[Crash-utility] Re: Increase NR_CPUS
David Anderson
anderson at redhat.com
Sun Jun 25 23:22:50 UTC 2006
Maneesh Soni wrote:
>Hi Dave,
>
>crash seg faults while opening a kdump with NR_CPUS=128, due to buffer overflow
>in max_cpudata_limit() on a i386 system.
>
>--------
>kmem_cache_s_array_nodes:
>
> if (!readmem(cache+OFFSET(kmem_cache_s_array),
> KVADDR, &cpudata[0],
> sizeof(ulong) * ARRAY_LENGTH(kmem_cache_s_array),
> "array cache array", RETURN_ON_ERROR))
> goto bail_out;
>
> for (i = max_limit = 0; (i < ARRAY_LENGTH(kmem_cache_s_array)) &&
> cpudata[i]; i++) {
> if (!readmem(cpudata[i]+OFFSET(array_cache_limit),
> KVADDR, &limit, sizeof(int),
> "array cache limit", RETURN_ON_ERROR))
> goto bail_out;
> if (limit > max_limit)
> max_limit = limit;
> }
>
> *cpus = i; <<<<<< faults here
>--------
>
>The first readmem() call overwrites the parameter "cpus" on stack. ARRAY_LENGTH
>gives 128 whereas we have 32 elements in cpudata[NR_CPUS].
>
>Though the default NR_CPUS in kernel source is 32 but it can go upto
>256 based on the kernel config option CONFIG_NR_CPUS. So, in crash it
>should be defined as the max NR_CPUS. Please find the patch below which
>makes sure to have max NR_CPUS for various architecture.
>
>
>--- crash-4.0-2.30/defs.h 2006-06-07 01:16:33.000000000 +0530
>+++ crash-4.0-2.30-fix/defs.h 2006-06-24 04:29:35.000000000 +0530
>@@ -56,7 +56,7 @@
> #define FALSE (0)
>
> #ifdef X86
>-#define NR_CPUS (32)
>+#define NR_CPUS (256)
> #endif
> #ifdef X86_64
> #define NR_CPUS (256)
>@@ -68,7 +68,7 @@
> #define NR_CPUS (32)
> #endif
> #ifdef IA64
>-#define NR_CPUS (512)
>+#define NR_CPUS (1024)
> #endif
> #ifdef PPC64
> #define NR_CPUS (128)
>
>
>Thanks
>Maneesh
>
Hi Maneesh,
Thanks -- we probably ought to also have a check of that array length
being greater than NR_CPUS, and display the same type of error
message as seen in kernel_init():
error(FATAL, "recompile crash with larger NR_CPUS\n");
The error message above is only printed when the number of installed
cpus exceeds NR_CPUS, so it didn't help in this case.
Thanks,
Dave
More information about the Crash-utility
mailing list