QEMU-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: sw@weilnetz.de
Subject: [PATCH 18/23] tcg/tci: Move stack bounds check to compile-time
Date: Wed, 27 Jan 2021 22:23:26 -1000
Message-ID: <20210128082331.196801-19-richard.henderson@linaro.org> (raw)
In-Reply-To: <20210128082331.196801-1-richard.henderson@linaro.org>

The existing check was incomplete:
(1) Only applied to two of the 7 stores, and not to the loads at all.
(2) Only checked the upper, but not the lower bound of the stack.

Doing this at compile time means that we don't need to do it
at runtime as well.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/tci.c                |  2 --
 tcg/tci/tcg-target.c.inc | 13 +++++++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/tcg/tci.c b/tcg/tci.c
index 67875636a5..c4c303f874 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -623,7 +623,6 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env,
             t0 = tci_read_r32(regs, &tb_ptr);
             t1 = tci_read_r(regs, &tb_ptr);
             t2 = tci_read_s32(&tb_ptr);
-            tci_assert(t1 != sp_value || (int32_t)t2 < 0);
             *(uint32_t *)(t1 + t2) = t0;
             break;
 
@@ -879,7 +878,6 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env,
             t0 = tci_read_r64(regs, &tb_ptr);
             t1 = tci_read_r(regs, &tb_ptr);
             t2 = tci_read_s32(&tb_ptr);
-            tci_assert(t1 != sp_value || (int32_t)t2 < 0);
             *(uint64_t *)(t1 + t2) = t0;
             break;
 
diff --git a/tcg/tci/tcg-target.c.inc b/tcg/tci/tcg-target.c.inc
index 15981265db..a60fa524a4 100644
--- a/tcg/tci/tcg-target.c.inc
+++ b/tcg/tci/tcg-target.c.inc
@@ -484,10 +484,20 @@ static void tci_out_label(TCGContext *s, TCGLabel *label)
     }
 }
 
+static void stack_bounds_check(TCGReg base, target_long offset)
+{
+    if (base == TCG_REG_CALL_STACK) {
+        tcg_debug_assert(offset < 0);
+        tcg_debug_assert(offset >= -(CPU_TEMP_BUF_NLONGS * sizeof(long)));
+    }
+}
+
 static void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret, TCGReg arg1,
                        intptr_t arg2)
 {
     uint8_t *old_code_ptr = s->code_ptr;
+
+    stack_bounds_check(arg1, arg2);
     if (type == TCG_TYPE_I32) {
         tcg_out_op_t(s, INDEX_op_ld_i32);
         tcg_out_r(s, ret);
@@ -623,6 +633,7 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
     case INDEX_op_st16_i64:
     case INDEX_op_st32_i64:
     case INDEX_op_st_i64:
+        stack_bounds_check(args[1], args[2]);
         tcg_out_r(s, args[0]);
         tcg_out_r(s, args[1]);
         tcg_debug_assert(args[2] == (int32_t)args[2]);
@@ -825,6 +836,8 @@ static void tcg_out_st(TCGContext *s, TCGType type, TCGReg arg, TCGReg arg1,
                        intptr_t arg2)
 {
     uint8_t *old_code_ptr = s->code_ptr;
+
+    stack_bounds_check(arg1, arg2);
     if (type == TCG_TYPE_I32) {
         tcg_out_op_t(s, INDEX_op_st_i32);
         tcg_out_r(s, arg);
-- 
2.25.1



