On Wed, Jul 5, 2017 at 5:19 AM, Ben Hutchings <b...@decadent.org.uk> wrote: > On Tue, 2017-07-04 at 16:31 -0700, Linus Torvalds wrote: >> >> Can you find out where that is allocated? Perhaps a breakpoint on >> mmap, with a condition to catch that particular one? > > Found it, and it's now clear why only i386 is affected: > http://hg.openjdk.java.net/jdk8/jdk8/hotspot/file/tip/src/os/linux/vm/os_linux.cpp#l4852 > http://hg.openjdk.java.net/jdk8/jdk8/hotspot/file/tip/src/os_cpu/linux_x86/vm/os_linux_x86.cpp#l881
Thanks, good work. Well, good work on *your* part. I will try very hard to refrain from commenting too much on the f*cking stinking pile of sh*t that was exec-shield. But yes, I don't think we can sanely recognize this. The code clearly very intentionally does that mapping under the stack, and it's very intentionally not PROT_NONE, since it's meant to be both writable and executable. As I said earlier (and I see Michal Hocko suggested the same - sudden email flurry going on here), I think we need to basically allow people to set the stack gap per-process to something low. The good news is that this is probably specialized enough that we can just keep the defaults as "will break this one case, but we give people the tools to work around it". I hate doing that, but distros that still support 32-bit (which is apparently a shrinking number) can maybe hack the libreoffice launch scripts up? Linus