HOME

TheInfoList



Click Here for Items Related To - Kdump (Linux)
OR:
Kdump (Linux) on:   [Wikipedia]   [Google]   [Amazon]

kdump is a feature of the
Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ...
that creates crash dumps in the event of a kernel crash. When triggered, kdump exports a memory image (also known as
vmcore In computing, a core dump, memory dump, crash dump, storage dump, system dump, or ABEND dump consists of the recorded state of the working memory of a computer program at a specific time, generally when the program has crashed or otherwise termina ...
) that can be analyzed for the purposes of
debugging In computer programming and software development, debugging is the process of finding and resolving ''bugs'' (defects or problems that prevent correct operation) within computer programs, software, or systems. Debugging tactics can involve in ...
and determining the cause of a crash. The dumped image of
main memory Computer data storage is a technology consisting of computer components and recording media that are used to retain digital data. It is a core function and fundamental component of computers. The central processing unit (CPU) of a comput ...
, exported as an
Executable and Linkable Format In computing, the Executable and Linkable FormatTool Interface Standard (TIS) Portable Formats SpecificationVersion 1.1'' (October 1993) (ELF, formerly named Extensible Linking Format), is a common standard file format for executable files, ob ...
(ELF) object, can be accessed either directly through during the handling of a kernel crash, or it can be automatically saved to a locally accessible
file system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one lar ...
, to a raw device, or to a remote system accessible over
network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...
.


Internals

In the event of a kernel crash, kdump preserves system consistency by
booting In computing, booting is the process of starting a computer as initiated via Computer hardware, hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its ma ...
another
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
kernel, which is known as the ''dump-capture kernel'', and using it to export and save a memory dump. As a result, the system boots into a clean and reliable environment instead of relying on an already crashed kernel that may cause various issues, such as causing file system
corruption Corruption is a form of dishonesty or a criminal offense which is undertaken by a person or an organization which is entrusted in a position of authority, in order to acquire illicit benefits or abuse power for one's personal gain. Corruption m ...
while writing a memory dump file. To implement this "dual kernel" layout, kdump uses
kexec kexec, abbreviated from ''kernel execute'' and analogous to the Unix/Linux kernel call '' exec'', is a mechanism of the Linux kernel that allows booting of a new kernel from the currently running one. Essentially, kexec skips the bootloader stag ...
for "warm" booting into the dump-capture kernel immediately after the kernel crash, using kexec's ability to boot "over" the currently running kernel while avoiding the execution of a
bootloader A bootloader, also spelled as boot loader or called boot manager and bootstrap loader, is a computer program that is responsible for booting a computer. When a computer is turned off, its softwareincluding operating systems, application code, an ...
and hardware initialization performed by the system
firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide ...
(
BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the ...
or
UEFI UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples ...
). A dump-capture kernel can be either a separate Linux kernel image built specifically for that purpose, or the primary kernel image can be reused on architectures that support relocatable kernels. The contents of main memory ( RAM) are preserved while booting into and running the dump-capture kernel by reserving a small amount of RAM in advance, into which the dump-capture kernel is preloaded so none of the RAM used by the primary kernel is overwritten when a kernel crash is handled. This reserved amount of RAM is used solely by the dump-capture kernel and is otherwise unused during normal system operation. Some architectures, including x86 and
ppc64 ppc64 is an identifier commonly used within the Linux, GNU Compiler Collection (GCC) and LLVM open-source software communities to refer to the target architecture for applications optimized for 64-bit big-endian PowerPC and Power ISA processors. ...
, require a small fixed-position portion of RAM to boot a kernel regardless of where it is loaded; in this case, kexec creates a copy of that portion of RAM so it is also accessible to the dump-capture kernel. Size and optional position of the reserved portion of RAM are specified through the kernel boot parameter , and the command-line utility is used after the primary kernel boots to preload a dump-capture kernel image and its associated initrd image into the reserved portion of RAM. In addition to the functionality that is part of the Linux kernel, additional
userspace A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...
utilities support the kdump mechanism, including the utility mentioned above. Besides the official utilities, which are provided as a
patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song ...
to the kexec's suite of userspace utilities, some
Linux distributions A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading on ...
provide additional utilities that simplify the configuration of kdump's operation, including the setup of automated saving of memory dump files. Created memory dump files can be analyzed using the
GNU Debugger The GNU Debugger (GDB) is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, Objective-C, Free Pascal, Fortran, Go, and partially others. History GDB was first writte ...
(), or by using Red Hat's dedicated utility.


History

kdump functionality, together with kexec, was merged into the
Linux kernel mainline The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU oper ...
in kernel version 2.6.13, which was released on August 29, 2005.


See also

* debugfs a Linux kernel's RAM-based file system specifically designed for debugging purposes *
kdump (BSD) ktrace is a utility included with certain versions of BSD Unix and Mac OS X that traces kernel interaction with a program and dumps it to disk for the purposes of debugging and analysis. Traced kernel operations include system calls, namei ...
a BSD utility for viewing trace files generated by the ktrace utility *
Linux kernel oops In computing, an oops is a serious but non-fatal error in the Linux kernel. An oops often precedes a kernel panic, but may in some cases allow continued operation with compromised reliability. The term does not stand for anything, other than that ...
a potentially non-fatal deviation from correct behavior of the Linux kernel *
ProcDump ProcDump is a command-line application used for monitoring an application for CPU spikes and creating crash dumps during a spike. The crash dumps can then be used by an administrator or software developer to determine the cause of the spike. Proc ...
a utility for creating core dumps of applications based on performance triggers


References


External links

*
Kdump, a Kexec-based Kernel Crash Dumping Mechanism
IBM, 2005, by Vivek Goyal, Eric W. Biederman, and Hariprasad Nellitheertha
Using Kdump for examining Linux kernel crashes
June 21, 2017, by Pratyush Anand
Kdump: Usage and internals
Red Hat, June 2017, by Pratyush Anand and Dave Young {{Operating system Free software programmed in C Linux kernel features Unix programming tools