From patchwork Wed Jun 21 07:58:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Li, Pan2 via Gcc-patches" X-Patchwork-Id: 110846 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp4194133vqr; Wed, 21 Jun 2023 00:59:17 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7JzkKG+ENwiwffRXWnWFuKGTwiW68wMNlBdc4SCSnES3QhhtMbbxjhr36Pnhqt8HTYdWLz X-Received: by 2002:a17:907:26cc:b0:987:498a:87f6 with SMTP id bp12-20020a17090726cc00b00987498a87f6mr8256511ejc.34.1687334357655; Wed, 21 Jun 2023 00:59:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687334357; cv=none; d=google.com; s=arc-20160816; b=RIYu+FTXxR9T8xDoNwCJo/BoNbko7pKVbKNxViplgnnjaWl68au7d9ETaLlTGRpySv f38EDj1MXHMKmFK2wVDPdprwkLKTIYMNTTpUUdyepV04qnCyF2i6QbN44EpbrYwB/DyP esErrM/gxteuuqt8Kr0lrJ4n3UC61v5IQVuctycKwsUYyZkzGT42g5hfuuFXAxnVvS33 2q9SkRnYzkL/JITKECzw/A0aNzAcpqsOZLbtRpWxdBIUA7WFHSWvxxMHtKzTg4f3/JWv M04SI6AkU/LbuYbi4joTs7b7XRKglwXhNO+RA5TGwHQuIJTCvX9w8DjW3LmnNj3JQpSq vxNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:dmarc-filter:delivered-to :dkim-signature:dkim-filter; bh=kfbEu4FPCf5jJS8bmzQmaEzN/mqmGJeDWwd8SejPzKo=; b=ecObe3jadIhXNk8MBo/UmoKpmLGNjHmoibS1RKU/dbajGvskUE/QinxxVLJ1IGU98a QX/hnvJFhbP1UYm1dgeLwKq5aPLyT7Q873UWlcONf/zCfFAnVwXXSry/7crn2Tu7mkfv NSoX6leNppBcLfBGEawAHmWNzn5Doex+mfKB/7U/Mj9F6NrHTHIHbculgfJap8SGlCc3 vCxr34T0A+ShH8L/KseZNkMKGq3gAtdNuVtJRX1F5zZEhpUooFhYKI4c8SKpW4mh1mUz +cgf3me6aryLcRRVqZNBokl+cCIqVJWyj2ceJOooGLVzljOM/T4SpilQ5PXcx/uxSEAU QMzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=UnWPBjxy; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id n13-20020a170906724d00b00977cb65ddd6si2034021ejk.67.2023.06.21.00.59.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jun 2023 00:59:17 -0700 (PDT) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=UnWPBjxy; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8F8CC3858C00 for ; Wed, 21 Jun 2023 07:59:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8F8CC3858C00 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1687334356; bh=kfbEu4FPCf5jJS8bmzQmaEzN/mqmGJeDWwd8SejPzKo=; h=To:Cc:Subject:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=UnWPBjxyMAH2ZMToR+Jgqd7y0MYO8LsgmmBH6lxTHgIOqgVXeK5tiWZ4iMMzbTFHG Kxo2x0gi2JAote4aB/Dmdvv2APTBQrg/lj65AV+oBgFT3aPmg+zCkKmTsQsGCf7FPP nlDLzTKp5btaYy9HQOgwnY234GD0rLkP19Nvx2Dc= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by sourceware.org (Postfix) with ESMTPS id AABC03858D28 for ; Wed, 21 Jun 2023 07:58:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AABC03858D28 X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="349836949" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="349836949" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jun 2023 00:58:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10747"; a="744076085" X-IronPort-AV: E=Sophos;i="6.00,259,1681196400"; d="scan'208";a="744076085" Received: from shvmail03.sh.intel.com ([10.239.245.20]) by orsmga008.jf.intel.com with ESMTP; 21 Jun 2023 00:58:25 -0700 Received: from pli-ubuntu.sh.intel.com (pli-ubuntu.sh.intel.com [10.239.159.47]) by shvmail03.sh.intel.com (Postfix) with ESMTP id 3316C1005198; Wed, 21 Jun 2023 15:58:25 +0800 (CST) To: gcc-patches@gcc.gnu.org Cc: juzhe.zhong@rivai.ai, rdapp.gcc@gmail.com, jeffreyalaw@gmail.com, pan2.li@intel.com, yanzhang.wang@intel.com, kito.cheng@gmail.com, rguenther@suse.de, jakub@redhat.com Subject: [PATCH v3] Streamer: Fix out of range memory access of machine mode Date: Wed, 21 Jun 2023 15:58:24 +0800 Message-Id: <20230621075824.1990571-1-pan2.li@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230619080710.1536456-1-pan2.li@intel.com> References: <20230619080710.1536456-1-pan2.li@intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-11.