[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel: Fix for CVE-2017-1000364 (mm: enlarge stack guard gap) breaks java application

Hi Stephan,

On Mon, Jun 26, 2017 at 02:32:59PM +0200, Stephan Seitz wrote:
> Hi!
> 
> The kernel fix for CVE-2017-1000364 (mm: enlarge stack guard gap) breaks
> java application (or at least some), see https://stackoverflow.com/questions/44719488/segmentation-fault-when-starting-jvm-using-jpype
> 
> You can change the stack guard gap via kernel parameter:
> 
> stack_guard_gap=	[MM]
> override the default stack gap protection. The value is in page units and it
> defines how many pages prior to (for stacks growing down) resp. after (for
> stacks growing up) the main stack are reserved for no other mapping. Default
> value is 256 pages.
> 
> What is the value to get the previous behaviour?

We issued a regression update:

https://lists.debian.org/debian-security-announce/2017/msg00160.html

To answer your question still, if you set the kernel parameter to
stack_guard_gap=1 this wuould effectively revert the fix for
CVE-2017-1000364.

Hope this helps?

Regards,
Salvatore
Reply to: