[PATCH] D107328: [JITLink] Add fixup value range check
luxufan via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Jan 4 06:56:58 PST 2022
This revision was automatically updated to reflect the committed changes.
Closed by commit rG17af06ba8005: [JITLink] Add fixup value range check (authored by StephenFan).
Herald added a subscriber: MaskRay.
Changed prior to commit:
https://reviews.llvm.org/D107328?vs=363643&id=397288#toc
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D107328/new/
https://reviews.llvm.org/D107328
Files:
llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
llvm/test/ExecutionEngine/JITLink/RISCV/ELF_pc_indirect.s
Index: llvm/test/ExecutionEngine/JITLink/RISCV/ELF_pc_indirect.s
===================================================================
--- llvm/test/ExecutionEngine/JITLink/RISCV/ELF_pc_indirect.s
+++ llvm/test/ExecutionEngine/JITLink/RISCV/ELF_pc_indirect.s
@@ -4,11 +4,11 @@
# RUN: llvm-mc -triple=riscv32 -position-independent -filetype=obj \
# RUN: -o %t/elf_riscv32_sm_pic_reloc.o %s
# RUN: llvm-jitlink -noexec \
-# RUN: -slab-allocate 100Kb -slab-address 0xfff00000 -slab-page-size 4096 \
+# RUN: -slab-allocate 100Kb -slab-address 0x1ff00000 -slab-page-size 4096 \
# RUN: -define-abs external_func=0x1 -define-abs external_data=0x2 \
# RUN: -check %s %t/elf_riscv64_sm_pic_reloc.o
# RUN: llvm-jitlink -noexec \
-# RUN: -slab-allocate 100Kb -slab-address 0xfff00000 -slab-page-size 4096 \
+# RUN: -slab-allocate 100Kb -slab-address 0x1ff00000 -slab-page-size 4096 \
# RUN: -define-abs external_func=0x1 -define-abs external_data=0x2 \
# RUN: -check %s %t/elf_riscv32_sm_pic_reloc.o
#
Index: llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
===================================================================
--- llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
+++ llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp
@@ -161,6 +161,15 @@
return (Num & (((1ULL << (Size + 1)) - 1) << Low)) >> Low;
}
+static inline bool isInRangeForImmS32(int64_t Value) {
+ return (Value >= std::numeric_limits<int32_t>::min() &&
+ Value <= std::numeric_limits<int32_t>::max());
+}
+
+static inline bool isInRangeForImmU32(uint64_t Value) {
+ return Value <= std::numeric_limits<uint32_t>::max();
+}
+
class ELFJITLinker_riscv : public JITLinker<ELFJITLinker_riscv> {
friend class JITLinker<ELFJITLinker_riscv>;
@@ -189,14 +198,18 @@
break;
}
case R_RISCV_HI20: {
- int64_t Value = E.getTarget().getAddress() + E.getAddend();
+ uint64_t Value = E.getTarget().getAddress() + E.getAddend();
+ if (LLVM_UNLIKELY(!isInRangeForImmU32(Value)))
+ return makeTargetOutOfRangeError(G, B, E);
int32_t Hi = (Value + 0x800) & 0xFFFFF000;
uint32_t RawInstr = *(little32_t *)FixupPtr;
*(little32_t *)FixupPtr = (RawInstr & 0xFFF) | static_cast<uint32_t>(Hi);
break;
}
case R_RISCV_LO12_I: {
- int64_t Value = E.getTarget().getAddress() + E.getAddend();
+ uint64_t Value = E.getTarget().getAddress() + E.getAddend();
+ if (LLVM_UNLIKELY(!isInRangeForImmU32(Value)))
+ return makeTargetOutOfRangeError(G, B, E);
int32_t Lo = Value & 0xFFF;
uint32_t RawInstr = *(little32_t *)FixupPtr;
*(little32_t *)FixupPtr =
@@ -205,6 +218,8 @@
}
case R_RISCV_CALL: {
int64_t Value = E.getTarget().getAddress() + E.getAddend() - FixupAddress;
+ if (LLVM_UNLIKELY(!isInRangeForImmS32(Value)))
+ return makeTargetOutOfRangeError(G, B, E);
int32_t Hi = (Value + 0x800) & 0xFFFFF000;
int32_t Lo = Value & 0xFFF;
uint32_t RawInstrAuipc = *(little32_t *)FixupPtr;
@@ -216,6 +231,8 @@
}
case R_RISCV_PCREL_HI20: {
int64_t Value = E.getTarget().getAddress() + E.getAddend() - FixupAddress;
+ if (LLVM_UNLIKELY(!isInRangeForImmS32(Value)))
+ return makeTargetOutOfRangeError(G, B, E);
int32_t Hi = (Value + 0x800) & 0xFFFFF000;
uint32_t RawInstr = *(little32_t *)FixupPtr;
*(little32_t *)FixupPtr = (RawInstr & 0xFFF) | static_cast<uint32_t>(Hi);
@@ -227,6 +244,8 @@
return RelHI20.takeError();
int64_t Value = RelHI20->getTarget().getAddress() +
RelHI20->getAddend() - E.getTarget().getAddress();
+ if (LLVM_UNLIKELY(!isInRangeForImmS32(Value)))
+ return makeTargetOutOfRangeError(G, B, E);
int64_t Lo = Value & 0xFFF;
uint32_t RawInstr = *(little32_t *)FixupPtr;
*(little32_t *)FixupPtr =
@@ -237,6 +256,8 @@
auto RelHI20 = getRISCVPCRelHi20(E);
int64_t Value = RelHI20->getTarget().getAddress() +
RelHI20->getAddend() - E.getTarget().getAddress();
+ if (LLVM_UNLIKELY(!isInRangeForImmS32(Value)))
+ return makeTargetOutOfRangeError(G, B, E);
int64_t Lo = Value & 0xFFF;
uint32_t Imm31_25 = extractBits(Lo, 5, 7) << 25;
uint32_t Imm11_7 = extractBits(Lo, 0, 5) << 7;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D107328.397288.patch
Type: text/x-patch
Size: 4339 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20220104/aa76bb4e/attachment.bin>
More information about the llvm-commits
mailing list