Date: Thu, 1 Aug 2019 23:27:30 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r507836 - in head/devel/llvm80: . files Message-ID: <201908012327.x71NRUSb061829@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Thu Aug 1 23:27:30 2019 New Revision: 507836 URL: https://svnweb.freebsd.org/changeset/ports/507836 Log: Address a code generation bug that could allow the ARM stack protector to be bypassed. This change merges upstream r366369, r366371, and r267068 (minus some test improvements). Also: - Address bugs breaking the build with all options disabled. [0] - Pin the python version to 3.6 rather than 2.7. PR: 239503 [0] Security: https://kb.cert.org/vuls/id/129209 Added: head/devel/llvm80/files/patch-llvm-r366369.diff (contents, props changed) head/devel/llvm80/files/patch-llvm-r366371.diff (contents, props changed) head/devel/llvm80/files/patch-llvm-r367068.diff (contents, props changed) Modified: head/devel/llvm80/Makefile head/devel/llvm80/pkg-plist Modified: head/devel/llvm80/Makefile ============================================================================== --- head/devel/llvm80/Makefile Thu Aug 1 23:03:00 2019 (r507835) +++ head/devel/llvm80/Makefile Thu Aug 1 23:27:30 2019 (r507836) @@ -2,7 +2,7 @@ PORTNAME= llvm DISTVERSION= 8.0.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= devel lang MASTER_SITES= https://github.com/llvm/llvm-project/releases/download/llvmorg-${DISTVERSION}/ PKGNAMESUFFIX= ${LLVM_SUFFIX} @@ -24,12 +24,10 @@ DATADIR= ${PREFIX}/share/${PORTNAME}${LLVM_SUFFIX} USES= cmake compiler:c++11-lib libedit perl5 tar:xz \ shebangfix -_USES_PYTHON?= python:2.7,build +_USES_PYTHON?= python:3.6,build USES+= ${_USES_PYTHON} USE_LDCONFIG= ${LLVM_PREFIX}/lib SHEBANG_FILES= utils/lit/lit.py utils/llvm-lit/llvm-lit.in \ - tools/clang/tools/clang-format/clang-format-diff.py \ - tools/clang/utils/hmaptool/hmaptool \ tools/opt-viewer/optrecord.py \ tools/opt-viewer/opt-diff.py \ tools/opt-viewer/opt-stats.py \ @@ -48,6 +46,9 @@ CMAKE_ARGS+= -DLLVM_HOST_TRIPLE=${CONFIGURE_TARGET} # redefine CMAKE_INSTALL_MANDIR CMAKE_ARGS+= -DCMAKE_INSTALL_MANDIR:PATH="share/man" CMAKE_ARGS+= -DLLVM_PARALLEL_LINK_JOBS=1 +CMAKE_ARGS+= -DPYTHON_EXECUTABLE=${PYTHON_CMD} \ + -DPYTHON_INCLUDE_DIR=${PYTHON_INCLUDEDIR} \ + -DPYTHON_LIBRARY=${LOCALBASE}/lib/lib${PYTHON_VERSION}m.so # Disable assertions. They should be disabled by cmake, but USES=cmake # overrides -DCMAKE_*_FLAGS_RELEASE. @@ -99,7 +100,7 @@ GOLD_DESC= Build the LLVM Gold plugin for LTO GOLD_CMAKE_ON= -DLLVM_BINUTILS_INCDIR=${LOCALBASE}/include GOLD_BUILD_DEPENDS= ${LOCALBASE}/bin/ld.gold:devel/binutils LIT_DESC= Install lit and FileCheck test tools -LIT_VARS= _USES_PYTHON=python:2.7 +LIT_VARS= _USES_PYTHON=python:3.6 LLD_DESC= Install lld, the LLVM linker LLD_DISTFILES= lld-${DISTVERSION}.src${EXTRACT_SUFX} LLD_EXTRA_PATCHES= ${PATCHDIR}/lld @@ -109,7 +110,7 @@ LLDB_DESC= Install lldb, the LLVM debugger LLDB_DISTFILES= lldb-${DISTVERSION}.src${EXTRACT_SUFX} LLDB_EXTRA_PATCHES= ${PATCHDIR}/lldb LLDB_IMPLIES= CLANG -LLDB_VARS= _USES_PYTHON=python:2.7 +LLDB_VARS= _USES_PYTHON=python:3.6 OPENMP_DESC= Install