llvm: Fix CVE-2024-31852

(From OE-Core rev: c001e2af10d8afa13c8f50632a074c5a9a00d7bb) Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> 2024-07-30 05:15:13 -0700
committer: Steve Sakoman <steve@sakoman.com> 2024-08-05 06:02:01 -0700
commit: 2a6c675b9a5d141ccd13c977eb508434dd878575 (patch)
tree: b071470498ce99c2ba8671ae282e23a10eed97e0 /meta
parent: e13522777906f85a89f685e1c28e815c6a7508b0 (diff)
download: poky-2a6c675b9a5d141ccd13c977eb508434dd878575.tar.gz
3 files changed, 204 insertions, 0 deletions
diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
new file mode 100644
index 0000000000..7cf4a52715
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
@@ -0,0 +1,85 @@
+commit b1a5ee1febd8a903cec3dfdad61d57900dc3823e
+Author: Florian Hahn <flo@fhahn.com>
+Date:   Wed Dec 20 16:56:15 2023 +0100
+    [ARM] Check all terms in emitPopInst when clearing Restored for LR. (#75527)
+    
+    emitPopInst checks a single function exit MBB. If other paths also exit
+    the function and any of there terminators uses LR implicitly, it is not
+    save to clear the Restored bit.
+    
+    Check all terminators for the function before clearing Restored.
+    
+    This fixes a mis-compile in outlined-fn-may-clobber-lr-in-caller.ll
+    where the machine-outliner previously introduced BLs that clobbered LR
+    which in turn is used by the tail call return.
+    
+    Alternative to #73553
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/b1a5ee1febd8a903cec3dfdad61d57900dc3823e]
+CVE: CVE-2024-31852
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+index 025e43444f9c..a9acf338ebf5 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+@@ -1236,9 +1236,6 @@ void ARMFrameLowering::emitPopInst(MachineBasicBlock &MBB,
+         // Fold the return instruction into the LDM.
+         DeleteRet = true;
+         LdmOpc = AFI->isThumbFunction() ? ARM::t2LDMIA_RET : ARM::LDMIA_RET;
+-        // We 'restore' LR into PC so it is not live out of the return block:
+-        // Clear Restored bit.
+-        Info.setRestored(false);
+       }
+ 
+       // If NoGap is true, pop consecutive registers and then leave the rest
+@@ -2292,6 +2289,33 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
+   AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
+ }
+ 
+void ARMFrameLowering::processFunctionBeforeFrameFinalized(
+    MachineFunction &MF, RegScavenger *RS) const {
+  TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
+
+  MachineFrameInfo &MFI = MF.getFrameInfo();
+  if (!MFI.isCalleeSavedInfoValid())
+    return;
+
+  // Check if all terminators do not implicitly use LR. Then we can 'restore' LR
+  // into PC so it is not live out of the return block: Clear the Restored bit
+  // in that case.
+  for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
+    if (Info.getReg() != ARM::LR)
+      continue;
+    if (all_of(MF, [](const MachineBasicBlock &MBB) {
+          return all_of(MBB.terminators(), [](const MachineInstr &Term) {
+            return !Term.isReturn() || Term.getOpcode() == ARM::LDMIA_RET ||
+                   Term.getOpcode() == ARM::t2LDMIA_RET ||
+                   Term.getOpcode() == ARM::tPOP_RET;
+          });
+        })) {
+      Info.setRestored(false);
+      break;
+    }
+  }
+}
+
+ void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
+                                       BitVector &SavedRegs) const {
+   TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
+index 9822e2321bb4..266d642bb97b 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
+++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
+@@ -58,6 +58,9 @@ public:
+   void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
+                             RegScavenger *RS) const override;
+  void processFunctionBeforeFrameFinalized(
+                 MachineFunction &MF, RegScavenger *RS = nullptr) const override;
+
+   void adjustForSegmentedStacks(MachineFunction &MF,
+                                 MachineBasicBlock &MBB) const override;
diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
new file mode 100644
index 0000000000..b6082b0ef3
--- /dev/null
+++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
@@ -0,0 +1,117 @@
+commit 0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
+Author: ostannard <oliver.stannard@arm.com>
+Date:   Mon Feb 26 12:23:25 2024 +0000
+    [ARM] Update IsRestored for LR based on all returns (#82745)
+    
+    PR #75527 fixed ARMFrameLowering to set the IsRestored flag for LR based
+    on all of the return instructions in the function, not just one.
