kdump (Linux) on:
[Wikipedia]
[Google]
[Amazon]
kdump is a feature of the
In the event of a kernel crash, kdump preserves system consistency by
Kdump, a Kexec-based Kernel Crash Dumping Mechanism
Using Kdump for examining Linux kernel crashes
June 21, 2017, by Pratyush Anand
Kdump: Usage and internals
Linux kernel
The Linux kernel is a Free and open-source software, free and open source Unix-like kernel (operating system), kernel that is used in many computer systems worldwide. The kernel was created by Linus Torvalds in 1991 and was soon adopted as the k ...
that creates crash dumps in the event of a kernel crash. When triggered, kdump exports a memory image (also known as vmcore) that can be analyzed for the purposes of debugging
In engineering, debugging is the process of finding the Root cause analysis, root cause, workarounds, and possible fixes for bug (engineering), bugs.
For software, debugging tactics can involve interactive debugging, control flow analysis, Logf ...
and determining the cause of a crash. The dumped image of main memory
Computer data storage or digital data storage is a technology consisting of computer components and recording media that are used to retain digital data. It is a core function and fundamental component of computers.
The central processin ...
, exported as an Executable and Linkable Format
In computing, the Executable and Linkable FormatTool Interface Standard (TIS) Portable Formats SpecificationVersion 1.1'' (October 1993) (ELF, formerly named Extensible Linking Format) is a common standard file format for executable files, obje ...
(ELF) object, can be accessed either directly through during the handling of a kernel crash, or it can be automatically saved to a locally accessible file system, to a raw device, or to a remote system accessible over network.
Internals
In the event of a kernel crash, kdump preserves system consistency by booting
In computing, booting is the process of starting a computer as initiated via Computer hardware, hardware such as a physical button on the computer or by a software command. After it is switched on, a computer's central processing unit (CPU) h ...
another Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
kernel, which is known as the ''dump-capture kernel'', and using it to export and save a memory dump. As a result, the system boots into a clean and reliable environment instead of relying on an already crashed kernel that may cause various issues, such as causing file system corruption
Corruption is a form of dishonesty or a criminal offense that is undertaken by a person or an organization that is entrusted in a position of authority to acquire illicit benefits or abuse power for one's gain. Corruption may involve activities ...
while writing a memory dump file. To implement this "dual kernel" layout, kdump uses kexec
kexec (kernel execute), analogous to the Unix/Linux kernel call Exec (system call), exec, is a mechanism of the Linux kernel that allows booting of a new kernel (operating system), kernel from the currently running one.
Details
Essentially, kexe ...
for "warm" booting into the dump-capture kernel immediately after the kernel crash, using kexec's ability to boot "over" the currently running kernel while avoiding the execution of a bootloader
A bootloader, also spelled as boot loader or called bootstrap loader, is a computer program that is responsible for booting a computer and booting an operating system. If it also provides an interactive menu with multiple boot choices then it's o ...
and hardware initialization performed by the system firmware
In computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, h ...
(BIOS
In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...
or UEFI
Unified Extensible Firmware Interface (UEFI, as an acronym) is a Specification (technical standard), specification for the firmware Software architecture, architecture of a computing platform. When a computer booting, is powered on, the UEFI ...
). A dump-capture kernel can be either a separate Linux kernel image built specifically for that purpose, or the primary kernel image can be reused on architectures that support relocatable kernels.
The contents of main memory (RAM
Ram, ram, or RAM most commonly refers to:
* A male sheep
* Random-access memory, computer memory
* Ram Trucks, US, since 2009
** List of vehicles named Dodge Ram, trucks and vans
** Ram Pickup, produced by Ram Trucks
Ram, ram, or RAM may also ref ...
) are preserved while booting into and running the dump-capture kernel by reserving a small amount of RAM in advance, into which the dump-capture kernel is preloaded so none of the RAM used by the primary kernel is overwritten when a kernel crash is handled. This reserved amount of RAM is used solely by the dump-capture kernel and is otherwise unused during normal system operation. Some architectures, including x86
x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel, based on the 8086 microprocessor and its 8-bit-external-bus variant, the 8088. Th ...
and ppc64
ppc64 is an identifier commonly used within the Linux, GNU Compiler Collection (GCC) and LLVM free software communities to refer to the target architecture for applications optimized for 64-bit big-endian PowerPC and Power ISA processors.
ppc64 ...
, require a small fixed-position portion of RAM to boot a kernel regardless of where it is loaded; in this case, kexec creates a copy of that portion of RAM so it is also accessible to the dump-capture kernel. Size and optional position of the reserved portion of RAM are specified through the kernel boot parameter , and the command-line utility
A console application or command-line program is a computer program (applications or utilities) designed to be used via a text-only user interface.
A console application can be used with a computer terminal, a system console, or a terminal emu ...
is used after the primary kernel boots to preload a dump-capture kernel image and its associated initrd image into the reserved portion of RAM.
In addition to the functionality that is part of the Linux kernel, additional userspace
A modern computer operating system usually uses virtual memory to provide separate address spaces or regions of a single address space, called user space and kernel space. This separation primarily provides memory protection and hardware prote ...
utilities support the kdump mechanism, including the utility mentioned above. Besides the official utilities, which are provided as a patch to the kexec's suite of userspace utilities, some Linux distributions
A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel (operating system), kernel functionality. Although the name does not imply distribution (marketing), product distribution pe ...
provide additional utilities that simplify the configuration of kdump's operation, including the setup of automated saving of memory dump files. Created memory dump files can be analyzed using the GNU Debugger
The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, Assembly, C, C++, D, Fortran, Haskell, Go, Objective-C, OpenCL C, Modula-2, Pascal, Rust, and par ...
(), or by using Red Hat
Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North ...
's dedicated utility.
History
Kdump replaced the deprecated Linux Kernel Crash Dumps (LKCD) tool, which also wrote the contents of memory upon a crash. Kdump presents a more efficient, scalable utility than LKCD. kdump functionality, together with kexec, was merged into the Linux kernel mainline in kernel version 2.6.13, which was released on August 29, 2005.See also
* debugfs a Linux kernel's RAM-based file system specifically designed for debugging purposes * kdump (BSD) a BSD utility for viewing trace files generated by the ktrace utility * Linux kernel oops a potentially non-fatal deviation from correct behavior of the Linux kernel * ProcDump a utility for creating core dumps of applications based on performance triggersReferences
External links
*Kdump, a Kexec-based Kernel Crash Dumping Mechanism
IBM
International Business Machines Corporation (using the trademark IBM), nicknamed Big Blue, is an American Multinational corporation, multinational technology company headquartered in Armonk, New York, and present in over 175 countries. It is ...
, 2005, by Vivek Goyal, Eric W. Biederman, and Hariprasad Nellitheertha
Using Kdump for examining Linux kernel crashes
June 21, 2017, by Pratyush Anand
Kdump: Usage and internals
Red Hat
Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North ...
, June 2017, by Pratyush Anand and Dave Young
{{Operating system
Free software programmed in C
Linux kernel features
Unix programming tools