Bug 461038 - el4u5 pv guest user coredump crashing system
Summary: el4u5 pv guest user coredump crashing system
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel-xen
Version: 4.9
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Oleg Nesterov
QA Contact: Chao Ye
: 594531 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2008-09-03 15:58 UTC by Greg Marsden
Modified: 2018-11-14 18:36 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-02-16 16:02:28 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0263 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 4.9 kernel security and bug fix update 2011-02-16 15:14:55 UTC

Description Greg Marsden 2008-09-03 15:58:46 UTC
The system panicked during core dumping a faulting process.  The cause was
a wrong vsyscall page pointer from elf_core_dump for the el4u5 32bit pv
guest.  This patch resolves:

--- linux-2.6.9/include/asm-i386/elf.h.orig     2008-05-01 17:31:41.000000000
+++ linux-2.6.9/include/asm-i386/elf.h  2008-05-01 17:32:06.000000000 -0700
@@ -141,11 +141,7 @@
/* kernel-internal fixmap address: */
-#ifdef CONFIG_XEN
 #define __VSYSCALL_BASE        (__fix_to_virt(FIX_VSYSCALL))
 #define __VSYSCALL_EHDR        ((const struct elfhdr *) __VSYSCALL_BASE)

Comment 1 Tina Yang 2008-09-03 18:34:39 UTC
This is a workaround, minimum fix.  The problem is the page the __VSYSCALL_BASE points to in el4u5 XEN case doesn't seem to be ever set up.  It seems to me the intended logic is only half-implemented.  I did see however in el5, this part of the dump has been completely eliminated.  So, whichever is appropriate.

Comment 2 Guy Streeter 2008-12-03 18:43:00 UTC
I have a customer report of this same problem, solved by this patch.

Comment 4 Veaceslav Falico 2009-03-25 18:02:11 UTC
I also have a customer report of this same problem, solved by this patch. Customer asks for hotfix.

Comment 8 Chris Lalancette 2009-04-10 09:13:34 UTC
Can someone who is affected by this bug please let me know what the exact problem is, and if there is a way to reproduce it?  The patch in Comment #1 looks sane enough, but I don't have a good idea of the real problem, and I would like to verify myself if a reproducer is available.

Chris Lalancette

Comment 13 Vivek Goyal 2009-06-03 13:56:31 UTC
Committed in 89.2.EL

Comment 15 Paolo Bonzini 2010-10-06 14:20:03 UTC
*** Bug 594531 has been marked as a duplicate of this bug. ***

Comment 17 Chao Ye 2011-01-12 09:59:23 UTC
Verified with -95.EL:
I'm still alive, will sleep now
runtest.sh: line 20: 10904 Segmentation fault      (core dumped) sh PCD.sh
Success to core dump of process 10904

$ cat PCD.sh 

while true
    echo "I'm still alive, will sleep now"
    sleep 60

$ cat runtest.sh 

ulimit -c unlimited
sh PCD.sh &
ID=`ps aux | grep PCD | sed '/grep/d' | awk '{ print $2 }'`
kill -s 11 $ID
if [ -f core.$ID ]; then
    echo "Success to core dump of process $ID"
    rm -f core.$ID
    echo "Failed  to core dump of process $ID"

Change status to VERIFIED

Comment 18 errata-xmlrpc 2011-02-16 16:02:28 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.