10-08-2011, 01:49 PM
Ktrace: A Framework for Tracing the Linux Kernel
Many tools exist to analyze the Linux Operating System but very few of them can be used to analyze the Linux kernel. The existing tools are not fully capable of providing a picture of the kernel level activity of the system to a user - some tools are inclined towards a particular aspect of the kernel while others provide a more generic information without going into details.
We propose and implement a centralized tracing framework for the Linux kernel. The framework is based on the simple idea of giving a snapshot of the Linux kernel to the user at the occurrence of certain pre-defined kernel events. The snapshot is provided in terms of a set of kernel level variables. The key feature of the framework is that it is easily extensible - the set of pre-defined events as well as the kernel level variables can be enhanced without redesigning or modifying the existing code.
The tracing framework provides the functionality to trace the entire system or a particular process. The framework also takes care of the security issue - a user can only trace its own processes. Only the {\em superuser} has the privilege to trace any process.
Many tools exist to analyze the Linux Operating System but very few of them can be used to analyze the Linux kernel. The existing tools are not fully capable of providing a picture of the kernel level activity of the system to a user - some tools are inclined towards a particular aspect of the kernel while others provide a more generic information without going into details.
We propose and implement a centralized tracing framework for the Linux kernel. The framework is based on the simple idea of giving a snapshot of the Linux kernel to the user at the occurrence of certain pre-defined kernel events. The snapshot is provided in terms of a set of kernel level variables. The key feature of the framework is that it is easily extensible - the set of pre-defined events as well as the kernel level variables can be enhanced without redesigning or modifying the existing code.
The tracing framework provides the functionality to trace the entire system or a particular process. The framework also takes care of the security issue - a user can only trace its own processes. Only the {\em superuser} has the privilege to trace any process.