linux-kernel-labs.github.io/tmp/labs/kernel_modules.html at master · devzero2000/linux-kernel-labs.github.io

History

1474 lines (1322 loc) · 96.5 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

696

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

732

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

756

757

758

759

760

761

762

763

764

765

766

767

768

769

770

771

772

773

774

775

776

777

778

779

780

781

782

783

784

785

786

787

788

789

790

791

792

793

794

795

796

797

798

799

800

801

802

803

804

805

806

807

808

809

810

811

812

813

814

815

816

817

818

819

820

821

822

823

824

825

826

827

828

829

830

831

832

833

834

835

836

837

838

839

840

841

842

843

844

845

846

847

848

849

850

851

852

853

854

855

856

857

858

859

860

861

862

863

864

865

866

867

868

869

870

871

872

873

874

875

876

877

878

879

880

881

882

883

884

885

886

887

888

889

890

891

892

893

894

895

896

897

898

899

900

901

902

903

904

905

906

907

908

909

910

911

912

913

914

915

916

917

918

919

920

921

922

923

924

925

926

927

928

929

930

931

932

933

934

935

936

937

938

939

940

941

942

943

944

945

946

947

948

949

950

951

952

953

954

955

956

957

958

959

960

961

962

963

964

965

966

967

968

969

970

971

972

973

974

975

976

977

978

979

980

981

982

983

984

985

986

987

988

989

990

991

992

993

994

995

996

997

998

999

1000

<!DOCTYPE html>

<html class="no-js" lang="en" >

<head>

<title>Kernel modules — The Linux Kernel documentation</title>

var DOCUMENTATION_OPTIONS = {

URL_ROOT:'../',

VERSION:'',

LANGUAGE:'None',

COLLAPSE_INDEX:false,

FILE_SUFFIX:'.html',

HAS_SOURCE: true,

SOURCELINK_SUFFIX: '.txt'

};

</script>

</head>

<a href="../index.html" class="icon icon-home"> The Linux Kernel

</a>

4.19.0

</div>

</form>

</div>

Lectures

<ul>

<li class="toctree-l1"><a class="reference internal" href="../lectures/so2.cs.pub.ro.html">Sisteme de operare 2</a></li>

<li class="toctree-l1"><a class="reference internal" href="../lectures/intro.html">Introduction</a></li>

<li class="toctree-l1"><a class="reference internal" href="../lectures/syscalls.html">System Calls</a></li>

<li class="toctree-l1"><a class="reference internal" href="../lectures/interrupts.html">Interrupts</a></li>

<li class="toctree-l1"><a class="reference internal" href="../lectures/smp.html">Symmetric Multi-Processing</a></li>

<li class="toctree-l1"><a class="reference internal" href="../lectures/debugging.html">Debugging</a></li>

<li class="toctree-l1"><a class="reference internal" href="vm.html">Virtual Machine Setup</a></li>

</ul>

Labs

<li class="toctree-l1"><a class="reference internal" href="infrastructure.html">Infrastructure</a></li>

<li class="toctree-l1"><a class="reference internal" href="introduction.html">Introduction</a></li>

<li class="toctree-l1 current"><a class="current reference internal" href="#">Kernel modules</a><ul>

<li class="toctree-l2"><a class="reference internal" href="#lab-objectives">Lab objectives</a></li>

<li class="toctree-l2"><a class="reference internal" href="#overview">Overview</a></li>

<li class="toctree-l2"><a class="reference internal" href="#an-example-of-a-kernel-module">An example of a kernel module</a></li>

<li class="toctree-l2"><a class="reference internal" href="#compiling-kernel-modules">Compiling kernel modules</a></li>

<li class="toctree-l2"><a class="reference internal" href="#loading-unloading-a-kernel-module">Loading/unloading a kernel module</a></li>

<li class="toctree-l2"><a class="reference internal" href="#debugging">Debugging</a><ul>

<li class="toctree-l3"><a class="reference internal" href="#objdump">objdump</a></li>

<li class="toctree-l3"><a class="reference internal" href="#minicom">minicom</a></li>

<li class="toctree-l3"><a class="reference internal" href="#netconsole">netconsole</a></li>

<li class="toctree-l3"><a class="reference internal" href="#printk-debugging">Printk debugging</a></li>

<li class="toctree-l3"><a class="reference internal" href="#dynamic-debugging">Dynamic debugging</a><ul>

<li class="toctree-l4"><a class="reference internal" href="#dyndbg-options">Dyndbg Options</a></li>

</ul>

</li>

<li class="toctree-l3"><a class="reference internal" href="#kdb-kernel-debugger">KDB: Kernel debugger</a></li>

</ul>

</li>

<li class="toctree-l2"><a class="reference internal" href="#exercises">Exercises</a><ul>

<li class="toctree-l3"><a class="reference internal" href="#intro">0. Intro</a></li>

<li class="toctree-l3"><a class="reference internal" href="#kernel-module">1. Kernel module</a></li>

<li class="toctree-l3"><a class="reference internal" href="#printk">2. Printk</a></li>

<li class="toctree-l3"><a class="reference internal" href="#error">3. Error</a></li>

<li class="toctree-l3"><a class="reference internal" href="#sub-modules">4. Sub-modules</a></li>

<li class="toctree-l3"><a class="reference internal" href="#id3">5. Kernel oops</a></li>

<li class="toctree-l3"><a class="reference internal" href="#module-parameters">6. Module parameters</a></li>

</ul>

</li>

<li class="toctree-l2"><a class="reference internal" href="#extra-exercises">Extra Exercises</a><ul>

<li class="toctree-l3"><a class="reference internal" href="#ps-module">2. PS Module</a></li>

