Hi.
On x86-PAE systems, guest domains can have memory larger
than 4GB.
When trying to get xendump of such a guest, nr_pages * PAGE_SIZE
exceeds 2^32, so "filesz" is not calculated properly
in xc_domain_dumpcore_via_callback().
As a result, the crash utility cannot access to the
string table section and cannot read the dumpfile.
Attached patch fixes this bug.
Thanks,
Daisuke Nishimura.
# HG changeset patch
# User root@xxxxxxxxxxxxxxxxxxxxx
# Date 1192417680 -32400
# Node ID 4eb6816a52e888017f294bf5fef1c68a75de374e
# Parent d6d3c7856abc196eec4a1ef6a39b965976a6ee8b
[x86-PAE] Avoid overflow in xc_domain_dumpcore_via_callback().
Signed-off-by: Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx>
diff -r d6d3c7856abc -r 4eb6816a52e8 tools/libxc/xc_core.c
--- a/tools/libxc/xc_core.c Thu Oct 11 10:12:07 2007 +0100
+++ b/tools/libxc/xc_core.c Mon Oct 15 12:08:00 2007 +0900
@@ -620,7 +620,7 @@ xc_domain_dumpcore_via_callback(int xc_h
dummy_len = ROUNDUP(offset, PAGE_SHIFT) - offset; /* padding length */
offset += dummy_len;
- filesz = nr_pages * PAGE_SIZE;
+ filesz = (uint64_t)nr_pages * PAGE_SIZE;
sts = xc_core_shdr_set(shdr, strtab, XEN_DUMPCORE_SEC_PAGES, SHT_PROGBITS,
offset, filesz, PAGE_SIZE, PAGE_SIZE);
if ( sts != 0 )
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|