Working with core dump


Published on

Working with core dump

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Working with core dump

  1. 1. Working with core dump Thierry GAYET )
  2. 2. GOAL  The main goal of this document is to provide some information about CORE dump.
  3. 3. <ul><li>Revolution framework have been adapt in order to be compliant with core dump. </li></ul><ul><li>Indeed, both the GNU/linux kernel and the busybox have been configure for that need. </li></ul>Introduction
  4. 4. <ul><li>Enabling / disabling the feature : </li></ul><ul><li>Enabling: ulimit -c unlimited </li></ul><ul><li>Disabling: ulimit -S -c 0 </li></ul><ul><li>Optionally, we can enable core dump for SUID programs: </li></ul><ul><li>echo 1 > /proc/sys/kernel/suid_dumpable </li></ul><ul><li> (not applicable on the dxi807 boards yet) </li></ul><ul><li>We can also ask to generate core with a PID suffix (core.PID) : </li></ul><ul><li>echo “1&quot; > /proc/sys/kernel/core_uses_pid </li></ul><ul><li>This is possible to locate all core file in a global temp directory: </li></ul><ul><li>       $ mkdir /tmp/corefiles </li></ul><ul><li>       $ chmod 777 /tmp/corefiles </li></ul><ul><li>       $ echo &quot;/tmp/corefiles/core&quot; > /proc/sys/kernel/core_pattern </li></ul><ul><li>All corefiles then get tossed to /tmp/corefiles (don't change core_uses_pid if you do this). </li></ul>Usage
  5. 5. <ul><li>Syntax : ulimit [-acdfHlmnpsStuv] [ limit ] </li></ul><ul><li>Options </li></ul><ul><ul><li>-S Change and report the soft limit associated with a resource. </li></ul></ul><ul><ul><li>-H Change and report the hard limit associated with a resource. </li></ul></ul><ul><ul><li>-a All current limits are reported. </li></ul></ul><ul><ul><li>-c The maximum size of core files created. </li></ul></ul><ul><ul><li>-d The maximum size of a process's data segment. </li></ul></ul><ul><ul><li>-f The maximum size of files created by the shell(default option) </li></ul></ul><ul><ul><li>-l The maximum size that may be locked into memory. </li></ul></ul><ul><ul><li>-m The maximum resident set size. </li></ul></ul><ul><ul><li>-n The maximum number of open file descriptors. </li></ul></ul><ul><ul><li>-p The pipe buffer size. </li></ul></ul><ul><ul><li>-s The maximum stack size. </li></ul></ul><ul><ul><li>-t The maximum amount of cpu time in seconds. </li></ul></ul><ul><ul><li>-u The maximum number of processes available to a single user. </li></ul></ul><ul><ul><li>-v The maximum amount of virtual memory available to the process. </li></ul></ul>Ulimit detail
  6. 6. <ul><li>When a process is dumped, all anonymous memory is written to a core file as long as the size of the core file isn't limited. But sometimes we don't want to dump some memory segments, for example, huge shared memory. Conversely, sometimes we want to save file-backed memory segments into a core file, not only the individual files. </li></ul><ul><li>/proc/<pid>/coredump_filter allows you to customize which memory segments will be dumped when the <pid> process is dumped. coredump_filter is a bitmask of memory types. If a bit of the bitmask is set, memory segments of the corresponding memory type are dumped, otherwise they are not dumped. </li></ul><ul><li>The following 7 memory types are supported: </li></ul><ul><ul><li>bit 0) anonymous private memory </li></ul></ul><ul><ul><li>bit 1) anonymous shared memory </li></ul></ul><ul><ul><li>bit 2) file-backed private memory </li></ul></ul><ul><ul><li>bit 3) file-backed shared memory </li></ul></ul><ul><ul><li>bit 4) ELF header pages in file-backed private memory areas (it is effective only if the bit 2 is cleared) </li></ul></ul><ul><ul><li>bit 5) hugetlb private memory </li></ul></ul><ul><ul><li>bit 6) hugetlb shared memory </li></ul></ul><ul><li>Note that MMIO pages such as frame buffer are never dumped and vDSO pages are always dumped regardless of the bitmask status. </li></ul><ul><li>Note bit 0-4 doesn't effect any hugetlb memory. hugetlb memory are only effected by bit 5-6. </li></ul><ul><li>Default value of coredump_filter is 0x23; this means all anonymous memory segments and hugetlb private memory are dumped. </li></ul><ul><li>If you don't want to dump all shared memory segments attached to pid 1234, write 0x21 to the process's proc file. </li></ul><ul><li>$ echo 0x21 > /proc/1234/coredump_filter </li></ul><ul><li>When a new process is created, the process inherits the bitmask status from its parent. It is useful to set up coredump_filter before the program runs. For example: </li></ul><ul><li>$ echo 0x7 > /proc/self/coredump_filter </li></ul><ul><li>$ ./some_program </li></ul>Dumping more information
