Linux on Samuel Matildes - Knowledge Base

How Antivirus Software Can Prevent Linux Boot: Troubleshooting Guide

Fri, 31 Oct 2025 00:00:00 +0000

Understanding Antivirus Boot Interference

Antivirus software, while crucial for system security, can sometimes interfere with the Linux boot process. This occurs when security modules become overly aggressive during system initialization, potentially causing boot failures, readonly filesystem mounts, or service startup issues.

Common Symptoms

System fails to boot completely
Filesystem mounts as readonly (ro) instead of read-write (rw)
Critical services fail to start
Boot hangs at specific points
SELinux/AppArmor policy violations during boot

Filesystem Readonly Issues

One of the most common problems occurs when antivirus software causes the root filesystem to mount readonly. This prevents the system from writing critical boot files and can halt the initialization process.

How to Enable Azure Serial Console and GRUB on Linux VMs

Tue, 14 Oct 2025 00:00:00 +0000

Azure Serial Console is invaluable when SSH or the network is unavailable. This guide shows how to configure Linux distributions to expose the GRUB menu and kernel boot logs over the VM’s serial port on Azure, fixing cases where migrated images or some distros don’t show GRUB or any serial output.

For proactive setup, follow Microsoft’s official guide: Proactive GRUB and serial console configuration for Linux on Azure. This article is intended for cases where you’re facing issues getting serial console and the GRUB menu to display and need troubleshooting-oriented configuration.

How to Troubleshoot Linux Performance — Field Playbook

Tue, 19 May 2026 00:00:00 +0000

A field-ready reference for Linux performance investigations — keep it open in a second terminal.

How to use this playbook

Linux performance problems split cleanly into two very different investigations, and picking the wrong one wastes hours:

Situation	Track	What you do
The problem is happening right now (or you can reproduce it on demand)	Track A — Live Triage	Interactive tools, sample at 1s intervals, follow the bottleneck
The problem is intermittent / random (happens overnight, once a week, only under load you can’t reproduce)	Track B — Background Collection	Arm continuous loggers before the next occurrence, then mine the logs afterwards

Rule of thumb

If you can’t reproduce it, do not keep staring at top. Stop, deploy collectors, walk away, and analyse later. Otherwise you’ll miss the event every single time.

Understanding IO Delays in Linux - Performance Testing with io-delayer

Wed, 07 Jan 2026 00:00:00 +0000

GitHub • Linux Kernel Module

Simulate and analyze IO performance degradation at multiple kernel layers to understand system bottlenecks.

Why IO Delays Matter in System Performance

Input/Output operations form the backbone of system performance, yet they represent one of the most complex and often misunderstood aspects of Linux performance engineering. When applications experience slowdowns, the root cause frequently traces back to IO delays introduced at various kernel layers.

How to Analyze Linux sosreport and supportconfig with SOSParser

Tue, 06 Jan 2026 00:00:00 +0000

GitHub • Docker Hub •

Parse, analyze, and understand Linux diagnostic reports with automated intelligence.

What is SOSParser?

SOSParser is a powerful web application designed to automatically parse and analyze Linux sosreport and supportconfig diagnostic files, converting them into comprehensive, interactive HTML reports. Created to streamline the often tedious process of manually reviewing system diagnostic data, SOSParser transforms raw diagnostic archives into structured, searchable insights that accelerate troubleshooting and system analysis.

How to Benchmark Linux with Tux Toaster

Fri, 17 Oct 2025 00:00:00 +0000

GitHub • PyPI

Benchmark smarter, not harder — with Tux Toaster.

What is Tux Toaster?

Tux Toaster is an all-in-one performance toolkit for Linux. It triggers various load tests (“toasters”) to help you evaluate the performance and stability of your system across CPU, memory, disk, and network. It offers an interactive terminal menu with multi-select support and clear, stoppable workloads.

Why Kernel Crash Dumps Are Critical for Root Cause Analysis

Tue, 14 Oct 2025 00:00:00 +0000

Postmortem Kernel Forensics with vmcore

Summary

When the Linux kernel panics, there is no userspace stack, no application logs, and often no intact filesystems. The only canonical, lossless record of the kernel’s terminal state is the crash dump (vmcore). Without vmcore, you are constrained to heuristics and guesswork; with vmcore, you can deterministically reconstruct CPU state, task scheduling, memory allocators, locks, timers, and subsystems at the exact point of failure. This is the difference between timeline narratives and hard proof.

Enabling Automatic Kernel Crash Collection with kdump

Mon, 13 Oct 2025 00:00:00 +0000

Automatic Enablement of Kernel Crash Dump Collection with kdump-enabler

This article explains how to automatically enable and configure kernel crash dump (kdump) collection on Linux systems using the kdump-enabler script. This approach works across multiple distributions and simplifies the process of preparing your system to collect crash dumps for troubleshooting and analysis.

Overview

kdump-enabler is a Bash script that automates the setup of kdump:

Installs required packages
Configures the crashkernel parameter in GRUB
Enables and starts the kdump service
Sets up SysRq for manual crash triggering
Creates backups of configuration files before changes
Supports Ubuntu, Debian, RHEL, CentOS, Fedora, openSUSE, Arch Linux, and more

Prerequisites

Root privileges (run with sudo)
systemd-based Linux distribution
GRUB bootloader
Sufficient disk space in /var/crash for crash dumps

Installation

Clone the repository and run the script:

Kernel Mode vs User Mode: Privilege Levels and System Call Execution

Tue, 14 Jan 2025 00:00:00 +0000

CPU Privilege Levels and Execution Contexts

Summary

Modern processors implement hardware-enforced privilege levels to isolate untrusted user code from critical kernel services. Linux uses two primary modes: kernel mode (ring 0, CPL 0, EL1) and user mode (ring 3, CPL 3, EL0). Kernel mode grants unrestricted access to CPU features, physical memory, I/O ports, and privileged instructions. User mode restricts access to a virtualized, isolated address space and requires kernel mediation for hardware resources. The transition between modes occurs via system calls, interrupts, and exceptions, all managed by the kernel’s interrupt and system call handlers. Understanding this separation is fundamental to security, performance optimization, and kernel debugging.

Understanding CPU Statistics in Linux (/proc/stat)

Tue, 14 Jan 2025 00:00:00 +0000

Kernel-Level CPU Time Accounting

Summary

The Linux kernel maintains precise, per-CPU time accounting across ten distinct execution contexts. These statistics, exposed via /proc/stat, represent cumulative jiffy counters (typically 1/100th or 1/1000th of a second) since system boot. Understanding these counters is essential for performance analysis, capacity planning, and diagnosing CPU contention, I/O bottlenecks, interrupt storms, and virtualization overhead.

The /proc/stat Interface

/proc/stat is a virtual file provided by the kernel’s proc filesystem. It contains system-wide statistics aggregated across all CPUs and individual per-CPU lines. The format is non-blocking and updated atomically by the kernel scheduler’s tick handler.