From patchwork Tue Apr 1 22:36:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60491 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43600C3DA4A for ; Tue, 1 Apr 2025 22:36:30 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.69.1743546986165476154 for ; Tue, 01 Apr 2025 15:36:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=zUAZhlM4; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-22403cbb47fso127287295ad.0 for ; Tue, 01 Apr 2025 15:36:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546985; x=1744151785; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=21WfVQUq+lX0KRd8sOtbbIqueOgE3o5Rq/Cg1eEWE6o=; b=zUAZhlM4sJmmPUxDh2LhRNZjf3C/WBwSdn1QldH0pgPGh5t0WsjfpzrtMJnimrU8Mb pzww0YGhp9lz4opKMcQsMTxtfEXSiJ2hLLmxbEPKRzv7yqtdC8kPOqZimpcG6AjVQHWO KlEe4YKvHhDy7/6HI6sJ/8Dv7fmsFD0HImoQrD8K3/upQpFVz65oGwyYkTBcyQUMxnY7 nmOZf2aQejB1i99DcutJWj/2F2+w1FfyfcC7AUCQz2fmxLJW57P0CdxOeyVlDiC/VzJe 8925rpXMszYvN8hObDWlZLxcIbd8cRO2IJ3gGa8CEG16FMkGfzuRPeQroy/tbDZ/leKH N8BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546985; x=1744151785; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=21WfVQUq+lX0KRd8sOtbbIqueOgE3o5Rq/Cg1eEWE6o=; b=AKKYALtdgD6jFhIAZbTKuw79NkKCwKCqVZgo8Bb7ngyWxPehDOhBxv71rM3gd30brx GT/hNuuNk9aGi5nBziI5a1+la5K0Gop/9dlQEX7PEvFWMrI3dNtIyUOSiTwgvn5JnQaa CeZNUlFmV4v67n4jnmTtIvJ5vp+gBbN6fNjb3nApt+JDvTHtVE108TCkQgf0AQSFvOjD spPvZWNv93+YTdyDwJ7AgnxzUfoeggePab16McJdrqpYa8/OcNyItIiqclnDtj1TPDTN ZsLUzETnyssgeVmptJ+KQqkdyCNVP3V44b6cS7wTb31HHSRMw1FWPW/PMCxnoYia1PTQ w02A== X-Gm-Message-State: AOJu0Yyth7SFyOlMxxNjt/SHhG3MhW8s88NShiKTMNizK+FikJDGmX/P VbTDweYYzwqR/GnwrXv461Zi3M4P/iG5HMEboX6mXf1dpV4Md4sg/uoHC+IJ5qaOgM6+nKU+M+i Z X-Gm-Gg: ASbGncvmlEHWwFTD0XyC2k/7QiQfFKV5/rehHh8RnCfBumUJle9EeEk6/WNjhWKjF2v UXrF3cYJ9g8C1f4HO8i2t/74+6Z7znNmwnwEg0UXsmfo80/jMOjd6VZZ46vdSmMiItdlenqbl9q cUFgW3j0dq13G5jSybf6jfiORFQUu4qTG9PA2nicyxrkwdn2x1evIA/r6nmR7u+yuJl8RZCcdRB 49c7Zmniaz94Qv93fNYVPBPSrmDtXpwrG9ruhXry28ZG/IiFmv7H4NC8xkWlH4UWejGORYXV3Lg 0B2IAwrhbhq7wVHIjqK+1jCv6TSUy+zDwM48 X-Google-Smtp-Source: AGHT+IHVlFMGNds50dSd2TmKbt5061U85FS2JsE1PQyCALC1SkGORhR4WpGzwOQxhm4orT/xUoy5Ng== X-Received: by 2002:a17:902:f542:b0:21f:8453:7484 with SMTP id d9443c01a7336-2292f975694mr199926145ad.30.1743546985328; Tue, 01 Apr 2025 15:36:25 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 1/8] zlib: fix CVE-2014-9485 Date: Tue, 1 Apr 2025 15:36:08 -0700 Message-ID: <32c4b28fc06e39ab8ef86aebc5e1e1ae19934495.1743546795.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214153 From: Divya Chellam Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive. Reference: https://security-tracker.debian.org/tracker/CVE-2014-9485 Upstream-patch: https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01 Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../zlib/zlib/CVE-2014-9485.patch | 64 +++++++++++++++++++ meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + 2 files changed, 65 insertions(+) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2014-9485.patch diff --git a/meta/recipes-core/zlib/zlib/CVE-2014-9485.patch b/meta/recipes-core/zlib/zlib/CVE-2014-9485.patch new file mode 100644 index 0000000000..bf575d59f7 --- /dev/null +++ b/meta/recipes-core/zlib/zlib/CVE-2014-9485.patch @@ -0,0 +1,64 @@ +From 14a5f8f266c16c87ab6c086fc52b770b27701e01 Mon Sep 17 00:00:00 2001 +From: Matt Wilson +Date: Wed, 17 Jan 2024 14:46:18 -0800 +Subject: [PATCH] Neutralize zip file traversal attacks in miniunz. + +Archive formats such as .zip files are generally susceptible to +so-called "traversal attacks". This allows an attacker to craft +an archive that writes to unexpected locations of the file system +(e.g., /etc/shadow) if an unspecting root user were to unpack a +malicious archive. + +This patch neutralizes absolute paths such as /tmp/moo and deeply +relative paths such as dummy/../../../../../../../../../../tmp/moo + +The Debian project requested CVE-2014-9485 be allocated for the +first identified weakness. The fix was incomplete, resulting in a +revised patch applied here. Since there wasn't an updated version +released by Debian with the incomplete fix, I suggest we use this +CVE to identify both issues. + +Link: https://security.snyk.io/research/zip-slip-vulnerability +Link: https://bugs.debian.org/774321 +Link: https://bugs.debian.org/776831 +Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 +Reported-by: Jakub Wilk +Fixed-by: Michael Gilbert + +CVE: CVE-2014-9485 + +Upstream-Status: Backport [https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01] + +Signed-off-by: Divya Chellam +--- + contrib/minizip/miniunz.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/contrib/minizip/miniunz.c b/contrib/minizip/miniunz.c +index 3d65401..479e475 100644 +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -367,6 +367,20 @@ int do_extract_currentfile(uf,popt_extract_without_path,popt_overwrite,password) + else + write_filename = filename_withoutpath; + ++ if (write_filename[0]!='\0') ++ { ++ const char* relative_check = write_filename; ++ while (relative_check[1]!='\0') ++ { ++ if (relative_check[0]=='.' && relative_check[1]=='.') ++ write_filename = relative_check; ++ relative_check++; ++ } ++ } ++ ++ while (write_filename[0]=='/' || write_filename[0]=='.') ++ write_filename++; ++ + err = unzOpenCurrentFilePassword(uf,password); + if (err!=UNZ_OK) + { +-- +2.40.0 + diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index 393ac61e3d..dc8f7c6c85 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://run-ptest \ file://CVE-2022-37434.patch \ file://CVE-2023-45853.patch \ + file://CVE-2014-9485.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" From patchwork Tue Apr 1 22:36:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60494 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52E33C3601A for ; Tue, 1 Apr 2025 22:36:30 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web11.58.1743546987551611570 for ; Tue, 01 Apr 2025 15:36:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LOl8f+xf; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-22403cbb47fso127287545ad.0 for ; Tue, 01 Apr 2025 15:36:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546987; x=1744151787; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CPeWXsuU3W8JyJl80urGKgfSiJvTipJrbZ/7wDFG7Vk=; b=LOl8f+xfjY9gHiMlE3Mb1xZydfyk7CtAWshlVhl0m9OaDBSMKUkDkR0N88pnSRIwQp ZNgcIO4eZR7BT3WHwxTp4BTBD/bp2VfH7z2pBU8lbp1BzVklI+h6xm4QJC1qx2OXgwOz +CYgC00565Ma1J2x3T7snrQXtacNRnZz8FK/2ia+tje32HHNTPaLjC0oojL+h+71JrYT /VgSChEMiv1PUwp486PwW+5dUZNfnhAbgBCMhczDjTYKKrjvxoRqt9DcjPzSsszUPFxC ztNpp2aQw3hLM8XvbePaKCbYUmeX9XmYuJWIbZYTYjwkLvRc4mS1EiRyobuxTzRvCqvh ZiLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546987; x=1744151787; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CPeWXsuU3W8JyJl80urGKgfSiJvTipJrbZ/7wDFG7Vk=; b=uUUWPl+MaPhYALu4bDmZMtSpRccBdXySCL4n+jBjzQZv5FqcVheSlFdDfzBgSNnQ3F XXlH974FPpqaZqkPLhykJV0Zsu49GfzQ2CJtw/UUKRW5jNsk5BpwTkxLYW3bAtpxIBbj T2hqyUHi0vnRhc1Mujm3Z7PqXz5+S+tMcFETq0H233dh+umRrrkLCQtT2dwdOsGkU/s6 VR7K/jpUg94muAlpjOX1heaZF7M2SL9KLFMu9eFqI4cWIIZ9cerONF0EvlJHlCic1C0M bJ8qU308763d/GaAGno0IcaBg3oPg4rzg7+802UahLJoJ3am6TD+ZFdMSqhJJ3fGSveu 5K4w== X-Gm-Message-State: AOJu0YxQZ7jIVfM/apcBIPu8nxNV4xERSbv01HOcMfBR86JrbCrhodiq eL52H1jSRyGckwz6f2wyyeE+lH+Rfx9BtDl0trZIflHpyzBua3jr8qEjKHhLA/LphVD6n6mO+LB P X-Gm-Gg: ASbGncsgfTEtwKigryKeQgK3spePZwpylchqbCJB006AywGftolx4cWOHWzEFOS0C5E 6K6omuyaOflMDcFydA32iiE0/cNjquFwCGCFGp0LQ3XMKFnuq4FCrYUaPJ+xykKBKP0j60an3Lb lP72WfD08XBDiOxrJ8WWFwVVrfmkfEh1KgEil4cZK5/P6CoAwFyXujGTZQgs/XwGtXx+2wd3GNp eXeYxzzd3HoY4y+x2/EuoQE6vhHlYk/1B8hNwBjAiyVzPz6ZGROJbC/E5wh6gzPWMGgmEecxMwY uS8Gs0qVOM6RzgYe4HPRN0k3rs0GJ3PKwzLX X-Google-Smtp-Source: AGHT+IFpYjeq/FN5z6zrVjOGYj/BJjDJNYkeisp1k63qsSw5OgD9UQ76xshbcHQYCSjhOmHcCKYe+Q== X-Received: by 2002:a05:6a00:2d8b:b0:736:41ec:aaad with SMTP id d2e1a72fcca58-739803c0d09mr19477459b3a.14.1743546986630; Tue, 01 Apr 2025 15:36:26 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 2/8] libarchive: ignore CVE-2025-1632 Date: Tue, 1 Apr 2025 15:36:09 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214154 From: Peter Marko As already mentioned in [1] when backporting commit including fix for this CVE, this vulnerability applies only from libarchive 3.7.0 commit [2] which introduced bsdunzip which contains this vulnerability. [1] https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ec837d3b21b4f8b98abac53e2833f1490ba6bf1e [2] https://github.com/libarchive/libarchive/commit/c157e4ce8eb170a92945cc2d292fd7106bdfcce1 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-extended/libarchive/libarchive_3.6.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index 4ceb0df2c0..f7e576b688 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -44,6 +44,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f CVE_CHECK_IGNORE += "CVE-2023-30571" # cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948 CVE_CHECK_IGNORE += "CVE-2024-37407" +# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet +CVE_CHECK_IGNORE += "CVE-2025-1632" inherit autotools update-alternatives pkgconfig From patchwork Tue Apr 1 22:36:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60493 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DDABC36017 for ; Tue, 1 Apr 2025 22:36:30 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.72.1743546988704809713 for ; Tue, 01 Apr 2025 15:36:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bp8lyWQd; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-223fb0f619dso115337625ad.1 for ; Tue, 01 Apr 2025 15:36:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546988; x=1744151788; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lpS2iWpDZh+OS/y589bDG5hb+GxQH4aJmcAk7FM0IAo=; b=bp8lyWQdOsrhuZhrj9GBj6AzVZBNcCuF0KllvAhwFRhIx1p0fd/SnGnADfitGpsA6h 9QYDhiBxXd+XMxtpo2qTO+Tqp5if77loPir/chNdp4R3nZVmLkiztnm4/kGRUO3IYu8O rOZ5WxRDV0cX7JOhOyG/QiMOPmkTR/z1hfFnFcL4JKL97KkSX2NaWmC1I6OOrJlXzDmG IkViE6a/OXYmprxPQYRcLYgf9qyBjXHCby8OiIjZ0UhLmod7Icwwiul7oiszbd1QbHiW lBVmQCgA6y5+9eleBI/a5JZAVMGyRxQG5CElSYUCsF9E2GK42GuXYHq1OQ0Um5TYRbu3 9gPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546988; x=1744151788; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lpS2iWpDZh+OS/y589bDG5hb+GxQH4aJmcAk7FM0IAo=; b=uObTkYNEd0nt07CQLx2ECMS//GFNN80Q+ew6I29LxLNBuBQeLkwYULRymUQuHCKZMk ihot+Jngl69JdsP639ERAPfkze4YWHfkXTD5NRXx8uBU46JHZFaMm+L6jffOXaRXJtEF QJz49mYY1l6JeLWxCOS2mYKO/cb4Mn6Kyb1A5eozwEFYUn4vE6Daky7u1FPLyLUvTD+H xd4fe9apu5kpDQUEFl13CUxueR6dPkWo4QSx59FP1kCh/BJChjdS40F71yMMjLmdJ+gh d9lty7AGyjMOeuwPnx6NEbRav3kxWZVXnTaUX0aLSxciRVyLSQ3Forb1eJ4VHYkMhPVU LAKA== X-Gm-Message-State: AOJu0YxLunfHluz4g2yvygyQHQpBTJuhdxBGCiHyxdZILNL7/Qene4TY 4V3tWdE9ifUZDY+xG6lCo4OZKPITnMPDDu5EQVus1sGX5N4BgO+L4VaNcVFxJKmO/Xg26nJIcDs C X-Gm-Gg: ASbGncs/lq/UrOa5J/PYrhWGNH7LGLF0L6UJx080aZSmoLecaQxaD8514iOrJJ2bKAJ BoNllH4EBlEKofW5XKykkhtyDuausz6sZzBGC/G7TBp/OIvZy0kGy4jOgVbtOkvDwvIi3lSjnly dRf5JEhW8Zw+VSPeXpHCmi0t8mY0Th2sF4fJqadHzhbZQn2bTGzGlolGjL3au+yeDVdlDecK/FH 7nmeqdCQmqRrLAlAL9RIO5PhNLBNO/p9zhmO+4DOXjFj1lWvxjAXTsNvT5FLh314yTNAgm1L4sp 56Tnt+5flo9Zar7gGO725ydUP7Fh1v2wZN2B X-Google-Smtp-Source: AGHT+IFQuZtKXDU7PGjdUMxEQYWzC+AkxrNrXKgsjOmPcl+iLVnKzxFWhqom45rMV+rin21Lsep2hw== X-Received: by 2002:a05:6a21:8dca:b0:1f5:8a03:ea22 with SMTP id adf61e73a8af0-200d1560735mr6650585637.33.1743546987938; Tue, 01 Apr 2025 15:36:27 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 3/8] perl: ignore CVE-2023-47038 Date: Tue, 1 Apr 2025 15:36:10 -0700 Message-ID: <46fd9acd6b0e418009f4cec747ae82af60acbc6b.1743546795.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214155 From: Peter Marko Fix for this CVE was backported to 5.34.2 in https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 This commit is listed in https://security-tracker.debian.org/tracker/CVE-2023-47038 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/perl/perl_5.34.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/perl/perl_5.34.3.bb b/meta/recipes-devtools/perl/perl_5.34.3.bb index 215990c8fa..ed3518b62d 100644 --- a/meta/recipes-devtools/perl/perl_5.34.3.bb +++ b/meta/recipes-devtools/perl/perl_5.34.3.bb @@ -50,6 +50,8 @@ export ENC2XS_NO_COMMENTS = "1" # Duplicate of CVE-2023-47038, which has already been patched as of perl_5.34.3 CVE_CHECK_IGNORE:append = " CVE-2023-47100" +# This is fixed in 5.34.2 via https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 +CVE_CHECK_IGNORE:append = " CVE-2023-47038" do_configure:prepend() { cp -rfp ${STAGING_DATADIR_NATIVE}/perl-cross/* ${S} From patchwork Tue Apr 1 22:36:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60495 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55D24C3601C for ; Tue, 1 Apr 2025 22:36:30 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.73.1743546990081550106 for ; Tue, 01 Apr 2025 15:36:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=aEjbHRqz; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-22403cbb47fso127287985ad.0 for ; Tue, 01 Apr 2025 15:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546989; x=1744151789; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=lwbq9rf//QDFD7M/oDnyD7Pwfi0DBuw0dKpMXDzdIUw=; b=aEjbHRqzsfaYozfLow5bFj4GTyE/9TON965tqx6UFSeIEL/LQZimN2dp41pdx1H0AK 