| 1 | //===-- sanitizer_linux_s390.cpp ------------------------------------------===// |
|---|---|
| 2 | // |
| 3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
| 4 | // See https://llvm.org/LICENSE.txt for license information. |
| 5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
| 6 | // |
| 7 | //===----------------------------------------------------------------------===// |
| 8 | // |
| 9 | // This file is shared between AddressSanitizer and ThreadSanitizer |
| 10 | // run-time libraries and implements s390-linux-specific functions from |
| 11 | // sanitizer_libc.h. |
| 12 | //===----------------------------------------------------------------------===// |
| 13 | |
| 14 | #include "sanitizer_platform.h" |
| 15 | |
| 16 | #if SANITIZER_LINUX && SANITIZER_S390 |
| 17 | |
| 18 | # include <dlfcn.h> |
| 19 | # include <errno.h> |
| 20 | # include <sys/syscall.h> |
| 21 | # include <sys/utsname.h> |
| 22 | # include <unistd.h> |
| 23 | |
| 24 | # include "sanitizer_libc.h" |
| 25 | # include "sanitizer_linux.h" |
| 26 | |
| 27 | namespace __sanitizer { |
| 28 | |
| 29 | // --------------- sanitizer_libc.h |
| 30 | uptr internal_mmap(void *addr, uptr length, int prot, int flags, int fd, |
| 31 | u64 offset) { |
| 32 | struct s390_mmap_params { |
| 33 | unsigned long addr; |
| 34 | unsigned long length; |
| 35 | unsigned long prot; |
| 36 | unsigned long flags; |
| 37 | unsigned long fd; |
| 38 | unsigned long offset; |
| 39 | } params = { |
| 40 | (unsigned long)addr, (unsigned long)length, (unsigned long)prot, |
| 41 | (unsigned long)flags, (unsigned long)fd, |
| 42 | # ifdef __s390x__ |
| 43 | (unsigned long)offset, |
| 44 | # else |
| 45 | (unsigned long)(offset / 4096), |
| 46 | # endif |
| 47 | }; |
| 48 | # ifdef __s390x__ |
| 49 | return syscall(__NR_mmap, ¶ms); |
| 50 | # else |
| 51 | return syscall(__NR_mmap2, ¶ms); |
| 52 | # endif |
| 53 | } |
| 54 | |
| 55 | uptr internal_clone(int (*fn)(void *), void *child_stack, int flags, void *arg, |
| 56 | int *parent_tidptr, void *newtls, int *child_tidptr) { |
| 57 | if (!fn || !child_stack) { |
| 58 | errno = EINVAL; |
| 59 | return -1; |
| 60 | } |
| 61 | CHECK_EQ(0, (uptr)child_stack % 16); |
| 62 | // Minimum frame size. |
| 63 | # ifdef __s390x__ |
| 64 | child_stack = (char *)child_stack - 160; |
| 65 | # else |
| 66 | child_stack = (char *)child_stack - 96; |
| 67 | # endif |
| 68 | // Terminate unwind chain. |
| 69 | ((unsigned long *)child_stack)[0] = 0; |
| 70 | // And pass parameters. |
| 71 | ((unsigned long *)child_stack)[1] = (uptr)fn; |
| 72 | ((unsigned long *)child_stack)[2] = (uptr)arg; |
| 73 | register uptr res __asm__("r2"); |
| 74 | register void *__cstack __asm__("r2") = child_stack; |
| 75 | register long __flags __asm__("r3") = flags; |
| 76 | register int *__ptidptr __asm__("r4") = parent_tidptr; |
| 77 | register int *__ctidptr __asm__("r5") = child_tidptr; |
| 78 | register void *__newtls __asm__("r6") = newtls; |
| 79 | |
| 80 | __asm__ __volatile__( |
| 81 | /* Clone. */ |
| 82 | "svc %1\n" |
| 83 | |
| 84 | /* if (%r2 != 0) |
| 85 | * return; |
| 86 | */ |
| 87 | # ifdef __s390x__ |
| 88 | "cghi %%r2, 0\n" |
| 89 | # else |
| 90 | "chi %%r2, 0\n" |
| 91 | # endif |
| 92 | "jne 1f\n" |
| 93 | |
| 94 | /* Call "fn(arg)". */ |
| 95 | # ifdef __s390x__ |
| 96 | "lmg %%r1, %%r2, 8(%%r15)\n" |
| 97 | # else |
| 98 | "lm %%r1, %%r2, 4(%%r15)\n" |
| 99 | # endif |
| 100 | "basr %%r14, %%r1\n" |
| 101 | |
| 102 | /* Call _exit(%r2). */ |
| 103 | "svc %2\n" |
| 104 | |
| 105 | /* Return to parent. */ |
| 106 | "1:\n" |
| 107 | : "=r"(res) |
| 108 | : "i"(__NR_clone), "i"(__NR_exit), "r"(__cstack), "r"(__flags), |
| 109 | "r"(__ptidptr), "r"(__ctidptr), "r"(__newtls) |
| 110 | : "memory", "cc"); |
| 111 | if (res >= (uptr)-4095) { |
| 112 | errno = -res; |
| 113 | return -1; |
| 114 | } |
| 115 | return res; |
| 116 | } |
| 117 | |
| 118 | # if SANITIZER_S390_64 |
| 119 | static bool FixedCVE_2016_2143() { |
| 120 | // Try to determine if the running kernel has a fix for CVE-2016-2143, |
| 121 | // return false if in doubt (better safe than sorry). Distros may want to |
