The kdump crash kernel panics when it tries to reserve the MP Config
tables on an ES7000.
The MP Config table is located above 1MB of physical memory in a
reserved memory area. It is located outside the first 1MB area because
the tables are too large, 240k.
The crash kernel is given a user defined memory map with E820 reserved
and ACPI areas passed in by kexec tools and a usable area from 16MB
physical to 80MB physical. This user defined map causes the top of
memory to be set as 80MB.
The ACPI tables and MP Tables reside higher in memory. When reserving
memory with reserve_bootmem_generic, the function has a BUG panic if the
memory location to reserve is above the top of memory. The MP table is
above the top of memory in a user defined memory map.
This patch will ignore reserving the MP tables if the MP table resides
in an area already reserved in the E820.
I have two alternate patches that accomplish the same effect if this
patch is not acceptable.
1. avoid reserving the MP tables if a user defined memory map or if a
user defined memory limit ("mem=") is used.
2. avoid reserving the MP tables if a kernel parameter is passed in to
ignore MP table reservation.
diff -Naur linux-2.6.19-rc4/arch/x86_64/kernel/e820.c linux-2.6.19-rc4-az/arch/x86_64/kernel/e820.c
--- linux-2.6.19-rc4/arch/x86_64/kernel/e820.c 2006-10-31 17:38:41.000000000 -0500
+++ linux-2.6.19-rc4-az/arch/x86_64/kernel/e820.c 2006-11-02 17:56:01.000000000 -0500
@@ -351,6 +351,53 @@
}
}
+int __init e820_reserved(unsigned long target_phys)
+{
+ int i;
+ unsigned long section_begin_phys, section_end_phys;
+
+ for (i = 0; i < e820.nr_map; i++) {
+ // if it is usable memory, ignore it
+ if (e820.map[i].type == E820_RAM )
+ continue;
+
+ section_begin_phys = e820.map[i].addr;
+ section_end_phys = e820.map[i].addr + e820.map[i].size;
+
+ // if its NOT within the memory range, ignore it
+ if (!(section_begin_phys < target_phys &&
+ target_phys < section_end_phys))
+ continue;
+
+ printk(KERN_DEBUG "MP Tables at %lx in %016lx - %016lx",
+ target_phys, section_begin_phys, section_end_phys);
+
+ switch (e820.map[i].type) {
+ case E820_RESERVED:
+ printk(KERN_DEBUG "(reserved)\n");
+ break;
+ case E820_ACPI:
+ printk(KERN_DEBUG "(ACPI data)\n");
+ printk(KERN_DEBUG "WARNING: MP Tables located in");
+ printk(KERN_DEBUG "ACPI Data Area\n");
+ break;
+ case E820_NVS:
+ printk(KERN_DEBUG "(ACPI NVS)\n");
+ printk(KERN_DEBUG "WARNING: MP Tables located in");
+ printk(KERN_DEBUG "ACPI NVS Area\n");
+ break;
+ default:
+ printk(KERN_DEBUG "(type %u)\n", e820.map[i].type);
+ printk(KERN_ERR "WARNING: MP Tables located in");
+ printk(KERN_ERR "Unkown Memory Area!\n");
+ printk(KERN_ERR "Reservations are disallowed.\n");
+ return 0;
+ }
+ return 1;
+ }
+ return 0;
+}
+
/*
* Sanitize the BIOS e820 map.
