From patchwork Fri Feb  2 09:55:59 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xi Ruoyao <xry111@xry111.site>
X-Patchwork-Id: 195767
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:9bc1:b0:106:209c:c626 with SMTP id op1csp320100dyc;
        Fri, 2 Feb 2024 02:00:45 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEGpVER4tZKmsJxz/ZdXss4KzoR1DxooO+NukDQozJc0tRBeMCBZhuZpJH4jyDcRz3g33NJ
X-Received: by 2002:a05:6808:3020:b0:3bd:da5f:4af7 with SMTP id
 ay32-20020a056808302000b003bdda5f4af7mr8775641oib.55.1706868044927;
        Fri, 02 Feb 2024 02:00:44 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1706868044; cv=pass;
        d=google.com; s=arc-20160816;
        b=P2JbYscQdqqkms4rfH95/EmB12Ves4lHiQGs3VsAf/yC3bB0cC7Y0PQtyLl+5UEBqG
         l+dVqZbYT9WfHarwVUxZ/GVm4kDrtoLp96EU+T43zs3CEaQlX8Nc0fXlaNnbDaj5yJC2
         3QR5Ib6o6lwMGsfbKaSL9Yv+t2TlYw3TD8Nxf5IbAPMYaDo4ED3IuVedh/cng2s7ePOt
         JDtkGX6MSewa0TKK4Gqk6sDCqSgFhfjEWPpyn3+HY3yN8P8XLroM/oBOl95IV9CF/qo/
         XhLKvJ+HFuMIZw2sB8mAT+MPdQIo5/r1+ZvmycJdrQK868DwKrSv7i54G5EBrKQqUzlw
         Q+pg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:list-subscribe:list-help:list-post:list-archive
         :list-unsubscribe:list-id:precedence:content-transfer-encoding
         :mime-version:message-id:date:subject:cc:to:from:dkim-signature
         :arc-filter:dmarc-filter:delivered-to;
        bh=0Zh4VrAJJjsnrA9Ki6Yp5Ckn/3w90g6Hz57rJI7YJCo=;
        fh=0c6cDZB92HS3jkY4QXAHONrppbyB+WHcWRiqxlKoeJ0=;
        b=PqlI8+sBQtYgZdfMgtlluik7/YSaAJL/tmNbu8kSPzIznynPDs34FdKI+RNNroHCQA
         khv3kUSqv/calc2lTFymtR9f6jmvVvG3EJ/nzgpd0t6NvNxg5CTxpK1ME2E53EJDScPp
         UK8cqWpB1fvX2ax/jeLbo+BKr6jya4Bjr7lqcltEtcdR+/LVfcJbRwMwSMfup0lJWGhw
         U1sBTYSJp+lHbg2mCeZcofhvJR1D8gXg/ooX4GMU6yv7Xv/uYyLxlFlXIA7WUv7ycjd0
         44nvPlwnLaalnAWdyhH1un7Vfgfu+PR8/35mFltS+PcAatJgX+N6A3a4ceIbC7L6hbGZ
         RSOQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@xry111.site header.s=default header.b=QTEjO7Wy;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=xry111.site
X-Forwarded-Encrypted: i=1;
 AJvYcCURN/vYR8HGqXDODSgyjsihvk+Zh7KfdTPTspf/VVOhGvAl82I2vB7xEzY/cPTIVHAdscvO6xEamJYZTEYK8yysn4tNRw==
Received: from server2.sourceware.org (server2.sourceware.org.
 [2620:52:3:1:0:246e:9693:128c])
        by mx.google.com with ESMTPS id
 v5-20020a05622a144500b00429be6b6a64si1584632qtx.580.2024.02.02.02.00.44
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Feb 2024 02:00:44 -0800 (PST)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 client-ip=2620:52:3:1:0:246e:9693:128c;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@xry111.site header.s=default header.b=QTEjO7Wy;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates
 2620:52:3:1:0:246e:9693:128c as permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=xry111.site
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 8FDAE3858029
	for <ouuuleilei@gmail.com>; Fri,  2 Feb 2024 10:00:44 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from xry111.site (xry111.site [89.208.246.23])
 by sourceware.org (Postfix) with ESMTPS id EF4C7385803F
 for <gcc-patches@gcc.gnu.org>; Fri,  2 Feb 2024 09:59:44 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EF4C7385803F
Authentication-Results: sourceware.org;
 dmarc=pass (p=reject dis=none) header.from=xry111.site
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EF4C7385803F
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=89.208.246.23
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706867987; cv=none;
 b=sUf8UQO5psikhzwdiKdb8yOqLtWZ0FU1XUGtjr6jXzmp5bO035DeniyfWCBIM+2HnIN4Uy89GBIy3zsJKWwW8rHLp63jagNjgOzYOEk6mpiQ+L3wzDsQxnKkfSTaaq/+FtItjVeIflaqjEDjt7QDS2c+W2UL858vf40bcFbtOlk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1706867987; c=relaxed/simple;
 bh=o/W1fkW/aT9iv9nMaeW5Khv8NkEIumOWv1YuEijXwkY=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=A7rW2nAzB6bgoebbo0HFTMopkFVd/RJs6A/k8jOfg0Gt8vzyZFDfxEoj/0NHd8sfuIctEHMp5Dl9YSOjFkJyS1TZykgYwg46W52gs2liHcDDpALtzGck3FkWGmQkLApAgcWmDhSJpr/P4EdDW+rB3uMBvT2/wMrmcfZqX5Vo4LM=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site;
 s=default; t=1706867983;
 bh=o/W1fkW/aT9iv9nMaeW5Khv8NkEIumOWv1YuEijXwkY=;
 h=From:To:Cc:Subject:Date:From;
 b=QTEjO7Wyf8HWLwlBuBm05J5ESSyix9c8DZJjhwb7UGYC7h4AnXETXYucxfhjAUThq
 1OdgWFP1ez9hiQSQb4c9mJPnoVK+JrMtyQ/y3fcI3NfZY9N8kK8JuTHUDemFSERwcc
 sWLSgcMTMfrxYSxouad6ZojQWfQDEabtmQ3xjzTo=
Received: from stargazer.. (unknown
 [IPv6:240e:457:1030:42a3:b2e5:c862:48d6:8912])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 (Authenticated sender: xry111@xry111.site)
 by xry111.site (Postfix) with ESMTPSA id 3B41F66B14;
 Fri,  2 Feb 2024 04:59:38 -0500 (EST)
From: Xi Ruoyao <xry111@xry111.site>
To: gcc-patches@gcc.gnu.org
Cc: chenglulu <chenglulu@loongson.cn>, i@xen0n.name, xuchenghua@loongson.cn,
 Xi Ruoyao <xry111@xry111.site>
Subject: [PATCH] LoongArch: Avoid out-of-bounds access in
 loongarch_symbol_insns
Date: Fri,  2 Feb 2024 17:55:59 +0800
Message-ID: <20240202095628.3242-1-xry111@xry111.site>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, LIKELY_SPAM_FROM,
 SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1789780866953650956
X-GMAIL-MSGID: 1789780866953650956

