public inbox for kexec@lists.infradead.org
 help / color / mirror / Atom feed
* Kexec corrupts command line in x86-linux-setup.c setup_edd_info()
@ 2012-05-24 17:26 Dmitry Trikoz
  0 siblings, 0 replies; only message in thread
From: Dmitry Trikoz @ 2012-05-24 17:26 UTC (permalink / raw)
  To: kexec, horms

Hi,
I've been chasing strange problem with kdump kernel. It was crashing on 
boot without any messages to the console.
Finally I found that kdump kernel command line was corrupt.
Digging down I found the problem in  setup_edd_info() and 
add_edd_entry(). It doesn't check for array size of
real_mode->eddbuf[] and real_mode->edd_mbr_sig_buffer[]
So when it overruns eddbuf[] it corrupts command_line that follows it.

Here is the fix:

--- a/kexec-tools/kexec/arch/i386/x86-linux-setup.c
+++ b/kexec-tools/kexec/arch/i386/x86-linux-setup.c
@@ -275,9 +275,9 @@ static int add_edd_entry(struct 
x86_linux_param_header *real_mode,
                                 "must not be NULL", __FUNCTION__);
                 return -1;
         }
-
-       edd_info = &real_mode->eddbuf[*current_edd];
-       memset(edd_info, 0, sizeof(struct edd_info));
+       if (*current_mbr >= EDD_MBR_SIG_MAX) {
+               return 0;
+       }

         /* extract the device number */
         if (sscanf(basename(sysfs_name), "int13_dev%hhx", &devnum) != 1) {
@@ -293,12 +293,21 @@ static int add_edd_entry(struct 
x86_linux_param_header *real_mode,
                 dbgprintf("EDD Device 0x%x: mbr_sig=0x%x\n", devnum, 
mbr_sig);
         }

+       if (*current_edd >= EDDMAXNR) {
+               return 0;
+       }
+
+       edd_info = &real_mode->eddbuf[*current_edd];
+       memset(edd_info, 0, sizeof(struct edd_info));
+
         /* set the device number */
         edd_info->device = devnum;

         /* set the version */
-       if (file_scanf(sysfs_name, "version", "0x%hhx", &version) != 1)
+       if (file_scanf(sysfs_name, "version", "0x%hhx", &version) != 1) {
+               fprintf(stderr, "sysfs_name %s version file error\n", 
sysfs_name);
                 return -1;
+       }

         edd_info->version = version;

Sincerely,

Dmitry Trikoz

dmitry.trikoz@stratus.com


_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2012-05-24 17:27 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-24 17:26 Kexec corrupts command line in x86-linux-setup.c setup_edd_info() Dmitry Trikoz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox