White Paper: Red Hat Crash Utility


< Prev Contents Next >

Why Crash?

A current limitation of the Linux operating system is the lack of a built-in traditional UNIX-like kernel crash dump facility. This has been addressed by the Red Hat Netdump facility, the 2.4-based LKCD (Linux Kernel Crash Dump) kernel patch, and the Mission Critical Linux Mcore kernel patch. But the creation of kernel crash dump files is only half of the picture; a utility is required to be able to recognize the dumpfile format in order to read it, and to offer a useful set of commands to make sense of it.

Furthermore, to examine the contents of a live system's kernel internals from user space, the only readily available option has been to use gdb on /proc/kcore. While gdb is an incredibly powerful tool, it is designed to debug user programs, and is not at all "kernel-aware". Consequently, using gdb alone has limited usefulness when looking at kernel memory, essentially constrained to the printing of kernel data structures if the vmlinux file was built with the -g C flag, the disassembly of kernel text, and raw data dumps.

As far as kernel crash dump files are concerned, the Red Hat Netdump facility creates dump files that are readable by gdb, but aside from giving it the capability of displaying the panicking task's stack trace, it has the same constraints as when reading /proc/kcore. However, gdb cannot read LKCD or Mcore dump files.

That being the state of things, the crash utility was developed as a convenient means to cover all four bases, i.e., the three dumpfile formats as well as live systems. Moreover, it is also designed to be easily enhanced to suit the specific needs of the kernel developers or analysts using it; the builtin command set can easily be extended or enhanced, and external command modules may be written and dynamically attached.



< Prev Contents Next >