Commit ea7e0480a4b695d0aa6b3 ("MIPS: VDSO: Always map near top of user memory") set VDSO_RANDOMIZE_SIZE to 256MB for 64bit kernel. But take a look at arch/mips/mm/mmap.c we can see that MIN_GAP is 128MB, which means the mmap_base may be at (user_address_top - 128MB). This make the stack be surrounded by mmaped areas, then stack expanding fails and causes a segmentation fault. Therefore, VDSO_RANDOMIZE_SIZE should be less than MIN_GAP and this patch reduce it to 64MB.

By the way, not all VDSO_RANDOMIZE_SIZE can be used for vdso_base() randomization because VDSO need some room to locate itself (in this patch we reserve 64KB).

Cc: stable@vger.kernel.org Fixes: ea7e0480a4b695d0aa ("MIPS: VDSO: Always map near top of user memory") Signed-off-by: Huacai Chen chenhc@lemote.com --- arch/mips/include/asm/processor.h | 2 +- arch/mips/kernel/vdso.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h index 49d6046..c373eb6 100644 --- a/arch/mips/include/asm/processor.h +++ b/arch/mips/include/asm/processor.h @@ -81,7 +81,7 @@ extern unsigned int vced_count, vcei_count;

#endif

-#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_256M) +#define VDSO_RANDOMIZE_SIZE (TASK_IS_32BIT_ADDR ? SZ_1M : SZ_64M)

extern unsigned long mips_stack_top(void); #define STACK_TOP mips_stack_top() diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c index 48a9c6b..d6232d9 100644 --- a/arch/mips/kernel/vdso.c +++ b/arch/mips/kernel/vdso.c @@ -106,7 +106,7 @@ static unsigned long vdso_base(void) base = STACK_TOP + PAGE_SIZE;

if (current->flags & PF_RANDOMIZE) { - base += get_random_int() & (VDSO_RANDOMIZE_SIZE - 1); + base += get_random_int() & (VDSO_RANDOMIZE_SIZE - SZ_64K - 1); base = PAGE_ALIGN(base); }