Bug 13265 - Crashdump feature totally broken with CONFIG_KEXEC_JUMP
Summary: Crashdump feature totally broken with CONFIG_KEXEC_JUMP
Status: RESOLVED CODE_FIX
Alias: None
Product: Platform Specific/Hardware
Classification: Unclassified
Component: i386 (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: platform_i386
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-07 13:29 UTC by Tim Starling
Modified: 2009-05-21 17:12 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.30rc4
Subsystem:
Regression: No
Bisected commit-id:


Attachments

Description Tim Starling 2009-05-07 13:29:40 UTC
I loaded a crash kernel into a freshly-built 2.6.30rc4 instance using the Ubuntu scripts, and then triggered a crash with echo c > /proc/sysrq-trigger. The result was a kernel oops due to a null pointer deference in machine_kexec_32.c around line 197:

#ifdef CONFIG_KEXEC_JUMP
	if (kexec_image->preserve_context)

kexec_image is NULL in this situation because kexec_crash_image (a.k.a. the image parameter) is meant to be used instead. I tracked down the commit for you:

<http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3122c331190e9d1622bf1c8cf6ce3b17cca67c9e>

Presumably the feature has been broken since that time.
Comment 1 Andrew Morton 2009-05-07 20:47:38 UTC
(switched to email.  Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Thu, 7 May 2009 13:29:41 GMT
bugzilla-daemon@bugzilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=13265
> 
>            Summary: Crashdump feature totally broken with
>                     CONFIG_KEXEC_JUMP
>            Product: Platform Specific/Hardware
>            Version: 2.5
>     Kernel Version: 2.6.30rc4
>           Platform: All
>         OS/Version: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: i386
>         AssignedTo: platform_i386@kernel-bugs.osdl.org
>         ReportedBy: tstarling@wikimedia.org
>         Regression: No
> 
> 
> I loaded a crash kernel into a freshly-built 2.6.30rc4 instance using the
> Ubuntu scripts, and then triggered a crash with echo c > /proc/sysrq-trigger.
> The result was a kernel oops due to a null pointer deference in
> machine_kexec_32.c around line 197:
> 
> #ifdef CONFIG_KEXEC_JUMP
>     if (kexec_image->preserve_context)
> 
> kexec_image is NULL in this situation because kexec_crash_image (a.k.a. the
> image parameter) is meant to be used instead. I tracked down the commit for
> you:
> 
>
> <http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3122c331190e9d1622bf1c8cf6ce3b17cca67c9e>
> 
> Presumably the feature has been broken since that time.
>
Comment 2 H. Peter Anvin 2009-05-07 21:55:13 UTC
Ying?

bugzilla-daemon@bugzilla.kernel.org wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=13265
> 
> 
> 
> 
> 
> --- Comment #1 from Andrew Morton <akpm@linux-foundation.org>  2009-05-07
> 20:47:38 ---
> (switched to email.  Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
> 
> On Thu, 7 May 2009 13:29:41 GMT
> bugzilla-daemon@bugzilla.kernel.org wrote:
> 
>> http://bugzilla.kernel.org/show_bug.cgi?id=13265
>>
>>            Summary: Crashdump feature totally broken with
>>                     CONFIG_KEXEC_JUMP
>>            Product: Platform Specific/Hardware
>>            Version: 2.5
>>     Kernel Version: 2.6.30rc4
>>           Platform: All
>>         OS/Version: Linux
>>               Tree: Mainline
>>             Status: NEW
>>           Severity: normal
>>           Priority: P1
>>          Component: i386
>>         AssignedTo: platform_i386@kernel-bugs.osdl.org
>>         ReportedBy: tstarling@wikimedia.org
>>         Regression: No
>>
>>
>> I loaded a crash kernel into a freshly-built 2.6.30rc4 instance using the
>> Ubuntu scripts, and then triggered a crash with echo c >
>> /proc/sysrq-trigger.
>> The result was a kernel oops due to a null pointer deference in
>> machine_kexec_32.c around line 197:
>>
>> #ifdef CONFIG_KEXEC_JUMP
>>     if (kexec_image->preserve_context)
>>
>> kexec_image is NULL in this situation because kexec_crash_image (a.k.a. the
>> image parameter) is meant to be used instead. I tracked down the commit for
>> you:
>>
>>
>> <http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3122c331190e9d1622bf1c8cf6ce3b17cca67c9e>
>>
>> Presumably the feature has been broken since that time.
>>
>
Comment 3 Anonymous Emailer 2009-05-08 00:46:45 UTC
Reply-To: ying.huang@intel.com

