Date: Tue, 26 Nov 2002 20:00:13 -0600 (CST) From: Dan Nelson <dnelson@allantgroup.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: phk@FreeBSD.org Subject: kern/45777: crashdump issue with too-small dumpdev Message-ID: <200211270200.gAR20Dbk099944@dan.emsphone.com>
next in thread | raw e-mail | index | archive | help
>Number: 45777
>Category: kern
>Synopsis: crashdump issue with too-small dumpdev
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 26 18:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Dan Nelson
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
The Allant Group
>Environment:
System: FreeBSD dan.emsphone.com 5.0-CURRENT FreeBSD 5.0-CURRENT #223: Sun Nov 24 14:13:14 CST 2002 dan@dan.emsphone.com:/usr/src/sys/i386/compile/DANSMP i386
>Description:
I finally discovered why I have never been able to get crashdumps to
work: at some point all error-checking in the dump routines
disappeared. I happen to have 1 GB of RAM, and 640MB of swap (old
system, and I never reformatted after adding RAM).
dumpon lets me set the dump device to my teeny 640MB swap partition,
and when it comes time to dump, dumpsys calculates
dumplo = di->mediaoffset + di->mediasize - Maxmem * (off_t)PAGE_SIZE;
which in my case ends up being a negative number. The dump ends up
failing when it tries to write to a negative block number and the SCSI
drive refuses the request. So it seems like there are three bugs here:
1 - /sbin/dumpon doesn't verify RAM size against raw device size. This
may be forgivable, as neither is all that easy to calculate from
userland.
2 - ioctl(DIOCSKERNELDUMP) lets me set my dump device to something
smaller than maxmem.
3 - dumpsys doesn't range-check its calculations.
I'm just lucky I don't have a 384MB root partition, or the first time I
pancied I would have overwritten my root :)
If at some point we are going to support sparse dumps (only dump kernel
and say, wired pages, for example), then #1 and #2 sort of go away,
since we don't know the size of the dump until we crash. But I don't
want crash dumps leaking over to other partitions, no matter what.
>How-To-Repeat:
1. Run dumpon on a partition smaller than your memory size
2. Panic
3. The partition just before your dumpon partition will have crashdump
data in it, if the panic was able to write a dump at all.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211270200.gAR20Dbk099944>