*
diff -Naur linux-2.6.19-rc4/arch/x86_64/kernel/mpparse.c linux-2.6.19-rc4-az/arch/x86_64/kernel/mpparse.c
--- linux-2.6.19-rc4/arch/x86_64/kernel/mpparse.c 2006-10-31 17:38:41.000000000 -0500
+++ linux-2.6.19-rc4-az/arch/x86_64/kernel/mpparse.c 2006-11-02 17:25:10.000000000 -0500
@@ -23,6 +23,7 @@
#include <linux/acpi.h>
#include <linux/module.h>
+#include <asm/e820.h>
#include <asm/smp.h>
#include <asm/mtrr.h>
#include <asm/mpspec.h>
@@ -543,7 +544,7 @@
smp_found_config = 1;
reserve_bootmem_generic(virt_to_phys(mpf), PAGE_SIZE);
- if (mpf->mpf_physptr)
+ if (mpf->mpf_physptr && e820_reserved(mpf->mpf_physptr))
reserve_bootmem_generic(mpf->mpf_physptr, PAGE_SIZE);
mpf_found = mpf;
return 1;
diff -Naur linux-2.6.19-rc4/include/asm-x86_64/e820.h linux-2.6.19-rc4-az/include/asm-x86_64/e820.h
--- linux-2.6.19-rc4/include/asm-x86_64/e820.h 2006-10-31 17:39:24.000000000 -0500
+++ linux-2.6.19-rc4-az/include/asm-x86_64/e820.h 2006-11-02 17:25:10.000000000 -0500
@@ -44,6 +44,7 @@
extern void e820_reserve_resources(void);
extern void e820_mark_nosave_regions(void);
extern void e820_print_map(char *who);
+extern int e820_reserved(unsigned long target_phys);
extern int e820_any_mapped(unsigned long start, unsigned long end, unsigned type);
extern int e820_all_mapped(unsigned long start, unsigned long end, unsigned type);
On Thu, Nov 02, 2006 at 05:24:32PM -0500, Amul Shah wrote:
> The kdump crash kernel panics when it tries to reserve the MP Config
> tables on an ES7000.
>
> The MP Config table is located above 1MB of physical memory in a
> reserved memory area. It is located outside the first 1MB area because
> the tables are too large, 240k.
>
Hi Amul,
Can you tell where it is placed in your system? At the end of physical
RAM?
> The crash kernel is given a user defined memory map with E820 reserved
> and ACPI areas passed in by kexec tools and a usable area from 16MB
> physical to 80MB physical. This user defined map causes the top of
> memory to be set as 80MB.
>
> The ACPI tables and MP Tables reside higher in memory. When reserving
> memory with reserve_bootmem_generic, the function has a BUG panic if the
> memory location to reserve is above the top of memory. The MP table is
> above the top of memory in a user defined memory map.
>
> This patch will ignore reserving the MP tables if the MP table resides
> in an area already reserved in the E820.
>
> I have two alternate patches that accomplish the same effect if this
> patch is not acceptable.
> 1. avoid reserving the MP tables if a user defined memory map or if a
> user defined memory limit ("mem=") is used.
> 2. avoid reserving the MP tables if a kernel parameter is passed in to
> ignore MP table reservation.
>
>
I think both the methods are not the right way to solve the problem. It
will just fix the symtom you are facing. Currently this solution works
for you as you are using MADT tables from ACPI. But it will fail if you try
to boot second kernel on your system with acpi=off as MP tables are not
accessible.
I think the right way to fix this problem would be to let kexec-tools know
where the MP table is in RAM and kexec-tools can create another memmap=
entry for that area so that MP tables are accessible in second kernel.
I think you need to export the MP table location and size to user space,
say through /sys/kernel/. And also modify kexec-tools to parse it.
Thanks
Vivek
On Thursday 02 November 2006 23:24, Amul Shah wrote:
>
> The ACPI tables and MP Tables reside higher in memory. When reserving
> memory with reserve_bootmem_generic, the function has a BUG panic if the
> memory location to reserve is above the top of memory. The MP table is
> above the top of memory in a user defined memory map.
I think it would be cleaner to add a check in reserve_bootmem_generic
that just returns when pfn >= end_pfn && pfn < end_pfn_mapped
How about this patch? Does it work?
-Andi
Handle reserve_bootmem_generic beyond end_pfn
This can happen on kexec kernels with some configurations, in particularly
on Unisys ES7000 systems.
Analysis by Amul Shah
Cc: Amul Shah <[email protected]>
Signed-off-by: Andi Kleen <[email protected]>
Index: linux/arch/x86_64/mm/init.c
===================================================================
--- linux.orig/arch/x86_64/mm/init.c
+++ linux/arch/x86_64/mm/init.c
@@ -655,9 +655,22 @@ void free_initrd_mem(unsigned long start
void __init reserve_bootmem_generic(unsigned long phys, unsigned len)
{
- /* Should check here against the e820 map to avoid double free */
#ifdef CONFIG_NUMA
int nid = phys_to_nid(phys);
+#endif
+ unsigned long pfn = phys >> PAGE_SHIFT;
+ if (pfn >= end_pfn) {
+ /* This can happen with kdump kernels when accessing firmware
+ tables. */
+ if (pfn < end_pfn_map)
+ return;
+ printk(KERN_ERR "reserve_bootmem: illegal reserve %lx %u\n",
+ phys, len);
+ return;
+ }
+
+ /* Should check here against the e820 map to avoid double free */
+#ifdef CONFIG_NUMA
reserve_bootmem_node(NODE_DATA(nid), phys, len);
#else
reserve_bootmem(phys, len);
On Thu, 2006-11-02 at 18:36 -0500, Vivek Goyal wrote:
> On Thu, Nov 02, 2006 at 05:24:32PM -0500, Amul Shah wrote:
> > The kdump crash kernel panics when it tries to reserve the MP Config
> > tables on an ES7000.
