Description of Problem: A bug in inlude/asm-i386/io.h leads to wrong page to physical address translation for DMA memory above 4GB. If high buffers are used for DMA, this may lead to DMA transfers to wrong memry regions, which (depending on the false address) may lead to PCI bus aborts, data corruption, or even destruction of elementary kernel code or data (if DMA is carried out into kernel core memory). Version-Release number of selected component (if applicable): 2.4.9-e.3 How Reproducible: Run IO stress test on e.g. a PCI SCSI controller capable of doing high-memory DMA (e.g. aic7xxx). Steps to Reproduce: 1. Start stress test 2. wait 3. Actual Results: Once a DMA buffer above 4GB is allocated (e.g. 0x101010000), the address translation for the scatter-gather list discards the high bits, leading to 0x001010000. Depending on the address generated and the direction of the IO, all sorts of errors may result, leaving the system in an undeterimined state. Expected Results: IO completes successfully. Additional Information: I reported this for RedHat 7.2 in the descussion of bug 66143 The problem is fixed in the 2.4.18 kernels of RedHat 7.3. I will attach a patch that solves the problem.
Created attachment 61544 [details] Patch that solves this problem
I am interesting what bug 66521 is but I have no permissions to see it. Could you allow me in?
Fixed in AS2.1 errata kernel-2.4.9-e.8, released on 7/29. Larry Woodman
We are seeing memory corruption when using > 4GB memory on AS 2.4.9-e12. Any chance this bug has been re-introduced? Annie McQuilken, Experience, Inc.
Certainly not this one.