+    However, there is also code in ARMLoadStoreOptimizer which changes
+    return instructions, but it set IsRestored based on the one instruction
+    it changed, not the whole function.
+    
+    The fix is to factor out the code added in #75527, and also call it from
+    ARMLoadStoreOptimizer if it made a change to return instructions.
+    
+    Fixes #80287.
+    
+    (cherry picked from commit 749384c08e042739342c88b521c8ba5dac1b9276)
+Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2]
+CVE: CVE-2024-31852
+Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
+---
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+index a9acf338ebf5..13d3cbf650ed 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
+@@ -2289,10 +2289,7 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
+   AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
+ }
+ 
+-void ARMFrameLowering::processFunctionBeforeFrameFinalized(
+-    MachineFunction &MF, RegScavenger *RS) const {
+-  TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
+-
+void ARMFrameLowering::updateLRRestored(MachineFunction &MF) {
+   MachineFrameInfo &MFI = MF.getFrameInfo();
+   if (!MFI.isCalleeSavedInfoValid())
+     return;
+@@ -2316,6 +2313,12 @@ void ARMFrameLowering::processFunctionBeforeFrameFinalized(
+   }
+ }
+ 
+void ARMFrameLowering::processFunctionBeforeFrameFinalized(
+    MachineFunction &MF, RegScavenger *RS) const {
+  TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
+  updateLRRestored(MF);
+}
+
+ void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
+                                       BitVector &SavedRegs) const {
+   TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
+diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
+index 67505b61a5e1..b13b76d7086c 100644
+--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
+++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
+@@ -58,6 +58,10 @@ public:
+   void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
+                             RegScavenger *RS) const override;
+  /// Update the IsRestored flag on LR if it is spilled, based on the return
+  /// instructions.
+  static void updateLRRestored(MachineFunction &MF);
+
+   void processFunctionBeforeFrameFinalized(
+                  MachineFunction &MF, RegScavenger *RS = nullptr) const override;
+diff --git a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
+index fd06bfdf352c..561c1396190d 100644
+--- a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
+++ b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
+@@ -2060,17 +2060,6 @@ bool ARMLoadStoreOpt::MergeReturnIntoLDM(MachineBasicBlock &MBB) {
+       MO.setReg(ARM::PC);
+       PrevMI.copyImplicitOps(*MBB.getParent(), *MBBI);
+       MBB.erase(MBBI);
+-      // We now restore LR into PC so it is not live-out of the return block
+-      // anymore: Clear the CSI Restored bit.
+-      MachineFrameInfo &MFI = MBB.getParent()->getFrameInfo();
+-      // CSI should be fixed after PrologEpilog Insertion
+-      assert(MFI.isCalleeSavedInfoValid() && "CSI should be valid");
+-      for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
+-        if (Info.getReg() == ARM::LR) {
+-          Info.setRestored(false);
+-          break;
+-        }
+-      }
+       return true;
+     }
+   }
+@@ -2118,16 +2107,24 @@ bool ARMLoadStoreOpt::runOnMachineFunction(MachineFunction &Fn) {
+   isThumb2 = AFI->isThumb2Function();
+   isThumb1 = AFI->isThumbFunction() && !isThumb2;
+-  bool Modified = false;
+  bool Modified = false, ModifiedLDMReturn = false;
+   for (MachineFunction::iterator MFI = Fn.begin(), E = Fn.end(); MFI != E;
+        ++MFI) {
+     MachineBasicBlock &MBB = *MFI;
+     Modified |= LoadStoreMultipleOpti(MBB);
+     if (STI->hasV5TOps())
+-      Modified |= MergeReturnIntoLDM(MBB);
+      ModifiedLDMReturn |= MergeReturnIntoLDM(MBB);
+     if (isThumb1)
+       Modified |= CombineMovBx(MBB);
+   }
+  Modified |= ModifiedLDMReturn;
+
+  // If we merged a BX instruction into an LDM, we need to re-calculate whether
+  // LR is restored. This check needs to consider the whole function, not just
+  // the instruction(s) we changed, because there may be other BX returns which
+  // still need LR to be restored.
