SlideShare uma empresa Scribd logo

Understanding a kernel oops and a kernel panic

Joseph Lu
Joseph Lu

Introduce a kernel oops and a kernel panic

Engenharia
1 de 39
Baixar para ler offline
Understanding a Kernel Oops and a Kernel panic Linux Kernel Version 4.9.8 Joseph Lu joseph78715@gmail.com
Page 2 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In user space : Segmentation fault 1
Page 3 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) Oops – In kernel space : kernel oops. – In user space : Segmentation fault 2
Page 4 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) • “kernel oops" will kill the process to keep system running, unless “kernel oops" are bad enough to cause “kernel panic”. Oops moderate do_exit() – In kernel space : kernel oops. – In user space : Segmentation fault 3
Page 5 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) • “kernel oops" will kill the process to keep system running, unless “kernel oops" are bad enough to cause “kernel panic”. • “kernel panic” means the system decides to stop running immediately. Oops Panic severe moderate do_exit() – In kernel space : kernel oops. – In user space : Segmentation fault 4
Page 6 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. • illegal instruction (SIGILL) 5
Page 7 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction • illegal instruction (SIGILL) 6
Page 8 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction cause panic: It handles the impossible case in the interrupt vectors • bad_mode() → die(“Oops - bad mode”, …); illegal instruction • illegal instruction (SIGILL) die() Oops 7
Page 9 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction cause panic: It handles the impossible case in the interrupt vectors • bad_mode() → die(“Oops - bad mode”, …); illegal instruction die() Oops Panic() → panic(“bad mode”); • illegal instruction (SIGILL) 8
Page 10 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction cause panic: It handles the impossible case in the interrupt vectors • bad_mode() → die(“Oops - bad mode”, …); illegal instruction die() Oops Panic() → panic(“bad mode”); • illegal instruction (SIGILL) 9
Page 11 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause panic: It handles the impossible case in the interrupt vectors 10
Page 12 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() arm_notify_die() Oops illegal instruction cause panic: It handles the impossible case in the interrupt vectors 11 user_mode No Yes force_sig_info()
Page 13 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 12 arm_notify_die() Oops user_mode No Yes force_sig_info()
Page 14 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 13 arm_notify_die() Oops user_mode No Yes force_sig_info()
Page 15 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 4. unknown data abort : data accesses (load or store) • alignment faults, translation faults, access bit faults, domain faults, permission faults. • E.g. Unaligned memory access, Memory access to reserved areas, A write to ROM (flash) space • E.g. baddataabort() → arm_notify_die(“unknown data abort code”, …) • E.g. do_DataAbort() → arm_notify_die("", ...); 14 arm_notify_die() Oops user_mode No Yes force_sig_info()
Page 16 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors instruction translation lookaside buffer (ITLB) and a data translation lookaside buffer (DTLB) aren't seeing the same picture. 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 4. unknown data abort : data accesses (load or store) • alignment faults, translation faults, access bit faults, domain faults, permission faults. • E.g. Unaligned memory access, Memory access to reserved areas, A write to ROM (flash) space • E.g. baddataabort() → arm_notify_die(“unknown data abort code”, …) • E.g. do_DataAbort() → arm_notify_die("", ...); 15 arm_notify_die() Oops user_mode No Yes force_sig_info()
Page 17 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 4. unknown data abort : data accesses (load or store) • alignment faults, translation faults, access bit faults, domain faults, permission faults. • E.g. Unaligned memory access, Memory access to reserved areas, A write to ROM (flash) space • E.g. baddataabort() → arm_notify_die(“unknown data abort code”, …) • E.g. do_DataAbort() → arm_notify_die("", ...); 5. prefetch-abort : • do_PrefetchAbort() → arm_notify_die("",…); 16 arm_notify_die() Oops user_mode No Yes force_sig_info()
Page 18 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction arm_notify_die() Oops user_mode No Yes force_sig_info() 17
Page 19 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction arm_notify_die() Oops user_mode No Yes force_sig_info() __do_kernel_fault() 18
Page 20 Linux kernel oops • __do_kernel_fault : oops • __do_user_fault : SIGENV 19
Page 21 code flow of data abort(1/2) Macro start Macro end 20
Page 22 code flow of data abort (2/2) 21
Page 23 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort __do_kernel_fault() Oops illegal instruction cause panic: It handles the impossible case in the interrupt vectors 22
Page 24 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 23
Page 25 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) do_bad_area() Where does it happen? __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 24 No fixup the exception
Page 26 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) In user space __do_user_fault() Segmentation fault do_bad_area() Where does it happen? __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 25 No fixup the exception
Page 27 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) In user space __do_user_fault() Segmentation fault do_bad_area() Where does it happen? in Kernel Space __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 26 No fixup the exception
Page 28 … 27 Linux kernel oops
Page 29 Linux Kernel panic
Page 30 Linux Kernel panic __do_kernel_fault() Oops … 28
Page 31 Linux Kernel panic __do_kernel_fault() Oops Oop_end() … 29
Page 32 Linux Kernel panic __do_kernel_fault() Oops Oop_end() do_exit() … moderate 30
Page 33 Linux Kernel panic __do_kernel_fault() Oops Oop_end() do_exit() panic() … moderate severe 31
Page 34 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In process context do_exit() panic() … severe 32
Page 35 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In Interrupt context Or panic_on_oops is set In process context do_exit() panic() … 33
Page 36 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In Interrupt context Or panic_on_oops is set In process context do_exit() panic() … 34
Page 37 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In Interrupt context Or panic_on_oops is set In process context do_exit() panic() … console_verbose() dump_stack() panic_smp_self_stop() & smp_send_stop() shut down other CPUs panic_timeout ==0 Delay timeout seconds while(1) emergency_restart() No Yes 35
Page 38 Introduce Crash Dump Mechanism in Linux 1. Kdump : build a separate custom dump-capture kernel for capturing the kernel core dump 2. Ramoops : log data into persistent the RAM storage 3. Mtdoops : log data into MTD partition 4. Reserved-memory 36
Page 39 Thank you for listening

Recomendados

spinlock.pdf
spinlock.pdfspinlock.pdf
spinlock.pdf
Adrian Huang
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)
shimosawa
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)
shimosawa
 
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedVmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Adrian Huang
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introduction
Gene Chang
 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux Kernel
Adrian Huang
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
Houcheng Lin
 
Linux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver OverviewLinux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver Overview
RajKumar Rampelli
 

Recomendados

spinlock.pdf
spinlock.pdfspinlock.pdf
spinlock.pdf
Adrian Huang
 
Linux Initialization Process (2)
Linux Initialization Process (2)Linux Initialization Process (2)
Linux Initialization Process (2)
shimosawa
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)
shimosawa
 
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedVmlinux: anatomy of bzimage and how x86 64 processor is booted
Vmlinux: anatomy of bzimage and how x86 64 processor is booted
Adrian Huang
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introduction
Gene Chang
 
Slab Allocator in Linux Kernel
Slab Allocator in Linux KernelSlab Allocator in Linux Kernel
Slab Allocator in Linux Kernel
Adrian Huang
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
Houcheng Lin
 
Linux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver OverviewLinux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver Overview
RajKumar Rampelli
 
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
Adrian Huang
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernel
Adrian Huang
 
Process Address Space: The way to create virtual address (page table) of user...
Process Address Space: The way to create virtual address (page table) of user...Process Address Space: The way to create virtual address (page table) of user...
Process Address Space: The way to create virtual address (page table) of user...
Adrian Huang
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
Yan Vugenfirer
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in Linux
Adrian Huang
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
Brendan Gregg
 
Network Drivers
Network DriversNetwork Drivers
Network Drivers
Anil Kumar Pugalia
 
U boot-boot-flow
U boot-boot-flowU boot-boot-flow
U boot-boot-flow
BabuSubashChandar Chandra Mohan
 
Anatomy of the loadable kernel module (lkm)
Anatomy of the loadable kernel module (lkm)Anatomy of the loadable kernel module (lkm)
Anatomy of the loadable kernel module (lkm)
Adrian Huang
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
Kernel TLV
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
Houcheng Lin
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Jian-Hong Pan
 
Physical Memory Models.pdf
Physical Memory Models.pdfPhysical Memory Models.pdf
Physical Memory Models.pdf
Adrian Huang
 
Hands-on ethernet driver
Hands-on ethernet driverHands-on ethernet driver
Hands-on ethernet driver
SUSE Labs Taipei
 
Linux dma engine
Linux dma engineLinux dma engine
Linux dma engine
pradeep_tewani
 
Linux Serial Driver
Linux Serial DriverLinux Serial Driver
Linux Serial Driver
艾鍗科技
 
Memory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelMemory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux Kernel
Adrian Huang
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)
Gavin Guo
 
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdsotwlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
Viller Hsiao
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
Satpal Parmar
 