  7. 7. <ul><li> Another example : </li></ul><ul><li># cat /proc/<pid>/coredump_filter 00000003 </li></ul><ul><li>The following 4 memory types are supported: </li></ul><ul><ul><li>(bit 0) anonymous private memory </li></ul></ul><ul><ul><li>(bit 1) anonymous shared memory </li></ul></ul><ul><ul><li>(bit 2) file-backed private memory </li></ul></ul><ul><ul><li>(bit 3) file-backed shared memory </li></ul></ul><ul><li># echo 0xF > /proc/<pid>/coredump_filter </li></ul>Dumping more information
  8. 8. <ul><li>The default action of certain signals is to cause a process to terminate and produce a core dump file , a disk file containing an image of the process's memory at the time of termination. A list of the signals which cause a process to dump core can be found in signal (7) .A process can set its soft  RLIMIT_CORE  resource limit to place an upper limit on the size of the core dump file that will be produced if it receives a &quot;core dump&quot; signal; see getrlimit (2)  for details. </li></ul><ul><li>There are various circumstances in which a core dump file is not produced: </li></ul><ul><ul><li>The process does not have permission to write the core file. (By default the core file is called  core , and is created in the current working directory. See below for details on naming.) Writing the core file will fail if the directory in which it is to be created is non-writable, or if a file with the same name exists and is not writable or is not a regular file (e.g., it is a directory or a symbolic link). </li></ul></ul><ul><ul><li>The directory in which the core dump file is to be created does not exist. </li></ul></ul><ul><ul><li>RLIMIT_CORE  or  RLIMIT_FSIZE  resource limits for a process are set to zero (see  getrlimit (2) ). </li></ul></ul><ul><ul><li>The binary being executed by the process does not have read permission enabled. </li></ul></ul><ul><ul><li>The process is executing a set-user-ID (set-group-ID) program that is owned by a user (group) other than the real user (group) ID of the process. (However, see the description of the  prctl (2)   PR_SET_DUMPABLE  operation, and the description of the  /proc/sys/fs/suid_dumpable  file in  proc (5) .) </li></ul></ul>Core detail
  9. 9. <ul><li> Naming of core dump files : </li></ul><ul><li>By default, a core dump file is named  core , but the  /proc/sys/kernel/core_pattern  file (new in Linux 2.5) can be set to define a template that is used to name core dump files. </li></ul><ul><li>The template can contain % specifiers which are substituted by the following values when a core file is created: </li></ul><ul><ul><li>%% A single % character %p PID of dumped process %u real UID of dumped process %g real GID of dumped process %s number of signal causing dump %t time of dump (seconds since 0:00h, 1 Jan 1970) %h hostname (same as 'nodename' returned by uname (2)) %e executable filename </li></ul></ul><ul><li>A single % at the end of the template is dropped from the core filename, as is the combination of a % followed by any character other than those listed above. All other characters in the template become a literal part of the core filename. The template may include '/' characters, which are interpreted as delimiters for directory names. The maximum size of the resulting core filename is 64 bytes. The default value in this file is &quot;core&quot;. For backward compatibility, if  /proc/sys/kernel/core_pattern  does not include &quot;%p&quot; and  /proc/sys/kernel/core_uses_pid  (see below) is non-zero, then .PID will be appended