+  if (ModifiedLDMReturn)
+    ARMFrameLowering::updateLRRestored(Fn);
+   Allocator.DestroyAll();
+   return Modified;
diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb
index dbf1ff45d4..6c2e8a5570 100644
--- a/meta/recipes-devtools/llvm/llvm_git.bb
+++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -34,6 +34,8 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http
           file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
           file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \
           file://CVE-2023-46049.patch;striplevel=2 \
+           file://CVE-2024-31852-1.patch;striplevel=2 \
+           file://CVE-2024-31852-2.patch;striplevel=2 \
           "
 UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"
author	Deepthi Hemraj <Deepthi.Hemraj@windriver.com>	2024-07-30 05:15:13 -0700
committer	Steve Sakoman <steve@sakoman.com>	2024-08-05 06:02:01 -0700
commit	2a6c675b9a5d141ccd13c977eb508434dd878575 (patch)
tree	b071470498ce99c2ba8671ae282e23a10eed97e0 /meta
parent	e13522777906f85a89f685e1c28e815c6a7508b0 (diff)
download	poky-2a6c675b9a5d141ccd13c977eb508434dd878575.tar.gz

diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch new file mode 100644 index 0000000000..7cf4a52715 --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-1.patch
@@ -0,0 +1,85 @@
		1	commit b1a5ee1febd8a903cec3dfdad61d57900dc3823e
		2	Author: Florian Hahn <flo@fhahn.com>
		3	Date: Wed Dec 20 16:56:15 2023 +0100
		4
		5	[ARM] Check all terms in emitPopInst when clearing Restored for LR. (#75527)
		6
		7	emitPopInst checks a single function exit MBB. If other paths also exit
		8	the function and any of there terminators uses LR implicitly, it is not
		9	save to clear the Restored bit.
		10
		11	Check all terminators for the function before clearing Restored.
		12
		13	This fixes a mis-compile in outlined-fn-may-clobber-lr-in-caller.ll
		14	where the machine-outliner previously introduced BLs that clobbered LR
		15	which in turn is used by the tail call return.
		16
		17	Alternative to #73553
		18
		19	Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/b1a5ee1febd8a903cec3dfdad61d57900dc3823e]
		20	CVE: CVE-2024-31852
		21	Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
		22	---
		23	diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
		24	index 025e43444f9c..a9acf338ebf5 100644
		25	--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
		26	+++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
		27	@@ -1236,9 +1236,6 @@ void ARMFrameLowering::emitPopInst(MachineBasicBlock &MBB,
		28	// Fold the return instruction into the LDM.
		29	DeleteRet = true;
		30	LdmOpc = AFI->isThumbFunction() ? ARM::t2LDMIA_RET : ARM::LDMIA_RET;
		31	- // We 'restore' LR into PC so it is not live out of the return block:
		32	- // Clear Restored bit.
		33	- Info.setRestored(false);
		34	}
		35
		36	// If NoGap is true, pop consecutive registers and then leave the rest
		37	@@ -2292,6 +2289,33 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
		38	AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
		39	}
		40
		41	+void ARMFrameLowering::processFunctionBeforeFrameFinalized(
		42	+ MachineFunction &MF, RegScavenger *RS) const {
		43	+ TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
		44	+
		45	+ MachineFrameInfo &MFI = MF.getFrameInfo();
		46	+ if (!MFI.isCalleeSavedInfoValid())
		47	+ return;
		48	+
		49	+ // Check if all terminators do not implicitly use LR. Then we can 'restore' LR
		50	+ // into PC so it is not live out of the return block: Clear the Restored bit
		51	+ // in that case.