<li class="toctree-l3"><a class="reference internal" href="#memory-info">3. Memory Info</a></li>

<li class="toctree-l3"><a class="reference internal" href="#id5">4. Dynamic Debugging</a></li>

<li class="toctree-l3"><a class="reference internal" href="#dynamic-debugging-during-initialization">5. Dynamic Debugging During Initialization</a></li>

</ul>

</li>

</ul>

</li>

<li class="toctree-l1"><a class="reference internal" href="kernel_api.html">Kernel API</a></li>

<li class="toctree-l1"><a class="reference internal" href="device_drivers.html">Character device drivers</a></li>

<li class="toctree-l1"><a class="reference internal" href="interrupts.html">I/O access and Interrupts</a></li>

<li class="toctree-l1"><a class="reference internal" href="deferred_work.html">Deferred work</a></li>

<li class="toctree-l1"><a class="reference internal" href="block_device_drivers.html">Block Device Drivers</a></li>

<li class="toctree-l1"><a class="reference internal" href="filesystems_part1.html">File system drivers (Part 1)</a></li>

<li class="toctree-l1"><a class="reference internal" href="filesystems_part2.html">File system drivers (Part 2)</a></li>

<li class="toctree-l1"><a class="reference internal" href="networking.html">Networking</a></li>

<li class="toctree-l1"><a class="reference internal" href="memory_mapping.html">Memory mapping</a></li>

<li class="toctree-l1"><a class="reference internal" href="device_model.html">Linux Device Model</a></li>

</ul>

</div>

</nav>

<a href="../index.html">The Linux Kernel</a>

</nav>

<li>Kernel modules</li>

<a href="../_sources/labs/kernel_modules.rst.txt" rel="nofollow"> View page source</a>

</li>

</ul>

<hr/>

</div>

<h1>Kernel modules<a class="headerlink" href="#kernel-modules" title="Permalink to this headline">¶</a></h1>

<h2>Lab objectives<a class="headerlink" href="#lab-objectives" title="Permalink to this headline">¶</a></h2>

<li>creating simple modules</li>

<li>describing the process of kernel module compilation</li>

<li>presenting how a module can be used with a kernel</li>

<li>simple kernel debugging methods</li>

</ul>

</div>

<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h2>

A monolithic kernel, though faster than a microkernel, has the disadvantage of

lack of modularity and extensibility. On modern monolithic kernels, this has

been solved by using kernel modules. A kernel module (or loadable kernel mode)

is an object file that contains code that can extend the kernel functionality

at runtime (it is loaded as needed); When a kernel module is no longer needed,

it can be unloaded. Most of the device drivers are used in the form of kernel

modules.

For the development of Linux device drivers, it is recommended to download the

kernel sources, configure and compile them and then install the compiled version

on the test /development tool machine.

</div>

<h2>An example of a kernel module<a class="headerlink" href="#an-example-of-a-kernel-module" title="Permalink to this headline">¶</a></h2>

Below is a very simple example of a kernel module. When loading into the kernel,

it will generate the message <code class="code docutils literal">"Hi"</code>. When unloading the kernel module, the

<code class="code docutils literal">"Bye"</code> message will be generated.

<div class="highlight-c"><div class="highlight"><pre>#include <linux/kernel.h>

#include <linux/init.h>

#include <linux/module.h>

MODULE_DESCRIPTION("My kernel module");

MODULE_AUTHOR("Me");

MODULE_LICENSE("GPL");

static int dummy_init(void)

{

pr_debug("Hi\n");

return 0;

}

static void dummy_exit(void)

{

pr_debug("Bye\n");

}

module_init(dummy_init);

module_exit(dummy_exit);

</pre></div>

</div>

The generated messages will not be displayed on the console but will be saved

in a specially reserved memory area for this, from where they will be extracted

by the logging daemon (syslog). To display kernel messages, you can use the

dmesg command or inspect the logs:

<div class="highlight-bash"><div class="highlight"><pre># cat /var/log/syslog | tail -2

Feb 20 13:57:38 asgard kernel: Hi

Feb 20 13:57:43 asgard kernel: Bye

# dmesg | tail -2

Bye

</pre></div>

</div>

<h2>Compiling kernel modules<a class="headerlink" href="#compiling-kernel-modules" title="Permalink to this headline">¶</a></h2>

Compiling a kernel module differs from compiling an user program. First, other

headers should be used. Also, the module should not be linked to libraries.

And, last but not least, the module must be compiled with the same options as

the kernel in which we load the module. For these reasons, there is a standard

compilation method (<code class="code docutils literal">kbuild</code>). This method requires the use of two files:

a <code class="file docutils literal">Makefile</code> and a <code class="file docutils literal">Kbuild</code> file.

Below is an example of a <code class="file docutils literal">Makefile</code>:

<div class="highlight-bash"><div class="highlight"><pre>KDIR = /lib/modules/`uname -r`/build

kbuild:

make -C $(KDIR) M=`pwd`

clean:

make -C $(KDIR) M=`pwd` clean

</pre></div>

</div>

And the example of a <code class="file docutils literal">Kbuild</code> file used to compile a module:

<div class="highlight-bash"><div class="highlight"><pre>EXTRA_CFLAGS = -Wall -g

obj-m = modul.o

</pre></div>

</div>

As you can see, calling make on the <code class="file docutils literal">Makefile</code> file in the

example shown will result in the make invocation in the kernel

source directory (<code class="docutils literal">/lib/modules/`uname -r`/build</code>) and referring to the

current directory (<code class="docutils literal">M = `pwd`</code>). This process ultimately leads to reading

the <code class="file docutils literal">Kbuild</code> file from the current directory and compiling the module

as instructed in this file.

