Commit | Line | Data |
---|---|---|
ac8bf0de | 1 | .. SPDX-License-Identifier: GPL-2.0 |
10ffebbe | 2 | |
ac8bf0de KC |
3 | ============================================================ |
4 | Provoking crashes with Linux Kernel Dump Test Module (LKDTM) | |
5 | ============================================================ | |
10ffebbe | 6 | |
ac8bf0de KC |
7 | The lkdtm module provides an interface to disrupt (and usually crash) |
8 | the kernel at predefined code locations to evaluate the reliability of | |
9 | the kernel's exception handling and to test crash dumps obtained using | |
10 | different dumping solutions. The module uses KPROBEs to instrument the | |
11 | trigger location, but can also trigger the kernel directly without KPROBE | |
12 | support via debugfs. | |
10ffebbe | 13 | |
ac8bf0de KC |
14 | You can select the location of the trigger ("crash point name") and the |
15 | type of action ("crash point type") either through module arguments when | |
16 | inserting the module, or through the debugfs interface. | |
10ffebbe MCC |
17 | |
18 | Usage:: | |
19 | ||
20 | insmod lkdtm.ko [recur_count={>0}] cpoint_name=<> cpoint_type=<> | |
21 | [cpoint_count={>0}] | |
22 | ||
23 | recur_count | |
ac8bf0de KC |
24 | Recursion level for the stack overflow test. By default this is |
25 | dynamically calculated based on kernel configuration, with the | |
26 | goal of being just large enough to exhaust the kernel stack. The | |
27 | value can be seen at `/sys/module/lkdtm/parameters/recur_count`. | |
10ffebbe MCC |
28 | |
29 | cpoint_name | |
ac8bf0de | 30 | Where in the kernel to trigger the action. It can be |
10ffebbe MCC |
31 | one of INT_HARDWARE_ENTRY, INT_HW_IRQ_EN, INT_TASKLET_ENTRY, |
32 | FS_DEVRW, MEM_SWAPOUT, TIMERADD, SCSI_DISPATCH_CMD, | |
ac8bf0de | 33 | IDE_CORE_CP, or DIRECT |
10ffebbe MCC |
34 | |
35 | cpoint_type | |
36 | Indicates the action to be taken on hitting the crash point. | |
ac8bf0de KC |
37 | These are numerous, and best queried directly from debugfs. Some |
38 | of the common ones are PANIC, BUG, EXCEPTION, LOOP, and OVERFLOW. | |
39 | See the contents of `/sys/kernel/debug/provoke-crash/DIRECT` for | |
40 | a complete list. | |
10ffebbe MCC |
41 | |
42 | cpoint_count | |
43 | Indicates the number of times the crash point is to be hit | |
ac8bf0de KC |
44 | before triggering the action. The default is 10 (except for |
45 | DIRECT, which always fires immediately). | |
10ffebbe MCC |
46 | |
47 | You can also induce failures by mounting debugfs and writing the type to | |
ac8bf0de | 48 | <debugfs>/provoke-crash/<crashpoint>. E.g.:: |
10ffebbe | 49 | |
ac8bf0de KC |
50 | mount -t debugfs debugfs /sys/kernel/debug |
51 | echo EXCEPTION > /sys/kernel/debug/provoke-crash/INT_HARDWARE_ENTRY | |
10ffebbe | 52 | |
ac8bf0de KC |
53 | The special file `DIRECT` will induce the action directly without KPROBE |
54 | instrumentation. This mode is the only one available when the module is | |
55 | built for a kernel without KPROBEs support:: | |
10ffebbe | 56 | |
ac8bf0de KC |
57 | # Instead of having a BUG kill your shell, have it kill "cat": |
58 | cat <(echo WRITE_RO) >/sys/kernel/debug/provoke-crash/DIRECT |