From 4b3ea2d776bfd5019fb1e944a8527f24434f81d3 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Fri, 10 Feb 2017 22:50:44 +0000 Subject: [PATCH] s390 CVE-2016-2143 whitelist for RHEL kernels Summary: This patch adds whitelist for RHEL6 and RHEL7 kernels that are known to have the CVE fixed. Reviewers: koriakin, kcc Reviewed By: kcc Subscribers: kubamracek Differential Revision: https://reviews.llvm.org/D29825 llvm-svn: 294799 --- .../sanitizer_common/sanitizer_linux_s390.cc | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_linux_s390.cc b/compiler-rt/lib/sanitizer_common/sanitizer_linux_s390.cc index 053fd174b2bf..c2b03b27e66c 100644 --- a/compiler-rt/lib/sanitizer_common/sanitizer_linux_s390.cc +++ b/compiler-rt/lib/sanitizer_common/sanitizer_linux_s390.cc @@ -136,6 +136,18 @@ static bool FixedCVE_2016_2143() { if (ptr[0] == '.') patch = internal_simple_strtoll(ptr+1, &ptr, 10); if (major < 3) { + if (major == 2 && minor == 6 && patch == 32 && ptr[0] == '-' && + internal_strstr(ptr, ".el6")) { + // Check RHEL6 + int r1 = internal_simple_strtoll(ptr+1, &ptr, 10); + if (r1 >= 657) // 2.6.32-657.el6 or later + return true; + if (r1 == 642 && ptr[0] == '.') { + int r2 = internal_simple_strtoll(ptr+1, &ptr, 10); + if (r2 >= 9) // 2.6.32-642.9.1.el6 or later + return true; + } + } // <3.0 is bad. return false; } else if (major == 3) { @@ -145,6 +157,18 @@ static bool FixedCVE_2016_2143() { // 3.12.58+ is OK. if (minor == 12 && patch >= 58) return true; + if (minor == 10 && patch == 0 && ptr[0] == '-' && + internal_strstr(ptr, ".el7")) { + // Check RHEL7 + int r1 = internal_simple_strtoll(ptr+1, &ptr, 10); + if (r1 >= 426) // 3.10.0-426.el7 or later + return true; + if (r1 == 327 && ptr[0] == '.') { + int r2 = internal_simple_strtoll(ptr+1, &ptr, 10); + if (r2 >= 27) // 3.10.0-327.27.1.el7 or later + return true; + } + } // Otherwise, bad. return false; } else if (major == 4) {