Bug 127063 - mlock() gets stuck in get_user_pages/follow_page
mlock() gets stuck in get_user_pages/follow_page
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
s390 Linux
medium Severity high
: ---
: ---
Assigned To: Pete Zaitcev
Depends On:
Blocks: 116727
  Show dependency treegraph
Reported: 2004-07-01 06:12 EDT by Ingolf Salm
Modified: 2007-11-30 17:07 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-02 00:31:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
attachment contains patch for mlock problem (877 bytes, patch)
2004-07-01 06:29 EDT, Ingolf Salm
no flags Details | Diff
backport of 2.6 follow_page() to RHEL3 update 2 kernel (979 bytes, patch)
2004-07-01 09:26 EDT, Michael Holzheu
no flags Details | Diff
Testprogram to reproduce error (9.14 KB, text/plain)
2004-07-01 09:35 EDT, Michael Holzheu
no flags Details
Ernie/Rik version actually in -18.EL (1.83 KB, patch)
2004-07-26 14:14 EDT, Pete Zaitcev
no flags Details | Diff

  None (edit)
Description Ingolf Salm 2004-07-01 06:12:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Description of problem (LTC bugzilla 8210):

Description: kernel: mlock() gets stuck in get_user_pages/follow_page.
Symptom: Process doing mlock loops in the kernel with kernel locks 
Problem: set_pte/pte_mkdirty does not cause pte_dirty to return true, 
but the common mm code relies on it.
Solution: Set page dirty if required but don't loop on !pte_dirty().

The fix is urgently required to deploy an IBM system management 
product on RHEL 3

Version-Release number of selected component (if applicable):
RHEL 3 Update 2

How reproducible:

Steps to Reproduce:
1. via mlock() in system management application

Additional info:
Comment 1 Ingolf Salm 2004-07-01 06:29:34 EDT
Created attachment 101557 [details]
attachment contains patch for mlock problem
Comment 2 Pete Zaitcev 2004-07-01 07:33:50 EDT
This was reported by the audit people (EAL3 project?), the reproducer
is very simple:

#include <sys/mman.h>
#define SZ 8400896
main() {
        char *mem;
        mem = mmap(0, SZ, PROT_READ|PROT_WRITE,
                   MAP_SHARED|MAP_ANONYMOUS, -1, 0);
        mlock(mem, SZ);
        return 0;

The s390 and s390x break the same way.

The RHEL 4 Alpha (2.6 kernel) is not vulnerable.
Comment 4 Michael Holzheu 2004-07-01 09:26:25 EDT
Created attachment 101560 [details]
backport of 2.6 follow_page() to RHEL3 update 2 kernel
Comment 5 Michael Holzheu 2004-07-01 09:35:54 EDT
Created attachment 101561 [details]
Testprogram to reproduce error

Compile Testprogram with gcc -o testshm testshm.c -l pthread. Running this
program  on Redhat kernel without the follow_page() patch will trigger the
reported problem.
Comment 8 Pete Zaitcev 2004-07-14 14:23:25 EDT
A temporary %ifarch was floated as a fixup for my ineptitude...
Comment 11 Ernie Petrides 2004-07-22 03:13:34 EDT
A fix for this problem has just been committed to the RHEL3 U3
patch pool this evening (in kernel version 2.4.21-18.EL).
Comment 12 Pete Zaitcev 2004-07-26 14:14:44 EDT
Created attachment 102206 [details]
Ernie/Rik version actually in -18.EL

Martin Holzeu's patch didn't account for differences between
RHEL3 and 2.6, so we had to think about it. This is also safer
for other architectures like Itanium, pSeries, AMD64.
Comment 13 Pete Zaitcev 2004-07-26 14:15:49 EDT
[I am very sorry for the memory lapse about Michael Holzheu's name.]
Comment 14 Bob Johnson 2004-09-01 11:17:43 EDT
This is in U3.
Comment 15 John Flanagan 2004-09-02 00:31:53 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.