Note

For labs we will configure different KDIR, according to

the virtual machine specifications:

<div class="last highlight-bash"><div class="highlight"><pre>KDIR = /home/student/so2/linux

[...]

</pre></div>

</div>

A <code class="file docutils literal">Kbuild</code> file contains one or more directives for compiling a kernel

module. The easiest example of such a directive is <code class="docutils literal">obj-m =

module.o</code>. Following this directive, a kernel module (<code class="code docutils literal">ko</code> - kernel

object) will be created, starting from the <code class="docutils literal">module.o</code> file. <code class="docutils literal">module.o</code> will

be created starting from <code class="docutils literal">module.c</code> or <code class="docutils literal">module.S</code>. All of these files can

be found in the <code class="file docutils literal">Kbuild</code>’s directory.

An example of a <code class="file docutils literal">Kbuild</code> file that uses several sub-modules is shown

below:

<div class="highlight-bash"><div class="highlight"><pre>EXTRA_CFLAGS = -Wall -g

obj-m = supermodule.o

supermodule-y = module-a.o module-b.o

</pre></div>

</div>

For the example above, the steps to compile are:

<li>compile the <code class="file docutils literal">module-a.c</code> and <code class="file docutils literal">module-b.c</code> sources,

resulting in module-a.o and module-b.o objects</li>

<li><code class="file docutils literal">module-a.o</code> and <code class="file docutils literal">module-b.o</code> will then be linked

in <code class="file docutils literal">supermodule.o</code></li>

<li>from <code class="file docutils literal">supermodule.o</code> will be created <code class="file docutils literal">supermodule.ko</code>

module</li>

</ul>

</div></blockquote>

The suffix of targets in <code class="file docutils literal">Kbuild</code> determines how they are used, as

follows:

<li>M (modules) is a target for loadable kernel modules</li>

<li>Y (yes) represents a target for object files to be compiled and then

linked to a module (<code class="docutils literal">$(mode_name)-y</code>) or within the kernel (<code class="docutils literal">obj-y</code>)</li>

<li>any other target suffix will be ignored by <code class="file docutils literal">Kbuild</code> and will not be

compiled</li>

</ul>

</div></blockquote>

Note

These suffixes are used to easily configure the kernel by running the

make menuconfig command or directly editing the

<code class="file docutils literal">.config</code> file. This file sets a series of variables that are

used to determine which features are added to the kernel at build

time. For example, when adding BTRFS support with make

menuconfig, add the line <code class="code docutils literal">CONFIG_BTRFS_FS = y</code> to the

<code class="file docutils literal">.config</code> file. The BTRFS kbuild contains the line

<code class="docutils literal">obj-$(CONFIG_BTRFS_FS):= btrfs.o</code>, which becomes <code class="docutils literal">obj-y:=

btrfs.o</code>. This will compile the <code class="file docutils literal">btrfs.o</code> object and will be

linked to the kernel. Before the variable was set, the line became

<code class="docutils literal">obj:=btrfs.o</code> and so it was ignored, and the kernel was build

without BTRFS support.

</div>

For more details, see the <code class="file docutils literal">Documentation/kbuild/makefiles.txt</code> and

<code class="file docutils literal">Documentation/kbuild/modules.txt</code> files within the kernel sources.

</div>

<h2>Loading/unloading a kernel module<a class="headerlink" href="#loading-unloading-a-kernel-module" title="Permalink to this headline">¶</a></h2>

To load a kernel module, use the insmod utility. This utility

receives as a parameter the path to the <code class="file docutils literal">*.ko</code> file in which the module

was compiled and linked. Unloading the module from the kernel is done using

the rmmod command, which receives the module name as a parameter.

<div class="highlight-bash"><div class="highlight"><pre>$ insmod module.ko

$ rmmod module.ko

</pre></div>

</div>

When loading the kernel module, the routine specified as a parameter of the

<code class="docutils literal">module_init</code> macro will be executed. Similarly, when the module is unloaded

the routine specified as a parameter of the <code class="docutils literal">module_exit</code> will be executed.

A complete example of compiling and loading/unloading a kernel module is

presented below:

<div class="highlight-bash"><div class="highlight"><pre>faust:~/lab-01/modul-lin# ls

Kbuild Makefile modul.c

faust:~/lab-01/modul-lin# make

make -C /lib/modules/`uname -r`/build M=`pwd`

make[1]: Entering directory `/usr/src/linux-2.6.28.4'

LD /root/lab-01/modul-lin/built-in.o

CC [M] /root/lab-01/modul-lin/modul.o

Building modules, stage 2.

MODPOST 1 modules

CC /root/lab-01/modul-lin/modul.mod.o

LD [M] /root/lab-01/modul-lin/modul.ko

make[1]: Leaving directory `/usr/src/linux-2.6.28.4'

faust:~/lab-01/modul-lin# ls

built-in.o Kbuild Makefile modul.c Module.markers

modules.order Module.symvers modul.ko modul.mod.c

modul.mod.o modul.o

faust:~/lab-01/modul-lin# insmod modul.ko

faust:~/lab-01/modul-lin# dmesg | tail -1

faust:~/lab-01/modul-lin# rmmod modul

faust:~/lab-01/modul-lin# dmesg | tail -2

Bye

</pre></div>

</div>

Information about modules loaded into the kernel can be found using the

lsmod command or by inspecting the <code class="file docutils literal">/proc/modules</code>,

<code class="file docutils literal">/sys/module</code> directories.

</div>

<h2>Debugging<a class="headerlink" href="#debugging" title="Permalink to this headline">¶</a></h2>

Troubleshooting a kernel module is much more complicated than debugging a

regular program. First, a mistake in a kernel module can lead to blocking the

entire system. Troubleshooting is therefore much slowed down. To avoid reboot,

it is recommended to use a virtual machine (qemu, virtualbox, vmware).

