mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2025-10-24 10:34:27 -04:00
vsnprintf returns the number of chars that would have been written, not the actual number of chars written. This can lead to crashlog_buf->len being too big which in turn can lead to get_maxlen() returning negative numbers. The length argument of kmsg_dump_get_buffer will be casted to a size_t which makes a negative input a big positive number allowing kmsg_dump_get_buffer to write out of bounds. Fix this by using vscnprintf which returns the actually written number of chars. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> SVN-Revision: 37820
277 lines
6.9 KiB
Diff
277 lines
6.9 KiB
Diff
--- /dev/null
|
|
+++ b/include/linux/crashlog.h
|
|
@@ -0,0 +1,17 @@
|
|
+#ifndef __CRASHLOG_H
|
|
+#define __CRASHLOG_H
|
|
+
|
|
+#ifdef CONFIG_CRASHLOG
|
|
+void crashlog_init_bootmem(struct bootmem_data *bdata);
|
|
+void crashlog_init_memblock(phys_addr_t addr, phys_addr_t size);
|
|
+#else
|
|
+static inline void crashlog_init_bootmem(struct bootmem_data *bdata)
|
|
+{
|
|
+}
|
|
+
|
|
+static inline void crashlog_init_memblock(phys_addr_t addr, phys_addr_t size)
|
|
+{
|
|
+}
|
|
+#endif
|
|
+
|
|
+#endif
|
|
--- a/init/Kconfig
|
|
+++ b/init/Kconfig
|
|
@@ -1186,6 +1186,10 @@ config RELAY
|
|
|
|
If unsure, say N.
|
|
|
|
+config CRASHLOG
|
|
+ bool "Crash logging"
|
|
+ depends on (!NO_BOOTMEM || HAVE_MEMBLOCK) && !(ARM || SPARC || PPC)
|
|
+
|
|
config BLK_DEV_INITRD
|
|
bool "Initial RAM filesystem and RAM disk (initramfs/initrd) support"
|
|
depends on BROKEN || !FRV
|
|
--- a/kernel/Makefile
|
|
+++ b/kernel/Makefile
|
|
@@ -110,6 +110,7 @@ obj-$(CONFIG_PADATA) += padata.o
|
|
obj-$(CONFIG_CRASH_DUMP) += crash_dump.o
|
|
obj-$(CONFIG_JUMP_LABEL) += jump_label.o
|
|
obj-$(CONFIG_CONTEXT_TRACKING) += context_tracking.o
|
|
+obj-$(CONFIG_CRASHLOG) += crashlog.o
|
|
|
|
$(obj)/configs.o: $(obj)/config_data.h
|
|
|
|
--- /dev/null
|
|
+++ b/kernel/crashlog.c
|
|
@@ -0,0 +1,181 @@
|
|
+/*
|
|
+ * Crash information logger
|
|
+ * Copyright (C) 2010 Felix Fietkau <nbd@openwrt.org>
|
|
+ *
|
|
+ * Based on ramoops.c
|
|
+ * Copyright (C) 2010 Marco Stornelli <marco.stornelli@gmail.com>
|
|
+ *
|
|
+ * This program is free software; you can redistribute it and/or
|
|
+ * modify it under the terms of the GNU General Public License
|
|
+ * version 2 as published by the Free Software Foundation.
|
|
+ *
|
|
+ * This program is distributed in the hope that it will be useful, but
|
|
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
+ * General Public License for more details.
|
|
+ *
|
|
+ * You should have received a copy of the GNU General Public License
|
|
+ * along with this program; if not, write to the Free Software
|
|
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
|
+ * 02110-1301 USA
|
|
+ *
|
|
+ */
|
|
+
|
|
+#include <linux/module.h>
|
|
+#include <linux/bootmem.h>
|
|
+#include <linux/memblock.h>
|
|
+#include <linux/debugfs.h>
|
|
+#include <linux/crashlog.h>
|
|
+#include <linux/kmsg_dump.h>
|
|
+#include <linux/module.h>
|
|
+#include <linux/pfn.h>
|
|
+#include <asm/io.h>
|
|
+
|
|
+#define CRASHLOG_PAGES 4
|
|
+#define CRASHLOG_SIZE (CRASHLOG_PAGES * PAGE_SIZE)
|
|
+#define CRASHLOG_MAGIC 0xa1eedead
|
|
+
|
|
+/*
|
|
+ * Start the log at 1M before the end of RAM, as some boot loaders like
|
|
+ * to use the end of the RAM for stack usage and other things
|
|
+ * If this fails, fall back to using the last part.
