linux lkm debug

Debug your Linux Kernel Module

Posted by ZedTuX 0n R00t on May 3, 2014

My project Douane include Linux Kernel Module (LKM) in order to catch/allow/deny network traffic.

You really have to becareful when developing in the Kernel space. Also debugging a kernel module is something harder than debugging an application in the user space.

Here I’m going to present the tool I’ve used, and which helped me a lot: KEDR (KErnel-mode Drivers in Runtime).

KEDR is a free and open source framework under the GPL v2 license which analyse the execution of your kernel module, and when you unload the kernel module output a report of everything found like memory leaks.

Dependencies

In order to be able to compile KEDR you need few things:

1

$ sudo apt-get install cmake linux-headers-$(uname -r)

Installation

The normal installation procedure would be the following:

1
2
3
4
5
6
7
8
9

$ cd /tmp
$ wget http://kedr.googlecode.com/files/kedr-0.4.1.tar.bz2 -O kedr.tar.bz2
$ mkdir kedr-src
$ tar jxf kedr.tar.bz2 -C kedr-src --strip-components 1
$ mkdir kedr-build/
$ cd kedr-build/
$ cmake ../kedr-src/
$ make
$ sudo make install

But the since the kernel 3.10, KEDR is no more compilable. The only way to make it working is to compile from sources on google code:

1
2
3
4
5
6
7
8

$ sudo apt-get install mercurial
$ cd /tmp
$ hg clone https://code.google.com/p/kedr/ ./kedr-src/
$ mkdir kedr-build/
$ cd kedr-build/
$ cmake ../kedr-src/
$ make
$ sudo make install

Memory leaks detection

I’m going to show you how to detect memory leaks in a LKM.

First of all you need to unload your module if it is currently loaded:

1

$ sudo rmmod mymodule

Then start KEDR:

1
2
3
4
5
6

$ sudo kedr start mymodule
Starting KEDR...
insmod /usr/local/lib/modules/3.13.0-24-generic/misc/kedr.ko target_name=mymodule
insmod /usr/local/lib/modules/3.13.0-24-generic/misc/kedr_leak_check.ko
insmod /usr/local/lib/modules/3.13.0-24-generic/misc/kedr_lc_common_mm.ko
KEDR started.

Now you can load again your module:

1

$ sudo modprobe mymodule

As of now, KEDR is looking at your module while it is running.

Then after a while, unload your module and have a look to the output:

1
2
3
4
5
6
7
8

$ sudo rmmod mymodule
$ tail /var/log/kern.log
May  3 14:25:56 zUbuntu kernel: [16059.298384] [leak_check] Target module: "mymodule", init area at ffffffffa0005000, core area at ffffffffa04ea000
May  3 14:25:56 zUbuntu kernel: [16059.298398] [leak_check] Totals:
May  3 14:25:56 zUbuntu kernel: [16059.298402] [leak_check] Allocations: 8
May  3 14:25:56 zUbuntu kernel: [16059.298406] [leak_check] Possible leaks: 0
May  3 14:25:56 zUbuntu kernel: [16059.298409] [leak_check] Unallocated frees: 0
May  3 14:25:56 zUbuntu kernel: [16059.298411] [leak_check] ======== end of LeakCheck report ========

So here 8 variable allocation performed and 0 possible leaks, meaning all is correctly freed.

ÉTIQUETTES
linux docker server rails douane my-developments command-line ruby c-2 linux-on-mac maintenance security gnome kubernetes mes-developpements ubuntu python vcs capybara contribution git apt bazaar chef cucumber debian game howto packaging testing boost debug devise elixir gtk homebrew information ssh tuxtremsplit xpath
AMIS