před 8 roky · 7c01aa8df7
--- a/Makefile
+++ b/Makefile
@@ -243,6 +243,7 @@ ${KERNEL_SRC}/README ${KERNEL_CFG_ORG}: ${KERNEL_SRC_SUBMODULE} | submodules
 
				 	cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-9242-ipv6-fix-out-of-bound-writes-in-__ip6_append_data.patch
			
 
				 	cd ${KERNEL_SRC}; patch -p1 < ../pinctl-amd-ryzen-01-make-use-of-raw_spinlock-variants.patch
			
 
				 	cd ${KERNEL_SRC}; patch -p1 < ../pinctl-amd-ryzen-02-Use-regular-interrupt-instead-of-chained.patch
			
 
				+	cd ${KERNEL_SRC}; patch -p1 < ../mm-fix-new-crash-in-unmapped_area_topdown.patch
			
 
				 	sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
			
 
				 	touch $@
			
 
				 
			
--- a/mm-fix-new-crash-in-unmapped_area_topdown.patch
+++ b/mm-fix-new-crash-in-unmapped_area_topdown.patch
@@ -0,0 +1,54 @@
 
				+From f4cb767d76cf7ee72f97dd76f6cfa6c76a5edc89 Mon Sep 17 00:00:00 2001
			
 
				+From: Hugh Dickins <[email protected]>
			
 
				+Date: Tue, 20 Jun 2017 02:10:44 -0700
			
 
				+Subject: [PATCH] mm: fix new crash in unmapped_area_topdown()
			
 
				+MIME-Version: 1.0
			
 
				+Content-Type: text/plain; charset=UTF-8
			
 
				+Content-Transfer-Encoding: 8bit
			
 
				+
			
 
				+Trinity gets kernel BUG at mm/mmap.c:1963! in about 3 minutes of
			
 
				+mmap testing.  That's the VM_BUG_ON(gap_end < gap_start) at the
			
 
				+end of unmapped_area_topdown().  Linus points out how MAP_FIXED
			
 
				+(which does not have to respect our stack guard gap intentions)
			
 
				+could result in gap_end below gap_start there.  Fix that, and
			
 
				+the similar case in its alternative, unmapped_area().
			
 
				+
			
 
				+Cc: [email protected]
			
 
				+Fixes: 1be7107fbe18 ("mm: larger stack guard gap, between vmas")
			
 
				+Reported-by: Dave Jones <[email protected]>
			
 
				+Debugged-by: Linus Torvalds <[email protected]>
			
 
				+Signed-off-by: Hugh Dickins <[email protected]>
			
 
				+Acked-by: Michal Hocko <[email protected]>
			
 
				+Signed-off-by: Linus Torvalds <[email protected]>
			
 
				+Signed-off-by: Fabian Grünbichler <[email protected]>
			
 
				+---
			
 
				+ mm/mmap.c | 6 ++++--
			
 
				+ 1 file changed, 4 insertions(+), 2 deletions(-)
			
 
				+
			
 
				+diff --git a/mm/mmap.c b/mm/mmap.c
			
 
				+index 8e07976d5e47..290b77d9a01e 100644
			
 
				+--- a/mm/mmap.c
			
 
				++++ b/mm/mmap.c
			
 
				+@@ -1817,7 +1817,8 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
			
 
				+ 		/* Check if current node has a suitable gap */
			
 
				+ 		if (gap_start > high_limit)
			
 
				+ 			return -ENOMEM;
			
 
				+-		if (gap_end >= low_limit && gap_end - gap_start >= length)
			
 
				++		if (gap_end >= low_limit &&
			
 
				++		    gap_end > gap_start && gap_end - gap_start >= length)
			
 
				+ 			goto found;
			
 
				+ 
			
 
				+ 		/* Visit right subtree if it looks promising */
			
 
				+@@ -1920,7 +1921,8 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info)
			
 
				+ 		gap_end = vm_start_gap(vma);
			
 
				+ 		if (gap_end < low_limit)
			
 
				+ 			return -ENOMEM;
			
 
				+-		if (gap_start <= high_limit && gap_end - gap_start >= length)
			
 
				++		if (gap_start <= high_limit &&
			
 
				++		    gap_end > gap_start && gap_end - gap_start >= length)
			
 
				+ 			goto found;
			
 
				+ 
			
 
				+ 		/* Visit left subtree if it looks promising */
			
 
				+-- 
			
 
				+2.11.0
			
 
				+