Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 1e34064b60552616b2767d22f2e6f440ced09acb / . / Documentation / fault-injection / provoke-crashes.rst
blob: 3abe84225613903f373416724b7a0f25e3bcc2f2 [file] [log] [blame]
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]1.. SPDX-License-Identifier: GPL-2.0
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]2
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]3============================================================
4Provoking crashes with Linux Kernel Dump Test Module (LKDTM)
5============================================================
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]6
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]7The lkdtm module provides an interface to disrupt (and usually crash)
8the kernel at predefined code locations to evaluate the reliability of
9the kernel's exception handling and to test crash dumps obtained using
10different dumping solutions. The module uses KPROBEs to instrument the
11trigger location, but can also trigger the kernel directly without KPROBE
12support via debugfs.
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]13
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]14You can select the location of the trigger ("crash point name") and the
15type of action ("crash point type") either through module arguments when
16inserting the module, or through the debugfs interface.
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]17
18Usage::
19
20 insmod lkdtm.ko [recur_count={>0}] cpoint_name=<> cpoint_type=<>
21 [cpoint_count={>0}]
22
23recur_count
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]24 Recursion level for the stack overflow test. By default this is
25 dynamically calculated based on kernel configuration, with the
26 goal of being just large enough to exhaust the kernel stack. The
27 value can be seen at `/sys/module/lkdtm/parameters/recur_count`.
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]28
29cpoint_name
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]30 Where in the kernel to trigger the action. It can be
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]31 one of INT_HARDWARE_ENTRY, INT_HW_IRQ_EN, INT_TASKLET_ENTRY,
Kevin Mitchellb2159182021-08-18 19:29:40 -0700[diff] [blame]32 FS_DEVRW, MEM_SWAPOUT, TIMERADD, SCSI_QUEUE_RQ, or DIRECT.
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]33
34cpoint_type
35 Indicates the action to be taken on hitting the crash point.
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]36 These are numerous, and best queried directly from debugfs. Some
37 of the common ones are PANIC, BUG, EXCEPTION, LOOP, and OVERFLOW.
38 See the contents of `/sys/kernel/debug/provoke-crash/DIRECT` for
39 a complete list.
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]40
41cpoint_count
42 Indicates the number of times the crash point is to be hit
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]43 before triggering the action. The default is 10 (except for
44 DIRECT, which always fires immediately).
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]45
46You can also induce failures by mounting debugfs and writing the type to
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]47<debugfs>/provoke-crash/<crashpoint>. E.g.::
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]48
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]49 mount -t debugfs debugfs /sys/kernel/debug
50 echo EXCEPTION > /sys/kernel/debug/provoke-crash/INT_HARDWARE_ENTRY
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]51
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]52The special file `DIRECT` will induce the action directly without KPROBE
53instrumentation. This mode is the only one available when the module is
54built for a kernel without KPROBEs support::
Mauro Carvalho Chehab10ffebb2019-06-12 14:52:44 -0300[diff] [blame]55
Kees Cookac8bf0d2020-10-15 15:45:59 -0700[diff] [blame]56 # Instead of having a BUG kill your shell, have it kill "cat":
57 cat <(echo WRITE_RO) >/sys/kernel/debug/provoke-crash/DIRECT