Bug 722565 - using page_count(pfn_to_page(pfn)) on a random pfn is unsafe
Summary: using page_count(pfn_to_page(pfn)) on a random pfn is unsafe
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: kernel
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: rc
: ---
Assignee: Andrea Arcangeli
QA Contact: Caspar Zhang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-15 16:38 UTC by Andrea Arcangeli
Modified: 2013-07-03 07:31 UTC (History)
3 users (show)

Fixed In Version: kernel-2.6.32-171.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 13:52:15 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1530 0 normal SHIPPED_LIVE Moderate: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update 2011-12-06 01:45:35 UTC

Description Andrea Arcangeli 2011-07-15 16:38:05 UTC
Description of problem: using page_count(pfn_to_page(pfn)) on a random pfn is unsafe

Version-Release number of selected component (if applicable): 6.0 6.1 6.2


How reproducible: not easily reproduced, the only report is here http://marc.info/?l=linux-mm&m=131069449929254&w=2


Steps to Reproduce:
1. heavy vm activity with significant split_huge_page load
2.
3.
  
Actual results: bad pointer dereference


Expected results: no crash


Additional info:

Comment 2 Andrea Arcangeli 2011-07-15 17:08:35 UTC
Fixes posted on rhkernel-list with Message-ID: <20110715170151.GB31225> and Message-ID: <20110715170721.GC31225>.

Comment 4 RHEL Program Management 2011-07-17 13:19:54 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 6 Kyle McMartin 2011-07-25 13:07:13 UTC
Patch(es) available on kernel-2.6.32-171.el6

Comment 12 errata-xmlrpc 2011-12-06 13:52:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html


Note You need to log in before you can comment on or make changes to this bug.