> >
> > The MP Config table is located above 1MB of physical memory in a
> > reserved memory area. It is located outside the first 1MB area because
> > the tables are too large, 240k.
> >
>
> Hi Amul,
>
> Can you tell where it is placed in your system? At the end of physical
> RAM?
The MP tables are located at 896MB of RAM. I believe that we ended up
there because i386 Linux would choke if the tables were located higher
than 896MB (the low memory boundary).
> > The crash kernel is given a user defined memory map with E820 reserved
> > and ACPI areas passed in by kexec tools and a usable area from 16MB
> > physical to 80MB physical. This user defined map causes the top of
> > memory to be set as 80MB.
> >
> > The ACPI tables and MP Tables reside higher in memory. When reserving
> > memory with reserve_bootmem_generic, the function has a BUG panic if the
> > memory location to reserve is above the top of memory. The MP table is
> > above the top of memory in a user defined memory map.
> >
> > This patch will ignore reserving the MP tables if the MP table resides
> > in an area already reserved in the E820.
> >
> > I have two alternate patches that accomplish the same effect if this
> > patch is not acceptable.
> > 1. avoid reserving the MP tables if a user defined memory map or if a
> > user defined memory limit ("mem=") is used.
> > 2. avoid reserving the MP tables if a kernel parameter is passed in to
> > ignore MP table reservation.
> >
> >
>
> I think both the methods are not the right way to solve the problem. It
> will just fix the symtom you are facing. Currently this solution works
> for you as you are using MADT tables from ACPI. But it will fail if you try
> to boot second kernel on your system with acpi=off as MP tables are not
> accessible.
You are correct, this patch most certainly only fixes the Unisys problem
(does that make me a corporate shill? ;). Since we can't boot the
ES7000 without ACPI, the crash kernel must have access to the ACPI Data
area.
> I think the right way to fix this problem would be to let kexec-tools know
> where the MP table is in RAM and kexec-tools can create another memmap=
> entry for that area so that MP tables are accessible in second kernel.
The MP Tables already reside in a reserved area which the kexec-tools
handles. Unfortunately because end of ram in the user defined map is
physical 80MB, trying to reserve memory above that point breaks the
ES7000.
> I think you need to export the MP table location and size to user space,
> say through /sys/kernel/. And also modify kexec-tools to parse it.
>
> Thanks
> Vivek
Andi's suggestion will work with a modification. I'll post it once I've
tested it.
thanks,
Amul
On Fri, 2006-11-03 at 03:40 +0100, Andi Kleen wrote:
> On Thursday 02 November 2006 23:24, Amul Shah wrote:
>
> >
> > The ACPI tables and MP Tables reside higher in memory. When reserving
> > memory with reserve_bootmem_generic, the function has a BUG panic if the
> > memory location to reserve is above the top of memory. The MP table is
> > above the top of memory in a user defined memory map.
>
> I think it would be cleaner to add a check in reserve_bootmem_generic
> that just returns when pfn >= end_pfn && pfn < end_pfn_mapped
>
> How about this patch? Does it work?
>
> -Andi
>
> Handle reserve_bootmem_generic beyond end_pfn
>
> This can happen on kexec kernels with some configurations, in particularly
> on Unisys ES7000 systems.
