Guest

Cisco IOS Software Releases 12.3 T

Buffer Overflow: Detection and Correction of Redzone Corruption

Hierarchical Navigation

Downloads

Table Of Contents

Buffer Overflow: Detection and Correction of Redzone Corruption

Contents

Restrictions for Buffer Overflow Detection and Correction

Information About Buffer Overflow Detection and Correction

Detection of Memory Block Overflow Problems

When to Enable Buffer Overflow Detection and Correction

How to Configure the Buffer Overflow Detection and Correction Feature

Configuring Buffer Overflow Detection and Correction

Displaying Buffer Overflow Detection and Correction Details

Configuration Examples for Buffer Overflow Detection and Correction

Configuring Buffer Overflow Detection and Correction: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

exception memory ignore overflow

show memory

Feature Information for Buffer Overflow: Detection and Correction of Redzone Corruption


Buffer Overflow: Detection and Correction of Redzone Corruption

First Published: March 1, 2004
Last Updated: May 30, 2006

In its default state, the Cisco IOS software forces a software reload when a memory block overflow is detected. The Buffer Overflow: Detection and Correction of Redzone Corruption feature allows you to configure a device to detect and correct the memory block overflow and continue operation.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Buffer Overflow: Detection and Correction of Redzone Corruption" section.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Restrictions for Buffer Overflow Detection and Correction

Information About Buffer Overflow Detection and Correction

How to Configure the Buffer Overflow Detection and Correction Feature

Configuration Examples for Buffer Overflow Detection and Correction

Additional References

Command Reference

Feature Information for Buffer Overflow: Detection and Correction of Redzone Corruption

Restrictions for Buffer Overflow Detection and Correction

The device must have enough file system space to store the crashinfo data about memory overflow corrections.

A minimal performance impact occurs each time the software corrects a memory block overflow.

Information About Buffer Overflow Detection and Correction

Before configuring the Buffer Overflow: Detection and Correction of Redzone Corruption feature, be sure you understand the following concepts:

Detection of Memory Block Overflow Problems

When to Enable Buffer Overflow Detection and Correction

Detection of Memory Block Overflow Problems

A memory block overflow problem is detected in the Cisco IOS software when the value of an area in the memory block called the "redzone" is checked. A change in a redzone value indicates the occurrence of a memory block overflow. The memory block overflow can occur in either processor or packet memory.

Because processor memory is used for holding data referred to by the Cisco IOS software, the chances of device malfunction are higher when there are extensive overflows, even if software can correct it. The overflow detected in the processor memory is corrected only when the size of the overflow is less than or equal to the size of the redzone value, which is 4 bytes. If the memory block is allocated at the time of memory overflow detection, the correction will happen during freeing up of the memory block.

When a memory block overflow problem is detected in packet memory, software will change the memory block header data back to its correct value. The memory corruption caused by the memory overflow could extend over multiple contiguous blocks of memory. If so, the memory block header and redzone value of each such corrupted block would be rewritten. The correction would be done whenever the memory overflow was detected. In this case, the software assumes that the protocol stack will handle packet transmission when it becomes aware of data corruption. The protocol stack software could request that the packet be retransmitted or just drop the packet.

When to Enable Buffer Overflow Detection and Correction

The Buffer Overflow: Detection and Correction of Redzone Corruption feature corrects memory corruption to the Cisco IOS memory block headers and allows a router to continue its normal operation. This is an optional feature that you can configured through the use of the exception memory ignore overflow command. You would configure this feature when a device is known to have a memory block overflow problem.

If memory overflow correction is frequently required, for example, every 5 seconds and more than two times in a row, a severe problem is indicated and the device would be allowed to reload. Once an overflow is detected, details about the instance of the overflow are collected in a file and written to flash memory. You can display the details of this file using a Cisco IOS show memory overflow command.

How to Configure the Buffer Overflow Detection and Correction Feature

This section contains the following tasks for configuring and displaying details about the Buffer Overflow: Detection and Correction of Redzone Corruption feature:

Configuring Buffer Overflow Detection and Correction (required)

Displaying Buffer Overflow Detection and Correction Details (optional)

Configuring Buffer Overflow Detection and Correction

Perform the following task to configure buffer overflow detection and correction.

SUMMARY STEPS

1. enable

2. configure terminal

3. exception memory ignore overflow {io | processor} [frequency seconds] [maxcount corrections]

4. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

exception memory ignore overflow {io | processor} [frequency seconds] [maxcount corrections]

Example:

Router(config)# exception memory ignore overflow processor frequency 30 maxcount 5

Configures the Cisco IOS software to correct corruption in memory block headers and allows a router to continue its normal operation.

The io keyword selects packet memory.

