Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 240429 - RHEL5 Kernel crash when specifying mem= or highmem= kernel parameter
RHEL5 Kernel crash when specifying mem= or highmem= kernel parameter
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel-xen (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lalancette
Martin Jenner
: OtherQA, Reopened
Depends On:
Blocks: 240454 460955
  Show dependency treegraph
Reported: 2007-05-17 10:37 EDT by Chris Lalancette
Modified: 2018-10-19 22:52 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-02 04:40:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to fix mem= kernel parameter (2.98 KB, patch)
2007-05-17 10:40 EDT, Chris Lalancette
no flags Details | Diff
Patch to fix mem= kernel parameter (revised) (3.00 KB, patch)
2007-05-17 13:00 EDT, Chris Lalancette
no flags Details | Diff
Another version of the patch, that seems to work better for me (4.41 KB, patch)
2009-03-13 12:25 EDT, Chris Lalancette
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1243 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update 2009-09-01 04:53:34 EDT

  None (edit)
Description Chris Lalancette 2007-05-17 10:37:14 EDT
Description of problem:
When specifying mem= or highmem= on the kernel (not HV) command-line, the kernel
will crash fairly early on, in setup-xen.c.  The problem seems to be that the
initial setup code always assumes max_pfn >= xen_start_info->nr_pages.  When
specifying mem= on the kernel command-line, however, this is not the case, so
the setup code actually allocates the p2m table as the sizeof max_pfn, and then
attempts to copy sizeof xen_start_info->nr_pages, which overflows the table and
crashes the machine.

Note that this is a problem in upstream Xen, as well as in RHEL-4 PV.
Comment 1 Chris Lalancette 2007-05-17 10:40:55 EDT
Created attachment 154921 [details]
Patch to fix mem= kernel parameter

This is the patch I am currently testing to fix the problem when specifying
mem= on the kernel command-line.  Once I confirm it in my testing, I'll post it
to xen-devel.

Chris Lalancette
Comment 2 Chris Lalancette 2007-05-17 13:00:11 EDT
Created attachment 154933 [details]
Patch to fix mem= kernel parameter (revised)

Silly me; x86_64 uses end_pfn instead of max_pfn.  Let's try again.

Chris Lalancette
Comment 3 Chris Lalancette 2007-05-22 16:51:33 EDT
Patch posted upstream:


Chris Lalancette
Comment 4 Red Hat Bugzilla 2007-07-24 20:46:33 EDT
change QA contact
Comment 5 Chris Lalancette 2007-10-08 13:46:16 EDT
This was committed to xen-3.1-testing as c/s 15098.

Chris Lalancette
Comment 6 RHEL Product and Program Management 2008-02-01 17:41:46 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 7 Issue Tracker 2009-01-13 05:13:28 EST
May I ask the reason for this BZ being closed WONTFIX? Was this not
reproduced with 5.3rc? 

This event sent from IssueTracker by tumeya 
 issue 179378
Comment 8 Chris Lalancette 2009-01-13 05:18:01 EST
Oops.  I missed that there was an IT attached to this.  Basically, I hadn't seen any customer demand for it, so I thought it wasn't worth spending time on.  If there is an IT attached, though, I'll open it back up.

Chris Lalancette
Comment 12 Chris Lalancette 2009-03-13 12:25:12 EDT
Created attachment 335116 [details]
Another version of the patch, that seems to work better for me

Here's another version of the patch.  This one seems to fix the crashes on both i386 and x86_64 for me.  I've tested with an i386 PV guest, an x86_64 PV guest, and an x86_64 dom0; they all seem to do OK.  I still need to test with an i386 dom0, but once I've done that, we should be good to go.  This is essentially a backport of upstream xen-unstable c/s 15098, with two RHEL-specific tweaks.

Chris Lalancette
Comment 17 Don Zickus 2009-04-20 13:09:44 EDT
in kernel-2.6.18-140.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.
Comment 20 Chris Ward 2009-07-03 13:57:21 EDT
~~ Attention - RHEL 5.4 Beta Released! ~~

RHEL 5.4 Beta has been released! There should be a fix present in the Beta release that addresses this particular request. Please test and report back results here, at your earliest convenience. RHEL 5.4 General Availability release is just around the corner!

If you encounter any issues while testing Beta, please describe the issues you have encountered and set the bug into NEED_INFO. If you encounter new issues, please clone this bug to open a new issue and request it be reviewed for inclusion in RHEL 5.4 or a later update, if it is not of urgent severity.

Please do not flip the bug status to VERIFIED. Only post your verification results, and if available, update Verified field with the appropriate value.

Questions can be posted to this bug or your customer or partner representative.
Comment 24 errata-xmlrpc 2009-09-02 04:40:14 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.