| Message ID | fc849c94f4adcac1c4ccc5508c7a145a2f13b2a9.1664876744.git.research_trasio@irq.a4lg.com |
|---|---|
| State | Accepted, archived |
| Headers |
Return-Path: <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp42550wrs;
Tue, 4 Oct 2022 02:46:24 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM73VLdnNB7JbUuCFZn52/zUh+pFKHlzDWlb+TGX7npfuoDJ0YPYKW7yAEmuPwAKXzDSxhyW
X-Received: by 2002:a17:906:9c83:b0:779:c14c:55e4 with SMTP id
fj3-20020a1709069c8300b00779c14c55e4mr17973231ejc.619.1664876784570;
Tue, 04 Oct 2022 02:46:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1664876784; cv=none;
d=google.com; s=arc-20160816;
b=azuwNJJUnHlGah42MA1y3rCWUlNiFaytPIrm0EXegZQzHYWI45TrFCfUu4SjEhIHak
y69ez8HhkEyEXlMr59Uf1GQbjbsVBnfVTJkHG1XRK8g86gVfN9Jnm4sbAjUC2OPSm6fc
IRPui7Uzwg+jot4yXYQw2uwntQrZLdfJ8aVQT/aymjwCMTHM5cKvGjKpND68QHurR4xy
ezjAm9VFuD5P7btPxTFOVUF1UADc+p76YMtxXJ7RQ8y8RH9489mwiFQQIZsGbPZusXAZ
Z1dicJDGj5L7ETC98Ou78zLYveUdXV5NX6jodFbsKxY+y8JzR/EcHjsVGJfZ+entGgH+
DzHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=sender:errors-to:cc:reply-to:from:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence
:content-transfer-encoding:mime-version:references:in-reply-to
:message-id:date:subject:to:dmarc-filter:delivered-to:dkim-signature
:dkim-filter;
bh=RrHfXr3Owp1NqQIr+LsPf0h0hD6fEJNjfHwBTh9KpLA=;
b=tUJp2B7vM3pYplTadXip6G7Ia1qSqHeThRY5ZNJ5qlI9H5KxMb33H/DYMA+GilOCzu
4AtaJuf44YoNNf4BYNLXJ+LrW77/a85+gLEZgwCgb8V8M4hOL70QU/0Cu0byqOtHmYHk
rDKuryofT25Y1YoRUHBwMpElJDeOG+qTBGH7efpRtHoRZh5I88aSC2QntVnO9N9mSvDS
5rxnbvNgH1n5CmldiY3TszQ0GjiJfO7peXL+26FazL+7rdfpXO4x4S9WiWGUy0QBBlk9
ptGl8AilX8PLktqCo9gehL152Qq9BrETYyB/O1I6ANzM6oMFKlaeazNkGtBl1rkcM5/W
bMPQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sourceware.org header.s=default header.b=X0AA2lW3;
spf=pass (google.com: domain of
binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from sourceware.org (server2.sourceware.org.
[2620:52:3:1:0:246e:9693:128c])
by mx.google.com with ESMTPS id
gn29-20020a1709070d1d00b0078356aaeb63si3439011ejc.288.2022.10.04.02.46.24
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 04 Oct 2022 02:46:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of
binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
dkim=pass header.i=@sourceware.org header.s=default header.b=X0AA2lW3;
spf=pass (google.com: domain of
binutils-bounces+ouuuleilei=gmail.com@sourceware.org designates
2620:52:3:1:0:246e:9693:128c as permitted sender)
smtp.mailfrom="binutils-bounces+ouuuleilei=gmail.com@sourceware.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id 3583E3854168
for <ouuuleilei@gmail.com>; Tue, 4 Oct 2022 09:46:20 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3583E3854168
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
s=default; t=1664876780;
bh=RrHfXr3Owp1NqQIr+LsPf0h0hD6fEJNjfHwBTh9KpLA=;
h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
From;
b=X0AA2lW3Yt7AcLSNBl2tPmQINLr9woQA/tZw19/+gUcjYvU4iiAUKJg32v6GHRvia
xxFwU9ZCkG+BynqxmVIChMukU+xK7XNKI+E/wUiOwKJZLDmlESeJnxfZEvEJJAft6U
/MIQbQStSTkWu7vhpDMNbCtt4rVr+MM7ljfY1XPY=
X-Original-To: binutils@sourceware.org
Delivered-To: binutils@sourceware.org
Received: from mail-sender-0.a4lg.com (mail-sender-0.a4lg.com
[IPv6:2401:2500:203:30b:4000:6bfe:4757:0])
by sourceware.org (Postfix) with ESMTPS id F1C5238582BA;
Tue, 4 Oct 2022 09:46:11 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F1C5238582BA
Received: from [127.0.0.1] (localhost [127.0.0.1])
by mail-sender-0.a4lg.com (Postfix) with ESMTPSA id 39BF3300089;
Tue, 4 Oct 2022 09:46:10 +0000 (UTC)
To: Tsukasa OI <research_trasio@irq.a4lg.com>,
Nelson Chu <nelson@rivosinc.com>, Kito Cheng <kito.cheng@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>, Andrew Burgess <aburgess@redhat.com>,
Jan Beulich <jbeulich@suse.com>, Andreas Schwab <schwab@suse.de>
Subject: [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
Date: Tue, 4 Oct 2022 09:45:49 +0000
Message-Id:
<fc849c94f4adcac1c4ccc5508c7a145a2f13b2a9.1664876744.git.research_trasio@irq.a4lg.com>
In-Reply-To: <cover.1664876744.git.research_trasio@irq.a4lg.com>
