1. |
Refresher: The Linux Architecture |
|
2 hours |
|
Introduction to the Linux architecture. We discuss the design and implementation of the Linux Kernel and its various subsystems, at a modular "black box" level, without going into the source code level. We discuss the Kernel architecture and tunable parameters that allow for performance optimization.
- Linux Kernel features
- Version differences - 2.6 through 3.17 subversions
- User-Mode and Kernel-Mode Architecture
- The Linux Task Scheduler (process manager)
- The Linux I/O Schedulers:
- Elevator/NoOp
- DeadLine
- Anticipatory
- Complete Fair Queueing (CFQ)
|
2. |
Knobs & levers: The /proc and /sys filesystems |
|
2 hours |
|
In many cases, /proc and /sys provide a plethora of information which may be useful to quickly diagnose a problem in a running kernel. Topics include:
- /proc/kallsyms and /proc/kcore
- Virtual memory information files (slabinfo, vmallocinfo, and more)
- Hardware diagnostics in /sys
- sysctl settings used for debugging in /sys/kernel and /sys/vm
|
3. |
Kernel-Level Debugging |
|
1 hours |
|
Kernel-level coding techniques offers a plethora of new debugging techniques. While this is not a full-fledged Linux Kernel course, we introduce the common concepts for a quick-and-dirty module, to allow for the injection of code into the Kernel, with specific focus on debugging.
- Why Kernel? The benefits of writing a module:
- System call interception
- Precise timing measurements
- Faking system calls - Virtualizing or stress testing
- Interfacing through proc/sys with module parameters and pseudo-files
|
4. |
Compiling for debugging |
|
2 hours |
|
The Linux kernel offers a plethora of debug options, but the really useful ones often require recompilation. We focus on the various settings, including:
- Debug Symbols and a quick recap of the kernel source
- "Kernel hacking" options
|
|
Using the kprobes mechanism (as of 2.6.9), a module can intercept access to any kernel code, logging as well as modifying its behavior. |
6. |
Tracing with ftrace and kernel events |
|
2 hours |
|
Linux's ftrace mechanism is second to none, and allows investigation of kernel code flow using a simple and effective interface. We focus on utilizing ftrace and tweaking some of its lesser known options, including tracing by events, different tracer types, and even custom tracers.
|
7. |
Post Mortem Debugging |
|
2 hours |
|
When bugs can't be intercepted in time, the kernel will often panic. We discuss how to analyze various faults in kernel space from panics and oops messages, including:
- BUG() oops and Panic macros
- Figuring out output in dmesg()
- Configuring crash dumps
- Analyze crash dumps
|
8. |
Kernel Network Debugging |
|
2 hours |
|
Simple, yet surprisingly effective techniques to debug networking (socket) code. We introduce socket level API hooking, and packet level hooking (via NetFilter).
- struct sock - The Kernel implementation of sockets
- struct sk_buff - Socket buffers
- struct proto - the implementations of TCP and UDP
- NetFilter hooks
|