>
> Analysis by Amul Shah
>
> Cc: Amul Shah <[email protected]>
>
> Signed-off-by: Andi Kleen <[email protected]>
>
> Index: linux/arch/x86_64/mm/init.c
> ===================================================================
> --- linux.orig/arch/x86_64/mm/init.c
> +++ linux/arch/x86_64/mm/init.c
> @@ -655,9 +655,22 @@ void free_initrd_mem(unsigned long start
>
> void __init reserve_bootmem_generic(unsigned long phys, unsigned len)
> {
> - /* Should check here against the e820 map to avoid double free */
> #ifdef CONFIG_NUMA
> int nid = phys_to_nid(phys);
> +#endif
> + unsigned long pfn = phys >> PAGE_SHIFT;
> + if (pfn >= end_pfn) {
> + /* This can happen with kdump kernels when accessing firmware
> + tables. */
> + if (pfn < end_pfn_map)
> + return;
> + printk(KERN_ERR "reserve_bootmem: illegal reserve %lx %u\n",
> + phys, len);
> + return;
> + }
> +
> + /* Should check here against the e820 map to avoid double free */
> +#ifdef CONFIG_NUMA
> reserve_bootmem_node(NODE_DATA(nid), phys, len);
> #else
> reserve_bootmem(phys, len);
Andi,
That won't worked because in arch/86_64/kernel/e820.c, the exactmap
parsing clobbers end_pfn_map.
static int __init parse_memmap_opt(char *p)
{
char *oldp;
unsigned long long start_at, mem_size;
if (!strcmp(p, "exactmap")) {
#ifdef CONFIG_CRASH_DUMP
/* If we are doing a crash dump, we
* still need to know the real mem
* size before original memory map is
* reset.
*/
saved_max_pfn = e820_end_of_ram();
#endif
end_pfn_map = 0;
e820.nr_map = 0;
userdef = 1;
return 0;
}
The following was my alternate patch with uses the saved_max_pfn
variable which avoids the MP config table reservation bug. I'll rewrite
it to go into reserve_bootmem_generic and submit that patch once I have
tested it.
I chose to use end_user_pfn because it is left unmodified unless the
user specifies an exactmap or a "mem=" value as a kernel boot parameter.
This might be a no-no, since I didn't check to see if I'm under the top
of memory. I'm making the assumption that since the user chose to
define memory the user knows what s/he is doing.
This patch is just for comment since I'll be using the same logic when I
update the patch that Andi sent.
thanks,
Amul
diff -Naur linux-2.6.19-rc4/arch/x86_64/kernel/mpparse.c linux-2.6.19-rc4-pfncheck/arch/x86_64/kernel/mpparse.c
--- linux-2.6.19-rc4/arch/x86_64/kernel/mpparse.c 2006-10-31 17:38:41.000000000 -0500
+++ linux-2.6.19-rc4-pfncheck/arch/x86_64/kernel/mpparse.c 2006-11-03 10:18:24.000000000 -0500
@@ -34,6 +34,7 @@
/* Have we found an MP table */
int smp_found_config;
unsigned int __initdata maxcpus = NR_CPUS;
+extern unsigned long end_user_pfn;
int acpi_found_madt;
@@ -528,6 +529,8 @@
extern void __bad_mpf_size(void);
unsigned int *bp = phys_to_virt(base);
struct intel_mp_floating *mpf;
+ int mpf_below_mem;
+ unsigned long mpf_pfn;
Dprintk("Scan SMP from %p for %ld bytes.\n", bp,length);
if (sizeof(*mpf) != 16)
@@ -542,8 +545,33 @@
|| (mpf->mpf_specification == 4)) ) {
smp_found_config = 1;
+ mpf_below_mem = 0;
reserve_bootmem_generic(virt_to_phys(mpf), PAGE_SIZE);
- if (mpf->mpf_physptr)
+ if (mpf->mpf_physptr) {
+ mpf_pfn = mpf->mpf_physptr>>PAGE_SHIFT;
+ mpf_below_mem = 1;
+#ifdef CONFIG_CRASH_DUMP
+ if (mpf_pfn > end_pfn &&
+ mpf_pfn < saved_max_pfn) {
+ printk(KERN_WARNING "WARNING: "
+ "mpf_physptr > end_pfn %lx in "
+ "user defined map\n", end_pfn);
+ printk(KERN_WARNING "WARNING: "
+ "Not reserving the MP Tables\n");
+ mpf_below_mem = 0;
+ }
+#endif
+ if (mpf_pfn > end_pfn &&
+ end_user_pfn != MAXMEM>>PAGE_SHIFT) {
+ printk(KERN_WARNING "WARNING: "
+ "mpf_physptr > end_pfn %lx. Try"
+ " a larger 'mem='\n", end_pfn);
+ printk(KERN_WARNING "WARNING: "
+ "Not reserving the MP Tables\n");
+ mpf_below_mem = 0;
+ }
+ }
+ if (mpf_below_mem)
reserve_bootmem_generic(mpf->mpf_physptr, PAGE_SIZE);
mpf_found = mpf;
return 1;
[Finally dropping that annoying fastboot list from cc. Please never include any closed
mailing lists in l-k posts. Thanks]
> That won't worked because in arch/86_64/kernel/e820.c, the exactmap
> parsing clobbers end_pfn_map.
