Best linux distribution to do Kernel Module programming
I want to do kernel module programming. But, all sources tell that linux distributions patch the original kernel and that module codes might not run on them. If this is true, what should i do.I tried making lfs using ubuntu but errors cropped up at almost every step. I saw somewhere that arch, gentoo, Ubuntu Server without any packages selected during the installation, slackware, susestudio etc. are vanilla distributions. So, can i use them for module programming?
Please suggest keeping in mind that i need a GUI in the distribution.
Can this be followed?
PS: I have a intel core i3 processor and will be running the distros on vmware workstation.
1 Answer 1
If you want to program kernel modules then it doesn’t matter which distribution you choose. You will need to be able to recompile the kernel from source and install a new kernel yourself. Even just for a kernel module you’ll want to be able to compile the latest kernel and develop against that, otherwise you won’t be able to get the module accepted in to mainline.
An alternative if the module is not to be released is to develop against a particular kernel version. In this instance then the choice of distribution should be chosen based on the target for the module — not the development environment.
So pick a distribution based on what you like: 1) Desktops — (GNOME, KDE, other) 2) Ease of use — (Ubuntu, Fedora, etc vs Arch, Gentoo) 3) Cutting edge vs Stable (Arch, Fedora vs Ubuntu vs Debian, Red Hat, CentOS)
Then head off to kernelbewbies to learn a bit about getting started with kernel programming (where to get the source, how to compile it). Then read Greg Kroah-Hartman’s excellent book on linux device drivers. The interfaces will have changed (it’s written about version 2.6 of the kernel and version 3.6 is currently being worked on). It can be found online here
You’ll also want to learn how to use git. And more importantly how to use git to generate a patch and email it without messing it up! I don’t have a website for this but a bit of googling will help.
Источник
Linux Kernel Programming Book for 3.x versions [closed]
Want to improve this question? Update the question so it’s on-topic for Stack Overflow.
Closed 6 years ago .
I’m Trying to develop linux kernel module for my own server. I have a Ubuntu with linux kernel 3.4, but I can’t find any books or tutorials for developing modules on 3.x versions, all tutorials and books are for 2.x versions.
And the most part of code not compiling on 3.4 version, specially kernel threads parts.
Do you know anything that would be useful to understand 3.x module development ?
2 Answers 2
There is not much difference between 2.6.32+ and 3.x in the basics how the kernel works. But yes, function names and APIs change from time to time. This is why books are already old once they are released. This is why I can recommend http://kernelnewbies.org/.
Similar questions have been answered already:
The best documentation is the Linux kernel source itself as it changes so quickly. There are a lot of comments in the code and you should really check out the «Documentation» directory.
Wouldn’t it be a good exercise to port the examples to more recent versions?
Very important is a list of changes to keep up with the mainline development: http://kernelnewbies.org/LinuxVersions
If they change the API, they also document the transition. Look at drivers doing similar things to what you want to achieve. How do they work? How did they react on API changes? .
Subscribe to the related Linux kernel mailing lists and ask there for help for bigger issues from the active kernel developers.
Источник
Is there a way to figure out what is using a Linux kernel module?
If I load a kernel module and list the loaded modules with lsmod , I can get the «use count» of the module (number of other modules with a reference to the module). Is there a way to figure out what is using a module, though?
The issue is that a module I am developing insists its use count is 1 and thus I cannot use rmmod to unload it, but its «by» column is empty. This means that every time I want to re-compile and re-load the module, I have to reboot the machine (or, at least, I can’t figure out any other way to unload it).
7 Answers 7
Actually, there seems to be a way to list processes that claim a module/driver — however, I haven’t seen it advertised (outside of Linux kernel documentation), so I’ll jot down my notes here:
First of all, many thanks for @haggai_e’s answer; the pointer to the functions try_module_get and try_module_put as those responsible for managing the use count (refcount) was the key that allowed me to track down the procedure.
