summaryrefslogtreecommitdiff
path: root/lib/msan/msan.cc
diff options
context:
space:
mode:
authorMarcin Koscielnicki <koriakin@0x04.net>2016-04-14 12:56:24 +0000
committerMarcin Koscielnicki <koriakin@0x04.net>2016-04-14 12:56:24 +0000
commit0f9d2c5fef1ad3d92f6153570477ada540056b58 (patch)
treec63ab20dc1615c1cc8647198e5b30d3316f0c25a /lib/msan/msan.cc
parent5cfe468b044eba18d668cc7ace45932f558a6d77 (diff)
[sanitizer] [SystemZ] Abort if the kernel might be vulnerable to CVE-2016-2143.
In short, CVE-2016-2143 will crash the machine if a process uses both >4TB virtual addresses and fork(). ASan, TSan, and MSan will, by necessity, map a sizable chunk of virtual address space, which is much larger than 4TB. Even worse, sanitizers will always use fork() for llvm-symbolizer when a bug is detected. Disable all three by aborting on process initialization if the running kernel version is not known to contain a fix. Unfortunately, there's no reliable way to detect the fix without crashing the kernel. So, we rely on whitelisting - I've included a list of upstream kernel versions that will work. In case someone uses a distribution kernel or applied the fix themselves, an override switch is also included. Differential Revision: http://reviews.llvm.org/D18915 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@266297 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/msan/msan.cc')
-rw-r--r--lib/msan/msan.cc7
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/msan/msan.cc b/lib/msan/msan.cc
index cecbfe06a..c65e999a1 100644
--- a/lib/msan/msan.cc
+++ b/lib/msan/msan.cc
@@ -22,6 +22,10 @@
#include "sanitizer_common/sanitizer_flags.h"
#include "sanitizer_common/sanitizer_flag_parser.h"
#include "sanitizer_common/sanitizer_libc.h"
+#if defined(__s390x__) && defined(__linux__)
+// For AvoidCVE_2016_2143.
+#include "sanitizer_common/sanitizer_linux.h"
+#endif
#include "sanitizer_common/sanitizer_procmaps.h"
#include "sanitizer_common/sanitizer_stacktrace.h"
#include "sanitizer_common/sanitizer_symbolizer.h"
@@ -375,6 +379,9 @@ void __msan_init() {
msan_init_is_running = 1;
SanitizerToolName = "MemorySanitizer";
+#if defined(__s390x__) && defined(__linux__)
+ AvoidCVE_2016_2143();
+#endif
InitTlsSize();
CacheBinaryName();