Weekly Edition
Return to the Kernel page
| |||||||||||||
A module for crashing the kernel
Normally, a kernel which doesn't crash is considered to be a good thing.
It can be a source of true frustration, though, for those who want to see
the system go down in flames. The reliability of the system means that
somebody waiting for a crash may grow old indeed in the process.
Simon Kagstrom has heard the pain expressed by such users; in response, he has posted a kernel module just for people who want to be able to destroy their systems on demand. This module creates a directory (provoke_crash) in debugfs, filled with a number of useful files. For those with simple needs, a write to bugon results in a straightforward BUG() call. Users with more discriminating tastes can write to null_dereference to cause a null pointer dereference, overwrite_allocation to write beyond a heap allocation, or corrupt_stack to overwrite the stack. And truly kinky users can go for oops_interrupt_context to get a null dereference in softirq mode, write_after_free to step on freed memory, or unaligned_load_store to perform badly-aligned memory operations. Needless to say, this isn't a module one would ordinarily want to leave loaded into a production system; it's better kept in a secret place and pulled out after the kids go to sleep. Unless, of course, you have a real use for it; Simon has been employing it to make sure that kmsg_dump() does the right thing in various crash scenarios. For most developers, though, work is normally dominated by the need to avoid crashes; since they'll have little use for this feature, it's not clear that this little module will ever make its way into the mainline. (Log in to post comments)
A module for crashing the kernel Posted Jan 28, 2010 3:05 UTC (Thu) by pr1268 (subscriber, #24648) [Link] > it's not clear that this little module will ever make its way into the mainline. Why not? Windows 2000 and XP have a similar feature (invoked by a keystroke combination). Of course, I'd personally be afraid of this module lurking in my kernel. One malicious script writing to any of the files in the provoke_crash directory with this module active would be disastrous.
A module for crashing the kernel Posted Jan 28, 2010 6:44 UTC (Thu) by lkundrak (guest, #43452) [Link]
One malicious script could write /dev/mem as well.
A module for crashing the kernel Posted Jan 28, 2010 9:31 UTC (Thu) by SimonKagstrom (subscriber, #49801) [Link] I did add some helpful Kconfig messages for that: NOTE: This feature is dangerous! [...] If unsure, say N. :-).There was some opposition against it (NULL dereferences can be done through /proc/sysrq-trigger already) so it looks like it won't get merged. Anyway, the patch is out now, so if someone else needs something similar it should be easy to find.
A module for crashing the kernel Posted Jan 28, 2010 4:10 UTC (Thu) by thedevil (guest, #32913) [Link]
What a coincidence, I just today added a hack in the form of a file in /proc/sys/kernel/ to cause an instant panic() if a non-zero value is written there. We need that to test that the hardware watchdog circuit in our platform does the right thing. I guess the need for this "functionality" may be wider than it seems :-)
A module for crashing the kernel Posted Jan 28, 2010 10:24 UTC (Thu) by dgm (subscriber, #49227) [Link]
Indeed, people in charge of testing highly reliable systems will appreciate this feature quite a lot.
A module for crashing the kernel Posted Jan 28, 2010 14:57 UTC (Thu) by Darkmere (subscriber, #53695) [Link]
Personally this would have been great when I was dealing with failover preparation before moving things to the datacenter. Being able to on demand crash certain VM's (no, not kill them, stop them or so, but really crash them) would have been great, since it's an alltogether different failure mode, and may need special care.
Yes, I really do hope this goes into mainline, It might have to be installed separately in a distribution ofc. but it's still good to have proper debug tools.
A module for crashing the kernel Posted Jan 28, 2010 15:35 UTC (Thu) by zmi (subscriber, #4829) [Link]
A good module to test stability. I'd like to have that in mainline, in order to test, for example:
1) HA (high availability) systems and failover 2) database hot-standby systems and failover 3) VMs (virtual machines) 4) the host of VMs (does it trash the VMs filesystems?) 5) filesystems in general
of course that module should be replaced on production systems, but it would be really great for stability testing. Why *not* include it? It doesn't change any other kernel code, and is easy to maintain.
Crash-only Linux? Posted Jan 29, 2010 8:40 UTC (Fri) by cpeterso (guest, #305) [Link] Maybe now is the time for the Linux kernel to adopt a "crash-only" shutdown policy [1]. If your application or the kernel always shuts down gracefully, then you are not really testing your recovery code (and you are wasting time cleaning up resources). Always crashing on shutdown will force developers to consider error-handling and recovery from (inevitable!) crashes.
Crash-only Linux? Posted Jan 29, 2010 17:50 UTC (Fri) by MattPerry (guest, #46341) [Link]
I couldn't agree more. I yearn for the days when the OS was always in a state where it could be powered down. Are you done using your computer? Just turn the power switch off. Now we have to "shutdown" which is a pain and takes time. I'd prefer the system was always in a state ready to be turned off safely, even it if took longer to operate.
Crash-only Linux? Posted Jan 29, 2010 17:56 UTC (Fri) by corbet (editor, #1) [Link] Interesting...the only machine I've ever used that could just be turned off was a Data General Nova with core memory; turn it on, and it just picked up where it left off. Every other system I've ever used was unhappy with an abrupt turn-off.
Crash-only Linux? Posted Jan 29, 2010 18:08 UTC (Fri) by clugstj (subscriber, #4020) [Link]
DOS never had a "shutdown" command AFAIR. When you were done w/ your IBM PC, you flipped the power switch - of course, you never did this while it was writing to your (floppy) drives.
Crash-only Linux? Posted Jan 29, 2010 18:33 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
.. or when you were writing to your hard drive.
you can do this today with linux, just mount all your filesystems syncronously and you will have a system that you can shutdown at any time that it's not writing to your disk.
you will also have a system that you will find unusably slow, you don't realize how much you gain from not waiting for writes to hit disk before continuing.
Crash-only Linux? Posted Feb 1, 2010 13:29 UTC (Mon) by Cato (subscriber, #7643) [Link]
Actually it's quite viable to use synchronous writes on filesystems - that's how I set up all my Linux systems, having had some major hassles with data corruption on ext3. There is some performance hit but it's still a lot faster than my Windows XP laptop which has about the same CPU and RAM.
See http://lwn.net/Articles/350072/ for the details - however, I now think that the only problem is not having synchronous writes, and that LVM is largely OK. This makes sense given that LVM is used a lot in enterprise Linux servers.
Crash-only Linux? Posted Jan 30, 2010 16:57 UTC (Sat) by filipjoelsson (subscriber, #2622) [Link]
AFAIR you had to park the harddrive on most systems with such a device back in the day, so that wasn't universal. The Commodore 64 OTOH, was an instant off computer. ;)
Crash-only Linux? Posted Jan 30, 2010 18:03 UTC (Sat) by SimonKagstrom (subscriber, #49801) [Link] Only if you weren't saving something to the tape!Anyway, you can use halt -f to achieve the same thing you a Linux computer. You can probably also bind it to the ACPI event when the power button is pressed to get the desired behavior. The less brave among us would do a sync first :-)
Crash-only Linux? Posted Jan 30, 2010 18:19 UTC (Sat) by MattPerry (guest, #46341) [Link]
My Amiga would allow you to to turn it off when you were done. No shutdown needed. This was a very unix-ish, fast, multitasking OS.
|
|||||||||||||