lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 03 Jun 2010 14:33:03 +0200
From:	Vitaly Mayatskikh <v.mayatskih@...il.com>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	Vitaly Mayatskikh <v.mayatskih@...il.com>,
	Vivek Goyal <vgoyal@...hat.com>, linux-kernel@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Randy Dunlap <rdunlap@...otime.net>
Subject: Re: [PATCH 0/5] kdump: extract log buffer and registers from	vmcore on NMI button pressing

At Thu, 03 Jun 2010 11:30:01 +0200, Andi Kleen wrote:

> > Obviously, this change doesn't help if 2nd kernel is not able to
> > boot. But there are other problems, which may prevent vmcore to be
> > captured. For example, machine has RAM > HDD and it may save vmcore
> > only over network. If network fails (e.g., due to bugs in NIC drivers
> > or NFS, what is not so rare), and dump capture environment is
> > non-interactive, or it doesn't have development tools like `crash',
> > there's no chance even to guess what has happened.
> 
> In this case you don't need NMI, sysrq or some /sys trigger
> is good enough.

Yes, it can be enough if you still can login. Also NMI-part is small
and can be easily changed/removed.

> NMI would be only needed if the crash kernel is completely
> hosed too.

That's the case.

> > Other possibilities of failure may include broken RAID controller,
> > HDD, RAM. NMI button in such situations is a last chance to see old
> > log.
> 
> The big problem is that the NMI is used by more and more subsystems,
> and several of them tend to eat all NMIs, so the leftovers are less and
> less.  Overall I would not consider it reliable.

True. But as a last hope, when nothing else helps, it still may be
worth trying :)

> Also NMI buttons are not actually all that common.

True as well. This feature is generally not for desktop systems, but
for large servers running critical apps. Usually such servers have NMI
button facility (directly at front of chassis or as a function in
remote console software).
 
> I'm also not sure you really need the analysis in kernel space.
> 
> Why not have a user space program that does a quick analysis
> of the previous vmcore and dumps a summary only?  In fact 
> I suspect crash can already do that.

I agree, that's fine and usually is enough, if it's still possible to
login into system and run this utility.  What about scenario when
console session is available only for 1 unit in the rack at the same
time, main kernel crashed, and dump capture environment stuck? User
attaches to that machine, but cannot even login, so the kdump kernel
is probably also semi-dead. Also he don't see analysis dump, produced
by the utility, because he attached too late to see it's output.
-- 
wbr, Vitaly
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