Bug 453053
Summary: | RHSA-2008:0508 linux-2.6.9-x86_64-copy_user-zero-tail.patch broken | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 4 | Reporter: | John Hawkes <jhawkes> | ||||||
Component: | kernel | Assignee: | Larry Woodman <lwoodman> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Martin Jenner <mjenner> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | urgent | ||||||||
Version: | 4.6 | CC: | dmair, eteo, fluo, jburke, khorenko, lwang, meissner, mstanichenko, qcai, rlerch, vgoyal, vmayatsk | ||||||
Target Milestone: | rc | Keywords: | ZStream | ||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-05-18 19:08:58 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 458752, 461297, 471015 | ||||||||
Attachments: |
|
Description
John Hawkes
2008-06-26 22:49:52 UTC
Created attachment 310399 [details]
Test program
Created attachment 310653 [details]
fix calculation of return value in case of fault in the byte copy loop
Thanks for report, John. Bug was identified and fixed. By the way, mmap() returns MAP_FAILED in case of error, not NULL. (In reply to comment #3) > Thanks for report, John. Bug was identified and fixed. > > By the way, mmap() returns MAP_FAILED in case of error, not NULL. True. The original LTP read02 test uses MAP_FAILED correctly. My small test program was a quick hack - at least it showed the problem. FYI: with this patch-to-the-patch in place, a dozen other LTP tests now fail: pwrite03 recvmsg01 semctl03 sendmsg01 setdomainname02 setgroups04 sockioctl101 write03 write05 writev01 writev02 writev05 I haven't examined these failures yet. I just wanted to give you a heads-up. Updating PM score. *** Bug 454865 has been marked as a duplicate of this bug. *** (In reply to comment #2) From my point of view this patch is not correct because it zeroises %rsi value but this is not the expected behavior in all cases. %rsi value in this context should contain the number of uncopied 8-byte blocks and the command below saves this value in %rsi register. ".Lc1e: movq %rcx,%rsi". So, we should zeroise %rsi value only if something was happened at ".Lc2" piece of code otherwise we should save %rsi content. The patch from #454865 seems to avoid this. Patch was applied, tested and posted to rhkernel-list ------------------------------------------------------------------------------ --- linux-2.6.9/arch/x86_64/lib/copy_user.S.orig 2008-07-31 11:52:34.000000000 -0400 +++ linux-2.6.9/arch/x86_64/lib/copy_user.S 2008-07-31 11:53:37.000000000 -0400 @@ -315,11 +315,14 @@ copy_user_generic_c: .Lc1e: movq %rcx,%rsi .Lc3: rep stosq -.Lc2e: movl %edx,%ecx +.Lc2ec: movl %edx,%ecx .Lc4: rep stosb .Lc3e: leaq (%rdx,%rsi,8),%rax ret + /* %rsi contains source address - clear it */ +.Lc2e: xorq %rsi,%rsi + jmp .Lc2ec .section __ex_table,"a" .align 8 ------------------------------------------------------------------------------- Larry Woodman Committed in 78.18.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/ I'm not set up to test RHEL4.8. But this testcase(read02) is included in syscalls test of LTP test(job 54944) with kernel 2.6.9-88.EL on machine gs-dl585g2-01.rhts.bos.redhat.com(x86_64), and the fix(linux-2.6.9-kernel-fix-copy_user-on-x86_64-for-read-of-8-byte.patch) was present in the source RPM. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1024.html The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |