T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cranelift: x64, aarch64, s390x, riscv64: ensure addresses are I64s. (#5972)

Browse Source 
* Cranelift: x64, aarch64, s390x, riscv64: ensure addresses are I64s.

@avanhatt has been looking at our address-mode lowering and found an
example where when feeding an `I32`-typed address into a load or store,
we can violate assumptions and get incorrect codegen.

This should never be reachable in practice, because all producers on
64-bit architectures use 64-bit types for addresses. However, our IR is
insufficiently constrained, and allows loads/stores to `I32` addresses
as well. This is nonsensical on a 64-bit architecture.

Initially I had thought we should tighten either the instruction
definition's accepted types, or the CLIF verifier, to reject this.
However both are target-independent, and we don't want to bake
an assumption of 64-bit-ness into the compiler core. Instead this PR
tightens specific backends' lowerings to rejecct loads/stores of
`I32`-typed addresses.

tl;dr: no security implications as all producers use I64-typed
addresses (and must, for correct operation); but we currently accept
I32-typed addresses too, and this breaks other assumptions.

* Allow R64 as well as I64 types.

* Add an explicit extractor to match 64-bit address types.
This commit is contained in:
Chris Fallin
2023-03-09 11:08:16 -08:00
committed by GitHub
parent f877141668
commit 7f3500a172
6 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cranelift/codegen/src/isa/s390x/inst.isle
View File

@@ -1811,10 +1811,10 @@
(decl lower_address (MemFlags Value Offset32) MemArg)
(rule (lower_address flags addr (i64_from_offset offset))
(rule (lower_address flags addr @ (value_type (ty_addr64 _)) (i64_from_offset offset))
(memarg_reg_plus_off addr offset 0 flags))
(rule 1 (lower_address flags (iadd x y) (i64_from_offset 0))
(rule 1 (lower_address flags (has_type (ty_addr64 _) (iadd x y)) (i64_from_offset 0))
(memarg_reg_plus_reg x y 0 flags))
(rule 1 (lower_address flags
@@ -1828,10 +1828,10 @@
(decl lower_address_bias (MemFlags Value Offset32 u8) MemArg)
(rule (lower_address_bias flags addr (i64_from_offset offset) bias)
(rule (lower_address_bias flags addr @ (value_type $I64) (i64_from_offset offset) bias)
(memarg_reg_plus_off addr offset bias flags))
(rule 1 (lower_address_bias flags (iadd x y) (i64_from_offset 0) bias)
(rule 1 (lower_address_bias flags (has_type $I64 (iadd x y)) (i64_from_offset 0) bias)
(memarg_reg_plus_reg x y bias flags))