svn commit: r507836 - in head/devel/llvm80: . files
Brooks Davis
brooks at FreeBSD.org
Thu Aug 1 23:27:31 UTC 2019
Author: brooks
Date: Thu Aug 1 23:27:30 2019
New Revision: 507836
URL: https://svnweb.freebsd.org/changeset/ports/507836
Log:
Address a code generation bug that could allow the ARM stack protector
to be bypassed.
This change merges upstream r366369, r366371, and r267068 (minus some
test improvements).
Also:
- Address bugs breaking the build with all options disabled. [0]
- Pin the python version to 3.6 rather than 2.7.
PR: 239503 [0]
Security: https://kb.cert.org/vuls/id/129209
Added:
head/devel/llvm80/files/patch-llvm-r366369.diff (contents, props changed)
head/devel/llvm80/files/patch-llvm-r366371.diff (contents, props changed)
head/devel/llvm80/files/patch-llvm-r367068.diff (contents, props changed)
Modified:
head/devel/llvm80/Makefile
head/devel/llvm80/pkg-plist
Modified: head/devel/llvm80/Makefile
==============================================================================
--- head/devel/llvm80/Makefile Thu Aug 1 23:03:00 2019 (r507835)
+++ head/devel/llvm80/Makefile Thu Aug 1 23:27:30 2019 (r507836)
@@ -2,7 +2,7 @@
PORTNAME= llvm
DISTVERSION= 8.0.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= devel lang
MASTER_SITES= https://github.com/llvm/llvm-project/releases/download/llvmorg-${DISTVERSION}/
PKGNAMESUFFIX= ${LLVM_SUFFIX}
@@ -24,12 +24,10 @@ DATADIR= ${PREFIX}/share/${PORTNAME}${LLVM_SUFFIX}
USES= cmake compiler:c++11-lib libedit perl5 tar:xz \
shebangfix
-_USES_PYTHON?= python:2.7,build
+_USES_PYTHON?= python:3.6,build
USES+= ${_USES_PYTHON}
USE_LDCONFIG= ${LLVM_PREFIX}/lib
SHEBANG_FILES= utils/lit/lit.py utils/llvm-lit/llvm-lit.in \
- tools/clang/tools/clang-format/clang-format-diff.py \
- tools/clang/utils/hmaptool/hmaptool \
tools/opt-viewer/optrecord.py \
tools/opt-viewer/opt-diff.py \
tools/opt-viewer/opt-stats.py \
@@ -48,6 +46,9 @@ CMAKE_ARGS+= -DLLVM_HOST_TRIPLE=${CONFIGURE_TARGET}
# redefine CMAKE_INSTALL_MANDIR
CMAKE_ARGS+= -DCMAKE_INSTALL_MANDIR:PATH="share/man"
