435
		    !strncmp(dl->ins.name, "shl", 3)  || !strncmp(dl->ins.name, "shr", 3) ||
436
		    !strncmp(dl->ins.name, "sar", 3)  || !strncmp(dl->ins.name, "and", 3) ||
437
		    !strncmp(dl->ins.name, "or", 2)   || !strncmp(dl->ins.name, "neg", 3) ||
438
		    !strncmp(dl->ins.name, "inc", 3)  || !strncmp(dl->ins.name, "dec", 3)) {
439
			pr_debug_dtp("%s [%x] invalidate reg%d\n",
440
						dl->ins.name, insn_offset, dst->reg1);
441
			state->regs[dst->reg1].ok = false;
442
			state->regs[dst->reg1].copied_from = -1;
443
			return;
444
		}
445

446
		if (!strncmp(dl->ins.name, "xor", 3) && dst->reg1 == src->reg1) {
447
			/* xor reg, reg clears the register */
448
			pr_debug_dtp("xor [%x] clear reg%d\n",
449
				     insn_offset, dst->reg1);
450

451
			state->regs[dst->reg1].kind = TSR_KIND_CONST;
452
			state->regs[dst->reg1].imm_value = 0;
453
			state->regs[dst->reg1].ok = true;
454
			state->regs[dst->reg1].copied_from = -1;
455
			return;
456
		}
457
	}
458

459
	if (strncmp(dl->ins.name, "mov", 3))
460
		return;
461

462
	if (dloc->fb_cfa) {
463
		u64 ip = dloc->ms->sym->start + dl->al.offset;
464
		u64 pc = map__rip_2objdump(dloc->ms->map, ip);
465

466
		if (die_get_cfa(dloc->di->dbg, pc, &fbreg, &fboff) < 0)
467
			fbreg = -1;
468
	}
469

470
	/* Case 1. register to register or segment:offset to register transfers */
471
	if (!src->mem_ref && !dst->mem_ref) {
472
		if (!has_reg_type(state, dst->reg1))
473
			return;
474

475
		tsr = &state->regs[dst->reg1];
476
		tsr->copied_from = -1;
477

478
		if (dso__kernel(map__dso(dloc->ms->map)) &&
479
		    src->segment == INSN_SEG_X86_GS && src->imm) {
480
			u64 ip = dloc->ms->sym->start + dl->al.offset;
481
			u64 var_addr;
482
			int offset;
483

484
			/*
485
			 * In kernel, %gs points to a per-cpu region for the
486
			 * current CPU.  Access with a constant offset should
487
			 * be treated as a global variable access.
488
			 */
489
			var_addr = src->offset;
490

491
			if (var_addr == 40) {
492
				tsr->kind = TSR_KIND_CANARY;
493
				tsr->offset = 0;
494
				tsr->ok = true;
495

496
				pr_debug_dtp("mov [%x] stack canary -> reg%d\n",
497
					     insn_offset, dst->reg1);
498
				return;
499
			}
500

501
			if (!get_global_var_type(cu_die, dloc, ip, var_addr,
502
						 &offset, &type_die) ||
503
			    !die_get_member_type(&type_die, offset, &type_die)) {
504
				tsr->ok = false;
505
				return;
506
			}
507

508
			tsr->type = type_die;
509
			tsr->kind = TSR_KIND_TYPE;
510
			tsr->offset = 0;
511
			tsr->ok = true;
512

513
			pr_debug_dtp("mov [%x] this-cpu addr=%#"PRIx64" -> reg%d",
514
				     insn_offset, var_addr, dst->reg1);
515
			pr_debug_type_name(&tsr->type, tsr->kind);
516
			return;
517
		}
518

519
		if (src->imm) {
520
			tsr->kind = TSR_KIND_CONST;
521
			tsr->imm_value = src->offset;
522
			tsr->offset = 0;
523
			tsr->ok = true;
524

525
			pr_debug_dtp("mov [%x] imm=%#x -> reg%d\n",
526
				     insn_offset, tsr->imm_value, dst->reg1);
527
			return;
528
		}
529

530
		if (!has_reg_type(state, src->reg1) ||
531
		    !state->regs[src->reg1].ok) {
532
			tsr->ok = false;
533
			return;
534
		}
535

536
		tsr->type = state->regs[src->reg1].type;
537
		tsr->kind = state->regs[src->reg1].kind;
538
		tsr->imm_value = state->regs[src->reg1].imm_value;
539
		tsr->offset = state->regs[src->reg1].offset;
540
		tsr->ok = true;
541

542
		/* To copy back the variable type later (hopefully) */
543
		if (tsr->kind == TSR_KIND_TYPE || tsr->kind == TSR_KIND_POINTER)
544
			tsr->copied_from = src->reg1;
545

