pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/gcc48 gcc48: backport upstream security fix



details:   https://anonhg.NetBSD.org/pkgsrc/rev/de07570a9803
branches:  trunk
changeset: 365886:de07570a9803
user:      maya <maya%pkgsrc.org@localhost>
date:      Fri Jul 28 23:40:07 2017 +0000

description:
gcc48: backport upstream security fix
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)

We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).

Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.

2017-03-25  Uros Bizjak

diffstat:

 lang/gcc48/Makefile                             |   4 +-
 lang/gcc48/distinfo                             |   3 +-
 lang/gcc48/patches/patch-gcc_config_i386_i386.c |  81 +++++++++++++++++++++++++
 3 files changed, 85 insertions(+), 3 deletions(-)

diffs (120 lines):

diff -r 1411ce399bd7 -r de07570a9803 lang/gcc48/Makefile
--- a/lang/gcc48/Makefile       Fri Jul 28 22:14:00 2017 +0000
+++ b/lang/gcc48/Makefile       Fri Jul 28 23:40:07 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.36 2017/07/10 15:55:40 maya Exp $
+# $NetBSD: Makefile,v 1.37 2017/07/28 23:40:07 maya Exp $
 
 GCC_PKGNAME=   gcc48
 .include       "version.mk"
@@ -8,7 +8,7 @@
 ## When bumping the PKGREVISION of this package the PKGREVISION of
 ## lang/gcc48-libs needs to be bump to be at least 1 more than the
 ## PKGREVISION of this package!
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    lang
 MASTER_SITES=  ${MASTER_SITE_GNU:=gcc/gcc-${GCC48_DIST_VERSION}/}
 EXTRACT_SUFX=  .tar.bz2
diff -r 1411ce399bd7 -r de07570a9803 lang/gcc48/distinfo
--- a/lang/gcc48/distinfo       Fri Jul 28 22:14:00 2017 +0000
+++ b/lang/gcc48/distinfo       Fri Jul 28 23:40:07 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2017/07/10 15:55:40 maya Exp $
+$NetBSD: distinfo,v 1.36 2017/07/28 23:40:07 maya Exp $
 
 SHA1 (ecj-4.5.jar) = 58c1d79c64c8cd718550f32a932ccfde8d1e6449
 RMD160 (ecj-4.5.jar) = d3f4da657f086b6423f74e93f001132f4855368a
@@ -37,6 +37,7 @@
 SHA1 (patch-gcc_config_exec-stack.h) = 8135806e88c1b136038bb240958a4435b4e0bbe3
 SHA1 (patch-gcc_config_host-netbsd.c) = 765295f07edb8a68f1910e3a9b4dd2a7dcd491a5
 SHA1 (patch-gcc_config_i386_dragonfly.h) = 0d3f785434c02beb9c4561fe59842a970e8f7896
+SHA1 (patch-gcc_config_i386_i386.c) = 17dad8b3283521d23ca08690eb447a0e4e694e4c
 SHA1 (patch-gcc_config_i386_openbsd.h) = df5b85b5957392138f99085bd8ebeb923e37e9e7
 SHA1 (patch-gcc_config_i386_openbsdelf.h) = 74498a1bd7c339c90b847740d3c474ad3ca4a956
 SHA1 (patch-gcc_config_netbsd-stdint.h) = 025fc883101a187e84ed4c0772406720d645d550
diff -r 1411ce399bd7 -r de07570a9803 lang/gcc48/patches/patch-gcc_config_i386_i386.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/gcc48/patches/patch-gcc_config_i386_i386.c   Fri Jul 28 23:40:07 2017 +0000
@@ -0,0 +1,81 @@
+$NetBSD: patch-gcc_config_i386_i386.c,v 1.3 2017/07/28 23:40:07 maya Exp $
+
+Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
+
+We should not expand call arguments in between flags reg setting and
+flags reg using instructions, as it may expand with flags reg
+clobbering insn (ADD in this case).
+
+Attached patch moves expansion out of the link. Also, change
+zero-extension to non-flags reg clobbering sequence in case we perform
+zero-extension with and.
+
+2017-03-25  Uros Bizjak
+
+--- gcc/config/i386/i386.c.orig        2015-06-10 09:34:21.000000000 +0000
++++ gcc/config/i386/i386.c
+@@ -32099,9 +32099,6 @@ ix86_expand_builtin (tree exp, rtx targe
+       mode0 = DImode;
+ 
+ rdrand_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -32109,6 +32106,10 @@ rdrand_step:
+         op1 = convert_memory_address (Pmode, op1);
+         op1 = copy_addr_to_reg (op1);
+       }
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op1 = gen_reg_rtx (SImode);
+@@ -32117,8 +32118,20 @@ rdrand_step:
+       /* Emit SImode conditional move.  */
+       if (mode0 == HImode)
+       {
+-        op2 = gen_reg_rtx (SImode);
+-        emit_insn (gen_zero_extendhisi2 (op2, op0));
++        if (TARGET_ZERO_EXTEND_WITH_AND
++            && optimize_function_for_speed_p (cfun))
++          {
++            op2 = force_reg (SImode, const0_rtx);
++
++            emit_insn (gen_movstricthi
++                       (gen_lowpart (HImode, op2), op0));
++          }
++        else
++          {
++            op2 = gen_reg_rtx (SImode);
++
++            emit_insn (gen_zero_extendhisi2 (op2, op0));
++          }
+       }
+       else if (mode0 == SImode)
+       op2 = op0;
+@@ -32150,9 +32163,6 @@ rdrand_step:
+       mode0 = DImode;
+ 
+ rdseed_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -32160,6 +32170,10 @@ rdseed_step:
+         op1 = convert_memory_address (Pmode, op1);
+         op1 = copy_addr_to_reg (op1);
+       }
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op2 = gen_reg_rtx (QImode);



Home | Main Index | Thread Index | Old Index