When a module containing bugs is inserted into the kernel, it will eventually

generate a <a class="reference external" href="https://en.wikipedia.org/wiki/Linux_kernel_oops">kernel oops</a>.

A kernel oops is an invalid operation detected by the kernel and can only

be generated by the kernel. For a stable kernel version, it almost certainly

means that the module contains a bug. After the oops appears, the kernel will

continue to work.

Very important to the appearance of a kernel oops is saving the generated

message. As noted above, messages generated by the kernel are saved in logs and

can be displayed with the dmesg command. To make sure that no kernel

message is lost, it is recommended to insert/test the kernel directly from the

console, or periodically check the kernel messages. Noteworthy is that an oops

can occur because of a programming error, but also a because of hardware error.

If a fatal error occurs, after which the system can not return to a stable

state, a <a class="reference external" href="https://en.wikipedia.org/wiki/Linux_kernel_panic">kernel panic</a> is

generated.

Look at the kernel module below that contains a bug that generates an oops:

<div class="highlight-c"><div class="highlight"><pre>/*

* Oops generating kernel module

*/

#include <linux/kernel.h>

#include <linux/module.h>

#include <linux/init.h>

MODULE_DESCRIPTION ("Oops");

MODULE_LICENSE ("GPL");

MODULE_AUTHOR ("PSO");

#define OP_READ 0

#define OP_WRITE 1

#define OP_OOPS OP_WRITE

static int my_oops_init (void)

{

int *a;

a = (int *) 0x00001234;

#if OP_OOPS == OP_WRITE

*a = 3;

#elif OP_OOPS == OP_READ

printk (KERN_ALERT "value = %d\n", *a);

#else

#error "Unknown op for oops!"

#endif

return 0;

}

static void my_oops_exit (void)

{

}

module_init (my_oops_init);

module_exit (my_oops_exit);

</pre></div>

</div>

Inserting this module into the kernel will generate an oops:

<div class="highlight-bash"><div class="highlight"><pre>faust:~/lab-01/modul-oops# insmod oops.ko

[...]

faust:~/lab-01/modul-oops# dmesg | tail -32

BUG: unable to handle kernel paging request at 00001234

IP: [<c89d4005>] my_oops_init+0x5/0x20 [oops]

*de = 00000000

Oops: 0002 [#1] PREEMPT DEBUG_PAGEALLOC

last sysfs file: /sys/devices/virtual/net/lo/operstate

Modules linked in: oops(+) netconsole ide_cd_mod pcnet32 crc32 cdrom [last unloaded: modul]

Pid: 4157, comm: insmod Not tainted (2.6.28.4 #2) VMware Virtual Platform

EIP: 0060:[<c89d4005>] EFLAGS: 00010246 CPU: 0

EIP is at my_oops_init+0x5/0x20 [oops]

EAX: 00000000 EBX: fffffffc ECX: c89d4300 EDX: 00000001

ESI: c89d4000 EDI: 00000000 EBP: c5799e24 ESP: c5799e24

DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068

Process insmod (pid: 4157, ti=c5799000 task=c665c780 task.ti=c5799000)

Stack:

c5799f8c c010102d c72b51d8 0000000c c5799e58 c01708e4 00000124 00000000

c89d4300 c5799e58 c724f448 00000001 c89d4300 c5799e60 c0170981 c5799f8c

c014b698 00000000 00000000 c5799f78 c5799f20 00000500 c665cb00 c89d4300

Call Trace:

[<c010102d>] ? _stext+0x2d/0x170

[<c01708e4>] ? __vunmap+0xa4/0xf0

[<c0170981>] ? vfree+0x21/0x30

[<c014b698>] ? load_module+0x19b8/0x1a40

[<c035e965>] ? __mutex_unlock_slowpath+0xd5/0x140

[<c0140da6>] ? trace_hardirqs_on_caller+0x106/0x150

[<c014b7aa>] ? sys_init_module+0x8a/0x1b0

[<c0140da6>] ? trace_hardirqs_on_caller+0x106/0x150

[<c0240a08>] ? trace_hardirqs_on_thunk+0xc/0x10

[<c0103407>] ? sysenter_do_call+0x12/0x43

Code: <c7> 05 34 12 00 00 03 00 00 00 5d c3 eb 0d 90 90 90 90 90 90 90 90

EIP: [<c89d4005>] my_oops_init+0x5/0x20 [oops] SS:ESP 0068:c5799e24

---[ end trace 2981ce73ae801363 ]---

</pre></div>

</div>

Although relatively cryptic, the message provided by the kernel to the

appearance of an oops provides valuable information about the error. First line:

<div class="highlight-bash"><div class="highlight"><pre>BUG: unable to handle kernel paging request at 00001234

EIP: [<c89d4005>] my_oops_init + 0x5 / 0x20 [oops]

</pre></div>

</div>

Tells us the cause and the address of the instruction that generated the error.

In our case this is an invalid access to memory.

Next line

<div><code class="docutils literal">Oops: 0002 [# 1] PREEMPT DEBUG_PAGEALLOC</code></div></blockquote>

Tells us that it’s the first oops (#1). This is important in the context that

an oops can lead to other oopses. Usually only the first oops is relevant.

Furthermore, the oops code (<code class="docutils literal">0002</code>) provides information about the error type

(see <code class="file docutils literal">arch/x86/include/asm/traps.h</code>):

<li>Bit 0 == 0 means no page found, 1 means protection fault</li>

<li>Bit 1 == 0 means read, 1 means write</li>

<li>Bit 2 == 0 means kernel, 1 means user mode</li>

</ul>

</div></blockquote>

In this case, we have a write access that generated the oops (bit 1 is 1).