546
		pr_debug_dtp("mov [%x] reg%d -> reg%d",
547
			     insn_offset, src->reg1, dst->reg1);
548
		pr_debug_type_name(&tsr->type, tsr->kind);
549
	}
550
	/* Case 2. memory to register transers */
551
	if (src->mem_ref && !dst->mem_ref) {
552
		int sreg = src->reg1;
553

554
		if (!has_reg_type(state, dst->reg1))
555
			return;
556

557
		tsr = &state->regs[dst->reg1];
558
		tsr->copied_from = -1;
559

560
retry:
561
		/* Check stack variables with offset */
562
		if (sreg == fbreg || sreg == state->stack_reg) {
563
			struct type_state_stack *stack;
564
			int offset = src->offset - fboff;
565

566
			stack = find_stack_state(state, offset);
567
			if (stack == NULL) {
568
				tsr->ok = false;
569
				return;
570
			} else if (!stack->compound) {
571
				tsr->type = stack->type;
572
				tsr->kind = stack->kind;
573
				tsr->offset = stack->ptr_offset;
574
				tsr->ok = true;
575
			} else if (die_get_member_type(&stack->type,
576
						       offset - stack->offset,
577
						       &type_die)) {
578
				tsr->type = type_die;
579
				tsr->kind = TSR_KIND_TYPE;
580
				tsr->offset = 0;
581
				tsr->ok = true;
582
			} else {
583
				tsr->ok = false;
584
				return;
585
			}
586

587
			if (sreg == fbreg) {
588
				pr_debug_dtp("mov [%x] -%#x(stack) -> reg%d",
589
					     insn_offset, -offset, dst->reg1);
590
			} else {
591
				pr_debug_dtp("mov [%x] %#x(reg%d) -> reg%d",
592
					     insn_offset, offset, sreg, dst->reg1);
593
			}
594
			pr_debug_type_name(&tsr->type, tsr->kind);
595
		}
596
		/* And then dereference the pointer if it has one */
597
		else if (has_reg_type(state, sreg) && state->regs[sreg].ok &&
598
			 state->regs[sreg].kind == TSR_KIND_TYPE &&
599
			 die_deref_ptr_type(&state->regs[sreg].type,
600
					    src->offset + state->regs[sreg].offset, &type_die)) {
601
			tsr->type = type_die;
602
			tsr->kind = TSR_KIND_TYPE;
603
			tsr->offset = 0;
604
			tsr->ok = true;
605

606
			pr_debug_dtp("mov [%x] %#x(reg%d) -> reg%d",
607
				     insn_offset, src->offset, sreg, dst->reg1);
608
			pr_debug_type_name(&tsr->type, tsr->kind);
609
		}
610
		/* Handle dereference of TSR_KIND_POINTER registers */
611
		else if (has_reg_type(state, sreg) && state->regs[sreg].ok &&
612
			 state->regs[sreg].kind == TSR_KIND_POINTER &&
613
			 die_get_member_type(&state->regs[sreg].type,
614
					     src->offset + state->regs[sreg].offset, &type_die)) {
615
			tsr->type = state->regs[sreg].type;
616
			tsr->kind = TSR_KIND_TYPE;
617
			tsr->offset = src->offset + state->regs[sreg].offset;
618
			tsr->ok = true;
619

620
			pr_debug_dtp("mov [%x] addr %#x(reg%d) -> reg%d",
621
				     insn_offset, src->offset, sreg, dst->reg1);
622
			pr_debug_type_name(&tsr->type, tsr->kind);
623
		}
624
		/* Or check if it's a global variable */
625
		else if (sreg == DWARF_REG_PC) {
626
			struct map_symbol *ms = dloc->ms;
627
			u64 ip = ms->sym->start + dl->al.offset;
628
			u64 addr;
629
			int offset;
630

631
			addr = annotate_calc_pcrel(ms, ip, src->offset, dl);
632

633
			if (!get_global_var_type(cu_die, dloc, ip, addr, &offset,
634
						 &type_die) ||
635
			    !die_get_member_type(&type_die, offset, &type_die)) {
636
				tsr->ok = false;
637
				return;
638
			}
639

640
			tsr->type = type_die;
641
			tsr->kind = TSR_KIND_TYPE;
642
			tsr->offset = 0;
643
			tsr->ok = true;
644

645
			pr_debug_dtp("mov [%x] global addr=%"PRIx64" -> reg%d",
646
				     insn_offset, addr, dst->reg1);
647
			pr_debug_type_name(&type_die, tsr->kind);
648
		}
649
		/* And check percpu access with base register */
650
		else if (has_reg_type(state, sreg) &&
651
			 state->regs[sreg].kind == TSR_KIND_PERCPU_BASE) {
652
			u64 ip = dloc->ms->sym->start + dl->al.offset;
653
			u64 var_addr = src->offset;
654
			int offset;
655

656
			if (src->multi_regs) {
657
				int reg2 = (sreg == src->reg1) ? src->reg2 : src->reg1;
658

659
				if (has_reg_type(state, reg2) && state->regs[reg2].ok &&
660
				    state->regs[reg2].kind == TSR_KIND_CONST)
661
					var_addr += state->regs[reg2].imm_value;
662
			}
663