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Pan Li via Gcc-patches From: "Li, Pan2 via Gcc-patches" Reply-To: pan2.li@intel.com Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769298311415792799?= X-GMAIL-MSGID: =?utf-8?q?1769298311415792799?= From: Pan Li We extend the machine mode from 8 to 16 bits already. But there still one placing missing from the streamer. It has one hard coded array for the machine code like size 256. In the lto pass, we memset the array by MAX_MACHINE_MODE count but the value of the MAX_MACHINE_MODE will grow as more and more modes are added. While the machine mode array in tree-streamer still leave 256 as is. Then, when the MAX_MACHINE_MODE is greater than 256, the memset of lto_output_init_mode_table will touch the memory out of range unexpected. This patch would like to take the MAX_MACHINE_MODE as the size of the array in streamer, to make sure there is no potential unexpected memory access in future. Meanwhile, this patch also adjust some place which has MAX_MACHINE_MODE <= 256 assumption. Signed-off-by: Pan Li gcc/ChangeLog: * lto-streamer-in.cc (lto_input_mode_table): Stream in the mode bits for machine mode table. * lto-streamer-out.cc (lto_write_mode_table): Stream out the HOST machine mode bits. * lto-streamer.h (struct lto_file_decl_data): New fields mode_bits. * tree-streamer.cc (streamer_mode_table): Take MAX_MACHINE_MODE as the table size. * tree-streamer.h (streamer_mode_table): Ditto. (bp_pack_machine_mode): Take 1 << ceil_log2 (MAX_MACHINE_MODE) as the packing limit. (bp_unpack_machine_mode): Ditto. Signed-off-by: Pan Li --- gcc/lto-streamer-in.cc | 12 ++++++++---- gcc/lto-streamer-out.cc | 11 ++++++++--- gcc/lto-streamer.h | 2 ++ gcc/tree-streamer.cc | 2 +- gcc/tree-streamer.h | 14 +++++++++----- 5 files changed, 28 insertions(+), 13 deletions(-) diff --git a/gcc/lto-streamer-in.cc b/gcc/lto-streamer-in.cc index 2cb83406db5..2a0720b4e6f 100644 --- a/gcc/lto-streamer-in.cc +++ b/gcc/lto-streamer-in.cc @@ -1985,8 +1985,6 @@ lto_input_mode_table (struct lto_file_decl_data *file_data) internal_error ("cannot read LTO mode table from %s", file_data->file_name); - unsigned char *table = ggc_cleared_vec_alloc (1 << 8); - file_data->mode_table = table; const struct lto_simple_header_with_strings *header = (const struct lto_simple_header_with_strings *) data; int string_offset; @@ -1998,16 +1996,22 @@ lto_input_mode_table (struct lto_file_decl_data *file_data) header->string_size, vNULL); bitpack_d bp = streamer_read_bitpack (&ib); + unsigned mode_bits = bp_unpack_value (&bp, 5); + unsigned char *table = ggc_cleared_vec_alloc (1 << mode_bits); + + file_data->mode_table = table; + file_data->mode_bits = mode_bits; + table[VOIDmode] = VOIDmode; table[BLKmode] = BLKmode; unsigned int m; - while ((m = bp_unpack_value (&bp, 8)) != VOIDmode) + while ((m = bp_unpack_value (&bp, mode_bits)) != VOIDmode) { enum mode_class mclass = bp_unpack_enum (&bp, mode_class, MAX_MODE_CLASS); poly_uint16 size = bp_unpack_poly_value (&bp, 16); poly_uint16 prec = bp_unpack_poly_value (&bp, 16); - machine_mode inner = (machine_mode) bp_unpack_value (&bp, 8); + machine_mode inner = (machine_mode) bp_unpack_value (&bp, mode_bits); poly_uint16 nunits = bp_unpack_poly_value (&bp, 16); unsigned int ibit = 0, fbit = 0; unsigned int real_fmt_len = 0; diff --git a/gcc/lto-streamer-out.cc