From owner-freebsd-bugs Tue Nov 26 18:10: 7 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6044237B401 for ; Tue, 26 Nov 2002 18:10:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D931943E88 for ; Tue, 26 Nov 2002 18:10:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gAR2A1x3087647 for ; Tue, 26 Nov 2002 18:10:01 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gAR2A1SY087646; Tue, 26 Nov 2002 18:10:01 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 912B737B401; Tue, 26 Nov 2002 18:00:14 -0800 (PST) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B12143EA9; Tue, 26 Nov 2002 18:00:14 -0800 (PST) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.6/8.12.6) id gAR20Dbk099944; Tue, 26 Nov 2002 20:00:13 -0600 (CST) (envelope-from dan) Message-Id: <200211270200.gAR20Dbk099944@dan.emsphone.com> Date: Tue, 26 Nov 2002 20:00:13 -0600 (CST) From: Dan Nelson Reply-To: Dan Nelson To: FreeBSD-gnats-submit@FreeBSD.org Cc: phk@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/45777: crashdump issue with too-small dumpdev Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 45777 >Category: kern >Synopsis: crashdump issue with too-small dumpdev >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 26 18:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Dan Nelson >Release: FreeBSD 5.0-CURRENT i386 >Organization: The Allant Group >Environment: System: FreeBSD dan.emsphone.com 5.0-CURRENT FreeBSD 5.0-CURRENT #223: Sun Nov 24 14:13:14 CST 2002 dan@dan.emsphone.com:/usr/src/sys/i386/compile/DANSMP i386 >Description: I finally discovered why I have never been able to get crashdumps to work: at some point all error-checking in the dump routines disappeared. I happen to have 1 GB of RAM, and 640MB of swap (old system, and I never reformatted after adding RAM). dumpon lets me set the dump device to my teeny 640MB swap partition, and when it comes time to dump, dumpsys calculates dumplo = di->mediaoffset + di->mediasize - Maxmem * (off_t)PAGE_SIZE; which in my case ends up being a negative number. The dump ends up failing when it tries to write to a negative block number and the SCSI drive refuses the request. So it seems like there are three bugs here: 1 - /sbin/dumpon doesn't verify RAM size against raw device size. This may be forgivable, as neither is all that easy to calculate from userland. 2 - ioctl(DIOCSKERNELDUMP) lets me set my dump device to something smaller than maxmem. 3 - dumpsys doesn't range-check its calculations. I'm just lucky I don't have a 384MB root partition, or the first time I pancied I would have overwritten my root :) If at some point we are going to support sparse dumps (only dump kernel and say, wired pages, for example), then #1 and #2 sort of go away, since we don't know the size of the dump until we crash. But I don't want crash dumps leaking over to other partitions, no matter what. >How-To-Repeat: 1. Run dumpon on a partition smaller than your memory size 2. Panic 3. The partition just before your dumpon partition will have crashdump data in it, if the panic was able to write a dump at all. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message