Below is a dump of the registers. It decodes the instruction pointer (<code class="docutils literal">EIP</code>)

value and notes that the bug appeared in the <code class="code docutils literal">my_oops_init</code> function with

a 5-byte offset (<code class="docutils literal">EIP: [<c89d4005>] my_oops_init+0x5</code>). The message also

shows the stack content and a backtrace of calls until then.

If an invalid read call is generated (<code class="docutils literal">#define OP_OOPS OP_READ</code>), the message

will be the same, but the oops code will differ, which would now be <code class="docutils literal">0000</code>:

<div class="highlight-bash"><div class="highlight"><pre>faust:~/lab-01/modul-oops# dmesg | tail -33

BUG: unable to handle kernel paging request at 00001234

IP: [<c89c3016>] my_oops_init+0x6/0x20 [oops]

*de = 00000000

Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC

last sysfs file: /sys/devices/virtual/net/lo/operstate

Modules linked in: oops(+) netconsole pcnet32 crc32 ide_cd_mod cdrom

Pid: 2754, comm: insmod Not tainted (2.6.28.4 #2) VMware Virtual Platform

EIP: 0060:[<c89c3016>] EFLAGS: 00010292 CPU: 0

EIP is at my_oops_init+0x6/0x20 [oops]

EAX: 00000000 EBX: fffffffc ECX: c89c3380 EDX: 00000001

ESI: c89c3010 EDI: 00000000 EBP: c57cbe24 ESP: c57cbe1c

DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068

Process insmod (pid: 2754, ti=c57cb000 task=c66ec780 task.ti=c57cb000)

Stack:

c57cbe34 00000282 c57cbf8c c010102d c57b9280 0000000c c57cbe58 c01708e4

00000124 00000000 c89c3380 c57cbe58 c5db1d38 00000001 c89c3380 c57cbe60

c0170981 c57cbf8c c014b698 00000000 00000000 c57cbf78 c57cbf20 00000580

Call Trace:

[<c010102d>] ? _stext+0x2d/0x170

[<c01708e4>] ? __vunmap+0xa4/0xf0

[<c0170981>] ? vfree+0x21/0x30

[<c014b698>] ? load_module+0x19b8/0x1a40

[<c035d083>] ? printk+0x0/0x1a

[<c035e965>] ? __mutex_unlock_slowpath+0xd5/0x140

[<c0140da6>] ? trace_hardirqs_on_caller+0x106/0x150

[<c014b7aa>] ? sys_init_module+0x8a/0x1b0

[<c0140da6>] ? trace_hardirqs_on_caller+0x106/0x150

[<c0240a08>] ? trace_hardirqs_on_thunk+0xc/0x10

[<c0103407>] ? sysenter_do_call+0x12/0x43

Code: <a1> 34 12 00 00 c7 04 24 54 30 9c c8 89 44 24 04 e8 58 a0 99 f7 31

EIP: [<c89c3016>] my_oops_init+0x6/0x20 [oops] SS:ESP 0068:c57cbe1c

---[ end trace 45eeb3d6ea8ff1ed ]---

</pre></div>

</div>

<h3>objdump<a class="headerlink" href="#objdump" title="Permalink to this headline">¶</a></h3>

Detailed information about the instruction that generated the oops can be found

using the objdump utility. Useful options to use are -d

to disassemble the code and -S for interleaving C code in assembly

language code. For efficient decoding, however, we need the address where the

kernel module was loaded. This can be found in <code class="file docutils literal">/proc/modules</code>.

Here’s an example of using objdump on the above module to identify

the instruction that generated the oops:

<div class="highlight-bash"><div class="highlight"><pre>faust:~/lab-01/modul-oops# cat /proc/modules

oops 1280 1 - Loading 0xc89d4000

netconsole 8352 0 - Live 0xc89ad000

pcnet32 33412 0 - Live 0xc895a000

ide_cd_mod 34952 0 - Live 0xc8903000

crc32 4224 1 pcnet32, Live 0xc888a000

cdrom 34848 1 ide_cd_mod, Live 0xc886d000

faust:~/lab-01/modul-oops# objdump -dS --adjust-vma=0xc89d4000 oops.ko

oops.ko: file format elf32-i386

Disassembly of section .text:

c89d4000 <init_module>:

#define OP_READ 0

#define OP_WRITE 1

#define OP_OOPS OP_WRITE

static int my_oops_init (void)

{

c89d4000: 55 push %ebp

#else

#error "Unknown op for oops!"

#endif

return 0;

}

c89d4001: 31 c0 xor %eax,%eax

#define OP_READ 0

#define OP_WRITE 1

#define OP_OOPS OP_WRITE

static int my_oops_init (void)

{

c89d4003: 89 e5 mov %esp,%ebp

int *a;

a = (int *) 0x00001234;

#if OP_OOPS == OP_WRITE

*a = 3;

c89d4005: c7 05 34 12 00 00 03 movl $0x3,0x1234

c89d400c: 00 00 00

#else

#error "Unknown op for oops!"

#endif

return 0;

}

c89d400f: 5d pop %ebp

c89d4010: c3 ret

c89d4011: eb 0d jmp c89c3020 <cleanup_module>

c89d4013: 90 nop

c89d4014: 90 nop

c89d4015: 90 nop

c89d4016: 90 nop

c89d4017: 90 nop

c89d4018: 90 nop

c89d4019: 90 nop

c89d401a: 90 nop

c89d401b: 90 nop

c89d401c: 90 nop

c89d401d: 90 nop

c89d401e: 90 nop

c89d401f: 90 nop

c89d4020 <cleanup_module>:

static void my_oops_exit (void)

{

c89d4020: 55 push %ebp

c89d4021: 89 e5 mov %esp,%ebp

}

c89d4023: 5d pop %ebp

c89d4024: c3 ret

c89d4025: 90 nop

c89d4026: 90 nop

c89d4027: 90 nop

</pre></div>

</div>

Note that the instruction that generated the oops (<code class="docutils literal">c89d4005</code> identified

earlier) is:

That is exactly what was expected - storing value 3 at 0x0001234.