		52	+ for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
		53	+ if (Info.getReg() != ARM::LR)
		54	+ continue;
		55	+ if (all_of(MF, [](const MachineBasicBlock &MBB) {
		56	+ return all_of(MBB.terminators(), [](const MachineInstr &Term) {
		57	+ return !Term.isReturn() \|\| Term.getOpcode() == ARM::LDMIA_RET \|\|
		58	+ Term.getOpcode() == ARM::t2LDMIA_RET \|\|
		59	+ Term.getOpcode() == ARM::tPOP_RET;
		60	+ });
		61	+ })) {
		62	+ Info.setRestored(false);
		63	+ break;
		64	+ }
		65	+ }
		66	+}
		67	+
		68	void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
		69	BitVector &SavedRegs) const {
		70	TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
		71	diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
		72	index 9822e2321bb4..266d642bb97b 100644
		73	--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
		74	+++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
		75	@@ -58,6 +58,9 @@ public:
		76	void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
		77	RegScavenger *RS) const override;
		78
		79	+ void processFunctionBeforeFrameFinalized(
		80	+ MachineFunction &MF, RegScavenger *RS = nullptr) const override;
		81	+
		82	void adjustForSegmentedStacks(MachineFunction &MF,
		83	MachineBasicBlock &MBB) const override;
		84
		85


diff --git a/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch new file mode 100644 index 0000000000..b6082b0ef3 --- /dev/null +++ b/meta/recipes-devtools/llvm/llvm/CVE-2024-31852-2.patch
@@ -0,0 +1,117 @@
		1	commit 0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2
		2	Author: ostannard <oliver.stannard@arm.com>
		3	Date: Mon Feb 26 12:23:25 2024 +0000
		4
		5	[ARM] Update IsRestored for LR based on all returns (#82745)
		6
		7	PR #75527 fixed ARMFrameLowering to set the IsRestored flag for LR based
		8	on all of the return instructions in the function, not just one.
		9	However, there is also code in ARMLoadStoreOptimizer which changes
		10	return instructions, but it set IsRestored based on the one instruction
		11	it changed, not the whole function.
		12
		13	The fix is to factor out the code added in #75527, and also call it from
		14	ARMLoadStoreOptimizer if it made a change to return instructions.
		15
		16	Fixes #80287.
		17
		18	(cherry picked from commit 749384c08e042739342c88b521c8ba5dac1b9276)
		19
		20	Upstream-Status: Backport [https://github.com/llvm/llvm-project/commit/0e16af8e4cf3a66ad5d078d52744ae2776f9c4b2]
		21	CVE: CVE-2024-31852
		22	Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
		23	---
		24	diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.cpp b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
		25	index a9acf338ebf5..13d3cbf650ed 100644
		26	--- a/llvm/lib/Target/ARM/ARMFrameLowering.cpp
		27	+++ b/llvm/lib/Target/ARM/ARMFrameLowering.cpp
		28	@@ -2289,10 +2289,7 @@ void ARMFrameLowering::determineCalleeSaves(MachineFunction &MF,
		29	AFI->setLRIsSpilled(SavedRegs.test(ARM::LR));
		30	}
		31
		32	-void ARMFrameLowering::processFunctionBeforeFrameFinalized(
		33	- MachineFunction &MF, RegScavenger *RS) const {
		34	- TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
		35	-
		36	+void ARMFrameLowering::updateLRRestored(MachineFunction &MF) {
		37	MachineFrameInfo &MFI = MF.getFrameInfo();
		38	if (!MFI.isCalleeSavedInfoValid())
		39	return;
		40	@@ -2316,6 +2313,12 @@ void ARMFrameLowering::processFunctionBeforeFrameFinalized(
		41	}
		42	}
		43
		44	+void ARMFrameLowering::processFunctionBeforeFrameFinalized(
		45	+ MachineFunction &MF, RegScavenger *RS) const {
		46	+ TargetFrameLowering::processFunctionBeforeFrameFinalized(MF, RS);
		47	+ updateLRRestored(MF);
		48	+}
		49	+
		50	void ARMFrameLowering::getCalleeSaves(const MachineFunction &MF,
		51	BitVector &SavedRegs) const {
		52	TargetFrameLowering::getCalleeSaves(MF, SavedRegs);
		53	diff --git a/llvm/lib/Target/ARM/ARMFrameLowering.h b/llvm/lib/Target/ARM/ARMFrameLowering.h
		54	index 67505b61a5e1..b13b76d7086c 100644
		55	--- a/llvm/lib/Target/ARM/ARMFrameLowering.h
		56	+++ b/llvm/lib/Target/ARM/ARMFrameLowering.h
		57	@@ -58,6 +58,10 @@ public:
		58	void determineCalleeSaves(MachineFunction &MF, BitVector &SavedRegs,
		59	RegScavenger *RS) const override;
		60
		61	+ /// Update the IsRestored flag on LR if it is spilled, based on the return
		62	+ /// instructions.
