diff options
| author | maya <maya@pkgsrc.org> | 2017-07-28 23:41:51 +0000 |
|---|---|---|
| committer | maya <maya@pkgsrc.org> | 2017-07-28 23:41:51 +0000 |
| commit | 3e2d2260356373b1d4d1973a0ba932c6c89629a5 (patch) | |
| tree | e154ea883e39f08c27c19ff83e4db336f7fa27df /lang/gcc49 | |
| parent | c3c701a192ec90a3264be99f29d142e42e8d75e0 (diff) | |
| download | pkgsrc-3e2d2260356373b1d4d1973a0ba932c6c89629a5.tar.gz | |
gcc49: backport upstream security fix
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
Diffstat (limited to 'lang/gcc49')
| -rw-r--r-- | lang/gcc49/Makefile | 4 | ||||
| -rw-r--r-- | lang/gcc49/distinfo | 3 | ||||
| -rw-r--r-- | lang/gcc49/patches/patch-gcc_config_i386_i386.c | 81 |
3 files changed, 85 insertions, 3 deletions
diff --git a/lang/gcc49/Makefile b/lang/gcc49/Makefile index 23cffb33dff..8de2fbca3d4 100644 --- a/lang/gcc49/Makefile +++ b/lang/gcc49/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.20 2017/07/10 15:55:40 maya Exp $ +# $NetBSD: Makefile,v 1.21 2017/07/28 23:41:51 maya Exp $ GCC_PKGNAME= gcc49 .include "version.mk" @@ -9,7 +9,7 @@ PKGNAME= ${GCC_PKGNAME}-${GCC49_DIST_VERSION} ## When bumping the PKGREVISION of this package the PKGREVISION of ## lang/gcc49-libs needs to be bump to be at least 1 more than the ## PKGREVISION of this package! -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= lang MASTER_SITES= ${MASTER_SITE_GNU:=gcc/gcc-${GCC49_DIST_VERSION}/} EXTRACT_SUFX= .tar.bz2 diff --git a/lang/gcc49/distinfo b/lang/gcc49/distinfo index 429664d9634..f9ace309915 100644 --- a/lang/gcc49/distinfo +++ b/lang/gcc49/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.13 2017/07/10 15:55:40 maya Exp $ +$NetBSD: distinfo,v 1.14 2017/07/28 23:41:51 maya Exp $ SHA1 (ecj-4.5.jar) = 58c1d79c64c8cd718550f32a932ccfde8d1e6449 RMD160 (ecj-4.5.jar) = d3f4da657f086b6423f74e93f001132f4855368a @@ -17,6 +17,7 @@ SHA1 (patch-gcc_config_dragonfly.h) = 5d671b7cdf8b8e3798dd7ec47f56708aa3548f38 SHA1 (patch-gcc_config_dragonfly.opt) = b01bee26978f7feb62fc2ec21186449ccaea0db7 SHA1 (patch-gcc_config_host-netbsd.c) = 765295f07edb8a68f1910e3a9b4dd2a7dcd491a5 SHA1 (patch-gcc_config_i386_dragonfly.h) = 5756b62791273f77866f06be1df0c267dc90a2ee +SHA1 (patch-gcc_config_i386_i386.c) = 61df9f4677f599f1ba3845849f334bbd568a479f SHA1 (patch-gcc_config_netbsd-stdint.h) = fc430c80adda9d3f58eea47816338f697a659889 SHA1 (patch-gcc_config_netbsd.h) = 1d21dbe5082dd149d59dbc471d4148d0651df7d4 SHA1 (patch-gcc_config_x-netbsd) = 6dc3d78e26df62054ea29f98ca51592858e671e3 diff --git a/lang/gcc49/patches/patch-gcc_config_i386_i386.c b/lang/gcc49/patches/patch-gcc_config_i386_i386.c new file mode 100644 index 00000000000..3dc7c13e9ed --- /dev/null +++ b/lang/gcc49/patches/patch-gcc_config_i386_i386.c @@ -0,0 +1,81 @@ +$NetBSD: patch-gcc_config_i386_i386.c,v 1.1 2017/07/28 23:41:51 maya Exp $ + +Incorrect codegen from rdseed intrinsic use (CVE-2017-11671) + +We should not expand call arguments in between flags reg setting and +flags reg using instructions, as it may expand with flags reg +clobbering insn (ADD in this case). + +Attached patch moves expansion out of the link. Also, change +zero-extension to non-flags reg clobbering sequence in case we perform +zero-extension with and. + +2017-03-25 Uros Bizjak + +--- gcc/config/i386/i386.c.orig 2016-08-01 16:03:41.000000000 +0000 ++++ gcc/config/i386/i386.c +@@ -35540,9 +35540,6 @@ ix86_expand_builtin (tree exp, rtx targe + mode0 = DImode; + + rdrand_step: +- op0 = gen_reg_rtx (mode0); +- emit_insn (GEN_FCN (icode) (op0)); +- + arg0 = CALL_EXPR_ARG (exp, 0); + op1 = expand_normal (arg0); + if (!address_operand (op1, VOIDmode)) +@@ -35550,6 +35547,10 @@ rdrand_step: + op1 = convert_memory_address (Pmode, op1); + op1 = copy_addr_to_reg (op1); + } ++ ++ op0 = gen_reg_rtx (mode0); ++ emit_insn (GEN_FCN (icode) (op0)); ++ + emit_move_insn (gen_rtx_MEM (mode0, op1), op0); + + op1 = gen_reg_rtx (SImode); +@@ -35558,8 +35559,20 @@ rdrand_step: + /* Emit SImode conditional move. */ + if (mode0 == HImode) + { +- op2 = gen_reg_rtx (SImode); +- emit_insn (gen_zero_extendhisi2 (op2, op0)); ++ if (TARGET_ZERO_EXTEND_WITH_AND ++ && optimize_function_for_speed_p (cfun)) ++ { ++ op2 = force_reg (SImode, const0_rtx); ++ ++ emit_insn (gen_movstricthi ++ (gen_lowpart (HImode, op2), op0)); ++ } ++ else ++ { ++ op2 = gen_reg_rtx (SImode); ++ ++ emit_insn (gen_zero_extendhisi2 (op2, op0)); ++ } + } + else if (mode0 == SImode) + op2 = op0; +@@ -35591,9 +35604,6 @@ rdrand_step: + mode0 = DImode; + + rdseed_step: +- op0 = gen_reg_rtx (mode0); +- emit_insn (GEN_FCN (icode) (op0)); +- + arg0 = CALL_EXPR_ARG (exp, 0); + op1 = expand_normal (arg0); + if (!address_operand (op1, VOIDmode)) +@@ -35601,6 +35611,10 @@ rdseed_step: + op1 = convert_memory_address (Pmode, op1); + op1 = copy_addr_to_reg (op1); + } ++ ++ op0 = gen_reg_rtx (mode0); ++ emit_insn (GEN_FCN (icode) (op0)); ++ + emit_move_insn (gen_rtx_MEM (mode0, op1), op0); + + op2 = gen_reg_rtx (QImode); |