Bug 670797

Summary: panic in kfree() due to race condition in acpi_bus_receive_event() [rhel-5.6.z]
Product: Red Hat Enterprise Linux 5 Reporter: RHEL Program Management <pm-rhel>
Component: kernelAssignee: Jiri Pirko <jpirko>
Status: CLOSED ERRATA QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 5.5CC: anton, chtan, dhoward, jfeeney, jpirko, kzhang, lmcilroy, peterm, pm-eus, rkhan, yugzhang
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel-2.6.18-238.2.1.el5 Doc Type: Bug Fix
Doc Text:
Prior to this update, kernel panic occurred in the kfree() due to a race condition in the acpi_bus_receive_event() function. The acpi_bus_receive_event() function left the acpi_bus_event_list list attribute unlocked between checking it whether it was empty and calling the kfree() function on it. With this update, a check was added after the lock has been lifted in order to prevent the race and the calling of the kfree() function on an empty list.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-01 20:30:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 670373    
Bug Blocks:    

Description RHEL Program Management 2011-01-19 12:36:54 UTC 
This bug has been copied from bug #670373 and has been proposed
to be backported to 5.6 z-stream (EUS).
Comment 2 Jiri Pirko 2011-01-21 12:29:06 UTC 
in kernel-2.6.18-238.2.1.el5

linux-2.6-acpi-bus-check-if-list-is-empty-before-kfree-ing-it.patch
Comment 5 errata-xmlrpc 2011-03-01 20:30:22 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0303.html
Comment 6 Martin Prpič 2011-07-13 20:21:03 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update, kernel panic occurred in the kfree() due to a race condition in the acpi_bus_receive_event() function. The acpi_bus_receive_event() function left the acpi_bus_event_list list attribute unlocked between checking it whether it was empty and calling the kfree() function on it. With this update, a check was added after the lock has been lifted in order to prevent the race and the calling of the kfree() function on an empty list.