From nobody Sun Jun 02 09:30:59 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VsWnH6Fzdz5MRMG; Sun, 02 Jun 2024 09:30:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VsWnH5mRgz4q3j; Sun, 2 Jun 2024 09:30:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1717320659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Dq1k46bA7XIwtgdaDOtmlaZEGg050EXnRc42ztwW8pM=; b=QKCoq+Z+pljY9SdvcHICJjb2BDQYaDs94gm4/eUE9fEHrhYvurMVCxKeS68ANMgKvkgGG7 p9WMDOoNtY8gA14NsA6ItIbiuX4Z+cwE77vi98Mei+cWfUUAXFoKFS2VviSnWai7ByswzI NNOWfGdCUOdx6f3a3G9Q2kChjmcoCmKrduKztVU2UkNZTMTCAZwNCWz3eow1qyACNn1/3c A902WUfMopRZ4RkV8qBnFyfEXwZXM2uxRw7vG+MIE9qUaYd0gAc4Sbg4t3l87yvwcEK4Pv H2BoKTKjSqxSiPzOCStRwA9Ypdn2ZYeO0NmMAH6PTH3MfombolyAGbavx2VDpg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1717320659; a=rsa-sha256; cv=none; b=K4bA0pSxjRBStp3ggQ7iz+439jMpArUR40jJ4RBBHf+kLsT5Rpi2pS7XsaaFpRnhC8keGq XVO+vBHPGGBFlIeYyrw5NjxfH5whJvTZCaYE9XZ5D3sFdVL9esC/XfrlGxxU6WvEiD0K2l qJbhko3FD/s1c8ST5NgDSx0RkBGmyaPGuM1F9Yuim8/+Xw4HBx20LgtG29nGVevHVg3SnH hByYElRlfpsnkIrdNPc+DPXAoBH9021uyFzRtb6vSBAgjV+RXwUhoPNQ8Rwfp7v8EgUOs8 L0cOLI9UEIcKO9mXNcRYJGdL+BlrkI6tD31GcW628UQbJ8wOnaVJmq9Q1UtaMA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1717320659; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Dq1k46bA7XIwtgdaDOtmlaZEGg050EXnRc42ztwW8pM=; b=WG6xDfDmM/dn5aRnyk0+ZgPXdw4DZ/WdqV+gMN8FdJehVtUpEev/ezwxbANP7HkrPzEdwY 46U6Xh3LuNYsNU4saoq/2T0bW/SDD/AYlMpbnKWkXNEK5LBGcxB7HwXAI/0M3x6SRLWlIk 2XTdLMxWbEZWgzOlKM7Uk7vboC23IbSGO/Lfzx0ZMxXuZWDeE1PcARLEMydTJC0v3xW2rJ eS5ryKke6tJk/SVp5EfQNLShMdzE6ct6MHDo3dweDE7u2Ks7T3nuAHbchLWhbpMv78FBE6 Ed6+zGLNYgppLzc9zTzy28KiCtmBocbxGLcKjcQKp78fDUHfCFigAbnRSzgbwg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VsWnH5NwKzm42; Sun, 2 Jun 2024 09:30:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4529Ux5F016040; Sun, 2 Jun 2024 09:30:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4529UxrI016037; Sun, 2 Jun 2024 09:30:59 GMT (envelope-from git) Date: Sun, 2 Jun 2024 09:30:59 GMT Message-Id: <202406020930.4529UxrI016037@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Dimitry Andric Subject: git: f5fb251a553e - stable/14 - Merge commit 9f85bc834b07 from llvm-project (by Nikita Popov): List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-branches@freebsd.org Sender: owner-dev-commits-src-branches@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: dim X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: f5fb251a553e95a84fcff8ed4a79a9659582019a Auto-Submitted: auto-generated The branch stable/14 has been updated by dim: URL: https://cgit.FreeBSD.org/src/commit/?id=f5fb251a553e95a84fcff8ed4a79a9659582019a commit f5fb251a553e95a84fcff8ed4a79a9659582019a Author: Dimitry Andric AuthorDate: 2024-05-30 15:35:15 +0000 Commit: Dimitry Andric CommitDate: 2024-06-02 09:30:42 +0000 Merge commit 9f85bc834b07 from llvm-project (by Nikita Popov): [PPCMergeStringPool] Only replace constant once (#92996) In #88846 I changed this code to use RAUW to perform the replacement instead of manual updates -- but kept the outer loop, which means we try to perform RAUW once per user. However, some of the users might be freed by the RAUW operation, resulting in use-after-free. The case where this happens is constant users where the replacement might result in the destruction of the original constant. Fixes https://github.com/llvm/llvm-project/issues/92991. This fixes a possible crash when building crypto/openssh/sshkey.c for PowerPC targets. Reported by: cperciva PR: 276104 MFC after: 3 days (cherry picked from commit f30188c4680a85126e793de157b851bf5ee47529) --- .../llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp | 37 ++++------------------ 1 file changed, 7 insertions(+), 30 deletions(-) diff --git a/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp b/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp index ebd876d50c44..0830b02370cd 100644 --- a/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp +++ b/contrib/llvm-project/llvm/lib/Target/PowerPC/PPCMergeStringPool.cpp @@ -290,13 +290,6 @@ bool PPCMergeStringPool::mergeModuleStringPool(Module &M) { return true; } -static bool userHasOperand(User *TheUser, GlobalVariable *GVOperand) { - for (Value *Op : TheUser->operands()) - if (Op == GVOperand) - return true; - return false; -} - // For pooled strings we need to add the offset into the pool for each string. // This is done by adding a Get Element Pointer (GEP) before each user. This // function adds the GEP. @@ -307,29 +300,13 @@ void PPCMergeStringPool::replaceUsesWithGEP(GlobalVariable *GlobalToReplace, Indices.push_back(ConstantInt::get(Type::getInt32Ty(*Context), 0)); Indices.push_back(ConstantInt::get(Type::getInt32Ty(*Context), ElementIndex)); - // Need to save a temporary copy of each user list because we remove uses - // as we replace them. - SmallVector Users; - for (User *CurrentUser : GlobalToReplace->users()) - Users.push_back(CurrentUser); - - for (User *CurrentUser : Users) { - // The user was not found so it must have been replaced earlier. - if (!userHasOperand(CurrentUser, GlobalToReplace)) - continue; - - // We cannot replace operands in globals so we ignore those. - if (isa(CurrentUser)) - continue; - - Constant *ConstGEP = ConstantExpr::getInBoundsGetElementPtr( - PooledStructType, GPool, Indices); - LLVM_DEBUG(dbgs() << "Replacing this global:\n"); - LLVM_DEBUG(GlobalToReplace->dump()); - LLVM_DEBUG(dbgs() << "with this:\n"); - LLVM_DEBUG(ConstGEP->dump()); - GlobalToReplace->replaceAllUsesWith(ConstGEP); - } + Constant *ConstGEP = + ConstantExpr::getInBoundsGetElementPtr(PooledStructType, GPool, Indices); + LLVM_DEBUG(dbgs() << "Replacing this global:\n"); + LLVM_DEBUG(GlobalToReplace->dump()); + LLVM_DEBUG(dbgs() << "with this:\n"); + LLVM_DEBUG(ConstGEP->dump()); + GlobalToReplace->replaceAllUsesWith(ConstGEP); } } // namespace