kdump (Linux)
kdump is a feature of the Linux kernel that creates crash dumps in the event of a kernel crash. When triggered, kdump exports a memory image (also known as vmcore) that can be analyzed for the purposes of debugging and determining the cause of a crash. The dumped image of main memory, exported as an Executable and Linkable Format (ELF) object, can be accessed either directly through /proc/vmcore during the handling of a kernel crash, or it can be automatically saved to a locally accessible file system, to a raw device, or to a remote system accessible over network.[1][2]
Internals
[edit]In the event of a kernel crash, kdump preserves system consistency by booting another Linux kernel, which is known as the dump-capture kernel, and using it to export and save a memory dump. As a result, the system boots into a clean and reliable environment instead of relying on an already crashed kernel that may cause various issues, such as causing file system corruption while writing a memory dump file. To implement this "dual kernel" layout, kdump uses kexec for "warm" booting into the dump-capture kernel immediately after the kernel crash, using kexec's ability to boot "over" the currently running kernel while avoiding the execution of a bootloader and hardware initialization performed by the system firmware (BIOS or UEFI). A dump-capture kernel can be either a separate Linux kernel image built specifically for that purpose, or the primary kernel image can be reused on architectures that support relocatable kernels.[1][3][4][5]: 5–6
The contents of main memory (RAM) are preserved while booting into and running the dump-capture kernel by reserving a small amount of RAM in advance, into which the dump-capture kernel is preloaded so none of the RAM used by the primary kernel is overwritten when a kernel crash is handled. This reserved amount of RAM is used solely by the dump-capture kernel and is otherwise unused during normal system operation. Some architectures, including x86 and ppc64, require a small fixed-position portion of RAM to boot a kernel regardless of where it is loaded; in this case, kexec creates a copy of that portion of RAM so it is also accessible to the dump-capture kernel. Size and optional position of the reserved portion of RAM are specified through the kernel boot parameter crashkernel, and the kexec command-line utility is used after the primary kernel boots to preload a dump-capture kernel image and its associated initrd image into the reserved portion of RAM.[1][3][4]
In addition to the functionality that is part of the Linux kernel, additional userspace utilities support the kdump mechanism, including the kexec utility mentioned above.[1][4] Besides the official utilities, which are provided as a patch to the kexec's suite of userspace utilities, some Linux distributions provide additional utilities that simplify the configuration of kdump's operation, including the setup of automated saving of memory dump files.[6][7][8] Created memory dump files can be analyzed using the GNU Debugger (gdb), or by using Red Hat's dedicated crash utility.[9][10]
History
[edit]Kdump replaced the deprecated Linux Kernel Crash Dumps (LKCD) tool, which also wrote the contents of memory upon a crash.[11] Kdump presents a more efficient, scalable utility than LKCD.[12]
kdump functionality, together with kexec, was merged into the Linux kernel mainline in kernel version 2.6.13, which was released on August 29, 2005.[13]
See also
[edit]- debugfs – a Linux kernel's RAM-based file system specifically designed for debugging purposes
- kdump (BSD) – a BSD utility for viewing trace files generated by the ktrace utility
- Linux kernel oops – a potentially non-fatal deviation from correct behavior of the Linux kernel
- ProcDump – a utility for creating core dumps of applications based on performance triggers
References
[edit]- ^ a b c d Jonathan Corbet (October 27, 2004). "Crash dumps with kexec". LWN.net. Retrieved August 9, 2014.
- ^ "13.2 About Kdump (Chapter 13: Support Diagnostic Tools)". Oracle Corporation. 2012. Retrieved August 9, 2014.
- ^ a b c Vivek Goyal; Eric W. Biederman; Hariprasad Nellitheertha (June 14, 2006). "Kdump: A Kexec-based Kernel Crash Dumping Mechanism" (PDF). lse.sourceforge.net. Retrieved August 9, 2014.
- ^ a b c "Linux kernel documentation: Documentation/kdump/kdump.txt". kernel.org. August 12, 2013. Retrieved August 9, 2014.
- ^ Takashi Iwai (July 26, 2006). "Debugging using Kdump" (PDF). SUSE. Retrieved August 9, 2014.
- ^ "29.2.2. Using the Kernel Dump Configuration Utility (Red Hat Enterprise Linux 6 Deployment Guide)". Red Hat. Retrieved August 9, 2014.
- ^ "kexec and kdump: Basic kdump Configuration (System Analysis and Tuning Guide)". SUSE. April 25, 2014. Retrieved August 9, 2014.
- ^ "How to use kdump to debug kernel crashes". Fedora. April 9, 2014. Retrieved August 9, 2014.
- ^ David Anderson (August 27, 2010). "White Paper: Red Hat Crash Utility". Red Hat. Retrieved August 9, 2014.
- ^ "kexec and kdump: Analyzing the Crash Dump (System Analysis and Tuning Guide)". SUSE. April 25, 2014. Retrieved August 9, 2014.
- ^ Ljubuncic, Igor (April 15, 2009). "Collecting and analyzing Linux kernel crashes - LKCD".
- ^ Ljubuncic, Igor (July 18, 2009). "Collecting and analyzing Linux kernel crashes - Kdump".
- ^ "Linux kernel 2.6.13". kernelnewbies.org. August 29, 2005. Retrieved August 9, 2014.
External links
[edit]- Official website
- Kdump, a Kexec-based Kernel Crash Dumping Mechanism, IBM, 2005, by Vivek Goyal, Eric W. Biederman, and Hariprasad Nellitheertha
- Using Kdump for examining Linux kernel crashes, June 21, 2017, by Pratyush Anand
- Kdump: Usage and internals, Red Hat, June 2017, by Pratyush Anand and Dave Young