4UW415oQ56uXHme/DSBiysmL9VIawoTTJ2vi7arsxmaSkkSTE6XbyjQ/4Gy60MakeBSb kGA3YWfKF82+33f/YJHfrq7n1jDm+ceEfr2c/209I6GhsaGibF3RCWh9aVfQ7/RvRyww wijfOzndbSJ/CaHm28Nt0wXSARsnsGFZ3wKl1ABzasbpWrGBXuLwd5TzFxf+AGM0kEA+ Bv1j3IOJzo7csuIMW0BSTJJuQm9MtxNEp00U9Fii+euSYRAIcaaSb/9iFHCYS7ZH8vWp wzbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546989; x=1744151789; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lwbq9rf//QDFD7M/oDnyD7Pwfi0DBuw0dKpMXDzdIUw=; b=eQ2A1LDtt5lPe3wdBqGHX7bPhR8pFDox5D+jT6f1w/uYP4Nc5+JZs4TTU79ZfrO6K4 BC89f9GDKYkDfyoyLpzaEKF0AQ0E4s5F9hR8lCdYoMpnkqT017TEj60dIvdL0x+HfwKg XgaD+yz0PKkhGHiGd/Cu3MnSz4ky3K1oBgtxcwlepg0eKa0LyAPfu9zY7HTzQDT8Bv8d kdPw0f7iQfg5lrFD/ssPHZB/C+KTYzMdF5SEyCyZwXe/YasP26kD3qIzgKTZpE5T5iQD TjMPQIn/n593hUhjxMSffczCSMlaoh1FAwGx5l7G8mfyRfJ9wU2cYozGlLjYos2bAqi5 Xf1Q== X-Gm-Message-State: AOJu0YyoA71JR+bf6LRVto2hzFYEARDsJ1fL7oU0AiaHAF4fqxoFkRBe dyCILShWpydzfl5QQu1FysFa7S7X20CK5LzcjK1TxaGknELRQhgP1w/8TOrdVBseohl9ELwi/gU P X-Gm-Gg: ASbGncu/tTxxW08rEoUabcjtMvV62Ahqkguo8Tb47MoauU3rMN2GKHh6JtCsviC5pyc 2FqR3qcoy8n5bR9wOh5u9Lh4ytZGWXj/FB7b4ipD9ghvQXuzlXU+2G/+QHBg+ETDHKJVftbc/KL wVM6T4UV3OHYN67kquuPalEmCo0i5aW/iFl2eXjpm3oVgGAdBMuLsYCbO7yxFD062BiN8ywLLN2 laDprh41VxFyQ5qc72sxyIjL8wOznj7+6rS1rADktZvnO6aHF0TjGkodysiK4Tmm0t+2p0yMHGo 9lyg4HDcPcAn3sfxzxchQgZhmI/UxH7qA0Cm/tleUbqKMCI= X-Google-Smtp-Source: AGHT+IHrzbqKp0UwVCEagnaf1w7Xl5mgVWyNBO3zD7gZbWq3eVIIdxhVTZxPmy04w0+NOX3hNUR+zg== X-Received: by 2002:a05:6a00:4f81:b0:736:532b:7c10 with SMTP id d2e1a72fcca58-7398046286emr22165508b3a.21.1743546989242; Tue, 01 Apr 2025 15:36:29 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:28 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 4/8] freetype: patch CVE-2025-27363 Date: Tue, 1 Apr 2025 15:36:11 -0700 Message-ID: <5a8d4c7a9a0e099da0294141cf5590b55f0503cd.1743546795.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214156 From: Peter Marko From [1]: An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. Per [2] patches [3] and [4] are needed. Unfortunately, the code changed since 2.11.1 and it's not possible to do backport without significant changes. Since Debian and Ubuntu have already patched this CVE, take the patch from them - [5]/[6]. The patch is a combination of patch originally proposed in [7] and follow-up patch [4]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-27363 [2] https://gitlab.freedesktop.org/freetype/freetype/-/issues/1322 [3] https://gitlab.freedesktop.org/freetype/freetype/-/commit/ef636696524b081f1b8819eb0c6a0b932d35757d [4] https://gitlab.freedesktop.org/freetype/freetype/-/commit/73720c7c9958e87b3d134a7574d1720ad2d24442 [5] https://git.launchpad.net/ubuntu/+source/freetype/commit/?h=applied/ubuntu/jammy-devel&id=fc406fb02653852dfa5979672e3d8d56ed329186 [6] https://salsa.debian.org/debian/freetype/-/commit/13295227b5b0d717a343f276d77ad3b89fcc6ed0 [7] https://www.openwall.com/lists/oss-security/2025/03/14/3 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../freetype/freetype/CVE-2025-27363.patch | 44 +++++++++++++++++++ .../freetype/freetype_2.11.1.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch diff --git a/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch b/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch new file mode 100644 index 0000000000..28fc50c0cb --- /dev/null +++ b/meta/recipes-graphics/freetype/freetype/CVE-2025-27363.patch @@ -0,0 +1,44 @@ +From 26b83ec58c60ced0e6c423df438227fb33ccca2e Mon Sep 17 00:00:00 2001 +From: Marc Deslauriers +Date: Thu, 13 Mar 2025 08:41:20 -0400 +Subject: [PATCH] fix OOB write when when attempting to parse font subglyph + structures + +Gbp-Pq: CVE-2025-27363.patch. + +Source: https://git.launchpad.net/ubuntu/+source/freetype/commit/?h=applied/ubuntu/jammy-devel&id=fc406fb02653852dfa5979672e3d8d56ed329186 + +CVE: CVE-2025-27363 +Upstream-Status: Inappropriate [cannot do exact patch backport as the code changed too much] +Signed-off-by: Peter Marko +--- + src/truetype/ttgload.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c +index 11968f6..f5aa292 100644 +--- a/src/truetype/ttgload.c ++++ b/src/truetype/ttgload.c +@@ -1948,7 +1948,7 @@ + short i, limit; + FT_SubGlyph subglyph; + +- FT_Outline outline; ++ FT_Outline outline = { 0, 0, NULL, NULL, NULL, 0 }; + FT_Vector* points = NULL; + char* tags = NULL; + short* contours = NULL; +@@ -1957,6 +1957,13 @@ + + limit = (short)gloader->current.num_subglyphs; + ++ /* make sure this isn't negative as we're going to add 4 later */ ++ if ( limit < 0 ) ++ { ++ error = FT_THROW( Invalid_Argument ); ++ goto Exit; ++ } ++ + /* construct an outline structure for */ + /* communication with `TT_Vary_Apply_Glyph_Deltas' */ + outline.n_points = (short)( gloader->current.num_subglyphs + 4 ); diff --git a/meta/recipes-graphics/freetype/freetype_2.11.1.bb b/meta/recipes-graphics/freetype/freetype_2.11.1.bb index 29f4d8dfb7..22158511c1 100644 --- a/meta/recipes-graphics/freetype/freetype_2.11.1.bb +++ b/meta/recipes-graphics/freetype/freetype_2.11.1.bb @@ -17,6 +17,7 @@ SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.xz \ file://CVE-2022-27405.patch \ file://CVE-2022-27406.patch \ file://CVE-2023-2004.patch \ + file://CVE-2025-27363.patch \ " SRC_URI[sha256sum] = "3333ae7cfda88429c97a7ae63b7d01ab398076c3b67182e960e5684050f2c5c8" From patchwork Tue Apr 1 22:36:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60497 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E9C7C36017 for ; Tue, 1 Apr 2025 22:36:40 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web10.76.1743546992850929878 for ; Tue, 01 Apr 2025 15:36:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=3Fa3tgWC; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-225477548e1so109995315ad.0 for ; Tue, 01 Apr 2025 15:36:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546992; x=1744151792; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0wEy9PMxPEr973Wjpcca+T1tCU3yUfIjI4UpX5MxNu0=; b=3Fa3tgWCDhO6Le1/r0UHzR/gUN51QerlJO1DXbXlGt6TJwKWgMblVirEV3l13q+LGA 2zcfq2WvUOOo9OG6WDECJvDN13uCevigxvEUFmcDC1emKQIvu4FMwyM6Qs4hGDwAYIFk JW8mETIkHpGyZm/nNUriopHigWM+VaXPpU6mWIuSMlWjG84vE1L4jWyhs1Q8VNNvPzPo /0U/5dRDItP8CiWBw5+4ncRPKvplGXh0bQHkOBoD6Aj815eINFfBiD1OAzb5uc+kRxRK jOTijt7twlmnA0iEYOkUOTbyXFcKKABRanRJS4TXhRNe58zbXAMezLkjDFc+2SR+RG/1 2UgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546992; x=1744151792; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0wEy9PMxPEr973Wjpcca+T1tCU3yUfIjI4UpX5MxNu0=; b=vXUwjXVRqP7ZiA+FFvvWzOXlx9uel7ehglAqftIXyRgC1H69LFwjuZ7zWonlzrW41X