The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License, version 3.0.
@@ -394,18 +396,18 @@ If you publish or distribute this book commercially, donations, royalties, and/oThe Linux Kernel Module Programming Guide was originally written for the 2.2 kernels by Ori Pomerantz. Eventually, Ori no longer had time to maintain the document. After all, the Linux kernel is a fast moving target. Peter Jay Salzman took over maintenance and updated it for the 2.4 kernels. Eventually, Peter no longer had time to follow developments with the 2.6 kernel, so Michael Burian became a co-maintainer to update the document for the 2.6 kernels. Bob Mottram updated the examples for 3.8 and later kernels, added the sysfs chapter and modified or updated other chapters.
The Linux kernel is a moving target. There has always been a question whether the LKMPG should remove deprecated information or keep it around for historical sake. Michael Burian and I decided to create a new branch of the LKMPG for each new stable kernel version. So version LKMPG 4.9.x will address Linux kernel 4.9.x and LKMPG 2.6.x will address Linux kernel 2.6. No attempt will be made to archive historical information; a person wishing this information should read the appropriately versioned LKMPG.
@@ -416,18 +418,18 @@ The source code and discussions should apply to most architectures, but I can'tThe following people have contributed corrections or good suggestions: Ignacio Martin, David Porter, Daniele Paolo Scarpazza, Dimo Velev, Francois Audeon, Horst Schirmeier, Bob Mottram and Roman Lakeev.
So, you want to write a kernel module. You know C, you've written a few normal programs to run as processes, and now you want to get to where the real action is, to where a single wild pointer can wipe out your file system and a core dump means a reboot.
@@ -438,9 +440,9 @@ What exactly is a kernel module? Modules are pieces of code that can be loaded aLinux distros provide the commands modprobe, insmod and depmod within a package.
@@ -450,8 +452,8 @@ On Debian:sudo apt-get install build-essential kmod -+
sudo apt-get install build-essential kmod
+@@ -459,22 +461,22 @@ On Parabola:
sudo pacman -S gcc kmod -+
sudo pacman -S gcc kmod
+To discover what modules are already loaded within your current kernel use the command lsmod.
sudo lsmod -+
sudo lsmod
+@@ -482,8 +484,8 @@ Modules are stored within the file /proc/modules, so you can also see them with:
sudo cat /proc/modules -+
sudo cat /proc/modules
+@@ -491,39 +493,39 @@ This can be a long list, and you might prefer to search for something particular
sudo lsmod | grep fat -+
sudo lsmod | grep fat
+For the purposes of following this guide you don't necessarily need to do that. However, it would be wise to run the examples within a test distro running on a virtual machine in order to avoid any possibility of messing up your system.
Before we delve into code, there are a few issues we need to cover. Everyone's system is different and everyone has their own groove. Getting your first "hello world" program to compile and load correctly can sometimes be a trick. Rest assured, after you get over the initial hurdle of doing it for the first time, it will be smooth sailing thereafter.
A module compiled for one kernel won't load if you boot a different kernel unless you enable CONFIG_MODVERSIONS in the kernel. We won't go into module versioning until later in this guide. Until we cover modversions, the examples in the guide may not work if you're running a kernel with modversioning turned on. However, most stock Linux distro kernels come with it turned on. If you're having trouble loading the modules because of versioning errors, compile a kernel with modversioning turned off.
It is highly recommended that you type in, compile and load all the examples this guide discusses. It's also highly recommended you do this from a console. You should not be working on this stuff in X.
@@ -537,16 +539,16 @@ Modules can't print to the screen like printf() can, but they can log informatioBefore you can build anything you'll need to install the header files for your kernel. On Parabola GNU/Linux:
sudo pacman -S linux-libre-headers -+
sudo pacman -S linux-libre-headers
+@@ -554,9 +556,9 @@ On Debian:
sudo apt-get update ++sudo apt-get update apt-cache search linux-headers-$(uname -r) -
@@ -564,22 +566,22 @@ This will tell you what kernel header files are available. Then for example:
sudo apt-get install kmod linux-headers-4.9.11-1-amd64 -+
sudo apt-get install kmod linux-headers-4.9.11-1-amd64
+All the examples from this document are available within the examples subdirectory. To test that they compile:
cd examples ++cd examples make -
@@ -587,13 +589,13 @@ If there are any compile errors then you might have a more recent kernel version
Most people learning programming start out with some sort of "hello world" example. I don't know what happens to people who break with this tradition, but I think it's safer not to find out. We'll start with a series of hello world programs that demonstrate the different aspects of the basics of writing a kernel module.
