Skip to content

V
V8
Commit 0f935161 authored by mbrandy's avatar mbrandy Committed by Commit bot
Browse files
Options

PPC: protect against malformed branch and memory access instructions. 

R=dstence@us.ibm.com, michael_dawson@ca.ibm.com

Review URL: https://codereview.chromium.org/1239583002

Cr-Commit-Position: refs/heads/master@{#29627}
parent 7036a0b1
Hide whitespace changes
Inline Side-by-side
Showing with 22 additions and 23 deletions
src/ppc/assembler-ppc-inl.h
View file @ 0f935161
...@@ -597,12 +597,12 @@ void Assembler::PatchConstantPoolAccessInstruction( ...@@ -597,12 +597,12 @@ void Assembler::PatchConstantPoolAccessInstruction(
ConstantPoolEntry::Type type) { ConstantPoolEntry::Type type) {
Address pc = buffer_ + pc_offset; Address pc = buffer_ + pc_offset;
bool overflowed = (access == ConstantPoolEntry::OVERFLOWED); bool overflowed = (access == ConstantPoolEntry::OVERFLOWED);
CHECK(overflowed != is_int16(offset));
#ifdef DEBUG #ifdef DEBUG
ConstantPoolEntry::Access access_check = ConstantPoolEntry::Access access_check =
static_cast<ConstantPoolEntry::Access>(-1); static_cast<ConstantPoolEntry::Access>(-1);
DCHECK(IsConstantPoolLoadStart(pc, &access_check)); DCHECK(IsConstantPoolLoadStart(pc, &access_check));
DCHECK(access_check == access); DCHECK(access_check == access);
DCHECK(overflowed != is_int16(offset));
#endif #endif
if (overflowed) { if (overflowed) {
int hi_word = static_cast<int>(offset >> 16); int hi_word = static_cast<int>(offset >> 16);
......
src/ppc/assembler-ppc.cc
View file @ 0f935161
...@@ -434,7 +434,7 @@ void Assembler::target_at_put(int pos, int target_pos) { ...@@ -434,7 +434,7 @@ void Assembler::target_at_put(int pos, int target_pos) {
switch (opcode) { switch (opcode) {
case BX: { case BX: {
int imm26 = target_pos - pos; int imm26 = target_pos - pos;
DCHECK(is_int26(imm26) && (imm26 & (kAAMask | kLKMask)) == 0); CHECK(is_int26(imm26) && (imm26 & (kAAMask | kLKMask)) == 0);
if (imm26 == kInstrSize && !(instr & kLKMask)) { if (imm26 == kInstrSize && !(instr & kLKMask)) {
// Branch to next instr without link. // Branch to next instr without link.
instr = ORI; // nop: ori, 0,0,0 instr = ORI; // nop: ori, 0,0,0
...@@ -447,7 +447,7 @@ void Assembler::target_at_put(int pos, int target_pos) { ...@@ -447,7 +447,7 @@ void Assembler::target_at_put(int pos, int target_pos) {
} }
case BCX: { case BCX: {
int imm16 = target_pos - pos; int imm16 = target_pos - pos;
DCHECK(is_int16(imm16) && (imm16 & (kAAMask | kLKMask)) == 0); CHECK(is_int16(imm16) && (imm16 & (kAAMask | kLKMask)) == 0);
if (imm16 == kInstrSize && !(instr & kLKMask)) { if (imm16 == kInstrSize && !(instr & kLKMask)) {
// Branch to next instr without link. // Branch to next instr without link.
instr = ORI; // nop: ori, 0,0,0 instr = ORI; // nop: ori, 0,0,0
...@@ -598,14 +598,14 @@ void Assembler::d_form(Instr instr, Register rt, Register ra, ...@@ -598,14 +598,14 @@ void Assembler::d_form(Instr instr, Register rt, Register ra,
if (!is_int16(val)) { if (!is_int16(val)) {
PrintF("val = %" V8PRIdPTR ", 0x%" V8PRIxPTR "\n", val, val); PrintF("val = %" V8PRIdPTR ", 0x%" V8PRIxPTR "\n", val, val);
} }
DCHECK(is_int16(val)); CHECK(is_int16(val));
} else { } else {
if (!is_uint16(val)) { if (!is_uint16(val)) {
PrintF("val = %" V8PRIdPTR ", 0x%" V8PRIxPTR PrintF("val = %" V8PRIdPTR ", 0x%" V8PRIxPTR
", is_unsigned_imm16(val)=%d, kImm16Mask=0x%x\n", ", is_unsigned_imm16(val)=%d, kImm16Mask=0x%x\n",
val, val, is_uint16(val), kImm16Mask); val, val, is_uint16(val), kImm16Mask);
} }
DCHECK(is_uint16(val)); CHECK(is_uint16(val));
} }
emit(instr | rt.code() * B21 | ra.code() * B16 | (kImm16Mask & val)); emit(instr | rt.code() * B21 | ra.code() * B16 | (kImm16Mask & val));
} }