nCdXXjbPYoLgXKF/GNs27YI9KfV/7IGrhMAG4rw7363dsQFIX37epiIik0zsLfvVwjfy /aomnr4oBWkmclhhv+1gRtfZv2OUcQhw8PoD/sSOTaWMYm5XK/FA6ziHvsOyu3mrKxF9 cYAy7Cyv/MZ4kEF4o8VWdKMDVKOBP3MyQvhHJmZ5Ydbte684OzSbRLno1tfMbXucdPRZ CVONk3RhJHfE/MllkUjXjY7sdr/Jv1Icv0t6yU6aV8dRJWvfusUlodBQUa7JmErEv0RD C87Q== X-Gm-Message-State: AOJu0Yx59HJs+lQdC+DbffWBRzLp4AMUKrtomGDKuAcbqEh+kOvYTdnD /hCJrBrBTUhvW3nQWGMr8KIiA25Wi49akV6nkNmXlXe3AA2TiZC2tXzet5NBZOLPXmz7nPbfFkF b X-Gm-Gg: ASbGncujfdJ72A5adOdPXDu/q/4lXoTetFK5JNeHHi/Q/vR4KqQvax9OPHM69iZYb/h b98XV0vtzBHvd4jo44QTFCo3v02qngjUZVh06ctOFKWPPEF+PCBrfpjb9Nex36DmWJLG90iosgB xr/CNTV82ndj5A50hUoFZRRVbJmhZmLmOUilEMFNiYbjC6RTY+gsdILjUr/OifrvWxyKWD5ZJl1 aKS1vVeZkxPC9iI895zxoMvA/9Awurtgt1bVkFgb2eXnHwl1tezO9HjSDrrMrfoRvrYoozrHF3K lpcTy+1sCxspE6yqNszyr+0xw1OXdf5MfrSb X-Google-Smtp-Source: AGHT+IH8eUGtLe6pB8ThJQD2mjGff4yETKDzTxQoBKGADuVxu26UiKgyHJIHjBjoa6fodhEB3njF9Q== X-Received: by 2002:a05:6a00:3cc1:b0:737:6d4b:f5f8 with SMTP id d2e1a72fcca58-739804220d4mr17997005b3a.17.1743546990942; Tue, 01 Apr 2025 15:36:30 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:30 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 5/8] llvm : Fix CVE-2024-0151 Date: Tue, 1 Apr 2025 15:36:12 -0700 Message-ID: <883754a84accdc8f8418e83d3c54aa763bcdff87.1743546795.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214157 From: Deepesh Varatharajan Backport a patch from upstream to fix CVE-2024-0151 Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../llvm/llvm/CVE-2024-0151.patch | 1087 +++++++++++++++++ meta/recipes-devtools/llvm/llvm_git.bb | 1 + 2 files changed, 1088 insertions(+) create mode 100644 meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch new file mode 100644 index 0000000000..cbe6f5bf3f --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-0151.patch @@ -0,0 +1,1087 @@ +commit 78ff617d3f573fb3a9b2fef180fa0fd43d5584ea +Author: Lucas Duarte Prates +Date: Thu Jun 20 10:22:01 2024 +0100 + + [ARM] CMSE security mitigation on function arguments and returned values (#89944) + + The ABI mandates two things related to function calls: + - Function arguments must be sign- or zero-extended to the register + size by the caller. + - Return values must be sign- or zero-extended to the register size by + the callee. + + As consequence, callees can assume that function arguments have been + extended and so can callers with regards to return values. + + Here lies the problem: Nonsecure code might deliberately ignore this + mandate with the intent of attempting an exploit. It might try to pass + values that lie outside the expected type's value range in order to + trigger undefined behaviour, e.g. out of bounds access. + + With the mitigation implemented, Secure code always performs extension + of values passed by Nonsecure code. + + This addresses the vulnerability described in CVE-2024-0151. + + Patches by Victor Campos. + + --------- + + Co-authored-by: Victor Campos + +Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/78ff617d3f573fb3a9b2fef180fa0fd43d5584ea] +CVE: CVE-2024-0151 +Signed-off-by: Deepesh Varatharajan +--- +diff --git a/llvm/lib/Target/ARM/ARMISelLowering.cpp b/llvm/lib/Target/ARM/ARMISelLowering.cpp +index 900113244e41..e12f8c183db2 100644 +--- a/llvm/lib/Target/ARM/ARMISelLowering.cpp ++++ b/llvm/lib/Target/ARM/ARMISelLowering.cpp +@@ -154,6 +154,17 @@ static const MCPhysReg GPRArgRegs[] = { + ARM::R0, ARM::R1, ARM::R2, ARM::R3 + }; + ++static SDValue handleCMSEValue(const SDValue &Value, const ISD::InputArg &Arg, ++ SelectionDAG &DAG, const SDLoc &DL) { ++ assert(Arg.ArgVT.isScalarInteger()); ++ assert(Arg.ArgVT.bitsLT(MVT::i32)); ++ SDValue Trunc = DAG.getNode(ISD::TRUNCATE, DL, Arg.ArgVT, Value); ++ SDValue Ext = ++ DAG.getNode(Arg.Flags.isSExt() ? ISD::SIGN_EXTEND : ISD::ZERO_EXTEND, DL, ++ MVT::i32, Trunc); ++ return Ext; ++} ++ + void ARMTargetLowering::addTypeForNEON(MVT VT, MVT PromotedLdStVT) { + if (VT != PromotedLdStVT) { + setOperationAction(ISD::LOAD, VT, Promote); +@@ -2113,7 +2124,7 @@ SDValue ARMTargetLowering::LowerCallResult( + SDValue Chain, SDValue InFlag, CallingConv::ID CallConv, bool isVarArg, + const SmallVectorImpl &Ins, const SDLoc &dl, + SelectionDAG &DAG, SmallVectorImpl &InVals, bool isThisReturn, +- SDValue ThisVal) const { ++ SDValue ThisVal, bool isCmseNSCall) const { + // Assign locations to each value returned by this call. + SmallVector RVLocs; + CCState CCInfo(CallConv, isVarArg, DAG.getMachineFunction(), RVLocs, +@@ -2191,6 +2202,15 @@ SDValue ARMTargetLowering::LowerCallResult( + (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16)) + Val = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), Val); + ++ // On CMSE Non-secure Calls, call results (returned values) whose bitwidth ++ // is less than 32 bits must be sign- or zero-extended after the call for ++ // security reasons. Although the ABI mandates an extension done by the ++ // callee, the latter cannot be trusted to follow the rules of the ABI. ++ const ISD::InputArg &Arg = Ins[VA.getValNo()]; ++ if (isCmseNSCall && Arg.ArgVT.isScalarInteger() && ++ VA.getLocVT().isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32)) ++ Val = handleCMSEValue(Val, Arg, DAG, dl); ++ + InVals.push_back(Val); + } + +@@ -2787,7 +2807,7 @@ ARMTargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI, + // return. + return LowerCallResult(Chain, InFlag, CallConv, isVarArg, Ins, dl, DAG, + InVals, isThisReturn, +- isThisReturn ? OutVals[0] : SDValue()); ++ isThisReturn ? OutVals[0] : SDValue(), isCmseNSCall); + } + + /// HandleByVal - Every parameter *after* a byval parameter is passed +@@ -4377,8 +4397,6 @@ SDValue ARMTargetLowering::LowerFormalArguments( + *DAG.getContext()); + CCInfo.AnalyzeFormalArguments(Ins, CCAssignFnForCall(CallConv, isVarArg)); + +- SmallVector ArgValues; +- SDValue ArgValue; + Function::const_arg_iterator CurOrigArg = MF.getFunction().arg_begin(); + unsigned CurArgIdx = 0; + +@@ -4432,7 +4450,7 @@ SDValue ARMTargetLowering::LowerFormalArguments( + } + // Arguments stored in registers. + if (VA.isRegLoc()) { +- EVT RegVT = VA.getLocVT(); ++ SDValue ArgValue; + + if (VA.needsCustom() && VA.getLocVT() == MVT::v2f64) { + // f64 and vector types are split up into multiple registers or +@@ -4496,16 +4514,6 @@ SDValue ARMTargetLowering::LowerFormalArguments( + case CCValAssign::BCvt: + ArgValue = DAG.getNode(ISD::BITCAST, dl, VA.getValVT(), ArgValue); + break; +- case CCValAssign::SExt: +- ArgValue = DAG.getNode(ISD::AssertSext, dl, RegVT, ArgValue, +- DAG.getValueType(VA.getValVT())); +- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue); +- break; +- case