On Fri, 2009-05-08 at 05:54 +0800, H. Peter Anvin wrote:
> Ying?
> 
> bugzilla-daemon@bugzilla.kernel.org wrote:
> > http://bugzilla.kernel.org/show_bug.cgi?id=13265
> > 
> > 
> > 
> > 
> > 
> > --- Comment #1 from Andrew Morton <akpm@linux-foundation.org>  2009-05-07
> 20:47:38 ---
> > (switched to email.  Please respond via emailed reply-to-all, not via the
> > bugzilla web interface).
> > 
> > On Thu, 7 May 2009 13:29:41 GMT
> > bugzilla-daemon@bugzilla.kernel.org wrote:
> > 
> >> http://bugzilla.kernel.org/show_bug.cgi?id=13265
> >>
> >>            Summary: Crashdump feature totally broken with
> >>                     CONFIG_KEXEC_JUMP
> >>            Product: Platform Specific/Hardware
> >>            Version: 2.5
> >>     Kernel Version: 2.6.30rc4
> >>           Platform: All
> >>         OS/Version: Linux
> >>               Tree: Mainline
> >>             Status: NEW
> >>           Severity: normal
> >>           Priority: P1
> >>          Component: i386
> >>         AssignedTo: platform_i386@kernel-bugs.osdl.org
> >>         ReportedBy: tstarling@wikimedia.org
> >>         Regression: No
> >>
> >>
> >> I loaded a crash kernel into a freshly-built 2.6.30rc4 instance using the
> >> Ubuntu scripts, and then triggered a crash with echo c >
> /proc/sysrq-trigger.
> >> The result was a kernel oops due to a null pointer deference in
> >> machine_kexec_32.c around line 197:
> >>
> >> #ifdef CONFIG_KEXEC_JUMP
> >>     if (kexec_image->preserve_context)
> >>
> >> kexec_image is NULL in this situation because kexec_crash_image (a.k.a.
> the
> >> image parameter) is meant to be used instead. I tracked down the commit
> for
> >> you:
> >>
> >>
> <http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3122c331190e9d1622bf1c8cf6ce3b17cca67c9e>
> >>
> >> Presumably the feature has been broken since that time.

Yes. This is a bug comes from me. I am sorry about that, and I will
fixed it as soon as possible.

Best Regards,
Huang Ying
Comment 4 Neil Horman 2009-05-08 10:53:28 UTC
On Thu, May 07, 2009 at 01:45:29PM -0700, Andrew Morton wrote:
> 
> (switched to email.  Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
> 
> On Thu, 7 May 2009 13:29:41 GMT
> bugzilla-daemon@bugzilla.kernel.org wrote:
> 
> > http://bugzilla.kernel.org/show_bug.cgi?id=13265
> > 
> >            Summary: Crashdump feature totally broken with
> >                     CONFIG_KEXEC_JUMP
> >            Product: Platform Specific/Hardware
> >            Version: 2.5
> >     Kernel Version: 2.6.30rc4
> >           Platform: All
> >         OS/Version: Linux
> >               Tree: Mainline
> >             Status: NEW
> >           Severity: normal
> >           Priority: P1
> >          Component: i386
> >         AssignedTo: platform_i386@kernel-bugs.osdl.org
> >         ReportedBy: tstarling@wikimedia.org
> >         Regression: No
> > 
> > 
> > I loaded a crash kernel into a freshly-built 2.6.30rc4 instance using the
> > Ubuntu scripts, and then triggered a crash with echo c >
> /proc/sysrq-trigger.
> > The result was a kernel oops due to a null pointer deference in
> > machine_kexec_32.c around line 197:
> > 
> > #ifdef CONFIG_KEXEC_JUMP
> >     if (kexec_image->preserve_context)
> > 
> > kexec_image is NULL in this situation because kexec_crash_image (a.k.a. the
> > image parameter) is meant to be used instead. I tracked down the commit for
> > you:
> > 
> >
> <http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3122c331190e9d1622bf1c8cf6ce3b17cca67c9e>
> > 
> > Presumably the feature has been broken since that time.
> > 
> 
> 
> _______________________________________________
> kexec mailing list
> kexec@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
> 

This should fix it

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>


 machine_kexec_32.c |    2 +-
 machine_kexec_64.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index e7368c1..e3c8bd5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
+++ b/arch/x86/kernel/machine_kexec_32.c
@@ -194,7 +194,7 @@ void machine_kexec(struct kimage *image)
 				       unsigned int preserve_context);
 
 #ifdef CONFIG_KEXEC_JUMP
-	if (kexec_image->preserve_context)
+	if (image->preserve_context)
 		save_processor_state();
 #endif
 
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 89cea4d..416732c 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -274,7 +274,7 @@ void machine_kexec(struct kimage *image)
 	int save_ftrace_enabled;
 
 #ifdef CONFIG_KEXEC_JUMP
-	if (kexec_image->preserve_context)
+	if (image->preserve_context)
 		save_processor_state();
 #endif
Comment 5 Alan 2009-05-21 17:12:58 UTC
Verified applied

Note You need to log in before you can comment on or make changes to this bug.