Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1289432

Summary: Unhandled Level1 translation fault in polkitd due to mozjs package
Product: Red Hat Enterprise Linux 7 Reporter: Radha Mohan Chintakuntla <mohun106>
Component: mozjs17Assignee: Colin Walters <walters>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.2CC: jcm, jfeeney, peter.newton, rric, walters
Target Milestone: rc   
Target Release: ---   
Hardware: aarch64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1242326 Environment:
Last Closed: 2016-04-12 17:53:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Radha Mohan Chintakuntla 2015-12-08 05:59:51 UTC 
+++ This bug was initially created as a clone of Bug #1242326 +++

Description of problem:
On Aarch64 systems with a VA bits of 48 the polkitd process crashes continuously due to an unhandled level 1 translation fault. On debugging we found that it is caused by the mozjs code.



Version-Release number of selected component (if applicable):
Fedora 21 for Aarch64

How reproducible:
Its easily reproducible on Cavium ThunderX platform.

Steps to Reproduce:
1. Just boot the F21 release for aarch64 and can be seen every time polkitd runs

Actual results:
Below is the crash.

====== cut here ========
unhandled level 1 translation fault (11) at 0x00000000, esr 0x92000045
pgd = ffff8003c3e3ba00
[00000000] *pgd=0000000000000000, *pud=0000000000000000

CPU: 0 PID: 1983 Comm: polkitd Not tainted 3.18.0 #1
task: ffff8003c3a60b00 ti: ffff8003c3ba0000 task.ti: ffff8003c3ba0000
PC is at 0xffff7a733f90
LR is at 0xffff7a733f74
pc : [<0000ffff7a733f90>] lr : [<0000ffff7a733f74>] pstate: 20000000
sp : 0000ffffe1ef0e60
x29: 0000ffffe1ef0e90 x28: 0000ffffb1acdc40 
x27: 0000ffffb1ad18e0 x26: 0000ffffb1acd720 
x25: 0000ffff7a9e2588 x24: 0000000000000000 
x23: 0000000000000000 x22: 0000ffffe1ef0f78 
x21: 0000ffffb1ad1840 x20: 0000000000800000 
x19: 0000ffff7a7a7e08 x18: 0000ffff7a363b4c 
x17: 0000ffff7a797b40 x16: 0000ffff7a40af0c 
x15: 00000000ffffffff x14: 0000ffff7ac0a000 
x13: 0000ffff7ac09000 x12: 0000ffffe1ef0ce0 
x11: 0000ffff7ac2a250 x10: 0000000002eb0939 
x9 : 0000000000000000 x8 : 0000000000000001 
x7 : ffffffffffffffff x6 : 0000ffffb1aca9f0 
x5 : 0000ffffb1aca9f0 x4 : 0000ffffb1aca9f0 
x3 : 0000ffff7a40b074 x2 : 0000ffff7a40b578 
x1 : 000000000000007b x0 : 0000000000000000 

====== end =========

Expected results:
It shouldn't crash.

Additional info:
The attached patch to the mozjs source fixes the problem. On aarch64 architecture the VA bit maximum is 48.

--- Additional comment from Jan Kurik on 2015-07-15 09:18:20 EDT ---

This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23

--- Additional comment from Peter Newton on 2015-08-18 18:53:00 EDT ---

I was interested in making mozjs17 work on an aarch64 system so I built the mozjs17 RPM with the patch above applied.  I can confirm that the RPM built and all of its tests passed on this aarch64 system with a 48b VA kernel.

However, I also built the RPM on a KVM/QEMU VM running Fedora 22 with stock Fedora 22 kernel which is configured with a 42b VA (see Documentation/arm64/memory.txt in kernel source).  In this case, the patch causes the RPM to fail its tests.

I think that JS::Value on 64b platforms uses 17b of tag and 47b of payload (punboxing) for pointers.  So, I am not sure that the patch is actually correct.

--- Additional comment from Radha Mohan Chintakuntla on 2015-08-19 00:30:58 EDT ---

Thanks for testing this out. I am not 100% aware of the mozjs code, so was looking for anyone who can tell if this patch is sufficient or not. Feel free to improve it to make it work on all combinations.
Comment 1 Jon Masters 2016-04-12 17:53:42 UTC 

*** This bug has been marked as a duplicate of bug 1324216 ***
Comment 2 Jon Masters 2016-04-12 17:55:58 UTC 
I have marked this bug as a duplicate of another requesting that we incorporate an upstream patch to address the erroneous use of more bits than permitted for tagged pointers in spidermonkey. This fix will be required for a later kernel change to a 48-bit VA, or for testing of upstream kernels with a 48-bit VA configured.