Bug 493780 - EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang)
EL4U7 kernel bug fix update (Oracle bug 7916406 - JVM process hang)
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel-xen (Show other bugs)
4.7
All Linux
medium Severity medium
: rc
: ---
Assigned To: Miroslav Rezanina
Virtualization Bugs
:
Depends On:
Blocks: 458302
  Show dependency treegraph
 
Reported: 2009-04-02 23:36 EDT by Guru Anbalagane
Modified: 2011-02-16 11:02 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-02-16 11:02:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Guru Anbalagane 2009-04-02 23:36:12 EDT
Description of problem:
There are two ways to get to the saved value for a CPU's GDT. One is through
cpu_gdt_table[cpu#], the other is through cpu_gdt_descr[cpu#].  The factors
that determine the contents of the two tables are:

   1. if you are the boot CPU (CPU0)
   2. if you are a PV xen guest
   3. if you are non-virtualized (HVM guest or running on a non-virtualized
      system).

For a boot CPU, or for any non-virtualized guest/system CPU,
cpu_gdt_descr[CPU#] points to cpu_gdt_table[CPU#] so it is OK to use either
data structure.

A PV guest's non-boot CPU's cpu_gdt_descr[CPU#] will point to a separately
allocated page which is set up correctly. Its cpu_gdt_table[CPU#] is not set
up so the entries are NULL.

These two factors lead to a bug in an MP 32-bit PV guest's general protection
fault (#GPF) handler.  A PV guest's non-boot CPU will not handle a user mode
#GPF because that code path references cpu_gdt_table[CPU#].  It will load NULLs
into the GDT and retry the faulting user instruction.  This leads to an endless
loop.

This patch changes the #GPF handler to use cpu_gdt_descr[] by way of
get_cpu_gdt_table() instead of cpu_gdt_table[].

--- linux-2.6.9/arch/i386/kernel/traps-xen.c.orig	2009-02-12 16:27:17.000000000 -0800
+++ linux-2.6.9/arch/i386/kernel/traps-xen.c	2009-02-12 16:26:01.000000000 -0800
@@ -622,7 +622,7 @@
 		set_user_cs(&current->mm->context.user_cs, limit);
 
 		desc1 = &current->mm->context.user_cs;
-		desc2 = cpu_gdt_table[cpu] + GDT_ENTRY_DEFAULT_USER_CS;
+		desc2 = &get_cpu_gdt_table(cpu)[GDT_ENTRY_DEFAULT_USER_CS];
 
 		/*
 		 * The CS was not in sync - reload it and retry the

Version-Release number of selected component (if applicable):
2.6.9-67, 2.6.9-78

How reproducible:



Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Oracle bug no 7916406.

Please include the above patch in el4.7 and el4.8 errata.
Comment 4 Vivek Goyal 2009-07-28 13:21:55 EDT
Committed in 89.7.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Comment 11 errata-xmlrpc 2011-02-16 11:02:14 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0263.html

Note You need to log in before you can comment on or make changes to this bug.