Bug 181938 - SIGBUS reading memory area marked as readable
SIGBUS reading memory area marked as readable
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Peter Martuccelli
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-02-17 15:31 EST by Tymm Twillman
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-19 14:47:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Program that gets a bus error where it shouldn't (937 bytes, text/plain)
2006-02-17 15:31 EST, Tymm Twillman
no flags Details

  None (edit)
Description Tymm Twillman 2006-02-17 15:31:19 EST
Initially found during kernel work (reading pages where access_ok indicates that
memory is readable but copy_from_user causes a bus error)... we're able to
replicate the problem even in user space; a process getting its list of pages
and reading a few bytes from each page in a readable range can hit a SIGBUS

Release: RHEL3 -- last tested on U6 (also found on U5)

How reproducible:

compile and run attached program (cc -o test ./test.c; ./test.c) -- must be
dynamically linked; it opens its maps and reads the list of mapped regions; for
each region that is marked readable it will print out the address of each page
in that region and print the first 8 bytes of that page.
Actual results:

[root@dhcp228 root]# ./test
0000000000400000-0000000000401000 r-xp 0000000000000000 03:02 295281     /root/test
0000000000400000 00010102464c457f
0000000000500000-0000000000501000 rw-p 0000000000000000 03:02 295281    
0000000000500000 00010102464c457f
0000002a95556000-0000002a9566b000 r-xp 0000000000000000 03:02 557078    
0000002a95556000 00010102464c457f
0000002a95557000 001147c00d0348d1
0000002a95558000 0f020011305a05f6
0000002a95559000 840f0008798041ff
0000002a9555a000 84fffffe9a850f01
0000002a9555b000 0348e2894c0000c9
0000002a9555c000 b70f4cffffff2095
0000002a9555d000 48fffffebde99b75
0000002a9555e000 000002040010d058
0000002a9555f000 ff7effe8f7894cd5
0000002a95560000 d989413934b60fdb
0000002a95561000 4c8b4cc389490000
0000002a95562000 5489488141290f91
0000002a95563000 8941fff883000028
0000002a95564000 244c450f4c323b4d
0000002a95565000 8948077400106934
0000002a95566000 31fffffeffe9f631
0000002a95567000 6e6f697372657620
0000002a95568000 4154554345584520
0000002a95569000 0000207962206465
0000002a9556a000 038f048e058d4606
0000002a9556b000 0000000000000000
0000002a9556c000 4728203a43434700
0000002a9556d000 00090002000004fd
0000002a9556e000 0000000000000107
0000002a9556f000 6967657465675f5f
Bus error

(always dies in /lib64/ld-2.3.2.so)

Expected results:

Application should not die; should go through all maps and complete successfully.

Additional info:

Seems to be same problem reported at
https://www.redhat.com/archives/amd64-list/2005-June/msg00000.html (and verified
that we also see that siginfo contains BUS_ADRERR)
Comment 1 Tymm Twillman 2006-02-17 15:31:20 EST
Created attachment 124832 [details]
Program that gets a bus error where it shouldn't
Comment 2 Red Hat Bugzilla 2007-03-18 18:38:05 EDT
User jparadis@redhat.com's account has been closed
Comment 3 RHEL Product and Program Management 2007-10-19 14:47:15 EDT
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.