...@@ -715,8 +715,9 @@ void Assembler::bc(int branch_offset, BOfield bo, int condition_bit, LKBit lk) { ...@@ -715,8 +715,9 @@ void Assembler::bc(int branch_offset, BOfield bo, int condition_bit, LKBit lk) {
if (lk == SetLK) { if (lk == SetLK) {
positions_recorder()->WriteRecordedPositions(); positions_recorder()->WriteRecordedPositions();
} }
DCHECK(is_int16(branch_offset)); int imm16 = branch_offset;
emit(BCX | bo | condition_bit * B16 | (kImm16Mask & branch_offset) | lk); CHECK(is_int16(imm16) && (imm16 & (kAAMask | kLKMask)) == 0);
emit(BCX | bo | condition_bit * B16 | (imm16 & kImm16Mask) | lk);
} }
...@@ -724,10 +725,8 @@ void Assembler::b(int branch_offset, LKBit lk) { ...@@ -724,10 +725,8 @@ void Assembler::b(int branch_offset, LKBit lk) {
if (lk == SetLK) { if (lk == SetLK) {
positions_recorder()->WriteRecordedPositions(); positions_recorder()->WriteRecordedPositions();
} }
DCHECK((branch_offset & 3) == 0);
int imm26 = branch_offset; int imm26 = branch_offset;
DCHECK(is_int26(imm26)); CHECK(is_int26(imm26) && (imm26 & (kAAMask | kLKMask)) == 0);
// todo add AA and LK bits
emit(BX | (imm26 & kImm26Mask) | lk); emit(BX | (imm26 & kImm26Mask) | lk);
} }
...@@ -1192,7 +1191,7 @@ void Assembler::lwa(Register dst, const MemOperand& src) { ...@@ -1192,7 +1191,7 @@ void Assembler::lwa(Register dst, const MemOperand& src) {
#if V8_TARGET_ARCH_PPC64 #if V8_TARGET_ARCH_PPC64
int offset = src.offset(); int offset = src.offset();
DCHECK(!src.ra_.is(r0)); DCHECK(!src.ra_.is(r0));
DCHECK(!(offset & 3) && is_int16(offset)); CHECK(!(offset & 3) && is_int16(offset));
offset = kImm16Mask & offset; offset = kImm16Mask & offset;
emit(LD | dst.code() * B21 | src.ra().code() * B16 | offset | 2); emit(LD | dst.code() * B21 | src.ra().code() * B16 | offset | 2);
#else #else
...@@ -1326,7 +1325,7 @@ void Assembler::andc(Register dst, Register src1, Register src2, RCBit rc) { ...@@ -1326,7 +1325,7 @@ void Assembler::andc(Register dst, Register src1, Register src2, RCBit rc) {
void Assembler::ld(Register rd, const MemOperand& src) { void Assembler::ld(Register rd, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
DCHECK(!src.ra_.is(r0)); DCHECK(!src.ra_.is(r0));
DCHECK(!(offset & 3) && is_int16(offset)); CHECK(!(offset & 3) && is_int16(offset));
offset = kImm16Mask & offset; offset = kImm16Mask & offset;
emit(LD | rd.code() * B21 | src.ra().code() * B16 | offset); emit(LD | rd.code() * B21 | src.ra().code() * B16 | offset);
} }
...@@ -1343,7 +1342,7 @@ void Assembler::ldx(Register rd, const MemOperand& src) { ...@@ -1343,7 +1342,7 @@ void Assembler::ldx(Register rd, const MemOperand& src) {
void Assembler::ldu(Register rd, const MemOperand& src) { void Assembler::ldu(Register rd, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
DCHECK(!src.ra_.is(r0)); DCHECK(!src.ra_.is(r0));
DCHECK(!(offset & 3) && is_int16(offset)); CHECK(!(offset & 3) && is_int16(offset));
offset = kImm16Mask & offset; offset = kImm16Mask & offset;
emit(LD | rd.code() * B21 | src.ra().code() * B16 | offset | 1); emit(LD | rd.code() * B21 | src.ra().code() * B16 | offset | 1);
} }
...@@ -1360,7 +1359,7 @@ void Assembler::ldux(Register rd, const MemOperand& src) { ...@@ -1360,7 +1359,7 @@ void Assembler::ldux(Register rd, const MemOperand& src) {
void Assembler::std(Register rs, const MemOperand& src) { void Assembler::std(Register rs, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
DCHECK(!src.ra_.is(r0)); DCHECK(!src.ra_.is(r0));
DCHECK(!(offset & 3) && is_int16(offset)); CHECK(!(offset & 3) && is_int16(offset));
offset = kImm16Mask & offset; offset = kImm16Mask & offset;
emit(STD | rs.code() * B21 | src.ra().code() * B16 | offset); emit(STD | rs.code() * B21 | src.ra().code() * B16 | offset);
} }
...@@ -1377,7 +1376,7 @@ void Assembler::stdx(Register rs, const MemOperand& src) { ...@@ -1377,7 +1376,7 @@ void Assembler::stdx(Register rs, const MemOperand& src) {
void Assembler::stdu(Register rs, const MemOperand& src) { void Assembler::stdu(Register rs, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
DCHECK(!src.ra_.is(r0)); DCHECK(!src.ra_.is(r0));
DCHECK(!(offset & 3) && is_int16(offset)); CHECK(!(offset & 3) && is_int16(offset));
offset = kImm16Mask & offset; offset = kImm16Mask & offset;
emit(STD | rs.code() * B21 | src.ra().code() * B16 | offset | 1); emit(STD | rs.code() * B21 | src.ra().code() * B16 | offset | 1);
} }
...@@ -1928,7 +1927,7 @@ void Assembler::lfd(const DoubleRegister frt, const MemOperand& src) { ...@@ -1928,7 +1927,7 @@ void Assembler::lfd(const DoubleRegister frt, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
emit(LFD | frt.code() * B21 | ra.code() * B16 | imm16); emit(LFD | frt.code() * B21 | ra.code() * B16 | imm16);
...@@ -1939,7 +1938,7 @@ void Assembler::lfdu(const DoubleRegister frt, const MemOperand& src) { ...@@ -1939,7 +1938,7 @@ void Assembler::lfdu(const DoubleRegister frt, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
emit(LFDU | frt.code() * B21 | ra.code() * B16 | imm16); emit(LFDU | frt.code() * B21 | ra.code() * B16 | imm16);
...@@ -1967,7 +1966,7 @@ void Assembler::lfdux(const DoubleRegister frt, const MemOperand& src) { ...@@ -1967,7 +1966,7 @@ void Assembler::lfdux(const DoubleRegister frt, const MemOperand& src) {
void Assembler::lfs(const DoubleRegister frt, const MemOperand& src) { void Assembler::lfs(const DoubleRegister frt, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
...@@ -1978,7 +1977,7 @@ void Assembler::lfs(const DoubleRegister frt, const MemOperand& src) { ...@@ -1978,7 +1977,7 @@ void Assembler::lfs(const DoubleRegister frt, const MemOperand& src) {
void Assembler::lfsu(const DoubleRegister frt, const MemOperand& src) { void Assembler::lfsu(const DoubleRegister frt, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
...@@ -2007,7 +2006,7 @@ void Assembler::lfsux(const DoubleRegister frt, const MemOperand& src) { ...@@ -2007,7 +2006,7 @@ void Assembler::lfsux(const DoubleRegister frt, const MemOperand& src) {
void Assembler::stfd(const DoubleRegister frs, const MemOperand& src) { void Assembler::stfd(const DoubleRegister frs, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
...@@ -2018,7 +2017,7 @@ void Assembler::stfd(const DoubleRegister frs, const MemOperand& src) { ...@@ -2018,7 +2017,7 @@ void Assembler::stfd(const DoubleRegister frs, const MemOperand& src) {
void Assembler::stfdu(const DoubleRegister frs, const MemOperand& src) { void Assembler::stfdu(const DoubleRegister frs, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
...@@ -2047,7 +2046,7 @@ void Assembler::stfdux(const DoubleRegister frs, const MemOperand& src) { ...@@ -2047,7 +2046,7 @@ void Assembler::stfdux(const DoubleRegister frs, const MemOperand& src) {
void Assembler::stfs(const DoubleRegister frs, const MemOperand& src) { void Assembler::stfs(const DoubleRegister frs, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
...@@ -2058,7 +2057,7 @@ void Assembler::stfs(const DoubleRegister frs, const MemOperand& src) { ...@@ -2058,7 +2057,7 @@ void Assembler::stfs(const DoubleRegister frs, const MemOperand& src) {
void Assembler::stfsu(const DoubleRegister frs, const MemOperand& src) { void Assembler::stfsu(const DoubleRegister frs, const MemOperand& src) {
int offset = src.offset(); int offset = src.offset();
Register ra = src.ra(); Register ra = src.ra();
DCHECK(is_int16(offset)); CHECK(is_int16(offset));
DCHECK(!ra.is(r0)); DCHECK(!ra.is(r0));
int imm16 = offset & kImm16Mask; int imm16 = offset & kImm16Mask;
// could be x_form instruction with some casting magic // could be x_form instruction with some casting magic
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment