* [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
2022-10-04 9:45 ` [PATCH v2 0/2] RISC-V: Fix buffer overflow after 176-bit " Tsukasa OI
@ 2022-10-04 9:45 ` Tsukasa OI
2022-10-04 9:58 ` Jan Beulich
2022-10-04 9:45 ` [PATCH v2 2/2] gdb/riscv: Partial support for instructions up to 176-bits Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Tsukasa OI
2 siblings, 1 reply; 20+ messages in thread
From: Tsukasa OI @ 2022-10-04 9:45 UTC (permalink / raw)
To: Tsukasa OI, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Jan Beulich, Andreas Schwab
Cc: binutils, gdb-patches
Because riscv_insn_length started to support instructions up to 176-bit,
we need to increase packet buffer size to 176-bit in size.
include/ChangeLog:
* opcode/riscv.h (RISCV_MAX_INSN_LEN): Max instruction length for
use in buffer size.
opcodes/ChangeLog:
* riscv-dis.c (print_insn_riscv): Increase buffer size for max
176-bit length instructions.
---
include/opcode/riscv.h | 2 ++
opcodes/riscv-dis.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/opcode/riscv.h b/include/opcode/riscv.h
index 9417dcf00c5..33415977bc7 100644
--- a/include/opcode/riscv.h
+++ b/include/opcode/riscv.h
@@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] =
"i", "iw", "ir", "irw", "io", "iow", "ior", "iorw"
};
+#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */
+
#define RVC_JUMP_BITS 11
#define RVC_JUMP_REACH ((1ULL << RVC_JUMP_BITS) * RISCV_JUMP_ALIGN)
diff --git a/opcodes/riscv-dis.c b/opcodes/riscv-dis.c
index 6ac69490b78..f5e5af3138c 100644
--- a/opcodes/riscv-dis.c
+++ b/opcodes/riscv-dis.c
@@ -999,7 +999,7 @@ riscv_disassemble_data (bfd_vma memaddr ATTRIBUTE_UNUSED,
int
print_insn_riscv (bfd_vma memaddr, struct disassemble_info *info)
{
- bfd_byte packet[8];
+ bfd_byte packet[RISCV_MAX_INSN_LEN];
insn_t insn = 0;
bfd_vma dump_size;
int status;
--
2.34.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
2022-10-04 9:45 ` [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv Tsukasa OI
@ 2022-10-04 9:58 ` Jan Beulich
2022-10-04 10:13 ` Tsukasa OI
0 siblings, 1 reply; 20+ messages in thread
From: Jan Beulich @ 2022-10-04 9:58 UTC (permalink / raw)
To: Tsukasa OI
Cc: binutils, gdb-patches, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Andreas Schwab
On 04.10.2022 11:45, Tsukasa OI wrote:
> --- a/include/opcode/riscv.h
> +++ b/include/opcode/riscv.h
> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] =
> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw"
> };
>
> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */
To be honest this still doesn't look sufficient to me: There's still
no connection between this constant and riscv_insn_length(). Yet both
want changing at the same time when it comes to insn length aspects.
As said in reply to v1 - comments may be one way of dealing with this.
We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't
be usable in a portable way), so an actual build time check might not
be feasible. A runtime check also doesn't look realistic, as
gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN);
wouldn't be correct, and I'm unconvinced of using other than the most
simple ~0 as an argument here.
Jan
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
2022-10-04 9:58 ` Jan Beulich
@ 2022-10-04 10:13 ` Tsukasa OI
2022-10-04 10:16 ` Jan Beulich
0 siblings, 1 reply; 20+ messages in thread
From: Tsukasa OI @ 2022-10-04 10:13 UTC (permalink / raw)
To: Jan Beulich, Binutils, gdb-patches
On 2022/10/04 18:58, Jan Beulich wrote:
> On 04.10.2022 11:45, Tsukasa OI wrote:
>> --- a/include/opcode/riscv.h
>> +++ b/include/opcode/riscv.h
>> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] =
>> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw"
>> };
>>
>> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */
>
> To be honest this still doesn't look sufficient to me: There's still
> no connection between this constant and riscv_insn_length(). Yet both
> want changing at the same time when it comes to insn length aspects.
