Managing Crash Dumps & Core Files
When an OS has a fatal error, it generates a crash dump file (crash dump). When a process has a fatal error, it generates a core file.
If the Solaris OE kernel encounters a problem or when an unexpected hardware fault occurs, the panic routine is executed. Where memory contents are copied to a disk partition defined as a dump device.
When an OS crashes, the savecore command is automatically executed during a boot. The savecore command retrieves the crash dump from the dump device and the writes the crash dump to a pair of files in your FS.
It places kernel core info in the /var/crash/nodename/vmcore.X file
It places name list info & table info in the /var/crash/nodename/unix.X file
By default, the dump device is a swap partition. The swap partition contains temp data, therefore permanent data is overwritten by the crash dump.
# dumpadm -- To view the current dump configuration
Dump Content : Kernel pages (or) Application Pages (or) All
Dump device : /dev/dsk/c0t0d0s1 (swap)
Savecore directory : /var/crash/host1
Savecore enabled : yes
# cat /etc/dumpadm.conf -- Content of dumpadm command
Changing the Crash Dump configuration
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm \ min%] [-r root-dir] [-s savecore-dir]
-n Modifies the dump config so it does not run the savecore command automatically on
-u Forcibly updates the kernel dump config based on the contents of /etc/dumpadm.conf
-y Modifies the dump config so that the savecore command is run automatically on
reboot. This is default
-c content-type The content type can be kernel, all, or curproc. The curproc includes
the kernel, memoty pages and the memory page of the currently executing process
-d dump-device The dump device cab be an absolute path of swap
-m mink | minm | min% Creates a minfree file in the current savecore-dir
-r root-dir Specifies an alternative root directory relative to which dumpadm
command should create files. The default root dir “/” is used.
-s savecore-dir To mention savefiles dir. The default is /var/crash/hostname
Managing Core File Behavior
A core file is a point-in-time copy (snapshot) of the RAM allocated to a process. The copy is written to a more permanent medium, such as a HDD. A core file is useful in analyzing why a particular program crashed.
When a core file occurs, the OS generated two possible copies of the core files, one copy known as the global core file and the other copy known as per process core file. All depends on options in effect. Global core file is created in mode 600 and is owned by the superuser. Ordinary per-process core files are created in mode 600 under the credentials of the process.
# coreadm -- Displays the currnet core file config
global core file pattern : -- Identifies the name to use for core files placed in global directory
init core file pattern : core -- Identified the default name that per-process core files must use
global core dumps : disabled -- Indicates global core files are disabled
per-process core dumps : enabled
global setid core dumps : disabled
per-process setid core dumps : disabled
global core dump logging : disabled
# cat /etc/coreadm.conf -- Content of coreadm command
You can enable or disable two configurable core file paths, per-process and global, separately. If a global core file path is enabled and set to /corefiles/core, for eg. Then each process that terminates abnormally produces two core files: One in the current working directory, and one in the /corefiles/core directory.
coreadm [-p pattern] [pid]………. -- Users can run this command
coreadm [-g pattern] [-I pattern] [-d option……] [-e option…..] -- only root user can run
-i pattern Sets the per-process core file name pattern from init to pattern
-e option Enables the specified core file option
global Enables core dumps by using the global core pattern
process Enables core dumps by using the per-process core pattern
global-setid Enables setid core dump by using the global core pattern
proc-setid Enables setid core dumps by using the per-process core pattern
log Generates a syslog (3) message when a user attempts to generate a
global core file
-d option Disables the specified core file option. See the –e option for possible options
-u Updates system-wide core file options from the config file /etc/coreadm.conf.
-g pattern Sets the global core file name pattern to pattern. The pattern must start with a /
-p pattern Sets the per-process core file name pattern to pattern.
Pattern options for the coreadm Command
%f Executable file name
%n System node name (uname –n)
%m Machine hardware name (uname –m)
%t The time in seconds since midnight jan 1 1970
%% Literal %
# coreadm –p core.%f.%p $$ -- When executed from a users $HOME/.profile (or) .login file sets the core file name pattern for all processes run during the login session. The $$ variable is the PID of the currently running shell. The per-process core file name pattern is inherited by all child processes.
# coreadm –p $HOME/corefiles/%n.%f.%p $$ -- This command places all of the user’s core files into the corefiles subdirectory of users home directory, differentiated by the system node name.
# coreadm –g /var/core/core.%f.%p –e global -- This sets system-wide parameters that add the executable filename and PID to the name of any core file that is created.
# coreadm -- to verify that this parameter is now part of the core file configuration
# coreadm 278 5678 -- Search for the core dump file. Only the owner of a process or the superuser can query a process by using the coreadm command with a list of PIDs.