CCValAssign::ZExt: +- ArgValue = DAG.getNode(ISD::AssertZext, dl, RegVT, ArgValue, +- DAG.getValueType(VA.getValVT())); +- ArgValue = DAG.getNode(ISD::TRUNCATE, dl, VA.getValVT(), ArgValue); +- break; + } + + // f16 arguments have their size extended to 4 bytes and passed as if they +@@ -4515,6 +4523,15 @@ SDValue ARMTargetLowering::LowerFormalArguments( + (VA.getValVT() == MVT::f16 || VA.getValVT() == MVT::bf16)) + ArgValue = MoveToHPR(dl, DAG, VA.getLocVT(), VA.getValVT(), ArgValue); + ++ // On CMSE Entry Functions, formal integer arguments whose bitwidth is ++ // less than 32 bits must be sign- or zero-extended in the callee for ++ // security reasons. Although the ABI mandates an extension done by the ++ // caller, the latter cannot be trusted to follow the rules of the ABI. ++ const ISD::InputArg &Arg = Ins[VA.getValNo()]; ++ if (AFI->isCmseNSEntryFunction() && Arg.ArgVT.isScalarInteger() && ++ RegVT.isScalarInteger() && Arg.ArgVT.bitsLT(MVT::i32)) ++ ArgValue = handleCMSEValue(ArgValue, Arg, DAG, dl); ++ + InVals.push_back(ArgValue); + } else { // VA.isRegLoc() + // sanity check +diff --git a/llvm/lib/Target/ARM/ARMISelLowering.h b/llvm/lib/Target/ARM/ARMISelLowering.h +index 844b7d4f1707..2168a4a73589 100644 +--- a/llvm/lib/Target/ARM/ARMISelLowering.h ++++ b/llvm/lib/Target/ARM/ARMISelLowering.h +@@ -865,7 +865,7 @@ class VectorType; + const SmallVectorImpl &Ins, + const SDLoc &dl, SelectionDAG &DAG, + SmallVectorImpl &InVals, bool isThisReturn, +- SDValue ThisVal) const; ++ SDValue ThisVal, bool isCmseNSCall) const; + + bool supportSplitCSR(MachineFunction *MF) const override { + return MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS && +diff --git a/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll +new file mode 100644 +index 0000000000..58eef443c2 +--- /dev/null ++++ b/llvm/test/CodeGen/ARM/cmse-harden-call-returned-values.ll +@@ -0,0 +1,552 @@ ++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE ++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE ++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE ++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE ++ ++@get_idx = hidden local_unnamed_addr global ptr null, align 4 ++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4 ++ ++define i32 @access_i16() { ++; V8M-COMMON-LABEL: access_i16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call signext i16 %0() "cmse_nonsecure_call" ++ %idxprom = sext i16 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_u16() { ++; V8M-COMMON-LABEL: access_u16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i16 %0() "cmse_nonsecure_call" ++ %idxprom = zext i16 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i8() { ++; V8M-COMMON-LABEL: access_i8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call signext i8 %0() "cmse_nonsecure_call" ++ %idxprom = sext i8 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_u8() { ++; V8M-COMMON-LABEL: access_u8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i8 %0() "cmse_nonsecure_call" ++ %idxprom = zext i8 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i1() { ++; V8M-COMMON-LABEL: access_i1: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i1: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i1 %0() "cmse_nonsecure_call" ++ %idxprom = zext i1 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i5() { ++; V8M-COMMON-LABEL: access_i5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call signext i5 %0() "cmse_nonsecure_call" ++ %idxprom = sext i5 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_u5() { ++; V8M-COMMON-LABEL: access_u5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V8M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V8M-COMMON-NEXT: ldr r0, [r0] ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: and r0, r0, #31 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: movw r0, :lower16:get_idx ++; V81M-COMMON-NEXT: movt r0, :upper16:get_idx ++; V81M-COMMON-NEXT: ldr r0, [r0] ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: and r0, r0, #31 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %0 = load ptr, ptr @get_idx, align 4 ++ %call = tail call zeroext i5 %0() "cmse_nonsecure_call" ++ %idxprom = zext i5 %call to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %1 = load i32, ptr %arrayidx, align 4 ++ ret i32 %1 ++} ++ ++define i32 @access_i33(ptr %f) { ++; V8M-COMMON-LABEL: access_i33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: rsb.w r0, r0, #0 ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_i33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: rsb.w r0, r0, #0 ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %call = tail call i33 %f() "cmse_nonsecure_call" ++ %shr = ashr i33 %call, 32 ++ %conv = trunc nsw i33 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_u33(ptr %f) { ++; V8M-COMMON-LABEL: access_u33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: push {r7, lr} ++; V8M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-COMMON-NEXT: bic r0, r0, #1 ++; V8M-COMMON-NEXT: sub sp, #136 ++; V8M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V8M-COMMON-NEXT: mov r1, r0 ++; V8M-COMMON-NEXT: mov r2, r0 ++; V8M-COMMON-NEXT: mov r3, r0 ++; V8M-COMMON-NEXT: mov r4, r0 ++; V8M-COMMON-NEXT: mov r5, r0 ++; V8M-COMMON-NEXT: mov r6, r0 ++; V8M-COMMON-NEXT: mov r7, r0 ++; V8M-COMMON-NEXT: mov r8, r0 ++; V8M-COMMON-NEXT: mov r9, r0 ++; V8M-COMMON-NEXT: mov r10, r0 ++; V8M-COMMON-NEXT: mov r11, r0 ++; V8M-COMMON-NEXT: mov r12, r0 ++; V8M-COMMON-NEXT: msr apsr_nzcvq, r0 ++; V8M-COMMON-NEXT: blxns r0 ++; V8M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V8M-COMMON-NEXT: add sp, #136 ++; V8M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: pop {r7, pc} ++; ++; V81M-COMMON-LABEL: access_u33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: push {r7, lr} ++; V81M-COMMON-NEXT: push.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-COMMON-NEXT: bic r0, r0, #1 ++; V81M-COMMON-NEXT: sub sp, #136 ++; V81M-COMMON-NEXT: vlstm sp, {d0 - d15} ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11, r12, apsr} ++; V81M-COMMON-NEXT: blxns r0 ++; V81M-COMMON-NEXT: vlldm sp, {d0 - d15} ++; V81M-COMMON-NEXT: add sp, #136 ++; V81M-COMMON-NEXT: pop.w {r4, r5, r6, r7, r8, r9, r10, r11} ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: pop {r7, pc} ++entry: ++ %call = tail call i33 %f() "cmse_nonsecure_call" ++ %shr = lshr i33 %call, 32 ++ %conv = trunc nuw nsw i33 %shr to i32 ++ ret i32 %conv ++} +diff --git a/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll +new file mode 100644 +index 0000000000..c66ab00566 +--- /dev/null ++++ b/llvm/test/CodeGen/ARM/cmse-harden-entry-arguments.ll +@@ -0,0 +1,368 @@ ++; RUN: llc %s -mtriple=thumbv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-LE ++; RUN: llc %s -mtriple=thumbebv8m.main -o - | FileCheck %s --check-prefixes V8M-COMMON,V8M-BE ++; RUN: llc %s -mtriple=thumbv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-LE ++; RUN: llc %s -mtriple=thumbebv8.1m.main -o - | FileCheck %s --check-prefixes V81M-COMMON,V81M-BE ++ ++@arr = hidden local_unnamed_addr global [256 x i32] zeroinitializer, align 4 ++ ++define i32 @access_i16(i16 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = sext i16 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_u16(i16 zeroext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u16: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxth r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u16: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxth r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i16 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i8(i8 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = sext i8 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_u8(i8 zeroext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u8: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: uxtb r0, r0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u8: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: uxtb r0, r0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i8 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i1(i1 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i1: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: rsbs r0, r0, #0 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i1: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: rsbs r0, r0, #0 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i1 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i5(i5 signext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: sbfx r0, r0, #0, #5 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = sext i5 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_u5(i5 zeroext %idx) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u5: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: movw r1, :lower16:arr ++; V8M-COMMON-NEXT: and r0, r0, #31 ++; V8M-COMMON-NEXT: movt r1, :upper16:arr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u5: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: movw r1, :lower16:arr ++; V81M-COMMON-NEXT: and r0, r0, #31 ++; V81M-COMMON-NEXT: movt r1, :upper16:arr ++; V81M-COMMON-NEXT: ldr.w r0, [r1, r0, lsl #2] ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %idxprom = zext i5 %idx to i32 ++ %arrayidx = getelementptr inbounds [256 x i32], ptr @arr, i32 0, i32 %idxprom ++ %0 = load i32, ptr %arrayidx, align 4 ++ ret i32 %0 ++} ++ ++define i32 @access_i33(i33 %arg) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: rsbs r0, r0, #0 ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: rsbs r0, r0, #0 ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %shr = ashr i33 %arg, 32 ++ %conv = trunc nsw i33 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_u33(i33 %arg) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u33: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-LE-NEXT: and r0, r1, #1 ++; V8M-BE-NEXT: and r0, r0, #1 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u33: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-LE-NEXT: and r0, r1, #1 ++; V81M-BE-NEXT: and r0, r0, #1 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %shr = lshr i33 %arg, 32 ++ %conv = trunc nuw nsw i33 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_i65(ptr byval(i65) %0) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_i65: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: sub sp, #16 ++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V8M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V8M-LE-NEXT: and r0, r0, #1 ++; V8M-LE-NEXT: rsbs r0, r0, #0 ++; V8M-BE-NEXT: movs r1, #0 ++; V8M-BE-NEXT: sub.w r0, r1, r0, lsr #24 ++; V8M-COMMON-NEXT: add sp, #16 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_i65: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: sub sp, #16 ++; V81M-COMMON-NEXT: add sp, #4 ++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V81M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V81M-LE-NEXT: and r0, r0, #1 ++; V81M-LE-NEXT: rsbs r0, r0, #0 ++; V81M-BE-NEXT: movs r1, #0 ++; V81M-BE-NEXT: sub.w r0, r1, r0, lsr #24 ++; V81M-COMMON-NEXT: sub sp, #4 ++; V81M-COMMON-NEXT: add sp, #16 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %arg = load i65, ptr %0, align 8 ++ %shr = ashr i65 %arg, 64 ++ %conv = trunc nsw i65 %shr to i32 ++ ret i32 %conv ++} ++ ++define i32 @access_u65(ptr byval(i65) %0) "cmse_nonsecure_entry" { ++; V8M-COMMON-LABEL: access_u65: ++; V8M-COMMON: @ %bb.0: @ %entry ++; V8M-COMMON-NEXT: sub sp, #16 ++; V8M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V8M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V8M-BE-NEXT: lsrs r0, r0, #24 ++; V8M-COMMON-NEXT: add sp, #16 ++; V8M-COMMON-NEXT: mov r1, lr ++; V8M-COMMON-NEXT: mov r2, lr ++; V8M-COMMON-NEXT: mov r3, lr ++; V8M-COMMON-NEXT: mov r12, lr ++; V8M-COMMON-NEXT: msr apsr_nzcvq, lr ++; V8M-COMMON-NEXT: bxns lr ++; ++; V81M-COMMON-LABEL: access_u65: ++; V81M-COMMON: @ %bb.0: @ %entry ++; V81M-COMMON-NEXT: vstr fpcxtns, [sp, #-4]! ++; V81M-COMMON-NEXT: sub sp, #16 ++; V81M-COMMON-NEXT: add sp, #4 ++; V81M-COMMON-NEXT: stm.w sp, {r0, r1, r2, r3} ++; V81M-LE-NEXT: ldrb.w r0, [sp, #8] ++; V81M-BE-NEXT: lsrs r0, r0, #24 ++; V81M-COMMON-NEXT: sub sp, #4 ++; V81M-COMMON-NEXT: add sp, #16 ++; V81M-COMMON-NEXT: vscclrm {s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11, s12, s13, s14, s15, vpr} ++; V81M-COMMON-NEXT: vldr fpcxtns, [sp], #4 ++; V81M-COMMON-NEXT: clrm {r1, r2, r3, r12, apsr} ++; V81M-COMMON-NEXT: bxns lr ++entry: ++ %arg = load i65, ptr %0, align 8 ++ %shr = lshr i65 %arg, 64 ++ %conv = trunc nuw nsw i65 %shr to i32 ++ ret i32 %conv ++} diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb index 8dcd124c71..1531e12fff 100644 --- a/meta/recipes-devtools/llvm/llvm_git.bb +++ b/meta/recipes-devtools/llvm/llvm_git.bb @@ -36,6 +36,7 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http file://CVE-2023-46049.patch;striplevel=2 \ file://CVE-2024-31852-1.patch;striplevel=2 \ file://CVE-2024-31852-2.patch;striplevel=2 \ + file://CVE-2024-0151.patch;striplevel=2 \ " UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P\d+(\.