722565 – using page_count(pfn_to_page(pfn)) on a random pfn is unsafe

Bug 722565 - using page_count(pfn_to_page(pfn)) on a random pfn is unsafe

Summary: using page_count(pfn_to_page(pfn)) on a random pfn is unsafe

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Andrea Arcangeli
QA Contact:	Caspar Zhang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-07-15 16:38 UTC by Andrea Arcangeli
Modified:	2013-07-03 07:31 UTC (History)
CC List:	3 users (show)
Fixed In Version:	kernel-2.6.32-171.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-06 13:52:15 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1530	0	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update	2011-12-06 01:45:35 UTC

Description Andrea Arcangeli 2011-07-15 16:38:05 UTC

Description of problem: using page_count(pfn_to_page(pfn)) on a random pfn is unsafe

Version-Release number of selected component (if applicable): 6.0 6.1 6.2


How reproducible: not easily reproduced, the only report is here http://marc.info/?l=linux-mm&m=131069449929254&w=2


Steps to Reproduce:
1. heavy vm activity with significant split_huge_page load
2.
3.
  
Actual results: bad pointer dereference


Expected results: no crash


Additional info:

Comment 2 Andrea Arcangeli 2011-07-15 17:08:35 UTC

Fixes posted on rhkernel-list with Message-ID: <20110715170151.GB31225> and Message-ID: <20110715170721.GC31225>.

Comment 4 RHEL Program Management 2011-07-17 13:19:54 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 6 Kyle McMartin 2011-07-25 13:07:13 UTC

Patch(es) available on kernel-2.6.32-171.el6

Comment 12 errata-xmlrpc 2011-12-06 13:52:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html

Note You need to log in before you can comment on or make changes to this bug.