The processor keyword selects processor memory.

The frequency seconds keyword and argument pair sets up the minimum time gap between two memory block header corrections, in a range from 1 to 600 seconds. The default is once every 10 seconds.

The maxcount corrections keyword and argument pair sets up the maximum number of memory block header corrections allowed, in a range from 1 to 1000. The default is 0, which sets an unlimited number of corrections.

Step 4 

end

Example:

Router(config)# end

Exits to privileged EXEC mode.

Displaying Buffer Overflow Detection and Correction Details

Perform the following task to display buffer overflow detection and correction details.

SUMMARY STEPS

1. enable

2. show memory overflow

3. exit

DETAILED STEPS

Step 1 enable

Use this command to enter privileged EXEC mode. Enter your password if prompted. For example: 

Router> enable

Router#

Step 2 show memory overflow

Use this command to display the buffer overflow detection and correction details. For example: 

Router# show memory overflow


Count   Buffer Count     Last corrected      Crashinfo files


1       1                00:11:17            slot0:crashinfo_20030620-075755

Traceback   607D526C 608731A0 607172F8 607288E0 607A5688 607A566C

The report includes the amount of time from the boot up of the router at which the correction occurred, 11 minutes and 17 seconds (00:11:17), and the name of the file that logged the memory block overflow details, slot:crashinfo_20030620-075755.

Step 3 exit

Use this command to exit to user EXEC mode. For example: 

Router# exit

Router>

Configuration Examples for Buffer Overflow Detection and Correction

This section provides the following configuration example:

Configuring Buffer Overflow Detection and Correction: Example

Configuring Buffer Overflow Detection and Correction: Example

The following example sets a maximum of five processor memory block header corruption corrections to occur every 30 seconds: 

Router(config)# exception memory ignore overflow processor frequency 30 maxcount 5

Additional References

The following sections provide references related to the Buffer Overflow: Detection and Correction of Redzone Corruption feature.

Related Documents

Related Topic
Document Title

Maintaining system memory

"Maintaining System Memory" chapter in the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3

System memory commands

Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3T


Standards

Standards
Title

None


MIBs

MIBs
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

None


Technical Assistance

Description
Link

The Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Command Reference

This section documents modified commands only.

exception memory ignore overflow

show memory

exception memory ignore overflow

To configure the Cisco IOS software to correct corruption in memory block headers and allow a router to continue its normal operation, use the exception memory ignore overflow command in global configuration mode. To disable memory overflow correction, use the no form of this command.

exception memory ignore overflow {io | processor} [frequency seconds] [maxcount corrections]

no exception memory ignore overflow {io | processor} [frequency seconds] [maxcount corrections]

Syntax Description

io

Selects input/output (also called packet) memory.

processor

Selects processor memory.

frequency seconds

(Optional) Specifies the minimum time gap between two memory block header corrections, in the range from 1 to 600 seconds. The default is once every 10 seconds.

maxcount corrections

(Optional) Specifies the maximum number of memory block header corrections allowed, in the range from 1 to 1000. The default is 0, which sets an unlimited number of corrections.


Command Default

The default is to allow the memory overflow correction once every 10 seconds, and for memory overflow corrections to happen an unlimited number of times.

Command Modes

Global configuration

Command History

Release
Modification

12.3(7)T

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

Use this command to improve device availability when software faults are detected in the network. You can configure the frequency and the maximum number of memory overflow corrections. If overflow correction is required more often than the configured value, a software forced reload is triggered because a severe system problem is indicated.

Examples

The following example shows how to set a maximum of five processor memory block header corruption corrections to occur every 30 seconds: 

configure terminal 

!

exception memory ignore overflow processor frequency 30 maxcount 5

end

Related Commands

Command
Description

show memory overflow

Displays the details of a memory block header corruption correction.


show memory

To display statistics about memory, including memory-free pool statistics, use the show memory command in user EXEC or privileged EXEC mode.

show memory [memory-type] [free] [overflow] [summary]

Syntax Description

memory-type

(Optional) Memory type to display (processor, multibus, io, or sram). If memory-type is not specified, statistics for all memory types present are displayed.

free

(Optional) Displays free memory statistics.

overflow

(Optional) Displays details about memory block header corruption corrections when the exception memory ignore overflow global configuration command is configured.

summary

(Optional) Displays a summary of memory usage including the size and number of blocks allocated for each address of the system call that allocated the block.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.0

This command was introduced.

12.3(7)T

This command was enhanced with the overflow keyword to display details about memory block header corruption corrections.

12.2(25)S

The command output was updated to display information about transient memory pools.

12.3(14)T

The command output was updated to display information about transient memory pools.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

The show memory command displays information about memory available after the system image decompresses and loads.

