KEDR Framework

user warning: Got error 28 from storage engine query: SELECT t.*,v.weight AS v_weight_unused FROM term_node r INNER JOIN term_data t ON r.tid = t.tid INNER JOIN vocabulary v ON t.vid = v.vid WHERE r.vid = 136 ORDER BY v.weight, t.weight, t.name in /opt/drupal-6.38/modules/taxonomy/taxonomy.module on line 640.

About KEDR

KEDR is a framework to facilitate dynamic (runtime and post factum) analysis of Linux kernel modules including device drivers, file system modules, etc. The tools provided by the framework operate on the kernel module chosen by the user. They intercept the function calls made by the module and can dump the information about these calls to a file ("trace"), simulate low resource conditions, detect memory leaks. KEDR can be useful for the developers of kernel modules, especially as a part of the automated verification system for kernel-mode software.

Structure and Features

Like the dynamic analysis systems for user-mode applications and libraries (Valgrind, etc.), each analysis system based on KEDR consists at least of the following components:
  • KEDR Core responsible for the instrumentation of the target module's binary code;
  • one or more tool plugins (so called "payload modules") that actually collect and analyze the required data.
The tools currently provided by KEDR can do the following:
  • Monitoring ("tracing") of function calls. While the module under analysis ("target module") is working, KEDR collects the data about the functions exported by the kernel proper or other modules that the module calls, namely arguments and return values. These data can be saved in a special file ("trace") for future analysis. This resembles what strace does for user-space applications.
  • Fault simulation. KEDR makes some of the functions called by the target module return errors. This allows to check whether the target module handles such conditions correctly. Actually, KEDR just simulates the failure without calling the corresponding function at all. The scenarios (what to make fail in what conditions) can be customized by the user.
  • Detecting memory leaks. KEDR tracks memory allocation and deallocation operations performed by the target module. After the module has been unloaded, KEDR prepares a report where the memory blocks that were allocated but were not freed are listed. For each such block, the call stack for the relevant allocation operation is included into the report.
Besides that, other kinds of analysis tools for kernel modules can be developed based on KEDR.

Links and Additional Information

KEDR can be downloaded from the project site at Google Code as well as from open-source project hosting site at ISPRAS.

The detailed description of KEDR is in the online documentation. In addition, Wiki also provides other helpful information concerning the framework.

To quickly learn what KEDR is and how to use it, one may begin with Getting Started tutorial. It describes how to set up KEDR and use it to analyze Linux kernel modules, step by step.