Red Hat Bugzilla – Bug 64147
Last modified: 2007-04-18 12:42:20 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Description of problem:
Whenever kstat_read_proc() in fs/proc/proc_misc.c is called,it's trashing the
first 95 bytes in the the virtual
page which follows the page that is legitimately being written
to by kstat_read_proc().
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Comments in this file indicate that overflow off the end of the
page is a definite possibility and is handled gracefully. I have
used the linux kdb in-kernel debugger from SGI to see the actual
corrupted pages. The ASCII text written by kstat_read_proc() can
be seen overflowing from the virtual page before the corruption
over to the (in our case) first 95 bytes of the next page. The
case I've debugged caused a panic in the kmem_cache subsystem because
the slab header of a buffer_header slab was corrupted. I have also
seem the same text strings corrupting various files on our system.
This evidence combined with the high potential that the page being
corrupted is a data buffer leads me to believe that this bug could
easily cause data corruption.
RedHat added a call to print_tux_procinfo() to both the 2.4.9-31
and 2.4.3-12 versions of kstat_read_proc(). Despite the fact that
we have only seen this problem occur with the 2.4.9-31 kernel, it
has not been shown that the problem cannot/will not occur with the
2.4.3-12 kernel also. We have commented out this call to print_tux_procinfo()
and not seen the problem again.
Thanks for this debugging!
(oh and I assume you used the kdb kernel we ship.. at least I hope you didn't
have to go through all the trouble of getting that to work with our kernels
The following two patches should fix the problem.
Created attachment 55564 [details]
Created attachment 55565 [details]
Both of the above patches are included in the first Pensacola errata kernel
This appears to still be an outstanding issue with the 2.4.9-34 errata kernel
(latest released for 7.1/7.2), but is not a problem with Hampton or Milan.
Please look to include this into the next 7. errata kernel.
oh this will be fixed that way, sure
Milan kernel 2.4.18-14 and errata kernels released after that have this