The <code class="file docutils literal">/proc/modules</code> is used to find the address where a kernel module is

loaded. The --adjust-vma option allows you to display instructions

relative to <code class="docutils literal">0xc89d4000</code>. The -l option displays the number of

each line in the source code interleaved with the assembly language code.

</div>

A more simplistic way to find the code that generated an oops is to use the

addr2line utility:

<div class="highlight-bash"><div class="highlight"><pre>faust:~/lab-01/modul-oops# addr2line -e oops.o 0x5

/root/lab-01/modul-oops/oops.c:23

</pre></div>

</div>

Where <code class="docutils literal">0x5</code> is the value of the program counter (<code class="docutils literal">EIP = c89d4005</code>) that

generated the oops, minus the base address of the module (<code class="docutils literal">0xc89c4000</code>)

according to <code class="file docutils literal">/proc/modules</code>

</div>

<h3>minicom<a class="headerlink" href="#minicom" title="Permalink to this headline">¶</a></h3>

Minicom (or other equivalent utilities, eg picocom,

screen) is a utility that can be used to connect and interact with a

serial port. The serial port is the basic method for analyzing kernel messages

or interacting with an embedded system in the development phase. There are two

more common ways to connect:

<li>a serial port where the device we are going to use is <code class="file docutils literal">/dev/ttyS0</code></li>

<li>a serial USB port (FTDI) in which case the device we are going to use is

<code class="file docutils literal">/dev/ttyUSB</code>.</li>

</ul>

For the virtual machine used in the lab, the device that we need to use is

displayed after the virtual machine starts:

<div class="highlight-bash"><div class="highlight"><pre>char device redirected to /dev/pts/20 (label virtiocon0)

</pre></div>

</div>

Minicom use:

<div class="highlight-bash"><div class="highlight"><pre>#for connecting via COM1 and using a speed of 115,200 characters per second

minicom -b 115200 -D /dev/ttyS0

#For USB serial port connection

minicom -D /dev/ttyUSB0

#To connect to the serial port of the virtual machine

minicom -D /dev/pts/20

</pre></div>

</div>

<h3>netconsole<a class="headerlink" href="#netconsole" title="Permalink to this headline">¶</a></h3>

Netconsole is a utility that allows logging of kernel debugging

messages over the network. This is useful when the disk logging system does not

work or when serial ports are not available or when the terminal does not

respond to commands. Netconsole comes in the form of a kernel

module.

To work, it needs the following parameters:

<li>port, IP address, and the source interface name of the debug station</li>

<li>port, MAC address, and IP address of the machine to which the debug

messages will be sent</li>

</ul>

</div></blockquote>

These parameters can be configured when the module is inserted into the kernel,

or even while the module is inserted if it has been compiled with the

<code class="docutils literal">CONFIG_NETCONSOLE_DYNAMIC</code> option.

An example configuration when inserting netconsole kernel module is

as follows:

<div class="highlight-bash"><div class="highlight"><pre>alice:~# modprobe netconsole netconsole=6666@192.168.191.130/eth0,6000@192.168.191.1/00:50:56:c0:00:08

</pre></div>

</div>

Thus, the debug messages on the station that has the address

<code class="docutils literal">192.168.191.130</code> will be sent to the <code class="docutils literal">eth0</code> interface, having source port

<code class="docutils literal">6666</code>. The messages will be sent to <code class="docutils literal">192.168.191.1</code> with the MAC address

<code class="docutils literal">00:50:56:c0:00:08</code>, on port <code class="docutils literal">6000</code>.

Messages can be played on the destination station using netcat:

<div class="highlight-bash"><div class="highlight"><pre>bob:~ # nc -l -p 6000 -u

</pre></div>

</div>

Alternatively, the destination station can configure syslogd to

intercept these messages. More information can be found in

<code class="file docutils literal">Documentation/networking/netconsole.txt</code>.

</div>

<h3>Printk debugging<a class="headerlink" href="#printk-debugging" title="Permalink to this headline">¶</a></h3>

<code class="docutils literal">The two oldest and most useful debugging aids are Your Brain and Printf</code>.

For debugging, a primitive way is often used, but it is quite effective:

<code class="code docutils literal">printk</code> debugging. Although a debugger can also be used, it is generally

not very useful: simple bugs (uninitialized variables, memory management

problems, etc.) can be easily localized by control messages and the

kernel-decoded oop message.

For more complex bugs, even a debugger can not help us too much unless the

operating system structure is very well understood. When debugging a kernel

module, there are a lot of unknowns in the equation: multiple contexts (we have

multiple processes and threads running at a time), interruptions, virtual

memory, etc.

You can use <code class="code docutils literal">printk</code> to display kernel messages to user space. It is

similar to <code class="code docutils literal">printf</code>’s functionality; the only difference is that the

transmitted message can be prefixed with a string of <code class="code docutils literal">"<n>"</code>, where

<code class="code docutils literal">n</code> indicates the error level (loglevel) and has values between <code class="docutils literal">0</code> and

<code class="docutils literal">7</code>. Instead of <code class="code docutils literal">"<n>"</code>, the levels can also be coded by symbolic

constants:

<div class="highlight-c"><div class="highlight"><pre>KERN_EMERG - n = 0

KERN_ALERT - n = 1

KERN_CRIT - n = 2

KERN_ERR - n = 3

KERN_WARNING - n = 4

KERN_NOTICE - n = 5

KERN_INFO - n = 6

KERN_DEBUG - n = 7

</pre></div>

</div>

The definitions of all log levels are found in <code class="file docutils literal">linux/kern_levels.h</code>.