\d+)+)" From patchwork Tue Apr 1 22:36:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60499 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65044C3601B for ; Tue, 1 Apr 2025 22:36:40 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.77.1743546992924462852 for ; Tue, 01 Apr 2025 15:36:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=a37xWnJA; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-22401f4d35aso120182935ad.2 for ; Tue, 01 Apr 2025 15:36:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546992; x=1744151792; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wX0uupXd89EWWiA4ifnfMUkiyM5f1EYReZBVpDWeOlQ=; b=a37xWnJAprq4ePg8B/8CQA05aH+s0xC9eVLdNjbsio8tyjPOPOoLNKCW2VBqBu5pD5 zetL/7Gr/I61OwHzNMTVPRIqrCtV++x687/oyMk24ro6j6cJ8JCRfoqHL6jsyDRHrx1f eRLjmIsuLL6gvTUphydgaPkow+K/9Q9VAnqZfm1BArTGYiow/3qPvZfpN+6m5nj/zjPc 2iZl4BX1brQxM1nICHjahvixyjSvEzEqxwRzfX6a179IJFKxRIUsvjsP4+wEU34LgMSk NdKeK2mhgMuKSlsMtbHwDUH9cEmxGCYZ8gBJ6qAEp4UjpMuumxwICF60Md7sI3C1CxTi 5bsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546992; x=1744151792; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wX0uupXd89EWWiA4ifnfMUkiyM5f1EYReZBVpDWeOlQ=; b=tFhpJbwNP7+WxMWSxLCfW4+yBO9/MFgdxexb/87LAdiodnFFFRQNAeCn5bnkYp8KAT t9U6MhDVzwuahQjvaiM07COpoR0jNMa0rCWnzGHjFE9UnAWndg2uuMNYUrjG8DR8ehpn Rfuj3Bay+qrnh7aUi9iol3I2XFD/SVcHq4pyOQLsGTQJaG0H83lQs+SyHMoA/3lazi+B p5qPb559p8P4Hv3thj8A9KnI5ScV2dXZy1W1/5fRfnGQrDQqfTLkaNRAZORwRcTj157d 5kzo//ItCiu+ma+iPSyr7ATMhgPiCgiyKbpGq4HM743xeeMLSJgV3QWnKS/P0jz6a67i eK0g== X-Gm-Message-State: AOJu0YyL4LWmZRAHrCVT3gx0AlGZ9AkhZIb2uNzPEcVcgzKkxVYehnN1 tIMdQ5QDOd7TjrwdLGLHxSAxdsrWXh6bXsG6+l7f+tUYJztA+G30TmVgObtJf6EAwN9CULKKASC 0 X-Gm-Gg: ASbGncusKKGyUdT+HWGzHXBqF4Ra5qwboKEkCTMmVrbx+4t1EYT7ZhghRqzpwd7jMIN 7VoGeZYnR7nmK0DhTZbtiz11Fy27cnt8OXA9IGssCmIq1bNFJp2ll5Cnx3ekC67Lp7u/kbdvNWk nCVMgsuZW8Hj3fLC2OToEee/f6ne+98ZBVXL22LOJlYc+VOO4FiURzieNJZNEb7SZZ9uB5+qTq2 h/mKmoPjZI2dnUbosceGD5awmTxT/UYt5FpE69T1i7haps1qMGPLzsmN+ebXE03I5v1mBUXicVV GIcbDGbFBz3SmaCFm/tYvOToRGhy3/Et7djHI1tLYut9hO4= X-Google-Smtp-Source: AGHT+IHnRxcUFoQMg6SZ5auCs08e3T5ACXKGyloBNdxBjVPYPk8GVWZex9bOxRMNav6sVvt00W1aQA== X-Received: by 2002:a17:903:230d:b0:227:e82b:b585 with SMTP id d9443c01a7336-2296c6620c7mr2360355ad.20.1743546992191; Tue, 01 Apr 2025 15:36:32 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 6/8] yocto-uninative: Update to 4.7 for glibc 2.41 Date: Tue, 1 Apr 2025 15:36:13 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214158 From: Michael Halstead Signed-off-by: Michael Halstead Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- meta/conf/distro/include/yocto-uninative.inc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/conf/distro/include/yocto-uninative.inc b/meta/conf/distro/include/yocto-uninative.inc index a6f7107dfe..3d0f1fdccd 100644 --- a/meta/conf/distro/include/yocto-uninative.inc +++ b/meta/conf/distro/include/yocto-uninative.inc @@ -6,10 +6,10 @@ # to the distro running on the build machine. # -UNINATIVE_MAXGLIBCVERSION = "2.40" -UNINATIVE_VERSION = "4.6" +UNINATIVE_MAXGLIBCVERSION = "2.41" +UNINATIVE_VERSION = "4.7" UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/${UNINATIVE_VERSION}/" -UNINATIVE_CHECKSUM[aarch64] ?= "c2d36338272eba101580f648dd8dff5352cdb4c1809db7dedf8fc4d7e7df716c" -UNINATIVE_CHECKSUM[i686] ?= "0041584678109c18deca48fb59eaf14cf725cf024a170ab537b354b63240c504" -UNINATIVE_CHECKSUM[x86_64] ?= "6bf00154c5a7bc48adbf63fd17684bb87eb07f4814fbb482a3fbd817c1ccf4c5" +UNINATIVE_CHECKSUM[aarch64] ?= "ac440e4fc80665c79f9718c665c6e28d771e51609c088c3c97ba3ad5cfed197a" +UNINATIVE_CHECKSUM[i686] ?= "c5efa31450f3bbd63ea961d4e7c747ae41317937d429f65e1d5cf2050338e27a" +UNINATIVE_CHECKSUM[x86_64] ?= "5800d4e9a129d1be09cf548918d25f74e91a7c1193ae5239d5b0c9246c486d2c" From patchwork Tue Apr 1 22:36:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60498 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 711D2C3601A for ; Tue, 1 Apr 2025 22:36:40 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.78.1743546994416551096 for ; Tue, 01 Apr 2025 15:36:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=umlSgxDv; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-223fd89d036so130470975ad.1 for ; Tue, 01 Apr 2025 15:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546993; x=1744151793; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Eo9L4GF8lqmrNqYjmxWXDxu2xOwDsIMzANK24VsYk/0=; b=umlSgxDvGm8NusABpn0AevNieh3su5Zym+LyO5TgsTR0weNMGRB8xmYWEDHxJ6UCf/ 365ILMXonvtQ4/arERXjAVFDeXZzCt7VJjG1ZQXXKrHK7uinuw97g7k3dSmdHif8MUSw 97i5yWf2WxBsKYxg5MwQmmc3gotZwFZ4dqZqDqI45Si/o5ib377SBTLKu4yDajPnXaOb R2TmlBW6RBoi2sgBJbgeC/0URgYzzQZzwr1alLS0zMYHWqfGQskRm2WFAiW+9Vcb6GHN czmdTaJUNgqRkGAGdr0CvkTk00b7PO8sX6yqs82WdkvYCODroaAsxzOiTWwMPDWNbmdQ LRdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546993; x=1744151793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Eo9L4GF8lqmrNqYjmxWXDxu2xOwDsIMzANK24VsYk/0=; b=G190A8aAygrXiA+PfZj3fM5/uZgCsWB6NVbtSb571AzfH5wJugetk+3gFkJkETZ3IR dKpU02AbHNrlD7WpmRLW3BzXYW/MdAR90RvZDTyeWBIppiTkQEAIGhvOW7/xzr1k432L G5Cqe1fOSqtKdzTiC/3WPD3XECSaJmBBLjZVj7KONWbSbx5+8luAuD+EtgBdHU3mYWi8 G/WVDm2iqaVJHuc9u2TFlUr3RPzOMZfYNUYPHcasEP16gtOa+7DqaKbSkY6jXA3RvoWj tgNEjbyxtM7vnBZhhIGfFSyBmZ67c3JEn3cSy+HVQOLUhvR3WWG41j+WfQjudAgi++6W roHg== X-Gm-Message-State: AOJu0YzYerV0w8x9/y4u6rE7NCJ5m0eiewxQqdTFwSO572DAZm103b6I CJVFs66Ptr0sT4FlbvHbFg8+8Z60eDmSwgL+nVENP9WT9rql1q1wyghzOwRuAERI/dLYuN1gdY9 d X-Gm-Gg: ASbGncu8zAVkYqrTabwM1ABJC4DkLKVpRX6Et3e01wdxgY5VtbAzu4ytSnfNilg/0IO FFbMZa2O9LZ0/qnapq3a0XrHBQZiToDD2dFrK/jprBXUPO4rm/mWXTwL7kqG7EIbtBTbqLxDgP7 GIhXgrB79qewRU91gJmUQXVKpwqLBGhbPKkGg0Ikq9QZW9yyZM5pfsYd17SsFdt3P1CUlxUXuEU Zu9v6BdD3VsTsNNQDESLc5UTnv//+NbLcSrkl1PgEjE8kZbyY+zGS7ZgOZemVrewv3ITPR6IGly NClIBUecGu9CPDA2MCm79k8vO6ZCEuHSXV8LCLhwtnIfENY= X-Google-Smtp-Source: AGHT+IGPZjTU8wsfk/tUQHd7TLvTIAE69d7vDRi8fkaFVTQ1DgR7PPxi2DJw4SCmljxla6l9X4n0HQ== X-Received: by 2002:a05:6a00:b8d:b0:736:4bd3:ffab with SMTP id d2e1a72fcca58-73980416030mr15637152b3a.17.1743546993471; Tue, 01 Apr 2025 15:36:33 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 7/8] mesa: Update SRC_URI Date: Tue, 1 Apr 2025 15:36:14 -0700 Message-ID: <6397cd1ad55927c312051cbd42d5825fa8ed969b.1743546795.