b/gcc/lto-streamer-out.cc index 5ab2eb4301e..36899283ded 100644 --- a/gcc/lto-streamer-out.cc +++ b/gcc/lto-streamer-out.cc @@ -3196,6 +3196,11 @@ lto_write_mode_table (void) if (inner_m != m) streamer_mode_table[(int) inner_m] = 1; } + + /* Pack the mode_bits value within 5 bits (up to 31) in the beginning. */ + unsigned mode_bits = ceil_log2 (MAX_MACHINE_MODE); + bp_pack_value (&bp, mode_bits, 5); + /* First stream modes that have GET_MODE_INNER (m) == m, so that we can refer to them afterwards. */ for (int pass = 0; pass < 2; pass++) @@ -3205,11 +3210,11 @@ lto_write_mode_table (void) machine_mode m = (machine_mode) i; if ((GET_MODE_INNER (m) == m) ^ (pass == 0)) continue; - bp_pack_value (&bp, m, 8); + bp_pack_value (&bp, m, mode_bits); bp_pack_enum (&bp, mode_class, MAX_MODE_CLASS, GET_MODE_CLASS (m)); bp_pack_poly_value (&bp, GET_MODE_SIZE (m), 16); bp_pack_poly_value (&bp, GET_MODE_PRECISION (m), 16); - bp_pack_value (&bp, GET_MODE_INNER (m), 8); + bp_pack_value (&bp, GET_MODE_INNER (m), mode_bits); bp_pack_poly_value (&bp, GET_MODE_NUNITS (m), 16); switch (GET_MODE_CLASS (m)) { @@ -3229,7 +3234,7 @@ lto_write_mode_table (void) } bp_pack_string (ob, &bp, GET_MODE_NAME (m), true); } - bp_pack_value (&bp, VOIDmode, 8); + bp_pack_value (&bp, VOIDmode, mode_bits); streamer_write_bitpack (&bp); diff --git a/gcc/lto-streamer.h b/gcc/lto-streamer.h index fc7133d07ba..443f0cd616e 100644 --- a/gcc/lto-streamer.h +++ b/gcc/lto-streamer.h @@ -604,6 +604,8 @@ struct GTY(()) lto_file_decl_data int order_base; int unit_base; + + unsigned mode_bits; }; typedef struct lto_file_decl_data *lto_file_decl_data_ptr; diff --git a/gcc/tree-streamer.cc b/gcc/tree-streamer.cc index ed65a7692e3..a28ef9c7920 100644 --- a/gcc/tree-streamer.cc +++ b/gcc/tree-streamer.cc @@ -35,7 +35,7 @@ along with GCC; see the file COPYING3. If not see During streaming in, we translate the on the disk mode using this table. For normal LTO it is set to identity, for ACCEL_COMPILER depending on the mode_table content. */ -unsigned char streamer_mode_table[1 << 8]; +unsigned char streamer_mode_table[MAX_MACHINE_MODE]; /* Check that all the TS_* structures handled by the streamer_write_* and streamer_read_* routines are exactly ALL the structures defined in diff --git a/gcc/tree-streamer.h b/gcc/tree-streamer.h index 170d61cf20b..ff8bccf901a 100644 --- a/gcc/tree-streamer.h +++ b/gcc/tree-streamer.h @@ -75,7 +75,7 @@ void streamer_write_tree_body (struct output_block *, tree); void streamer_write_integer_cst (struct output_block *, tree); /* In tree-streamer.cc. */ -extern unsigned char streamer_mode_table[1 << 8]; +extern unsigned char streamer_mode_table[MAX_MACHINE_MODE]; void streamer_check_handled_ts_structures (void); bool streamer_tree_cache_insert (struct streamer_tree_cache_d *, tree, hashval_t, unsigned *); @@ -108,15 +108,19 @@ inline void bp_pack_machine_mode (struct bitpack_d *bp, machine_mode mode) { streamer_mode_table[mode] = 1; - bp_pack_enum (bp, machine_mode, 1 << 8, mode); + int last = 1 << ceil_log2 (MAX_MACHINE_MODE); + + bp_pack_enum (bp, machine_mode, last, mode); } inline machine_mode bp_unpack_machine_mode (struct bitpack_d *bp) { - return (machine_mode) - ((class lto_input_block *) - bp->stream)->mode_table[bp_unpack_enum (bp, machine_mode, 1 << 8)]; + int last = 1 << ceil_log2 (MAX_MACHINE_MODE); + lto_input_block *input_block = (class lto_input_block *) bp->stream; + int index = bp_unpack_enum (bp, machine_mode, last); + + return (machine_mode) input_block->mode_table[index]; } #endif /* GCC_TREE_STREAMER_H */