@@ -607,9 +609,9 @@ Make a test directory:mkdir -p ~/develop/kernel/hello-1 ++mkdir -p ~/develop/kernel/hello-1 cd ~/develop/kernel/hello-1 -
@@ -617,7 +619,7 @@ Paste this into you favourite editor and save it as hello-1.c:
/* ++/* * hello-1.c - The simplest kernel module. */ #include <linux/module.h> /* Needed by all modules */ @@ -637,7 +639,7 @@ Paste this into you favourite editor and save it as hello-1.c: { printk(KERN_INFO "Goodbye world 1.\n"); } -
@@ -645,14 +647,14 @@ Now you'll need a Makefile. If you copy and paste this change the indentation to
obj-m += hello-1.o ++obj-m += hello-1.o all: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules clean: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean -
@@ -660,8 +662,8 @@ And finally just:
make -+
make
+@@ -669,8 +671,8 @@ If all goes smoothly you should then find that you have a compiled hello-1.ko
sudo modinfo hello-1.ko -+
sudo modinfo hello-1.ko
+@@ -678,8 +680,8 @@ At this point the command:
sudo lsmod | grep hello -+
sudo lsmod | grep hello
+@@ -687,8 +689,8 @@ should return nothing. You can try loading your shiny new module with:
sudo insmod hello-1.ko -+
sudo insmod hello-1.ko
+@@ -696,8 +698,8 @@ The dash character will get converted to an underscore, so when you again try:
sudo lsmod | grep hello -+
sudo lsmod | grep hello
+@@ -705,8 +707,8 @@ you should now see your loaded module. It can be removed again with:
sudo rmmod hello_1 -+
sudo rmmod hello_1
+@@ -714,8 +716,8 @@ Notice that the dash was replaced by an underscore. To see what just happened in
journalctl --since "1 hour ago" | grep kernel
-
+journalctl --since "1 hour ago" | grep kernel
+@@ -737,8 +739,8 @@ Lastly, every kernel module needs to include linux/module.h. We needed to includ
Despite what you might think, printk() was not meant to communicate information to the user, even though we used it for exactly this purpose in hello-1! It happens to be a logging mechanism for the kernel, and is used to log information or give warnings. Therefore, each printk() statement comes with a priority, which is the <1> and KERN_ALERT you see. There are 8 priorities and the kernel has macros for them, so you don't have to use cryptic numbers, and you can view them (and their meanings) in linux/kernel.h. If you don't specify a priority level, the default priority, DEFAULT_MESSAGE_LOGLEVEL, will be used.
@@ -753,8 +755,8 @@ If the priority is less than int console_loglevel, the message is printed on youKernel modules need to be compiled a bit differently from regular userspace apps. Former kernel versions required us to care much about these settings, which are usually stored in Makefiles. Although hierarchically organized, many redundant settings accumulated in sublevel Makefiles and made them large and rather difficult to maintain. Fortunately, there is a new way of doing these things, called kbuild, and the build process for external loadable modules is now fully integrated into the standard kernel build mechanism. To learn more on how to compile modules which are not part of the official kernel (such as all the examples you'll find in this guide), see file linux/Documentation/kbuild/modules.txt.
@@ -773,15 +775,15 @@ Here's another exercise for the reader. See that comment above the return statemIn early kernel versions you had to use the init_module and cleanup_module functions, as in the first hello world example, but these days you can name those anything you want by using the module_init and module_exit macros. These macros are defined in linux/init.h. The only requirement is that your init and cleanup functions must be defined before calling the those macros, otherwise you'll get compilation errors. Here's an example of this technique:
/* ++/* * hello-2.c - Demonstrating the module_init() and module_exit() macros. * This is preferred over using init_module() and cleanup_module(). */ @@ -802,7 +804,7 @@ In early kernel versions you had to use the init_module and cleanup_mo module_init(hello_2_init); module_exit(hello_2_exit); -
@@ -810,7 +812,7 @@ So now we have two real kernel modules under our belt. Adding another module is
obj-m += hello-1.o ++obj-m += hello-1.o obj-m += hello-2.o all: @@ -818,7 +820,7 @@ So now we have two real kernel modules under our belt. Adding another module is clean: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean -
@@ -827,9 +829,9 @@ Now have a look at linux/drivers/char/Makefile for a real world example. As you
This demonstrates a feature of kernel 2.2 and later. Notice the change in the definitions of the init and cleanup functions. The __init macro causes the init function to be discarded and its memory freed once the init function finishes for built-in drivers, but not loadable modules. If you think about when the init function is invoked, this makes perfect sense.