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214159 From: Guocai He Update SRC_URI for mesa. The the tarball of mesa has been changed from: https://mesa.freedesktop.org/archive/ to: https://archive.mesa3d.org/ Signed-off-by: Guocai He Signed-off-by: Steve Sakoman --- meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb | 2 +- meta/recipes-graphics/mesa/mesa.inc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb b/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb index 01e5b35d0e..11ecb9a9eb 100644 --- a/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb +++ b/meta/recipes-graphics/mesa/mesa-demos_8.4.0.bb @@ -9,7 +9,7 @@ LICENSE = "MIT & PD" LIC_FILES_CHKSUM = "file://src/xdemos/glxgears.c;beginline=1;endline=20;md5=914225785450eff644a86c871d3ae00e \ file://src/xdemos/glxdemo.c;beginline=1;endline=8;md5=b01d5ab1aee94d35b7efaa2ef48e1a06" -SRC_URI = "https://mesa.freedesktop.org/archive/demos/${BPN}-${PV}.tar.bz2 \ +SRC_URI = "https://archive.mesa3d.org/demos/${BPN}-${PV}.tar.bz2 \ file://0001-mesa-demos-Add-missing-data-files.patch \ file://0003-configure-Allow-to-disable-demos-which-require-GLEW-.patch \ file://0004-Use-DEMOS_DATA_DIR-to-locate-data-files.patch \ diff --git a/meta/recipes-graphics/mesa/mesa.inc b/meta/recipes-graphics/mesa/mesa.inc index 3c85a3ac55..16d3e108a4 100644 --- a/meta/recipes-graphics/mesa/mesa.inc +++ b/meta/recipes-graphics/mesa/mesa.inc @@ -14,7 +14,7 @@ LIC_FILES_CHKSUM = "file://docs/license.rst;md5=9a383ee9f65a4e939d6630e9b067ff58 PE = "2" -SRC_URI = "https://mesa.freedesktop.org/archive/mesa-${PV}.tar.xz \ +SRC_URI = "https://archive.mesa3d.org/older-versions/22.x/mesa-${PV}.tar.xz \ file://0001-meson.build-check-for-all-linux-host_os-combinations.patch \ file://0002-meson.build-make-TLS-ELF-optional.patch \ file://0001-meson-misdetects-64bit-atomics-on-mips-clang.patch \ From patchwork Tue Apr 1 22:36:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 60496 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52F79C36010 for ; Tue, 1 Apr 2025 22:36:40 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.62.1743546995562699834 for ; Tue, 01 Apr 2025 15:36:35 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HQa6pVE9; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-226185948ffso118420475ad.0 for ; Tue, 01 Apr 2025 15:36:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1743546995; x=1744151795; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ef+9j9PmqsQf+Ixv/CUmDOJAN0T0DcjuzjNlN0F5neY=; b=HQa6pVE9NjOLVvSA6woOaTNa5aKh9xBRMxt0Jaf7rx8YLNXn7hXMj7HEdVB0WK7CUc 27OZo78fVLlzSBS9S4IyAyJECl5gfn2oRPt2x6NmjyNHqT/E21I0azcXHf/eThY4ivS8 qiwxyqX/mzes4es7diXReYafrbzl9E17HIc1SuGUoMAZXec08BhNFPnY6bVNryIefz0X EhlR2f8L/ssursuvNw10vcZoVvWDSRcs1IaSRVg6ziMtNhLN+F2vrc+Q7cRTCiX/MPmG r35JsBwGJxbuJ87Hk98gYslsHOPR7WhwLC6UyrSrRdzf49pYass1GLqdNS4JuQmIhWuQ 4uwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743546995; x=1744151795; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ef+9j9PmqsQf+Ixv/CUmDOJAN0T0DcjuzjNlN0F5neY=; b=X+wITxKGcnVg59sARRxwOWKNEWyBLG9OxIzFBXJFsil/ce1buM1f57Jdeivn1UH5ch dqIdjMSNb1YVjUk7c5IAp7WUsZ7YkFzpObh4MjX4uYn6BwDLjUzQ4k4huUbgLJHE2yvT CMl0sNsX4NBVb/4CpQHTf2SdyZOhemXJWfiFh1VkuILkCE5roLJU1wvsAYccRHIMyvsN Krc1l14hcIkFTrR5Xx3XwOGji5rLR8lMRIE/r7Fhewd7Cn5TdSdLhQxkDTbRNLswIm2t zRdBIjP6b0phw479QTYjqBDRw/M5rUjAaLiP85n5+yd1w1ap60dmLLZKDv5W6P8StD2P r0wA== X-Gm-Message-State: AOJu0YyfT8as21+T5X8mNWdWmzwvsGEmx7GM3eKVFmTJnulbr8DtzUgh TBqEstMaUhcVZwUI8At4v+47VbGk3IGnjbTrwuKJm5RwC3jiWYtNJyVDbGcIhoS25FVAARvdgor 1 X-Gm-Gg: ASbGncuwHXZHNWEhG9BiyC8uis4hwjIdLXfMQ7W9djLTUSuPF+ir/hy5yvKE9V8G9oZ BN02xcS3DABccI+UhbTED+O4Se6O7flmCXeoaoXFK64GEbh46UTvczOe0svd1C4sFby2gmFIX0n xuoElNnwmAPo3SuRwgXzkYQDWu1/eAgFJP7UG4pwl9mN1ALQzWjuvFpWYMofSuAYvaAs67t7H/A +9LaKzX75p/58up0oGcDtR2o+B80WGKtwIltLkH+eppX1aro4m3nzfVPYXfbAf6wvdw9wGgcnDG UDl+dzMbcWIn5l6kJ1MmJ0u7QWYwPW6cbxhy X-Google-Smtp-Source: AGHT+IGrfz36nByO7vJnDt3M9dhU4PUOTePpUiIZmlvuKWkuHH61i33GAHHz7wMHyQLc2kByNMPKVg== X-Received: by 2002:a05:6a00:3a11:b0:739:4a93:a5df with SMTP id d2e1a72fcca58-739c78b093bmr520670b3a.12.1743546994717; Tue, 01 Apr 2025 15:36:34 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:6021:5333:bc00:e45b]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-73970e226a7sm9534241b3a.48.2025.04.01.15.36.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Apr 2025 15:36:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 8/8] glibc: Add single-threaded fast path to rand() Date: Tue, 1 Apr 2025 15:36:15 -0700 Message-ID: <0c99e9e0d1c848d10abe0527e5aa98f2a0750b2a.1743546795.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Apr 2025 22:36:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214160 From: Haixiao Yan Backport a patch [1] to improve performance of rand() and __random()[2] by adding a single-threaded fast path. [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f [2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777 Signed-off-by: Haixiao Yan Signed-off-by: Steve Sakoman --- ...dd-single-threaded-fast-path-to-rand.patch | 47 +++++++++++++++++++ meta/recipes-core/glibc/glibc_2.35.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch diff --git a/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch new file mode 100644 index 0000000000..736fc51f38 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch @@ -0,0 +1,47 @@ +From 4f54b0dfc16dbe0df86afccb90e447df5f7f571e Mon Sep 17 00:00:00 2001 +From: Wilco Dijkstra +Date: Mon, 18 Mar 2024 15:18:20 +0000 +Subject: [PATCH] stdlib: Add single-threaded fast path to rand() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Improve performance of rand() and __random() by adding a single-threaded +fast path. Bench-random-lock shows about 5x speedup on Neoverse V1. + +Upstream-Status: Backport [be0cfd848d9ad7378800d6302bc11467cf2b514f] + +Reviewed-by: Adhemerval Zanella  +Signed-off-by: Haixiao Yan +--- + stdlib/random.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/stdlib/random.c b/stdlib/random.c +index 17cc61ba8f55..5d482a857065 100644 +--- a/stdlib/random.c ++++ b/stdlib/random.c +@@ -51,6 +51,7 @@ + SUCH DAMAGE.*/ + + #include ++#include + #include + #include + #include +@@ -288,6 +289,12 @@ __random (void) + { + int32_t retval; + ++ if (SINGLE_THREAD_P) ++ { ++ (void) __random_r (&unsafe_state, &retval); ++ return retval; ++ } ++ + __libc_lock_lock (lock); + + (void) __random_r (&unsafe_state, &retval); +-- +2.34.1 + diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index d9cae79ac2..9073e04537 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -65,6 +65,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \ file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \ file://0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch \ + file://0001-stdlib-Add-single-threaded-fast-path-to-rand.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}"