Software version: avml-minimal 0.17.0
Test machine: RHEL 10.0 (8GB RAM, default minimal server installation)
The RAM acquisition from a target RHEL 10.0 does not appear to be working. Note that I am aware the current documentation clearly states that the last tested version of RHEL is 9.0. Nevertheless, I am interested in using AVML on more recent versions of RHEL.
On the test machine, the /dev/crash file is missing from the system, while the /dev/mem file is present but restricted (CONFIG_STRICT_DEVMEM enabled). Reading the /proc/kcore file appears to be allowed.
Test cases
RAM acquisition was attempted both with and without specifying a memory source.
- Case 1: Execution without a memory source
# ./avml-minimal-v0.17.0 dump.raw
Error: error: unable to read memory
caused by:
0: unable to create memory snapshot:
error: unable to create memory snapshot from source: /dev/crash
caused by:
0: unable to create memory snapshot
1: io error: unable to canonicalize path
2: No such file or directory (os error 2)
error: unable to create memory snapshot from source: /proc/kcore
caused by:
0: unable to create memory snapshot
1: write block failed: 4294967296..9126805503
error: unable to create memory snapshot from source: /dev/mem
caused by:
0: unable to create memory snapshot
1: write block failed: 1048576..3758030847
Output dump size (dump.raw in this example): 64 bytes.
The RAM is not extracted under these conditions.
- Case 2: Execution with a memory source
# ./avml-minimal-v0.17.0 --source /proc/kcore dump_kcore.raw
Error: error: unable to read memory
caused by:
0: unable to create memory snapshot from source: /proc/kcore
1: unable to create memory snapshot
2: write block failed: 4294967296..9126805503
Output dump size (dump_kcore.raw in this example): 8,436,375,647 bytes.
Despite the error message, it appears that the RAM is being extracted and the extraction is at least partially usable.
Summary
- The behavior of the software varies depending on whether or not a memory source is given.
- The memory acquisition via
/proc/kcore, the only available memory source on this system, results in an error although a (partially usable) dump is generate.
Software version: avml-minimal 0.17.0
Test machine: RHEL 10.0 (8GB RAM, default minimal server installation)
The RAM acquisition from a target RHEL 10.0 does not appear to be working. Note that I am aware the current documentation clearly states that the last tested version of RHEL is 9.0. Nevertheless, I am interested in using AVML on more recent versions of RHEL.
On the test machine, the
/dev/crashfile is missing from the system, while the/dev/memfile is present but restricted (CONFIG_STRICT_DEVMEM enabled). Reading the/proc/kcorefile appears to be allowed.Test cases
RAM acquisition was attempted both with and without specifying a memory source.
Output dump size (
dump.rawin this example): 64 bytes.The RAM is not extracted under these conditions.
Output dump size (dump_kcore.raw in this example): 8,436,375,647 bytes.
Despite the error message, it appears that the RAM is being extracted and the extraction is at least partially usable.
Summary
/proc/kcore, the only available memory source on this system, results in an error although a (partially usable) dump is generate.