1 //===-- sanitizer_linux_s390.cpp ------------------------------------------===//
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
9 // This file is shared between AddressSanitizer and ThreadSanitizer
10 // run-time libraries and implements s390-linux-specific functions from
12 //===----------------------------------------------------------------------===//
14 #include "sanitizer_platform.h"
16 #if SANITIZER_LINUX && SANITIZER_S390
20 #include <sys/syscall.h>
21 #include <sys/utsname.h>
24 #include "sanitizer_libc.h"
25 #include "sanitizer_linux.h"
27 namespace __sanitizer
{
29 // --------------- sanitizer_libc.h
30 uptr
internal_mmap(void *addr
, uptr length
, int prot
, int flags
, int fd
,
32 struct s390_mmap_params
{
41 (unsigned long)length
,
46 (unsigned long)offset
,
48 (unsigned long)(offset
/ 4096),
52 return syscall(__NR_mmap
, ¶ms
);
54 return syscall(__NR_mmap2
, ¶ms
);
58 uptr
internal_clone(int (*fn
)(void *), void *child_stack
, int flags
, void *arg
,
59 int *parent_tidptr
, void *newtls
, int *child_tidptr
) {
60 if (!fn
|| !child_stack
)
62 CHECK_EQ(0, (uptr
)child_stack
% 16);
63 // Minimum frame size.
65 child_stack
= (char *)child_stack
- 160;
67 child_stack
= (char *)child_stack
- 96;
69 // Terminate unwind chain.
70 ((unsigned long *)child_stack
)[0] = 0;
71 // And pass parameters.
72 ((unsigned long *)child_stack
)[1] = (uptr
)fn
;
73 ((unsigned long *)child_stack
)[2] = (uptr
)arg
;
74 register long res
__asm__("r2");
75 register void *__cstack
__asm__("r2") = child_stack
;
76 register int __flags
__asm__("r3") = flags
;
77 register int * __ptidptr
__asm__("r4") = parent_tidptr
;
78 register int * __ctidptr
__asm__("r5") = child_tidptr
;
79 register void * __newtls
__asm__("r6") = newtls
;
97 "lmg %%r1, %%r2, 8(%%r15)\n"
99 "lm %%r1, %%r2, 4(%%r15)\n"
103 /* Call _exit(%r2). */
106 /* Return to parent. */
109 : "i"(__NR_clone
), "i"(__NR_exit
),
119 #if SANITIZER_S390_64
120 static bool FixedCVE_2016_2143() {
121 // Try to determine if the running kernel has a fix for CVE-2016-2143,
122 // return false if in doubt (better safe than sorry). Distros may want to
123 // adjust this for their own kernels.
125 unsigned int major
, minor
, patch
= 0;
126 // This should never fail, but just in case...
127 if (internal_uname(&buf
))
129 const char *ptr
= buf
.release
;
130 major
= internal_simple_strtoll(ptr
, &ptr
, 10);
131 // At least first 2 should be matched.
134 minor
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
135 // Third is optional.
137 patch
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
139 if (major
== 2 && minor
== 6 && patch
== 32 && ptr
[0] == '-' &&
140 internal_strstr(ptr
, ".el6")) {
142 int r1
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
143 if (r1
>= 657) // 2.6.32-657.el6 or later
145 if (r1
== 642 && ptr
[0] == '.') {
146 int r2
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
147 if (r2
>= 9) // 2.6.32-642.9.1.el6 or later
153 } else if (major
== 3) {
155 if (minor
== 2 && patch
>= 79)
158 if (minor
== 12 && patch
>= 58)
160 if (minor
== 10 && patch
== 0 && ptr
[0] == '-' &&
161 internal_strstr(ptr
, ".el7")) {
163 int r1
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
164 if (r1
>= 426) // 3.10.0-426.el7 or later
166 if (r1
== 327 && ptr
[0] == '.') {
167 int r2
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
168 if (r2
>= 27) // 3.10.0-327.27.1.el7 or later
174 } else if (major
== 4) {
176 if (minor
== 1 && patch
>= 21)
179 if (minor
== 4 && patch
>= 6)
181 if (minor
== 4 && patch
== 0 && ptr
[0] == '-' &&
182 internal_strstr(buf
.version
, "Ubuntu")) {
183 // Check Ubuntu 16.04
184 int r1
= internal_simple_strtoll(ptr
+1, &ptr
, 10);
185 if (r1
>= 13) // 4.4.0-13 or later
188 // Otherwise, OK if 4.5+.
191 // Linux 5 and up are fine.
196 void AvoidCVE_2016_2143() {
197 // Older kernels are affected by CVE-2016-2143 - they will crash hard
198 // if someone uses 4-level page tables (ie. virtual addresses >= 4TB)
199 // and fork() in the same process. Unfortunately, sanitizers tend to
200 // require such addresses. Since this is very likely to crash the whole
201 // machine (sanitizers themselves use fork() for llvm-symbolizer, for one),
202 // abort the process at initialization instead.
203 if (FixedCVE_2016_2143())
205 if (GetEnv("SANITIZER_IGNORE_CVE_2016_2143"))
208 "ERROR: Your kernel seems to be vulnerable to CVE-2016-2143. Using ASan,\n"
209 "MSan, TSan, DFSan or LSan with such kernel can and will crash your\n"
210 "machine, or worse.\n"
212 "If you are certain your kernel is not vulnerable (you have compiled it\n"
213 "yourself, or are using an unrecognized distribution kernel), you can\n"
214 "override this safety check by exporting SANITIZER_IGNORE_CVE_2016_2143\n"
215 "with any value.\n");
220 } // namespace __sanitizer
222 #endif // SANITIZER_LINUX && SANITIZER_S390