kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/devel/llvm80/files/patch-llvm-r366371.diff
Brooks Davis 9409eb97ab Address a code generation bug that could allow the ARM stack protector 
to be bypassed.

This change merges upstream r366369, r366371, and r267068 (minus some
test improvements).

Also:
 - Address bugs breaking the build with all options disabled. [0]
 - Pin the python version to 3.6 rather than 2.7.

PR:		239503 [0]
Security:	https://kb.cert.org/vuls/id/129209
2019-08-01 23:27:30 +00:00

58 lines
2.7 KiB
Diff
Raw Blame History

Index: lib/CodeGen/LocalStackSlotAllocation.cpp
===================================================================
--- lib/CodeGen/LocalStackSlotAllocation.cpp
+++ lib/CodeGen/LocalStackSlotAllocation.cpp
@@ -201,6 +201,14 @@
SmallSet<int, 16> ProtectedObjs;
if (MFI.hasStackProtectorIndex()) {
int StackProtectorFI = MFI.getStackProtectorIndex();
+
+ // We need to make sure we didn't pre-allocate the stack protector when
+ // doing this.
+ // If we already have a stack protector, this will re-assign it to a slot
+ // that is **not** covering the protected objects.
+ assert(!MFI.isObjectPreAllocated(StackProtectorFI) &&
+ "Stack protector pre-allocated in LocalStackSlotAllocation");
+
StackObjSet LargeArrayObjs;
StackObjSet SmallArrayObjs;
StackObjSet AddrOfObjs;
Index: lib/CodeGen/PrologEpilogInserter.cpp
===================================================================
--- lib/CodeGen/PrologEpilogInserter.cpp
+++ lib/CodeGen/PrologEpilogInserter.cpp
@@ -933,8 +933,16 @@
StackObjSet SmallArrayObjs;
StackObjSet AddrOfObjs;
- AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign,
- Skew);
+ // If we need a stack protector, we need to make sure that
+ // LocalStackSlotPass didn't already allocate a slot for it.
+ // If we are told to use the LocalStackAllocationBlock, the stack protector
+ // is expected to be already pre-allocated.
+ if (!MFI.getUseLocalStackAllocationBlock())
+ AdjustStackOffset(MFI, StackProtectorFI, StackGrowsDown, Offset, MaxAlign,
+ Skew);
+ else if (!MFI.isObjectPreAllocated(MFI.getStackProtectorIndex()))
+ llvm_unreachable(
+ "Stack protector not pre-allocated by LocalStackSlotPass.");
// Assign large stack objects first.
for (unsigned i = 0, e = MFI.getObjectIndexEnd(); i != e; ++i) {
@@ -968,6 +976,15 @@
llvm_unreachable("Unexpected SSPLayoutKind.");
}
+ // We expect **all** the protected stack objects to be pre-allocated by
+ // LocalStackSlotPass. If it turns out that PEI still has to allocate some
+ // of them, we may end up messing up the expected order of the objects.
+ if (MFI.getUseLocalStackAllocationBlock() &&
+ !(LargeArrayObjs.empty() && SmallArrayObjs.empty() &&
+ AddrOfObjs.empty()))
+ llvm_unreachable("Found protected stack objects not pre-allocated by "
+ "LocalStackSlotPass.");
+
AssignProtectedObjSet(LargeArrayObjs, ProtectedObjs, MFI, StackGrowsDown,
Offset, MaxAlign, Skew);
AssignProtectedObjSet(SmallArrayObjs, ProtectedObjs, MFI, StackGrowsDown,
Reference in a new issue View git blame Copy permalink