import gcc-8.5.0-15.el8

This commit is contained in:
CentOS Sources 2022-11-08 01:55:13 -05:00 committed by Stepan Oksanichenko
parent 0b9f6ed550
commit a4c046503b
6 changed files with 1230 additions and 5 deletions

294
SOURCES/gcc8-harden-1.patch Normal file
View File

@ -0,0 +1,294 @@
From 88bf1c3910e4cf97dcb85c6d32291c23e572a516 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 27 Oct 2021 07:48:54 -0700
Subject: [PATCH 1/4] x86: Add -mharden-sls=[none|all|return|indirect-branch]
Add -mharden-sls= to mitigate against straight line speculation (SLS)
for function return and indirect branch by adding an INT3 instruction
after function return and indirect branch.
gcc/
PR target/102952
* config/i386/i386-opts.h (harden_sls): New enum.
* config/i386/i386.c (output_indirect_thunk): Mitigate against
SLS for function return.
(ix86_output_function_return): Likewise.
(ix86_output_jmp_thunk_or_indirect): Mitigate against indirect
branch.
(ix86_output_indirect_jmp): Likewise.
(ix86_output_call_insn): Likewise.
* config/i386/i386.opt: Add -mharden-sls=.
* doc/invoke.texi: Document -mharden-sls=.
gcc/testsuite/
PR target/102952
* gcc.target/i386/harden-sls-1.c: New test.
* gcc.target/i386/harden-sls-2.c: Likewise.
* gcc.target/i386/harden-sls-3.c: Likewise.
* gcc.target/i386/harden-sls-4.c: Likewise.
* gcc.target/i386/harden-sls-5.c: Likewise.
(cherry picked from commit 53a643f8568067d7700a9f2facc8ba39974973d3)
---
gcc/config/i386/i386-opts.h | 7 +++++++
gcc/config/i386/i386.c | 22 +++++++++++++++-----
gcc/config/i386/i386.opt | 20 ++++++++++++++++++
gcc/doc/invoke.texi | 10 ++++++++-
gcc/testsuite/gcc.target/i386/harden-sls-1.c | 14 +++++++++++++
gcc/testsuite/gcc.target/i386/harden-sls-2.c | 14 +++++++++++++
gcc/testsuite/gcc.target/i386/harden-sls-3.c | 14 +++++++++++++
gcc/testsuite/gcc.target/i386/harden-sls-4.c | 16 ++++++++++++++
gcc/testsuite/gcc.target/i386/harden-sls-5.c | 17 +++++++++++++++
9 files changed, 128 insertions(+), 6 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-1.c
create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-2.c
create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-3.c
create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-4.c
create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-5.c
diff --git a/gcc/config/i386/i386-opts.h b/gcc/config/i386/i386-opts.h
index 46366cbfa72..34718b6d52c 100644
--- a/gcc/config/i386/i386-opts.h
+++ b/gcc/config/i386/i386-opts.h
@@ -119,4 +119,11 @@ enum indirect_branch {
indirect_branch_thunk_extern
};
+enum harden_sls {
+ harden_sls_none = 0,
+ harden_sls_return = 1 << 0,
+ harden_sls_indirect_branch = 1 << 1,
+ harden_sls_all = harden_sls_return | harden_sls_indirect_branch
+};
+
#endif
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 31502774ef3..eb9303f8742 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -10977,6 +10977,9 @@ output_indirect_thunk (enum indirect_thunk_prefix need_prefix,
fputs ("\tbnd ret\n", asm_out_file);
else
fputs ("\tret\n", asm_out_file);
+
+ if ((ix86_harden_sls & harden_sls_return))
+ fputs ("\tint3\n", asm_out_file);
}
/* Output a funtion with a call and return thunk for indirect branch.
@@ -28728,6 +28731,8 @@ ix86_output_jmp_thunk_or_indirect (const char *thunk_name,
fprintf (asm_out_file, "\tjmp\t");
assemble_name (asm_out_file, thunk_name);
putc ('\n', asm_out_file);
+ if ((ix86_harden_sls & harden_sls_indirect_branch))
+ fputs ("\tint3\n", asm_out_file);
}
else
output_indirect_thunk (need_prefix, regno);
@@ -28973,10 +28978,10 @@ ix86_output_indirect_jmp (rtx call_op)
gcc_unreachable ();
ix86_output_indirect_branch (call_op, "%0", true);
- return "";
}
else
- return "%!jmp\t%A0";
+ output_asm_insn ("%!jmp\t%A0", &call_op);
+ return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
}
/* Output function return. CALL_OP is the jump target. Add a REP
@@ -29018,9 +29023,11 @@ ix86_output_function_return (bool long_p)
}
if (!long_p || ix86_bnd_prefixed_insn_p (current_output_insn))
- return "%!ret";
+ output_asm_insn ("%!ret", NULL);
+ else
+ output_asm_insn ("rep%; ret", NULL);
- return "rep%; ret";
+ return (ix86_harden_sls & harden_sls_return) ? "int3" : "";
}
/* Output indirect function return. RET_OP is the function return
@@ -29158,7 +29165,12 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
if (output_indirect_p && !direct_p)
ix86_output_indirect_branch (call_op, xasm, true);
else
- output_asm_insn (xasm, &call_op);
+ {
+ output_asm_insn (xasm, &call_op);
+ if (!direct_p
+ && (ix86_harden_sls & harden_sls_indirect_branch))
+ return "int3";
+ }
return "";
}
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index d9bd909a885..3ae48609e25 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1055,3 +1055,23 @@ Support MOVDIRI built-in functions and code generation.
mmovdir64b
Target Report Mask(ISA_MOVDIR64B) Var(ix86_isa_flags2) Save
Support MOVDIR64B built-in functions and code generation.
+
+mharden-sls=
+Target RejectNegative Joined Enum(harden_sls) Var(ix86_harden_sls) Init(harden_sls_none)
+Generate code to mitigate against straight line speculation.