		63	+ static void updateLRRestored(MachineFunction &MF);
		64	+
		65	void processFunctionBeforeFrameFinalized(
		66	MachineFunction &MF, RegScavenger *RS = nullptr) const override;
		67
		68	diff --git a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
		69	index fd06bfdf352c..561c1396190d 100644
		70	--- a/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
		71	+++ b/llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
		72	@@ -2060,17 +2060,6 @@ bool ARMLoadStoreOpt::MergeReturnIntoLDM(MachineBasicBlock &MBB) {
		73	MO.setReg(ARM::PC);
		74	PrevMI.copyImplicitOps(MBB.getParent(), MBBI);
		75	MBB.erase(MBBI);
		76	- // We now restore LR into PC so it is not live-out of the return block
		77	- // anymore: Clear the CSI Restored bit.
		78	- MachineFrameInfo &MFI = MBB.getParent()->getFrameInfo();
		79	- // CSI should be fixed after PrologEpilog Insertion
		80	- assert(MFI.isCalleeSavedInfoValid() && "CSI should be valid");
		81	- for (CalleeSavedInfo &Info : MFI.getCalleeSavedInfo()) {
		82	- if (Info.getReg() == ARM::LR) {
		83	- Info.setRestored(false);
		84	- break;
		85	- }
		86	- }
		87	return true;
		88	}
		89	}
		90	@@ -2118,16 +2107,24 @@ bool ARMLoadStoreOpt::runOnMachineFunction(MachineFunction &Fn) {
		91	isThumb2 = AFI->isThumb2Function();
		92	isThumb1 = AFI->isThumbFunction() && !isThumb2;
		93
		94	- bool Modified = false;
		95	+ bool Modified = false, ModifiedLDMReturn = false;
		96	for (MachineFunction::iterator MFI = Fn.begin(), E = Fn.end(); MFI != E;
		97	++MFI) {
		98	MachineBasicBlock &MBB = *MFI;
		99	Modified \|= LoadStoreMultipleOpti(MBB);
		100	if (STI->hasV5TOps())
		101	- Modified \|= MergeReturnIntoLDM(MBB);
		102	+ ModifiedLDMReturn \|= MergeReturnIntoLDM(MBB);
		103	if (isThumb1)
		104	Modified \|= CombineMovBx(MBB);
		105	}
		106	+ Modified \|= ModifiedLDMReturn;
		107	+
		108	+ // If we merged a BX instruction into an LDM, we need to re-calculate whether
		109	+ // LR is restored. This check needs to consider the whole function, not just
		110	+ // the instruction(s) we changed, because there may be other BX returns which
		111	+ // still need LR to be restored.
		112	+ if (ModifiedLDMReturn)
		113	+ ARMFrameLowering::updateLRRestored(Fn);
		114
		115	Allocator.DestroyAll();
		116	return Modified;
		117


diff --git a/meta/recipes-devtools/llvm/llvm_git.bb b/meta/recipes-devtools/llvm/llvm_git.bb index dbf1ff45d4..6c2e8a5570 100644 --- a/meta/recipes-devtools/llvm/llvm_git.bb +++ b/meta/recipes-devtools/llvm/llvm_git.bb
@@ -34,6 +34,8 @@ SRC_URI = "git://github.com/llvm/llvm-project.git;branch=${BRANCH};protocol=http
34	file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \	34	file://0001-AsmMatcherEmitter-sort-ClassInfo-lists-by-name-as-we.patch;striplevel=2 \
35	file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \	35	file://0001-Support-Add-missing-cstdint-header-to-Signals.h.patch;striplevel=2 \
36	file://CVE-2023-46049.patch;striplevel=2 \	36	file://CVE-2023-46049.patch;striplevel=2 \
		37	file://CVE-2024-31852-1.patch;striplevel=2 \
		38	file://CVE-2024-31852-2.patch;striplevel=2 \
37	"	39	"
38		40
39	UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"	41	UPSTREAM_CHECK_GITTAGREGEX = "llvmorg-(?P<pver>\d+(\.\d+)+)"