Examples

The following is sample output from the show memory command: 

Router# show memory


               Head   Total(b)    Used(b)    Free(b)  Lowest(b) Largest(b)

Processor    B0EE38    5181896    2210036    2971860    2692456    2845368


          Processor memory

Address   Bytes Prev.    Next     Ref  PrevF   NextF   Alloc PC  What

B0EE38     1056 0        B0F280     1                  18F132    List Elements

B0F280     2656 B0EE38   B0FD08     1                  18F132    List Headers

B0FD08     2520 B0F280   B10708     1                  141384    TTY data

B10708     2000 B0FD08   B10F00     1                  14353C    TTY Input Buf

B10F00      512 B10708   B11128     1                  14356C    TTY Output Buf

B11128     2000 B10F00   B11920     1                  1A110E    Interrupt Stack 

B11920       44 B11128   B11974     1                  970DE8    *Init*

B11974     1056 B11920   B11DBC     1                  18F132    messages

B11DBC       84 B11974   B11E38     1                  19ABCE    Watched Boolean 

B11E38       84 B11DBC   B11EB4     1                  19ABCE    Watched Boolean 

B11EB4       84 B11E38   B11F30     1                  19ABCE    Watched Boolean 

B11F30       84 B11EB4   B11FAC     1                  19ABCE    Watched Boolean

The following is sample output from the show memory free command: 

Router# show memory free


               Head   Total(b)    Used(b)    Free(b)  Lowest(b) Largest(b)

Processor      B0EE38    5181896    2210076    2971820    2692456    2845368


          Processor memory

Address   Bytes Prev.    Next     Ref  PrevF   NextF   Alloc PC  What

             24    Free list 1

CEB844       32  CEB7A4 CEB88C      0  0       0       96B894    SSE Manager

             52    Free list 2

             72    Free list 3

             76    Free list 4

             80    Free list 5

D35ED4       80 D35E30   D35F4C     0  0       D27AE8  96B894    SSE Manager

D27AE8       80 D27A48   D27B60     0  D35ED4  0       22585E    SSE Manager

             88    Free list 6

            100    Free list 7

D0A8F4      100 D0A8B0   D0A980     0  0       0       2258DA    SSE Manager

            104    Free list 8

B59EF0      108 B59E8C   B59F84     0  0       0       2258DA    (fragment)

The output of the show memory free command contains the same types of information as the show memory output, except that only free memory is displayed, and the information is displayed in order for each free list.

The first section of the display includes summary statistics about the activities of the system memory allocator. Table 1 describes the significant fields shown in the first section of the display.

Table 1 show memory Field Descriptions-First Section 

Field
Description

Head

Hexadecimal address of the head of the memory allocation chain.

Total(b)

Sum of used bytes plus free bytes.

Used(b)

Amount of memory in use.

Free(b)

Amount of memory not in use.

Lowest(b)

Smallest amount of free memory since last boot.

Largest(b)

Size of largest available free block.


The second section of the display is a block-by-block listing of memory use. Table 2 describes the significant fields shown in the second section of the display.

Table 2 Characteristics of Each Block of Memory-Second Section 

Field
Description

Address

Hexadecimal address of block.

Bytes

Size of block (in bytes).

Prev.

Address of previous block (should match the address on previous line).

Next

Address of next block (should match the address on next line).

Ref

Reference count for that memory block, indicating how many different processes are using that block of memory.

PrevF

Address of previous free block (if free).

NextF

Address of next free block (if free).

Alloc PC

Address of the system call that allocated the block.

What

Name of process that owns the block, or "(fragment)" if the block is a fragment, or "(coalesced)" if the block was coalesced from adjacent free blocks.


The show memory io command displays the free I/O memory blocks. On the Cisco 4000 router, this command quickly shows how much unused I/O memory is available.

The following is sample output from the show memory io command: 

Router# show memory io


Address   Bytes Prev.   Next     Ref  PrevF   NextF   Alloc PC  What

6132DA0   59264 6132664 6141520  0    0      600DDEC  3FCF0     *Packet Buffer*

600DDEC     500 600DA4C 600DFE0  0   6132DA0 600FE68  0 

600FE68     376 600FAC8 600FFE0  0   600DDEC 6011D54  0 

6011D54     652 60119B4 6011FEO  0   600FE68 6013D54  0 

614FCA0     832 614F564 614FFE0  0   601FD54 6177640  0 

6177640 2657056 6172E90 0        0   614FCA0 0        0 

Total: 2723244

The following example displays details of a memory block overflow correction when the exception memory ignore overflow global configuration command is configured: 

Router# show memory overflow


Count   Buffer Count     Last corrected      Crashinfo files


1       1                00:11:17            slot0:crashinfo_20030620-075755

Traceback   607D526C 608731A0 607172F8 607288E0 607A5688 607A566C

The report includes the amount of time since the last correction was made and the name of the file that logged the memory block overflow details.

