Bug 178083 - virt_to_page() randomly returns a bad page address
virt_to_page() randomly returns a bad page address
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Peter Martuccelli
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-17 14:03 EST by Tom Murphy
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-19 14:49:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Environment of test and bug (4.56 KB, text/plain)
2006-01-17 14:05 EST, Tom Murphy
no flags Details
Module for kernel (1.87 KB, application/octet-stream)
2006-01-17 14:05 EST, Tom Murphy
no flags Details
Driver test program (376 bytes, application/octet-stream)
2006-01-17 14:06 EST, Tom Murphy
no flags Details

  None (edit)
Description Tom Murphy 2006-01-17 14:03:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

Description of problem:
Our file system calls virt_to_page() and sometimes
gets back a bad page address.  The returned value is always
0x10001000028 smaller than expected.  If virt_to_page() is 
immediately called again with the same virtual address, the
correct page address is then returned.


Version-Release number of selected component (if applicable):
kernel-2.4.21-32.EL

How reproducible:
Always

Steps to Reproduce:
1) compile the attached module bug.c and load it
    # cc -c -O2 -D__KERNEL__ -I/lib/modules/`uname -r`/build/include -mcmodel=kernel -DMODULE bug.c
    # insmod bug.o

2) make a character device for the module
    # mknod foo c 250 0

3) compile the attached program doit.c
    # cc -o doit doit.c

4) run N+1 copies of doit, where N is the number of processors in the system
   For example, on a 2-proc system run:

   # ./doit &
   # ./doit &
   # ./doit &

Then watch for the following:
   bombed!
   ioctl: Invalid argument

When these output lines appear, look in /var/log/messages for statements 
similar to:

   bug_ioctl: bad  page 0000000000d0c4b8 for addr ffffffffa01e4140 retry 1
   bug_ioctl: good page 0000010001d0c4e0 for addr ffffffffa01e4140

The problem should occur within a few seconds of starting the test.


Actual Results:  1) compile the attached module bug.c and load it
    # cc -c -O2 -D__KERNEL__ -I/lib/modules/`uname -r`/build/include -mcmodel=kernel -DMODULE bug.c
    # insmod bug.o

2) make a character device for the module
    # mknod foo c 250 0

3) compile the attached program doit.c
    # cc -o doit doit.c

4) run N+1 copies of doit, where N is the number of processors in the system
   For example, on a 2-proc system run:

   # ./doit &
   # ./doit &
   # ./doit &

Then watch for the following:
   bombed!
   ioctl: Invalid argument

When these output lines appear, look in /var/log/messages for statements 
similar to:

   bug_ioctl: bad  page 0000000000d0c4b8 for addr ffffffffa01e4140 retry 1
   bug_ioctl: good page 0000010001d0c4e0 for addr ffffffffa01e4140

The problem should occur within a few seconds of starting the test.


Additional info:

This has been reproduced on 64-bit RHAS 3.0 update 6
and 64-bit RHAS 3.0 update 5 using x86_64 systems running the
unmodified SMP kernel.  The problem appears with both Intel EM64T Xeon
and AMD Opteron microprocessors.  (See attachment environ.txt for
specifics.)
Comment 1 Tom Murphy 2006-01-17 14:05:11 EST
Created attachment 123319 [details]
Environment of test and bug
Comment 2 Tom Murphy 2006-01-17 14:05:56 EST
Created attachment 123320 [details]
Module for kernel
Comment 3 Tom Murphy 2006-01-17 14:06:29 EST
Created attachment 123321 [details]
Driver test program
Comment 4 Red Hat Bugzilla 2007-03-18 18:37:17 EDT
User jparadis@redhat.com's account has been closed
Comment 5 RHEL Product and Program Management 2007-10-19 14:49:00 EDT
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.