CMAKE_ARGS+= -DLLVM_PARALLEL_LINK_JOBS=1
+CMAKE_ARGS+= -DPYTHON_EXECUTABLE=${PYTHON_CMD} \
+ -DPYTHON_INCLUDE_DIR=${PYTHON_INCLUDEDIR} \
+ -DPYTHON_LIBRARY=${LOCALBASE}/lib/lib${PYTHON_VERSION}m.so
# Disable assertions. They should be disabled by cmake, but USES=cmake
# overrides -DCMAKE_*_FLAGS_RELEASE.
@@ -99,7 +100,7 @@ GOLD_DESC= Build the LLVM Gold plugin for LTO
GOLD_CMAKE_ON= -DLLVM_BINUTILS_INCDIR=${LOCALBASE}/include
GOLD_BUILD_DEPENDS= ${LOCALBASE}/bin/ld.gold:devel/binutils
LIT_DESC= Install lit and FileCheck test tools
-LIT_VARS= _USES_PYTHON=python:2.7
+LIT_VARS= _USES_PYTHON=python:3.6
LLD_DESC= Install lld, the LLVM linker
LLD_DISTFILES= lld-${DISTVERSION}.src${EXTRACT_SUFX}
LLD_EXTRA_PATCHES= ${PATCHDIR}/lld
@@ -109,7 +110,7 @@ LLDB_DESC= Install lldb, the LLVM debugger
LLDB_DISTFILES= lldb-${DISTVERSION}.src${EXTRACT_SUFX}
LLDB_EXTRA_PATCHES= ${PATCHDIR}/lldb
LLDB_IMPLIES= CLANG
-LLDB_VARS= _USES_PYTHON=python:2.7
+LLDB_VARS= _USES_PYTHON=python:3.6
OPENMP_DESC= Install libomp, the LLVM OpenMP runtime library
OPENMP_DISTFILES= openmp-${DISTVERSION}.src${EXTRACT_SUFX}
OPENMP_EXTRA_PATCHES= ${PATCHDIR}/openmp
@@ -178,10 +179,11 @@ COMMANDS+= ${CLANG_COMMANDS}
MAN1SRCS+= clang.1 \
diagtool.1 \
scan-build.1
-CLANG_PATTERN= (c-index-test|clang|scan-|Reporter.py|ScanView.py|scanview.css|sorttable.js|startfile.py|-analyzer)
+CLANG_PATTERN= (c-index-test|clang|diagtool|hmaptool|scan-|Reporter.py|ScanView.py|scanview.css|sorttable.js|startfile.py|-analyzer)
SHEBANG_FILES+= tools/clang/tools/scan-view/bin/scan-view \
+ tools/clang/tools/clang-format/clang-format-diff.py \
tools/clang/tools/clang-format/git-clang-format \
- tools/clang/tools/clang-format/clang-format-diff.py
+ tools/clang/utils/hmaptool/hmaptool
USES+= gnome
.endif
Added: head/devel/llvm80/files/patch-llvm-r366369.diff
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/llvm80/files/patch-llvm-r366369.diff Thu Aug 1 23:27:30 2019 (r507836)
@@ -0,0 +1,87 @@
+commit 90ba54bf67c4c134d000b064121789a32c0c6a73
+Author: Francis Visoiu Mistrih <francisvm at yahoo.com>
+Date: Wed Jul 17 20:46:09 2019 +0000
+
+ [CodeGen][NFC] Simplify checks for stack protector index checking
+
+ Use `hasStackProtectorIndex()` instead of `getStackProtectorIndex() >=
+ 0`.
+
+ llvm-svn: 366369
+
+diff --git lib/CodeGen/LocalStackSlotAllocation.cpp b/llvm/lib/CodeGen/LocalStackSlotAllocation.cpp
+index bddd0c7732c..aa8f824c6b9 100644
+--- lib/CodeGen/LocalStackSlotAllocation.cpp
++++ lib/CodeGen/LocalStackSlotAllocation.cpp
+@@ -199,19 +199,19 @@ void LocalStackSlotPass::calculateFrameObjectOffsets(MachineFunction &Fn) {
+ // Make sure that the stack protector comes before the local variables on the
+ // stack.
+ SmallSet<int, 16> ProtectedObjs;
+- if (MFI.getStackProtectorIndex() >= 0) {
++ if (MFI.hasStackProtectorIndex()) {
++ int StackProtectorFI = MFI.getStackProtectorIndex();
+ StackObjSet LargeArrayObjs;
+ StackObjSet SmallArrayObjs;
+ StackObjSet AddrOfObjs;
+
+- AdjustStackOffset(MFI, MFI.getStackProtectorIndex(), Offset,
+- StackGrowsDown, MaxAlign);
++ AdjustStackOffset(MFI, StackProtectorFI, Offset, StackGrowsDown, MaxAlign);
+
+ // Assign large stack objects first.
+ for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) {
+ if (MFI.isDeadObjectIndex(i))
+ continue;
+- if (MFI.getStackProtectorIndex() == (int)i)
++ if (StackProtectorFI == (int)i)
+ continue;
+
+ switch (MFI.getObjectSSPLayout(i)) {
+diff --git lib/CodeGen/PrologEpilogInserter.cpp b/llvm/lib/CodeGen/PrologEpilogInserter.cpp
+index 8e31c070714..dfbf665321d 100644
+--- lib/CodeGen/PrologEpilogInserter.cpp
++++ lib/CodeGen/PrologEpilogInserter.cpp
+@@ -927,18 +927,18 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) {
+ // Make sure that the stack protector comes before the local variables on the
+ // stack.