libomp, the LLVM OpenMP runtime library OPENMP_DISTFILES= openmp-${DISTVERSION}.src${EXTRACT_SUFX} OPENMP_EXTRA_PATCHES= ${PATCHDIR}/openmp @@ -178,10 +179,11 @@ COMMANDS+= ${CLANG_COMMANDS} MAN1SRCS+= clang.1 \ diagtool.1 \ scan-build.1 -CLANG_PATTERN= (c-index-test|clang|scan-|Reporter.py|ScanView.py|scanview.css|sorttable.js|startfile.py|-analyzer) +CLANG_PATTERN= (c-index-test|clang|diagtool|hmaptool|scan-|Reporter.py|ScanView.py|scanview.css|sorttable.js|startfile.py|-analyzer) SHEBANG_FILES+= tools/clang/tools/scan-view/bin/scan-view \ + tools/clang/tools/clang-format/clang-format-diff.py \ tools/clang/tools/clang-format/git-clang-format \ - tools/clang/tools/clang-format/clang-format-diff.py + tools/clang/utils/hmaptool/hmaptool USES+= gnome .endif Added: head/devel/llvm80/files/patch-llvm-r366369.diff ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/llvm80/files/patch-llvm-r366369.diff Thu Aug 1 23:27:30 2019 (r507836) @@ -0,0 +1,87 @@ +commit 90ba54bf67c4c134d000b064121789a32c0c6a73 +Author: Francis Visoiu Mistrih <francisvm@yahoo.com> +Date: Wed Jul 17 20:46:09 2019 +0000 + + [CodeGen][NFC] Simplify checks for stack protector index checking + + Use `hasStackProtectorIndex()` instead of `getStackProtectorIndex() >= + 0`. + + llvm-svn: 366369 + +diff --git lib/CodeGen/LocalStackSlotAllocation.cpp b/llvm/lib/CodeGen/LocalStackSlotAllocation.cpp +index bddd0c7732c..aa8f824c6b9 100644 +--- lib/CodeGen/LocalStackSlotAllocation.cpp ++++ lib/CodeGen/LocalStackSlotAllocation.cpp +@@ -199,19 +199,19 @@ void LocalStackSlotPass::calculateFrameObjectOffsets(MachineFunction &Fn) { + // Make sure that the stack protector comes before the local variables on the + // stack. + SmallSet<int, 16> ProtectedObjs; +- if (MFI.getStackProtectorIndex() >= 0) { ++ if (MFI.hasStackProtectorIndex()) { ++ int StackProtectorFI = MFI.getStackProtectorIndex(); + StackObjSet LargeArrayObjs; + StackObjSet SmallArrayObjs; + StackObjSet AddrOfObjs; + +- AdjustStackOffset(MFI, MFI.getStackProtectorIndex(), Offset, +- StackGrowsDown, MaxAlign); ++ AdjustStackOffset(MFI, StackProtectorFI, Offset, StackGrowsDown, MaxAlign); + + // Assign large stack objects first. + for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) { + if (MFI.isDeadObjectIndex(i)) + continue; +- if (MFI.getStackProtectorIndex() == (int)i) ++ if (StackProtectorFI == (int)i) + continue; + + switch (MFI.getObjectSSPLayout(i)) { +diff --git lib/CodeGen/PrologEpilogInserter.cpp b/llvm/lib/CodeGen/PrologEpilogInserter.cpp +index 8e31c070714..dfbf665321d 100644 +--- lib/CodeGen/PrologEpilogInserter.cpp ++++ lib/CodeGen/PrologEpilogInserter.cpp +@@ -927,18 +927,18 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) { + // Make sure that the stack protector comes before the local variables on the + // stack. + SmallSet<int, 16> ProtectedObjs; +- if (MFI.getStackProtectorIndex() >= 0) { ++ if (MFI.hasStackProtectorIndex()) { ++ int StackProtectorFI = MFI.getStackProtectorIndex(); + StackObjSet LargeArrayObjs; + StackObjSet SmallArrayObjs; + StackObjSet AddrOfObjs; + +- AdjustStackOffset(MFI, MFI.getStackProtectorIndex(), StackGrowsDown, +- Offset, MaxAlign, Skew); ++ AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign, ++ Skew); + + // Assign large stack objects first. + for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) { +- if (MFI.isObjectPreAllocated(i) && +- MFI.getUseLocalStackAllocationBlock()) ++ if (MFI.isObjectPreAllocated(i) && MFI.getUseLocalStackAllocationBlock()) + continue; + if (i >= MinCSFrameIndex && i <= MaxCSFrameIndex) + continue; +@@ -946,8 +946,7 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) { + continue; + if (MFI.isDeadObjectIndex(i)) + continue; +- if (MFI.getStackProtectorIndex() == (int)i || +- EHRegNodeFrameIndex == (int)i) ++ if (StackProtectorFI == (int)i || EHRegNodeFrameIndex == (int)i) + continue; + if (MFI.getStackID(i) != + TargetStackID::Default) // Only allocate objects on the default stack. +@@ -990,8 +989,7 @@ void PEI::calculateFrameObjectOffsets(MachineFunction &MF) { + continue; + if (MFI.isDeadObjectIndex(i)) + continue; +- if (MFI.getStackProtectorIndex() == (int)i || +- EHRegNodeFrameIndex == (int)i) ++ if (MFI.getStackProtectorIndex() == (int)i || EHRegNodeFrameIndex == (int)i) + continue; + if (ProtectedObjs.count(i)) + continue; Added: head/devel/llvm80/files/patch-llvm-r366371.diff ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/llvm80/files/patch-llvm-r366371.diff Thu Aug 1 23:27:30 2019 (r507836) @@ -0,0 +1,58 @@ +Index: lib/CodeGen/LocalStackSlotAllocation.cpp +=================================================================== +--- lib/CodeGen/LocalStackSlotAllocation.cpp ++++ lib/CodeGen/LocalStackSlotAllocation.cpp +@@ -201,6 +201,14 @@ + SmallSet<int, 16> ProtectedObjs; + if (MFI.hasStackProtectorIndex()) { + int StackProtectorFI = MFI.getStackProtectorIndex(); ++ ++ // We need to make sure we didn't pre-allocate the stack protector when ++ // doing this. ++ // If we already have a stack protector, this will re-assign it to a slot ++ // that is **not** covering the protected objects. ++ assert(!MFI.isObjectPreAllocated(StackProtectorFI) && ++ "Stack protector pre-allocated in LocalStackSlotAllocation"); ++ + StackObjSet LargeArrayObjs; + StackObjSet SmallArrayObjs; + StackObjSet AddrOfObjs; +Index: lib/CodeGen/PrologEpilogInserter.cpp +=================================================================== +--- lib/CodeGen/PrologEpilogInserter.cpp ++++ lib/CodeGen/PrologEpilogInserter.cpp +@@ -933,8 +933,16 @@ + StackObjSet SmallArrayObjs; + StackObjSet AddrOfObjs; + +- AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign, +- Skew); ++ // If we need a stack protector, we need to make sure that ++ // LocalStackSlotPass didn't already allocate a slot for it. ++ // If we are told to use the LocalStackAllocationBlock, the stack protector ++ // is expected to be already pre-allocated. ++ if (!MFI.getUseLocalStackAllocationBlock()) ++ AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign, ++ Skew); ++ else if (!MFI.isObjectPreAllocated(MFI.getStackProtectorIndex())) ++ llvm_unreachable( ++ "Stack protector not pre-allocated by LocalStackSlotPass."); + + // Assign large stack objects first. + for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) { +@@ -968,6 +976,15 @@ + llvm_unreachable("Unexpected SSPLayoutKind."); + } + ++ // We expect **all** the protected stack objects to be pre-allocated by ++ // LocalStackSlotPass. If it turns out that PEI still has to allocate some ++ // of them, we may end up messing up the expected order of the objects. ++ if (MFI.getUseLocalStackAllocationBlock() && ++ !