Basically, these log levels are used by the system to route messages sent to

various outputs: console, log files in <code class="file docutils literal">/var/log</code> etc.

Note

To display <code class="code docutils literal">printk</code> messages in user space, the <code class="code docutils literal">printk</code>

log level must be of higher priority than <cite>console_loglevel</cite>

variable. The default console log level can be configured from

<code class="file docutils literal">/proc/sys/kernel/printk</code>.

For instance, the command:

<div class="highlight-bash"><div class="highlight"><pre>echo 8 > /proc/sys/kernel/printk

</pre></div>

</div>

will enable all the kernel log messages to be displayed in the

console. That is, the logging level has to be strictly less than the

<code class="code docutils literal">console_loglevel</code> variable. For example, if the

<code class="code docutils literal">console_loglevel</code> has a value of <code class="docutils literal">5</code> (specific to

<code class="code docutils literal">KERN_NOTICE</code>), only messages with loglevel stricter than <code class="docutils literal">5</code>

(i.e <code class="code docutils literal">KERN_EMERG</code>, <code class="code docutils literal">KERN_ALERT</code>, <code class="code docutils literal">KERN_CRIT</code>,

<code class="code docutils literal">KERN_ERR</code>, <code class="code docutils literal">KERN_WARNING</code>) will be shown.

</div>

Console-redirected messages can be useful for quickly viewing the effect of

executing the kernel code, but they are no longer so useful if the kernel

encounters an irreparable error and the system freezes. In this case, the logs

of the system must be consulted, as they keep the information between system

restarts. These are found in <code class="file docutils literal">/var/log</code> and are text files, populated by

<code class="code docutils literal">syslogd</code> and <code class="code docutils literal">klogd</code> during the kernel run. <code class="code docutils literal">syslogd</code> and

<code class="code docutils literal">klogd</code> take the information from the virtual file system mounted in

<code class="file docutils literal">/proc</code>. In principle, with <code class="code docutils literal">syslogd</code> and <code class="code docutils literal">klogd</code> turned on,

all messages coming from the kernel will go to <code class="file docutils literal">/var/log/kern.log</code>.

A simpler version for debugging is using the <code class="file docutils literal">/var/log/debug</code> file. It

is populated only with the <code class="code docutils literal">printk</code> messages from the kernel with the

<code class="code docutils literal">KERN_DEBUG</code> log level.

Given that a production kernel (similar to the one we’re probably running with)

contains only release code, our module is among the few that send messages

prefixed with KERN_DEBUG . In this way, we can easily navigate through the

<code class="file docutils literal">/var/log/debug</code> information by finding the messages corresponding to a

debugging session for our module.

Such an example would be the following:

<div class="highlight-bash"><div class="highlight"><pre># Clear the debug file of previous information (or possibly a backup)

$ echo "New debug session" > /var/log/debug

# Run the tests

# If there is no critical error causing a panic kernel, check the output

# if a critical error occurs and the machine only responds to a restart,

restart the system and check /var/log/debug.

</pre></div>

</div>

The format of the messages must obviously contain all the information of

interest in order to detect the error, but inserting in the code <code class="code docutils literal">printk</code>

to provide detailed information can be as time-consuming as writing the code to

solve the problem. This is usually a trade-off between the completeness of the

debugging messages displayed using <code class="code docutils literal">printk</code> and the time it takes to

insert these messages into the text.

A very simple way, less time-consuming for inserting <code class="code docutils literal">printk</code> and

providing the possibility to analyze the flow of instructions for tests is the

use of the predefined constants <code class="code docutils literal">__FILE__</code>, <code class="code docutils literal">__LINE__</code> and

<code class="code docutils literal">__func__</code>:

<li><code class="docutils literal">__FILE__</code> is replaced by the compiler with the name of the source file

it is currently being compiled.</li>

<li><code class="docutils literal">__LINE__</code> is replaced by the compiler with the line number on which the

current instruction is found in the current source file.</li>

<li><code class="docutils literal">__func__</code> /<code class="docutils literal">__FUNCTION__</code> is replaced by the compiler with the name

of the function in which the current instruction is found.</li>

</ul>

</div></blockquote>

Note

<code class="code docutils literal">__FILE__</code> and <code class="code docutils literal">__LINE__</code> are part of the ANSI C specifications:

:code`__func__` is part of specification C99; <code class="code docutils literal">__FUNCTION__</code> is a GNU

:codeC extension and is not portable; However, since we write code for the

:codeLinux kernel, we can use it without any problems.

</div>

The following macrodefinition can be used in this case:

<div class="highlight-c"><div class="highlight"><pre>#define PRINT_DEBUG \

printk (KERN_DEBUG "[% s]: FUNC:% s: LINE:% d \ n", __FILE__,

__FUNCTION__, __LINE__)

</pre></div>

</div>

Then, at each point where we want to see if it is “reached” in execution,

insert PRINT_DEBUG; This is a simple and quick way, and can yield by carefully

analyzing the output.

The dmesg command is used to view the messages printed with

<code class="code docutils literal">printk</code> but not appearing on the console.

To delete all previous messages from a log file, run:

<div class="highlight-bash"><div class="highlight"><pre>cat /dev/null > /var/log/debug

</pre></div>

</div>

To delete messages displayed by the dmesg command, run:

<div class="highlight-bash"><div class="highlight"><pre>dmesg -c

</pre></div>

</div>

<h3>Dynamic debugging<a class="headerlink" href="#dynamic-debugging" title="Permalink to this headline">¶</a></h3>

Dynamic <a class="reference external" href="https://www.kernel.org/doc/html/v4.15/admin-guide/dynamic-debug-howto.html">dyndbg</a>

debugging enables dynamic debugging activation/deactivation.

