Rebase to 1.13rc1

Fix for CVE-2019-14809, CVE-2019-9514 and CVE-2019-9512
Resolves: BZ#1741816, BZ#1741827 and BZ#1743131
This commit is contained in:
Jakub Čajka 2019-08-26 12:09:05 +02:00
parent 0e633c63ed
commit 081d5ff6f2
4 changed files with 9 additions and 202 deletions

1
.gitignore vendored
View File

@ -71,3 +71,4 @@
/go1.12.6.src.tar.gz /go1.12.6.src.tar.gz
/go1.12.7.src.tar.gz /go1.12.7.src.tar.gz
/go1.13beta1.src.tar.gz /go1.13beta1.src.tar.gz
/go1.13rc1.src.tar.gz

View File

@ -1,196 +0,0 @@
From 8a317ebc0f50339628c003bf06107cd865406dd4 Mon Sep 17 00:00:00 2001
From: Keith Randall <khr@google.com>
Date: Tue, 30 Jul 2019 16:14:20 -0700
Subject: [PATCH] cmd/compile: don't eliminate all registers when restricting
to desired ones
We shouldn't mask to desired registers if we haven't masked out all the
forbidden registers yet. In this path we haven't masked out the nospill
registers yet. If the resulting mask contains only nospill registers, then
allocReg fails.
This can only happen on resultNotInArgs-marked instructions, which exist
only on the ARM64, MIPS, MIPS64, and PPC64 ports.
Maybe there's a better way to handle resultNotInArgs instructions.
But for 1.13, this is a low-risk fix.
Fixes #33355
Change-Id: I1082f78f798d1371bde65c58cc265540480e4fa4
Reviewed-on: https://go-review.googlesource.com/c/go/+/188178
Run-TryBot: Keith Randall <khr@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
---
src/cmd/compile/internal/ssa/regalloc.go | 2 +-
test/fixedbugs/issue33355.go | 147 +++++++++++++++++++++++
2 files changed, 148 insertions(+), 1 deletion(-)
create mode 100644 test/fixedbugs/issue33355.go
diff --git a/src/cmd/compile/internal/ssa/regalloc.go b/src/cmd/compile/internal/ssa/regalloc.go
index b6fae5e0a3e..8abbf615076 100644
--- a/src/cmd/compile/internal/ssa/regalloc.go
+++ b/src/cmd/compile/internal/ssa/regalloc.go
@@ -1455,7 +1455,7 @@ func (s *regAllocState) regalloc(f *Func) {
}
}
// Avoid registers we're saving for other values.
- if mask&^desired.avoid != 0 {
+ if mask&^desired.avoid&^s.nospill != 0 {
mask &^= desired.avoid
}
r := s.allocReg(mask, v)
diff --git a/test/fixedbugs/issue33355.go b/test/fixedbugs/issue33355.go
new file mode 100644
index 00000000000..c4b1e2e1a23
--- /dev/null
+++ b/test/fixedbugs/issue33355.go
@@ -0,0 +1,147 @@
+// compile
+
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This code failed on arm64 in the register allocator.
+// See issue 33355.
+
+package server
+
+import (
+ "bytes"
+ "sync"
+)
+
+type client struct {
+ junk [4]int
+ mu sync.Mutex
+ srv *Server
+ gw *gateway
+ msgb [100]byte
+}
+
+type gateway struct {
+ cfg *gatewayCfg
+ outsim *sync.Map
+}
+
+type gatewayCfg struct {
+ replyPfx []byte
+}
+
+type Account struct {
+ Name string
+}
+
+type Server struct {
+ gateway *srvGateway
+}
+
+type srvGateway struct {
+ outo []*client
+}
+
+type subscription struct {
+ queue []byte
+ client *client
+}
+
+type outsie struct {
+ ni map[string]struct{}
+ sl *Sublist
+ qsubs int
+}
+
+type Sublist struct {
+}
+
+type SublistResult struct {
+ psubs []*subscription
+ qsubs [][]*subscription
+}
+
+var subPool = &sync.Pool{}
+
+func (c *client) sendMsgToGateways(acc *Account, msg, subject, reply []byte, qgroups [][]byte) {
+ var gws []*client
+ gw := c.srv.gateway
+ for i := 0; i < len(gw.outo); i++ {
+ gws = append(gws, gw.outo[i])
+ }
+ var (
+ subj = string(subject)
+ queuesa = [512]byte{}
+ queues = queuesa[:0]
+ mreply []byte
+ dstPfx []byte
+ checkReply = len(reply) > 0
+ )
+
+ sub := subPool.Get().(*subscription)
+
+ if subjectStartsWithGatewayReplyPrefix(subject) {
+ dstPfx = subject[:8]
+ }
+ for i := 0; i < len(gws); i++ {
+ gwc := gws[i]
+ if dstPfx != nil {
+ gwc.mu.Lock()
+ ok := bytes.Equal(dstPfx, gwc.gw.cfg.replyPfx)
+ gwc.mu.Unlock()
+ if !ok {
+ continue
+ }
+ } else {
+ qr := gwc.gatewayInterest(acc.Name, subj)
+ queues = queuesa[:0]
+ for i := 0; i < len(qr.qsubs); i++ {
+ qsubs := qr.qsubs[i]
+ queue := qsubs[0].queue
+ add := true
+ for _, qn := range qgroups {
+ if bytes.Equal(queue, qn) {
+ add = false
+ break
+ }
+ }
+ if add {
+ qgroups = append(qgroups, queue)
+ }
+ }
+ if len(queues) == 0 {
+ continue
+ }
+ }
+ if checkReply {
+ checkReply = false
+ mreply = reply
+ }
+ mh := c.msgb[:10]
+ mh = append(mh, subject...)
+ if len(queues) > 0 {
+ mh = append(mh, mreply...)
+ mh = append(mh, queues...)
+ }
+ sub.client = gwc
+ }
+ subPool.Put(sub)
+}
+
+func subjectStartsWithGatewayReplyPrefix(subj []byte) bool {
+ return len(subj) > 8 && string(subj[:4]) == "foob"
+}
+
+func (c *client) gatewayInterest(acc, subj string) *SublistResult {
+ ei, _ := c.gw.outsim.Load(acc)
+ var r *SublistResult
+ e := ei.(*outsie)
+ r = e.sl.Match(subj)
+ return r
+}
+
+func (s *Sublist) Match(subject string) *SublistResult {
+ return nil
+}
+