(LargeArrayObjs.empty() && SmallArrayObjs.empty() && ++ AddrOfObjs.empty())) ++ llvm_unreachable("Found protected stack objects not pre-allocated by " ++ "LocalStackSlotPass."); ++ + AssignProtectedObjSet(LargeArrayObjs, ProtectedObjs, MFI, StackGrowsDown, + Offset, MaxAlign, Skew); + AssignProtectedObjSet(SmallArrayObjs, ProtectedObjs, MFI, StackGrowsDown, Added: head/devel/llvm80/files/patch-llvm-r367068.diff ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/devel/llvm80/files/patch-llvm-r367068.diff Thu Aug 1 23:27:30 2019 (r507836) @@ -0,0 +1,19 @@ +Index: lib/CodeGen/LocalStackSlotAllocation.cpp +=================================================================== +--- lib/CodeGen/LocalStackSlotAllocation.cpp ++++ lib/CodeGen/LocalStackSlotAllocation.cpp +@@ -351,6 +351,14 @@ + assert(MFI.isObjectPreAllocated(FrameIdx) && + "Only pre-allocated locals expected!"); + ++ // We need to keep the references to the stack protector slot through frame ++ // index operands so that it gets resolved by PEI rather than this pass. ++ // This avoids accesses to the stack protector though virtual base ++ // registers, and forces PEI to address it using fp/sp/bp. ++ if (MFI.hasStackProtectorIndex() && ++ FrameIdx == MFI.getStackProtectorIndex()) ++ continue; ++ + LLVM_DEBUG(dbgs() << "Considering: " << MI); + + unsigned idx = 0; Modified: head/devel/llvm80/pkg-plist ============================================================================== --- head/devel/llvm80/pkg-plist Thu Aug 1 23:03:00 2019 (r507835) +++ head/devel/llvm80/pkg-plist Thu Aug 1 23:27:30 2019 (r507836) @@ -57,8 +57,8 @@ bin/sancov%%LLVM_SUFFIX%% %%CLANG%%bin/clang-format%%LLVM_SUFFIX%% %%CLANG%%bin/clang-import-test%%LLVM_SUFFIX%% %%CLANG%%bin/clang-offload-bundler%%LLVM_SUFFIX%% -bin/diagtool%%LLVM_SUFFIX%% -bin/hmaptool%%LLVM_SUFFIX%% +%%CLANG%%bin/diagtool%%LLVM_SUFFIX%% +%%CLANG%%bin/hmaptool%%LLVM_SUFFIX%% %%CLANG%%bin/scan-build%%LLVM_SUFFIX%% %%CLANG%%bin/scan-view%%LLVM_SUFFIX%% %%EXTRAS%%bin/clang-apply-replacements%%LLVM_SUFFIX%% @@ -129,11 +129,11 @@ llvm%%LLVM_SUFFIX%%/bin/bugpoint %%CLANG%%llvm%%LLVM_SUFFIX%%/bin/clang-tblgen %%EXTRAS%%llvm%%LLVM_SUFFIX%%/bin/clang-tidy %%EXTRAS%%llvm%%LLVM_SUFFIX%%/bin/clangd -llvm%%LLVM_SUFFIX%%/bin/diagtool +%%CLANG%%llvm%%LLVM_SUFFIX%%/bin/diagtool llvm%%LLVM_SUFFIX%%/bin/dsymutil %%EXTRAS%%llvm%%LLVM_SUFFIX%%/bin/find-all-symbols %%CLANG%%llvm%%LLVM_SUFFIX%%/bin/git-clang-format -llvm%%LLVM_SUFFIX%%/bin/hmaptool +%%CLANG%%llvm%%LLVM_SUFFIX%%/bin/hmaptool %%LLD%%llvm%%LLVM_SUFFIX%%/bin/ld.lld %%LLD%%llvm%%LLVM_SUFFIX%%/bin/ld64.lld llvm%%LLVM_SUFFIX%%/bin/llc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908012327.x71NRUSb061829>