Bug 204286 - 4/4GB split issue in is_prefetch()
4/4GB split issue in is_prefetch()
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Zijlstra
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2006-08-28 05:46 EDT by Vasily Averin
Modified: 2014-08-11 01:40 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 12:01:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
this patch fixes 4/4GB split issue in is_prefetch() (748 bytes, patch)
2006-08-28 05:58 EDT, Vasily Averin
no flags Details | Diff

  None (edit)
Description Vasily Averin 2006-08-28 05:46:09 EDT
SWsoft Virtuozzo/OpenVZ Linux kernel team has found 4/4GB split related issue:
Recently we have investigated the cause of the node crashes on i686 kernel with
4/4Gb split patch running on AMD processor and found that it was page fault
inside tcp_v4_rcv() function on prefetchnta instruction.

According to Revision Guide for AMD Athlon 64 and AMD Opteron Processors, there
is AMD CPU errata #91 (Software Prefetches May Report A Page Fault). Linux
kernel have a workaround for this issue, do_page_fault() returns if EIP points
to prefetch instruction:

       if (is_prefetch(regs, address, error_code))

To read current opcode __is_prefetch() uses __get_user() function. It works well
on usual kernels however the problem is that 4/4G split patch requires to
set_fs(KERNEL_DS) in this case. Otherwise kernel reads this address from
userspace and does not found an according opcode, is_prefetch returns 0 and as
result it leads to a kernel panic.

Originally this issue was found on Virtuozzo/OpenVZ i686 enetrprise kernels,
however we believe it present in Red Hat hugemem kernels too.
Comment 1 Vasily Averin 2006-08-28 05:58:10 EDT
Created attachment 135031 [details]
this patch fixes 4/4GB split issue in is_prefetch()

this patch fixes 4/4GB split issue in is_prefetch()

Signed-off-by: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Vasily Averin <vvs@sw.ru>

SWsoft Virtuozzo/OpenVZ Linux kernel team
Comment 2 Vasily Averin 2006-10-03 03:07:16 EDT
We have found 4/4GB split related issue in is_prefetch(), could you please
comment it?
Comment 4 Jiri Pallich 2012-06-20 12:01:41 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.