Limit Subzero routine stack size to 512 KiB

Fuzzing tests generate shaders with large arrays or very high numbers of local variables, which can cause stack overflow. We need to limit the allowable stack memory usage of generated routines. Note this change does not yet gracefully deal with routines which exceed this limit. They will cause a null pointer dereference instead of a stack overflow. The default stack size limit of 1 MiB at the Subzero level is to ensure we catch cases of excessive stack sizes even in the case no explicit limit was set. At the Reactor level we reduce it to 512 KiB to prevent actual stack overflow for a 1 MiB stack, assuming some earlier calls might want to use the stack. Also, our legacy 'ASM' compiler for GLSL allocates 4096 'registers' of 4 components for 128-bit SIMD, which already requires 256 KiB. Bug: b/157555596 Change-Id: I474285eecc786496edffbaef29719ca0cdf03f7d Reviewed-on: https://swiftshader-review.googlesource.com/c/SwiftShader/+/52329 Presubmit-Ready: Nicolas Capens <nicolascapens@google.com> Kokoro-Result: kokoro <noreply+kokoro@google.com> Reviewed-by: Antonio Maiorano <amaiorano@google.com> Tested-by: Nicolas Capens <nicolascapens@google.com> Commit-Queue: Nicolas Capens <nicolascapens@google.com>

Limit Subzero routine stack size to 512 KiB
ff010f9f · Nicolas Capens · swiftshader-scoped@luci-project-accounts.iam.gserviceaccount.com · 25f0f858 · ff010f9f · ff010f9f
Commit ff010f9f authored Feb 01, 2021 by Nicolas Capens Committed by swiftshader-scoped@luci-project-accounts.iam.gserviceaccount.com Feb 05, 2021
Showing with 17 additions and 1 deletion

SubzeroReactor.cpp src/Reactor/SubzeroReactor.cpp +8 -1

IceCfg.h third_party/subzero/src/IceCfg.h +4 -0

IceTargetLoweringX86BaseImpl.h third_party/subzero/src/IceTargetLoweringX86BaseImpl.h +5 -0

No files found.
--- a/src/Reactor/SubzeroReactor.cpp
+++ b/src/Reactor/SubzeroReactor.cpp
@@ -64,7 +64,9 @@ namespace sz {
 Ice::Cfg *createFunction(Ice::GlobalContext *context, Ice::Type returnType, const std::vector<Ice::Type> &paramTypes)
 {
 	uint32_t sequenceNumber = 0;
-	auto function = Ice::Cfg::create(context, sequenceNumber).release();
+	auto *function = Ice::Cfg::create(context, sequenceNumber).release();
+
+	function->setStackSizeLimit(512 * 1024);  // 512 KiB

 	Ice::CfgLocalAllocatorScope allocScope{ function };

@@ -1039,6 +1041,11 @@ static std::shared_ptr<Routine> acquireRoutine(Ice::Cfg *const (&functions)[Coun
 		}

 		currFunc->emitIAS();
+
+		if(currFunc->hasError())
+		{
+			return nullptr;
+		}
 	}

 	// Emit items

--- a/third_party/subzero/src/IceCfg.h
+++ b/third_party/subzero/src/IceCfg.h
@@ -274,6 +274,9 @@ public:
  /// in the correct information once everything is known.
  void fixPhiNodes();

+  void setStackSizeLimit(uint32_t Limit) { StackSizeLimit = Limit; }
+  uint32_t getStackSizeLimit() const { return StackSizeLimit; }
+
 private:
  friend class CfgAllocatorTraits; // for Allocator access.

@@ -344,6 +347,7 @@ private:
  /// should be called to avoid spurious validation failures.
  const CfgNode *CurrentNode = nullptr;
  CfgVector<Loop> LoopInfo;
+  uint32_t StackSizeLimit = 1 * 1024 * 1024; // 1 MiB

 public:
  static void TlsInit() { CfgAllocatorTraits::init(); }

--- a/third_party/subzero/src/IceTargetLoweringX86BaseImpl.h
+++ b/third_party/subzero/src/IceTargetLoweringX86BaseImpl.h
@@ -1202,6 +1202,11 @@ void TargetX86Base<TraitsType>::addProlog(CfgNode *Node) {
  SpillAreaSizeBytes = StackSize - StackOffset; // Adjust for alignment, if any

  if (SpillAreaSizeBytes) {
+    auto *Func = Node->getCfg();
+    if (SpillAreaSizeBytes > Func->getStackSizeLimit()) {
+      Func->setError("Stack size limit exceeded");
+    }
+
    emitStackProbe(SpillAreaSizeBytes);

    // Generate "sub stackptr, SpillAreaSizeBytes"