Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Jun 2001 14:54:43 +1000 (EST)
From:      Phil Homewood <pdh@moreton.com.au>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/28164: [PATCH] crashdump can trash disklabel/other partitions
Message-ID:  <200106150454.f5F4shQ00570@dorfl.internal.moreton.com.au>
next in thread | raw e-mail | index | archive | help 

>Number:         28164
>Category:       kern
>Synopsis:       [PATCH] crashdump can trash disklabel/other partitions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 14 22:00:07 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Phil Homewood
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD dorfl.internal.moreton.com.au 4.3-STABLE FreeBSD 4.3-STABLE #7: Fri Jun 15 11:14:57 EST 2001 root@:/usr/obj/usr/src/sys/DORFL i386


	
>Description:
	Crashdumps can overwrite the last few blocks of the device
	immediately before the dumpdev, if the dumpdev is approximately
	the same size as physical memory.

>How-To-Repeat:
	Set up a swap device of the same size as physical memory and
	force a crashdump (eg, from DDB).

>Fix:

	The following patch works but is probably incorrect (in tests
	on this machine, I needed an extra 10 blocks of disk space, and
	one page of physical memory requires 8 blocks of disk).
	Someone with a better understanding than I have should review
	this patch, but it should provide a good starting point.



--- kern/kern_shutdown.c.orig	Mon Jun 11 23:12:10 2001
+++ kern/kern_shutdown.c	Fri Jun 15 14:46:53 2001
@@ -421,7 +421,7 @@
 	/*
 	 * XXX should clean up checking in dumpsys() to be more like this.
 	 */
-	newdumplo = psize - Maxmem * PAGE_SIZE / DEV_BSIZE;
+	newdumplo = psize - (Maxmem + 2) * PAGE_SIZE / DEV_BSIZE;
 	if (newdumplo < 0)
 		return (ENOSPC);
 	dumpdev = dev;
--- kern/subr_disk.c.orig	Fri Jun  1 02:47:45 2001
+++ kern/subr_disk.c	Fri Jun 15 14:46:53 2001
@@ -91,7 +91,7 @@
 	dl = dsgetlabel(dev, dp->d_slice);
 	if (!dl)
 		return (ENXIO);
-	*count = (u_long)Maxmem * PAGE_SIZE / dl->d_secsize;
+	*count = (u_long)(Maxmem + 2) * PAGE_SIZE / dl->d_secsize;
 	if (dumplo < 0 || 
 	    (dumplo + *count > dl->d_partitions[dkpart(dev)].p_size))
 		return (EINVAL);
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106150454.f5F4shQ00570>