Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 451622

Summary: incorrect user_CS will cause GP loop
Product: Red Hat Enterprise Linux 5 Reporter: Wei Kong <weikong>
Component: kernel-xenAssignee: Xen Maintainance List <xen-maint>
Status: CLOSED DUPLICATE QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: low    
Version: 5.1CC: clalance
Target Milestone: rc   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-09 22:09:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch for this bug none

Description Wei Kong 2008-06-16 09:13:59 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko)

Description of problem:
The follow code will cause GP loop, due to set_user_cs() doesn't
set the right segment limit when do execshield on xen.
Test code, Call Trace, dmesg as below.

int main()
{
        void *addr;
        int test=0;
        addr = 0xF67FFFFD; //0xF67FFFFC 0xF67FFFFD

        test = ((*(long *)addr) == 0)?1:2;  //GP loop
        return 0;
}

Call Trace:
 [<c0406017>] show_stack+0x20/0x25
 [<c052d7a9>] showacpu+0x27/0x32
 [<c040e83e>] smp_call_function_interrupt+0x2f/0x4d
 [<c04413fb>] handle_IRQ_event+0x27/0x51
 [<c04414b8>] __do_IRQ+0x93/0xe8
 [<c0406d9b>] do_IRQ+0x93/0xae
 [<c05410ad>] evtchn_do_upcall+0x64/0x9b
 [<c0405515>] hypervisor_callback+0x3d/0x48
 [<c0405a51>] check_lazy_exec_limit+0x219/0x22a
 [<c05fce0e>] do_general_protection+0x47/0x13b
 [<c0405515>] hypervisor_callback+0x3d/0x48
 [<c05fcdc7>] do_general_protection+0x0/0x13b
 [<c04054d3>] error_code+0x2b/0x30

dmesg:
kernel: #GPF fixup (0[seg:0]) at 080483c9, CPU#1.
kernel:  exec_limit: ffffffff, user_cs: 0000ffff/00cffb00, CPU_cs: 000067ff/00cffb00.


Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. run the test code in desciption
2.
3.

Actual Results:


Expected Results:


Additional info:

Comment 1 Wei Kong 2008-06-16 09:24:52 UTC
Created attachment 309473 [details]
Patch for this bug

Comment 2 Chris Lalancette 2008-12-09 22:09:47 UTC
This is a dup of private BZ 457093, so it will be in 5.3.  I'll close this as a dup.

Chris Lalancette

*** This bug has been marked as a duplicate of bug 457093 ***