Looking further for this online, I somehow stumbled upon the post Linux-Kernel Archive: [PATCH 1/2] tracing: Reduce overhead of module tracepoints; which finally pointed to a facility present in the kernel, known as (I guess) «tracing»; the documentation for this is in the directory Documentation/trace — Linux kernel source tree. In particular, two files explain the tracing facility, events.txt and ftrace.txt.
But, there is also a short «tracing mini-HOWTO» on a running Linux system in /sys/kernel/debug/tracing/README (see also I’m really really tired of people saying that there’s no documentation…); note that in the kernel source tree, this file is actually generated by the file kernel/trace/trace.c. I’ve tested this on Ubuntu natty , and note that since /sys is owned by root, you have to use sudo to read this file, as in sudo cat or
. and that goes for pretty much all other operations under /sys which will be described here.
First of all, here is a simple minimal module/driver code (which I put together from the referred resources), which simply creates a /proc/testmod-sample file node, which returns the string «This is testmod.» when it is being read; this is testmod.c :
This module can be built with the following Makefile (just have it placed in the same directory as testmod.c , and then run make in that same directory):
When this module/driver is built, the output is a kernel object file, testmod.ko .
At this point, we can prepare the event tracing related to try_module_get and try_module_put ; those are in /sys/kernel/debug/tracing/events/module :
Note that on my system, tracing is by default enabled:
. however, the module tracing (specifically) is not:
Now, we should first make a filter, that will react on the module_get , module_put etc events, but only for the testmod module. To do that, we should first check the format of the event:
Here we can see that there is a field called name , which holds the driver name, which we can filter against. To create a filter, we simply echo the filter string into the corresponding file:
Here, first note that since we have to call sudo , we have to wrap the whole echo redirection as an argument command of a sudo -ed bash . Second, note that since we wrote to the «parent» module/filter , not the specific events (which would be module/module_put/filter etc), this filter will be applied to all events listed as «children» of module directory.
Finally, we enable tracing for module:
From this point on, we can read the trace log file; for me, reading the blocking, «piped» version of the trace file worked — like this:
At this point, we will not see anything in the log — so it is time to load (and utilize, and remove) the driver (in a different terminal from where trace_pipe is being read):
If we go back to the terminal where trace_pipe is being read, we should see something like:
That is pretty much all we will obtain for our testmod driver — the refcount changes only when the driver is loaded ( insmod ) or unloaded ( rmmod ), not when we do a read through cat . So we can simply interrupt the read from trace_pipe with CTRL + C in that terminal; and to stop the tracing altogether:
Here, note that most examples refer to reading the file /sys/kernel/debug/tracing/trace instead of trace_pipe as here. However, one problem is that this file is not meant to be «piped» (so you shouldn’t run a tail -f on this trace file); but instead you should re-read the trace after each operation. After the first insmod , we would obtain the same output from cat -ing both trace and trace_pipe ; however, after the rmmod , reading the trace file would give:
. that is: at this point, the insmod had already been exited for long, and so it doesn’t exist anymore in the process list — and therefore cannot be found via the recorded process ID (PID) at the time — thus we get a blank as process name. Therefore, it is better to log (via tee ) a running output from trace_pipe in this case. Also, note that in order to clear/reset/erase the trace file, one simply writes a 0 to it:
If this seems counterintuitive, note that trace is a special file, and will always report a file size of zero anyways:
. even if it is «full».
Finally, note that if we didn’t implement a filter, we would have obtained a log of all module calls on the running system — which would log any call (also background) to grep and such, as those use the binfmt_misc module:
. which adds quite a bit of overhead (in both log data ammount, and processing time required to generate it).
While looking this up, I stumbled upon Debugging Linux Kernel by Ftrace PDF, which refers to a tool trace-cmd, which pretty much does the similar as above — but through an easier command line interface. There is also a «front-end reader» GUI for trace-cmd called KernelShark; both of these are also in Debian/Ubuntu repositories via sudo apt-get install trace-cmd kernelshark . These tools could be an alternative to the procedure described above.
Finally, I’d just note that, while the above testmod example doesn’t really show use in context of multiple claims, I have used the same tracing procedure to discover that an USB module I’m coding, was repeatedly claimed by pulseaudio as soon as the USB device was plugged in — so the procedure seems to work for such use cases.
Источник
Learning Kernel Programming [closed]
Want to improve this question? Update the question so it’s on-topic for Stack Overflow.
Closed 6 years ago .
I want to learn lLinux Kernel programming.
What would be the starting points for that? What could be some of the simpler problems to target?
7 Answers 7
Recommended Books for the Uninitialized void *i
«Men do not understand books until they have a certain amount of life, or at any rate no man understands a deep book, until he has seen and lived at least part of its contents». –Ezra Pound
A journey of a thousand code-miles must begin with a single step. If you are in confusion about which of the following books to start with, don’t worry, pick any one of your choice. Not all those who wander are lost. As all roads ultimately connect to highway, you will explore new things in your kernel journey as the pages progress without meeting any dead ends, and ultimately connect to the code-set . Read with alert mind and remember: Code is not Literature.
What is left is not a thing or an emotion or an image or a mental picture or a memory or even an idea. It is a function. A process of some sort. An aspect of Life that could be described as a function of something «larger». And therefore, it appears that it is not really «separate» from that something else. Like the function of a knife — cutting something — is not, in fact, separate from the knife itself. The function may or may not be in use at the moment, but it is potentially NEVER separate.
Read not to contradict and confute; nor to believe and take for granted; nor to find talk and discourse; but to weigh and consider. Some books are to be tasted, others to be swallowed, and some few to be chewed and digested: that is, some books are to be read only in parts, others to be read, but not curiously, and some few to be read wholly, and with diligence and attention.
Core Linux ( 5 -> 1 -> 3 -> 2 -> 7 -> 4 -> 6 )
“Nature has neither kernel nor shell; she is everything at once” — Johann Wolfgang von Goethe
Reader should be well versed with operating system concepts; a fair understanding of long running processes and its differences with processes with short bursts of execution; fault tolerance while meeting soft and hard real time constraints. While reading, it’s important to understand and n/ack the design choices made by the linux kernel source in the core subsystems.
Threads [and] signals [are] a platform-dependent trail of misery, despair, horror and madness (
Anthony Baxte). That being said you should be a self-evaluating C expert, before diving into the kernel. You should also have good experience with Linked Lists, Stacks, Queues, Red Blacks Trees, Hash Functions, et al.
The beauty and art of the Linux Kernel source lies in the deliberate code obfuscation used along. This is often necessitated as to convey the computational meaning involving two or more operations in a clean and elegant way. This is especially true when writing code for multi-core architecture.
Linux Device Drivers ( 1 -> 2 -> 4 -> 3 -> 8 -> . )
«Music does not carry you along. You have to carry it along strictly by your ability to really just focus on that little small kernel of emotion or story». — Debbie Harry
Your task is basically to establish a high speed communication interface between the hardware device and the software kernel. You should read the hardware reference datasheet/manual to understand the behavior of the device and it’s control and data states and provided physical channels. Knowledge of Assembly for your particular architecture and a fair knowledge of VLSI Hardware Description Languages like VHDL or Verilog will help you in the long run.
Q: But, why do I have to read the hardware specs?
A: Because, «There is a chasm of carbon and silicon the software can’t bridge» — Rahul Sonnad
However, the above doesn’t poses a problem for Computational Algorithms (Driver code — bottom-half processing), as it can be fully simulated on a Universal Turing Machine. If the computed result holds true in the mathematical domain, it’s a certainty that it is also true in the physical domain.
Kernel Networking ( 1 -> 2 -> 3 -> . )
“Call it a clan, call it a network, call it a tribe, call it a family: Whatever you call it, whoever you are, you need one.” — Jane Howard
Understanding a packet walk-through in the kernel is a key to understanding kernel networking. Understanding it is a must if we want to understand Netfilter or IPSec internals, and more. The two most important structures of linux kernel network layer are: struct sk_buff and struct net_device
Kernel Debugging ( 1 -> 4 -> 9 -> . )
Unless in communicating with it one says exactly what one means, trouble is bound to result.
