Bug 85018 - SMP Register Corruption
SMP Register Corruption
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.1
i686 Linux
high Severity high
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
http://www.cs.helsinki.fi/linux/linux...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-24 16:57 EST by Need Real Name
Modified: 2005-10-31 17:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-16 20:48:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-02-24 16:57:23 EST
Description of problem:

Following text has been replicated verbatim from original patch submission from 
John Byrne. See URL above.

Currently, the SMP interrupt code generated by the macros
BUILD_SMP_INTERRUPT and BUILD_SMP_TIMER_INTERRUPT push the positive
interrupt vector number on the stack. If the correct signal is pending
on the process and %eax happens to have the correct value, do_signal()
can be spoofed into adjusting %eax and %eip with almost certainly bad
results. For example, trying to do a "strace -p" the following program
will result in its dumping core with an illegal instruction.

int
main(void)
{
int i;


asm (
"mov %1,%0\n\t"
"1:\t"
"cmp %1,%0\n\t"
"rep;nop\n\t"
"je 1b\n\t"
:"=&a" (i)
:"i" (-512));


return i;
}


I suspect what was wanted was to subtract 256, as is done in BUILD_IRQ,
to make the values negative, but leave the vector available in %al, so
I offer the following patch against 2.4.10-pre2 to do so. (The 2.2.x
code simply pushes -1. I don't see anything that uses the vector for
these interrupt, so this should work. However, I assume the change was
made so the vector number would be available on the stack, perhaps for
debugging.)


This has only been tested by me on my SMP box, but... (I don't want to
complete that sentence with words I might be forced to regret for some
reason.)

Version-Release number of selected component (if applicable):
LAS 2.1
Red Hat 7.1

How reproducible:
Absolutely.

Steps to Reproduce:
1. See URL above for sample program
    
Actual results:


Expected results:


Additional info:
Comment 1 Arjan van de Ven 2003-02-24 17:34:22 EST
the most current 7.1 kernel is 2.4.18-24.... I'd expect it to be fixed there....
Comment 2 Paul Hansen 2003-02-25 09:21:29 EST
This bug was found in RedHat 7.1.  The patch has been incorporated
in Linux Advanced Server 2.1, as I verified from the source code.
As our upgrade plans are to go from 7.1 to LAS 2.1, I don't think
any further action is necessary on this bug; the fix is to upgrade. 

Note You need to log in before you can comment on or make changes to this bug.