664
			/*
665
			 * In kernel, %gs points to a per-cpu region for the
666
			 * current CPU.  Access with a constant offset should
667
			 * be treated as a global variable access.
668
			 */
669
			if (get_global_var_type(cu_die, dloc, ip, var_addr,
670
						&offset, &type_die) &&
671
			    die_get_member_type(&type_die, offset, &type_die)) {
672
				tsr->type = type_die;
673
				tsr->kind = TSR_KIND_TYPE;
674
				tsr->offset = 0;
675
				tsr->ok = true;
676

677
				if (src->multi_regs) {
678
					pr_debug_dtp("mov [%x] percpu %#x(reg%d,reg%d) -> reg%d",
679
						     insn_offset, src->offset, src->reg1,
680
						     src->reg2, dst->reg1);
681
				} else {
682
					pr_debug_dtp("mov [%x] percpu %#x(reg%d) -> reg%d",
683
						     insn_offset, src->offset, sreg, dst->reg1);
684
				}
685
				pr_debug_type_name(&tsr->type, tsr->kind);
686
			} else {
687
				tsr->ok = false;
688
			}
689
		}
690
		/* And then dereference the calculated pointer if it has one */
691
		else if (has_reg_type(state, sreg) && state->regs[sreg].ok &&
692
			 state->regs[sreg].kind == TSR_KIND_PERCPU_POINTER &&
693
			 die_get_member_type(&state->regs[sreg].type,
694
					     src->offset, &type_die)) {
695
			tsr->type = type_die;
696
			tsr->kind = TSR_KIND_TYPE;
697
			tsr->offset = 0;
698
			tsr->ok = true;
699

700
			pr_debug_dtp("mov [%x] pointer %#x(reg%d) -> reg%d",
701
				     insn_offset, src->offset, sreg, dst->reg1);
702
			pr_debug_type_name(&tsr->type, tsr->kind);
703
		}
704
		/* Or try another register if any */
705
		else if (src->multi_regs && sreg == src->reg1 &&
706
			 src->reg1 != src->reg2) {
707
			sreg = src->reg2;
708
			goto retry;
709
		}
710
		else {
711
			int offset;
712
			const char *var_name = NULL;
713

714
			/* it might be per-cpu variable (in kernel) access */
715
			if (src->offset < 0) {
716
				if (get_global_var_info(dloc, (s64)src->offset,
717
							&var_name, &offset) &&
718
				    !strcmp(var_name, "__per_cpu_offset")) {
719
					tsr->kind = TSR_KIND_PERCPU_BASE;
720
					tsr->offset = 0;
721
					tsr->ok = true;
722

723
					pr_debug_dtp("mov [%x] percpu base reg%d\n",
724
						     insn_offset, dst->reg1);
725
					return;
726
				}
727
			}
728

729
			tsr->ok = false;
730
		}
731
	}
732
	/* Case 3. register to memory transfers */
733
	if (!src->mem_ref && dst->mem_ref) {
734
		if (!has_reg_type(state, src->reg1) ||
735
		    !state->regs[src->reg1].ok)
736
			return;
737

738
		/* Check stack variables with offset */
739
		if (dst->reg1 == fbreg || dst->reg1 == state->stack_reg) {
740
			struct type_state_stack *stack;
741
			int offset = dst->offset - fboff;
742

743
			tsr = &state->regs[src->reg1];
744

745
			stack = find_stack_state(state, offset);
746
			if (stack) {
747
				/*
748
				 * The source register is likely to hold a type
749
				 * of member if it's a compound type.  Do not
750
				 * update the stack variable type since we can
751
				 * get the member type later by using the
752
				 * die_get_member_type().
753
				 */
754
				if (!stack->compound)
755
					set_stack_state(stack, offset, tsr->kind,
756
							&tsr->type, tsr->offset);
757
			} else {
758
				findnew_stack_state(state, offset, tsr->kind,
759
						    &tsr->type, tsr->offset);
760
			}
761

762
			if (dst->reg1 == fbreg) {
763
				pr_debug_dtp("mov [%x] reg%d -> -%#x(stack)",
764
					     insn_offset, src->reg1, -offset);
765
			} else {
766
				pr_debug_dtp("mov [%x] reg%d -> %#x(reg%d)",
767
					     insn_offset, src->reg1, offset, dst->reg1);
768
			}
769
			if (tsr->offset != 0) {
770
				pr_debug_dtp(" reg%d offset %#x ->",
771
					src->reg1, tsr->offset);
772
			}
773

774
			pr_debug_type_name(&tsr->type, tsr->kind);
775
		}
776
		/*
777
		 * Ignore other transfers since it'd set a value in a struct
778
		 * and won't change the type.
779
		 */
780
	}
781
	/* Case 4. memory to memory transfers (not handled for now) */
782
}
783
#endif
784

785