to the core filename. </li></ul><ul><li>Linux 2.4 does not provide  /proc/sys/kernel/core_pattern , but does provide a more primitive method of controlling the name of the core dump file. If the /proc/sys/kernel/core_uses_pid  file contains the value 0, then a core dump file is simply named  core . If this file contains a non-zero value, then the core dump file includes the process ID in a name of the form  core.PID . </li></ul><ul><li>Notes : </li></ul><ul><ul><li>t he  gdb gcore  command can be used to obtain a core dump of a running process. </li></ul></ul><ul><ul><li>If a multithreaded process (or, more precisely, a process that shares its memory with another process by being created with the  CLONE_VM  flag of  clone (2) ) dumps core, then the process ID is always appended to the core filename, unless the process ID was already included elsewhere in the filename via a %p specification in /proc/sys/kernel/core_pattern . </li></ul></ul>Core detail
  10. 10. <ul><li>Once the core is generated this is possible to debug with : </li></ul><ul><li>$ gdb mybinary core </li></ul><ul><li>The backtrace can be displayed using the bt command: </li></ul><ul><ul><li>GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type &quot;show copying&quot; to see the conditions. There is absolutely no warranty for GDB. Type &quot;show warranty&quot; for details. This GDB was configured as &quot;i386-redhat-linux&quot;... Core was generated by `./mybinary. Program terminated with signal 11, Segmentation fault. Cannot access memory at address 0x40016bec #0 0x400a68d6 in ?? () (gdb) bt #0 0x400a68d6 in ?? () Cannot access memory at address 0xbffff8a8 (gdb) where #0 0x400a68d6 in ?? () Cannot access memory at address 0xbffff8a8 (gdb) quit </li></ul></ul>Debugging
  11. 11. <ul><li>This is possible to simulate a core dump using the following command: </li></ul><ul><ul><li># kill -s SIGSEGV PID_OF_MY_BINARY </li></ul></ul><ul><ul><li>or </li></ul></ul><ul><ul><li># kill -11 PID_OF_MY_BINARY </li></ul></ul>checks
  12. 12. <ul><li> The following method have been used for validating the core dump feature : </li></ul><ul><ul><li># vi chk_core.c </li></ul></ul><ul><ul><ul><li>int main(void) </li></ul></ul></ul><ul><ul><ul><li>{ </li></ul></ul></ul><ul><ul><ul><li>char *s = &quot;hello world&quot;; </li></ul></ul></ul><ul><ul><ul><li>*s = 'H'; </li></ul></ul></ul><ul><ul><ul><li>} /* Main */ </li></ul></ul></ul><ul><ul><li># gcc chk_core.c -o chk_core </li></ul></ul><ul><ul><li># ./chk_core </li></ul></ul><ul><ul><ul><li>show_signal_msg: 20 callbacks suppressed </li></ul></ul></ul><ul><ul><ul><li>chk_core[2637]: segfault at 8048490 ip 080483c4 sp bfcb8118 error 7 in sf[8048000+1000] </li></ul></ul></ul><ul><ul><ul><li>Segmentation fault (core dumped) </li></ul></ul></ul><ul><ul><li># ls /tmp/corefiles </li></ul></ul><ul><ul><li>Core </li></ul></ul><ul><ul><li># file core </li></ul></ul><ul><ul><li>core: ELF 32-bit LSB core file Intel 80386, version 1 (SYSV), SVR4-style </li></ul></ul>Checks
  13. 13. <ul><li> Globally, the ulimit command say: </li></ul><ul><li>  </li></ul><ul><li># ulimit -a </li></ul><ul><ul><li>-f: file size (blocks) unlimited </li></ul></ul><ul><ul><li>-t: cpu time (seconds) unlimited </li></ul></ul><ul><ul><li>-d: data seg size (kb) unlimited </li></ul></ul><ul><ul><li>-s: stack size (kb) 8192 </li></ul></ul><ul><ul><li>-c: core file size (blocks) unlimited </li></ul></ul><ul><ul><li>-m: resident set size (kb) unlimited </li></ul></ul><ul><ul><li>-l: locked memory (kb) 64 </li></ul></ul><ul><ul><li>-p: processes 12993 </li></ul></ul><ul><ul><li>-n: file descriptors 1024 </li></ul></ul><ul><ul><li>-v: address space (kb) unlimited </li></ul></ul><ul><ul><li>-w: locks unlimited </li></ul></ul>Checks
  14. 14. The GNU/linux kernel generates oop that are similare to core dump. They can be anaylyse thanks to the ksymsoops tool. This is also possible to use /proc/kcore. Kcore is a memory image of the kernel and cannot be used through the cat command. GNU/Linux Kernel
  15. 15. More help <ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul>