Debugging Linux Kernel using SystemTap Part1 - What, Purpose, Installation, Working, Hello World

-
What is SystemTap?

 SystemTap is command line utility which allows kernel developers to investigate the behavior of the kernel and user-space applications.

In order to debug or analyze kernel space, developers need to modify, compile, install and reboot. With SystemTap, you can debug the kernel without the need to rebuild and install.

What is the purpose of SystemTap?

SystemTap provides a powerful way for understanding what logic is happening and what variables and memory locations are changing. Used when there is no interactive debugger.

Main purpose of SystemTap is to trace events. Examples of events:

  • Function Entering and Exiting
  • Timer Expiring
  • Network Packet Reception
Whenever any registered events occur, SystemTap calls the user handler, which can collect and display
  • Function Parameters
  • Values of Variables
  • Contents of Memory Locations
  • etc
Installation of SystemTap:

It's better we install SystemTap from source code, as I faced a lot of issues when I issued apt-get to install systemtap.

Steps for installing SystemTap from Source Code:

1.  wget https://sourceware.org/systemtap/ftp/releases/systemtap-4.0.tar.gz
2.  tar xzvf systemtap-4.0.tar.gz
3.  cd systemtap-4.0/ &&          ./configure &&          make all;
4. sudo make install

When you install, you will get stap and staprun utility

How Stap Works?

Stap internally uses KProbes and loadable modules to dynamically add probe points and newly generated code to the running kernel.

When you run stap <script.stp>

1. Translates the .stp file into Kernel Module (C code)
2. Compiles C Code to module (.ko file)
3. Loads the module into the kernel
4. Module runs, reporting events of interest as specified by the script.
5. Information is collected and stap reports it to stdout
6. Session ends and the module is unloaded when you send CTRL-C or the module decides it is done


Hello World Stap Script


probe begin
{
    print("hello world\n")
    exit()
}

Save this file as helloworld.stp. To run : stap helloworld.stp


probe begin -> Start of the system tap session
print("hello world\n") -> prints hello world
exit() -> Exits 




Comments

Post a Comment

Popular posts from this blog

bb.utils.contains yocto

-
Image
bb.utils.contains  is most commonly used function in Yocto. grep in poky directory returned with 696 count. $ grep -nr 'bb.utils.contains' poky/ | wc -l 696 It's definition is present in 'poky/bitbake/lib/bb/utils.py' file This function returns third argument if the second argument is subset of the first argument else returns fourth argument Let's take an example to understand this. You can see from the above screenshot, when the second argument is a subset of first argument, "present" was returned, else "notpresent" was returned We can also use bb.utils.contains inside if loop. This we can use inside a recipe. if ${@bb.utils.contains('SOMEFLAG','NEWVALUE3','true','false',d)}; then     FOO = 'HELLO' fi
Read more

make config vs oldconfig vs defconfig vs menuconfig vs savedefconfig

-
Image
Building the Linux Kernel is a two-step process: Configuring the Kernel options Building the Kernel with those options. There are many methods available for configuring the kernel. make config: Text-based Configuration.  Options are prompted one after another. All options need to be answered Access to former options is not possible make menuconfig: Menu-driven user interface Allows to navigate forwards and backward directly between features Allows to load and save files with filenames different from ".config" Provides search feature It uses ncurses library for GUI. If the ncurses library is not installed, make menuconfig option fails. To install ncurses library on Ubuntu: sudo apt-get install libncurses5-dev make defconfig: Creates a ".config" file with default options from the ARCH supplied defconfig Configurations are generally stored in the directory: arch/$(ARCH)/configs $ ls arch/x86/configs/ i386_defconfi
Read more

PR, PN and PV Variable in Yocto

-
PN : Represents the name of the recipe. The name is usually extracted from the recipe file name. PR:  Represents the revision of the recipe. Default value for this revision is "r0". Subsequent revisions of the recipe conventionally will have "r1", "r2" and so on. PV:  Represents the version of the recipe. Normally extracted from the recipe file name. For example: ffmpeg_3.4.2.bb recipe. ${PN} : ffmpeg ${PV} : 3.4.2
Read more