Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Linux Kernel Debugging

You're reading from   Linux Kernel Debugging Leverage proven tools and advanced techniques to effectively debug Linux kernels and kernel modules

Arrow left icon
Product type Paperback
Published in Aug 2022
Publisher Packt
ISBN-13 9781801075039
Length 638 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Kaiwan N. Billimoria Kaiwan N. Billimoria
Author Profile Icon Kaiwan N. Billimoria
Kaiwan N. Billimoria
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Part 1: A General Introduction and Approaches to Kernel Debugging
2. Chapter 1: A General Introduction to Debugging Software FREE CHAPTER 3. Chapter 2: Approaches to Kernel Debugging 4. Part 2: Kernel and Driver Debugging Tools and Techniques
5. Chapter 3: Debug via Instrumentation – printk and Friends 6. Chapter 4: Debug via Instrumentation – Kprobes 7. Chapter 5: Debugging Kernel Memory Issues – Part 1 8. Chapter 6: Debugging Kernel Memory Issues – Part 2 9. Chapter 7: Oops! Interpreting the Kernel Bug Diagnostic 10. Chapter 8: Lock Debugging 11. Part 3: Additional Kernel Debugging Tools and Techniques
12. Chapter 9: Tracing the Kernel Flow 13. Chapter 10: Kernel Panic, Lockups, and Hangs 14. Chapter 11: Using Kernel GDB (KGDB) 15. Chapter 12: A Few More Kernel Debugging Approaches 16. Other Books You May Enjoy

Trapping into the execve() API – via perf and eBPF tooling

On Linux (and UNIX), user mode applications – processes – are launched or executed via a family of so-called exec C library (glibc) APIs: execl(), execlp(), execv(), execvp(), execle(), execvpe(), and execve().

A quick couple of things to know about these seven APIs: the first six are merely glibc wrappers that transform their arguments and ultimately invoke the execve() API – it is the actual system call, the one that causes the process context to switch to kernel mode and run the kernel code corresponding to the system call. Also, FYI, execvpe() is a GNU extension (and thus practically only seen on Linux).

The point here is simply this: ultimately, pretty much all processes (and thus apps) are executed via the kernel code of execve()! Within the kernel, execve() becomes the sys_execve() function (in a bit of an indirect fashion, via the SYSCALL_DEFINE3() macro), which invokes the actual worker...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime