SlideShare una empresa de Scribd logo

Kernel Recipes 2015 - Kernel dump analysis

Anne Nicolas
Anne Nicolas

Kernel dump analysis Cloud this, cloud that…It’s making everything easier, especially for web hosted services. But what about the servers that are not supposed to crash ? For applications making the assumption the OS won’t do any fault or go down, what can you write in your post-mortem once the server froze and has been restarted ? How to track down the bug that lead to service unavailability ? In this talk, we’ll see how to setup kdump and how to panic a server to generate a coredump. Once you have the vmcore file, how to track the issue with “crash” tool to find why your OS went down. Last but not least : with “crash” you can also modify your live kernel, the same way you would do with gdb. Adrien Mahieux – System administrator obsessed with performance and uptime, tracking down microseconds from hardware to software since 2011. The application must be seen as a whole to provide efficiently the requested service. This includes searching for bottlenecks and tradeoffs, design issues or hardware optimization.

Software
1 de 25
Descargar para leer sin conexión
Linux crashdump analysis Dumping and analysing system state Kernel-Recipes 2015 Adrien Mahieux - Sysadmin & microsecond hunter gh: github.com/Saruspete tw: @Saruspete
0 - Agenda 1. What’s a (crash)dump ? 2. Dump analysis 3. Live analysis (+ edition) 4. Tools & Links - Get a dump - from hypervisor - Get a crashdump - with kdump - GDB based tool : crash - Requirements : debuginfo - What to look for - Using crash on a live system - Source browsing - Script helpers - Analysis
What A snapshot of a system memory at a specific time Who Mostly for sysadmins and guardians of production Where Physical and Virtual Linux-based servers When Your server is unresponsive (from ssh / console / application…) Why To know what happened (kernel bug, external attack, limit missing…) How Physical : kexec & panic the server Virtual : same, or from hypervisor H. Much Uses between 64M and 512M of RAM to boot the sec. kernel On Virtual, you may do it from hypervisor at no cost 1 - What’s a (crash)dump ?
1.1 - Get a dump - hypervisor VMWare - Suspend / resume (.vmss file) or Snapshot with memory (.vmsn file) - Use tool vmss2core (VMWare Labs) to transform the raw dump into ELF dump libvirt - virsh : virsh dump MyGuestName /storage/MyGuestName.dump - QEMU Monitor : dump-guest-memory [-z|-l|-s] FILENAME Xen - xl : dump-core domain-id filename
1.2 - Get a crashdump - kexec / kdump Kernel configuration - CONFIG_KEXEC=y to boot the secondary kernel - CONFIG_SYSFS=y for /sys/kernel/kexec_crash_{loaded,size} - CONFIG_CRASH_DUMP=y - CONFIG_PROC_VMCORE=y Export dump to /proc/vmcore - (CONFIG_DEBUG_INFO=y) Will not be in live kernel - (CONFIG_RELOCATABLE=y) To use the same kernel for live & dump - boot option : crashkernel=X@Y - X is the amount of memory to be reserved + 2 bytes for each 4KB - Y is the offset at which memory will be reserved - You can specify only X and the Kernel will find Y - If you have more than 2G of RAM, you can use “auto”
1.2 - Get a crashdump - kexec / kdump Configure kdump - Feature of the kernel that exports an ELF memory image via /proc/vmcore - kdump often refers to the whole process to dump a core - Relies on kexec to boot a secondary kernel / initrd to do the job - Uses the memory reserved by “crashkernel” bootopt to load the “dump- capture” kernel & initrd - Upon panic, the running kernel will start the new one, which will do the dump (ssh, ftp, local disk.. depending on your script) and reboot the system - kdump can use makedumpfile to filter memory data by type (free pages, userland pages, private cache, cache pages, zero pages). - Check status with /sys/kernel/kexec_crash_{loaded,size}
1.2 - Get a crashdump - kexec / kdump Dumping an unresponsive system : PANIC ! Manually - SysRq echo c > /proc/sysrq-trigger - NMI via IPMI ipmitool power diag - NMI via virsh virsh inject-nmi MyGuestName - Beware of kernel.unknown_nmi_panic=1 Automatically - Watchdog Boot cmdline: nmi_watchdog=1 - Softlockup sysctl kernel.softlockup_panic=1 - Out Of Memory sysctl vm.panic_on_oom=1
1.2 - Get a crashdump - kexec / kdump (non-server) Desktops / Laptops usually don’t have external source to generate NMI Kernel provides other ways : Hard/Soft lockup detectors - Kernel config {SOFT,HARD}LOCKUP_DETECTOR / BOOTPARAM_{SOFT,HARD} LOCKUP_PANIC - Hard : Stay in kernel for more than 10sec - Soft : Task is hung for 120sec Watchdog daemon - Kernel config {SOFT,CLOCKSOURCE}_WATCHDOG - Boot option “nmi_watchdog=1” - watchdog daemon (http://sourceforge.net/projects/watchdog)
1.2 - Get a crashdump - kexec / kdump
2 - Dump Analysis
2 - Dump Analysis Your weapon : Crash - Tool by Dave Anderson (RedHat) - Based on GDB - x86, x86_64, arm, ia64, ppc64, s390 - Extensible (snap, trace, appdump, memory, dm, ipcs, cgroups, sockets, openvz…) - Quick evolution and active Mailing List Your gunsmith : debuginfos - We don’t want debug in production, but we’d like to be able to debug - Split debuginfo are Dwarf debug data in separate files to be used on demand - Most distributions provides them for stock kernel Redhat : debuginfo-install kernel Debian : apt-get install linux- image-$(uname -r)-dbg
2.1 - What to look for Summup of the system state : sys KERNEL: /var/crash/127.0.0.1-2015-08-20-20:00:00/vmcore DUMPFILE: vmcore.myserver [PARTIAL DUMP] CPUS: 24 DATE: Mon Aug 20 20:00:00 2015 UPTIME: 32 days, 17:12:02 LOAD AVERAGE: 1625.88, 1603.11, 1509.73 TASKS: 25639 NODENAME: myserver RELEASE: 2.6.18-371.8.1.el5 VERSION: #1 SMB Fri Mar 28 05:53:58 EDT 2014 MACHINE: x86_64 (2933Mhz) MEMORY: 284 GB PANIC: “Kernel panic - not syncing: An NMI occured” PID: 61015 COMMAND: "java" TAKS: ffff8135b50e5830 [THREAD_INFO: ffff8104bd256000] CPU: 0 STATE: TASK_RUNNING (PANIC) System logs log Memory Usage kmem Swap Usage swap Running processps Set PID to analyze set Task struct of PID task Files opened by PID files Backtrace of PID bt Available devices dev Available NICs net Interrupts irq Mountpoints mount Process using a file fuser IPC Show ipcs Kernernel Modules mod RunQueue runq Symbols info sym
2.2 - Crash : GDB for Kernel Let’s check for a real kernel bug KERNEL: /usr/lib/debug/lib/modules/2.6.32-431.29.2.el6.x86_64/vmlinux DUMPFILE: vmcore [PARTIAL DUMP] CPUS: 64 DATE: Wed Jun 14 11:23:14 2015 UPTIME: 44 days, 04:14:21 LOAD AVERAGE: 0.70, 0.58, 0.55 TASKS: 1917 NODENAME: myredhat65 RELEASE: 2.6.32-431.29.2.el6.x86_64 VERSION: #1 SMP Sun Jul 27 15:55:46 EDT 2014 MACHINE: x86_64 (1997 Mhz) MEMORY: 64 GB PANIC: "BUG: unable to handle kernel NULL pointer dereference at (null)" PID: 2120 COMMAND: "scsi_eh_6" TASK: ffff880437dcf540 [THREAD_INFO: ffff880435a94000] CPU: 50 STATE: TASK_RUNNING (PANIC)
2.2 - Crash : GDB for Kernel crash> bt PID: 2120 TASK: ffff880437dcf540 CPU: 50 COMMAND: "scsi_eh_6" #0 [ffff880435a95890] machine_kexec at ffffffff81038f3b #1 [ffff880435a958f0] crash_kexec at ffffffff810c5af2 #2 [ffff880435a959c0] oops_end at ffffffff8152ca50 #3 [ffff880435a959f0] no_context at ffffffff8104a00b #4 [ffff880435a95a40] __bad_area_nosemaphore at ffffffff8104a295 #5 [ffff880435a95a90] bad_area_nosemaphore at ffffffff8104a363 #6 [ffff880435a95aa0] __do_page_fault at ffffffff8104aabf #7 [ffff880435a95bc0] do_page_fault at ffffffff8152e99e #8 [ffff880435a95bf0] page_fault at ffffffff8152bd55 [exception RIP: scsi_send_eh_cmnd+99] RIP: ffffffff813860e3 RSP: ffff880435a95ca0 RFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff880c2d600ec0 RCX: 0000000000002710 RDX: ffff880c3002f000 RSI: ffffffff82017288 RDI:ffff880c2d600ec0 RBP: ffff880435a95da0 R8: 0000000000000000 R9: 0000000000000000 R10: 000d8f6a631f7b23 R11: 0000000000000001 R12: 0000000000000001 R13: ffff880435a95e90 R14: 0000000000000000 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #9 [ffff880435a95da8] scsi_eh_tur at ffffffff81386672 #10 [ffff880435a95dd8] scsi_eh_test_devices at ffffffff8138675a #11 [ffff880435a95e28] scsi_error_handler at ffffffff81387d4c #12 [ffff880435a95ee8] kthread at ffffffff8109abf6 #13 [ffff880435a95f48] kernel_thread at ffffffff8100c20a crash> gdb set disassemble-flavor intel crash> dis scsi_send_eh_cmnd 0xffffffff81386080 <scsi_send_eh_cmnd>: push rbp 0xffffffff81386081 <scsi_send_eh_cmnd+1>: mov rbp,rsp 0xffffffff81386084 <scsi_send_eh_cmnd+4>: push r15 0xffffffff81386086 <scsi_send_eh_cmnd+6>: push r14 0xffffffff81386088 <scsi_send_eh_cmnd+8>: push r13 0xffffffff8138608a <scsi_send_eh_cmnd+10>: push r12 0xffffffff8138608c <scsi_send_eh_cmnd+12>: push rbx 0xffffffff8138608d <scsi_send_eh_cmnd+13>: sub rsp,0xd8 0xffffffff81386094 <scsi_send_eh_cmnd+20>: nop DWORD PTR [rax+rax*1+0x0] 0xffffffff81386099 <scsi_send_eh_cmnd+25>: mov rax,QWORD PTR gs:0x28 0xffffffff813860a2 <scsi_send_eh_cmnd+34>: mov QWORD PTR [rbp-0x38],rax 0xffffffff813860a6 <scsi_send_eh_cmnd+38>: xor eax,eax 0xffffffff813860a8 <scsi_send_eh_cmnd+40>: mov QWORD PTR [rbp-0xc8],rsi 0xffffffff813860af <scsi_send_eh_cmnd+47>: mov DWORD PTR [rbp-0xcc],edx 0xffffffff813860b5 <scsi_send_eh_cmnd+53>: mov rbx,rdi 0xffffffff813860b8 <scsi_send_eh_cmnd+56>: mov rax,QWORD PTR [rdi+0x80] crash> rd -o 0x80 0xffff880c2d600ec0 ffff880c2d600f40: ffff880c372afd00 0xffffffff813860bf <scsi_send_eh_cmnd+63>: mov rdx,QWORD PTR [rdi] 0xffffffff813860c2 <scsi_send_eh_cmnd+66>: mov r14d,r8d 0xffffffff813860c5 <scsi_send_eh_cmnd+69>: mov rax,QWORD PTR [rax+0xb0] crash> rd -64 -o 0xb0 ffff880c372afd00 ffff880c372afdb0: ffff880c2a4d0400 0xffffffff813860cc <scsi_send_eh_cmnd+76>: mov QWORD PTR [rbp-0xe8],0x0 0xffffffff813860d7 <scsi_send_eh_cmnd+87>: test rax,rax 0xffffffff813860da <scsi_send_eh_cmnd+90>: je 0xffffffff813860ed <scsi_send_eh_cmnd+109> 0xffffffff813860dc <scsi_send_eh_cmnd+92>: mov rax,QWORD PTR [rax+0x2c8] crash> rd -64 -o 0x2c8 ffff880c2a4d0400 ffff880c2a4d06c8: 0000000000000000 0xffffffff813860e3 <scsi_send_eh_cmnd+99>: mov rax,QWORD PTR [rax] Looking on the kernel code, there is this function : static inline struct scsi_driver *scsi_cmd_to_driver(struct scsi_cmnd *cmd) { if (!cmd->request->rq_disk) return NULL; return *(struct scsi_driver **)cmd->request->rq_disk->private_data; } The "test/je" matches the "if (!cmd->request->rq_disk)".
2.2 - Crash : GDB for Kernel Let’s check the structures involved in this bug : crash> struct scsi_cmnd struct scsi_cmnd { … unsigned int transfersize; __struct request *request;__ unsigned char *sense_buffer; … } crash> struct request struct request { … struct gendisk *rq_disk; … } crash> struct -xo gendisk struct gendisk { … [0x2c0] struct request_queue *queue; [0x2c8] void *private_data; [0x2d0] int flags; … } So here we have a scsi_cmnd, which contains a “request”, which contains a “gendisk”. Here are the addresses of our different instances : ffff880c2d600ec0 = scsi_cmnd ffff880c372afd00 = request ffff880c2a4d0400 = gendisk Offset 0x2c8 matches the code just before the crash : 0xffffffff813860dc <scsi_send_eh_cmnd+92>: mov rax,QWORD PTR [rax+0x2c8] crash> struct gendisk.disk_name ffff880c2a4d0400 disk_name = "sg96000000000000...000" Disk is /dev/sg96. From "scsi_cmnd", the first element is an scsi_device object (addr : 0xffff880c3002f000 ) crash> scsi_device.vendor 0xffff880c3002f000 vendor = 0xffff880c2a3a2ac8 "QUANTUM Scalar i6000 656Q656Q.GS01501 001" crash> scsi_device.model 0xffff880c3002f000 model = 0xffff880c2a3a2ad0 "Scalar i6000 656Q656Q.GS01501 001" crash> scsi_device.rev 0xffff880c3002f000 rev = 0xffff880c2a3a2ae0 "656Q656Q.GS01501 001" Redhat Bug : https://access.redhat.com/solutions/1231363
3 - Live modifications
3 - Live modifications Yes, you can tinkle with the Kernel memory too ! Through /dev/mem, you can access memory… but not on most distributions. Dave Anderson says : Defeat CONFIG_STRICT_DEVMEM with kretprobes http: //www.redhat.com/archives/crash-utility/2008-March/msg00036.html /* Return-probe handler: force return value to be 1. */ static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) { #if defined(__i386__) && !defined(__KERNEL__) regs->eax = 1; #else regs->ax = 1; #endif return 0; }
3.1 - Live modifications - Network Parameters Get the list of the NICs : crash> net NET_DEVICE NAME IP ADDRESS(ES) ffff88003e999020 lo 127.0.0.1 ffff88003e228020 eth0 192.168.122.13 Check the value (net_device) crash> struct net_device.mtu ffff88003e228020 mtu = 1500 Get the offset crash> struct -o net_device.mtu ffff88003e228020 struct net_device { [ffff88003e22818c] unsigned int mtu; } Read the memory crash> rd -32 -D ffff88003e22818c ffff88003e22818c: 1500 And change it crash> wr -32 ffff88003e22818c 1400 [root@centos6 ~]# ifconfig eth0 |grep -Po 'MTU:[0-9]+' MTU:1400
4 - Tools and useful links
4.1 - Tools : OpenGrok Wicked fast code source browser http://opengrok.github.io/OpenGrok/ Grok : "to understand intuitively or by empathy; to establish rapport with" / "to empathize or communicate sympathetically (with); also, to experience enjoyment" Uses ctags and lucene to index code with context : Search for “text”, “definitions”, “symbols”, “file path” and “history” Understand : Mercurial, Git, SCCS, RCS, CVS, Subversion, Teamware, ClearCase, Perforce, Monotone and Bazaar
4.2 - Tools : kdumptools Set of scripts to ease your kdump usage (try to work with all distributions) https://github.com/saruspete/kdumptools kdump_setup.sh Helper: setup kdump on your distrib kdump_analyze.sh Helper: analyze a crashdump (retrieve dbg + crash) kdump_live.sh Helper: analyze your running system kdump_getdbg.sh Helper: retrieve debuginfos for a given OS / Release src/crash Crash + compile scripts (latest version) src/allow_devmem Kernel module to allow /dev/mem usage
4.3 - Links - kdump Kdump-Tool : Kexec is part of kexec-tools Sources : https://git.kernel.org/cgit/utils/kernel/kexec/kexec-tools.git Distrib : https://kernel.org/pub/linux/utils/kernel/kexec/ Kernel Doc : http://www.kernel.org/doc/Documentation/kdump/kdump.txt MakeDumpFile : Select the memory regions to be stripped of the dump https://github.com/chitranshi/makedumpfile Fence Kdump : Avoid kdump being interrupted by sending heartbeats http://www.ovirt.org/Fence_kdump
4.4 - Links - crash Official Page : Download, tools and help http://people.redhat.com/anderson Linux Crash Cook Book : Detailed and step-by-step details http://www.dedoimedo.com/computers/crash-book.html Defeating /dev/mem restrictions : Howto tinkle with /dev/mem http://www.redhat. com/archives/crash-utility/2008-March/msg00036.html Dwarf debuginfo format : Details on the Dwarf format compatible with ELF binaries http://dwarfstd.org
4.5 - Links - Kernel Linux Insides : https://0xax.gitbooks.io/linux-insides Understanding the Linux Kernel ISBN 10 : 0-596-00565-2 Linux Kernel Development ISBN 10 : 0-672-32946-8 Linux Kernel Architecture ISBN 10 : 0-470-34343-5 The Linux Programming Interface ISBN 10 : 1-59327-220-0
Thank you

Recomendados

Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUAnne Nicolas
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas
 
Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisPaul V. Novarese
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisBuland Singh
 
Linux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLinux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLubomir Rintel
 

Recomendados

Kernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureKernel Recipes 2015 - Porting Linux to a new processor architecture
Kernel Recipes 2015 - Porting Linux to a new processor architectureAnne Nicolas
 
Kernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesKernel Recipes 2015: Kernel packet capture technologies
Kernel Recipes 2015: Kernel packet capture technologiesAnne Nicolas
 
Kernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUKernel Recipes 2015: Speed up your kernel development cycle with QEMU
Kernel Recipes 2015: Speed up your kernel development cycle with QEMUAnne Nicolas
 
Kernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneKernel Recipes 2015 - Hardened kernels for everyone
Kernel Recipes 2015 - Hardened kernels for everyoneAnne Nicolas
 
Kernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesKernel Recipes 2015 - The Dronecode Project – A step in open source drones
Kernel Recipes 2015 - The Dronecode Project – A step in open source dronesAnne Nicolas
 
Linux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisLinux Crash Dump Capture and Analysis
Linux Crash Dump Capture and AnalysisPaul V. Novarese
 
Kdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisKdump and the kernel crash dump analysis
Kdump and the kernel crash dump analysisBuland Singh
 
Linux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLinux Kernel Debugging Essentials workshop
Linux Kernel Debugging Essentials workshopLubomir Rintel
 
Kernel crashdump
Kernel crashdumpKernel crashdump
Kernel crashdumpAdrien Mahieux
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementKernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementAnne Nicolas
 
Kernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkKernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
 
SystemV vs systemd
SystemV vs systemdSystemV vs systemd
SystemV vs systemdAll Things Open
 
Kdump-FUDcon-2015-Session
Kdump-FUDcon-2015-SessionKdump-FUDcon-2015-Session
Kdump-FUDcon-2015-SessionBuland Singh
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFBrendan Gregg
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksAnne Nicolas
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleAlison Chaiken
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7Marc Cortinas Val
 
bcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesbcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embeddedAlison Chaiken
 
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Anne Nicolas
 
Systemd cheatsheet
Systemd cheatsheetSystemd cheatsheet
Systemd cheatsheetSusant Sahani
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Libpcap
LibpcapLibpcap
Libpcapliu qiang
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager Alison Chaiken
 
The Silence of the Canaries
The Silence of the CanariesThe Silence of the Canaries
The Silence of the CanariesKernel TLV
 
syzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzersyzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzerDmitry Vyukov
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internalsLinuxCon ContainerCon CloudOpen China
 

Más contenido relacionado

La actualidad más candente

Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisBuland Singh
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel CrashdumpMarian Marinov
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementKernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementAnne Nicolas
 
Kernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkKernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
 
Kdump-FUDcon-2015-Session
Kdump-FUDcon-2015-SessionKdump-FUDcon-2015-Session
Kdump-FUDcon-2015-SessionBuland Singh
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFBrendan Gregg
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksAnne Nicolas
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleAlison Chaiken
 
bcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesbcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesIO Visor Project
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embeddedAlison Chaiken
 
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Anne Nicolas
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemPaulWay
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager Alison Chaiken
 
The Silence of the Canaries
The Silence of the CanariesThe Silence of the Canaries
The Silence of the CanariesKernel TLV
 

La actualidad más candente (20)

Kernel crashdump
Kernel crashdumpKernel crashdump
Kernel crashdump
 
Kernel_Crash_Dump_Analysis
Kernel_Crash_Dump_AnalysisKernel_Crash_Dump_Analysis
Kernel_Crash_Dump_Analysis
 
Linux Kernel Crashdump
Linux Kernel CrashdumpLinux Kernel Crashdump
Linux Kernel Crashdump
 
Kernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power ManagementKernel Recipes 2015: Introduction to Kernel Power Management
Kernel Recipes 2015: Introduction to Kernel Power Management
 
Kernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver frameworkKernel Recipes 2015 - So you want to write a Linux driver framework
Kernel Recipes 2015 - So you want to write a Linux driver framework
 
SystemV vs systemd
SystemV vs systemdSystemV vs systemd
SystemV vs systemd
 
Kdump-FUDcon-2015-Session
Kdump-FUDcon-2015-SessionKdump-FUDcon-2015-Session
Kdump-FUDcon-2015-Session
 
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPFUSENIX ATC 2017 Performance Superpowers with Enhanced BPF
USENIX ATC 2017 Performance Superpowers with Enhanced BPF
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
 
IRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the PreemptibleIRQs: the Hard, the Soft, the Threaded and the Preemptible
IRQs: the Hard, the Soft, the Threaded and the Preemptible
 
First steps on CentOs7
First steps on CentOs7First steps on CentOs7
First steps on CentOs7
 
bcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challengesbcc/BPF tools - Strategy, current tools, future challenges
bcc/BPF tools - Strategy, current tools, future challenges
 
Tuning systemd for embedded
Tuning systemd for embeddedTuning systemd for embedded
Tuning systemd for embedded
 
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
Embedded Recipes 2018 - Finding sources of Latency In your system - Steven Ro...
 