+
+Enum
+Name(harden_sls) Type(enum harden_sls)
+Known choices for mitigation against straight line speculation with -mharden-sls=:
+
+EnumValue
+Enum(harden_sls) String(none) Value(harden_sls_none)
+
+EnumValue
+Enum(harden_sls) String(return) Value(harden_sls_return)
+
+EnumValue
+Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
+
+EnumValue
+Enum(harden_sls) String(all) Value(harden_sls_all)
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 78ca7738df2..1e20efd6969 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -1284,7 +1284,7 @@ See RS/6000 and PowerPC Options.
-mstack-protector-guard-symbol=@var{symbol} -mmitigate-rop @gol
-mgeneral-regs-only -mcall-ms2sysv-xlogues @gol
-mindirect-branch=@var{choice} -mfunction-return=@var{choice} @gol
--mindirect-branch-register}
+-mindirect-branch-register -mharden-sls=@var{choice}}
@emph{x86 Windows Options}
@gccoptlist{-mconsole -mcygwin -mno-cygwin -mdll @gol
@@ -28036,6 +28036,14 @@ not be reachable in the large code model.
@opindex -mindirect-branch-register
Force indirect call and jump via register.
+@item -mharden-sls=@var{choice}
+@opindex mharden-sls
+Generate code to mitigate against straight line speculation (SLS) with
+@var{choice}. The default is @samp{none} which disables all SLS
+hardening. @samp{return} enables SLS hardening for function return.
+@samp{indirect-branch} enables SLS hardening for indirect branch.
+@samp{all} enables all SLS hardening.
+
@end table
These @samp{-m} switches are supported in addition to the above
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-1.c b/gcc/testsuite/gcc.target/i386/harden-sls-1.c
new file mode 100644
index 00000000000..6f70dc94a23
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-1.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void foo (void);
+
+void
+bar (void)
+{
+ foo ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+_?foo" } } */
+/* { dg-final { scan-assembler-not {int3} } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-2.c b/gcc/testsuite/gcc.target/i386/harden-sls-2.c
new file mode 100644
index 00000000000..a7c59078d03
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-2.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+ fptr ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-3.c b/gcc/testsuite/gcc.target/i386/harden-sls-3.c
new file mode 100644
index 00000000000..1a6056b6d7b
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-3.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=thunk -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+ fptr ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" } } */
+/* { dg-final { scan-assembler-times "int3" 2 } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-4.c b/gcc/testsuite/gcc.target/i386/harden-sls-4.c
new file mode 100644
index 00000000000..f70dd1379d3
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-4.c
@@ -0,0 +1,16 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=keep -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+ fptr ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+\\*_?fptr" { target { ! x32 } } } } */
+/* { dg-final { scan-assembler "movl\[ \t\]+fptr\\(%rip\\), %eax" { target x32 } } } */
+/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rax" { target x32 } } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-5.c b/gcc/testsuite/gcc.target/i386/harden-sls-5.c
new file mode 100644
index 00000000000..613c44c6f82
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-5.c
@@ -0,0 +1,17 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -mharden-sls=return" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+typedef void (*dispatch_t)(long offset);
+
+dispatch_t dispatch;
+
+int
+male_indirect_jump (long offset)
+{
+ dispatch(offset);
+ return 0;
+}
+
+/* { dg-final { scan-assembler-times "ret" 1 } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */
--
2.36.1

155
SOURCES/gcc8-harden-2.patch Normal file
View File

@ -0,0 +1,155 @@
From 0df8313a0a5d8533f2487e21d7b42e9adee28f18 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 27 Oct 2021 06:27:15 -0700
Subject: [PATCH 2/4] x86: Add -mindirect-branch-cs-prefix
Add -mindirect-branch-cs-prefix to add CS prefix to call and jmp to
indirect thunk with branch target in r8-r15 registers so that the call
and jmp instruction length is 6 bytes to allow them to be replaced with
"lfence; call *%r8-r15" or "lfence; jmp *%r8-r15" at run-time.
gcc/
PR target/102952
* config/i386/i386.c (ix86_output_jmp_thunk_or_indirect): Emit
CS prefix for -mindirect-branch-cs-prefix.
(ix86_output_indirect_branch_via_reg): Likewise.
* config/i386/i386.opt: Add -mindirect-branch-cs-prefix.
* doc/invoke.texi: Document -mindirect-branch-cs-prefix.
gcc/testsuite/
PR target/102952
* gcc.target/i386/indirect-thunk-cs-prefix-1.c: New test.
* gcc.target/i386/indirect-thunk-cs-prefix-2.c: Likewise.
(cherry picked from commit 2196a681d7810ad8b227bf983f38ba716620545e)
---
gcc/config/i386/i386.c | 14 ++++++++++++--
gcc/config/i386/i386.opt | 4 ++++
gcc/doc/invoke.texi | 10 +++++++++-
.../gcc.target/i386/indirect-thunk-cs-prefix-1.c | 14 ++++++++++++++
.../gcc.target/i386/indirect-thunk-cs-prefix-2.c | 15 +++++++++++++++
5 files changed, 54 insertions(+), 3 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index eb9303f8742..8442dd0daea 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -28728,7 +28728,12 @@ ix86_output_jmp_thunk_or_indirect (const char *thunk_name,
if (need_prefix == indirect_thunk_prefix_bnd)
fprintf (asm_out_file, "\tbnd jmp\t");
else
- fprintf (asm_out_file, "\tjmp\t");
+ {
+ if (REX_INT_REGNO_P (regno)
+ && ix86_indirect_branch_cs_prefix)
+ fprintf (asm_out_file, "\tcs\n");
+ fprintf (asm_out_file, "\tjmp\t");
+ }
assemble_name (asm_out_file, thunk_name);
putc ('\n', asm_out_file);
if ((ix86_harden_sls & harden_sls_indirect_branch))
@@ -28787,7 +28792,12 @@ ix86_output_indirect_branch_via_reg (rtx call_op, bool sibcall_p)
if (need_prefix == indirect_thunk_prefix_bnd)
fprintf (asm_out_file, "\tbnd call\t");
else
- fprintf (asm_out_file, "\tcall\t");
+ {
+ if (REX_INT_REGNO_P (regno)
+ && ix86_indirect_branch_cs_prefix)
+ fprintf (asm_out_file, "\tcs\n");
+ fprintf (asm_out_file, "\tcall\t");
+ }
assemble_name (asm_out_file, thunk_name);
putc ('\n', asm_out_file);
return;
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index 3ae48609e25..9f67ef558dc 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1044,6 +1044,10 @@ Enum(indirect_branch) String(thunk-inline) Value(indirect_branch_thunk_inline)
EnumValue
Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern)
+mindirect-branch-cs-prefix
+Target Var(ix86_indirect_branch_cs_prefix) Init(0)
+Add CS prefix to call and jmp to indirect thunk with branch target in r8-r15 registers.
