Loading...
1.. SPDX-License-Identifier: GPL-2.0
2
3============================================================
4Provoking crashes with Linux Kernel Dump Test Module (LKDTM)
5============================================================
6
7The lkdtm module provides an interface to disrupt (and usually crash)
8the kernel at predefined code locations to evaluate the reliability of
9the kernel's exception handling and to test crash dumps obtained using
10different dumping solutions. The module uses KPROBEs to instrument the
11trigger location, but can also trigger the kernel directly without KPROBE
12support via debugfs.
13
14You can select the location of the trigger ("crash point name") and the
15type of action ("crash point type") either through module arguments when
16inserting the module, or through the debugfs interface.
17
18Usage::
19
20 insmod lkdtm.ko [recur_count={>0}] cpoint_name=<> cpoint_type=<>
21 [cpoint_count={>0}]
22
23recur_count
24 Recursion level for the stack overflow test. By default this is
25 dynamically calculated based on kernel configuration, with the
26 goal of being just large enough to exhaust the kernel stack. The
27 value can be seen at `/sys/module/lkdtm/parameters/recur_count`.
28
29cpoint_name
30 Where in the kernel to trigger the action. It can be
31 one of INT_HARDWARE_ENTRY, INT_HW_IRQ_EN, INT_TASKLET_ENTRY,
32 FS_SUBMIT_BH, MEM_SWAPOUT, TIMERADD, SCSI_QUEUE_RQ, or DIRECT.
33
34cpoint_type
35 Indicates the action to be taken on hitting the crash point.
36 These are numerous, and best queried directly from debugfs. Some
37 of the common ones are PANIC, BUG, EXCEPTION, LOOP, and OVERFLOW.
38 See the contents of `/sys/kernel/debug/provoke-crash/DIRECT` for
39 a complete list.
40
41cpoint_count
42 Indicates the number of times the crash point is to be hit
43 before triggering the action. The default is 10 (except for
44 DIRECT, which always fires immediately).
45
46You can also induce failures by mounting debugfs and writing the type to
47<debugfs>/provoke-crash/<crashpoint>. E.g.::
48
49 mount -t debugfs debugfs /sys/kernel/debug
50 echo EXCEPTION > /sys/kernel/debug/provoke-crash/INT_HARDWARE_ENTRY
51
52The special file `DIRECT` will induce the action directly without KPROBE
53instrumentation. This mode is the only one available when the module is
54built for a kernel without KPROBEs support::
55
56 # Instead of having a BUG kill your shell, have it kill "cat":
57 cat <(echo WRITE_RO) >/sys/kernel/debug/provoke-crash/DIRECT
1===============
2Provoke crashes
3===============
4
5The lkdtm module provides an interface to crash or injure the kernel at
6predefined crashpoints to evaluate the reliability of crash dumps obtained
7using different dumping solutions. The module uses KPROBEs to instrument
8crashing points, but can also crash the kernel directly without KRPOBE
9support.
10
11
12You can provide the way either through module arguments when inserting
13the module, or through a debugfs interface.
14
15Usage::
16
17 insmod lkdtm.ko [recur_count={>0}] cpoint_name=<> cpoint_type=<>
18 [cpoint_count={>0}]
19
20recur_count
21 Recursion level for the stack overflow test. Default is 10.
22
23cpoint_name
24 Crash point where the kernel is to be crashed. It can be
25 one of INT_HARDWARE_ENTRY, INT_HW_IRQ_EN, INT_TASKLET_ENTRY,
26 FS_DEVRW, MEM_SWAPOUT, TIMERADD, SCSI_DISPATCH_CMD,
27 IDE_CORE_CP, DIRECT
28
29cpoint_type
30 Indicates the action to be taken on hitting the crash point.
31 It can be one of PANIC, BUG, EXCEPTION, LOOP, OVERFLOW,
32 CORRUPT_STACK, UNALIGNED_LOAD_STORE_WRITE, OVERWRITE_ALLOCATION,
33 WRITE_AFTER_FREE,
34
35cpoint_count
36 Indicates the number of times the crash point is to be hit
37 to trigger an action. The default is 10.
38
39You can also induce failures by mounting debugfs and writing the type to
40<mountpoint>/provoke-crash/<crashpoint>. E.g.::
41
42 mount -t debugfs debugfs /mnt
43 echo EXCEPTION > /mnt/provoke-crash/INT_HARDWARE_ENTRY
44
45
46A special file is `DIRECT` which will induce the crash directly without
47KPROBE instrumentation. This mode is the only one available when the module
48is built on a kernel without KPROBEs support.