tile: Check for pointer add overflow in memchr

Message ID	3a3705d5-6cc0-58c7-4435-fb73abedcbe3@mellanox.com
State	New
Headers	show Return-Path: <libc-alpha-return-76784-incoming=patchwork.ozlabs.org@sourceware.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:subject:to:references:from:message-id:date :mime-version:in-reply-to:content-type :content-transfer-encoding; q=dns; s=default; b=K+jwcgDbJyUewG4I XaNDNyjNJUb48GFtPt5UjZ+RevAlkGVfrsaxFWmp7puPidxw3gRd/XU/6dIGRWgV 67tdpCTGkIhly5bxYj+zZwYFbiTs5S0AC39zVLD5IRKo4BR6TZHUdN9IIq5G9LBc lcDw+EOKXit5Tn2VlrvRlwJy5Ys= Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org Subject: Re: [PATCH] tile: Check for pointer add overflow in memchr To: Adhemerval Zanella <adhemerval.zanella@linaro.org>, <libc-alpha@sourceware.org> References: <1484257047-25513-1-git-send-email-cmetcalf@mellanox.com> <32d2cc10-3ad3-f92f-e96e-e9948dc09568@linaro.org> From: Chris Metcalf <cmetcalf@mellanox.com> Message-ID: <3a3705d5-6cc0-58c7-4435-fb73abedcbe3@mellanox.com> Date: Fri, 13 Jan 2017 15:06:42 -0500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <32d2cc10-3ad3-f92f-e96e-e9948dc09568@linaro.org> Content-Type: text/plain; charset="windows-1252"; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?Windows-1252?Q?1; HE1PR0501MB2762; 23:4e9V5Fd6LZxtXXzpK+XFSNGCAPxpY9hQtCx?= =?Windows-1252?Q?KlCbx+wNapBlYGsvwotils+pkfjvaR8VE5HYh5QCuiOrM3yd6OKqvL1l?= =?Windows-1252?Q?aKxLP+rZdVC+czOKAk8M1k7kkeQiGGMj9jMFMpCnKyDpOapzuXrK8n9m?= =?Windows-1252?Q?rqioQGxBzvKsClarIQmNDizDe9fD4sxcoIPCu7+e2WJCVhlOIFZKLVVC?= =?Windows-1252?Q?e8Vta6G3D3/Xx9S8MNySqnuh2Bzcd2TiZHO9r6AZsiVOaqDNkBiuoag4?= =?Windows-1252?Q?IUlNKejFfbnUveCK5SIeUnXPK7PuHGcpIqExpIHzy+CnZkggiT7YCcfl?= =?Windows-1252?Q?9RKzUa+7oHKFrm1RwKNmG5ABbiYtAYDnk7eBHYBj2RcgcA0y1HNC0Ew+?= =?Windows-1252?Q?f9WueqwVCazvl6FDgmTLz2WHFUquswvvybdZzf+tOhGkuYSvjh0FGfZ4?= =?Windows-1252?Q?1xUFGA9eXe7AdwsQ7rQ3w3Pqo4AB3aTFnNVKfwfdIq8Dq9BFw3AGIun7?= =?Windows-1252?Q?WQGHX75QfywYOb8fidBH5Dm7Uk0lDGHV3MkjzVTeOSnao8cT0khsiT8r?= =?Windows-1252?Q?F7Nqf3zLG6mjHbhdFWS9Xnqtolzy1taPxCINjeEY2kNrG2xpfZIJlCYM?= =?Windows-1252?Q?Xfj3R2qqtnRUmrXOjrZS3/B8LtWoKJWTq6g45yZckiSpTvbDS7C6oQKE?= =?Windows-1252?Q?jRebMGtu98x658lgz4gzrJJ46RSACzvc9DKlnEErw7WMW2DJCRRXxmFZ?= =?Windows-1252?Q?dMsndriacsEN3SQpFVABFYfLtU1B2gLXAMhRrlcwUDiWTOk0BYpF8K+w?