From vova@sw.ru  Fri Jan  4 07:44:28 2002
Return-Path: <vova@sw.ru>
Received: from vbook.express.ru (asplinux.ru [195.133.213.194])
	by hub.freebsd.org (Postfix) with ESMTP id F209437B417
	for <FreeBSD-gnats-submit@freebsd.org>; Fri,  4 Jan 2002 07:44:27 -0800 (PST)
Received: from vova by vbook.express.ru with local (Exim 3.31 #2)
	id 16MWWK-0001hP-00
	for FreeBSD-gnats-submit@freebsd.org; Fri, 04 Jan 2002 18:44:36 +0300
Message-Id: <E16MWWK-0001hP-00@vbook.express.ru>
Date: Fri, 04 Jan 2002 18:44:36 +0300
From: Vladimir B.Grebenschikov <vova@sw.ru>
Sender: "Vladimir B. Grebenschikov" <vova@sw.ru>
Reply-To: Vladimir B.Grebenschikov <vova@sw.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: savecore cannot save kernel core if it's size > 2Gb
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         33537
>Category:       bin
>Synopsis:       savecore cannot save kernel core if it's size > 2Gb
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 04 07:50:00 PST 2002
>Closed-Date:    Sun Apr 07 14:19:02 PDT 2002
>Last-Modified:  Sun Apr 07 14:19:02 PDT 2002
>Originator:     Vladimir B. Grebenschikov
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
SWsoft
>Environment:
System: FreeBSD vbook.express.ru 5.0-CURRENT FreeBSD 5.0-CURRENT #10: Fri Dec 28 19:17:02 MSK 2001 root@walder.asplinux.ru:/usr/obj/ext/current/src/sys/VBOOK i386
checked also on 4.4-RELEASE and RELENG_4
>Description:
	Due to integer overflows and fseek overflow savecore can't save
kernel core on machine with more than 2Gb

Bug related to kern/33535 (but not depends on)

>How-To-Repeat:
	# dumpon <some-big-enough-partition>
	sysctl debug.enter_debugger=ddb
	db> call dumpsys()
	.... succeeded
	db> c
	# savecore /var/crash
	# ls -l /var/crash
	ls -l /var/crash/vmcore.?
total 0
-rw-r--r--  1 root  wheel  0 Jan  4 18:32 vmcore.0
	# 

There two problems in code:
 - signed/unsigned integer overflow while counting size of corefile
 - fseek problem (fseek cannot seek over 2 Gb boundary)
	
>Fix:

diff -u -r1.28.2.8 savecore.c
--- sbin/savecore/savecore.c	2001/08/01 09:04:22	1.28.2.8
+++ sbin/savecore/savecore.c	2002/01/04 15:15:40
@@ -221,7 +221,7 @@
 	int kmem, i;
 	const char *dump_sys;
 	size_t len;
-	long kdumplo;		/* block number where dump starts on dumpdev */
+	unsigned long kdumplo;		/* block number where dump starts on dumpdev */
 	char *p;
 
 	/*
@@ -266,7 +266,7 @@
 	(void)Read(kmem, &kdumplo, sizeof(kdumplo));
 	dumplo = (off_t)kdumplo * DEV_BSIZE;
 	if (verbose)
-		(void)printf("dumplo = %lld (%ld * %d)\n",
+		(void)printf("dumplo = %lld (%lu * %d)\n",
 		    (long long)dumplo, kdumplo, DEV_BSIZE);
 	Lseek(kmem, (off_t)current_nl[X_DUMPMAG].n_value, L_SET);
 	(void)Read(kmem, &dumpmag, sizeof(dumpmag));
@@ -446,7 +446,7 @@
 				if (fwrite(buf + nw, hs - nw, 1, fp) != 1)
 					break;
 			if (he > hs)
-				if (fseek(fp, he - hs, SEEK_CUR) == -1)
+				if (fseeko(fp, he - hs, SEEK_CUR) == -1)
 					break;
 		}
 		if (nw != nr) {
@@ -581,12 +581,12 @@
 void
 get_dumpsize()
 {
-	int kdumpsize;
+	unsigned int kdumpsize;
 
 	/* Read the dump size. */
 	DumpRead(dumpfd, &kdumpsize, sizeof(kdumpsize),
 	    (off_t)(dumplo + ok(dump_nl[X_DUMPSIZE].n_value)), L_SET);
-	dumpsize = kdumpsize * getpagesize();
+	dumpsize = kdumpsize * (unsigned)getpagesize();
 }
 
 /*
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: asmodai 
State-Changed-When: Sun Apr 7 06:58:47 PDT 2002 
State-Changed-Why:  
CURRENT has a new savecore and dump mechanism. 
This uses an uint64_t for recording the dumplen and should be ok 
for now. 

STABLE still has the deficiency though.  I'll raise this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33537 
State-Changed-From-To: analyzed->closed 
State-Changed-By: asmodai 
State-Changed-When: Sun Apr 7 14:18:24 PDT 2002 
State-Changed-Why:  
The fseeko() fix is in place in STABLE. 
This should be all in the current code to make it work according to 
Peter Wemm. 

Please test. 

Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33537 
>Unformatted:
