This is an archive of the discontinued LLVM Phabricator instance.

s390 CVE-2016-2143 whitelist for RHEL kernels
ClosedPublic

Authored by jakubjelinek on Feb 10 2017, 5:31 AM.

Download Raw Diff

Details

Reviewers

kcc
• koriakin

Commits

rG4b3ea2d776bf: s390 CVE-2016-2143 whitelist for RHEL kernels
rCRT294799: s390 CVE-2016-2143 whitelist for RHEL kernels
rL294799: s390 CVE-2016-2143 whitelist for RHEL kernels

Summary

This patch adds whitelist for RHEL6 and RHEL7 kernels that are known to have the CVE fixed.

Diff Detail

Event Timeline

jakubjelinek created this revision.Feb 10 2017, 5:31 AM

Herald added a subscriber: kubamracek. · View Herald TranscriptFeb 10 2017, 5:31 AM

please upload patches with full context, otherwise they are harder to review
the patch does not seem to be properly indented
is it testable?
if you expect more patches to follow I encourage you to request LLVM commit access.

In D29825#674022, @kcc wrote:

please upload patches with full context, otherwise they are harder to review

Not sure what you mean by that. This was created with svn diff.

the patch does not seem to be properly indented

The patch uses tab characters which phabricators screws up. Are you avoiding tabs in the source?

is it testable?

Only by trying to run on the specific RHEL kernels. It is as testable as all the other cases in the list, I bet you have only one kernel installed on the bot, there are many cases in the function already.

if you expect more patches to follow I encourage you to request LLVM commit access.

This is the last patch for now.

Not sure what you mean by that. This was created with svn diff.

svn diff gives very little context. I guess you can do "svn diff --diff-cmd=diff -x -U1000" os something like this.
I use 'arc diff' which does all that for me. http://llvm.org/docs/Phabricator.html#requesting-a-review-via-the-command-line

Are you avoiding tabs in the source?

Yes.

jakubjelinek updated this revision to Diff 88060.Feb 10 2017, 2:53 PM

LGTM

This revision is now accepted and ready to land.Feb 10 2017, 3:00 PM

kcc closed this revision.Feb 10 2017, 3:02 PM

Revision Contents

Path

Size

lib/

sanitizer_common/

sanitizer_linux_s390.cc

24 lines

Diff 88060

lib/sanitizer_common/sanitizer_linux_s390.cc

Show First 20 Lines • Show All 130 Lines • ▼ Show 20 Lines	static bool FixedCVE_2016_2143() {
// At least first 2 should be matched.		// At least first 2 should be matched.
if (ptr[0] != '.')		if (ptr[0] != '.')
return false;		return false;
minor = internal_simple_strtoll(ptr+1, &ptr, 10);		minor = internal_simple_strtoll(ptr+1, &ptr, 10);
// Third is optional.		// Third is optional.
if (ptr[0] == '.')		if (ptr[0] == '.')
patch = internal_simple_strtoll(ptr+1, &ptr, 10);		patch = internal_simple_strtoll(ptr+1, &ptr, 10);
if (major < 3) {		if (major < 3) {
		if (major == 2 && minor == 6 && patch == 32 && ptr[0] == '-' &&
		internal_strstr(ptr, ".el6")) {
		// Check RHEL6
		int r1 = internal_simple_strtoll(ptr+1, &ptr, 10);
		if (r1 >= 657) // 2.6.32-657.el6 or later
		return true;
		if (r1 == 642 && ptr[0] == '.') {
		int r2 = internal_simple_strtoll(ptr+1, &ptr, 10);
		if (r2 >= 9) // 2.6.32-642.9.1.el6 or later
		return true;
		}
		}
// <3.0 is bad.		// <3.0 is bad.
return false;		return false;
} else if (major == 3) {		} else if (major == 3) {
// 3.2.79+ is OK.		// 3.2.79+ is OK.
if (minor == 2 && patch >= 79)		if (minor == 2 && patch >= 79)
return true;		return true;
// 3.12.58+ is OK.		// 3.12.58+ is OK.
if (minor == 12 && patch >= 58)		if (minor == 12 && patch >= 58)
return true;		return true;
		if (minor == 10 && patch == 0 && ptr[0] == '-' &&
		internal_strstr(ptr, ".el7")) {
		// Check RHEL7
		int r1 = internal_simple_strtoll(ptr+1, &ptr, 10);
		if (r1 >= 426) // 3.10.0-426.el7 or later
		return true;
		if (r1 == 327 && ptr[0] == '.') {
		int r2 = internal_simple_strtoll(ptr+1, &ptr, 10);
		if (r2 >= 27) // 3.10.0-327.27.1.el7 or later
		return true;
		}
		}
// Otherwise, bad.		// Otherwise, bad.
return false;		return false;
} else if (major == 4) {		} else if (major == 4) {
// 4.1.21+ is OK.		// 4.1.21+ is OK.
if (minor == 1 && patch >= 21)		if (minor == 1 && patch >= 21)
return true;		return true;
// 4.4.6+ is OK.		// 4.4.6+ is OK.
if (minor == 4 && patch >= 6)		if (minor == 4 && patch >= 6)
Show All 36 Lines