= =?Windows-1252?Q?xGnqAKTcWsdBXmkKwBJRoQ5fyl0MJeLW+pUFMEgAK3p1jKz0i+YAc8KH?= =?Windows-1252?Q?8H2YLDh6PnW/wvBLCb6+2763oAeVg4HHeUB1/6AbK5mlmuCJ5Jo/vXvV?= =?Windows-1252?Q?MhT6y8pdVJ7ALp82gIGqhkpAxFeJYrh/Zu39Sz/OGodJTU3QVr2Hnblj?= =?Windows-1252?Q?O8CMHz919A4HvgYUHa+sFSUXyUrmsU1FxxTXYjuF9Sd/nxoF8S7SgPkU?= =?Windows-1252?Q?I91HWogzh+Sq2QOqcL0oTbWmeVwBaJD+QTX0aywLWyCDDF2oXCILSzr3?= =?Windows-1252?Q?HkcoQfnxvQIsZFHy9oT42KGKey4UURps5RxQpbZPJfOvqyKdT7ngf6VG?= =?Windows-1252?Q?x0petUzD1ecgFpnN3+jWYHAA2TztXHlWzon27BkRUft1uqym3Uw1qSBl?= =?Windows-1252?Q?QN7hhZFEd256BJc1ugFifEvk2fqRXSVHzzvf7yLOLRIy9AidIftRPioZ?= =?Windows-1252?Q?hpj/6+wmPvvgE3EgeTjVjKNrnpPjtstRV1dyiq3EkJCzX8jbAj3W/gfp?= =?Windows-1252?Q?WvIUTj+ZiQ2qzJy2ILlGFp5K8AILLRS2M8W2UyanNpS4zjjzzgysbMpi?= =?Windows-1252?Q?CkQ9dQmOFO17C28vy9URzZo7kkExJlcXzVE5bn+l0LxLZNMcv3eUrWDe?= =?Windows-1252?Q?mzM6CtyLrMK88XbMn1Eat85+pTPQIVsN7g3VfI1MjB8IceAKUnoDwv+b?= =?Windows-1252?Q?pwwfBHTlv25jNT+ZGR3kOoHuaGudAqKXDQmtsYId/5rxJAMTrKaAhtQ2?= =?Windows-1252?Q?r4NKhwzW9L5jaYkvFyw3UNDk=3D?= X-Microsoft-Exchange-Diagnostics: 1; HE1PR0501MB2762; 6:gm5fCCv7ZBY2Eb1mKJQ0mdQhqrJ7vZyzyeixYqmQiq9WoA01SMipoL/QLannTyICHlEGRbtYe25XQgLcxvho6iAbrGTEiQ4yEHOGYfp2HBoXVcQUCvfJJKTXnvLjGii1X2hDtXuRePn4GhJw2zqcBx5UiH6Nb/SbyY8SFUAPsToj34STwc7p9epTydjaxSs2KUXR/AeWp4MwAktYyYrb7BRloUtg41mEEaAEYHCgakG615ZFaMI6GVhhlUv/O1rNWLp+byJjOFRTRwLWLxLurDADq+KYu/0ubTTHSU4gflW1pAcKUzEXiapD+4BdT7zDctoD2hJ2Vho9sbfMQ686apOglXoDymdcDOnXwY43vTcxWc6aSJ/gihQH+ldItnhcwXksmLeeJJeYKTZ7Nwjeh3gfUO5kR57M0sSjWJH+m6HLnzCrA8xv3I0quitKZj0wX+xe1jvYnmr5hFFPXQ2F8Q==; 5:xqu6BYWMndXQv7xUhvGSSXXgGw+lxAGmoBNuf7fRldS4yp7fHZ3GdmKsKAZgIwuaPWdpJP6ahOjyyIxwDktLFBaN0uthZQV3cM11PA+TN2qaBBq74UoLXuBc1Vx+PQ3ULyseVHwv6tBPLZBRTttRbg==; 24:DlflJDp+sWHGbD4qTKwWvh9My+gL8OuKIDH0MjkVyjtBr01L4rkco19xcxzWx5bDx9vJdRhnaIWdhfysW9Tmmeo7GE8G2HopIrJh4uyHJSQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; HE1PR0501MB2762; 7:PFD/noDNXjzsxkaL6wnwWu0GgfolvYZ/LfudaF1xg2oQiABwJ+G++9p+sI9ElPMOACdwSn4rXpaV8SazoA3EqqodI1Eiao1Od861S9t84hwvY2W/1o7ropwDh8wqpp92w6Bdso01GbNX9m25vmNMMreNGGv59E//DmWlkVdzhVrBIIP6B6zDt0jbrIjZaxv/xIrDHZk5qD65ZYhEtAxocDhfvumUTp+GxYlYsurnNIKzbow/OFo7+GfJ325PQs1oHvbolw89gWEQHMZ5wqQXN72y0gmqXsFtG06+QXMfjYMivzMCiAdokfxOM4epztQtpoXzQqh7m7CP+r2yDao19mFRbYhZC7sqGjs0YUG4Q//tcGlpyrlLs136whT+PioBV+TQ+JM2IntjL4kz3liw1TSqcEFXMzsXAOWPOLN3HWZEheBEoArdsm0xPoAMbaN/lgeAUOjEg3kZxBgJE0OFcg==

