[x86] Drop fix for #865303, which no longer affects Debian's OpenJDK
This workaround is no longer needed for Debian's OpenJDK packages: * OpenJDK 7 is unfixed (bug #876068) but is not present in stretch or later suites * OpenJDK 8 was fixed in unstable (bug #876051) and the fix was then included in a stretch security update * OpenJDK 9 and later were fixed (bug #876069) The workaround was never applied upstream and it also doesn't seem like a good idea to have a Debian-specific VM quirk that weakens the defence against Stack Clash. Therefore drop it now rather than including it in another release.
This commit is contained in:
parent
7064a34f6e
commit
20351317dd
|
@ -1,6 +1,7 @@
|
||||||
linux (4.19.28-2) UNRELEASED; urgency=medium
|
linux (4.19.28-2) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* [x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
|
* [x86,alpha,m68k] binfmt: Disable BINFMT_AOUT, IA32_AOUT, OSF4_COMPAT
|
||||||
|
* [x86] Drop fix for #865303, which no longer affects Debian's OpenJDK
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Tue, 12 Mar 2019 15:44:31 +0000
|
-- Ben Hutchings <ben@decadent.org.uk> Tue, 12 Mar 2019 15:44:31 +0000
|
||||||
|
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Date: Thu, 30 Nov 2017 00:29:18 +0000
|
|
||||||
Subject: mmap: Add an exception to the stack gap for Hotspot JVM compatibility
|
|
||||||
Bug-Debian: https://bugs.debian.org/865303
|
|
||||||
|
|
||||||
The Hotspot JVM can easily exhaust the default stack, and has a
|
|
||||||
SIGSEGV handler to cope with this by switching to a new stack segment.
|
|
||||||
|
|
||||||
However, on i386 it creates a single writable and executable page just
|
|
||||||
under the stack limit as a workaround for a bug in Exec Shield. That
|
|
||||||
together with the enlarged stack gap causes the SIGSEGV handler to be
|
|
||||||
triggered when the stack pointer is further away from the stack limit,
|
|
||||||
and it doesn't recognise this as being a stack overflow.
|
|
||||||
|
|
||||||
This specifically affects programs that use JNI. Hotspot doesn't
|
|
||||||
normally run Java code on the initial thread.
|
|
||||||
|
|
||||||
Reduce the effective stack guard gap on x86 if the previous vma is
|
|
||||||
a single page allocated as MAP_FIXED.
|
|
||||||
|
|
||||||
References: https://bugs.debian.org/865303
|
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
---
|
|
||||||
mm/mmap.c | 10 ++++++++++
|
|
||||||
1 file changed, 10 insertions(+)
|
|
||||||
|
|
||||||
--- a/mm/mmap.c
|
|
||||||
+++ b/mm/mmap.c
|
|
||||||
@@ -2328,6 +2328,16 @@ int expand_downwards(struct vm_area_struct *vma,
|
|
||||||
/* Check that both stack segments have the same anon_vma? */
|
|
||||||
if (prev && !(prev->vm_flags & VM_GROWSDOWN) &&
|
|
||||||
(prev->vm_flags & (VM_WRITE|VM_READ|VM_EXEC))) {
|
|
||||||
+ /*
|
|
||||||
+ * bwh: Reduce the stack guard gap if this looks like
|
|
||||||
+ * Hotspot JVM craziness - see Debian bug #865303
|
|
||||||
+ */
|
|
||||||
+ if (IS_ENABLED(CONFIG_X86) && (prev->vm_flags & VM_FIXED) &&
|
|
||||||
+ prev->vm_end - prev->vm_start == PAGE_SIZE) {
|
|
||||||
+ if (address - prev->vm_end <
|
|
||||||
+ min(stack_guard_gap, 4UL << PAGE_SHIFT))
|
|
||||||
+ return -ENOMEM;
|
|
||||||
+ } else
|
|
||||||
if (address - prev->vm_end < stack_guard_gap)
|
|
||||||
return -ENOMEM;
|
|
||||||
}
|
|
|
@ -1,40 +0,0 @@
|
||||||
From: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
Date: Wed, 5 Jul 2017 13:32:43 +0100
|
|
||||||
Subject: mmap: Remember the MAP_FIXED flag as VM_FIXED
|
|
||||||
|
|
||||||
Since 4.15 there are no spare bits, but we can use VM_ARCH_1 as
|
|
||||||
VM_FIXED wil only be needed on x86.
|
|
||||||
|
|
||||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
||||||
---
|
|
||||||
include/linux/mm.h | 1 +
|
|
||||||
include/linux/mman.h | 3 ++-
|
|
||||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
--- a/include/linux/mm.h
|
|
||||||
+++ b/include/linux/mm.h
|
|
||||||
@@ -201,6 +201,11 @@ extern unsigned int kobjsize(const void
|
|
||||||
#define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */
|
|
||||||
#define VM_SYNC 0x00800000 /* Synchronous page faults */
|
|
||||||
#define VM_ARCH_1 0x01000000 /* Architecture-specific flag */
|
|
||||||
+#ifdef CONFIG_X86
|
|
||||||
+#define VM_FIXED VM_ARCH_1 /* Allocated at fixed address */
|
|
||||||
+#else
|
|
||||||
+#define VM_FIXED 0
|
|
||||||
+#endif
|
|
||||||
#define VM_WIPEONFORK 0x02000000 /* Wipe VMA contents in child. */
|
|
||||||
#define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */
|
|
||||||
|
|
||||||
--- a/include/linux/mman.h
|
|
||||||
+++ b/include/linux/mman.h
|
|
||||||
@@ -131,7 +131,9 @@ calc_vm_flag_bits(unsigned long flags)
|
|
||||||
return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) |
|
|
||||||
_calc_vm_trans(flags, MAP_DENYWRITE, VM_DENYWRITE ) |
|
|
||||||
_calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) |
|
|
||||||
- _calc_vm_trans(flags, MAP_SYNC, VM_SYNC );
|
|
||||||
+ _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) |
|
|
||||||
+ (VM_FIXED ?
|
|
||||||
+ _calc_vm_trans(flags, MAP_FIXED, VM_FIXED ) : 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
unsigned long vm_commit_limit(void);
|
|
|
@ -69,8 +69,6 @@ bugfix/x86/platform-x86-ideapad-laptop-add-ideapad-v510-15ikb-t.patch
|
||||||
bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch
|
bugfix/x86/platform-x86-ideapad-laptop-add-several-models-to-no.patch
|
||||||
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
|
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
|
||||||
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
|
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
|
||||||
bugfix/x86/mmap-remember-the-map_fixed-flag-as-vm_fixed.patch
|
|
||||||
bugfix/x86/mmap-add-an-exception-to-the-stack-gap-for-hotspot-jvm.patch
|
|
||||||
bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch
|
bugfix/powerpc/powerpc-lib-sstep-fix-building-for-powerpcspe.patch
|
||||||
bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch
|
bugfix/powerpc/powerpc-lib-makefile-don-t-pull-in-quad.o-for-32-bit.patch
|
||||||
bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
|
bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
|
||||||
|
|
Loading…
Reference in New Issue