> As said in reply to v1 - comments may be one way of dealing with this.
> We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't
> be usable in a portable way), so an actual build time check might not
> be feasible. A runtime check also doesn't look realistic, as
>
> gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN);
>
> wouldn't be correct, and I'm unconvinced of using other than the most
> simple ~0 as an argument here.
>
> Jan
>
I have to agree that the constant with no direct connection with
riscv_insn_length is not good but I don't come up with better solution
than this (with given constraints).
In any case, keeping this stack buffer overflow is definitely a bad idea
and we have to do something to deal with it in a days.
Tsukasa
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
2022-10-04 10:13 ` Tsukasa OI
@ 2022-10-04 10:16 ` Jan Beulich
2022-10-04 10:18 ` Jan Beulich
0 siblings, 1 reply; 20+ messages in thread
From: Jan Beulich @ 2022-10-04 10:16 UTC (permalink / raw)
To: Tsukasa OI; +Cc: Binutils, gdb-patches
On 04.10.2022 12:13, Tsukasa OI wrote:
> On 2022/10/04 18:58, Jan Beulich wrote:
>> On 04.10.2022 11:45, Tsukasa OI wrote:
>>> --- a/include/opcode/riscv.h
>>> +++ b/include/opcode/riscv.h
>>> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] =
>>> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw"
>>> };
>>>
>>> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */
>>
>> To be honest this still doesn't look sufficient to me: There's still
>> no connection between this constant and riscv_insn_length(). Yet both
>> want changing at the same time when it comes to insn length aspects.
>> As said in reply to v1 - comments may be one way of dealing with this.
>> We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't
>> be usable in a portable way), so an actual build time check might not
>> be feasible. A runtime check also doesn't look realistic, as
>>
>> gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN);
>>
>> wouldn't be correct, and I'm unconvinced of using other than the most
>> simple ~0 as an argument here.
>
> I have to agree that the constant with no direct connection with
> riscv_insn_length is not good but I don't come up with better solution
> than this (with given constraints).
> In any case, keeping this stack buffer overflow is definitely a bad idea
> and we have to do something to deal with it in a days.
Agreed. Hence could you add cross-referencing comments at both sides
while introducing the #define, as a minimal measure?
Jan
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
2022-10-04 10:16 ` Jan Beulich
@ 2022-10-04 10:18 ` Jan Beulich
0 siblings, 0 replies; 20+ messages in thread
From: Jan Beulich @ 2022-10-04 10:18 UTC (permalink / raw)
To: Tsukasa OI; +Cc: Binutils, gdb-patches
On 04.10.2022 12:16, Jan Beulich via Binutils wrote:
> On 04.10.2022 12:13, Tsukasa OI wrote:
>> On 2022/10/04 18:58, Jan Beulich wrote:
>>> On 04.10.2022 11:45, Tsukasa OI wrote:
>>>> --- a/include/opcode/riscv.h
>>>> +++ b/include/opcode/riscv.h
>>>> @@ -55,6 +55,8 @@ static const char * const riscv_pred_succ[16] =
>>>> "i", "iw", "ir", "irw", "io", "iow", "ior", "iorw"
>>>> };
>>>>
>>>> +#define RISCV_MAX_INSN_LEN 22 /* max 176-bit encoding. */
>>>
>>> To be honest this still doesn't look sufficient to me: There's still
>>> no connection between this constant and riscv_insn_length(). Yet both
>>> want changing at the same time when it comes to insn length aspects.
>>> As said in reply to v1 - comments may be one way of dealing with this.
>>> We don't have BUILD_BUG_ON() or alike (and even if we had it wouldn't
>>> be usable in a portable way), so an actual build time check might not
>>> be feasible. A runtime check also doesn't look realistic, as
>>>
>>> gas_assert (riscv_insn_length(~0) == RISCV_MAX_INSN_LEN);
>>>
>>> wouldn't be correct, and I'm unconvinced of using other than the most
>>> simple ~0 as an argument here.
>>
>> I have to agree that the constant with no direct connection with
>> riscv_insn_length is not good but I don't come up with better solution
>> than this (with given constraints).
>> In any case, keeping this stack buffer overflow is definitely a bad idea
>> and we have to do something to deal with it in a days.
>
> Agreed. Hence could you add cross-referencing comments at both sides
> while introducing the #define, as a minimal measure?
Or wait - why don't you move the #define _into_ riscv_insn_length(),
placed right at the position that would need touching when adding
support for wider insns (or when deciding to reduce support again)?
Jan
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v2 2/2] gdb/riscv: Partial support for instructions up to 176-bits
2022-10-04 9:45 ` [PATCH v2 0/2] RISC-V: Fix buffer overflow after 176-bit " Tsukasa OI
2022-10-04 9:45 ` [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv Tsukasa OI
@ 2022-10-04 9:45 ` Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Tsukasa OI
2 siblings, 0 replies; 20+ messages in thread
From: Tsukasa OI @ 2022-10-04 9:45 UTC (permalink / raw)
To: Tsukasa OI, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Jan Beulich, Andreas Schwab
Cc: binutils, gdb-patches
Because riscv_insn_length started to support instructions up to 176-bit,
we need to increase packet buffer size to 176-bit in size.
Also, that would break an assumption in riscv_insn::decode so this commit
fixes it.
---
gdb/riscv-tdep.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gdb/riscv-tdep.c b/gdb/riscv-tdep.c
index 47d8f9e601b..433311e1024 100644
--- a/gdb/riscv-tdep.c
+++ b/gdb/riscv-tdep.c
@@ -1770,7 +1770,7 @@ riscv_insn::fetch_instruction (struct gdbarch *gdbarch,
CORE_ADDR addr, int *len)
{
enum bfd_endian byte_order = gdbarch_byte_order_for_code (gdbarch);
- gdb_byte buf[8];
+ gdb_byte buf[RISCV_MAX_INSN_LEN];
int instlen, status;
/* All insns are at least 16 bits. */
@@ -1933,9 +1933,10 @@ riscv_insn::decode (struct gdbarch *gdbarch, CORE_ADDR pc)
}
else
{
- /* This must be a 6 or 8 byte instruction, we don't currently decode
- any of these, so just ignore it. */
- gdb_assert (m_length == 6 || m_length == 8);
+ /* 6 - 22 bytes instruction. If the length is larger than 8, we don't
+ have full instruction bits in ival. At least, such long instructions
+ are not defined yet, so just ignore it. */
+ gdb_assert (m_length > 0 && m_length % 2 == 0);
m_opcode = OTHER;
}
}
--
2.34.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support
2022-10-04 9:45 ` [PATCH v2 0/2] RISC-V: Fix buffer overflow after 176-bit " Tsukasa OI
2022-10-04 9:45 ` [PATCH v2 1/2] RISC-V: Fix buffer overflow on print_insn_riscv Tsukasa OI
2022-10-04 9:45 ` [PATCH v2 2/2] gdb/riscv: Partial support for instructions up to 176-bits Tsukasa OI
@ 2022-10-04 11:25 ` Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 1/2] RISC-V: Fix buffer overflow on print_insn_riscv Tsukasa OI
` (2 more replies)
2 siblings, 3 replies; 20+ messages in thread
From: Tsukasa OI @ 2022-10-04 11:25 UTC (permalink / raw)
To: Tsukasa OI, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Jan Beulich, Andreas Schwab
Cc: binutils, gdb-patches
Hello,
This is the PATCH v3 for quick stack buffer overflow fix.
[Changes: v2 -> v3]
- PATCH 1/2: Define RISCV_MAX_INSN_LEN in riscv_insn_length function
(idea by Jan Beulich)
- PATCH 2/2: Fix comment and commit message
[Changes: v1 -> v2]
- Fix assertion failure on riscv_insn::decode
- Use new constant RISCV_MAX_INSN_LEN for buffer size
PATCH 1: Binutils
PATCH 2: GDB (v2/3: depends on PATCH 1)
Thanks,
Tsukasa
Tsukasa OI (2):
RISC-V: Fix buffer overflow on print_insn_riscv
gdb/riscv: Partial support for instructions up to 176-bit
gdb/riscv-tdep.c | 9 +++++----
include/opcode/riscv.h | 2 ++
opcodes/riscv-dis.c | 2 +-
3 files changed, 8 insertions(+), 5 deletions(-)
base-commit: d71eca64e70c31e0d32396a0b6c60e3ea9eb420b
--
2.34.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v3 1/2] RISC-V: Fix buffer overflow on print_insn_riscv
2022-10-04 11:25 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Tsukasa OI
@ 2022-10-04 11:25 ` Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 2/2] gdb/riscv: Partial support for instructions up to 176-bit Tsukasa OI
2022-10-04 12:23 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Jan Beulich
2 siblings, 0 replies; 20+ messages in thread
From: Tsukasa OI @ 2022-10-04 11:25 UTC (permalink / raw)
To: Tsukasa OI, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Jan Beulich, Andreas Schwab
Cc: binutils, gdb-patches
Because riscv_insn_length started to support instructions up to 176-bit,
we need to increase packet buffer size to 176-bit in size.
include/ChangeLog:
* opcode/riscv.h (RISCV_MAX_INSN_LEN): Max instruction length for
use in buffer size.
opcodes/ChangeLog:
* riscv-dis.c (print_insn_riscv): Increase buffer size for max
176-bit length instructions.
---
include/opcode/riscv.h | 2 ++
opcodes/riscv-dis.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/opcode/riscv.h b/include/opcode/riscv.h
index 9417dcf00c5..b14f3d998b3 100644
--- a/include/opcode/riscv.h
+++ b/include/opcode/riscv.h
@@ -40,6 +40,8 @@ static inline unsigned int riscv_insn_length (insn_t insn)
/* 80- ... 176-bit instructions. */
if ((insn & 0x7f) == 0x7f && (insn & 0x7000) != 0x7000)
return 10 + ((insn >> 11) & 0xe);
+ /* Maximum value returned by this function. */
+#define RISCV_MAX_INSN_LEN 22
/* Longer instructions not supported at the moment. */
return 2;
}
diff --git a/opcodes/riscv-dis.c b/opcodes/riscv-dis.c
index 031c19334fa..2c0aed13e75 100644
--- a/opcodes/riscv-dis.c
+++ b/opcodes/riscv-dis.c
@@ -1000,7 +1000,7 @@ riscv_disassemble_data (bfd_vma memaddr ATTRIBUTE_UNUSED,
int
print_insn_riscv (bfd_vma memaddr, struct disassemble_info *info)
{
- bfd_byte packet[8];
+ bfd_byte packet[RISCV_MAX_INSN_LEN];
insn_t insn = 0;
bfd_vma dump_size;
int status;
--
2.34.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* [PATCH v3 2/2] gdb/riscv: Partial support for instructions up to 176-bit
2022-10-04 11:25 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 1/2] RISC-V: Fix buffer overflow on print_insn_riscv Tsukasa OI
@ 2022-10-04 11:25 ` Tsukasa OI
2022-10-04 12:23 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Jan Beulich
2 siblings, 0 replies; 20+ messages in thread
From: Tsukasa OI @ 2022-10-04 11:25 UTC (permalink / raw)
To: Tsukasa OI, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Jan Beulich, Andreas Schwab
Cc: binutils, gdb-patches
Because riscv_insn_length started to support instructions up to 176-bit,
we need to increase buf size to 176-bit in size.