Systemd cheatsheet
Systemd cheatsheetSystemd cheatsheet
Systemd cheatsheet
 
CLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init systemCLUG 2010 09 - systemd - the new init system
CLUG 2010 09 - systemd - the new init system
 
Libpcap
LibpcapLibpcap
Libpcap
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
 
LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager LISA15: systemd, the Next-Generation Linux System Manager
LISA15: systemd, the Next-Generation Linux System Manager
 
The Silence of the Canaries
The Silence of the CanariesThe Silence of the Canaries
The Silence of the Canaries
 

Similar a Kernel Recipes 2015 - Kernel dump analysis

syzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzersyzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzerDmitry Vyukov
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisTamas K Lengyel
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2Aero Plane
 
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfBasics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfstroganovboris
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Praguetomasbart
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time OptimizationKan-Ru Chen
 
Qemu - Raspberry | while42 Singapore #2
Qemu - Raspberry | while42 Singapore #2Qemu - Raspberry | while42 Singapore #2
Qemu - Raspberry | while42 Singapore #2While42
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototypingYan Vugenfirer
 
Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!All Things Open
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)Masami Hiramatsu
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopQuey-Liang Kao
 
Ganglia monitoring
Ganglia monitoringGanglia monitoring
Ganglia monitoringChen Robert
 
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...Adrian Huang
 
ELC-E Linux Awareness
ELC-E Linux AwarenessELC-E Linux Awareness
ELC-E Linux AwarenessPeter Griffin
 

Similar a Kernel Recipes 2015 - Kernel dump analysis (20)

syzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzersyzkaller: the next gen kernel fuzzer
syzkaller: the next gen kernel fuzzer
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
 
Kdump
KdumpKdump
Kdump
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
 
Advanced Diagnostics 2
Advanced Diagnostics 2Advanced Diagnostics 2
Advanced Diagnostics 2
 
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfBasics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Android Boot Time Optimization
Android Boot Time OptimizationAndroid Boot Time Optimization
Android Boot Time Optimization
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode Compositions
 
Qemu - Raspberry | while42 Singapore #2
Qemu - Raspberry | while42 Singapore #2Qemu - Raspberry | while42 Singapore #2
Qemu - Raspberry | while42 Singapore #2
 
Basic Linux kernel
Basic Linux kernelBasic Linux kernel
Basic Linux kernel
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
 
MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)MINCS - containers in the shell script (Eng. ver.)
MINCS - containers in the shell script (Eng. ver.)
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System Workshop
 
Ganglia monitoring
Ganglia monitoringGanglia monitoring
Ganglia monitoring
 
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
 
ELC-E Linux Awareness
ELC-E Linux AwarenessELC-E Linux Awareness
ELC-E Linux Awareness
 

Más de Anne Nicolas

Kernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstKernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstAnne Nicolas
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
 
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataKernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataAnne Nicolas
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
 
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxEmbedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxAnne Nicolas
 
Embedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialEmbedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialAnne Nicolas
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconAnne Nicolas
 
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureEmbedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
 
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerEmbedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerAnne Nicolas
 
Embedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationEmbedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationAnne Nicolas
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
 
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaEmbedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaAnne Nicolas
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
 
Kernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPKernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
 

Más de Anne Nicolas (20)

Kernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream firstKernel Recipes 2019 - Driving the industry toward upstream first
Kernel Recipes 2019 - Driving the industry toward upstream first
 
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIKernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
 
Kernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are moneyKernel Recipes 2019 - Metrics are money
Kernel Recipes 2019 - Metrics are money
 
Kernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and futureKernel Recipes 2019 - Kernel documentation: past, present, and future
Kernel Recipes 2019 - Kernel documentation: past, present, and future
 
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...
 
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataKernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary data
 
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...
 
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxEmbedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and Barebox
 
Embedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less specialEmbedded Recipes 2019 - Making embedded graphics less special
Embedded Recipes 2019 - Making embedded graphics less special
 
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconEmbedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre Silicon
 
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureEmbedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) picture
 
Embedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops wayEmbedded Recipes 2019 - Testing firmware the devops way
Embedded Recipes 2019 - Testing firmware the devops way
 
Embedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmakerEmbedded Recipes 2019 - Herd your socs become a matchmaker
Embedded Recipes 2019 - Herd your socs become a matchmaker
 
Embedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integrationEmbedded Recipes 2019 - LLVM / Clang integration
Embedded Recipes 2019 - LLVM / Clang integration
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
 
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaEmbedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimedia
 
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedKernel Recipes 2019 - ftrace: Where modifying a running kernel all started
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all started
 
Kernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDPKernel Recipes 2019 - Suricata and XDP
Kernel Recipes 2019 - Suricata and XDP
 
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)
 

Último

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxAnnaArtyushina1
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...Shane Coughlan
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2
 

