Inside Linux Kernel 2'4: Networkingrelated code tracing

1
Inside Linux Kernel 2.4 Networking-related code
tracing

• 2002/8/6
• ???ltijsung_at_csie.nctu.edu.twgt
• Presented at LinuxStudy

2
Outline

• Kernel-part Startup of the networking-related
  code
• Tracing kernel thread init()
• Tracing the init_call mechanism
• Tracing techniques
• Conclusion

3
start_kernel() First Piece of Kernel C Code

• Minimum initial setup in assembly
• Hardware Entering Protected Mode, Enable Paging
• Software Set BSS and stack
• init/main.cstart_kernel () are called
• The first C function called in kernel
  initialization

4
Mission of start_kernel()

• Call some initialization routines (we omit them
  here)
• Create first process (essentially a kernel
  thread), called init()
• Then itself becomes the idle process
• Please note the __init keyword

5
Init() the kernel thread

• Major networking code initialization goes into 2
  parts
• sock_init() in do_basic_setup()
• do_initcalls()
• Pointers to initialization code of other
  subsystems
• Automatically generated at compile time
• Done in a C global object constructor-like
  way

6
Inspecting sock_init()

• Major work of sock_init
• Print the familiar message
• Linux NET4.0 for Linux 2.4
• Clear net_proto_family array
• As we can see, most initialization is not done at
  here
• Next well trace another part do_init_calls()

7
Tracing do_init_calls()

• We want to know
• What function?
• We can modify the caller and a potential callee
  to see what happens
• Result
• dmesg of our modified kernel

8
Why these functions are called?

• The __init __module_init macros do the trick
• __init macro places the code of function into
  section .text.init
• __module_init place the pointer to the code into
  section .initcall.init
• Linker-generated symbol __initcall_start and
  __initcall_end are placed at beginning/ending of
  section .initcall.init

9
Hacking do_init_calls()

• do_init_calls() calls some pointer to function in
  an array
• How to trace them (without single-stepping
  kernel)?
• grep??? May not work here
• A clever way using cross-reference of kernel
• System.map cant be used not enough
• GNU ld flag --cref -Map can do this
• Generated cross reference

10
Actions taken by kernel at booting

• At kernel startup the first code relating to
  networking is sock_init()
• Loopback device is initialized in
  partition_setup()
• Then, dummy and Ethernet devices are initialized
• TCP/IP is initialized in inet_init()
• Unix Domain Socket is initialized in
  af_unix_init()

11
__init mechanism why?

• Gather all initialization code into one section
• They can be dropped/freed after use!
• Linux kernel will free them after use, hence we
  get these kind of message while booting

12
Conclusion

• Tracing Linux is hard
• Some code are not explicitly invoked
• Hard to trace via grep, ctag or other symbolic
  tools
• We need tool aid
• Cross-reference of Linux kernel can be our friends

13
References

• http//www.skyfree.org/