[Bug 1052318] New: Crash expanding stack on ia32 w/recent kernels
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Bug ID: 1052318 Summary: Crash expanding stack on ia32 w/recent kernels Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: i686 OS: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Java Assignee: bnc-team-java@forge.provo.novell.com Reporter: mgorse@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 735335 --> http://bugzilla.suse.com/attachment.cgi?id=735335&action=edit Reproducer. I noticed this since libreoffice unit tests are failing on SLE-12. With a recent kernel (ie, 4.4.76-1), running the attached reproducer causes a crash (only on ia32), for openjdk 1.8 and 9 as well as 1.7. http://lkml.kernel.org/r/1499126133.2707.20.camel%40decadent.org.uk http://lkml.kernel.org/r/1499209315.2707.29.camel@decadent.org.uk https://marc.info/?l=linux-kernel&m=149925724902166&w=2 https://bugzilla.opensuse.org/show_bug.cgi?id=1045340#c46 If I remove the Exec Shield work-around, then the libreoffice unit tests pass again. Exec Shield appears not to be around anymore, so I think that we can just patch out the work-around for it in openSUSE. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Michael Gorse <mgorse@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1047714 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Michael Gorse <mgorse@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mgorse@suse.com Assignee|bnc-team-java@forge.provo.n |mgorse@suse.com |ovell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Michal Hocko <mhocko@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mhocko@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 http://bugzilla.suse.com/show_bug.cgi?id=1052318#c1 --- Comment #1 from Michal Hocko <mhocko@suse.com> --- (In reply to Michael Gorse from comment #0) [...]
If I remove the Exec Shield work-around, then the libreoffice unit tests pass again. Exec Shield appears not to be around anymore, so I think that we can just patch out the work-around for it in openSUSE.
I would rather see this addressed upstream. If there is still some use for this code then why not just use a regular mmap rather than placing it right under the stack? I think we should bring this upstream. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 http://bugzilla.suse.com/show_bug.cgi?id=1052318#c2 --- Comment #2 from Michael Gorse <mgorse@suse.com> --- It isn't clear to me exactly what should be pushed upstream; it is intentionally mapping a high address. Probably only needed for very old kernels. The original bug that added this code is here: https://bugs.openjdk.java.net/browse/JDK-8023956 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 http://bugzilla.suse.com/show_bug.cgi?id=1052318#c3 --- Comment #3 from Michal Hocko <mhocko@suse.com> --- (In reply to Michael Gorse from comment #2)
It isn't clear to me exactly what should be pushed upstream; it is intentionally mapping a high address. Probably only needed for very old kernels.
yes this seems to be the case. One potential way would be to map the exec above (higher address than) the stack base address. Or to cleanup/munmap the RWX mapping.
The original bug that added this code is here: https://bugs.openjdk.java.net/browse/JDK-8023956
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:5216:low | |maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:5216:low |ibs:running:5216:important |maint:planned:update | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 http://bugzilla.suse.com/show_bug.cgi?id=1052318#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2018:0005-1: An update that fixes 46 vulnerabilities is now available. Category: security (important) Bug References: 1049305,1049306,1049307,1049309,1049310,1049311,1049312,1049313,1049314,1049315,1049316,1049317,1049318,1049319,1049320,1049321,1049322,1049323,1049324,1049325,1049326,1049327,1049328,1049329,1049330,1049331,1049332,1052318,1064071,1064072,1064073,1064075,1064077,1064078,1064079,1064080,1064081,1064082,1064083,1064084,1064085,1064086 CVE References: CVE-2016-10165,CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843,CVE-2017-10053,CVE-2017-10067,CVE-2017-10074,CVE-2017-10081,CVE-2017-10086,CVE-2017-10087,CVE-2017-10089,CVE-2017-10090,CVE-2017-10096,CVE-2017-10101,CVE-2017-10102,CVE-2017-10105,CVE-2017-10107,CVE-2017-10108,CVE-2017-10109,CVE-2017-10110,CVE-2017-10111,CVE-2017-10114,CVE-2017-10115,CVE-2017-10116,CVE-2017-10118,CVE-2017-10125,CVE-2017-10135,CVE-2017-10176,CVE-2017-10193,CVE-2017-10198,CVE-2017-10243,CVE-2017-10274,CVE-2017-10281,CVE-2017-10285,CVE-2017-10295,CVE-2017-10345,CVE-2017-10346,CVE-2017-10347,CVE-2017-10348,CVE-2017-10349,CVE-2017-10350,CVE-2017-10355,CVE-2017-10356,CVE-2017-10357,CVE-2017-10388 Sources used: SUSE OpenStack Cloud 6 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server for SAP 12-SP1 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server for SAP 12 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server 12-SP3 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server 12-SP2 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server 12-SP1-LTSS (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Server 12-LTSS (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Desktop 12-SP3 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 SUSE Linux Enterprise Desktop 12-SP2 (src): java-1_7_0-openjdk-1.7.0.161-43.7.6 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:5216:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:7631:important -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 http://bugzilla.suse.com/show_bug.cgi?id=1052318#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2018:0042-1: An update that fixes 46 vulnerabilities is now available. Category: security (important) Bug References: 1049305,1049306,1049307,1049309,1049310,1049311,1049312,1049313,1049314,1049315,1049316,1049317,1049318,1049319,1049320,1049321,1049322,1049323,1049324,1049325,1049326,1049327,1049328,1049329,1049330,1049331,1049332,1052318,1064071,1064072,1064073,1064075,1064077,1064078,1064079,1064080,1064081,1064082,1064083,1064084,1064085,1064086 CVE References: CVE-2016-10165,CVE-2016-9840,CVE-2016-9841,CVE-2016-9842,CVE-2016-9843,CVE-2017-10053,CVE-2017-10067,CVE-2017-10074,CVE-2017-10081,CVE-2017-10086,CVE-2017-10087,CVE-2017-10089,CVE-2017-10090,CVE-2017-10096,CVE-2017-10101,CVE-2017-10102,CVE-2017-10105,CVE-2017-10107,CVE-2017-10108,CVE-2017-10109,CVE-2017-10110,CVE-2017-10111,CVE-2017-10114,CVE-2017-10115,CVE-2017-10116,CVE-2017-10118,CVE-2017-10125,CVE-2017-10135,CVE-2017-10176,CVE-2017-10193,CVE-2017-10198,CVE-2017-10243,CVE-2017-10274,CVE-2017-10281,CVE-2017-10285,CVE-2017-10295,CVE-2017-10345,CVE-2017-10346,CVE-2017-10347,CVE-2017-10348,CVE-2017-10349,CVE-2017-10350,CVE-2017-10355,CVE-2017-10356,CVE-2017-10357,CVE-2017-10388 Sources used: openSUSE Leap 42.3 (src): java-1_7_0-openjdk-1.7.0.161-45.1, java-1_7_0-openjdk-bootstrap-1.7.0.161-45.1 openSUSE Leap 42.2 (src): java-1_7_0-openjdk-1.7.0.161-42.6.1, java-1_7_0-openjdk-bootstrap-1.7.0.161-42.6.1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:7631:important | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052318 Lubos Kocman <lubos.kocman@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Java |Other -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com