[Kiwicon 2011] Post Memory Corruption Memory Analysis
[Kiwicon 2011] Post Memory Corruption Memory Analysis[Kiwicon 2011] Post Memory Corruption Memory Analysis
[Kiwicon 2011] Post Memory Corruption Memory Analysis
Moabi.com
 
[HITB Malaysia 2011] Exploit Automation
[HITB Malaysia 2011] Exploit Automation[HITB Malaysia 2011] Exploit Automation
[HITB Malaysia 2011] Exploit Automation
Moabi.com
 

Mais conteúdo relacionado

Mais procurados

Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
Houcheng Lin
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Jian-Hong Pan
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)
Gavin Guo
 

Mais procurados (20)

qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
qemu + gdb: The efficient way to understand/debug Linux kernel code/data stru...
 
Page cache in Linux kernel
Page cache in Linux kernelPage cache in Linux kernel
Page cache in Linux kernel
 
Process Address Space: The way to create virtual address (page table) of user...
Process Address Space: The way to create virtual address (page table) of user...Process Address Space: The way to create virtual address (page table) of user...
Process Address Space: The way to create virtual address (page table) of user...
 
Qemu device prototyping
Qemu device prototypingQemu device prototyping
Qemu device prototyping
 
malloc & vmalloc in Linux
malloc & vmalloc in Linuxmalloc & vmalloc in Linux
malloc & vmalloc in Linux
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)
 
Network Drivers
Network DriversNetwork Drivers
Network Drivers
 
U boot-boot-flow
U boot-boot-flowU boot-boot-flow
U boot-boot-flow
 
Anatomy of the loadable kernel module (lkm)
Anatomy of the loadable kernel module (lkm)Anatomy of the loadable kernel module (lkm)
Anatomy of the loadable kernel module (lkm)
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast Storage
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
 
Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021Let's trace Linux Lernel with KGDB @ COSCUP 2021
Let's trace Linux Lernel with KGDB @ COSCUP 2021
 
Physical Memory Models.pdf
Physical Memory Models.pdfPhysical Memory Models.pdf
Physical Memory Models.pdf
 
Hands-on ethernet driver
Hands-on ethernet driverHands-on ethernet driver
Hands-on ethernet driver
 
Linux dma engine
Linux dma engineLinux dma engine
Linux dma engine
 
Linux Serial Driver
Linux Serial DriverLinux Serial Driver
Linux Serial Driver
 
Memory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux KernelMemory Mapping Implementation (mmap) in Linux Kernel
Memory Mapping Implementation (mmap) in Linux Kernel
 
How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)How to use KASAN to debug memory corruption in OpenStack environment- (2)
How to use KASAN to debug memory corruption in OpenStack environment- (2)
 
twlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdsotwlkh-linux-vsyscall-and-vdso
twlkh-linux-vsyscall-and-vdso
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 

Semelhante a Understanding a kernel oops and a kernel panic

Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
Luis Grangeia
 
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
Moabi.com
 
Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009
Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009
Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009
Tsukasa Oi
 
"egg" - A stealth fine grained code analyzer
"egg" - A stealth fine grained code analyzer"egg" - A stealth fine grained code analyzer
"egg" - A stealth fine grained code analyzer
FFRI, Inc.
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
Francisco Ribeiro
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on it
Zubair Nabi
 

Semelhante a Understanding a kernel oops and a kernel panic (20)

[Kiwicon 2011] Post Memory Corruption Memory Analysis
[Kiwicon 2011] Post Memory Corruption Memory Analysis[Kiwicon 2011] Post Memory Corruption Memory Analysis
[Kiwicon 2011] Post Memory Corruption Memory Analysis
 
[HITB Malaysia 2011] Exploit Automation
[HITB Malaysia 2011] Exploit Automation[HITB Malaysia 2011] Exploit Automation
[HITB Malaysia 2011] Exploit Automation
 
Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1 Reverse Engineering the TomTom Runner pt. 1
Reverse Engineering the TomTom Runner pt. 1
 
Onion and Swiss Cheese: Security Revisited
Onion and Swiss Cheese: Security RevisitedOnion and Swiss Cheese: Security Revisited
Onion and Swiss Cheese: Security Revisited
 
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdfBasics_of_Kernel_Panic_Hang_and_ Kdump.pdf
Basics_of_Kernel_Panic_Hang_and_ Kdump.pdf
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
 
0x003 - Exploiting LOLDrivers - Physical Memory Mayhem
0x003 - Exploiting LOLDrivers - Physical Memory Mayhem0x003 - Exploiting LOLDrivers - Physical Memory Mayhem
0x003 - Exploiting LOLDrivers - Physical Memory Mayhem
 
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...
 
Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009
Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009
Stealthy Rootkit : How bad guy fools live memory forensics? - PacSec 2009
 
Steelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with PythonSteelcon 2014 - Process Injection with Python
Steelcon 2014 - Process Injection with Python
 
Techno-Fest-15nov16
Techno-Fest-15nov16Techno-Fest-15nov16
Techno-Fest-15nov16
 
[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis[CCC-28c3] Post Memory Corruption Memory Analysis
[CCC-28c3] Post Memory Corruption Memory Analysis
 
[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory Analysis[Ruxcon 2011] Post Memory Corruption Memory Analysis
[Ruxcon 2011] Post Memory Corruption Memory Analysis
 
"egg" - A stealth fine grained code analyzer
"egg" - A stealth fine grained code analyzer"egg" - A stealth fine grained code analyzer
"egg" - A stealth fine grained code analyzer
 
You suck at Memory Analysis
You suck at Memory AnalysisYou suck at Memory Analysis
You suck at Memory Analysis
 
Talk 160920 @ Cat System Workshop
Talk 160920 @ Cat System WorkshopTalk 160920 @ Cat System Workshop
Talk 160920 @ Cat System Workshop
 
AOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on itAOS Lab 4: If you liked it, then you should have put a “lock” on it
AOS Lab 4: If you liked it, then you should have put a “lock” on it
 
Rubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystemRubinius - Improving the Rails ecosystem
Rubinius - Improving the Rails ecosystem
 
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
Vale Security Conference - 2011 - 17 - Rodrigo Rubira Branco (BSDaemon)
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
 

Último

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Último (20)