References: <cover.1664873933.git.research_trasio@irq.a4lg.com>
<cover.1664876744.git.research_trasio@irq.a4lg.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, GIT_PATCH_0, KAM_MANYTO, SPF_HELO_NONE, SPF_PASS,
TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-BeenThere: binutils@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Binutils mailing list <binutils.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/binutils>,
<mailto:binutils-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/binutils/>
List-Post: <mailto:binutils@sourceware.org>
List-Help: <mailto:binutils-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/binutils>,
<mailto:binutils-request@sourceware.org?subject=subscribe>
From: Tsukasa OI via Binutils <binutils@sourceware.org>
Reply-To: Tsukasa OI <research_trasio@irq.a4lg.com>
Cc: binutils@sourceware.org, gdb-patches@sourceware.org
Errors-To: binutils-bounces+ouuuleilei=gmail.com@sourceware.org
Sender: "Binutils" <binutils-bounces+ouuuleilei=gmail.com@sourceware.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1745746991619630293?=
X-GMAIL-MSGID: =?utf-8?q?1745749838865329392?=
|
| Series |
RISC-V: Fix buffer overflow after 176-bit instruction support
|
|
Checks
| Context | Check | Description |
|---|---|---|
| snail/binutils-gdb-check | success | Github commit url |
Commit Message
Tsukasa OI
Oct. 4, 2022, 9:45 a.m. UTC
Because riscv_insn_length started to support instructions up to 176-bit, we need to increase packet buffer size to 176-bit in size. include/ChangeLog: * opcode/riscv.h (RISCV_MAX_INSN_LEN): Max instruction length for use in buffer size. opcodes/ChangeLog: * riscv-dis.c (print_insn_riscv): Increase buffer size for max 176-bit length instructions. --- include/opcode/riscv.h | 2 ++ opcodes/riscv-dis.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-)
Comments
On 04.10.2022 11:45, Tsukasa OI wrote: > --- a/include/opcode/riscv.h > +++ b/include/opcode/riscv.h > @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] = > "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw" > }; > > +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */ To be honest this still doesn't look sufficient to me: There's still no connection between this constant and riscv_insn_length(). Yet both want changing at the same time when it comes to insn length aspects. As said in reply to v1 - comments may be one way of dealing with this. We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't be usable in a portable way), so an actual build time check might not be feasible. A runtime check also doesn't look realistic, as gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN); wouldn't be correct, and I'm unconvinced of using other than the most simple ~0 as an argument here. Jan
On 2022/10/04 18:58, Jan Beulich wrote: > On 04.10.2022 11:45, Tsukasa OI wrote: >> --- a/include/opcode/riscv.h >> +++ b/include/opcode/riscv.h >> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] = >> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw" >> }; >> >> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */ > > To be honest this still doesn't look sufficient to me: There's still > no connection between this constant and riscv_insn_length(). Yet both > want changing at the same time when it comes to insn length aspects. > As said in reply to v1 - comments may be one way of dealing with this. > We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't > be usable in a portable way), so an actual build time check might not > be feasible. A runtime check also doesn't look realistic, as > > gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN); > > wouldn't be correct, and I'm unconvinced of using other than the most > simple ~0 as an argument here. > > Jan > I have to agree that the constant with no direct connection with riscv_insn_length is not good but I don't come up with better solution than this (with given constraints). In any case, keeping this stack buffer overflow is definitely a bad idea and we have to do something to deal with it in a days. Tsukasa
On 04.10.2022 12:13, Tsukasa OI wrote: > On 2022/10/04 18:58, Jan Beulich wrote: >> On 04.10.2022 11:45, Tsukasa OI wrote: >>> --- a/include/opcode/riscv.h >>> +++ b/include/opcode/riscv.h >>> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] = >>> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw" >>> }; >>> >>> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */ >> >> To be honest this still doesn't look sufficient to me: There's still >> no connection between this constant and riscv_insn_length(). Yet both >> want changing at the same time when it comes to insn length aspects. >> As said in reply to v1 - comments may be one way of dealing with this. >> We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't >> be usable in a portable way), so an actual build time check might not >> be feasible. A runtime check also doesn't look realistic, as >> >> gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN); >> >> wouldn't be correct, and I'm unconvinced of using other than the most >> simple ~0 as an argument here. > > I have to agree that the constant with no direct connection with > riscv_insn_length is not good but I don't come up with better solution > than this (with given constraints). > In any case, keeping this stack buffer overflow is definitely a bad idea > and we have to do something to deal with it in a days. Agreed. Hence could you add cross-referencing comments at both sides while introducing the #define, as a minimal measure? Jan
On 04.10.2022 12:16, Jan Beulich via Binutils wrote: > On 04.10.2022 12:13, Tsukasa OI wrote: >> On 2022/10/04 18:58, Jan Beulich wrote: >>> On 04.10.2022 11:45, Tsukasa OI wrote: >>>> --- a/include/opcode/riscv.h >>>> +++ b/include/opcode/riscv.h >>>> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] = >>>> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw" >>>> }; >>>> >>>> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */ >>> >>> To be honest this still doesn't look sufficient to me: There's still >>> no connection between this constant and riscv_insn_length(). Yet both >>> want changing at the same time when it comes to insn length aspects. >>> As said in reply to v1 - comments may be one way of dealing with this. >>> We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't >>> be usable in a portable way), so an actual build time check might not >>> be feasible. A runtime check also doesn't look realistic, as >>> >>> gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN); >>> >>> wouldn't be correct, and I'm unconvinced of using other than the most >>> simple ~0 as an argument here. >> >> I have to agree that the constant with no direct connection with >> riscv_insn_length is not good but I don't come up with better solution >> than this (with given constraints). >> In any case, keeping this stack buffer overflow is definitely a bad idea >> and we have to do something to deal with it in a days. > > Agreed. Hence could you add cross-referencing comments at both sides > while introducing the #define, as a minimal measure? Or wait - why don't you move the #define _into_ riscv_insn_length(), placed right at the position that would need touching when adding support for wider insns (or when deciding to reduce support again)? Jan
diff --git a/include/opcode/riscv.h b/include/opcode/riscv.h index 9417dcf00c5..33415977bc7 100644 --- a/include/opcode/riscv.h +++ b/include/opcode/riscv.h @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] = "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw" }; +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */ + #define RVC_JUMP_BITS 11 #define RVC_JUMP_REACH ((1ULL << RVC_JUMP_BITS) * RISCV_JUMP_ALIGN) diff --git a/opcodes/riscv-dis.c b/opcodes/riscv-dis.c index 6ac69490b78..f5e5af3138c 100644 --- a/opcodes/riscv-dis.c +++ b/opcodes/riscv-dis.c @@ -999,7 +999,7 @@ riscv_disassemble_data (bfd_vma memaddr ATTRIBUTE_UNUSED, int print_insn_riscv (bfd_vma memaddr, struct disassemble_info *info) { - bfd_byte packet[8]; + bfd_byte packet[RISCV_MAX_INSN_LEN]; insn_t insn = 0; bfd_vma dump_size; int status;