Bug 458988 - Panic while using pci=use_crs for resource allocation
Panic while using pci=use_crs for resource allocation
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.2
x86_64 Linux
medium Severity medium
: rc
: ---
Assigned To: Prarit Bhargava
Martin Jenner
:
Depends On:
Blocks: 437533
  Show dependency treegraph
 
Reported: 2008-08-13 12:51 EDT by Daniel Yeisley
Modified: 2010-10-22 23:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 15:18:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Trace of the failed boot (23.32 KB, text/plain)
2008-08-13 12:51 EDT, Daniel Yeisley
no flags Details
i686 kernel with patch (13.99 MB, application/x-rpm)
2008-08-13 19:48 EDT, Prarit Bhargava
no flags Details
x86_64 rpm with patch (16.29 MB, application/x-rpm)
2008-08-13 19:49 EDT, Prarit Bhargava
no flags Details
Successful boot log (36.84 KB, text/plain)
2008-08-14 15:02 EDT, Daniel Yeisley
no flags Details
RHEL5 fix for this issue (1.02 KB, patch)
2008-08-15 10:15 EDT, Prarit Bhargava
no flags Details | Diff

  None (edit)
Description Daniel Yeisley 2008-08-13 12:51:40 EDT
Created attachment 314223 [details]
Trace of the failed boot

Description of problem:
I see a kernel panic when I boot with the pci=use_crs parameter.  There's no boundary checking done in setup_resource().  So it is possible to overrun the end of the array.

Version-Release number of selected component (if applicable):
RHEL 5.2

How reproducible:


Steps to Reproduce:
1.  Boot the system with pci=use_crs
2.
3.
  
Actual results:
Panic

Expected results:


Additional info:
I'm opening this bugzilla as requested in BZ 437529.

The link to the upstream patch that does the boundary checking is here:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d9befd2cdf65b1768b0d3078a65cc0ae9aa6412
Comment 2 Prarit Bhargava 2008-08-13 13:22:31 EDT
Dan, are you saying that the bounds checking patch will solve the panic?

P.
Comment 3 Daniel Yeisley 2008-08-13 13:30:13 EDT
(In reply to comment #2)
> Dan, are you saying that the bounds checking patch will solve the panic?
> P.

I believe that it will, but I haven't tested it applied to the RHEL kernel.  I tested the vanilla 2.6.26 kernel that contains that patch, and it booted just fine.  Although, the vanilla kernel also increased the size of the array from 8 to 16 so its less likely to run off the end.
Comment 4 Prarit Bhargava 2008-08-13 13:39:36 EDT
Dan,

I'm building x86_64 and i386 rpms with the boundary patch and that are based on build -104.el5.  I will attach them to this BZ when they make it through our build system.

I'll also look into increasing the size of the array -- no promises on increasing the size though as it might break kabi.

P.
Comment 5 Prarit Bhargava 2008-08-13 19:48:31 EDT
Created attachment 314271 [details]
i686 kernel with patch

Dan, please test.

Thanks,

P.
Comment 6 Prarit Bhargava 2008-08-13 19:49:41 EDT
Created attachment 314272 [details]
x86_64 rpm with patch

Dan, please test.

Thanks,

P.
Comment 7 Daniel Yeisley 2008-08-14 15:00:35 EDT
(In reply to comment #6)
> Created an attachment (id=314272) [details]
> x86_64 rpm with patch
> Dan, please test.
> Thanks,
> P.

The patched kernel looks good.  I'll attach a trace.
Comment 8 Daniel Yeisley 2008-08-14 15:02:14 EDT
Created attachment 314342 [details]
Successful boot log
Comment 9 Prarit Bhargava 2008-08-15 10:15:39 EDT
Created attachment 314390 [details]
RHEL5 fix for this issue
Comment 10 Don Zickus 2008-09-02 23:41:37 EDT
in kernel-2.6.18-107.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 13 Daniel Yeisley 2008-09-25 13:18:57 EDT
(In reply to comment #10)
> in kernel-2.6.18-107.el5
> You can download this test kernel from http://people.redhat.com/dzickus/el5

I didn't see -107 on there, but I tried -116 and it worked fine.
Comment 14 Issue Tracker 2008-11-05 13:49:43 EST
Waiting for Unisys to verify

Internal Status set to 'Waiting on Customer'

This event sent from IssueTracker by balkov 
 issue 199328
Comment 18 errata-xmlrpc 2009-01-20 15:18:46 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-0225.html

Note You need to log in before you can comment on or make changes to this bug.