Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
alloca: fix verifier failure checking the bounds of scalars
dt_check_scratch_bounds works for all genuine pointer inputs... but the nature of the beast that the caller might pass it *anything*. What if the caller passes it a random integer, or a random kernel address? The first thing we do is turn it into an offset by subtracting the baseptr from it, and oops that is now maths between a scalar and a map_value and the verifier fails. So don't rely on the offset reduction to turn the reg into a scalar, since it can fail if it already *is* one; instead, scalarize it explicitly like we do for out-of-bounds checking. That means we have to scalarize the baseptr too, since if we already scalarized the reg, subtracting the baseptr from it is now maths between a map_value and a scalar again! (We work on a copy of the baseptr, since we need a real map_value baseptr at the end to turn the scalar reg offset back into a map_value.) Signed-off-by: Nick Alcock <nick.alcock@oracle.com>
- Loading branch information