That's a bug imho. It shouldn't do that.
end_pfn_map should be always the highest address in e820 so that we
can access all firmware tables safely.
-Andi
>
> static int __init parse_memmap_opt(char *p)
> {
> char *oldp;
> unsigned long long start_at, mem_size;
>
> if (!strcmp(p, "exactmap")) {
> #ifdef CONFIG_CRASH_DUMP
> /* If we are doing a crash dump, we
> * still need to know the real mem
> * size before original memory map is
> * reset.
> */
> saved_max_pfn = e820_end_of_ram();
> #endif
> end_pfn_map = 0;
> e820.nr_map = 0;
> userdef = 1;
> return 0;
> }
On Fri, Nov 03, 2006 at 05:51:03PM +0100, Andi Kleen wrote:
>
> [Finally dropping that annoying fastboot list from cc. Please never include any closed
> mailing lists in l-k posts. Thanks]
>
> > That won't worked because in arch/86_64/kernel/e820.c, the exactmap
> > parsing clobbers end_pfn_map.
>
> That's a bug imho. It shouldn't do that.
>
> end_pfn_map should be always the highest address in e820 so that we
> can access all firmware tables safely.
>
Hi Andi,
end_pfn_map still contins the highest address in e820. The only difference
is that it is reset and recalculated based on new memory map passed
with the help of memmap= options.
Actually with mempmap=exactmap, we are overriding the BIOS provided
memory map with a User defined memory map so we reset the end_pfn_map
to zero and it will be calculated again based on new memory map passed
with the help of memmap= options.
So to access all the firmware tables safely, one has to make sure that
right memmap= options have been passed to the kernel.
That's why IMHO, the right way to fix this problem is not doing
some special condition checks in kernel, instead, passing the right
memmap= options. To do that kexec-tools has to know where the firmware
tables are and that's why location of MP tables should be exported to
user space.
Thanks
Vivek
On Fri, Nov 03, 2006 at 05:51:03PM +0100, Andi Kleen wrote:
>
> [Finally dropping that annoying fastboot list from cc. Please never include any closed
> mailing lists in l-k posts. Thanks]
>
Sorry, did not notice your message in the last mail and copied my last
response to fastboot mailing list.
When did fastboot become a closed mailing list? AFAIK, its an open list
and anybody can do the posting.
Are you getting notifications that your mail has been waiting for
moderator's approval to be posted?
Thanks
Vivek
On Friday 03 November 2006 18:40, Vivek Goyal wrote:
> When did fastboot become a closed mailing list? AFAIK, its an open list
> and anybody can do the posting.
It's been for a long time. At least I remember often getting these bounces.
>
> Are you getting notifications that your mail has been waiting for
> moderator's approval to be posted?
Yes.
-Andi
On Fri, Nov 03, 2006 at 07:43:48PM +0100, Andi Kleen wrote:
> On Friday 03 November 2006 18:40, Vivek Goyal wrote:
>
> > When did fastboot become a closed mailing list? AFAIK, its an open list
> > and anybody can do the posting.
>
> It's been for a long time. At least I remember often getting these bounces.
>
You are right. Just now I sent a mail to the administrator of the list and
he told that recently he made fastboot a closed list to avoid spams. But he
is now re-opening the list for everybody as we want to archive the
kexec/kdump related discussions in fastboot list. Finding a past discussion
on LKML is tough.
So now onwards you should not be receiving those annoying messages.
Thanks
Vivek
On Fri, 2006-11-03 at 12:17 -0500, Vivek Goyal wrote:
> On Fri, Nov 03, 2006 at 05:51:03PM +0100, Andi Kleen wrote:
> >
> > [Finally dropping that annoying fastboot list from cc. Please never include any closed
> > mailing lists in l-k posts. Thanks]
> >
> > > That won't worked because in arch/86_64/kernel/e820.c, the exactmap
> > > parsing clobbers end_pfn_map.
> >
> > That's a bug imho. It shouldn't do that.
> >
> > end_pfn_map should be always the highest address in e820 so that we
> > can access all firmware tables safely.
> >
>
> Hi Andi,
>
> end_pfn_map still contins the highest address in e820. The only difference
> is that it is reset and recalculated based on new memory map passed
> with the help of memmap= options.
