Red Hat Bugzilla – Bug 186895
CVE-2006-1066 arch/x86_64/kernel/traps.c PTRACE_SINGLESTEP oops
Last modified: 2013-08-05 21:18:33 EDT
We found a problem with x86_64 kernels with preemption enabled, where having
multiple tasks doing ptrace singlesteps around the same time will cause the
system to 'oops'. The problem seems that a task can get preempted out of the
do_debug() processing while it is running on the DEBUG_STACK stack. If another
task on that same cpu then enters do_debug() and uses the same per-cpu
DEBUG_STACK stack, the previous preempted tasks's stack contents can be
corrupted, and the system will oops when the preempted task is context switched
back in again.
This affects Linux kernel 2.6.16-rc2 and earlier.
The CVE-2006-1066 speaks about an ia64 problem which seems wrong.
we only have a limited backport of voluntary preempt in rhel4, is that
sufficient to trigger this ? The report reads more like this is CONFIG_PREEMPT
related only, which would make it a non-problem on RHEL4.
I am not sure if this affects RHEL4 or not. Someone with deeper knowledge should
take a look at it and then fix it or close this bug.
This definitely appears to be a bug only if CONFIG_PREEMPT is set, which it is
not on RHEL4. On a stock RHEL4 kernel I ran the reproducer numerous times
without incident. When I rebuilt the kernel with CONFIG_PREEMPT set it crashed
the first time.
Since this bug involves a feature we neither distribute nor support, I'm closing