+
mindirect-branch-register
Target Report Var(ix86_indirect_branch_register) Init(0)
Force indirect call and jump via register.
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 1e20efd6969..605cd4b93f1 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -1284,7 +1284,8 @@ See RS/6000 and PowerPC Options.
-mstack-protector-guard-symbol=@var{symbol} -mmitigate-rop @gol
-mgeneral-regs-only -mcall-ms2sysv-xlogues @gol
-mindirect-branch=@var{choice} -mfunction-return=@var{choice} @gol
--mindirect-branch-register -mharden-sls=@var{choice}}
+-mindirect-branch-register -mharden-sls=@var{choice} @gol
+-mindirect-branch-cs-prefix}
@emph{x86 Windows Options}
@gccoptlist{-mconsole -mcygwin -mno-cygwin -mdll @gol
@@ -28044,6 +28045,13 @@ hardening. @samp{return} enables SLS hardening for function return.
@samp{indirect-branch} enables SLS hardening for indirect branch.
@samp{all} enables all SLS hardening.
+@item -mindirect-branch-cs-prefix
+@opindex mindirect-branch-cs-prefix
+Add CS prefix to call and jmp to indirect thunk with branch target in
+r8-r15 registers so that the call and jmp instruction length is 6 bytes
+to allow them to be replaced with @samp{lfence; call *%r8-r15} or
+@samp{lfence; jmp *%r8-r15} at run-time.
+
@end table
These @samp{-m} switches are supported in addition to the above
diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
new file mode 100644
index 00000000000..db2f3416823
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
@@ -0,0 +1,14 @@
+/* { dg-do compile { target { ! ia32 } } } */
+/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx -ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix -mindirect-branch=thunk-extern" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+ fptr ();
+}
+
+/* { dg-final { scan-assembler-times "jmp\[ \t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
+/* { dg-final { scan-assembler-times "\tcs" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
new file mode 100644
index 00000000000..adfc39a49d4
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
@@ -0,0 +1,15 @@
+/* { dg-do compile { target { ! ia32 } } } */
+/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx -ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix -mindirect-branch=thunk-extern" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*bar) (void);
+
+int
+foo (void)
+{
+ bar ();
+ return 0;
+}
+
+/* { dg-final { scan-assembler-times "call\[ \t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
+/* { dg-final { scan-assembler-times "\tcs" 1 } } */
--
2.36.1

108
SOURCES/gcc8-harden-3.patch Normal file
View File

@ -0,0 +1,108 @@
From 621de498ee19e1f2642eebde707430254c0459c0 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 5 Jan 2022 16:33:16 -0800
Subject: [PATCH 3/4] x86: Rename -harden-sls=indirect-branch to
-harden-sls=indirect-jmp
Indirect branch also includes indirect call instructions. Rename
-harden-sls=indirect-branch to -harden-sls=indirect-jmp to match its
intended behavior.
PR target/102952
* config/i386/i386-opts.h (harden_sls): Replace
harden_sls_indirect_branch with harden_sls_indirect_jmp.
* config/i386/i386.c (ix86_output_jmp_thunk_or_indirect):
Likewise.
(ix86_output_indirect_jmp): Likewise.
(ix86_output_call_insn): Likewise.
* config/i386/i386.opt: Replace indirect-branch with
indirect-jmp. Replace harden_sls_indirect_branch with
harden_sls_indirect_jmp.
* doc/invoke.texi (-harden-sls=): Replace indirect-branch with
indirect-jmp.
(cherry picked from commit ed8060950c64f2e449aaf90e438aa26d0d9d0b31)
---
gcc/config/i386/i386-opts.h | 4 ++--
gcc/config/i386/i386.c | 6 +++---
gcc/config/i386/i386.opt | 2 +-
gcc/doc/invoke.texi | 4 ++--
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/gcc/config/i386/i386-opts.h b/gcc/config/i386/i386-opts.h
index 34718b6d52c..47facc254cd 100644
--- a/gcc/config/i386/i386-opts.h
+++ b/gcc/config/i386/i386-opts.h
@@ -122,8 +122,8 @@ enum indirect_branch {
enum harden_sls {
harden_sls_none = 0,
harden_sls_return = 1 << 0,
- harden_sls_indirect_branch = 1 << 1,
- harden_sls_all = harden_sls_return | harden_sls_indirect_branch
+ harden_sls_indirect_jmp = 1 << 1,
+ harden_sls_all = harden_sls_return | harden_sls_indirect_jmp
};
#endif
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 8442dd0daea..3bc14e20105 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -28736,7 +28736,7 @@ ix86_output_jmp_thunk_or_indirect (const char *thunk_name,
}
assemble_name (asm_out_file, thunk_name);
putc ('\n', asm_out_file);
- if ((ix86_harden_sls & harden_sls_indirect_branch))
+ if ((ix86_harden_sls & harden_sls_indirect_jmp))
fputs ("\tint3\n", asm_out_file);
}
else
@@ -28991,7 +28991,7 @@ ix86_output_indirect_jmp (rtx call_op)
}
else
output_asm_insn ("%!jmp\t%A0", &call_op);
- return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
+ return (ix86_harden_sls & harden_sls_indirect_jmp) ? "int3" : "";
}
/* Output function return. CALL_OP is the jump target. Add a REP
@@ -29178,7 +29178,7 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
{
output_asm_insn (xasm, &call_op);
if (!direct_p
- && (ix86_harden_sls & harden_sls_indirect_branch))
+ && (ix86_harden_sls & harden_sls_indirect_jmp))
return "int3";
}
return "";
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index 9f67ef558dc..7a5c7b9369a 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1075,7 +1075,7 @@ EnumValue
Enum(harden_sls) String(return) Value(harden_sls_return)
EnumValue
-Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
+Enum(harden_sls) String(indirect-jmp) Value(harden_sls_indirect_jmp)
EnumValue
Enum(harden_sls) String(all) Value(harden_sls_all)
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 605cd4b93f1..20d8e3fd782 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -28041,8 +28041,8 @@ Force indirect call and jump via register.
