1b6a906aeSopenharmony_ciFrom 42e892d96e47b1f6e29844cc705e148ec4856448 Mon Sep 17 00:00:00 2001 2b6a906aeSopenharmony_ciFrom: Jessica Clarke <jrtc27@jrtc27.com> 3b6a906aeSopenharmony_ciDate: Wed, 12 Jan 2022 21:27:16 +0000 4b6a906aeSopenharmony_ciSubject: [PATCH] Use default rather than hard-coded 8 for maximum aggregate 5b6a906aeSopenharmony_ci member alignment (#1378) 6b6a906aeSopenharmony_ci 7b6a906aeSopenharmony_ciOn CHERI, and thus Arm's Morello prototype, pointers are represented as 8b6a906aeSopenharmony_cihardware capabilities. These capabilities are comprised of not just an 9b6a906aeSopenharmony_ciinteger address, as is the representation for traditional pointers, but 10b6a906aeSopenharmony_cialso bounds, permissions and other metadata, plus a tag bit used as the 11b6a906aeSopenharmony_civalidity bit, which provides fine-grained spatial and referential safety 12b6a906aeSopenharmony_cifor C and C++ in hardware. This tag bit is not part of the data itself 13b6a906aeSopenharmony_ciand is instead kept on the side, flowing with the capability between 14b6a906aeSopenharmony_ciregisters and the memory subsystem, and any attempt to amplify the 15b6a906aeSopenharmony_ciprivilege of or corrupt a capability clears this tag (or, in some cases, 16b6a906aeSopenharmony_citraps), rendering them impossible to forge; you can only create 17b6a906aeSopenharmony_cicapabilities that are (possibly trivial) subsets of existing ones. 18b6a906aeSopenharmony_ci 19b6a906aeSopenharmony_ciWhen the capability is stored in memory, this tag bit needs to be 20b6a906aeSopenharmony_cipreserved, which is done through the use of tagged memory. Every 21b6a906aeSopenharmony_cicapability-sized word gains an additional non-addressable (from the 22b6a906aeSopenharmony_ciCPU's perspective; depending on the implementation the tag bits may be 23b6a906aeSopenharmony_cistored in a small block of memory carved out of normal DRAM that the CPU 24b6a906aeSopenharmony_ciis blocked from accessing) bit. This means that capabilities can only be 25b6a906aeSopenharmony_cistored to aligned locations; attempting to store them to unaligned 26b6a906aeSopenharmony_cilocations will trap with an alignment fault or, if you end up using a 27b6a906aeSopenharmony_cimemcpy call, will copy the raw bytes of the capability's representation 28b6a906aeSopenharmony_cibut lose the tag, so when it is eventually loaded back as a capability 29b6a906aeSopenharmony_ciand dereferenced it will fault. 30b6a906aeSopenharmony_ci 31b6a906aeSopenharmony_ciSince, on 64-bit architectures, our capabilities, used to implement C 32b6a906aeSopenharmony_cilanguage pointers, are 128-bit quantities, this means they need 16-byte 33b6a906aeSopenharmony_cialignment. Currently the various #pragma pack directives, used to work 34b6a906aeSopenharmony_ciaround (extremely broken and bogus) code that includes jsoncpp in a 35b6a906aeSopenharmony_cicontext where the maximum alignment has been overridden, hard-code 8 as 36b6a906aeSopenharmony_cithe maximum alignment to use, and so do not sufficiently align CHERI / 37b6a906aeSopenharmony_ciMorello capabilities on 64-bit architectures. On Windows x64, the 38b6a906aeSopenharmony_cidefault is also not 8 but 16 (ARM64 is supposedly 8), so this is 39b6a906aeSopenharmony_cislightly dodgy to do there too, but in practice likely not an issue so 40b6a906aeSopenharmony_cilong as you don't use any 128-bit types there. 41b6a906aeSopenharmony_ci 42b6a906aeSopenharmony_ciInstead of hard-coding a width, use a directive that resets the packing 43b6a906aeSopenharmony_ciback to the default. Unfortunately, whilst GCC and Clang both accept 44b6a906aeSopenharmony_ciusing #pragma pack(push, 0) as shorthand like for any non-zero value, 45b6a906aeSopenharmony_ciMSVC does not, so this needs to be two directives. 46b6a906aeSopenharmony_ci--- 47b6a906aeSopenharmony_ci include/json/allocator.h | 3 ++- 48b6a906aeSopenharmony_ci include/json/json_features.h | 3 ++- 49b6a906aeSopenharmony_ci include/json/reader.h | 3 ++- 50b6a906aeSopenharmony_ci include/json/value.h | 3 ++- 51b6a906aeSopenharmony_ci include/json/writer.h | 3 ++- 52b6a906aeSopenharmony_ci 5 files changed, 10 insertions(+), 5 deletions(-) 53b6a906aeSopenharmony_ci 54b6a906aeSopenharmony_cidiff --git a/include/json/allocator.h b/include/json/allocator.h 55b6a906aeSopenharmony_ciindex 95ef8a5..7540642 100644 56b6a906aeSopenharmony_ci--- a/include/json/allocator.h 57b6a906aeSopenharmony_ci+++ b/include/json/allocator.h 58b6a906aeSopenharmony_ci@@ -9,7 +9,8 @@ 59b6a906aeSopenharmony_ci #include <cstring> 60b6a906aeSopenharmony_ci #include <memory> 61b6a906aeSopenharmony_ci 62b6a906aeSopenharmony_ci-#pragma pack(push, 8) 63b6a906aeSopenharmony_ci+#pragma pack(push) 64b6a906aeSopenharmony_ci+#pragma pack() 65b6a906aeSopenharmony_ci 66b6a906aeSopenharmony_ci namespace Json { 67b6a906aeSopenharmony_ci template <typename T> class SecureAllocator { 68b6a906aeSopenharmony_cidiff --git a/include/json/json_features.h b/include/json/json_features.h 69b6a906aeSopenharmony_ciindex 7c7e9f5..e4a61d6 100644 70b6a906aeSopenharmony_ci--- a/include/json/json_features.h 71b6a906aeSopenharmony_ci+++ b/include/json/json_features.h 72b6a906aeSopenharmony_ci@@ -10,7 +10,8 @@ 73b6a906aeSopenharmony_ci #include "forwards.h" 74b6a906aeSopenharmony_ci #endif // if !defined(JSON_IS_AMALGAMATION) 75b6a906aeSopenharmony_ci 76b6a906aeSopenharmony_ci-#pragma pack(push, 8) 77b6a906aeSopenharmony_ci+#pragma pack(push) 78b6a906aeSopenharmony_ci+#pragma pack() 79b6a906aeSopenharmony_ci 80b6a906aeSopenharmony_ci namespace Json { 81b6a906aeSopenharmony_ci 82b6a906aeSopenharmony_cidiff --git a/include/json/reader.h b/include/json/reader.h 83b6a906aeSopenharmony_ciindex be0d767..46975d8 100644 84b6a906aeSopenharmony_ci--- a/include/json/reader.h 85b6a906aeSopenharmony_ci+++ b/include/json/reader.h 86b6a906aeSopenharmony_ci@@ -23,7 +23,8 @@ 87b6a906aeSopenharmony_ci #pragma warning(disable : 4251) 88b6a906aeSopenharmony_ci #endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) 89b6a906aeSopenharmony_ci 90b6a906aeSopenharmony_ci-#pragma pack(push, 8) 91b6a906aeSopenharmony_ci+#pragma pack(push) 92b6a906aeSopenharmony_ci+#pragma pack() 93b6a906aeSopenharmony_ci 94b6a906aeSopenharmony_ci namespace Json { 95b6a906aeSopenharmony_ci 96b6a906aeSopenharmony_cidiff --git a/include/json/value.h b/include/json/value.h 97b6a906aeSopenharmony_ciindex 0edeb05..57ecb13 100644 98b6a906aeSopenharmony_ci--- a/include/json/value.h 99b6a906aeSopenharmony_ci+++ b/include/json/value.h 100b6a906aeSopenharmony_ci@@ -53,7 +53,8 @@ 101b6a906aeSopenharmony_ci #pragma warning(disable : 4251 4275) 102b6a906aeSopenharmony_ci #endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) 103b6a906aeSopenharmony_ci 104b6a906aeSopenharmony_ci-#pragma pack(push, 8) 105b6a906aeSopenharmony_ci+#pragma pack(push) 106b6a906aeSopenharmony_ci+#pragma pack() 107b6a906aeSopenharmony_ci 108b6a906aeSopenharmony_ci /** \brief JSON (JavaScript Object Notation). 109b6a906aeSopenharmony_ci */ 110b6a906aeSopenharmony_cidiff --git a/include/json/writer.h b/include/json/writer.h 111b6a906aeSopenharmony_ciindex 03f9906..7d8cf4d 100644 112b6a906aeSopenharmony_ci--- a/include/json/writer.h 113b6a906aeSopenharmony_ci+++ b/include/json/writer.h 114b6a906aeSopenharmony_ci@@ -20,7 +20,8 @@ 115b6a906aeSopenharmony_ci #pragma warning(disable : 4251) 116b6a906aeSopenharmony_ci #endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) 117b6a906aeSopenharmony_ci 118b6a906aeSopenharmony_ci-#pragma pack(push, 8) 119b6a906aeSopenharmony_ci+#pragma pack(push) 120b6a906aeSopenharmony_ci+#pragma pack() 121b6a906aeSopenharmony_ci 122b6a906aeSopenharmony_ci namespace Json { 123b6a906aeSopenharmony_ci 124b6a906aeSopenharmony_ci-- 125b6a906aeSopenharmony_ci2.42.0.windows.2 126b6a906aeSopenharmony_ci 127