DescriptionEugene Teo (Security Response)
2012-02-17 05:16:55 UTC
The issue is that the int3 handler uses a per CPU debug stack, and calls do_traps() with interrupts enabled but preemption disabled. Then a signal is sent to the current process, and the code that handles the signal grabs a spinlock. This spinlock becomes a mutex (sleeping lock) when CONFIG_PREEMPT_RT_FULL is enabled.
If there is contention on this lock then the task may schedule out. As the task is using a per CPU stack, and another task may come in and use the same stack, the stack can become corrupted and cause the kernel to panic.
Comment 4Eugene Teo (Security Response)
2012-02-20 16:51:07 UTC
Comment 10Eugene Teo (Security Response)
2012-03-27 08:06:26 UTC
Statement:
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html.