@@ -847,7 +849,7 @@ These macros are defined in linux/init.h and serve to free up kernel memo/* ++/* * hello-3.c - Illustrating the __init, __initdata and __exit macros. */ #include <linux/module.h> /* Needed by all modules */ @@ -869,24 +871,24 @@ These macros are defined in linux/init.h and serve to free up kernel memo module_init(hello_3_init); module_exit(hello_3_exit); -
Honestly, who loads or even cares about proprietary modules? If you do then you might have seen something like this:
# insmod xxxxxx.o ++# insmod xxxxxx.o Warning: loading xxxxxx.ko will taint the kernel: no license See http://www.tux.org/lkml/#export-tainted for information about tainted modules Module xxxxxx loaded, with warnings -
@@ -898,7 +900,7 @@ To reference what license you're using a macro is available called MODULE_LIC
/* ++/* * hello-4.c - Demonstrates module documentation. */ #include <linux/module.h> /* Needed by all modules */ @@ -923,14 +925,14 @@ MODULE_SUPPORTED_DEVICE("testdevice"); module_init(init_hello_4); module_exit(cleanup_hello_4); -
Modules can take command line arguments, but not with the argc/argv you might be used to.
@@ -944,9 +946,9 @@ The module_param() macro takes 3 arguments: the name of the variable, its type aint myint = 3; ++int myint = 3; module_param(myint, int, 0); -
@@ -954,13 +956,13 @@ Arrays are supported too, but things are a bit different now than they were in t
int myintarray[2]; ++int myintarray[2]; module_param_array(myintarray, int, NULL, 0); /* not interested in count */ short myshortarray[4]; int count; module_parm_array(myshortarray, short, &count, 0); /* put count into "count" variable */ -
@@ -972,7 +974,7 @@ Lastly, there's a macro function, MODULE_PARM_DESC(), that is used to doc
/* +/* * hello-5.c - Demonstrates command line argument passing to a module. */ #include <linux/module.h> @@ -1042,7 +1044,7 @@ MODULE_PARM_DESC(myintArray, "An array of integers" +
@@ -1050,7 +1052,7 @@ I would recommend playing around with this code:
# sudo insmod hello-5.ko mystring="bebop" mybyte=255 myintArray=-1 ++# sudo insmod hello-5.ko mystring="bebop" mybyte=255 myintArray=-1 mybyte is an 8 bit integer: 255 myshort is a short integer: 1 myint is an integer: 20 @@ -1075,14 +1077,14 @@ Goodbye, world 5 # sudo insmod hello-5.ko mylong=hello hello-5.o: invalid argument syntax for mylong: 'h' -
Sometimes it makes sense to divide a kernel module between several source files.
@@ -1092,7 +1094,7 @@ Here's an example of such a kernel module./* ++/* * start.c - Illustration of multi filed modules */ @@ -1104,7 +1106,7 @@ Here's an example of such a kernel module. printk(KERN_INFO "Hello, world - this is the kernel speaking\n"); return 0; } -
@@ -1112,7 +1114,7 @@ The next file:
/* ++/* * stop.c - Illustration of multi filed modules */ @@ -1123,7 +1125,7 @@ The next file: { printk(KERN_INFO "Short is the life of a kernel module\n"); } -
@@ -1131,7 +1133,7 @@ And finally, the makefile:
obj-m += hello-1.o ++obj-m += hello-1.o obj-m += hello-2.o obj-m += hello-3.o obj-m += hello-4.o @@ -1144,7 +1146,7 @@ And finally, the makefile: clean: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean -
@@ -1153,9 +1155,9 @@ This is the complete makefile for all the examples we've seen so far. The first
Obviously, we strongly suggest you to recompile your kernel, so that you can enable a number of useful debugging features, such as forced module unloading (MODULE_FORCE_UNLOAD): when this option is enabled, you can force the kernel to unload a module even when it believes it is unsafe, via a sudo rmmod -f module command. This option can save you a lot of time and a number of reboots during the development of a module. If you don't want to recompile your kernel then you should consider running the examples within a test distro on a virtual machine. If you mess anything up then you can easily reboot or restore the VM.
