Bug 169294 - [RHEL3 U6] __copy_user/memcpy causes random kernel panic on IA-64 systems
Summary: [RHEL3 U6] __copy_user/memcpy causes random kernel panic on IA-64 systems
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel
Version: 3.0
Hardware: ia64
OS: Linux
Target Milestone: ---
Assignee: Geoff Gustafson
QA Contact: Brian Brock
Depends On:
Blocks: 168424
TreeView+ depends on / blocked
Reported: 2005-09-26 17:50 UTC by Issue Tracker
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Clone Of:
Last Closed: 2006-03-15 16:42:54 UTC

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0144 qe-ready SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 7 2006-03-15 05:00:00 UTC

Description Issue Tracker 2005-09-26 17:50:38 UTC
Escalated to Bugzilla from IssueTracker

Comment 7 Gary Case 2005-11-22 22:42:33 UTC
Reposting the patch publicly. 

Excerpt from ChangeLog-2.6.14-rc1:

When copying data from user-space to kernel-space by __copy_user(),
a page_not_present fault sometimes occurs at vmalloced kernel address
because of VHPT pre-fetching.

Ignore the page_not_present fault in ia64_do_page_fault() before
jumping into exception handlers.

diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c

file:a949a83e0dccbb34531dea37145fee9ab3ea6895 ->
--- a/arch/ia64/mm/fault.c
+++ b/arch/ia64/mm/fault.c
@@ -206,9 +206,6 @@ ia64_do_page_fault (unsigned long addres

-       if (done_with_exception(regs))
-               return;
        * Since we have no vma's for region 5, we might get here even if the
address is
        * valid, due to the VHPT walker inserting a non present translation that
@@ -219,6 +216,9 @@ ia64_do_page_fault (unsigned long addres
       if (REGION_NUMBER(address) == 5 && mapped_kernel_page_is_present(address))

+       if (done_with_exception(regs))
+               return;
        * Oops. The kernel tried to access some bad page. We'll have to
terminate things
        * with extreme prejudice.

Comment 12 Ernie Petrides 2005-11-28 23:44:43 UTC
In answer to comment #10, the fix is queued for the next U7 build, which
will probably occur tomorrow night.

Comment 13 Ernie Petrides 2005-11-30 07:38:08 UTC
A fix for this problem has just been committed to the RHEL3 U7
patch pool this evening (in kernel version 2.4.21-37.12.EL).

Comment 17 Red Hat Bugzilla 2006-03-15 16:42:54 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.