Bug 227394 - CVE-2007-0006 spinlock cpu recursion
CVE-2007-0006 spinlock cpu recursion
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: David Howells
Brian Brock
:
: 227395 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-05 14:31 EST by devon kerr
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 2.6.19-1.2288.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-22 15:24:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
This is the error log of the spinlock recursion (4.71 KB, application/rtf)
2007-02-05 14:31 EST, devon kerr
no flags Details
Patch to fix the key serial no. collision problem (2.62 KB, patch)
2007-02-06 08:41 EST, David Howells
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Linux Kernel 7727 None None None Never

  None (edit)
Description devon kerr 2007-02-05 14:31:51 EST
Description of problem:
We would like to report an error we received from one of our web servers.  We
are hesitantly suggesting 
that this is a software issue:  we have an identical machine which has not
exhibited this error.  A line 
from the error log seems to provide some insight:

Dec 12 10:13:01 clio kernel:  <0>BUG: spinlock cpu recursion on CPU#1,
suexec/27413 (Not tainted)

the complete text of the error log has been attached

Version-Release number of selected component (if applicable):
Fedora Core 5; Linux Kernel 2.16.18-1.2239 for x86_64; Apache 2.2.3; php 5.1

How reproducible:
we have yet to reproduce this issue.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 devon kerr 2007-02-05 14:31:51 EST
Created attachment 147394 [details]
This is the error log of the spinlock recursion
Comment 2 Chuck Ebbert 2007-02-05 16:23:17 EST
*** Bug 227395 has been marked as a duplicate of this bug. ***
Comment 3 Chuck Ebbert 2007-02-05 17:08:50 EST
This is the real problem:
Unable to handle kernel NULL pointer dereference at 0000000000000010
RIP:  [<ffffffff80225942>] __rb_rotate_left+0x7/0x5b
PGD 3a828067 PUD 3d934067 PMD 0 
Oops: 0000 [1] SMP 
last sysfs file: /block/hdb/size\
CPU 1
Modules linked in: ipv6 nfs lockd fscache nfs_acl rfcomm l2cap bluetooth sunrpc
dm_mirror dm_mod video sbs i2c_ec i2c_core button battery asus_acpi ac lp
parport_pc parport sg tg3 ide_cd cdrom shpchp k8_edac edac_mc ohci_hcd
serio_raw floppy ehci_hcd pcspkr raid1 ext3 jbd sata_svw libata sd_mod
scsi_mod
Pid: 27406, comm: suexec Not tainted 2.6.18-1.2239.fc5 #1
RIP: 0010:[<ffffffff80225942>]  [<ffffffff80225942>] __rb_rotate_left+0x7/0x5b
RSP: 0018:ffff810151397df0  EFLAGS: 00010282\
RAX: ffff81005a1ded48 RBX: ffff810102505508 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff806de5e0 RDI: ffff810203166088
RBP: ffff810203166088 R08: ffff8102031668c8 R09: 0000000000000000
R10: 000000005e4ae5f3 R11: ffff810151397c70 R12: ffff810102505508
R13: ffff81005a1ded48 R14: ffffffff806de5e0 R15: 0000000000000026
FS:  00002aaaaaabb850(0000) GS:ffff810103c3b1c0(0000) knlGS: 00000000f7fee8d0
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000010 CR3: 00000000da38b000 CR4: 00000000000006e0
Process suexec (pid: 27406, threadinfo ffff810151396000, task ffff8101d7cf5080)
Stack:  ffffffff80212aff ffff81005a1ded40 ffff810102505518 0000000000000000
	ffff81005a1ded40 ffff810151397eb8 ffffffff80312779 0000000046f0a978
	0000000000000000 1f3f0000aa8adfff ffff8101d7cf5080 000003eaffffffff
Call Trace:
  [<ffffffff80212aff>] rb_insert_color+0xb2/0xda
  [<ffffffff80312779>] key_alloc+0x2b0/0x384
  [<ffffffff8031377b>] keyring_alloc+0x29/0x5f
  [<ffffffff80314ea2>] alloc_uid_keyring+0x3d/0xa6
  [<ffffffff80293a5c>] alloc_uid+0xa9/0x16f
  [<ffffffff802963d6>] set_user+0xf/0x97
  [<ffffffff80297b5c>] sys_setuid+0x7d/0x154
  [<ffffffff8025c00e>] system_call+0x7e/0x83
Code: 48 8b 51 10 49 83 e0 fc 48 85 d2 48 89 57 08 74 0c 48 8b 02
Comment 4 David Howells 2007-02-06 08:31:41 EST
Duplicate of http://bugzilla.kernel.org/show_bug.cgi?id=7727
Comment 5 David Howells 2007-02-06 08:41:11 EST
Created attachment 147464 [details]
Patch to fix the key serial no. collision problem

Note You need to log in before you can comment on or make changes to this bug.