Bug 722565

Summary: using page_count(pfn_to_page(pfn)) on a random pfn is unsafe
Product: Red Hat Enterprise Linux 6 Reporter: Andrea Arcangeli <aarcange>
Component: kernelAssignee: Andrea Arcangeli <aarcange>
Status: CLOSED ERRATA QA Contact: Caspar Zhang <czhang>
Severity: low Docs Contact:
Priority: medium    
Version: 6.2CC: czhang, qcai, tburke
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-2.6.32-171.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 13:52:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Andrea Arcangeli 2011-07-15 16:38:05 UTC
Description of problem: using page_count(pfn_to_page(pfn)) on a random pfn is unsafe

Version-Release number of selected component (if applicable): 6.0 6.1 6.2


How reproducible: not easily reproduced, the only report is here http://marc.info/?l=linux-mm&m=131069449929254&w=2


Steps to Reproduce:
1. heavy vm activity with significant split_huge_page load
2.
3.
  
Actual results: bad pointer dereference


Expected results: no crash


Additional info:

Comment 2 Andrea Arcangeli 2011-07-15 17:08:35 UTC
Fixes posted on rhkernel-list with Message-ID: <20110715170151.GB31225> and Message-ID: <20110715170721.GC31225>.

Comment 4 RHEL Program Management 2011-07-17 13:19:54 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 6 Kyle McMartin 2011-07-25 13:07:13 UTC
Patch(es) available on kernel-2.6.32-171.el6

Comment 12 errata-xmlrpc 2011-12-06 13:52:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html