Último (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 

Kernel Recipes 2015 - Kernel dump analysis

  • 1. Linux crashdump analysis Dumping and analysing system state Kernel-Recipes 2015 Adrien Mahieux - Sysadmin & microsecond hunter gh: github.com/Saruspete tw: @Saruspete
  • 2. 0 - Agenda 1. What’s a (crash)dump ? 2. Dump analysis 3. Live analysis (+ edition) 4. Tools & Links - Get a dump - from hypervisor - Get a crashdump - with kdump - GDB based tool : crash - Requirements : debuginfo - What to look for - Using crash on a live system - Source browsing - Script helpers - Analysis
  • 3. What A snapshot of a system memory at a specific time Who Mostly for sysadmins and guardians of production Where Physical and Virtual Linux-based servers When Your server is unresponsive (from ssh / console / application…) Why To know what happened (kernel bug, external attack, limit missing…) How Physical : kexec & panic the server Virtual : same, or from hypervisor H. Much Uses between 64M and 512M of RAM to boot the sec. kernel On Virtual, you may do it from hypervisor at no cost 1 - What’s a (crash)dump ?
  • 4. 1.1 - Get a dump - hypervisor VMWare - Suspend / resume (.vmss file) or Snapshot with memory (.vmsn file) - Use tool vmss2core (VMWare Labs) to transform the raw dump into ELF dump libvirt - virsh : virsh dump MyGuestName /storage/MyGuestName.dump - QEMU Monitor : dump-guest-memory [-z|-l|-s] FILENAME Xen - xl : dump-core domain-id filename
  • 5. 1.2 - Get a crashdump - kexec / kdump Kernel configuration - CONFIG_KEXEC=y to boot the secondary kernel - CONFIG_SYSFS=y for /sys/kernel/kexec_crash_{loaded,size} - CONFIG_CRASH_DUMP=y - CONFIG_PROC_VMCORE=y Export dump to /proc/vmcore - (CONFIG_DEBUG_INFO=y) Will not be in live kernel - (CONFIG_RELOCATABLE=y) To use the same kernel for live & dump - boot option : crashkernel=X@Y - X is the amount of memory to be reserved + 2 bytes for each 4KB - Y is the offset at which memory will be reserved - You can specify only X and the Kernel will find Y - If you have more than 2G of RAM, you can use “auto”
  • 6. 1.2 - Get a crashdump - kexec / kdump Configure kdump - Feature of the kernel that exports an ELF memory image via /proc/vmcore - kdump often refers to the whole process to dump a core - Relies on kexec to boot a secondary kernel / initrd to do the job - Uses the memory reserved by “crashkernel” bootopt to load the “dump- capture” kernel & initrd - Upon panic, the running kernel will start the new one, which will do the dump (ssh, ftp, local disk.. depending on your script) and reboot the system - kdump can use makedumpfile to filter memory data by type (free pages, userland pages, private cache, cache pages, zero pages). - Check status with /sys/kernel/kexec_crash_{loaded,size}
  • 7. 1.2 - Get a crashdump - kexec / kdump Dumping an unresponsive system : PANIC ! Manually - SysRq echo c > /proc/sysrq-trigger - NMI via IPMI ipmitool power diag - NMI via virsh virsh inject-nmi MyGuestName - Beware of kernel.unknown_nmi_panic=1 Automatically - Watchdog Boot cmdline: nmi_watchdog=1 - Softlockup sysctl kernel.softlockup_panic=1 - Out Of Memory sysctl vm.panic_on_oom=1
  • 8. 1.2 - Get a crashdump - kexec / kdump (non-server) Desktops / Laptops usually don’t have external source to generate NMI Kernel provides other ways : Hard/Soft lockup detectors - Kernel config {SOFT,HARD}LOCKUP_DETECTOR / BOOTPARAM_{SOFT,HARD} LOCKUP_PANIC - Hard : Stay in kernel for more than 10sec - Soft : Task is hung for 120sec Watchdog daemon - Kernel config {SOFT,CLOCKSOURCE}_WATCHDOG - Boot option “nmi_watchdog=1” - watchdog daemon (http://sourceforge.net/projects/watchdog)
  • 9. 1.2 - Get a crashdump - kexec / kdump
  • 10. 2 - Dump Analysis
  • 11. 2 - Dump Analysis Your weapon : Crash - Tool by Dave Anderson (RedHat) - Based on GDB - x86, x86_64, arm, ia64, ppc64, s390 - Extensible (snap, trace, appdump, memory, dm, ipcs, cgroups, sockets, openvz…) - Quick evolution and active Mailing List Your gunsmith : debuginfos - We don’t want debug in production, but we’d like to be able to debug - Split debuginfo are Dwarf debug data in separate files to be used on demand - Most distributions provides them for stock kernel Redhat : debuginfo-install kernel Debian : apt-get install linux- image-$(uname -r)-dbg
  • 12. 2.1 - What to look for Summup of the system state : sys KERNEL: /var/crash/127.0.0.1-2015-08-20-20:00:00/vmcore DUMPFILE: vmcore.myserver [PARTIAL DUMP] CPUS: 24 DATE: Mon Aug 20 20:00:00 2015 UPTIME: 32 days, 17:12:02 LOAD AVERAGE: 1625.88, 1603.11, 1509.73 TASKS: 25639 NODENAME: myserver RELEASE: 2.6.18-371.8.1.el5 VERSION: #1 SMB Fri Mar 28 05:53:58 EDT 2014 MACHINE: x86_64 (2933Mhz) MEMORY: 284 GB PANIC: “Kernel panic - not syncing: An NMI occured” PID: 61015 COMMAND: "java" TAKS: ffff8135b50e5830 [THREAD_INFO: ffff8104bd256000] CPU: 0 STATE: TASK_RUNNING (PANIC) System logs log Memory Usage kmem Swap Usage swap Running processps Set PID to analyze set Task struct of PID task Files opened by PID files Backtrace of PID bt Available devices dev Available NICs net Interrupts irq Mountpoints mount Process using a file fuser IPC Show ipcs Kernernel Modules mod RunQueue runq Symbols info sym
  • 13. 2.2 - Crash : GDB for Kernel Let’s check for a real kernel bug KERNEL: /usr/lib/debug/lib/modules/2.6.32-431.29.2.el6.x86_64/vmlinux DUMPFILE: vmcore [PARTIAL DUMP] CPUS: 64 DATE: Wed Jun 14 11:23:14 2015 UPTIME: 44 days, 04:14:21 LOAD AVERAGE: 0.70, 0.58, 0.55 TASKS: 1917 NODENAME: myredhat65 RELEASE: 2.6.32-431.29.2.el6.x86_64 VERSION: #1 SMP Sun Jul 27 15:55:46 EDT 2014 MACHINE: x86_64 (1997 Mhz) MEMORY: 64 GB PANIC: "BUG: unable to handle kernel NULL pointer dereference at (null)" PID: 2120 COMMAND: "scsi_eh_6" TASK: ffff880437dcf540 [THREAD_INFO: ffff880435a94000] CPU: 50 STATE: TASK_RUNNING (PANIC)
  • 14. 2.2 - Crash : GDB for Kernel crash> bt PID: 2120 TASK: ffff880437dcf540 CPU: 50 COMMAND: "scsi_eh_6" #0 [ffff880435a95890] machine_kexec at ffffffff81038f3b #1 [ffff880435a958f0] crash_kexec at ffffffff810c5af2 #2 [ffff880435a959c0] oops_end at ffffffff8152ca50 #3 [ffff880435a959f0] no_context at ffffffff8104a00b #4 [ffff880435a95a40] __bad_area_nosemaphore at ffffffff8104a295 #5 [ffff880435a95a90] bad_area_nosemaphore at ffffffff8104a363 #6 [ffff880435a95aa0] __do_page_fault at ffffffff8104aabf #7 [ffff880435a95bc0] do_page_fault at ffffffff8152e99e #8 [ffff880435a95bf0] page_fault at ffffffff8152bd55 [exception RIP: scsi_send_eh_cmnd+99] RIP: ffffffff813860e3 RSP: ffff880435a95ca0 RFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff880c2d600ec0 RCX: 0000000000002710 RDX: ffff880c3002f000 RSI: ffffffff82017288 RDI:ffff880c2d600ec0 RBP: ffff880435a95da0 R8: 0000000000000000 R9: 0000000000000000 R10: 000d8f6a631f7b23 R11: 0000000000000001 R12: 0000000000000001 R13: ffff880435a95e90 R14: 0000000000000000 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #9 [ffff880435a95da8] scsi_eh_tur at ffffffff81386672 #10 [ffff880435a95dd8] scsi_eh_test_devices at ffffffff8138675a #11 [ffff880435a95e28] scsi_error_handler at ffffffff81387d4c #12 [ffff880435a95ee8] kthread at ffffffff8109abf6 #13 [ffff880435a95f48] kernel_thread at ffffffff8100c20a crash> gdb set disassemble-flavor intel crash> dis scsi_send_eh_cmnd 0xffffffff81386080 <scsi_send_eh_cmnd>: push rbp 0xffffffff81386081 <scsi_send_eh_cmnd+1>: mov rbp,rsp 0xffffffff81386084 <scsi_send_eh_cmnd+4>: push r15 0xffffffff81386086 <scsi_send_eh_cmnd+6>: push r14 0xffffffff81386088 <scsi_send_eh_cmnd+8>: push r13 0xffffffff8138608a <scsi_send_eh_cmnd+10>: push r12 0xffffffff8138608c <scsi_send_eh_cmnd+12>: push rbx 0xffffffff8138608d <scsi_send_eh_cmnd+13>: sub rsp,0xd8 0xffffffff81386094 <scsi_send_eh_cmnd+20>: nop DWORD PTR [rax+rax*1+0x0] 0xffffffff81386099 <scsi_send_eh_cmnd+25>: mov rax,QWORD PTR gs:0x28 0xffffffff813860a2 <scsi_send_eh_cmnd+34>: mov QWORD PTR [rbp-0x38],rax 0xffffffff813860a6 <scsi_send_eh_cmnd+38>: xor eax,eax 0xffffffff813860a8 <scsi_send_eh_cmnd+40>: mov QWORD PTR [rbp-0xc8],rsi 0xffffffff813860af <scsi_send_eh_cmnd+47>: mov DWORD PTR [rbp-0xcc],edx 0xffffffff813860b5 <scsi_send_eh_cmnd+53>: mov rbx,rdi 0xffffffff813860b8 <scsi_send_eh_cmnd+56>: mov rax,QWORD PTR [rdi+0x80] crash> rd -o 0x80 0xffff880c2d600ec0 ffff880c2d600f40: ffff880c372afd00 0xffffffff813860bf <scsi_send_eh_cmnd+63>: mov rdx,QWORD PTR [rdi] 0xffffffff813860c2 <scsi_send_eh_cmnd+66>: mov r14d,r8d 0xffffffff813860c5 <scsi_send_eh_cmnd+69>: mov rax,QWORD PTR [rax+0xb0] crash> rd -64 -o 0xb0 ffff880c372afd00 ffff880c372afdb0: ffff880c2a4d0400 0xffffffff813860cc <scsi_send_eh_cmnd+76>: mov QWORD PTR [rbp-0xe8],0x0 0xffffffff813860d7 <scsi_send_eh_cmnd+87>: test rax,rax 0xffffffff813860da <scsi_send_eh_cmnd+90>: je 0xffffffff813860ed <scsi_send_eh_cmnd+109> 0xffffffff813860dc <scsi_send_eh_cmnd+92>: mov rax,QWORD PTR [rax+0x2c8] crash> rd -64 -o 0x2c8 ffff880c2a4d0400 ffff880c2a4d06c8: 0000000000000000 0xffffffff813860e3 <scsi_send_eh_cmnd+99>: mov rax,QWORD PTR [rax] Looking on the kernel code, there is this function : static inline struct scsi_driver *scsi_cmd_to_driver(struct scsi_cmnd *cmd) { if (!cmd->request->rq_disk) return NULL; return *(struct scsi_driver **)cmd->request->rq_disk->private_data; } The "test/je" matches the "if (!cmd->request->rq_disk)".
  • 15. 2.2 - Crash : GDB for Kernel Let’s check the structures involved in this bug : crash> struct scsi_cmnd struct scsi_cmnd { … unsigned int transfersize; __struct request *request;__ unsigned char *sense_buffer; … } crash> struct request struct request { … struct gendisk *rq_disk; … } crash> struct -xo gendisk struct gendisk { … [0x2c0] struct request_queue *queue; [0x2c8] void *private_data; [0x2d0] int flags; … } So here we have a scsi_cmnd, which contains a “request”, which contains a “gendisk”. Here are the addresses of our different instances : ffff880c2d600ec0 = scsi_cmnd ffff880c372afd00 = request ffff880c2a4d0400 = gendisk Offset 0x2c8 matches the code just before the crash : 0xffffffff813860dc <scsi_send_eh_cmnd+92>: mov rax,QWORD PTR [rax+0x2c8] crash> struct gendisk.disk_name ffff880c2a4d0400 disk_name = "sg96000000000000...000" Disk is /dev/sg96. From "scsi_cmnd", the first element is an scsi_device object (addr : 0xffff880c3002f000 ) crash> scsi_device.vendor 0xffff880c3002f000 vendor = 0xffff880c2a3a2ac8 "QUANTUM Scalar i6000 656Q656Q.GS01501 001" crash> scsi_device.model 0xffff880c3002f000 model = 0xffff880c2a3a2ad0 "Scalar i6000 656Q656Q.GS01501 001" crash> scsi_device.rev 0xffff880c3002f000 rev = 0xffff880c2a3a2ae0 "656Q656Q.GS01501 001" Redhat Bug : https://access.redhat.com/solutions/1231363
  • 16. 3 - Live modifications
  • 17. 3 - Live modifications Yes, you can tinkle with the Kernel memory too ! Through /dev/mem, you can access memory… but not on most distributions. Dave Anderson says : Defeat CONFIG_STRICT_DEVMEM with kretprobes http: //www.redhat.com/archives/crash-utility/2008-March/msg00036.html /* Return-probe handler: force return value to be 1. */ static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs) { #if defined(__i386__) && !defined(__KERNEL__) regs->eax = 1; #else regs->ax = 1; #endif return 0; }
  • 18. 3.1 - Live modifications - Network Parameters Get the list of the NICs : crash> net NET_DEVICE NAME IP ADDRESS(ES) ffff88003e999020 lo 127.0.0.1 ffff88003e228020 eth0 192.168.122.13 Check the value (net_device) crash> struct net_device.mtu ffff88003e228020 mtu = 1500 Get the offset crash> struct -o net_device.mtu ffff88003e228020 struct net_device { [ffff88003e22818c] unsigned int mtu; } Read the memory crash> rd -32 -D ffff88003e22818c ffff88003e22818c: 1500 And change it crash> wr -32 ffff88003e22818c 1400 [root@centos6 ~]# ifconfig eth0 |grep -Po 'MTU:[0-9]+' MTU:1400
  • 19. 4 - Tools and useful links
  • 20. 4.1 - Tools : OpenGrok Wicked fast code source browser http://opengrok.github.io/OpenGrok/ Grok : "to understand intuitively or by empathy; to establish rapport with" / "to empathize or communicate sympathetically (with); also, to experience enjoyment" Uses ctags and lucene to index code with context : Search for “text”, “definitions”, “symbols”, “file path” and “history” Understand : Mercurial, Git, SCCS, RCS, CVS, Subversion, Teamware, ClearCase, Perforce, Monotone and Bazaar
  • 21. 4.2 - Tools : kdumptools Set of scripts to ease your kdump usage (try to work with all distributions) https://github.com/saruspete/kdumptools kdump_setup.sh Helper: setup kdump on your distrib kdump_analyze.sh Helper: analyze a crashdump (retrieve dbg + crash) kdump_live.sh Helper: analyze your running system kdump_getdbg.sh Helper: retrieve debuginfos for a given OS / Release src/crash Crash + compile scripts (latest version) src/allow_devmem Kernel module to allow /dev/mem usage
  • 22. 4.3 - Links - kdump Kdump-Tool : Kexec is part of kexec-tools Sources : https://git.kernel.org/cgit/utils/kernel/kexec/kexec-tools.git Distrib : https://kernel.org/pub/linux/utils/kernel/kexec/ Kernel Doc : http://www.kernel.org/doc/Documentation/kdump/kdump.txt MakeDumpFile : Select the memory regions to be stripped of the dump https://github.com/chitranshi/makedumpfile Fence Kdump : Avoid kdump being interrupted by sending heartbeats http://www.ovirt.org/Fence_kdump
  • 23. 4.4 - Links - crash Official Page : Download, tools and help http://people.redhat.com/anderson Linux Crash Cook Book : Detailed and step-by-step details http://www.dedoimedo.com/computers/crash-book.html Defeating /dev/mem restrictions : Howto tinkle with /dev/mem http://www.redhat. com/archives/crash-utility/2008-March/msg00036.html Dwarf debuginfo format : Details on the Dwarf format compatible with ELF binaries http://dwarfstd.org
  • 24. 4.5 - Links - Kernel Linux Insides : https://0xax.gitbooks.io/linux-insides Understanding the Linux Kernel ISBN 10 : 0-596-00565-2 Linux Kernel Development ISBN 10 : 0-672-32946-8 Linux Kernel Architecture ISBN 10 : 0-470-34343-5 The Linux Programming Interface ISBN 10 : 1-59327-220-0