We call loongarch_symbol_insns with mode = MAX_MACHINE_MODE sometimes.
But in loongarch_symbol_insns:

    if (LSX_SUPPORTED_MODE_P (mode) || LASX_SUPPORTED_MODE_P (mode))
      return 0;

And LSX_SUPPORTED_MODE_P is defined as:

    #define LSX_SUPPORTED_MODE_P(MODE) \
      (ISA_HAS_LSX \
       && GET_MODE_SIZE (MODE) == UNITS_PER_LSX_REG ... ...

GET_MODE_SIZE is expanded to a call to mode_to_bytes, which is defined:

    ALWAYS_INLINE poly_uint16
    mode_to_bytes (machine_mode mode)
    {
    #if GCC_VERSION >= 4001
      return (__builtin_constant_p (mode)
	  ? mode_size_inline (mode) : mode_size[mode]);
    #else
      return mode_size[mode];
    #endif
    }

There is an assertion in mode_size_inline:

    gcc_assert (mode >= 0 && mode < NUM_MACHINE_MODES);

Note that NUM_MACHINE_MODES = MAX_MACHINE_MODE (emitted by genmodes.cc),
thus if __builtin_constant_p (mode) is evaluated true (it happens when
GCC is bootstrapped with LTO+PGO), the assertion will be triggered and
cause an ICE.  OTOH if __builtin_constant_p (mode) is evaluated false,
mode_size[mode] is still an out-of-bound array access (the length or the
mode_size array is NUM_MACHINE_MODES).

So we shouldn't call LSX_SUPPORTED_MODE_P or LASX_SUPPORTED_MODE_P with
MAX_MACHINE_MODE in loongarch_symbol_insns.  This is very similar to a
MIPS bug PR98491 fixed by me about 3 years ago.

gcc/ChangeLog:

	* config/loongarch/loongarch.cc (loongarch_symbol_insns): Do not
	use LSX_SUPPORTED_MODE_P or LASX_SUPPORTED_MODE_P if mode is
	MAX_MACHINE_MODE.
---

Bootstrapped and regtested on loongarch64-linux-gnu.  Ok for trunk?

 gcc/config/loongarch/loongarch.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gcc/config/loongarch/loongarch.cc b/gcc/config/loongarch/loongarch.cc
index 963e86d61af..6badef45d62 100644
--- a/gcc/config/loongarch/loongarch.cc
+++ b/gcc/config/loongarch/loongarch.cc
@@ -2007,7 +2007,8 @@ loongarch_symbol_insns (enum loongarch_symbol_type type, machine_mode mode)
 {
   /* LSX LD.* and ST.* cannot support loading symbols via an immediate
      operand.  */
-  if (LSX_SUPPORTED_MODE_P (mode) || LASX_SUPPORTED_MODE_P (mode))
+  if (mode != MAX_MACHINE_MODE
+      && (LSX_SUPPORTED_MODE_P (mode) || LASX_SUPPORTED_MODE_P (mode)))
     return 0;
 
   switch (type)