Alan Turing, about computers
Brian W. Kernighan, in the paper Unix for Beginners (1979) said, «The most effective debugging tool is still careful thought, coupled with judiciously placed print statements». Knowing what to collect will help you to get the right data quickly for a fast diagnosis. The great computer scientist Edsger Dijkstra once said that testing can demonstrate the presence of bugs but not their absence. Good investigation practices should balance the need to solve problems quickly, the need to build your skills, and the effective use of subject matter experts.
There are times when you hit rock-bottom, nothing seems to work and you run out of all your options. Its then that the real debugging begins. A bug may provide the break you need to disengage from a fixation on the ineffective solution.
File Systems ( 1 -> 2 -> 6 -> . )
«I wanted to have virtual memory, at least as it’s coupled with file systems». — Ken Thompson
On a UNIX system, everything is a file; if something is not a file, it is a process, except for named pipes and sockets. In a file system, a file is represented by an inode , a kind of serial number containing information about the actual data that makes up the file. The Linux Virtual File System VFS caches information in memory from each file system as it is mounted and used. A lot of care must be taken to update the file system correctly as data within these caches is modified as files and directories are created, written to and deleted. The most important of these caches is the Buffer Cache, which is integrated into the way that the individual file systems access their underlying block storage devices.
Security ( 1 -> 2 -> 8 -> 4 -> 3 -> . )
«UNIX was not designed to stop its users from doing stupid things, as that would also stop them from doing clever things». — Doug Gwyn
No technique works if it isn’t used. Ethics change with technology.
«F × S = k» the product of freedom and security is a constant. — Niven’s Laws
Cryptography forms the basis of trust online. Hacking is exploiting security controls either in a technical, physical or a human-based element. Protecting the kernel from other running programs is a first step toward a secure and stable system, but this is obviously not enough: some degree of protection must exist between different user-land applications as well. Exploits can target local or remote services.
“You can’t hack your destiny, brute force. you need a back door, a side channel into Life.» ― Clyde Dsouza
Computers do not solve problems, they execute solutions. Behind every non-deterministic algorithmic code, there is a determined mind. — /var/log/dmesg
Kernel Source ( 0.11 -> 2.4 -> 2.6 -> 3.18 )
«Like wine, the mastery of kernel programming matures with time. But, unlike wine, it gets sweeter in the process». —Lawrence Mucheka
You might not think that programmers are artists, but programming is an extremely creative profession. It’s logic-based creativity. Computer science education cannot make anybody an expert programmer any more than studying brushes and pigment can make somebody an expert painter. As you already know, there is a difference between knowing the path and walking the path; it is of utmost importance to roll up your sleeves and get your hands dirty with kernel source code. Finally, with your thus gained kernel knowledge, wherever you go, you will shine.
Immature coders imitate; mature coders steal; bad coders deface what they take, and good coders make it into something better, or at least something different. The good coder welds his theft into a whole of feeling which is unique, utterly different from that from which it was torn.
- Beginner’s start with Linux 0.11 source (less than 20,000 lines of source code). After 20 years of development, compared with Linux 0.11, Linux has become very huge, complex, and difficult to learn. But the design concept and main structure have no fundamental changes. Learning Linux 0.11 still has important practical significance.
- Mandatory Reading for Kernel Hackers => Linux_source_dir/Documentation/*
- You should be subscribed and active on at-least one kernel mailing list. Start with kernel newbies.
- You do not need to read the full source code. Once you are familiar with the kernel API’s and its usage, directly start with the source code of the sub-system you are interested in. You can also start with writing your own plug-n-play modules to experiment with the kernel.
- Device Driver writers would benefit by having their own dedicated hardware. Start with Raspberry Pi.
Источник
