Red Hat Bugzilla – Bug 493780
EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang)
Last modified: 2011-02-16 11:02:14 EST
Description of problem:
There are two ways to get to the saved value for a CPU's GDT. One is through
cpu_gdt_table[cpu#], the other is through cpu_gdt_descr[cpu#]. The factors
that determine the contents of the two tables are:
1. if you are the boot CPU (CPU0)
2. if you are a PV xen guest
3. if you are non-virtualized (HVM guest or running on a non-virtualized
For a boot CPU, or for any non-virtualized guest/system CPU,
cpu_gdt_descr[CPU#] points to cpu_gdt_table[CPU#] so it is OK to use either
A PV guest's non-boot CPU's cpu_gdt_descr[CPU#] will point to a separately
allocated page which is set up correctly. Its cpu_gdt_table[CPU#] is not set
up so the entries are NULL.
These two factors lead to a bug in an MP 32-bit PV guest's general protection
fault (#GPF) handler. A PV guest's non-boot CPU will not handle a user mode
#GPF because that code path references cpu_gdt_table[CPU#]. It will load NULLs
into the GDT and retry the faulting user instruction. This leads to an endless
This patch changes the #GPF handler to use cpu_gdt_descr by way of
get_cpu_gdt_table() instead of cpu_gdt_table.
--- linux-2.6.9/arch/i386/kernel/traps-xen.c.orig 2009-02-12 16:27:17.000000000 -0800
+++ linux-2.6.9/arch/i386/kernel/traps-xen.c 2009-02-12 16:26:01.000000000 -0800
@@ -622,7 +622,7 @@
desc1 = ¤t->mm->context.user_cs;
- desc2 = cpu_gdt_table[cpu] + GDT_ENTRY_DEFAULT_USER_CS;
+ desc2 = &get_cpu_gdt_table(cpu)[GDT_ENTRY_DEFAULT_USER_CS];
* The CS was not in sync - reload it and retry the
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Oracle bug no 7916406.
Please include the above patch in el4.7 and el4.8 errata.
Committed in 89.7.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.