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 

Understanding a kernel oops and a kernel panic

  • 1. Understanding a Kernel Oops and a Kernel panic Linux Kernel Version 4.9.8 Joseph Lu joseph78715@gmail.com
  • 2. Page 2 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In user space : Segmentation fault 1
  • 3. Page 3 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) Oops – In kernel space : kernel oops. – In user space : Segmentation fault 2
  • 4. Page 4 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) • “kernel oops" will kill the process to keep system running, unless “kernel oops" are bad enough to cause “kernel panic”. Oops moderate do_exit() – In kernel space : kernel oops. – In user space : Segmentation fault 3
  • 5. Page 5 Understanding a Kernel Oops and a Kernel panic • illegal instruction (SIGILL), illegal memory access (SIGSEGV) • “kernel oops" will kill the process to keep system running, unless “kernel oops" are bad enough to cause “kernel panic”. • “kernel panic” means the system decides to stop running immediately. Oops Panic severe moderate do_exit() – In kernel space : kernel oops. – In user space : Segmentation fault 4
  • 6. Page 6 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. • illegal instruction (SIGILL) 5
  • 7. Page 7 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction • illegal instruction (SIGILL) 6
  • 8. Page 8 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction cause panic: It handles the impossible case in the interrupt vectors • bad_mode() → die(“Oops - bad mode”, …); illegal instruction • illegal instruction (SIGILL) die() Oops 7
  • 9. Page 9 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction cause panic: It handles the impossible case in the interrupt vectors • bad_mode() → die(“Oops - bad mode”, …); illegal instruction die() Oops Panic() → panic(“bad mode”); • illegal instruction (SIGILL) 8
  • 10. Page 10 Linux kernel oops , illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction cause panic: It handles the impossible case in the interrupt vectors • bad_mode() → die(“Oops - bad mode”, …); illegal instruction die() Oops Panic() → panic(“bad mode”); • illegal instruction (SIGILL) 9
  • 11. Page 11 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause panic: It handles the impossible case in the interrupt vectors 10
  • 12. Page 12 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() arm_notify_die() Oops illegal instruction cause panic: It handles the impossible case in the interrupt vectors 11 user_mode No Yes force_sig_info()
  • 13. Page 13 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 12 arm_notify_die() Oops user_mode No Yes force_sig_info()
  • 14. Page 14 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 13 arm_notify_die() Oops user_mode No Yes force_sig_info()
  • 15. Page 15 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 4. unknown data abort : data accesses (load or store) • alignment faults, translation faults, access bit faults, domain faults, permission faults. • E.g. Unaligned memory access, Memory access to reserved areas, A write to ROM (flash) space • E.g. baddataabort() → arm_notify_die(“unknown data abort code”, …) • E.g. do_DataAbort() → arm_notify_die("", ...); 14 arm_notify_die() Oops user_mode No Yes force_sig_info()
  • 16. Page 16 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors instruction translation lookaside buffer (ITLB) and a data translation lookaside buffer (DTLB) aren't seeing the same picture. 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 4. unknown data abort : data accesses (load or store) • alignment faults, translation faults, access bit faults, domain faults, permission faults. • E.g. Unaligned memory access, Memory access to reserved areas, A write to ROM (flash) space • E.g. baddataabort() → arm_notify_die(“unknown data abort code”, …) • E.g. do_DataAbort() → arm_notify_die("", ...); 15 arm_notify_die() Oops user_mode No Yes force_sig_info()
  • 17. Page 17 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() illegal instruction cause panic: It handles the impossible case in the interrupt vectors 2. unrecognised system calls : • arm_syscall() → arm_notify_die("Oops - bad syscall(2)", …) 3. undefined cpu instruction : • do_undefinstr() → arm_notify_die("Oops - undefined instruction", …) 4. unknown data abort : data accesses (load or store) • alignment faults, translation faults, access bit faults, domain faults, permission faults. • E.g. Unaligned memory access, Memory access to reserved areas, A write to ROM (flash) space • E.g. baddataabort() → arm_notify_die(“unknown data abort code”, …) • E.g. do_DataAbort() → arm_notify_die("", ...); 5. prefetch-abort : • do_PrefetchAbort() → arm_notify_die("",…); 16 arm_notify_die() Oops user_mode No Yes force_sig_info()
  • 18. Page 18 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction arm_notify_die() Oops user_mode No Yes force_sig_info() 17
  • 19. Page 19 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction arm_notify_die() Oops user_mode No Yes force_sig_info() __do_kernel_fault() 18
  • 20. Page 20 Linux kernel oops • __do_kernel_fault : oops • __do_user_fault : SIGENV 19
  • 21. Page 21 code flow of data abort(1/2) Macro start Macro end 20
  • 22. Page 22 code flow of data abort (2/2) 21
  • 23. Page 23 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort __do_kernel_fault() Oops illegal instruction cause panic: It handles the impossible case in the interrupt vectors 22
  • 24. Page 24 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 23
  • 25. Page 25 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) do_bad_area() Where does it happen? __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 24 No fixup the exception
  • 26. Page 26 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) In user space __do_user_fault() Segmentation fault do_bad_area() Where does it happen? __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 25 No fixup the exception
  • 27. Page 27 Linux kernel oops • illegal instruction (SIGILL), illegal memory access (SIGSEGV) – In kernel : Cause of an oops. illegal memory access do_translation_fault (E.g Null pointer exception) In user space __do_user_fault() Segmentation fault do_bad_area() Where does it happen? in Kernel Space __do_kernel_fault() Oops illegal instruction illegal instruction cause oops : 1. Call BUG() 2. unrecognised system calls 3. undefined cpu instruction 4. unknown data abort 5. prefetch-abort illegal instruction cause panic: It handles the impossible case in the interrupt vectors 26 No fixup the exception
  • 30. Page 30 Linux Kernel panic __do_kernel_fault() Oops … 28
  • 31. Page 31 Linux Kernel panic __do_kernel_fault() Oops Oop_end() … 29
  • 32. Page 32 Linux Kernel panic __do_kernel_fault() Oops Oop_end() do_exit() … moderate 30
  • 33. Page 33 Linux Kernel panic __do_kernel_fault() Oops Oop_end() do_exit() panic() … moderate severe 31
  • 34. Page 34 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In process context do_exit() panic() … severe 32
  • 35. Page 35 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In Interrupt context Or panic_on_oops is set In process context do_exit() panic() … 33
  • 36. Page 36 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In Interrupt context Or panic_on_oops is set In process context do_exit() panic() … 34
  • 37. Page 37 Linux Kernel panic __do_kernel_fault() Oops Oop_end() In Interrupt context Or panic_on_oops is set In process context do_exit() panic() … console_verbose() dump_stack() panic_smp_self_stop() & smp_send_stop() shut down other CPUs panic_timeout ==0 Delay timeout seconds while(1) emergency_restart() No Yes 35
  • 38. Page 38 Introduce Crash Dump Mechanism in Linux 1. Kdump : build a separate custom dump-capture kernel for capturing the kernel core dump 2. Ramoops : log data into persistent the RAM storage 3. Mtdoops : log data into MTD partition 4. Reserved-memory 36
  • 39. Page 39 Thank you for listening