Initially found during kernel work (reading pages where access_ok indicates that memory is readable but copy_from_user causes a bus error)... we're able to replicate the problem even in user space; a process getting its list of pages and reading a few bytes from each page in a readable range can hit a SIGBUS Release: RHEL3 -- last tested on U6 (also found on U5) How reproducible: compile and run attached program (cc -o test ./test.c; ./test.c) -- must be dynamically linked; it opens its maps and reads the list of mapped regions; for each region that is marked readable it will print out the address of each page in that region and print the first 8 bytes of that page. Actual results: [root@dhcp228 root]# ./test 0000000000400000-0000000000401000 r-xp 0000000000000000 03:02 295281 /root/test 0000000000400000 00010102464c457f 0000000000500000-0000000000501000 rw-p 0000000000000000 03:02 295281 /root/bdatetest 0000000000500000 00010102464c457f 0000002a95556000-0000002a9566b000 r-xp 0000000000000000 03:02 557078 /lib64/ld-2.3.2.so 0000002a95556000 00010102464c457f 0000002a95557000 001147c00d0348d1 0000002a95558000 0f020011305a05f6 0000002a95559000 840f0008798041ff 0000002a9555a000 84fffffe9a850f01 0000002a9555b000 0348e2894c0000c9 0000002a9555c000 b70f4cffffff2095 0000002a9555d000 48fffffebde99b75 0000002a9555e000 000002040010d058 0000002a9555f000 ff7effe8f7894cd5 0000002a95560000 d989413934b60fdb 0000002a95561000 4c8b4cc389490000 0000002a95562000 5489488141290f91 0000002a95563000 8941fff883000028 0000002a95564000 244c450f4c323b4d 0000002a95565000 8948077400106934 0000002a95566000 31fffffeffe9f631 0000002a95567000 6e6f697372657620 0000002a95568000 4154554345584520 0000002a95569000 0000207962206465 0000002a9556a000 038f048e058d4606 0000002a9556b000 0000000000000000 0000002a9556c000 4728203a43434700 0000002a9556d000 00090002000004fd 0000002a9556e000 0000000000000107 0000002a9556f000 6967657465675f5f Bus error (always dies in /lib64/ld-2.3.2.so) Expected results: Application should not die; should go through all maps and complete successfully. Additional info: Seems to be same problem reported at https://www.redhat.com/archives/amd64-list/2005-June/msg00000.html (and verified that we also see that siginfo contains BUS_ADRERR)
Created attachment 124832 [details] Program that gets a bus error where it shouldn't
User jparadis's account has been closed
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.