|
|
+ */
|
|
+#define CRASHLOG_OFFSET (1024 * 1024)
|
|
+
|
|
+struct crashlog_data {
|
|
+ u32 magic;
|
|
+ u32 len;
|
|
+ u8 data[];
|
|
+};
|
|
+
|
|
+static struct debugfs_blob_wrapper crashlog_blob;
|
|
+static unsigned long crashlog_addr = 0;
|
|
+static struct crashlog_data *crashlog_buf;
|
|
+static struct kmsg_dumper dump;
|
|
+static bool first = true;
|
|
+
|
|
+extern struct list_head *crashlog_modules;
|
|
+
|
|
+#ifndef CONFIG_NO_BOOTMEM
|
|
+void __init crashlog_init_bootmem(bootmem_data_t *bdata)
|
|
+{
|
|
+ unsigned long addr;
|
|
+
|
|
+ if (crashlog_addr)
|
|
+ return;
|
|
+
|
|
+ addr = PFN_PHYS(bdata->node_low_pfn) - CRASHLOG_OFFSET;
|
|
+ if (reserve_bootmem(addr, CRASHLOG_SIZE, BOOTMEM_EXCLUSIVE) < 0) {
|
|
+ printk("Crashlog failed to allocate RAM at address 0x%lx\n", addr);
|
|
+ bdata->node_low_pfn -= CRASHLOG_PAGES;
|
|
+ addr = PFN_PHYS(bdata->node_low_pfn);
|
|
+ }
|
|
+ crashlog_addr = addr;
|
|
+}
|
|
+#endif
|
|
+
|
|
+#ifdef CONFIG_HAVE_MEMBLOCK
|
|
+void __meminit crashlog_init_memblock(phys_addr_t addr, phys_addr_t size)
|
|
+{
|
|
+ if (crashlog_addr)
|
|
+ return;
|
|
+
|
|
+ addr += size - CRASHLOG_OFFSET;
|
|
+ if (memblock_reserve(addr, CRASHLOG_SIZE)) {
|
|
+ printk("Crashlog failed to allocate RAM at address 0x%lx\n", (unsigned long) addr);
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ crashlog_addr = addr;
|
|
+}
|
|
+#endif
|
|
+
|
|
+static void __init crashlog_copy(void)
|
|
+{
|
|
+ if (crashlog_buf->magic != CRASHLOG_MAGIC)
|
|
+ return;
|
|
+
|
|
+ if (!crashlog_buf->len || crashlog_buf->len >
|
|
+ CRASHLOG_SIZE - sizeof(*crashlog_buf))
|
|
+ return;
|
|
+
|
|
+ crashlog_blob.size = crashlog_buf->len;
|
|
+ crashlog_blob.data = kmemdup(crashlog_buf->data,
|
|
+ crashlog_buf->len, GFP_KERNEL);
|
|
+
|
|
+ debugfs_create_blob("crashlog", 0700, NULL, &crashlog_blob);
|
|
+}
|
|
+
|
|
+static int get_maxlen(void)
|
|
+{
|
|
+ return CRASHLOG_SIZE - sizeof(*crashlog_buf) - crashlog_buf->len;
|
|
+}
|
|
+
|
|
+static void crashlog_printf(const char *fmt, ...)
