Red Hat Bugzilla – Bug 186895
CVE-2006-1066 arch/x86_64/kernel/traps.c PTRACE_SINGLESTEP oops
Last modified: 2013-08-05 21:18:33 EDT
We found a problem with x86_64 kernels with preemption enabled, where having multiple tasks doing ptrace singlesteps around the same time will cause the system to 'oops'. The problem seems that a task can get preempted out of the do_debug() processing while it is running on the DEBUG_STACK stack. If another task on that same cpu then enters do_debug() and uses the same per-cpu DEBUG_STACK stack, the previous preempted tasks's stack contents can be corrupted, and the system will oops when the preempted task is context switched back in again. http://marc.theaimsgroup.com/?l=linux-kernel&m=113932292516359&w=2 This affects Linux kernel 2.6.16-rc2 and earlier. The CVE-2006-1066 speaks about an ia64 problem which seems wrong.
we only have a limited backport of voluntary preempt in rhel4, is that sufficient to trigger this ? The report reads more like this is CONFIG_PREEMPT related only, which would make it a non-problem on RHEL4.
I am not sure if this affects RHEL4 or not. Someone with deeper knowledge should take a look at it and then fix it or close this bug.
This definitely appears to be a bug only if CONFIG_PREEMPT is set, which it is not on RHEL4. On a stock RHEL4 kernel I ran the reproducer numerous times without incident. When I rebuilt the kernel with CONFIG_PREEMPT set it crashed the first time. Since this bug involves a feature we neither distribute nor support, I'm closing as WONTFIX.