[Crash-utility] Re: Increase NR_CPUS

David Anderson anderson at redhat.com
Sun Jun 25 23:22:50 UTC 2006 

Maneesh Soni wrote:

>Hi Dave,
>
>crash seg faults while opening a kdump with NR_CPUS=128, due to buffer overflow
>in max_cpudata_limit() on a i386 system. 
>
>--------
>kmem_cache_s_array_nodes:
>
>        if (!readmem(cache+OFFSET(kmem_cache_s_array),
>            KVADDR, &cpudata[0],
>            sizeof(ulong) * ARRAY_LENGTH(kmem_cache_s_array),
>            "array cache array", RETURN_ON_ERROR))
>                goto bail_out;
>
>        for (i = max_limit = 0; (i < ARRAY_LENGTH(kmem_cache_s_array)) &&
>             cpudata[i]; i++) {
>                if (!readmem(cpudata[i]+OFFSET(array_cache_limit),
>                    KVADDR, &limit, sizeof(int),
>                    "array cache limit", RETURN_ON_ERROR))
>                        goto bail_out;
>                if (limit > max_limit)
>                        max_limit = limit;
>        }
>
>        *cpus = i;    <<<<<< faults here
>--------
>
>The first readmem() call overwrites the parameter "cpus" on stack. ARRAY_LENGTH
>gives 128 whereas we have 32 elements in cpudata[NR_CPUS].
>
>Though the default NR_CPUS in kernel source is 32 but it can go upto
>256 based on the kernel config option CONFIG_NR_CPUS. So, in crash it
>should be defined as the max NR_CPUS. Please find the patch below which
>makes sure to have max NR_CPUS for various architecture.
>
>
>--- crash-4.0-2.30/defs.h	2006-06-07 01:16:33.000000000 +0530
>+++ crash-4.0-2.30-fix/defs.h	2006-06-24 04:29:35.000000000 +0530
>@@ -56,7 +56,7 @@
> #define FALSE (0)
> 
> #ifdef X86
>-#define NR_CPUS  (32)
>+#define NR_CPUS  (256)
> #endif
> #ifdef X86_64
> #define NR_CPUS  (256)
>@@ -68,7 +68,7 @@
> #define NR_CPUS  (32)
> #endif
> #ifdef IA64
>-#define NR_CPUS  (512)
>+#define NR_CPUS  (1024)
> #endif
> #ifdef PPC64
> #define NR_CPUS  (128)
>
>
>Thanks
>Maneesh
>

Hi Maneesh,

Thanks -- we probably ought to also have a check of that array length
being greater than NR_CPUS, and display the same type of error
message as seen in kernel_init():

  error(FATAL, "recompile crash with larger NR_CPUS\n");

The error message above is only printed when the number of installed
cpus exceeds NR_CPUS, so it didn't help in this case.

Thanks,
  Dave

More information about the Crash-utility mailing list