Bug 168217
| Summary: | CAN-2005-3108 [RHEL 4] ioremap_nocache causes panic, only on one motherboard, not on upstream 2.6.12.5 or later at least | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Issue Tracker <tao> | ||||||||||||||
| Component: | kernel | Assignee: | Jim Paradis <jparadis> | ||||||||||||||
| Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> | ||||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||||
| Priority: | medium | ||||||||||||||||
| Version: | 4.0 | CC: | error27, jbaron, mjc, peterm, tao | ||||||||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||||||||
| Target Release: | --- | ||||||||||||||||
| Hardware: | x86_64 | ||||||||||||||||
| OS: | Linux | ||||||||||||||||
| Whiteboard: | public=20050517,impact=moderate,source=cve | ||||||||||||||||
| Fixed In Version: | RHSA-2005-808 | Doc Type: | Bug Fix | ||||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||||
| Clone Of: | Environment: | ||||||||||||||||
| Last Closed: | 2005-10-27 15:07:56 UTC | Type: | --- | ||||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||||
| Documentation: | --- | CRM: | |||||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||||
| Embargoed: | |||||||||||||||||
| Attachments: |
|
||||||||||||||||
|
Description
Issue Tracker
2005-09-13 16:21:13 UTC
Created attachment 119264 [details]
fix for x86_64 iounmap
Can we have the customer test the above patch? The patch doesn't change
semantics of the the vmalloc routines, and should fix the issue. thanks.
Created attachment 119265 [details]
fix for x86_64 iounmap take #2
actually we don't need the tlb flush since its in the change__attr_addr routine
already.
Created attachment 119720 [details]
fix for x86_64 iounmap take #3
very similar to previous patch, but closer to upstream
*** Bug 170264 has been marked as a duplicate of this bug. *** This is basically the same as bug 160135. This bug: Unable to handle kernel paging request at 00000000000018f0 bug 160135: Unable to handle kernel paging request at 00000000000018f0 Is there no way pfn_to_page() could be modified to handle this kind of address? I'm just wonderring because I'm trying to figure out bug 168605 which seems related. should be fixed in -22.3.EL, see: http://people.redhat.com/~jbaron/rhel4/ mm/ioremap.c in Linux 2.6 on x86_64 systems allows local users to cause a denial of service or an information leak via an iremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist. fixed upstream in 2.6.12 http://linux.bkbits.net:8080/linux-2.6/cset@428a06d1t7yny15TW1vsHxmsfP9YPg An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-808.html |