@opindex mharden-sls
Generate code to mitigate against straight line speculation (SLS) with
@var{choice}. The default is @samp{none} which disables all SLS
-hardening. @samp{return} enables SLS hardening for function return.
-@samp{indirect-branch} enables SLS hardening for indirect branch.
+hardening. @samp{return} enables SLS hardening for function returns.
+@samp{indirect-jmp} enables SLS hardening for indirect jumps.
@samp{all} enables all SLS hardening.
@item -mindirect-branch-cs-prefix
--
2.36.1

View File

@ -0,0 +1,75 @@
From 5a5e7890cefa112e95e1de9800d8081c2a38a1da Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 5 Jan 2022 18:04:21 -0800
Subject: [PATCH 4/4] x86: Generate INT3 for __builtin_eh_return
Generate INT3 after indirect jmp in exception return for -fcf-protection
with -mharden-sls=indirect-jmp.
gcc/
PR target/103925
* config/i386/i386.c (ix86_output_indirect_function_return):
Generate INT3 after indirect jmp for -mharden-sls=indirect-jmp.
gcc/testsuite/
PR target/103925
* gcc.target/i386/harden-sls-6.c: New test.
(cherry picked from commit c2e5c4feed32c808591b5278f680bbabe63eb225)
---
gcc/config/i386/i386.c | 9 ++++++---
gcc/testsuite/gcc.target/i386/harden-sls-6.c | 18 ++++++++++++++++++
2 files changed, 24 insertions(+), 3 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-6.c
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 3bc14e20105..dbc3d462fda 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -29083,11 +29083,14 @@ ix86_output_indirect_function_return (rtx ret_op)
}
else
output_indirect_thunk (need_prefix, regno);
-
- return "";
}
else
- return "%!jmp\t%A0";
+ {
+ output_asm_insn ("%!jmp\t%A0", &ret_op);
+ if (ix86_harden_sls & harden_sls_indirect_jmp)
+ fputs ("\tint3\n", asm_out_file);
+ }
+ return "";
}
/* Split simple return with popping POPC bytes from stack to indirect
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-6.c b/gcc/testsuite/gcc.target/i386/harden-sls-6.c
new file mode 100644
index 00000000000..9068eb64008
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-6.c
@@ -0,0 +1,18 @@
+/* { dg-do compile { target { ! ia32 } } } */
+/* { dg-options "-O2 -fcf-protection -mharden-sls=indirect-jmp" } */
+
+struct _Unwind_Context _Unwind_Resume_or_Rethrow_this_context;
+
+void offset (int);
+
+struct _Unwind_Context {
+ void *reg[7];
+} _Unwind_Resume_or_Rethrow() {
+ struct _Unwind_Context cur_contextcur_context =
+ _Unwind_Resume_or_Rethrow_this_context;
+ offset(0);
+ __builtin_eh_return ((long) offset, 0);
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rcx" } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */
--
2.36.1

View File

@ -0,0 +1,456 @@
commit ee3db7c8f844556d35a66b3732bad9f44a086491
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Mon Sep 27 20:44:24 2021 +0100
libstdc++: Fix handling of invalid ranges in std::regex [PR102447]
std::regex currently allows invalid bracket ranges such as [\w-a] which
are only allowed by ECMAScript when in web browser compatibility mode.
It should be an error, because the start of the range is a character
class, not a single character. The current implementation of
_Compiler::_M_expression_term does not provide a way to reject this,
because we only remember a previous character, not whether we just
processed a character class (or collating symbol etc.)
This patch replaces the pair<bool, CharT> used to emulate
optional<CharT> with a custom class closer to pair<tribool,CharT>. That
allows us to track three states, so that we can tell when we've just
seen a character class.
With this additional state the code in _M_expression_term for processing
the _S_token_bracket_dash can be improved to correctly reject the [\w-a]
case, without regressing for valid cases such as [\w-] and [----].
libstdc++-v3/ChangeLog:
PR libstdc++/102447
* include/bits/regex_compiler.h (_Compiler::_BracketState): New
class.
(_Compiler::_BrackeyMatcher): New alias template.
(_Compiler::_M_expression_term): Change pair<bool, CharT>
parameter to _BracketState. Process first character for
ECMAScript syntax as well as POSIX.
* include/bits/regex_compiler.tcc
(_Compiler::_M_insert_bracket_matcher): Pass _BracketState.
(_Compiler::_M_expression_term): Use _BracketState to store
state between calls. Improve handling of dashes in ranges.
* testsuite/28_regex/algorithms/regex_match/cstring_bracket_01.cc:
Add more tests for ranges containing dashes. Check invalid
ranges with character class at the beginning.
(cherry picked from commit 7ce3c230edf6e498e125c805a6dd313bf87dc439)
diff --git a/libstdc++-v3/include/bits/regex_compiler.h b/libstdc++-v3/include/bits/regex_compiler.h
index 7e5c2073554..2eb1c3f7863 100644
--- a/libstdc++-v3/include/bits/regex_compiler.h
+++ b/libstdc++-v3/include/bits/regex_compiler.h
@@ -122,13 +122,45 @@ namespace __detail
void
_M_insert_bracket_matcher(bool __neg);
- // Returns true if successfully matched one term and should continue.
+ // Cache of the last atom seen in a bracketed range expression.
+ struct _BracketState
+ {
+ enum class _Type : char { _None, _Char, _Class } _M_type = _Type::_None;
+ _CharT _M_char;
+
+ void
+ set(_CharT __c) noexcept { _M_type = _Type::_Char; _M_char = __c; }
+
+ _GLIBCXX_NODISCARD _CharT
+ get() const noexcept { return _M_char; }
+
+ void
+ reset(_Type __t = _Type::_None) noexcept { _M_type = __t; }
+
+ explicit operator bool() const noexcept
+ { return _M_type != _Type::_None; }
+
+ // Previous token was a single character.