|
|
+{
|
|
+ va_list args;
|
|
+ int len = get_maxlen();
|
|
+
|
|
+ if (!len)
|
|
+ return;
|
|
+
|
|
+ va_start(args, fmt);
|
|
+ crashlog_buf->len += vscnprintf(
|
|
+ &crashlog_buf->data[crashlog_buf->len],
|
|
+ len, fmt, args);
|
|
+ va_end(args);
|
|
+}
|
|
+
|
|
+static void crashlog_do_dump(struct kmsg_dumper *dumper,
|
|
+ enum kmsg_dump_reason reason)
|
|
+{
|
|
+ struct timeval tv;
|
|
+ struct module *m;
|
|
+ char *buf;
|
|
+ size_t len;
|
|
+
|
|
+ if (!first)
|
|
+ crashlog_printf("\n===================================\n");
|
|
+
|
|
+ do_gettimeofday(&tv);
|
|
+ crashlog_printf("Time: %lu.%lu\n",
|
|
+ (long)tv.tv_sec, (long)tv.tv_usec);
|
|
+
|
|
+ if (first) {
|
|
+ crashlog_printf("Modules:");
|
|
+ list_for_each_entry(m, crashlog_modules, list) {
|
|
+ crashlog_printf("\t%s@%p+%x", m->name,
|
|
+ m->module_core, m->core_size,
|
|
+ m->module_init, m->init_size);
|
|
+ }
|
|
+ crashlog_printf("\n");
|
|
+ first = false;
|
|
+ }
|
|
+
|
|
+ buf = (char *)&crashlog_buf->data[crashlog_buf->len];
|
|
+
|
|
+ kmsg_dump_get_buffer(dumper, true, buf, get_maxlen(), &len);
|
|
+
|
|
+ crashlog_buf->len += len;
|
|
+}
|
|
+
|
|
+
|
|
+int __init crashlog_init_fs(void)
|
|
+{
|
|
+ if (!crashlog_addr)
|
|
+ return -ENOMEM;
|
|
+
|
|
+ crashlog_buf = ioremap(crashlog_addr, CRASHLOG_SIZE);
|
|
+
|
|
+ crashlog_copy();
|
|
+
|
|
+ crashlog_buf->magic = CRASHLOG_MAGIC;
|
|
+ crashlog_buf->len = 0;
|
|
+
|
|
+ dump.max_reason = KMSG_DUMP_OOPS;
|
|
+ dump.dump = crashlog_do_dump;
|
|
+ kmsg_dump_register(&dump);
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+module_init(crashlog_init_fs);
|
|
--- a/mm/bootmem.c
|
|
+++ b/mm/bootmem.c
|
|
@@ -15,6 +15,7 @@
|
|
#include <linux/export.h>
|
|
#include <linux/kmemleak.h>
|
|
#include <linux/range.h>
|
|
+#include <linux/crashlog.h>
|
|
#include <linux/memblock.h>
|
|
|
|
#include <asm/bug.h>
|
|
@@ -177,6 +178,7 @@ static unsigned long __init free_all_boo
|
|
if (!bdata->node_bootmem_map)
|
|
return 0;
|
|
|
|
+ crashlog_init_bootmem(bdata);
|
|
start = bdata->node_min_pfn;
|
|
end = bdata->node_low_pfn;
|
|
|
|
--- a/kernel/module.c
|
|
+++ b/kernel/module.c
|
|
@@ -106,6 +106,9 @@ static LIST_HEAD(modules);
|
|
#ifdef CONFIG_KGDB_KDB
|
|
struct list_head *kdb_modules = &modules; /* kdb needs the list of modules */
|
|
#endif /* CONFIG_KGDB_KDB */
|
|
+#ifdef CONFIG_CRASHLOG
|
|
+struct list_head *crashlog_modules = &modules;
|
|
+#endif
|
|
|
|
#ifdef CONFIG_MODULE_SIG
|
|
#ifdef CONFIG_MODULE_SIG_FORCE
|
|
--- a/mm/memblock.c
|
|
+++ b/mm/memblock.c
|
|
@@ -19,6 +19,7 @@
|
|
#include <linux/debugfs.h>
|
|
#include <linux/seq_file.h>
|
|
#include <linux/memblock.h>
|
|
+#include <linux/crashlog.h>
|
|
|
|
static struct memblock_region memblock_memory_init_regions[INIT_MEMBLOCK_REGIONS] __initdata_memblock;
|
|
static struct memblock_region memblock_reserved_init_regions[INIT_MEMBLOCK_REGIONS] __initdata_memblock;
|
|
@@ -344,6 +345,8 @@ static void __init_memblock memblock_ins
|
|
memblock_set_region_node(rgn, nid);
|
|
type->cnt++;
|
|
type->total_size += size;
|
|
+ if (type == &memblock.memory && idx == 0)
|
|
+ crashlog_init_memblock(base, size);
|
|
}
|
|
|
|
/**
|