From 2d030f51f811f4226c6a84edfced44cd1e579371 Mon Sep 17 00:00:00 2001
From: LoongT4o <tao.long@intel.com>
Date: Wed, 17 May 2023 19:31:31 -0700
Subject: [PATCH] Fix the JIT buffer relocation failure at the corner case
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Avoid missing possible candidates due to the large address range of the free segment.
Eg, 

48000000-49400000 r-xs 08000000 00:0f 39322841               segment1
7ffff2ec8000-7ffff2f49000 rw-p 00000000 00:00 0              segment2
7ffff6fae000-7ffff735c000 r-xp 00200000 08:02 11538515       /usr/local/sbin/php-fpm

original code will miss the opportunity between [7ffff2ec** - 7ffff2ec8000].

Fix issue #11265.

Signed-off-by: Long, Tao <tao.long@intel.com>
Signed-off-by: Dmitry Stogov <dmitrystogov@gmail.com>
---
 ext/opcache/shared_alloc_mmap.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ext/opcache/shared_alloc_mmap.c b/ext/opcache/shared_alloc_mmap.c
index 1414ef96149d0..ca492b122157d 100644
--- a/ext/opcache/shared_alloc_mmap.c
+++ b/ext/opcache/shared_alloc_mmap.c
@@ -67,8 +67,13 @@ static void *find_prefered_mmap_base(size_t requested_size)
 	while (fgets(buffer, MAXPATHLEN, f) && sscanf(buffer, "%lx-%lx", &start, &end) == 2) {
 		if ((uintptr_t)execute_ex >= start) {
 			/* the current segment lays before PHP .text segment or PHP .text segment itself */
+			/*Search for candidates at the end of the free segment near the .text segment
+			  to prevent candidates from being missed due to large hole*/
 			if (last_free_addr + requested_size <= start) {
-				last_candidate = last_free_addr;
+				last_candidate = ZEND_MM_ALIGNED_SIZE_EX(start - requested_size, huge_page_size);
+				if (last_candidate + requested_size > start) {
+					last_candidate -= huge_page_size;
+				}
 			}
 			if ((uintptr_t)execute_ex < end) {
 				/* the current segment is PHP .text segment itself */
@@ -117,7 +122,10 @@ static void *find_prefered_mmap_base(size_t requested_size)
 					if ((uintptr_t)execute_ex >= e_start) {
 						/* the current segment lays before PHP .text segment or PHP .text segment itself */
 						if (last_free_addr + requested_size <= e_start) {
-							last_candidate = last_free_addr;
+							last_candidate = ZEND_MM_ALIGNED_SIZE_EX(e_start - requested_size, huge_page_size);
+							if (last_candidate + requested_size > e_start) {
+								last_candidate -= huge_page_size;
+							}
 						}
 						if ((uintptr_t)execute_ex < e_end) {
 							/* the current segment is PHP .text segment itself */