[Crash-utility] "cannot access vmalloc'd module memory" when loading kdump'ed vmcore in crash

Dave Anderson anderson at redhat.com
Tue Oct 14 18:56:31 UTC 2008 

----- "Dave Anderson" <anderson at redhat.com> wrote:

> ----- "Kevin Worth" <kevin.worth at hp.com> wrote:
> 
> > Thanks, Dave. Is it valid to just do "make modules" since it
> appears
> > we're just adding a module or does the modification to
> > arch/i386/mm/init.c necessitate a rebuilt kernel?
> 
> You might be able to *build* crash.o with "make modules", but if
> you try to install it, it's going to fail due because it won't
> be able to resolve the "page_is_ram" reference.
> 
> There may be some other way to export a symbol from
> the base kernel without rebuilding the kernel.  I have
> seen some 3rd-party modules (i.e., non-Red Hat) that
> load a "rogue" module that tinkers with its own internal
> exported symbol list after it is installed by overwriting
> its own exported symbols with the symbol name and address
> of un-exported base kernel symbols.  Then, after the rogue module  
> gets installed (and overwrites its own list of exported symbols),
> a second "real" module gets installed -- and the real module
> uses the illegally-exported (?) kernel symbols from the first
> rogue module.  Seems like a violation of the GPL, but anyway,
> I don't have any examples of how they do it. 

Another thing (potentially dangerous) you could try to avoid 
a kernel rebuild would be to just remove the page_is_ram() call
from crash.h:

map_virtual(u64 offset, struct page **pp)
{
        struct page *page;
        unsigned long pfn;
        void *vaddr;

        pfn = (unsigned long)(offset >> PAGE_SHIFT);

        if (!page_is_ram(pfn)) {
                printk(KERN_INFO
                    "crash memory driver: !page_is_ram(pfn: %lx)\n", pfn);
                return NULL;
        }

        if (!pfn_valid(pfn)) {
                printk(KERN_INFO
                    "crash memory driver: invalid pfn: %lx )\n", pfn);
                return NULL;
        }

        page = pfn_to_page(pfn);

        vaddr = kmap(page);
        if (!vaddr) {
                printk(KERN_INFO
                    "crash memory driver: pfn: %lx kmap(page: %lx) failed\n",
                        pfn, (unsigned long)page);
                return NULL;
        }

        *pp = page;
        return (vaddr + (offset & (PAGE_SIZE-1)));
}

Then you just hope that pfn_valid() will be safe enough.

Dave

More information about the Crash-utility mailing list