The usage of kdump
文章目录
Notes about Linux kernel kdump.
1. motivation
有时候Oops发生的同时系统也会宕机,此时这些出错信息是来不及存入文件中的,关掉电源后就无法再看到了。我们只能通过其他的方式来记录:手抄或者拍照。
还有更坏的情况,如果Oops信息过多的话,一页屏幕显示不全,我们怎么来查看完整的内容呢?第一种方法,在grub里用vga参数指定更高的分辨率以使屏幕可以显示更多的内容。很明显,这个方法其实解决不了太多的问题;第二种方法,使用两台机器,把调试机的Oops信息通过串口打印到宿主机的屏幕上。但现在大部分的笔记本电脑是没有串口的,这个解决方法也有很大的局限性;第三种方法,使用内核转储工具kdump把发生Oops时的内存和CPU寄存器的内容dump到一个文件里,之后我们再用工具来分析问题。
2. Overview
Kdump uses kexec to quickly boot to a dump-capture kernel whenever a dump of the system kernel’s memory needs to be taken (for example, when the system panics). The system kernel’s memory image is preserved across the reboot and is accessible to the dump-capture kernel.
You can use common commands, such as cp, scp or makedumpfile to copy the memory image to a dump file on the local disk, or across the network to a remote system.
When the system kernel boots, it reserves a small section of memory for the dump-capture kernel. This ensures that ongoing Direct Memory Access (DMA) from the system kernel does not corrupt the dump-capture kernel. The kexec -p command loads the dump-capture kernel into this reserved memory.
With the dump-capture kernel, you can access the memory image through /proc/vmcore. This exports the dump as an ELF-format file that you can write out using file copy commands such as cp or scp. You can also use makedumpfile utility to analyze and write out filtered contents with options, e.g with ‘-d 31’ it will only write out kernel data. Further, you can use analysis tools such as the GDB and the Crash tool to debug the dump file.
3. System kernel config options
There are two possible methods of using Kdump.
- Build a separate custom dump-capture kernel for capturing the kernel core dump.
- Or use the system kernel binary itself as dump-capture kernel and there is no need to build a separate dump-capture kernel. This is possible only with the architectures which support a relocatable kernel. As of today, i386, x86_64, ppc64, ia64, arm and arm64 architectures support relocatable kernel.
本文选择的是第二种方法。
system kernel config options配置如下:
1 | CONFIG_KEXEC=y |
4. Setup and Installation
4.1 Ubuntu
1 | sudo apt install linux-crashdump -y |
1 | wget https://github.com/crash-utility/crash/archive/refs/tags/7.3.1.tar.gz |
5. 强制内核崩溃
1 | echo 1 > /proc/sys/kernel/sysrq |
重启后可以在/var/crash/目录下看到vmcore日志文件。
1 | cd /var/crash/ |
6. Kdump analysis using crash
1 | crash vmcore.202112241159 /usr/lib/debug/lib/modules/5.15.0-rc6-virt-ui+/vmlinux |
1 | crash> bt |
7. MISC
- crashkernel syntax
- Configure Dump Location
- Configure Core Collector
Configure Dump Location和Configure Core Collector可以参考How to use kdump for Linux Kernel Crash Analysis。
参考资料: