Hi,
I've been chasing strange problem with kdump kernel. It was crashing on
boot without any messages to the console.
Finally I found that kdump kernel command line was corrupt.
Digging down I found the problem in setup_edd_info() and
add_edd_entry(). It doesn't check for array size of
real_mode->eddbuf[] and real_mode->edd_mbr_sig_buffer[]
So when it overruns eddbuf[] it corrupts command_line that follows it.
Here is the fix:
--- a/kexec-tools/kexec/arch/i386/x86-linux-setup.c
+++ b/kexec-tools/kexec/arch/i386/x86-linux-setup.c
@@ -275,9 +275,9 @@ static int add_edd_entry(struct
x86_linux_param_header *real_mode,
"must not be NULL", __FUNCTION__);
return -1;
}
-
- edd_info = &real_mode->eddbuf[*current_edd];
- memset(edd_info, 0, sizeof(struct edd_info));
+ if (*current_mbr >= EDD_MBR_SIG_MAX) {
+ return 0;
+ }
/* extract the device number */
if (sscanf(basename(sysfs_name), "int13_dev%hhx", &devnum) != 1) {
@@ -293,12 +293,21 @@ static int add_edd_entry(struct
x86_linux_param_header *real_mode,
dbgprintf("EDD Device 0x%x: mbr_sig=0x%x\n", devnum,
mbr_sig);
}
+ if (*current_edd >= EDDMAXNR) {
+ return 0;
+ }
+
+ edd_info = &real_mode->eddbuf[*current_edd];
+ memset(edd_info, 0, sizeof(struct edd_info));
+
/* set the device number */
edd_info->device = devnum;
/* set the version */
- if (file_scanf(sysfs_name, "version", "0x%hhx", &version) != 1)
+ if (file_scanf(sysfs_name, "version", "0x%hhx", &version) != 1) {
+ fprintf(stderr, "sysfs_name %s version file error\n",
sysfs_name);
return -1;
+ }
edd_info->version = version;
Sincerely,
Dmitry Trikoz
dmitry.trikoz at stratus.com