Message ID

3a3705d5-6cc0-58c7-4435-fb73abedcbe3@mellanox.com

State

New

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:subject:to:references:from:message-id:date
	:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=K+jwcgDbJyUewG4I
	XaNDNyjNJUb48GFtPt5UjZ+RevAlkGVfrsaxFWmp7puPidxw3gRd/XU/6dIGRWgV
	67tdpCTGkIhly5bxYj+zZwYFbiTs5S0AC39zVLD5IRKo4BR6TZHUdN9IIq5G9LBc
	lcDw+EOKXit5Tn2VlrvRlwJy5Ys=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
Subject: Re: [PATCH] tile: Check for pointer add overflow in memchr
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>,
	<libc-alpha@sourceware.org>
References: <1484257047-25513-1-git-send-email-cmetcalf@mellanox.com>
	<32d2cc10-3ad3-f92f-e96e-e9948dc09568@linaro.org>
From: Chris Metcalf <cmetcalf@mellanox.com>
Message-ID: <3a3705d5-6cc0-58c7-4435-fb73abedcbe3@mellanox.com>
Date: Fri, 13 Jan 2017 15:06:42 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
	Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <32d2cc10-3ad3-f92f-e96e-e9948dc09568@linaro.org>
Content-Type: text/plain; charset="windows-1252"; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: None (protection.outlook.com: mellanox.com does not designate
	permitted sender hosts)
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2017 20:06:51.6132
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0501MB2762

Commit Message

Chris Metcalf Jan. 13, 2017, 8:06 p.m. UTC

On 1/13/2017 5:42 AM, Adhemerval Zanella wrote:
> On 12/01/2017 19:37, Chris Metcalf wrote:
>> +  /* Handle possible addition overflow.  */
>> +  if (__glibc_unlikely ((unsigned long) last_byte_ptr < (unsigned long) s))
>> +    last_byte_ptr = (const char *) UINTPTR_MAX;
>> +
> Wouldn't a branchfree saturating addition be better for tile?

Actually, it turns out that branching here is pretty reasonable.
Due to the way tilegx bundles instructions, we only add a single
bundle as a result of doing the comparison and branch.  (If we
actually take the branch, that adds a couple of extra cycles, but I
think this is a pretty unlikely case, so we don't really care.)

We could use a cmov instruction to avoid the branch, but that
actually takes an additional cycle since there are more dependencies,
so the branch-taken case gets faster at the expense of the
branch-not-taken case, which seems like the wrong thing.

You're right that with the 32-bit case (either tilegx32 or tilepro)
we can use a saturating add instruction directly, which complexifies
the tilegx code a bit with #ifdefs, but we might as well do, I think.
Unfortunately, we don't have a 64-bit saturating add instruction.

diff --git a/sysdeps/tile/tilegx/memchr.c b/sysdeps/tile/tilegx/memchr.c
index 34df19d2319c..e85d3304cf9a 100644
--- a/sysdeps/tile/tilegx/memchr.c
+++ b/sysdeps/tile/tilegx/memchr.c
@@ -20,6 +20,17 @@ 
  #include <stdint.h>
  #include "string-endian.h"

+static uintptr_t
+saturating_add (uintptr_t p, size_t n)
+{
+#ifdef _LP64
+  uintptr_t result = p + n;
+  return __glibc_likely (result >= p) ? result : UINTPTR_MAX;
+#else
+  return __insn_addxsc (p, n);
+#endif
+}
+
  void *
  __memchr (const void *s, int c, size_t n)
  {
@@ -49,7 +60,7 @@  __memchr (const void *s, int c, size_t n)
    v = (*p | before_mask) ^ (goal & before_mask);

    /* Compute the address of the last byte. */
-  last_byte_ptr = (const char *) s + n - 1;
+  last_byte_ptr = (const char *) saturating_add ((uintptr_t) s, n - 1);

    /* Compute the address of the word containing the last byte. */
    last_word_ptr = (const uint64_t *) ((uintptr_t) last_byte_ptr & -8);
diff --git a/sysdeps/tile/tilepro/memchr.c b/sysdeps/tile/tilepro/memchr.c
index 1848a9cadb2d..500a8940ac34 100644
--- a/sysdeps/tile/tilepro/memchr.c
+++ b/sysdeps/tile/tilepro/memchr.c
@@ -48,8 +48,8 @@  __memchr (const void *s, int c, size_t n)
    before_mask = (1 << (s_int << 3)) - 1;
    v = (*p | before_mask) ^ (goal & before_mask);

-  /* Compute the address of the last byte. */
-  last_byte_ptr = (const char *) s + n - 1;
+  /* Compute the address of the last byte using a saturating add. */
+  last_byte_ptr = (const char *) __insn_adds ((uintptr_t) s, n - 1);

    /* Compute the address of the word containing the last byte. */
    last_word_ptr = (const uint32_t *) ((uintptr_t) last_byte_ptr & -4);

tile: Check for pointer add overflow in memchr

Commit Message

Patch