This is an archive of the discontinued LLVM Phabricator instance.

Differential D154844

[JITLink][RISCV] Fix use-after-free in relax
ClosedPublic

Authored by jobnoorman on Jul 10 2023, 7:01 AM.

Details

Reviewers
lhames
StephenFan
Commits
rG67f7efbbbb04: [JITLink][RISCV] Fix use-after-free in relax
Summary

Finalization of relaxation calls finalizeBlockRelax for every block in
the graph. This function, however, would iterate over all blocks in
the graph to remove AlignRelaxable edges. Since pointers to those
edges would still be stored in RelaxEdges, this caused a
use-after-free for graphs with multiple blocks.

This patch fixes this by only iterating over the edges of the current
block in finalizeBlockRelax.

Diff Detail

Event Timeline

jobnoorman created this revision.Jul 10 2023, 7:01 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 10 2023, 7:01 AM
Herald added subscribers: asb, luke, pmatos and 28 others. · View Herald Transcript
jobnoorman requested review of this revision.Jul 10 2023, 7:01 AM
Herald added a project: Restricted Project. · View Herald TranscriptJul 10 2023, 7:01 AM
Herald added subscribers: llvm-commits, wangpc, eopXD. · View Herald Transcript
Harbormaster completed remote builds in B244129: Diff 538628.Jul 10 2023, 7:54 AM
StephenFan accepted this revision.Jul 12 2023, 4:36 AM

LGTM.

This revision is now accepted and ready to land.Jul 12 2023, 4:36 AM
Closed by commit rG67f7efbbbb04: [JITLink][RISCV] Fix use-after-free in relax (authored by jobnoorman). · Explain WhyJul 13 2023, 12:02 AM
This revision was automatically updated to reflect the committed changes.
jobnoorman added a commit: rG67f7efbbbb04: [JITLink][RISCV] Fix use-after-free in relax.

Revision Contents

PathSize
llvm/
lib/
ExecutionEngine/
JITLink/
12 lines

Diff 539864

llvm/lib/ExecutionEngine/JITLink/ELF_riscv.cpp

Show First 20 LinesShow All 738 Lines▼ Show 20 Lines if (I < Aux.RelaxEdges.size() && Aux.RelaxEdges[I] == &E) {
Delta = Aux.RelocDeltas[I]; Delta = Aux.RelocDeltas[I];
++I; ++I;
} }
} }
// Remove AlignRelaxable edges: all other relaxable edges got modified and // Remove AlignRelaxable edges: all other relaxable edges got modified and
// will be used later while linking. Alignment is entirely handled here so we // will be used later while linking. Alignment is entirely handled here so we
// don't need these edges anymore. // don't need these edges anymore.
for (auto *B : G.blocks()) { for (auto IE = Block.edges().begin(); IE != Block.edges().end();) {
for (auto IE = B->edges().begin(); IE != B->edges().end();) {
if (IE->getKind() == AlignRelaxable) if (IE->getKind() == AlignRelaxable)
IE = B->removeEdge(IE); IE = Block.removeEdge(IE);
else else
++IE; ++IE;
} }
} }
}
static void finalizeRelax(LinkGraph &G, RelaxAux &Aux) { static void finalizeRelax(LinkGraph &G, RelaxAux &Aux) {
for (auto &[B, BlockAux] : Aux.Blocks) for (auto &[B, BlockAux] : Aux.Blocks)
finalizeBlockRelax(G, *B, BlockAux); finalizeBlockRelax(G, *B, BlockAux);
} }
static Error relax(LinkGraph &G) { static Error relax(LinkGraph &G) {
auto Aux = initRelaxAux(G); auto Aux = initRelaxAux(G);
▲ Show 20 LinesShow All 218 LinesShow Last 20 Lines