Commit 20351317 authored by Ben Hutchings's avatar Ben Hutchings

[x86] Drop fix for #865303, which no longer affects Debian's OpenJDK

This workaround is no longer needed for Debian's OpenJDK packages:

* OpenJDK 7 is unfixed (bug #876068) but is not present in stretch or
  later suites
* OpenJDK 8 was fixed in unstable (bug #876051) and the fix was then
  included in a stretch security update
* OpenJDK 9 and later were fixed (bug #876069)

The workaround was never applied upstream and it also doesn't seem
like a good idea to have a Debian-specific VM quirk that weakens the
defence against Stack Clash.  Therefore drop it now rather than
including it in another release.
parent 7064a34f
linux (4.19.28-2) UNRELEASED; urgency=medium
* [x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
* [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK
-- Ben Hutchings <ben@decadent.org.uk> Tue, 12 Mar 2019 15:44:31 +0000
......
From: Ben Hutchings <ben@decadent.org.uk>
Date: Thu, 30 Nov 2017 00:29:18 +0000
Subject: mmap: Add an exception to the stack gap for Hotspot JVM compatibility
Bug-Debian: https://bugs.debian.org/865303
The Hotspot JVM can easily exhaust the default stack, and has a
SIGSEGV handler to cope with this by switching to a new stack segment.
However, on i386 it creates a single writable and executable page just
under the stack limit as a workaround for a bug in Exec Shield. That
together with the enlarged stack gap causes the SIGSEGV handler to be
triggered when the stack pointer is further away from the stack limit,
and it doesn't recognise this as being a stack overflow.
This specifically affects programs that use JNI. Hotspot doesn't
normally run Java code on the initial thread.
Reduce the effective stack guard gap on x86 if the previous vma is
a single page allocated as MAP_FIXED.
References: https://bugs.debian.org/865303
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
mm/mmap.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2328,6 +2328,16 @@ int expand_downwards(struct vm_area_struct *vma,
/* Check that both stack segments have the same anon_vma? */
if (prev && !(prev->vm_flags & VM_GROWSDOWN) &&
(prev->vm_flags & (VM_WRITE|VM_READ|VM_EXEC))) {
+ /*
+ * bwh: Reduce the stack guard gap if this looks like
+ * Hotspot JVM craziness - see Debian bug #865303
+ */
+ if (IS_ENABLED(CONFIG_X86) && (prev->vm_flags & VM_FIXED) &&
+ prev->vm_end - prev->vm_start == PAGE_SIZE) {
+ if (address - prev->vm_end <
+ min(stack_guard_gap, 4UL << PAGE_SHIFT))
+ return -ENOMEM;
+ } else
if (address - prev->vm_end < stack_guard_gap)
return -ENOMEM;
}
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 5 Jul 2017 13:32:43 +0100
Subject: mmap: Remember the MAP_FIXED flag as VM_FIXED
Since 4.15 there are no spare bits, but we can use VM_ARCH_1 as
VM_FIXED wil only be needed on x86.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
include/linux/mm.h | 1 +
include/linux/mman.h | 3 ++-
2 files changed, 3 insertions(+), 1 deletion(-)
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -201,6 +201,11 @@ extern unsigned int kobjsize(const void
#define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */
#define VM_SYNC 0x00800000 /* Synchronous page faults */
#define VM_ARCH_1 0x01000000 /* Architecture-specific flag */
+#ifdef CONFIG_X86
+#define VM_FIXED VM_ARCH_1 /* Allocated at fixed address */
+#else
+#define VM_FIXED 0
+#endif
#define VM_WIPEONFORK 0x02000000 /* Wipe VMA contents in child. */
#define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -131,7 +131,9 @@ calc_vm_flag_bits(unsigned long flags)
return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) |
_calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) |
_calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) |
- _calc_vm_trans(flags, MAP_SYNC, VM_SYNC );
+ _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) |
+ (VM_FIXED ?
+ _calc_vm_trans(flags, MAP_FIXED, VM_FIXED ) : 0);
}
unsigned long vm_commit_limit(void);
......@@ -69,8 +69,6 @@ bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch
bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
bugfix/x86/mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch
bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch
bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch
bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment