Menu

#218 cache data header offset overflow when large pfn

Resolved
closed
Kazuhito Hagio
None
5
2020-03-24
2020-03-23
Jialong Chen
No

Hi,
I used crash to analyze a vmcore but fail. I found that the vmcore data was not correct.
[root@localhost userspace]# crash vmlinux vmcore
……
reason: variable overflow causes a logic error in crash.
crash: page excluded: kernel virtual address: ffff0000089c9100 type: "kernel_config_data"
WARNING: cannot read kernel_config_data
crash: page excluded: kernel virtual address: ffff00000911b938 type: "possible"
WARNING: cannot read cpu_possible_map
crash: page excluded: kernel virtual address: ffff00000911b8b8 type: "present"
WARNING: cannot read cpu_present_map
crash: page excluded: kernel virtual address: ffff00000911b838 type: "online"
WARNING: cannot read cpu_online_map
crash: page excluded: kernel virtual address: ffff00000911b9b8 type: "active"
WARNING: cannot read cpu_active_map
crash: page excluded: kernel virtual address: ffff0000093ec9d0 type: "shadow_timekeeper xtime_sec"
crash: page excluded: kernel virtual address: ffff000009124d2c type: "init_uts_ns"
crash: vmlinux and vmcore do not match!

And my /proc/iomem info:
2e69267000-2fffffffff : System RAM
......
602770ecf000-6027ffffffff : System RAM

Here is the process of my analysis.
In function write_kdump_pages_and_bitmap_cyclic(),
info->len_bitmap=0x182000000
dh->bitmap_blocks * dh->block_size = info->len_bitmap=0x182000000 > MAX(int)
so:
cd_header->offset = (DISKDUMP_HEADER_BLOCKS + dh->sub_hdr_size + dh->bitmap_blocks) * dh->block_size;
get cd_header->offset = 0x82015000, but correct size is 0x182015000
so we set DISKDUMP_HEADER_BLOCKS to 1UL.

when cd_header->offset overflow, and cd_page->offset get an error offset.
cd_page->offset = cd_header->offset + sizeof(page_desc_t) * info->num_dumpable
later write page data will overwrite bitmap2.

The following is my patch, please review. Thanks.

Signed-off-by: Jialong Chen <chenjialong@huawei.com>
---
 makedumpfile-1.6.7/diskdump_mod.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makedumpfile-1.6.7/diskdump_mod.h b/makedumpfile-1.6.7/diskdump_mod.h
index 2676817..3733953 100644
--- a/makedumpfile-1.6.7/diskdump_mod.h
+++ b/makedumpfile-1.6.7/diskdump_mod.h
@@ -22,7 +22,7 @@
 #define DISK_DUMP_SIGNATURE            "DISKDUMP"
 #define KDUMP_SIGNATURE                        "KDUMP   "
 #define SIG_LEN (sizeof(DUMP_PARTITION_SIGNATURE) - 1)
-#define DISKDUMP_HEADER_BLOCKS         (1)
+#define DISKDUMP_HEADER_BLOCKS         (1UL)

 /*
  * These are all remnants of the old "diskdump" facility,
--
2.23.0

Discussion

  • Jialong Chen

    Jialong Chen - 2020-03-23

    Hi,
    I have also sent a patch to crash community.

     

  • Kazuhito Hagio

    Kazuhito Hagio - 2020-03-23

    Good catch. Thank you for the patch.
    Merged into the devel branch.
    https://sourceforge.net/p/makedumpfile/code/ci/6e4b2dfaed5e5e5c617e0e45f969c1f571c13e27/

    P.S.
    When you post a makedumpfile patch in the future, I would appreciate if you would post it to kexec-tools mailing list [1].
    [1] http://lists.infradead.org/mailman/listinfo/kexec

     

    • Jialong Chen

      Jialong Chen - 2020-03-24

      OK. Thanks for your guidance.
      Next time I will post the patch to the mailing list.

       

  • Kazuhito Hagio

    Kazuhito Hagio - 2020-03-24
    • status: open --> closed
    • assigned_to: Kazuhito Hagio
     

  • Kazuhito Hagio

    Kazuhito Hagio - 2020-03-24

    Thanks, closing.

     

  • Kazuhito Hagio

    Kazuhito Hagio - 2020-03-24
    • Group: devel --> Resolved
     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.