pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/gcc5 gcc5: Incorrect codegen from rdseed intrinsi...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/8200f9c2faa5
branches:  trunk
changeset: 365890:8200f9c2faa5
user:      maya <maya%pkgsrc.org@localhost>
date:      Sat Jul 29 00:42:35 2017 +0000

description:
gcc5: Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)

We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).

Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.

2017-03-25  Uros Bizjak

diffstat:

 lang/gcc5/Makefile                             |   4 +-
 lang/gcc5/distinfo                             |   3 +-
 lang/gcc5/patches/patch-gcc_config_i386_i386.c |  81 ++++++++++++++++++++++++++
 3 files changed, 85 insertions(+), 3 deletions(-)

diffs (115 lines):

diff -r ce3901483092 -r 8200f9c2faa5 lang/gcc5/Makefile
--- a/lang/gcc5/Makefile        Fri Jul 28 23:42:24 2017 +0000
+++ b/lang/gcc5/Makefile        Sat Jul 29 00:42:35 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.21 2017/07/09 05:30:41 maya Exp $
+# $NetBSD: Makefile,v 1.22 2017/07/29 00:42:35 maya Exp $
 
 GCC_PKGNAME=           gcc5
-PKGREVISION=           4
+PKGREVISION=           5
 .include               "version.mk"
 
 DISTNAME=      gcc-${GCC5_DIST_VERSION}
diff -r ce3901483092 -r 8200f9c2faa5 lang/gcc5/distinfo
--- a/lang/gcc5/distinfo        Fri Jul 28 23:42:24 2017 +0000
+++ b/lang/gcc5/distinfo        Sat Jul 29 00:42:35 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2017/05/28 01:36:11 maya Exp $
+$NetBSD: distinfo,v 1.15 2017/07/29 00:42:35 maya Exp $
 
 SHA1 (gcc-5.4.0.tar.bz2) = 07524df2b4ab9070bad9c49ab668da72237b8115
 RMD160 (gcc-5.4.0.tar.bz2) = 7ae3413ca7e90bb21e65e637c02ddf2b675b45f4
@@ -13,6 +13,7 @@
 SHA1 (patch-gcc_config.host) = 1b1e11cd199eb93f49443d51c0063b09b7327858
 SHA1 (patch-gcc_config_arm_arm.h) = 769a4939c0601d4f24ecff4374538b3a388e6013
 SHA1 (patch-gcc_config_host-netbsd.c) = 765295f07edb8a68f1910e3a9b4dd2a7dcd491a5
+SHA1 (patch-gcc_config_i386_i386.c) = 4bec843a876dd71d756ee757d69e4649a109bc64
 SHA1 (patch-gcc_config_netbsd-protos.h) = 6d28864b4ccc8c1a63fe28e43601b84b63a00633
 SHA1 (patch-gcc_config_netbsd-stdint.h) = 025fc883101a187e84ed4c0772406720d645d550
 SHA1 (patch-gcc_config_netbsd.c) = 9d1327f926dece6e753093e759b5c8b707747ae1
diff -r ce3901483092 -r 8200f9c2faa5 lang/gcc5/patches/patch-gcc_config_i386_i386.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/gcc5/patches/patch-gcc_config_i386_i386.c    Sat Jul 29 00:42:35 2017 +0000
@@ -0,0 +1,81 @@
+$NetBSD: patch-gcc_config_i386_i386.c,v 1.1 2017/07/29 00:42:35 maya Exp $
+
+Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
+
+We should not expand call arguments in between flags reg setting and
+flags reg using instructions, as it may expand with flags reg
+clobbering insn (ADD in this case).
+
+Attached patch moves expansion out of the link. Also, change
+zero-extension to non-flags reg clobbering sequence in case we perform
+zero-extension with and.
+
+2017-03-25  Uros Bizjak
+
+--- gcc/config/i386/i386.c.orig        2016-05-20 13:24:29.000000000 +0000
++++ gcc/config/i386/i386.c
+@@ -39529,9 +39529,6 @@ ix86_expand_builtin (tree exp, rtx targe
+       mode0 = DImode;
+ 
+ rdrand_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -39539,6 +39536,10 @@ rdrand_step:
+         op1 = convert_memory_address (Pmode, op1);
+         op1 = copy_addr_to_reg (op1);
+       }
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op1 = gen_reg_rtx (SImode);
+@@ -39547,8 +39548,20 @@ rdrand_step:
+       /* Emit SImode conditional move.  */
+       if (mode0 == HImode)
+       {
+-        op2 = gen_reg_rtx (SImode);
+-        emit_insn (gen_zero_extendhisi2 (op2, op0));
++        if (TARGET_ZERO_EXTEND_WITH_AND
++            && optimize_function_for_speed_p (cfun))
++          {
++            op2 = force_reg (SImode, const0_rtx);
++
++            emit_insn (gen_movstricthi
++                       (gen_lowpart (HImode, op2), op0));
++          }
++        else
++          {
++            op2 = gen_reg_rtx (SImode);
++
++            emit_insn (gen_zero_extendhisi2 (op2, op0));
++          }
+       }
+       else if (mode0 == SImode)
+       op2 = op0;
+@@ -39580,9 +39593,6 @@ rdrand_step:
+       mode0 = DImode;
+ 
+ rdseed_step:
+-      op0 = gen_reg_rtx (mode0);
+-      emit_insn (GEN_FCN (icode) (op0));
+-
+       arg0 = CALL_EXPR_ARG (exp, 0);
+       op1 = expand_normal (arg0);
+       if (!address_operand (op1, VOIDmode))
+@@ -39590,6 +39600,10 @@ rdseed_step:
+         op1 = convert_memory_address (Pmode, op1);
+         op1 = copy_addr_to_reg (op1);
+       }
++
++      op0 = gen_reg_rtx (mode0);
++      emit_insn (GEN_FCN (icode) (op0));
++
+       emit_move_insn (gen_rtx_MEM (mode0, op1), op0);
+ 
+       op2 = gen_reg_rtx (QImode);



Home | Main Index | Thread Index | Old Index