  parent reply index

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-28  8:23 [PATCH 00/23] TCI fixes and cleanups Richard Henderson
2021-01-28  8:23 ` [PATCH 01/23] configure: Fix --enable-tcg-interpreter Richard Henderson
2021-01-28 11:47   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 02/23] tcg: Manage splitwx in tc_ptr_to_region_tree by hand Richard Henderson
2021-01-28 13:09   ` Alex Bennée
2021-01-28 13:54     ` Alex Bennée
2021-01-28  8:23 ` [PATCH 03/23] exec: Make tci_tb_ptr thread-local Richard Henderson
2021-01-28  8:23 ` [PATCH 04/23] tcg/tci: Implement INDEX_op_ld16s_i32 Richard Henderson
2021-01-28 13:59   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 05/23] tcg/tci: Implement INDEX_op_ld8s_i64 Richard Henderson
2021-01-28 13:59   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 06/23] tcg/tci: Inline tci_write_reg32s into the only caller Richard Henderson
2021-01-28 15:28   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 07/23] tcg/tci: Inline tci_write_reg8 into its callers Richard Henderson
2021-01-28 15:30   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 08/23] tcg/tci: Inline tci_write_reg16 into the only caller Richard Henderson
2021-01-28 15:30   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 09/23] tcg/tci: Inline tci_write_reg32 into all callers Richard Henderson
2021-01-28 15:31   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 10/23] tcg/tci: Inline tci_write_reg64 into 64-bit callers Richard Henderson
2021-01-28 15:32   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 11/23] tcg/tci: Merge INDEX_op_ld8u_{i32,i64} Richard Henderson
2021-01-28 16:18   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 12/23] tcg/tci: Merge INDEX_op_ld8s_{i32,i64} Richard Henderson
2021-01-28 16:18   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 13/23] tcg/tci: Merge INDEX_op_ld16u_{i32,i64} Richard Henderson
2021-01-28 16:19   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 14/23] tcg/tci: Merge INDEX_op_ld16s_{i32,i64} Richard Henderson
2021-01-28 16:20   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 15/23] tcg/tci: Merge INDEX_op_{ld_i32,ld32u_i64} Richard Henderson
2021-01-28 16:20   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 16/23] tcg/tci: Merge INDEX_op_st8_{i32,i64} Richard Henderson
2021-01-28 16:20   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 17/23] tcg/tci: Merge INDEX_op_st16_{i32,i64} Richard Henderson
2021-01-28 16:20   ` Alex Bennée
2021-01-28  8:23 ` Richard Henderson [this message]
2021-01-28 16:37   ` [PATCH 18/23] tcg/tci: Move stack bounds check to compile-time Alex Bennée
2021-01-28  8:23 ` [PATCH 19/23] tcg/tci: Merge INDEX_op_{st_i32,st32_i64} Richard Henderson
2021-01-28 16:38   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 20/23] tcg/tci: Use g_assert_not_reached Richard Henderson
2021-01-28 10:07   ` Stefan Weil
2021-01-28 15:34   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 21/23] tcg/tci: Remove dead code for TCG_TARGET_HAS_div2_* Richard Henderson
2021-01-28 15:36   ` Alex Bennée
2021-01-28 15:39   ` Stefan Weil
2021-01-28 17:56     ` Richard Henderson
2021-01-28  8:23 ` [PATCH 22/23] tcg/tci: Implement 64-bit division Richard Henderson
2021-01-28 10:04   ` Stefan Weil
2021-01-28 17:56     ` Richard Henderson
2021-01-28 15:38   ` Alex Bennée
2021-01-28  8:23 ` [PATCH 23/23] tcg/tci: Remove TODO as unused Richard Henderson
2021-01-28 15:38   ` Alex Bennée
2021-01-28 15:38 ` [PATCH 00/23] TCI fixes and cleanups Alex Bennée
2021-01-28 16:39 ` Alex Bennée

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210128082331.196801-19-richard.henderson@linaro.org \
    --to=richard.henderson@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=sw@weilnetz.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

QEMU-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/qemu-devel/0 qemu-devel/git/0.git
	git clone --mirror https://lore.kernel.org/qemu-devel/1 qemu-devel/git/1.git
	git clone --mirror https://lore.kernel.org/qemu-devel/2 qemu-devel/git/2.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 qemu-devel qemu-devel/ https://lore.kernel.org/qemu-devel \
		qemu-devel@nongnu.org
	public-inbox-index qemu-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.nongnu.qemu-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git