[PATCH v5] x86: Disallow GOT memory access beyond its GOT slot
H.J. Lu
hjl.tools@gmail.com
Thu Feb 13 02:17:11 GMT 2025
On Wed, Feb 12, 2025 at 6:57 PM Jan Beulich <jbeulich@suse.com> wrote:
>
> On 11.02.2025 22:47, H.J. Lu wrote:
> > --- a/gas/config/tc-i386.c
> > +++ b/gas/config/tc-i386.c
> > @@ -453,6 +453,9 @@ struct _i386_insn
> > /* Compressed disp8*N attribute. */
> > unsigned int memshift;
> >
> > + /* Memory size for instructions with compressed disp8. */
> > + unsigned int memsize;
>
> What an effort to implement something people won't be able to rely on,
> in both the positive and negative directions. You now even need a new
> state field.
>
> > @@ -8811,9 +8814,17 @@ check_VecOperands (const insn_template *t)
> > && pp.disp_encoding <= disp_encoding_8bit)
> > {
> > if (i.broadcast.type || i.broadcast.bytes)
> > - i.memshift = t->opcode_modifier.broadcast - 1;
> > + {
> > + i.memshift = t->opcode_modifier.broadcast - 1;
> > + /* Remember memory size. */
> > + i.memsize = 1 << i.memshift;
> > + }
> > else if (t->opcode_modifier.disp8memshift != DISP8_SHIFT_VL)
> > - i.memshift = t->opcode_modifier.disp8memshift;
> > + {
> > + i.memshift = t->opcode_modifier.disp8memshift;
> > + /* Remember memory size. */
> > + i.memsize = 1 << i.memshift;
> > + }
> > else
> > {
> > const i386_operand_type *type = NULL, *fallback = NULL;
> > @@ -8856,6 +8867,9 @@ check_VecOperands (const insn_template *t)
> > i.memshift = 4;
> > }
> >
> > + /* Remember memory size. */
> > + i.memsize = 1 << i.memshift;
> > +
> > /* For the check in fits_in_disp8(). */
> > if (i.memshift == 0)
> > i.memshift = -1;
>
> Note how in particular in process_suffix() we save/restore i.memshift,
> to cover for check_VecOperands() possibly updating the field. I expect
> i.memsize would now also need saving/restoring (at least) there.
>
A testcase?
--
H.J.
More information about the Binutils
mailing list