Red Hat Bugzilla – Bug 127063
mlock() gets stuck in get_user_pages/follow_page
Last modified: 2007-11-30 17:07:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Description of problem (LTC bugzilla 8210):
Description: kernel: mlock() gets stuck in get_user_pages/follow_page.
Symptom: Process doing mlock loops in the kernel with kernel locks
Problem: set_pte/pte_mkdirty does not cause pte_dirty to return true,
but the common mm code relies on it.
Solution: Set page dirty if required but don't loop on !pte_dirty().
The fix is urgently required to deploy an IBM system management
product on RHEL 3
Version-Release number of selected component (if applicable):
RHEL 3 Update 2
Steps to Reproduce:
1. via mlock() in system management application
Created attachment 101557 [details]
attachment contains patch for mlock problem
This was reported by the audit people (EAL3 project?), the reproducer
is very simple:
#define SZ 8400896
mem = mmap(0, SZ, PROT_READ|PROT_WRITE,
MAP_SHARED|MAP_ANONYMOUS, -1, 0);
The s390 and s390x break the same way.
The RHEL 4 Alpha (2.6 kernel) is not vulnerable.
Created attachment 101560 [details]
backport of 2.6 follow_page() to RHEL3 update 2 kernel
Created attachment 101561 [details]
Testprogram to reproduce error
Compile Testprogram with gcc -o testshm testshm.c -l pthread. Running this
program on Redhat kernel without the follow_page() patch will trigger the
A temporary %ifarch was floated as a fixup for my ineptitude...
A fix for this problem has just been committed to the RHEL3 U3
patch pool this evening (in kernel version 2.4.21-18.EL).
Created attachment 102206 [details]
Ernie/Rik version actually in -18.EL
Martin Holzeu's patch didn't account for differences between
RHEL3 and 2.6, so we had to think about it. This is also safer
for other architectures like Itanium, pSeries, AMD64.
[I am very sorry for the memory lapse about Michael Holzheu's name.]
This is in U3.
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.