From 163db04452fe399fec940a926733915e7cf90062 Mon Sep 17 00:00:00 2001
From: Ian Campbell <ian.campbell@docker.com>
Date: Thu, 24 Nov 2016 11:39:05 +0000
Subject: [PATCH] Check for LEGACY_VSYSCALL_* options

Chosing LEGACY_VSYSCALL_NONE (over NATIVE or EMULATE) will mean that binaries
using eglibc <= 2.13 will not run (segfault).

Fixes #28705.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
---
 contrib/check-config.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index 3a924d9de4..a6029e310e 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -222,6 +222,23 @@ echo 'Optional Features:'
 		echo "    $(wrap_color '(note that cgroup swap accounting is not enabled in your kernel config, you can enable it by setting boot option "swapaccount=1")' bold black)"
 	fi
 }
+{
+	if is_set LEGACY_VSYSCALL_NATIVE; then
+		echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled'
+	elif is_set LEGACY_VSYSCALL_EMULATE; then
+		echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled'
+	elif is_set LEGACY_VSYSCALL_NONE; then
+		echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NONE" 'enabled'
+		echo "    $(wrap_color '(containers using eglibc <= 2.13 will not work. Switch to' bold black)"
+		echo "    $(wrap_color ' "CONFIG_VSYSCALL_[NATIVE|EMULATE]" or use "vsyscall=[native|emulate]"' bold black)"
+		echo "    $(wrap_color ' on kernel command line. Note that this will disable ASLR for the,' bold black)"
+		echo "    $(wrap_color ' VDSO which may assist in exploiting security vulnerabilities.)' bold black)"
+	# else Older kernels (prior to 3dc33bd30f3e, released in v4.40-rc1) do
+	#      not have these LEGACY_VSYSCALL options and are effectively
+	#      LEGACY_VSYSCALL_EMULATE. Even older kernels are presumably
+	#      effectively LEGACY_VSYSCALL_NATIVE.
+	fi
+}
 
 if [ "$kernelMajor" -lt 4 ] || [ "$kernelMajor" -eq 4 -a "$kernelMinor" -le 5 ]; then
 	check_flags MEMCG_KMEM