Date: Sun, 24 Jun 2001 18:00:11 -0700 (PDT) From: Phil Homewood <pdh@lineo.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/28164: [PATCH] crashdump can trash disklabel/other partitions Message-ID: <200106250100.f5P10B932162@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/28164; it has been noted by GNATS.
From: Phil Homewood <pdh@lineo.com>
To: Bruce Evans <bde@zeta.org.au>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/28164: [PATCH] crashdump can trash disklabel/other partitions
Date: Mon, 25 Jun 2001 10:54:23 +1000
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Bruce Evans wrote:
> > >How-To-Repeat:
> > Set up a swap device of the same size as physical memory and
> > force a crashdump (eg, from DDB).
>
> This did not repeat it for me :-).
Hmm.
OK, more info, see dmesg attached.
> I don't see how these patches can help. The first hunk prevents dumping
> if the device size (in bytes) is precisely the same as the memory size
> (according to Maxmem). But dumping will still occur if the device size is
> 2 pages larger, and then the second hunk almost ensures that any overrun
> still occurs (since it adjusts the dump size up by the same amount that
> the first hunk adjusts the dump start down). It also has bad side effects:
> - it causes 2 nonexistent pages to be dumped. This might cause NMIs or
> worse.
Erm, no, it doesn't. Unless I'm missing something, it just causes an extra
two pages of disk to be required for the dump. Yes, this is wrong, there's
no logical reason I can see for that number, but I just wanted to give
some kind of starting point...
> - it causes overflow on machines with 4GB less 2 pages of memory instead
> of only on machines with 4GB of memory, if Maxmem can reach 4GB. Better
> original code:
>
> *count = (u_long)Maxmem * (PAGE_SIZE / dl->d_secsize);
>
> This assumes that PAGE_SIZE is a multiple of dl->d_secsize, but all dump
> routines already assume this.
>
> The patch might help by avoidng rounding bugs in the dump routines (e.g.,
> they might round *count up to a multiple of 128, so it's best to have
> *count a multiple of 128 to begin with), but I couldn't see any bugs like
> that.
I can probably use this machine for another couple of days if you want
me to do some more testing/debugging of this problem. (It's due to go
production real soon.) I couldn't understand why the dump was
overflowing at all, I just needed it to stop doing so. :-)
Second attachment is a disklabel of the disk containing the dumpdev.
The critical size for da1s2b is 524298 blocks; at that size the dump
works, but at 524297 blocks it trashes the label.
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="dmesg.boot"
Copyright (c) 1992-2001 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.3-STABLE #0: Fri Jun 15 15:53:56 EST 2001
root@dorfl.internal.moreton.com.au:/usr/obj/usr/src/sys/DORFL
Timecounter "i8254" frequency 1193182 Hz
CPU: AMD Athlon(tm) Processor (1299.38-MHz 686-class CPU)
Origin = "AuthenticAMD" Id = 0x642 Stepping = 2
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
AMD Features=0xc0440000<<b18>,AMIE,DSP,3DNow!>
real memory = 268435456 (262144K bytes)
avail memory = 257634304 (251596K bytes)
Preloaded elf kernel "kernel" at 0xc038d000.
Pentium Pro MTRR support enabled
md0: Malloc disk
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib2: <PCI to PCI bridge (vendor=1106 device=8305)> at device 1.0 on pci0
pci1: <PCI bus> on pcib2
pci1: <S3 Trio3D/2X graphics accelerator> at 0.0
isab0: <VIA 82C686 PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686 ATA100 controller> port 0xc000-0xc00f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
chip2: <VIA 82C686 AC97 Audio> port 0xd400-0xd403,0xd000-0xd003,0xcc00-0xccff irq 12 at device 7.5 on pci0
ahc0: <Adaptec 29160 Ultra160 SCSI adapter> port 0xdc00-0xdcff mem 0xdd000000-0xdd000fff irq 11 at device 8.0 on pci0
aic7892: Wide Channel A, SCSI Id=7, 32/255 SCBs
ed0: <NE2000 PCI Ethernet (KTI)> port 0xe000-0xe01f irq 10 at device 9.0 on pci0
ed0: address 00:40:f6:0c:35:7a, type NE2000 (16 bit)
pcib1: <Host to PCI bridge> on motherboard
pci2: <PCI bus> on pcib1
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x100>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A, console
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (EPP/NIBBLE) in COMPATIBLE mode
ppi0: <Parallel I/O> on ppbus0
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
acd0: CDROM <SAMSUNG CD-ROM SC-152C> at ata1-master using PIO4
Waiting 5 seconds for SCSI devices to settle
Mounting root from ufs:/dev/da0s1a
da0 at ahc0 bus 0 target 0 lun 0
da0: <IBM DDYS-T18350N S96H> Fixed Direct Access SCSI-3 device
da0: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da0: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)
da1 at ahc0 bus 0 target 1 lun 0
da1: <IBM DDYS-T18350N S96H> Fixed Direct Access SCSI-3 device
da1: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da1: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)
da2 at ahc0 bus 0 target 2 lun 0
da2: <IBM DDYS-T18350N S96H> Fixed Direct Access SCSI-3 device
da2: 160.000MB/s transfers (80.000MHz, offset 63, 16bit), Tagged Queueing Enabled
da2: 17501MB (35843670 512 byte sectors: 255H 63S/T 2231C)
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=disklabel-da1s2
# /dev/da1s2c:
type: SCSI
disk: da1s2
label:
flags:
bytes/sector: 512
sectors/track: 32
tracks/cylinder: 64
sectors/cylinder: 2048
cylinders: 17245
sectors/unit: 35317760
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0 # milliseconds
track-to-track seek: 0 # milliseconds
drivedata: 0
8 partitions:
# size offset fstype [fsize bsize bps/cpg]
b: 526336 0 swap # (Cyl. 0 - 256)
c: 35317760 0 unused 0 0 # (Cyl. 0 - 17244)
e: 34791424 526336 4.2BSD 1024 8192 16 # (Cyl. 257 - 17244)
--pWyiEgJYm5f9v55/--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106250100.f5P10B932162>