• Andi Kleen's avatar
    [PATCH] Support piping into commands in /proc/sys/kernel/core_pattern · d025c9db
    Andi Kleen authored
    Using the infrastructure created in previous patches implement support to
    pipe core dumps into programs.
    
    This is done by overloading the existing core_pattern sysctl
    with a new syntax:
    
    |program
    
    When the first character of the pattern is a '|' the kernel will instead
    threat the rest of the pattern as a command to run.  The core dump will be
    written to the standard input of that program instead of to a file.
    
    This is useful for having automatic core dump analysis without filling up
    disks.  The program can do some simple analysis and save only a summary of
    the core dump.
    
    The core dump proces will run with the privileges and in the name space of
    the process that caused the core dump.
    
    I also increased the core pattern size to 128 bytes so that longer command
    lines fit.
    
    Most of the changes comes from allowing core dumps without seeks.  They are
    fairly straight forward though.
    
    One small incompatibility is that if someone had a core pattern previously
    that started with '|' they will get suddenly new behaviour.  I think that's
    unlikely to be a real problem though.
    
    Additional background:
    
    > Very nice, do you happen to have a program that can accept this kind of
    > input for crash dumps?  I'm guessing that the embedded people will
    > really want this functionality.
    
    I had a cheesy demo/prototype.  Basically it wrote the dump to a file again,
    ran gdb on it to get a backtrace and wrote the summary to a shared directory.
    Then there was a simple CGI script to generate a "top 10" crashes HTML
    listing.
    
    Unfortunately this still had the disadvantage to needing full disk space for a
    dump except for deleting it afterwards (in fact it was worse because over the
    pipe holes didn't work so if you have a holey address map it would require
    more space).
    
    Fortunately gdb seems to be happy to handle /proc/pid/fd/xxx input pipes as
    cores (at least it worked with zsh's =(cat core) syntax), so it would be
    likely possible to do it without temporary space with a simple wrapper that
    calls it in the right way.  I ran out of time before doing that though.
    
    The demo prototype scripts weren't very good.  If there is really interest I
    can dig them out (they are currently on a laptop disk on the desk with the
    laptop itself being in service), but I would recommend to rewrite them for any
    serious application of this and fix the disk space problem.
    
    Also to be really useful it should probably find a way to automatically fetch
    the debuginfos (I cheated and just installed them in advance).  If nobody else
    does it I can probably do the rewrite myself again at some point.
    
    My hope at some point was that desktops would support it in their builtin
    crash reporters, but at least the KDE people I talked too seemed to be happy
    with their user space only solution.
    
    Alan sayeth:
    
      I don't believe that piping as such as neccessarily the right model, but
      the ability to intercept and processes core dumps from user space is asked
      for by many enterprise users as well.  They want to know about, capture,
      analyse and process core dumps, often centrally and in automated form.
    
    [akpm@osdl.org: loff_t != unsigned long]
    Signed-off-by: default avatarAndi Kleen <ak@suse.de>
    Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
    d025c9db
binfmt_elf.c 45.5 KB