+ SmallSet<int, 16> ProtectedObjs;
+- if (MFI.getStackProtectorIndex() >= 0) {
++ if (MFI.hasStackProtectorIndex()) {
++ int StackProtectorFI = MFI.getStackProtectorIndex();
+ StackObjSet LargeArrayObjs;
+ StackObjSet SmallArrayObjs;
+ StackObjSet AddrOfObjs;
+
+- AdjustStackOffset(MFI, MFI.getStackProtectorIndex(), StackGrowsDown,
+- Offset, MaxAlign, Skew);
++ AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign,
++ Skew);
+
+ // Assign large stack objects first.
+ for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) {
+- if (MFI.isObjectPreAllocated(i) &&
+- MFI.getUseLocalStackAllocationBlock())
++ if (MFI.isObjectPreAllocated(i) && MFI.getUseLocalStackAllocationBlock())
+ continue;
+ if (i >= MinCSFrameIndex && i <= MaxCSFrameIndex)
+ continue;
+@@ -946,8 +946,7 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) {
+ continue;
+ if (MFI.isDeadObjectIndex(i))
+ continue;
+- if (MFI.getStackProtectorIndex() == (int)i ||
+- EHRegNodeFrameIndex == (int)i)
++ if (StackProtectorFI == (int)i || EHRegNodeFrameIndex == (int)i)
+ continue;
+ if (MFI.getStackID(i) !=
+ TargetStackID::Default) // Only allocate objects on the default stack.
+@@ -990,8 +989,7 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) {
+ continue;
+ if (MFI.isDeadObjectIndex(i))
+ continue;
+- if (MFI.getStackProtectorIndex() == (int)i ||
+- EHRegNodeFrameIndex == (int)i)
++ if (MFI.getStackProtectorIndex() == (int)i || EHRegNodeFrameIndex == (int)i)
+ continue;
+ if (ProtectedObjs.count(i))
+ continue;
Added: head/devel/llvm80/files/patch-llvm-r366371.diff
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/llvm80/files/patch-llvm-r366371.diff Thu Aug 1 23:27:30 2019 (r507836)
@@ -0,0 +1,58 @@
+Index: lib/CodeGen/LocalStackSlotAllocation.cpp
+===================================================================
+--- lib/CodeGen/LocalStackSlotAllocation.cpp
++++ lib/CodeGen/LocalStackSlotAllocation.cpp
+@@ -201,6 +201,14 @@
+ SmallSet<int, 16> ProtectedObjs;
+ if (MFI.hasStackProtectorIndex()) {
+ int StackProtectorFI = MFI.getStackProtectorIndex();
++
++ // We need to make sure we didn't pre-allocate the stack protector when
++ // doing this.
++ // If we already have a stack protector, this will re-assign it to a slot
++ // that is **not** covering the protected objects.
++ assert(!MFI.isObjectPreAllocated(StackProtectorFI) &&
++ "Stack protector pre-allocated in LocalStackSlotAllocation");
++
+ StackObjSet LargeArrayObjs;
+ StackObjSet SmallArrayObjs;
+ StackObjSet AddrOfObjs;
+Index: lib/CodeGen/PrologEpilogInserter.cpp
+===================================================================
+--- lib/CodeGen/PrologEpilogInserter.cpp
++++ lib/CodeGen/PrologEpilogInserter.cpp
+@@ -933,8 +933,16 @@
+ StackObjSet SmallArrayObjs;
+ StackObjSet AddrOfObjs;
+
+- AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign,
+- Skew);
++ // If we need a stack protector, we need to make sure that
++ // LocalStackSlotPass didn't already allocate a slot for it.
++ // If we are told to use the LocalStackAllocationBlock, the stack protector
++ // is expected to be already pre-allocated.
++ if (!MFI.getUseLocalStackAllocationBlock())
++ AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign,
++ Skew);
++ else if (!MFI.isObjectPreAllocated(MFI.getStackProtectorIndex()))
++ llvm_unreachable(
++ "Stack protector not pre-allocated by LocalStackSlotPass.");
+
+ // Assign large stack objects first.
+ for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) {
+@@ -968,6 +976,15 @@
+ llvm_unreachable("Unexpected SSPLayoutKind.");
+ }
+
++ // We expect **all** the protected stack objects to be pre-allocated by
++ // LocalStackSlotPass. If it turns out that PEI still has to allocate some
++ // of them, we may end up messing up the expected order of the objects.