| 122 | // adjust this for their own kernels. |
| 123 | struct utsname buf; |
| 124 | unsigned int major, minor, patch = 0; |
| 125 | // This should never fail, but just in case... |
| 126 | if (internal_uname(&buf)) |
| 127 | return false; |
| 128 | const char *ptr = buf.release; |
| 129 | major = internal_simple_strtoll(ptr, &ptr, 10); |
| 130 | // At least first 2 should be matched. |
| 131 | if (ptr[0] != '.') |
| 132 | return false; |
| 133 | minor = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 134 | // Third is optional. |
| 135 | if (ptr[0] == '.') |
| 136 | patch = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 137 | if (major < 3) { |
| 138 | if (major == 2 && minor == 6 && patch == 32 && ptr[0] == '-' && |
| 139 | internal_strstr(ptr, ".el6")) { |
| 140 | // Check RHEL6 |
| 141 | int r1 = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 142 | if (r1 >= 657) // 2.6.32-657.el6 or later |
| 143 | return true; |
| 144 | if (r1 == 642 && ptr[0] == '.') { |
| 145 | int r2 = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 146 | if (r2 >= 9) // 2.6.32-642.9.1.el6 or later |
| 147 | return true; |
| 148 | } |
| 149 | } |
| 150 | // <3.0 is bad. |
| 151 | return false; |
| 152 | } else if (major == 3) { |
| 153 | // 3.2.79+ is OK. |
| 154 | if (minor == 2 && patch >= 79) |
| 155 | return true; |
| 156 | // 3.12.58+ is OK. |
| 157 | if (minor == 12 && patch >= 58) |
| 158 | return true; |
| 159 | if (minor == 10 && patch == 0 && ptr[0] == '-' && |
| 160 | internal_strstr(ptr, ".el7")) { |
| 161 | // Check RHEL7 |
| 162 | int r1 = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 163 | if (r1 >= 426) // 3.10.0-426.el7 or later |
| 164 | return true; |
| 165 | if (r1 == 327 && ptr[0] == '.') { |
| 166 | int r2 = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 167 | if (r2 >= 27) // 3.10.0-327.27.1.el7 or later |
| 168 | return true; |
| 169 | } |
| 170 | } |
| 171 | // Otherwise, bad. |
| 172 | return false; |
| 173 | } else if (major == 4) { |
| 174 | // 4.1.21+ is OK. |
| 175 | if (minor == 1 && patch >= 21) |
| 176 | return true; |
| 177 | // 4.4.6+ is OK. |
| 178 | if (minor == 4 && patch >= 6) |
| 179 | return true; |
| 180 | if (minor == 4 && patch == 0 && ptr[0] == '-' && |
| 181 | internal_strstr(buf.version, "Ubuntu")) { |
| 182 | // Check Ubuntu 16.04 |
| 183 | int r1 = internal_simple_strtoll(ptr + 1, &ptr, 10); |
| 184 | if (r1 >= 13) // 4.4.0-13 or later |
| 185 | return true; |
| 186 | } |
| 187 | // Otherwise, OK if 4.5+. |
| 188 | return minor >= 5; |
| 189 | } else { |
| 190 | // Linux 5 and up are fine. |
| 191 | return true; |
| 192 | } |
| 193 | } |
| 194 | |
| 195 | void AvoidCVE_2016_2143() { |
| 196 | // Older kernels are affected by CVE-2016-2143 - they will crash hard |
| 197 | // if someone uses 4-level page tables (ie. virtual addresses >= 4TB) |
| 198 | // and fork() in the same process. Unfortunately, sanitizers tend to |
| 199 | // require such addresses. Since this is very likely to crash the whole |
| 200 | // machine (sanitizers themselves use fork() for llvm-symbolizer, for one), |
| 201 | // abort the process at initialization instead. |
| 202 | if (FixedCVE_2016_2143()) |
| 203 | return; |
| 204 | if (GetEnv("SANITIZER_IGNORE_CVE_2016_2143")) |
| 205 | return; |
| 206 | Report( |
| 207 | "ERROR: Your kernel seems to be vulnerable to CVE-2016-2143. Using " |
| 208 | "ASan,\n" |
| 209 | "MSan, TSan, DFSan or LSan with such kernel can and will crash your\n" |
| 210 | "machine, or worse.\n" |
| 211 | "\n" |
| 212 | "If you are certain your kernel is not vulnerable (you have compiled it\n" |
| 213 | "yourself, or are using an unrecognized distribution kernel), you can\n" |
| 214 | "override this safety check by exporting SANITIZER_IGNORE_CVE_2016_2143\n" |
| 215 | "with any value.\n"); |
| 216 | Die(); |
| 217 | } |
| 218 | # endif |
| 219 | |
| 220 | } // namespace __sanitizer |
| 221 | |
| 222 | #endif // SANITIZER_LINUX && SANITIZER_S390 |
| 223 |
Generated on 2025-Jul-04 from project llvm_runtimes revision main-0ba59587f
Powered by 
Code Browser 2.1
Generator usage only permitted with license.