[PATCH] D14014: Checker of proper vfork usage
Yury Gribov via cfe-commits
cfe-commits at lists.llvm.org
Fri Oct 23 02:12:52 PDT 2015
ygribov created this revision.
ygribov added reviewers: zaks.anna, dcoughlin, jordan_rose, krememek.
ygribov added a subscriber: cfe-commits.
ygribov set the repository for this revision to rL LLVM.
Hi all,
This checker verifies that vfork is used safely. Vforked process shared stack with parent process so it's range of actions is significantly limited (can't write variables, can't call functions not in whitelist, etc.).
The patch grew out of complicated 2-day debugging of production SW caused by well-known vfork bug in xtables (see http://lists.netfilter.org/pipermail/netfilter-buglog/2014-October/003280.html).
Is something like this interesting for upstream?
Repository:
rL LLVM
http://reviews.llvm.org/D14014
Files:
lib/StaticAnalyzer/Checkers/CMakeLists.txt
lib/StaticAnalyzer/Checkers/Checkers.td
lib/StaticAnalyzer/Checkers/VforkChecker.cpp
test/Analysis/Inputs/system-header-simulator.h
test/Analysis/vfork-1.c
test/Analysis/vfork-2.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D14014.38218.patch
Type: text/x-patch
Size: 12524 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20151023/e2945233/attachment.bin>
More information about the cfe-commits
mailing list