Andi, Vivek is right. We can use end_pfn_map. My observation is wrong.
> Actually with mempmap=exactmap, we are overriding the BIOS provided
> memory map with a User defined memory map so we reset the end_pfn_map
> to zero and it will be calculated again based on new memory map passed
> with the help of memmap= options.
>
> So to access all the firmware tables safely, one has to make sure that
> right memmap= options have been passed to the kernel.
>
> That's why IMHO, the right way to fix this problem is not doing
> some special condition checks in kernel, instead, passing the right
> memmap= options. To do that kexec-tools has to know where the firmware
> tables are and that's why location of MP tables should be exported to
> user space.
Vivek, the problem condition is in generic reserve_bootmem_core
(mm/bootmem.c), where this
BUG_ON(PFN_DOWN(addr) >= bdata->node_low_pfn);
checks the target address against the top of that node's memory.
When I said:
> The ACPI tables and MP Tables reside higher in memory. When reserving
> memory with reserve_bootmem_generic, the function has a BUG panic if the
> memory location to reserve is above the top of memory. The MP table is
> above the top of memory in a user defined memory map.
I wasn't accurate. I should have said that the top of memory as seen in
that function is the top of the memory for the node of usable memory.
Since the user defined map as passed in the kexec tools is accurate, we
do need the conditional check to avoid this problem. I'm more than
happy to work in a second patch to export the MP table location to user
space for the kexec tools (the ES7000 will be a special case even for
that feature since the MP tables already reside in a reserved area).
thanks,
Amul
On Friday 03 November 2006 20:47, Amul Shah wrote:
> Andi, Vivek is right. We can use end_pfn_map. My observation is wrong.
Ok. Then my patch should work?
> Vivek, the problem condition is in generic reserve_bootmem_core
> (mm/bootmem.c), where this
> BUG_ON(PFN_DOWN(addr) >= bdata->node_low_pfn);
> checks the target address against the top of that node's memory.
In general these early BUGs should be eliminated - they are always
messy because the kernel exception handlers are not fully functional
yet. printks or worst case panics are better.
-Andi
On Fri, 2006-11-03 at 20:52 +0100, Andi Kleen wrote:
> On Friday 03 November 2006 20:47, Amul Shah wrote:
>
> > Andi, Vivek is right. We can use end_pfn_map. My observation is wrong.
>
> Ok. Then my patch should work?
The patch does work on a 2.6.16 derived kernel (SLES 10 kernel). The
2.6.19-rc4 kernel is doing some funny things when I use it as a kdump
kernel (regardless of the patch).
> > Vivek, the problem condition is in generic reserve_bootmem_core
> > (mm/bootmem.c), where this
> > BUG_ON(PFN_DOWN(addr) >= bdata->node_low_pfn);
> > checks the target address against the top of that node's memory.
>
> In general these early BUGs should be eliminated - they are always
> messy because the kernel exception handlers are not fully functional
> yet. printks or worst case panics are better.
>
> -Andi
I assume that we are not going to change mm/bootmem.c since your patch
works. Am I right?
Amul
On Friday 03 November 2006 22:17, Amul Shah wrote:
> On Fri, 2006-11-03 at 20:52 +0100, Andi Kleen wrote:
> > On Friday 03 November 2006 20:47, Amul Shah wrote:
> >
> > > Andi, Vivek is right. We can use end_pfn_map. My observation is wrong.
> >
> > Ok. Then my patch should work?
>
> The patch does work on a 2.6.16 derived kernel (SLES 10 kernel). The
> 2.6.19-rc4 kernel is doing some funny things when I use it as a kdump
> kernel (regardless of the patch).
Magnus had another patch for that which I applied
ftp://ftp.firstfloor.org/pub/ak/x86_64/quilt/patches/setup-saved_max_pfn-correctly-kdump
Does it work with that?
> > > Vivek, the problem condition is in generic reserve_bootmem_core
> > > (mm/bootmem.c), where this
> > > BUG_ON(PFN_DOWN(addr) >= bdata->node_low_pfn);
> > > checks the target address against the top of that node's memory.
> >
> > In general these early BUGs should be eliminated - they are always
> > messy because the kernel exception handlers are not fully functional
> > yet. printks or worst case panics are better.
> >
> > -Andi
>
> I assume that we are not going to change mm/bootmem.c since your patch
> works. Am I right?
Yep.
-Andi