Bug 493780 - EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang)
EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang)
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel-xen (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Miroslav Rezanina
Virtualization Bugs
Depends On:
Blocks: 458302
  Show dependency treegraph
Reported: 2009-04-02 23:36 EDT by Guru Anbalagane
Modified: 2011-02-16 11:02 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-02-16 11:02:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Guru Anbalagane 2009-04-02 23:36:12 EDT
Description of problem:
There are two ways to get to the saved value for a CPU's GDT. One is through
cpu_gdt_table[cpu#], the other is through cpu_gdt_descr[cpu#].  The factors
that determine the contents of the two tables are:

   1. if you are the boot CPU (CPU0)
   2. if you are a PV xen guest
   3. if you are non-virtualized (HVM guest or running on a non-virtualized

For a boot CPU, or for any non-virtualized guest/system CPU,
cpu_gdt_descr[CPU#] points to cpu_gdt_table[CPU#] so it is OK to use either
data structure.

A PV guest's non-boot CPU's cpu_gdt_descr[CPU#] will point to a separately
allocated page which is set up correctly. Its cpu_gdt_table[CPU#] is not set
up so the entries are NULL.

These two factors lead to a bug in an MP 32-bit PV guest's general protection
fault (#GPF) handler.  A PV guest's non-boot CPU will not handle a user mode
#GPF because that code path references cpu_gdt_table[CPU#].  It will load NULLs
into the GDT and retry the faulting user instruction.  This leads to an endless

This patch changes the #GPF handler to use cpu_gdt_descr[] by way of
get_cpu_gdt_table() instead of cpu_gdt_table[].

--- linux-2.6.9/arch/i386/kernel/traps-xen.c.orig	2009-02-12 16:27:17.000000000 -0800
+++ linux-2.6.9/arch/i386/kernel/traps-xen.c	2009-02-12 16:26:01.000000000 -0800
@@ -622,7 +622,7 @@
 		set_user_cs(&current->mm->context.user_cs, limit);
 		desc1 = &current->mm->context.user_cs;
-		desc2 = cpu_gdt_table[cpu] + GDT_ENTRY_DEFAULT_USER_CS;
+		desc2 = &get_cpu_gdt_table(cpu)[GDT_ENTRY_DEFAULT_USER_CS];
 		 * The CS was not in sync - reload it and retry the

Version-Release number of selected component (if applicable):
2.6.9-67, 2.6.9-78

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Oracle bug no 7916406.

Please include the above patch in el4.7 and el4.8 errata.
Comment 4 Vivek Goyal 2009-07-28 13:21:55 EDT
Committed in 89.7.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Comment 11 errata-xmlrpc 2011-02-16 11:02:14 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.