+ _GLIBCXX_NODISCARD bool
+ _M_is_char() const noexcept { return _M_type == _Type::_Char; }
+
+ // Previous token was a character class, equivalent class,
+ // collating symbol etc.
+ _GLIBCXX_NODISCARD bool
+ _M_is_class() const noexcept { return _M_type == _Type::_Class; }
+ };
+
+ template<bool __icase, bool __collate>
+ using _BracketMatcher
+ = std::__detail::_BracketMatcher<_TraitsT, __icase, __collate>;
+
+ // Returns true if successfully parsed one term and should continue
+ // compiling a bracket expression.
// Returns false if the compiler should move on.
template<bool __icase, bool __collate>
bool
- _M_expression_term(pair<bool, _CharT>& __last_char,
- _BracketMatcher<_TraitsT, __icase, __collate>&
- __matcher);
+ _M_expression_term(_BracketState& __last_char,
+ _BracketMatcher<__icase, __collate>& __matcher);
int
_M_cur_int_value(int __radix);
diff --git a/libstdc++-v3/include/bits/regex_compiler.tcc b/libstdc++-v3/include/bits/regex_compiler.tcc
index b1169428afb..5877d30ba52 100644
--- a/libstdc++-v3/include/bits/regex_compiler.tcc
+++ b/libstdc++-v3/include/bits/regex_compiler.tcc
@@ -140,7 +140,8 @@ namespace __detail
return true;
if (this->_M_atom())
{
- while (this->_M_quantifier());
+ while (this->_M_quantifier())
+ ;
return true;
}
return false;
@@ -410,7 +411,7 @@ namespace __detail
_M_insert_character_class_matcher()
{
__glibcxx_assert(_M_value.size() == 1);
- _BracketMatcher<_TraitsT, __icase, __collate> __matcher
+ _BracketMatcher<__icase, __collate> __matcher
(_M_ctype.is(_CtypeT::upper, _M_value[0]), _M_traits);
__matcher._M_add_character_class(_M_value, false);
__matcher._M_ready();
@@ -424,25 +425,17 @@ namespace __detail
_Compiler<_TraitsT>::
_M_insert_bracket_matcher(bool __neg)
{
- _BracketMatcher<_TraitsT, __icase, __collate> __matcher(__neg, _M_traits);
- pair<bool, _CharT> __last_char; // Optional<_CharT>
- __last_char.first = false;
- if (!(_M_flags & regex_constants::ECMAScript))
- {
- if (_M_try_char())
- {
- __last_char.first = true;
- __last_char.second = _M_value[0];
- }
- else if (_M_match_token(_ScannerT::_S_token_bracket_dash))
- {
- __last_char.first = true;
- __last_char.second = '-';
- }
- }
- while (_M_expression_term(__last_char, __matcher));
- if (__last_char.first)
- __matcher._M_add_char(__last_char.second);
+ _BracketMatcher<__icase, __collate> __matcher(__neg, _M_traits);
+ _BracketState __last_char;
+ if (_M_try_char())
+ __last_char.set(_M_value[0]);
+ else if (_M_match_token(_ScannerT::_S_token_bracket_dash))
+ // Dash as first character is a normal character.
+ __last_char.set('-');
+ while (_M_expression_term(__last_char, __matcher))
+ ;
+ if (__last_char._M_is_char())
+ __matcher._M_add_char(__last_char.get());
__matcher._M_ready();
_M_stack.push(_StateSeqT(
*_M_nfa,
@@ -453,27 +446,27 @@ namespace __detail
template<bool __icase, bool __collate>
bool
_Compiler<_TraitsT>::
- _M_expression_term(pair<bool, _CharT>& __last_char,
- _BracketMatcher<_TraitsT, __icase, __collate>& __matcher)
+ _M_expression_term(_BracketState& __last_char,
+ _BracketMatcher<__icase, __collate>& __matcher)
{
if (_M_match_token(_ScannerT::_S_token_bracket_end))
return false;
+ // Add any previously cached char into the matcher and update cache.
const auto __push_char = [&](_CharT __ch)
{
- if (__last_char.first)
- __matcher._M_add_char(__last_char.second);
- else
- __last_char.first = true;
- __last_char.second = __ch;
+ if (__last_char._M_is_char())
+ __matcher._M_add_char(__last_char.get());
+ __last_char.set(__ch);
};
- const auto __flush = [&]
+ // Add any previously cached char into the matcher and update cache.
+ const auto __push_class = [&]
{
- if (__last_char.first)
- {
- __matcher._M_add_char(__last_char.second);
- __last_char.first = false;
- }
+ if (__last_char._M_is_char())
+ __matcher._M_add_char(__last_char.get());
+ // We don't cache anything here, just record that the last thing
+ // processed was a character class (or similar).
+ __last_char.reset(_BracketState::_Type::_Class);
};
if (_M_match_token(_ScannerT::_S_token_collsymbol))
@@ -482,16 +475,16 @@ namespace __detail
if (__symbol.size() == 1)
__push_char(__symbol[0]);
else
- __flush();
+ __push_class();
}
else if (_M_match_token(_ScannerT::_S_token_equiv_class_name))
{
- __flush();
+ __push_class();
__matcher._M_add_equivalence_class(_M_value);
}
else if (_M_match_token(_ScannerT::_S_token_char_class_name))
{
- __flush();
+ __push_class();
__matcher._M_add_character_class(_M_value, false);
}
else if (_M_try_char())
@@ -508,49 +501,50 @@ namespace __detail
// It turns out that no one reads BNFs ;)
else if (_M_match_token(_ScannerT::_S_token_bracket_dash))
{
- if (!__last_char.first)
+ if (_M_match_token(_ScannerT::_S_token_bracket_end))
{
- if (!(_M_flags & regex_constants::ECMAScript))
- {
- if (_M_match_token(_ScannerT::_S_token_bracket_end))
- {
- __push_char('-');
- return false;
- }
- __throw_regex_error(
- regex_constants::error_range,
- "Unexpected dash in bracket expression. For POSIX syntax, "
- "a dash is not treated literally only when it is at "
- "beginning or end.");
- }
+ // For "-]" the dash is a literal character.
__push_char('-');
+ return false;
}
- else
+ else if (__last_char._M_is_class())
+ {
+ // "\\w-" is invalid, start of range must be a single char.
+ __throw_regex_error(regex_constants::error_range,
+ "Invalid start of range in bracket expression.");
+ }
+ else if (__last_char._M_is_char())
{
if (_M_try_char())
{
- __matcher._M_make_range(__last_char.second, _M_value[0]);
- __last_char.first = false;
+ // "x-y"
+ __matcher._M_make_range(__last_char.get(), _M_value[0]);
+ __last_char.reset();
}
else if (_M_match_token(_ScannerT::_S_token_bracket_dash))
{
- __matcher._M_make_range(__last_char.second, '-');
- __last_char.first = false;
+ // "x--"
+ __matcher._M_make_range(__last_char.get(), '-');
+ __last_char.reset();
}
else
- {
- if (_M_scanner._M_get_token()
- != _ScannerT::_S_token_bracket_end)
- __throw_regex_error(
- regex_constants::error_range,
- "Character is expected after a dash.");
- __push_char('-');
- }
+ __throw_regex_error(regex_constants::error_range,
+ "Invalid end of range in bracket expression.");
}
+ else if (_M_flags & regex_constants::ECMAScript)
+ {
+ // A dash that is not part of an existing range. Might be the
+ // start of a new range, or might just be a literal '-' char.
+ // Only ECMAScript allows that in the middle of a bracket expr.
+ __push_char('-');
+ }
+ else
+ __throw_regex_error(regex_constants::error_range,
+ "Invalid dash in bracket expression.");
}
else if (_M_match_token(_ScannerT::_S_token_quoted_class))
{
- __flush();
+ __push_class();
__matcher._M_add_character_class(_M_value,
_M_ctype.is(_CtypeT::upper,
_M_value[0]));
diff --git a/libstdc++-v3/testsuite/28_regex/algorithms/regex_match/cstring_bracket_01.cc b/libstdc++-v3/testsuite/28_regex/algorithms/regex_match/cstring_bracket_01.cc
index 236ab663fc0..57088f5af83 100644
--- a/libstdc++-v3/testsuite/28_regex/algorithms/regex_match/cstring_bracket_01.cc
+++ b/libstdc++-v3/testsuite/28_regex/algorithms/regex_match/cstring_bracket_01.cc
@@ -68,6 +68,16 @@ test01()
void
test02()
{
+ VERIFY(regex_match("-", regex("[-]", regex_constants::ECMAScript)));
+ VERIFY(regex_match("-", regex("[--]", regex_constants::ECMAScript)));
+ VERIFY(regex_match("-", regex("[---]", regex_constants::ECMAScript)));
+ VERIFY(regex_match("-", regex("[----]", regex_constants::ECMAScript)));
+ VERIFY(regex_match("-", regex("[-----]", regex_constants::ECMAScript)));
+
+ VERIFY(regex_match("-", regex("[-]", regex_constants::extended)));
+ VERIFY(regex_match("-", regex("[--]", regex_constants::extended)));
+ VERIFY(regex_match("-", regex("[---]", regex_constants::extended)));
+ VERIFY(regex_match("-", regex("[----]", regex_constants::extended)));
try
{
std::regex re("[-----]", std::regex::extended);
@@ -77,7 +87,6 @@ test02()
{
VERIFY(e.code() == std::regex_constants::error_range);
}
- std::regex re("[-----]", std::regex::ECMAScript);
VERIFY(!regex_match("b", regex("[-ac]", regex_constants::extended)));
VERIFY(!regex_match("b", regex("[ac-]", regex_constants::extended)));
@@ -92,7 +101,27 @@ test02()
}
catch (const std::regex_error& e)
{
+ VERIFY(e.code() == std::regex_constants::error_range);
+ }
+ try
+ {
+ regex("[@--]", regex_constants::extended);
+ VERIFY(false);
}
+ catch (const std::regex_error& e)
+ {
+ VERIFY(e.code() == std::regex_constants::error_range);
+ }
+ try
+ {
+ regex("[--%]", regex_constants::extended);
+ VERIFY(false);
+ }
+ catch (const std::regex_error& e)
+ {
+ VERIFY(e.code() == std::regex_constants::error_range);
+ }
+
VERIFY(regex_match("].", regex("[][.hyphen.]-0]*", regex_constants::extended)));
}
@@ -157,6 +186,36 @@ test06()
VERIFY(regex_match("a-", debian_cron_namespace_ok));
}
+// libstdc++/102447
+void
+test07()
+{
+ VERIFY(regex_match("-", std::regex("[\\w-]", std::regex::ECMAScript)));
+ VERIFY(regex_match("a", std::regex("[\\w-]", std::regex::ECMAScript)));
+ VERIFY(regex_match("-", std::regex("[a-]", std::regex::ECMAScript)));
+ VERIFY(regex_match("a", std::regex("[a-]", std::regex::ECMAScript)));
+
+ try
+ {
+ std::regex re("[\\w-a]", std::regex::ECMAScript);
+ VERIFY(false);
+ }
+ catch (const std::regex_error& e)
+ {
+ VERIFY(e.code() == std::regex_constants::error_range);
+ }
+
+ try
+ {
+ std::regex re("[\\w--]", std::regex::ECMAScript);
+ VERIFY(false);
+ }
+ catch (const std::regex_error& e)
+ {
+ VERIFY(e.code() == std::regex_constants::error_range);
+ }
+}
+
int
main()
{
@@ -166,6 +225,7 @@ main()
test04();
test05();
test06();
+ test07();
return 0;
}
commit 1851cc4c5f2666dfdec53a2ada57095ffc59e08b
Author: Jonathan Wakely <jwakely@redhat.com>
Date: Mon Dec 13 13:36:33 2021 +0000
libstdc++: Fix non-reserved name in <regex> header
libstdc++-v3/ChangeLog:
* include/bits/regex_compiler.tcc (_Compiler::_M_match_token):
Use reserved name for parameter.
* testsuite/17_intro/names.cc: Check "token".
(cherry picked from commit b0e6a257f1862e217cdf19332ea0f7bad56dcddc)
diff --git a/libstdc++-v3/include/bits/regex_compiler.tcc b/libstdc++-v3/include/bits/regex_compiler.tcc
index 8af920e5fe9..b1169428afb 100644
--- a/libstdc++-v3/include/bits/regex_compiler.tcc
+++ b/libstdc++-v3/include/bits/regex_compiler.tcc
@@ -586,9 +586,9 @@ namespace __detail
template<typename _TraitsT>
bool
_Compiler<_TraitsT>::
- _M_match_token(_TokenT token)
+ _M_match_token(_TokenT __token)
{
- if (token == _M_scanner._M_get_token())
+ if (__token == _M_scanner._M_get_token())
{
_M_value = _M_scanner._M_get_value();
_M_scanner._M_advance();
diff --git a/libstdc++-v3/testsuite/17_intro/names.cc b/libstdc++-v3/testsuite/17_intro/names.cc
index d758138dfb1..6c06aba7228 100644
--- a/libstdc++-v3/testsuite/17_intro/names.cc
+++ b/libstdc++-v3/testsuite/17_intro/names.cc
@@ -99,6 +99,7 @@
#define z (
#define tmp (
+#define token (
#if __cplusplus < 201103L
#define uses_allocator (
--- a/libstdc++-v3/include/bits/c++config.orig 2022-07-08 15:06:14.083231445 -0400
+++ b/libstdc++-v3/include/bits/c++config 2022-07-08 15:06:41.733247859 -0400
@@ -99,6 +99,12 @@
# define _GLIBCXX_ABI_TAG_CXX11 __attribute ((__abi_tag__ ("cxx11")))
#endif
+// Macro to warn about unused results.
+#if __cplusplus >= 201703L
+# define _GLIBCXX_NODISCARD [[__nodiscard__]]
+#else
+# define _GLIBCXX_NODISCARD
+#endif
#if __cplusplus

View File

@ -4,7 +4,7 @@
%global gcc_major 8
# Note, gcc_release must be integer, if you want to add suffixes to
# %%{release}, append them after %%{gcc_release} on Release: line.
%global gcc_release 10
%global gcc_release 15
%global nvptx_tools_gitrev c28050f60193b3b95a18866a96f03334e874e78f
%global nvptx_newlib_gitrev aadc8eb0ec43b7cd0dd2dfb484bae63c8b05ef24
%global _unpackaged_files_terminate_build 0
@ -104,7 +104,7 @@
Summary: Various compilers (C, C++, Objective-C, ...)
Name: gcc
Version: %{gcc_version}
Release: %{gcc_release}.1%{?dist}
Release: %{gcc_release}%{?dist}
# libgcc, libgfortran, libgomp, libstdc++ and crtstuff have
# GCC Runtime Exception.
License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD
@ -199,7 +199,7 @@ Requires: libisl.so.15
%endif
%if %{build_libstdcxx_docs}
BuildRequires: doxygen >= 1.7.1
BuildRequires: graphviz, dblatex, texlive-collection-latex, docbook5-style-xsl
BuildRequires: graphviz, dblatex, texlive-collection-latex, docbook-style-xsl
%endif
Requires: cpp = %{version}-%{release}
# Need .eh_frame ld optimizations
@ -285,10 +285,15 @@ Patch24: gcc8-pch-tweaks.patch
Patch25: gcc8-aarch64-mtune-neoverse-512tvb.patch
Patch26: gcc8-rh2028609.patch
Patch27: gcc8-libgfortran-default-values.patch
Patch28: gcc8-rh2001788.patch
Patch30: gcc8-rh1668903-1.patch
Patch31: gcc8-rh1668903-2.patch
Patch32: gcc8-rh1668903-3.patch
Patch33: gcc8-harden-1.patch
Patch34: gcc8-harden-2.patch
Patch35: gcc8-harden-3.patch
Patch36: gcc8-harden-4.patch
Patch1000: nvptx-tools-no-ptxas.patch
Patch1001: nvptx-tools-build.patch
@ -834,6 +839,25 @@ NVidia PTX. OpenMP and OpenACC programs linked with -fopenmp will
by default add PTX code into the binaries, which can be offloaded
to NVidia PTX capable devices if available.
%package plugin-annobin
Summary: The annobin plugin for gcc, built by the installed version of gcc
Requires: gcc = %{version}-%{release}
# Starting with release 10.01 annobin fixed a bug in its configure scripts
# which prevented them from working with a built but not installed compiler
BuildRequires: annobin >= 10.01
# Starting with release 9.93 annobin-plugin-gcc puts a copy of the sources
# in /usr/src/annobin
# FIXME: Currently the annobin-plugin-gcc subpackage only exists in Fedora.
# For RHEL-9 the annobin package does everything.
# BuildRequires: annobin-plugin-gcc
# Needed in order to be able to decompress the annobin source tarball.
BuildRequires: xz
%description plugin-annobin
This package adds a version of the annobin plugin for gcc. This version
of the plugin is explicitly built by the same version of gcc that is installed
so that there cannot be any synchronization problems.
%prep
%setup -q -n gcc-%{version}-%{DATE} -a 1 -a 2
%patch0 -p0 -b .hack~
@ -871,10 +895,15 @@ to NVidia PTX capable devices if available.
%patch25 -p1 -b .neoverse~
%patch26 -p1 -b .rh2028609~
%patch27 -p1 -b .libgfortran-default~
%patch28 -p1 -b .rh2001788~
%patch30 -p0 -b .rh1668903-1~
%patch31 -p0 -b .rh1668903-2~
%patch32 -p0 -b .rh1668903-3~
%patch33 -p1 -b .harden-1~
%patch34 -p1 -b .harden-2~
%patch35 -p1 -b .harden-3~
%patch36 -p1 -b .harden-4~
cd nvptx-tools-%{nvptx_tools_gitrev}
%patch1000 -p1 -b .nvptx-tools-no-ptxas~
@ -1212,6 +1241,82 @@ done)
rm -f rpm.doc/changelogs/gcc/ChangeLog.[1-9]
find rpm.doc -name \*ChangeLog\* | xargs bzip2 -9
# Get the annobin sources. Note these are not added to the rpm as SOURCE4
# because if they were the build phase would try to include them as part of
# gcc itself, and this causes problems. Instead we locate the sources in
# the buildroot. They should have been put there when annobin was installed.
pushd %{_builddir}
%global annobin_source_dir %{_usrsrc}/annobin
if [ -d %{annobin_source_dir} ]
then
# Unpack the sources.
echo "Unpacking annobin sources"
rm -fr annobin-*
tar xvf %{annobin_source_dir}/latest-annobin.tar.xz
# Setting this as a local symbol because using %%global does not appear to work.
annobin_dir=$(find . -maxdepth 1 -type d -name "annobin*")
# Now build the annobin plugin using the just built compiler.
echo "annobin directory = ${annobin_dir}"
cd ${annobin_dir}
# Change the plugin so that it generates "nop" instead of ".nop" instructions.
sed -e "s/\.nop/nop/" -i gcc-plugin/annobin.cc
# Work out where this version of gcc stores its plugins.
%global ANNOBIN_GCC_PLUGIN_DIR %{_prefix}/lib/gcc/%{gcc_target_platform}/%{gcc_major}/plugin
CONFIG_ARGS="--quiet"
CONFIG_ARGS="$CONFIG_ARGS --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR}"
CONFIG_ARGS="$CONFIG_ARGS --without-annocheck"
CONFIG_ARGS="$CONFIG_ARGS --without-tests"
CONFIG_ARGS="$CONFIG_ARGS --disable-rpath"
comp_dir="%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/gcc/"
ccompiler="%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/gcc/xgcc -B $comp_dir"
cxxcompiler="%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/gcc/xg++ -B $comp_dir"
comp_flags="%build_cflags"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/gcc"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/gcc/"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/%{gcc_target_platform}/libstdc++-v3/include"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/%{gcc_target_platform}/libstdc++-v3/include/%{gcc_target_platform}"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/libstdc++-v3/libsupc++"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/include"
comp_flags="$comp_flags -I %{_builddir}/gcc-%{version}-%{DATE}/libcpp/include"
ld_flags="%build_ldflags"
ld_flags="$ld_flags -L%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/libstdc++-v3/.libs"
ld_flags="$ld_flags -L%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/%{gcc_target_platform}/libstdc++-v3/.libs"
ld_flags="$ld_flags -L%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/%{gcc_target_platform}/libstdc++-v3/src/.libs"
ld_flags="$ld_flags -L%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/libstdc++-v3/libsupc++/.libs"
ld_flags="$ld_flags -L%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/%{gcc_target_platform}/libstdc++-v3/libsupc++/.libs"
ld_flags="$ld_flags -L%{_builddir}/gcc-%{version}-%{DATE}/obj-%{gcc_target_platform}/%{gcc_target_platform}/libgcc/.libs"
# libtool works with CFLAGS but ignores LDFLAGS, so we have to combine them.
comp_flags="$comp_flags $ld_flags"
echo "Configuring the annobin plugin"
CC="${ccompiler}" CFLAGS="${comp_flags}" \
CXX="${cxxcompiler}" CXXFLAGS="${comp_flags}" \
LDFLAGS="${ld_flags}" \
./configure ${CONFIG_ARGS} || cat config.log
echo "Building the annobin plugin"
make
echo "Annobin plugin build complete"
else
echo "Unable to locate annobin sources (expected to find: %{annobin_source_dir}/latest-annobin.tar.xz)"
echo "These should be provided by installing the annobin package"
exit 1
fi
popd
%install
rm -rf %{buildroot}
@ -1991,6 +2096,20 @@ rm -f %{buildroot}%{mandir}/man3/ffi*
# Help plugins find out nvra.
echo gcc-%{version}-%{release}.%{_arch} > $FULLPATH/rpmver
# Rename the annobin plugin to gcc-annobin.
mkdir -p %{buildroot}%{ANNOBIN_GCC_PLUGIN_DIR}
pushd %{buildroot}%{ANNOBIN_GCC_PLUGIN_DIR}
annobin_dir=$(find %{_builddir} -maxdepth 1 -type d -name "annobin*")
echo "annobin directory = ${annobin_dir}"
cp ${annobin_dir}/gcc-plugin/.libs/annobin.so.0.0.0 gcc-annobin.so.0.0.0
rm -f gcc-annobin.so.0 gcc-annobin.so
ln -s gcc-annobin.so.0.0.0 gcc-annobin.so.0
ln -s gcc-annobin.so.0.0.0 gcc-annobin.so
popd
%check
cd obj-%{gcc_target_platform}
@ -3186,9 +3305,27 @@ fi
%{_prefix}/%{_lib}/libgomp-plugin-nvptx.so.*
%endif
%files plugin-annobin
%{ANNOBIN_GCC_PLUGIN_DIR}/gcc-annobin.so
%{ANNOBIN_GCC_PLUGIN_DIR}/gcc-annobin.so.0
%{ANNOBIN_GCC_PLUGIN_DIR}/gcc-annobin.so.0.0.0
%changelog
* Wed Apr 27 2022 Marek Polacek <polacek@redhat.com> 8.5.0-10.1
- backport Default widths with -fdec-format-defaults patch (#2079578)
* Wed Jul 20 2022 Marek Polacek <polacek@redhat.com> 8.5.0-15
- backport straight-line-speculation mitigation (#2108721)
* Fri Jul 8 2022 Jonathan Wakely <jwakely@redhat.com> 8.5.0-14
- backport std::regex check for invalid range (#2001788)
* Wed Apr 20 2022 Marek Polacek <polacek@redhat.com> 8.5.0-13
- require docbook-style-xsl instead of docbook5-style-xsl (#2073888)
- backport Default widths with -fdec-format-defaults patch (#2074614)
* Fri Apr 01 2022 Marek Polacek <polacek@redhat.com> 8.5.0-12
- Fix nop generation in annobin plugin. (#2067150)
* Wed Mar 30 2022 Marek Polacek <polacek@redhat.com> 8.5.0-11
- Add a plugin-annobin subpackage. (#2067150)
* Thu Jan 27 2022 Marek Polacek <polacek@redhat.com> 8.5.0-10
- fix typo in the cprop_hardreg patch (#2028609)