Escalated to Bugzilla from IssueTracker
Created attachment 119264 [details] fix for x86_64 iounmap Can we have the customer test the above patch? The patch doesn't change semantics of the the vmalloc routines, and should fix the issue. thanks.
Created attachment 119265 [details] fix for x86_64 iounmap take #2 actually we don't need the tlb flush since its in the change__attr_addr routine already.
Created attachment 119720 [details] fix for x86_64 iounmap take #3 very similar to previous patch, but closer to upstream
*** Bug 170264 has been marked as a duplicate of this bug. ***
This is basically the same as bug 160135. This bug: Unable to handle kernel paging request at 00000000000018f0 bug 160135: Unable to handle kernel paging request at 00000000000018f0 Is there no way pfn_to_page() could be modified to handle this kind of address? I'm just wonderring because I'm trying to figure out bug 168605 which seems related.
should be fixed in -22.3.EL, see: http://people.redhat.com/~jbaron/rhel4/
mm/ioremap.c in Linux 2.6 on x86_64 systems allows local users to cause a denial of service or an information leak via an iremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist. fixed upstream in 2.6.12 http://linux.bkbits.net:8080/linux-2.6/cset@428a06d1t7yny15TW1vsHxmsfP9YPg
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-808.html