[DTrace-devel] [PATCH 3/6] fixup! alloca: load and store
Nick Alcock
nick.alcock at oracle.com
Thu Mar 24 00:45:08 UTC 2022
This fixes some verifier failures in Eugene's recent test cases.
---
libdtrace/dt_cg.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libdtrace/dt_cg.c b/libdtrace/dt_cg.c
index 0084798bcde6..995e6ed86466 100644
--- a/libdtrace/dt_cg.c
+++ b/libdtrace/dt_cg.c
@@ -2203,7 +2203,7 @@ dt_cg_check_bounds(dt_irlist_t *dlp, dt_regset_t *drp, int regptr, int basereg,
* the size is in a register, the other for the case when it is not. In
* both caes we first do a runtime check of the read/write actually
* carried out (which the verifier will ignore, because it's a reg/reg
- * test not using EQ or NE), then do a test against the axtual size of
+ * test not using EQ or NE), then do a test against the actual size of
* scratch space, including a max-size buffer at the end specifically to
* allow dynamically-sized writes to succeed without exceeding the
* bound.
@@ -2231,6 +2231,12 @@ dt_cg_check_bounds(dt_irlist_t *dlp, dt_regset_t *drp, int regptr, int basereg,
emit(dlp, BPF_BRANCH_IMM(BPF_JGE, reg, lenmax, lbl_size_err));
emit(dlp, BPF_ALU64_IMM(BPF_SUB, reg, sizemax));
}
+ /*
+ * Yet more placation. The above has forced the minimum value to be
+ * negative, which is of course impossible; re-prove that it is
+ * positive.
+ */
+ emit(dlp, BPF_BRANCH_IMM(BPF_JSLT, reg, 0, lbl_err));
emit(dlp, BPF_JUMP(lbl_ok));
dt_cg_probe_error_regval(yypcb, lbl_err, -1, DTRACEFLT_BADADDR, reg);
--
2.35.1.261.g8402f930ba.dirty
More information about the DTrace-devel
mailing list