gcc48: backport upstream security fix

Incorrect codegen from rdseed intrinsic use (CVE-2017-11671) We should not expand call arguments in between flags reg setting and flags reg using instructions, as it may expand with flags reg clobbering insn (ADD in this case). Attached patch moves expansion out of the link. Also, change zero-extension to non-flags reg clobbering sequence in case we perform zero-extension with and. 2017-03-25 Uros Bizjak
author: maya <maya@pkgsrc.org> 2017-07-28 23:40:07 +0000
committer: maya <maya@pkgsrc.org> 2017-07-28 23:40:07 +0000
commit: bfbe34cdfe28e8041bb3c1f538bfde1d7a7ef075 (patch)
tree: 834cf4934c28a27b2546cfbb24f9696374bfaf99 /lang/gcc48
parent: f27254d06781df78db1f4d053f5fa3b35f50877e (diff)
download: pkgsrc-bfbe34cdfe28e8041bb3c1f538bfde1d7a7ef075.tar.gz
3 files changed, 85 insertions, 3 deletions
diff --git a/lang/gcc48/Makefile b/lang/gcc48/Makefile
index 5105a51b749..18938a7a1b3 100644
--- a/lang/gcc48/Makefile
+++ b/lang/gcc48/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.36 2017/07/10 15:55:40 maya Exp $
+# $NetBSD: Makefile,v 1.37 2017/07/28 23:40:07 maya Exp $
 
 GCC_PKGNAME=	gcc48
 .include	"version.mk"
@@ -8,7 +8,7 @@ PKGNAME=	${GCC_PKGNAME}-${GCC48_DIST_VERSION}
 ## When bumping the PKGREVISION of this package the PKGREVISION of
 ## lang/gcc48-libs needs to be bump to be at least 1 more than the
 ## PKGREVISION of this package!
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	lang
 MASTER_SITES=	${MASTER_SITE_GNU:=gcc/gcc-${GCC48_DIST_VERSION}/}
 EXTRACT_SUFX=	.tar.bz2
diff --git a/lang/gcc48/distinfo b/lang/gcc48/distinfo
index 96b2f8b3d01..9791ce2d685 100644
--- a/lang/gcc48/distinfo
+++ b/lang/gcc48/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.35 2017/07/10 15:55:40 maya Exp $
+$NetBSD: distinfo,v 1.36 2017/07/28 23:40:07 maya Exp $
 
 SHA1 (ecj-4.5.jar) = 58c1d79c64c8cd718550f32a932ccfde8d1e6449
 RMD160 (ecj-4.5.jar) = d3f4da657f086b6423f74e93f001132f4855368a
@@ -37,6 +37,7 @@ SHA1 (patch-gcc_config_dragonfly.opt) = 92f615c73c2e94664bae5b5935ab8b09bca15f73
 SHA1 (patch-gcc_config_exec-stack.h) = 8135806e88c1b136038bb240958a4435b4e0bbe3
 SHA1 (patch-gcc_config_host-netbsd.c) = 765295f07edb8a68f1910e3a9b4dd2a7dcd491a5
 SHA1 (patch-gcc_config_i386_dragonfly.h) = 0d3f785434c02beb9c4561fe59842a970e8f7896
+SHA1 (patch-gcc_config_i386_i386.c) = 17dad8b3283521d23ca08690eb447a0e4e694e4c
 SHA1 (patch-gcc_config_i386_openbsd.h) = df5b85b5957392138f99085bd8ebeb923e37e9e7
 SHA1 (patch-gcc_config_i386_openbsdelf.h) = 74498a1bd7c339c90b847740d3c474ad3ca4a956
 SHA1 (patch-gcc_config_netbsd-stdint.h) = 025fc883101a187e84ed4c0772406720d645d550
diff --git a/lang/gcc48/patches/patch-gcc_config_i386_i386.c b/lang/gcc48/patches/patch-gcc_config_i386_i386.c
new file mode 100644
index 00000000000..1b98d78a0f5
--- /dev/null
+++ b/lang/gcc48/patches/patch-gcc_config_i386_i386.c
@@ -0,0 +1,81 @@
+$NetBSD: patch-gcc_config_i386_i386.c,v 1.3 2017/07/28 23:40:07 maya Exp $
+
+Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
+
+We should not expand call arguments in between flags reg setting and
+flags reg using instructions, as it may expand with flags reg
+clobbering insn (ADD in this case).
+
+Attached patch moves expansion out of the link. Also, change
+zero-extension to non-flags reg clobbering sequence in case we perform
+zero-extension with and.
+
+2017-03-25  Uros Bizjak
+
+--- gcc/config/i386/i386.c.orig	2015-06-10 09:34:21.000000000 +0000
++++ gcc/config/i386/i386.c
+@@ -32099,9 +32099,6 @@ ix86_expand_builtin (tree exp, rtx targe
+       mode0 = DImode;
+ 
+ rdrand_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -32109,6 +32106,10 @@ rdrand_step:
+ 	  op1 = convert_memory_address (Pmode, op1);
+ 	  op1 = copy_addr_to_reg (op1);
+ 	}
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op1 = gen_reg_rtx (SImode);
+@@ -32117,8 +32118,20 @@ rdrand_step:
+       /* Emit SImode conditional move.  */
+       if (mode0 == HImode)
+ 	{
+-	  op2 = gen_reg_rtx (SImode);
+-	  emit_insn (gen_zero_extendhisi2 (op2, op0));
++	  if (TARGET_ZERO_EXTEND_WITH_AND
++	      && optimize_function_for_speed_p (cfun))
++	    {
++	      op2 = force_reg (SImode, const0_rtx);
++
++	      emit_insn (gen_movstricthi
++			 (gen_lowpart (HImode, op2), op0));
++	    }
++	  else
++	    {
++	      op2 = gen_reg_rtx (SImode);
++
++	      emit_insn (gen_zero_extendhisi2 (op2, op0));
++	    }
+ 	}
+       else if (mode0 == SImode)
+ 	op2 = op0;
+@@ -32150,9 +32163,6 @@ rdrand_step:
+       mode0 = DImode;
+ 
+ rdseed_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -32160,6 +32170,10 @@ rdseed_step:
+ 	  op1 = convert_memory_address (Pmode, op1);
+ 	  op1 = copy_addr_to_reg (op1);
+ 	}
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op2 = gen_reg_rtx (QImode);
author	maya <maya@pkgsrc.org>	2017-07-28 23:40:07 +0000
committer	maya <maya@pkgsrc.org>	2017-07-28 23:40:07 +0000
commit	bfbe34cdfe28e8041bb3c1f538bfde1d7a7ef075 (patch)
tree	834cf4934c28a27b2546cfbb24f9696374bfaf99 /lang/gcc48
parent	f27254d06781df78db1f4d053f5fa3b35f50877e (diff)
download	pkgsrc-bfbe34cdfe28e8041bb3c1f538bfde1d7a7ef075.tar.gz