About KEDRKEDR is a framework to facilitate dynamic (runtime and post factum) analysis of Linux kernel modules including device drivers, file system modules, etc. The tools provided by the framework operate on the kernel module chosen by the user. They intercept the function calls made by the module and can dump the information about these calls to a file ("trace"), simulate low resource conditions, detect memory leaks. KEDR can be useful for the developers of kernel modules, especially as a part of the automated verification system for kernel-mode software.
Structure and FeaturesLike the dynamic analysis systems for user-mode applications and libraries (Valgrind, etc.), each analysis system based on KEDR consists at least of the following components:
- KEDR Core responsible for the instrumentation of the target module's binary code;
- one or more tool plugins (so called "payload modules") that actually collect and analyze the required data.
- Monitoring ("tracing") of function calls. While the module under analysis ("target module") is working, KEDR collects the data about the functions exported by the kernel proper or other modules that the module calls, namely arguments and return values. These data can be saved in a special file ("trace") for future analysis. This resembles what strace does for user-space applications.
- Fault simulation. KEDR makes some of the functions called by the target module return errors. This allows to check whether the target module handles such conditions correctly. Actually, KEDR just simulates the failure without calling the corresponding function at all. The scenarios (what to make fail in what conditions) can be customized by the user.
- Detecting memory leaks. KEDR tracks memory allocation and deallocation operations performed by the target module. After the module has been unloaded, KEDR prepares a report where the memory blocks that were allocated but were not freed are listed. For each such block, the call stack for the relevant allocation operation is included into the report.
Links and Additional Information
To quickly learn what KEDR is and how to use it, one may begin with Getting Started tutorial. It describes how to set up KEDR and use it to analyze Linux kernel modules, step by step.