493088 – Kprobes bugfixes backport from 2.6.29

Bug 493088 - Kprobes bugfixes backport from 2.6.29

Summary: Kprobes bugfixes backport from 2.6.29

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	5.4
Hardware:	i386
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Masami Hiramatsu
QA Contact:	Red Hat Kernel QE team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	329781
TreeView+	depends on / blocked

Reported:	2009-03-31 15:33 UTC by Masami Hiramatsu
Modified:	2009-09-03 14:17 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-02 08:31:37 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
[RHEL5.4][PATCH] prevent boosting kprobes on exception address (2.23 KB, patch) 2009-04-20 19:23 UTC, Masami Hiramatsu	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2009:1243	0	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 5.4 kernel security and bug fix update	2009-09-01 08:53:34 UTC

Description Masami Hiramatsu 2009-03-31 15:33:09 UTC

Description of problem:

Below two kprobes bugfix patches should be backported from 2.6.29.
Both of them is possible to cause critical kernel panic on x86-32.

---
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=30390880debce4a68fd23e87a787f27609e4bf4a

prevent boosting kprobes on exception address

Don't boost at the addresses which are listed on exception tables,
because major page fault will occur on those addresses.  In that case,
kprobes can not ensure that when instruction buffer can be freed since
some processes will sleep on the buffer.

kprobes-ia64 already has same check.
---
And
---
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9be260a646bf76fa418ee519afa10196b3164681

prevent kprobes from catching spurious page faults

Prevent kprobes from catching spurious faults which will cause infinite
recursive page-fault and memory corruption by stack overflow.
---

Version-Release number of selected component (if applicable):
RHEL5.4

Comment 1 Masami Hiramatsu 2009-04-16 20:40:43 UTC

Sorry, 

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9be260a646bf76fa418ee519afa10196b3164681

is not needed to apply. It seems already fixed on RHEL5.3. Thanks,

Comment 2 Masami Hiramatsu 2009-04-20 19:23:57 UTC

Created attachment 340412 [details]
[RHEL5.4][PATCH] prevent boosting kprobes on exception address

Here is the patch(commit 30390880debce4a68fd23e87a787f27609e4bf4a
) ported from 2.6.29 to 2.6.18-139.el5.

Changes from original:
- change both of arch/i386/kernel/kprobes.c and arch/x86_64/kernel/kprobes.c
- include linux/module.h for search_exception_tables().

Comment 3 Don Zickus 2009-04-27 16:00:37 UTC

in kernel-2.6.18-141.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Please do NOT transition this bugzilla state to VERIFIED until our QE team
has sent specific instructions indicating when to do so.  However feel free
to provide a comment indicating that this fix has been verified.

Comment 7 errata-xmlrpc 2009-09-02 08:31:37 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1243.html

Note You need to log in before you can comment on or make changes to this bug.