Unlike <code class="code docutils literal">printk</code>, it offers more advanced <code class="code docutils literal">printk</code> options for the

messages we want to display; it is very useful for complex modules or

troubleshooting subsystems.

This significantly reduces the amount of messages displayed, leaving only

those relevant for the debug context. To enable <code class="docutils literal">dyndbg</code>, the kernel must be

compiled with the <code class="docutils literal">CONFIG_DYNAMIC_DEBUG</code> option. Once configured,

<code class="code docutils literal">pr_debug()</code>, <code class="code docutils literal">dev_dbg()</code> and <code class="code docutils literal">print_hex_dump_debug()</code>,

<code class="code docutils literal">print_hex_dump_bytes()</code> can be dynamically enabled per call.

The <code class="file docutils literal">/sys/kernel/debug/dynamic_debug/control</code> file from the debugfs (where

<code class="file docutils literal">/sys/kernel/debug</code> is the path to which debugfs was mounted) is used to

filter messages or to view existing filters.

<div class="highlight-c"><div class="highlight"><pre>mount -t debugfs none /debug

</pre></div>

</div>

<a class="reference external" href="http://opensourceforu.com/2010/10/debugging-linux-kernel-with-debugfs/">Debugfs</a>

is a simple file system, used as a kernel-space interface and

user-space interface to configure different debug options. Any debug utility

can create and use its own files /folders in debugfs.

For example, to display existing filters in <code class="docutils literal">dyndbg</code>, you will use:

<div class="highlight-bash"><div class="highlight"><pre>cat /debug/dynamic_debug/control

</pre></div>

</div>

And to enable the debug message from line <code class="docutils literal">1603</code> in the <code class="file docutils literal">svcsock.c</code> file:

<div class="highlight-bash"><div class="highlight"><pre>echo 'file svcsock.c line 1603 +p' > /debug/dynamic_debug/control

</pre></div>

</div>

The <code class="file docutils literal">/debug/dynamic_debug/control</code> file is not a regular file. It shows

the <code class="docutils literal">dyndbg</code> settings on the filters. Writing in it with an echo will change

these settings (it will not actually make a write). Be aware that the file

contains settings for <code class="docutils literal">dyndbg</code> debugging messages. Do not log in this file.

<h4>Dyndbg Options<a class="headerlink" href="#dyndbg-options" title="Permalink to this headline">¶</a></h4>

<ul>

<li><code class="docutils literal">func</code> - just the debug messages from the functions that have the same

name as the one defined in the filter.

<div class="highlight-bash"><div class="highlight"><pre>echo 'func svc_tcp_accept +p' > /debug/dynamic_debug/control

</pre></div>

</div>

</li>

<li><code class="docutils literal">file</code> - the name of the file(s) for which we want to display the debug

messages. It can be just the source name, but also the absolute path or

kernel-tree path.

<div class="highlight-bash"><div class="highlight"><pre>file svcsock.c

file kernel/freezer.c

file /usr/src/packages/BUILD/sgi-enhancednfs-1.4/default/net/sunrpc/svcsock.c

</pre></div>

</div>

</li>

<li><code class="docutils literal">module</code> - module name.

<div class="highlight-bash"><div class="highlight"><pre>Modules sunrpc

</pre></div>

</div>

</li>

<li><code class="docutils literal">format</code> - only messages whose display format contains the specified string.

<div><div class="highlight-bash"><div class="highlight"><pre>format "nfsd: SETATTR"

</pre></div>

</div>

</div></blockquote>

</li>

<li>line - the line or lines for which we want to enable debug calls.

<div class="highlight-bash"><div class="highlight"><pre># Triggers debug messages between lines 1603 and 1605 in the svcsock.c file

$ echo 'file svcsock.c line 1603-1605 +p' > /sys/kernel/debug/dynamic_debug/control

# Enables debug messages from the beginning of the file to line 1605

$ echo 'file svcsock.c line -1605 +p' > /sys/kernel/debug/dynamic_debug/control

</pre></div>

</div>

</li>

</ul>

In addition to the above options, a series of flags can be added, removed, or set

with operators <code class="docutils literal">+`, ``-</code> or <code class="docutils literal">=</code>:

<li><code class="docutils literal">p</code> activates the pr_debug() .</li>

<li><code class="docutils literal">f</code> includes the name of the function in the printed message.</li>

<li><code class="docutils literal">I</code> includes the line number in the printed message.</li>

<li><code class="docutils literal">M</code> includes the module name in the printed message.</li>

<li><code class="docutils literal">T</code> includes the thread id if it is not called from interrupt context</li>

</ul>

</div></blockquote>

</div>

<h3>KDB: Kernel debugger<a class="headerlink" href="#kdb-kernel-debugger" title="Permalink to this headline">¶</a></h3>

The kernel debugger has proven to be very useful to facilitate the development and

debugging process. One of its main advantages it the possibility to perform live debugging.

This allows us to monitor, in real time, the accesses to memory or even modify the memory

while debugging.

The debugger has been integrated in the mainline kernel starting with version 2.6.26-rci.

KDB is not a <a href="#id1">*</a>source debugger”, but for a complete analysis it can be used in parallel with

gdb and symbol files – see <a class="reference internal" href="introduction.html#gdb-intro">the GDB debugging section</a>

To use KDB, you have the following options:

<li>non-usb keyboard + VGA text console</li>

View remainder of file in raw view

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

kernel_modules.html

Latest commit

History

kernel_modules.html

File metadata and controls