From owner-freebsd-bugs Thu Jun 14 22: 0:18 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id AEB2F37B405 for ; Thu, 14 Jun 2001 22:00:07 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f5F507t89242; Thu, 14 Jun 2001 22:00:07 -0700 (PDT) (envelope-from gnats) Received: from dorfl.internal.moreton.com.au (ppp4.adsl238.pacific.net.au [203.143.238.4]) by hub.freebsd.org (Postfix) with ESMTP id 4268B37B409 for ; Thu, 14 Jun 2001 21:54:51 -0700 (PDT) (envelope-from pdh@moreton.com.au) Received: (from pdh@localhost) by dorfl.internal.moreton.com.au (8.11.4/8.11.4) id f5F4shQ00570; Fri, 15 Jun 2001 14:54:43 +1000 (EST) (envelope-from pdh) Message-Id: <200106150454.f5F4shQ00570@dorfl.internal.moreton.com.au> Date: Fri, 15 Jun 2001 14:54:43 +1000 (EST) From: Phil Homewood Reply-To: Phil Homewood To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: kern/28164: [PATCH] crashdump can trash disklabel/other partitions Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 28164 >Category: kern >Synopsis: [PATCH] crashdump can trash disklabel/other partitions >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jun 14 22:00:07 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Phil Homewood >Release: FreeBSD 4.3-STABLE i386 >Organization: >Environment: System: FreeBSD dorfl.internal.moreton.com.au 4.3-STABLE FreeBSD 4.3-STABLE #7: Fri Jun 15 11:14:57 EST 2001 root@:/usr/obj/usr/src/sys/DORFL i386 >Description: Crashdumps can overwrite the last few blocks of the device immediately before the dumpdev, if the dumpdev is approximately the same size as physical memory. >How-To-Repeat: Set up a swap device of the same size as physical memory and force a crashdump (eg, from DDB). >Fix: The following patch works but is probably incorrect (in tests on this machine, I needed an extra 10 blocks of disk space, and one page of physical memory requires 8 blocks of disk). Someone with a better understanding than I have should review this patch, but it should provide a good starting point. --- kern/kern_shutdown.c.orig Mon Jun 11 23:12:10 2001 +++ kern/kern_shutdown.c Fri Jun 15 14:46:53 2001 @@ -421,7 +421,7 @@ /* * XXX should clean up checking in dumpsys() to be more like this. */ - newdumplo = psize - Maxmem * PAGE_SIZE / DEV_BSIZE; + newdumplo = psize - (Maxmem + 2) * PAGE_SIZE / DEV_BSIZE; if (newdumplo < 0) return (ENOSPC); dumpdev = dev; --- kern/subr_disk.c.orig Fri Jun 1 02:47:45 2001 +++ kern/subr_disk.c Fri Jun 15 14:46:53 2001 @@ -91,7 +91,7 @@ dl = dsgetlabel(dev, dp->d_slice); if (!dl) return (ENXIO); - *count = (u_long)Maxmem * PAGE_SIZE / dl->d_secsize; + *count = (u_long)(Maxmem + 2) * PAGE_SIZE / dl->d_secsize; if (dumplo < 0 || (dumplo + *count > dl->d_partitions[dkpart(dev)].p_size)) return (EINVAL); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message