Also, that would break an assumption in riscv_insn::decode so this commit
fixes it, noting that instructions longer than 64-bit are not fully
supported yet.
---
gdb/riscv-tdep.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gdb/riscv-tdep.c b/gdb/riscv-tdep.c
index 47d8f9e601b..63ebed4ff19 100644
--- a/gdb/riscv-tdep.c
+++ b/gdb/riscv-tdep.c
@@ -1770,7 +1770,7 @@ riscv_insn::fetch_instruction (struct gdbarch *gdbarch,
CORE_ADDR addr, int *len)
{
enum bfd_endian byte_order = gdbarch_byte_order_for_code (gdbarch);
- gdb_byte buf[8];
+ gdb_byte buf[RISCV_MAX_INSN_LEN];
int instlen, status;
/* All insns are at least 16 bits. */
@@ -1933,9 +1933,10 @@ riscv_insn::decode (struct gdbarch *gdbarch, CORE_ADDR pc)
}
else
{
- /* This must be a 6 or 8 byte instruction, we don't currently decode
- any of these, so just ignore it. */
- gdb_assert (m_length == 6 || m_length == 8);
+ /* 6 bytes or more. If the instruction is longer than 8 bytes, we don't
+ have full instruction bits in ival. At least, such long instructions
+ are not defined yet, so just ignore it. */
+ gdb_assert (m_length > 0 && m_length % 2 == 0);
m_opcode = OTHER;
}
}
--
2.34.1
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support
2022-10-04 11:25 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 1/2] RISC-V: Fix buffer overflow on print_insn_riscv Tsukasa OI
2022-10-04 11:25 ` [PATCH v3 2/2] gdb/riscv: Partial support for instructions up to 176-bit Tsukasa OI
@ 2022-10-04 12:23 ` Jan Beulich
2022-10-04 13:20 ` Nelson Chu
2 siblings, 1 reply; 20+ messages in thread
From: Jan Beulich @ 2022-10-04 12:23 UTC (permalink / raw)
To: Tsukasa OI
Cc: binutils, gdb-patches, Nelson Chu, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Andreas Schwab
On 04.10.2022 13:25, Tsukasa OI wrote:
> This is the PATCH v3 for quick stack buffer overflow fix.
>
> [Changes: v2 -> v3]
> - PATCH 1/2: Define RISCV_MAX_INSN_LEN in riscv_insn_length function
> (idea by Jan Beulich)
> - PATCH 2/2: Fix comment and commit message
Lgtm now, fwiw. Like elsewhere I'd prefer the arch maintainers to actually
approve the change to go in.
Jan
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support
2022-10-04 12:23 ` [PATCH v3 0/2] RISC-V: Fix buffer overflow after 176-bit instruction support Jan Beulich
@ 2022-10-04 13:20 ` Nelson Chu
0 siblings, 0 replies; 20+ messages in thread
From: Nelson Chu @ 2022-10-04 13:20 UTC (permalink / raw)
To: Jan Beulich
Cc: Tsukasa OI, binutils, gdb-patches, Kito Cheng, Palmer Dabbelt,
Andrew Burgess, Andreas Schwab
OK, thanks. If the problem is resolved and test cases are passed,
please commit.
Thanks
Nelson
On Tue, Oct 4, 2022 at 8:23 PM Jan Beulich <jbeulich@suse.com> wrote:
>
> On 04.10.2022 13:25, Tsukasa OI wrote:
> > This is the PATCH v3 for quick stack buffer overflow fix.
> >
> > [Changes: v2 -> v3]
> > - PATCH 1/2: Define RISCV_MAX_INSN_LEN in riscv_insn_length function
> > (idea by Jan Beulich)
> > - PATCH 2/2: Fix comment and commit message
>
> Lgtm now, fwiw. Like elsewhere I'd prefer the arch maintainers to actually
> approve the change to go in.
>
> Jan
^ permalink raw reply [flat|nested] 20+ messages in thread