[pkgsrc/trunk]: pkgsrc/lang/gcc49 gcc49: backport upstream security fix

[maya <maya%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9700e75a161a
branches:  trunk
changeset: 365888:9700e75a161a
user:      maya <maya%pkgsrc.org@localhost>
date:      Fri Jul 28 23:41:51 2017 +0000

description:
gcc49: backport upstream security fix

Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)

We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).

Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.

2017-03-25  Uros Bizjak

diffstat:

 lang/gcc49/Makefile                             |   4 +-
 lang/gcc49/distinfo                             |   3 +-
 lang/gcc49/patches/patch-gcc_config_i386_i386.c |  81 +++++++++++++++++++++++++
 3 files changed, 85 insertions(+), 3 deletions(-)

diffs (120 lines):

diff -r 10ad7fb52434 -r 9700e75a161a lang/gcc49/Makefile
--- a/lang/gcc49/Makefile       Fri Jul 28 23:40:48 2017 +0000
+++ b/lang/gcc49/Makefile       Fri Jul 28 23:41:51 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.20 2017/07/10 15:55:40 maya Exp $
+# $NetBSD: Makefile,v 1.21 2017/07/28 23:41:51 maya Exp $
 
 GCC_PKGNAME=   gcc49
 .include       "version.mk"
@@ -9,7 +9,7 @@
 ## When bumping the PKGREVISION of this package the PKGREVISION of
 ## lang/gcc49-libs needs to be bump to be at least 1 more than the
 ## PKGREVISION of this package!
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    lang
 MASTER_SITES=  ${MASTER_SITE_GNU:=gcc/gcc-${GCC49_DIST_VERSION}/}
 EXTRACT_SUFX=  .tar.bz2
diff -r 10ad7fb52434 -r 9700e75a161a lang/gcc49/distinfo
--- a/lang/gcc49/distinfo       Fri Jul 28 23:40:48 2017 +0000
+++ b/lang/gcc49/distinfo       Fri Jul 28 23:41:51 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2017/07/10 15:55:40 maya Exp $
+$NetBSD: distinfo,v 1.14 2017/07/28 23:41:51 maya Exp $
 
 SHA1 (ecj-4.5.jar) = 58c1d79c64c8cd718550f32a932ccfde8d1e6449
 RMD160 (ecj-4.5.jar) = d3f4da657f086b6423f74e93f001132f4855368a
@@ -17,6 +17,7 @@
 SHA1 (patch-gcc_config_dragonfly.opt) = b01bee26978f7feb62fc2ec21186449ccaea0db7
 SHA1 (patch-gcc_config_host-netbsd.c) = 765295f07edb8a68f1910e3a9b4dd2a7dcd491a5
 SHA1 (patch-gcc_config_i386_dragonfly.h) = 5756b62791273f77866f06be1df0c267dc90a2ee
+SHA1 (patch-gcc_config_i386_i386.c) = 61df9f4677f599f1ba3845849f334bbd568a479f
 SHA1 (patch-gcc_config_netbsd-stdint.h) = fc430c80adda9d3f58eea47816338f697a659889
 SHA1 (patch-gcc_config_netbsd.h) = 1d21dbe5082dd149d59dbc471d4148d0651df7d4
 SHA1 (patch-gcc_config_x-netbsd) = 6dc3d78e26df62054ea29f98ca51592858e671e3
diff -r 10ad7fb52434 -r 9700e75a161a lang/gcc49/patches/patch-gcc_config_i386_i386.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/gcc49/patches/patch-gcc_config_i386_i386.c   Fri Jul 28 23:41:51 2017 +0000
@@ -0,0 +1,81 @@
+$NetBSD: patch-gcc_config_i386_i386.c,v 1.1 2017/07/28 23:41:51 maya Exp $
+
+Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
+
+We should not expand call arguments in between flags reg setting and
+flags reg using instructions, as it may expand with flags reg
+clobbering insn (ADD in this case).
+
+Attached patch moves expansion out of the link. Also, change
+zero-extension to non-flags reg clobbering sequence in case we perform
+zero-extension with and.
+
+2017-03-25  Uros Bizjak
+
+--- gcc/config/i386/i386.c.orig        2016-08-01 16:03:41.000000000 +0000
++++ gcc/config/i386/i386.c
+@@ -35540,9 +35540,6 @@ ix86_expand_builtin (tree exp, rtx targe
+       mode0 = DImode;
+ 
+ rdrand_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -35550,6 +35547,10 @@ rdrand_step:
+         op1 = convert_memory_address (Pmode, op1);
+         op1 = copy_addr_to_reg (op1);
+       }
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op1 = gen_reg_rtx (SImode);
+@@ -35558,8 +35559,20 @@ rdrand_step:
+       /* Emit SImode conditional move.  */
+       if (mode0 == HImode)
+       {
+-        op2 = gen_reg_rtx (SImode);
+-        emit_insn (gen_zero_extendhisi2 (op2, op0));
++        if (TARGET_ZERO_EXTEND_WITH_AND
++            && optimize_function_for_speed_p (cfun))
++          {
++            op2 = force_reg (SImode, const0_rtx);
++
++            emit_insn (gen_movstricthi
++                       (gen_lowpart (HImode, op2), op0));
++          }
++        else
++          {
++            op2 = gen_reg_rtx (SImode);
++
++            emit_insn (gen_zero_extendhisi2 (op2, op0));
++          }
+       }
+       else if (mode0 == SImode)
+       op2 = op0;
+@@ -35591,9 +35604,6 @@ rdrand_step:
+       mode0 = DImode;
+ 
+ rdseed_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -35601,6 +35611,10 @@ rdseed_step:
+         op1 = convert_memory_address (Pmode, op1);
+         op1 = copy_addr_to_reg (op1);
+       }
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op2 = gen_reg_rtx (QImode);