View File

@ -102,11 +102,11 @@
%endif %endif
%global go_api 1.13 %global go_api 1.13
%global go_version 1.13beta1 %global go_version 1.13rc1
Name: golang Name: golang
Version: 1.13 Version: 1.13
Release: 0.beta1.2%{?dist}.2 Release: 0.rc1.1%{?dist}
Summary: The Go Programming Language Summary: The Go Programming Language
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
License: BSD and Public Domain License: BSD and Public Domain
@ -184,8 +184,6 @@ Requires: go-srpm-macros
Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch Patch1: 0001-Don-t-use-the-bundled-tzdata-at-runtime-except-for-t.patch
Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch Patch2: 0002-syscall-expose-IfInfomsg.X__ifi_pad-on-s390x.patch
Patch3: 0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch Patch3: 0003-cmd-go-disable-Google-s-proxy-and-sumdb.patch
# https://github.com/golang/go/commit/8a317ebc0f50339628c003bf06107cd865406dd4
Patch4: aarch-ICE-fix.patch
# Having documentation separate was broken # Having documentation separate was broken
Obsoletes: %{name}-docs < 1.1-4 Obsoletes: %{name}-docs < 1.1-4
@ -312,7 +310,6 @@ Requires: %{name} = %{version}-%{release}
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
cp %{SOURCE1} ./src/runtime/ cp %{SOURCE1} ./src/runtime/
@ -551,6 +548,11 @@ fi
%endif %endif
%changelog %changelog
* Mon Aug 26 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.rc1.1
- Rebase to 1.13rc1
- Fix for CVE-2019-14809, CVE-2019-9514 and CVE-2019-9512
- Resolves: BZ#1741816, BZ#1741827 and BZ#1743131
* Thu Aug 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.2.2 * Thu Aug 01 2019 Jakub Čajka <jcajka@redhat.com> - 1.13-0.beta1.2.2
- Fix ICE affecting aarch64 - Fix ICE affecting aarch64
- Resolves: BZ#1735290 - Resolves: BZ#1735290

View File

@ -1 +1 @@
SHA512 (go1.13beta1.src.tar.gz) = 9388b881b91292e8c0229092319eb8a3d27249cbd48a2d7936311e9e371ebce8ad61d036a1afe01badbb864f2bb8238b1c51c0e24cf5a071ff8c2b5176b7c4f6 SHA512 (go1.13rc1.src.tar.gz) = 05619b580ed910a7ffbee7c1d90f3f6b71c1bc34decea575aa106786c9f4a0c794d20440bde9a6b2a774ca8a27361b1f550d094211c52325a1ef078c5779089b