++ if (MFI.getUseLocalStackAllocationBlock() &&
++ !(LargeArrayObjs.empty() && SmallArrayObjs.empty() &&
++ AddrOfObjs.empty()))
++ llvm_unreachable("Found protected stack objects not pre-allocated by "
++ "LocalStackSlotPass.");
++
+ AssignProtectedObjSet(LargeArrayObjs, ProtectedObjs, MFI, StackGrowsDown,
+ Offset, MaxAlign, Skew);
+ AssignProtectedObjSet(SmallArrayObjs, ProtectedObjs, MFI, StackGrowsDown,
Added: head/devel/llvm80/files/patch-llvm-r367068.diff
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/devel/llvm80/files/patch-llvm-r367068.diff Thu Aug 1 23:27:30 2019 (r507836)
@@ -0,0 +1,19 @@
+Index: lib/CodeGen/LocalStackSlotAllocation.cpp
+===================================================================
+--- lib/CodeGen/LocalStackSlotAllocation.cpp
++++ lib/CodeGen/LocalStackSlotAllocation.cpp
+@@ -351,6 +351,14 @@
+ assert(MFI.isObjectPreAllocated(FrameIdx) &&
+ "Only pre-allocated locals expected!");
+
++ // We need to keep the references to the stack protector slot through frame
++ // index operands so that it gets resolved by PEI rather than this pass.
++ // This avoids accesses to the stack protector though virtual base
++ // registers, and forces PEI to address it using fp/sp/bp.
++ if (MFI.hasStackProtectorIndex() &&
++ FrameIdx == MFI.getStackProtectorIndex())
++ continue;
++
+ LLVM_DEBUG(dbgs() << "Considering: " << MI);
+
+ unsigned idx = 0;
Modified: head/devel/llvm80/pkg-plist
==============================================================================
--- head/devel/llvm80/pkg-plist Thu Aug 1 23:03:00 2019 (r507835)
+++ head/devel/llvm80/pkg-plist Thu Aug 1 23:27:30 2019 (r507836)
@@ -57,8 +57,8 @@ bin/sancov%%LLVM_SUFFIX%%
%%CLANG%%bin/clang-format%%LLVM_SUFFIX%%
%%CLANG%%bin/clang-import-test%%LLVM_SUFFIX%%
%%CLANG%%bin/clang-offload-bundler%%LLVM_SUFFIX%%
-bin/diagtool%%LLVM_SUFFIX%%
-bin/hmaptool%%LLVM_SUFFIX%%
+%%CLANG%%bin/diagtool%%LLVM_SUFFIX%%
+%%CLANG%%bin/hmaptool%%LLVM_SUFFIX%%
%%CLANG%%bin/scan-build%%LLVM_SUFFIX%%
%%CLANG%%bin/scan-view%%LLVM_SUFFIX%%
%%EXTRAS%%bin/clang-apply-replacements%%LLVM_SUFFIX%%
@@ -129,11 +129,11 @@ llvm%%LLVM_SUFFIX%%/bin/bugpoint
%%CLANG%%llvm%%LLVM_SUFFIX%%/bin/clang-tblgen
%%EXTRAS%%llvm%%LLVM_SUFFIX%%/bin/clang-tidy
%%EXTRAS%%llvm%%LLVM_SUFFIX%%/bin/clangd
-llvm%%LLVM_SUFFIX%%/bin/diagtool
+%%CLANG%%llvm%%LLVM_SUFFIX%%/bin/diagtool
llvm%%LLVM_SUFFIX%%/bin/dsymutil
%%EXTRAS%%llvm%%LLVM_SUFFIX%%/bin/find-all-symbols
%%CLANG%%llvm%%LLVM_SUFFIX%%/bin/git-clang-format
-llvm%%LLVM_SUFFIX%%/bin/hmaptool
+%%CLANG%%llvm%%LLVM_SUFFIX%%/bin/hmaptool
%%LLD%%llvm%%LLVM_SUFFIX%%/bin/ld.lld
%%LLD%%llvm%%LLVM_SUFFIX%%/bin/ld64.lld
llvm%%LLVM_SUFFIX%%/bin/llc
More information about the svn-ports-all
mailing list