The show memory sram command displays the free SRAM memory blocks. For the Cisco 4000 router, this command supports the high-speed static RAM memory pool to make it easier for you to debug or diagnose problems with allocation or freeing of such memory.

The following is sample output from the show memory sram command: 

Router# show memory sram


Address   Bytes Prev.   Next     Ref  PrevF   NextF   Alloc PC  What

7AE0      38178 72F0    0        0    0       0       0

Total     38178

The following example of the show memory command used on the Cisco 4000 router includes information about SRAM memory and I/O memory: 

Router# show memory


               Head   Total(b)    Used(b)    Free(b)  Lowest(b) Largest(b)

Processor    49C724   28719324    1510864   27208460   26511644   15513908

      I/O   6000000    4194304    1297088    2897216    2869248    2896812

     SRAM      1000      65536      63400       2136       2136       2136


Address   Bytes Prev.   Next     Ref  PrevF   NextF   Alloc PC  What

1000       2032 0       17F0       1                  3E73E     *Init*

17F0       2032 1000    1FE0       1                  3E73E     *Init*

1FE0        544 17F0    2200       1                  3276A     *Init*

2200         52 1FE0    2234       1                  31D68     *Init*

2234         52 2200    2268       1                  31DAA     *Init*

2268         52 2234    229C       1                  31DF2     *Init*

72F0       2032 6E5C    7AE0       1                  3E73E     Init

7AE0      38178 72F0    0          0    0      0      0         

The show memory summary command displays a summary of all memory pools and memory usage per Alloc PC (address of the system call that allocated the block).

The following is a partial sample output from the show memory summary command. This output shows the size, blocks, and bytes allocated. Bytes equal the size multiplied by the blocks. For a description of the other fields, see Table 1 and Table 2. 

Router# show memory summary


Head   Total(b)    Used(b)    Free(b)  Lowest(b) Largest(b)

Processor    B0EE38    5181896    2210216    2971680    2692456    2845368


          Processor memory

Alloc PC        Size     Blocks      Bytes    What

0x2AB2           192          1        192    IDB: Serial Info

0x70EC            92          2        184    Init

0xC916           128         50       6400    RIF Cache

0x76ADE         4500          1       4500    XDI data

0x76E84         4464          1       4464    XDI data

0x76EAC          692          1        692    XDI data

0x77764          408          1        408    Init

0x77776          116          1        116    Init

0x777A2          408          1        408    Init

0x777B2          116          1        116    Init

0xA4600           24          3         72    List

0xD9B5C           52          1         52    SSE Manager

.......................

0x0                0       3413    2072576    Pool Summary

0x0                0         28    2971680    Pool Summary (Free Blocks)

0x0               40       3441     137640    Pool Summary(All Block Headers)

0x0                0       3413    2072576    Memory Summary

0x0                0         28    2971680    Memory Summary (Free Blocks)

Related Commands

Command
Description

exception memory ignore overflow

Configures the Cisco IOS software to correct corruptions in memory block headers and allow a router to continue its normal operation.

show processes memory

Displays memory used per process.


Feature Information for Buffer Overflow: Detection and Correction of Redzone Corruption

Table 3 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 3 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release. Unless noted otherwise, subsequent releases of that Cisco IOS software release also support that feature.

Table 3 Feature Information for Buffer Overflow: Detection and Correction of Redzone Corruption 

Feature Name
Releases
Feature Information

Buffer Overflow: Detection and Correction of Redzone Corruption

12.2(25)S, 12.2(27)SBC, 12.2(33)SRA, 12.3(7)T

In its default state, the Cisco IOS software forces a software reload when a memory block overflow is detected. The Buffer Overflow: Detection and Correction of Redzone Corruption feature allows you to configure a device to detect and correct the memory block overflow and continue operation.

In 12.3(7)T, this feature was introduced.

In 12.2(25)S, this feature was integrated into a Cisco IOS 12.2S  release.

In 12.2(27)SBC, this feature was integrated into a Cisco IOS 12.2SB release.

In 12.2(33)SRA, this feature was integrated into a Cisco IOS 12.2SR release.

The following sections provide information about this feature:

When to Enable Buffer Overflow Detection and Correction

Configuring Buffer Overflow Detection and Correction

Displaying Buffer Overflow Detection and Correction Details

The following commands were modified by this feature: exception memory ignore overflow and show memory.



Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2004 - 2006 Cisco Systems, Inc. All rights reserved.