@@ -1169,8 +1171,8 @@ Now, if you just install a kernel source tree, use it to compile your kernel modinsmod: error inserting 'poet_atkm.ko': -1 Invalid module format -+
insmod: error inserting 'poet_atkm.ko': -1 Invalid module format
+@@ -1178,9 +1180,9 @@ Less cryptical information are logged to the systemd journal:
Jun 4 22:07:54 localhost kernel: poet_atkm: version magic '2.6.5-1.358custom 686 ++Jun 4 22:07:54 localhost kernel: poet_atkm: version magic '2.6.5-1.358custom 686 REGPARM 4KSTACKS gcc-3.3' should be '2.6.5-1.358 686 REGPARM 4KSTACKS gcc-3.3' -
@@ -1188,13 +1190,13 @@ In other words, your kernel refuses to accept your module because version string
# sudo modinfo hello-4.ko ++# sudo modinfo hello-4.ko license: GPL author: Bob Mottram <bob@freedombone.net> description: A sample driver vermagic: 4.9.11-1.358 amd64 REGPARM 4KSTACKS gcc-4.9.2 depends: -
@@ -1210,11 +1212,11 @@ Let's focus again on the previous error message: a closer look at the version ma
VERSION = 4 ++VERSION = 4 PATCHLEVEL = 7 SUBLEVEL = 4 EXTRAVERSION = -1.358custom -
@@ -1226,7 +1228,7 @@ Now, please run make to update configuration and version headers and objects:
# make ++# make CHK include/linux/version.h UPD include/linux/version.h SYMLINK include/asm -> include/asm-i386 @@ -1237,7 +1239,7 @@ HOSTCC scripts/basic/docproc HOSTCC scripts/conmakehash HOSTCC scripts/kallsyms CC scripts/empty.o -
@@ -1247,13 +1249,13 @@ If you do not desire to actually compile the kernel, you can interrupt the build
A program usually begins with a main() function, executes a bunch of instructions and terminates upon completion of those instructions. Kernel modules work a bit differently. A module always begin with either the init_module or the function you specify with module_init call. This is the entry function for modules; it tells the kernel what functionality the module provides and sets up the kernel to run the module's functions when they're needed. Once it does this, entry function returns and the module does nothing until the kernel wants to do something with the code that the module provides.
@@ -1268,9 +1270,9 @@ Every module must have an entry function and an exit function. Since there's morProgrammers use functions they don't define all the time. A prime example of this is printf(). You use these library functions which are provided by the standard C library, libc. The definitions for these functions don't actually enter your program until the linking stage, which insures that the code (for printf() for example) is available, and fixes the call instruction to point to that code.
@@ -1288,14 +1290,14 @@ Would you like to see what system calls are made by printf()? It's easy! Compile#include <stdio.h> ++#include <stdio.h> int main(void) { printf("hello"); return 0; } -
@@ -1308,9 +1310,9 @@ You can even write modules to replace the kernel's system calls, which we'll do
A kernel is all about access to resources, whether the resource in question happens to be a video card, a hard drive or even memory. Programs often compete for the same resource. As I just saved this document, updatedb started updating the locate database. My vim session and updatedb are both using the hard drive concurrently. The kernel needs to keep things orderly, and not give users access to resources whenever they feel like it. To this end, a CPU can run in different modes. Each mode gives a different level of freedom to do what you want on the system. The Intel 80386 architecture had 4 of these modes, which were called rings. Unix uses only two rings; the highest ring (ring 0, also known as `supervisor mode' where everything is allowed to happen) and the lowest ring, which is called `user mode'.
@@ -1321,9 +1323,9 @@ Recall the discussion about library functions vs system calls. Typically, you usWhen you write a small C program, you use variables which are convenient and make sense to the reader. If, on the other hand, you're writing routines which will be part of a bigger problem, any global variables you have are part of a community of other peoples' global variables; some of the variable names can clash. When a program has lots of global variables which aren't meaningful enough to be distinguished, you get namespace pollution. In large projects, effort must be made to remember reserved names, and to find ways to develop a scheme for naming unique variable names and symbols.
@@ -1338,9 +1340,9 @@ The file /proc/kallsyms holds all the symbols that the kernel knows aboutMemory management is a very complicated subject and the majority of O'Reilly's "Understanding The Linux Kernel" exclusively covers memory management! We're not setting out to be experts on memory managements, but we do need to know a couple of facts to even begin worrying about writing real modules.
@@ -1359,27 +1361,27 @@ By the way, I would like to point out that the above discussion is true for anyOne class of module is the device driver, which provides functionality for hardware like a serial port. On unix, each piece of hardware is represented by a file located in /dev named a device file which provides the means to communicate with the hardware. The device driver provides the communication on behalf of a user program. So the es1370.o sound card device driver might connect the /dev/sound device file to the Ensoniq IS1370 sound card. A userspace program like mp3blaster can use /dev/sound without ever knowing what kind of sound card is installed.
Let's look at some device files. Here are device files which represent the first three partitions on the primary master IDE hard drive:
# ls -l /dev/hda[1-3] ++# ls -l /dev/hda[1-3] brw-rw---- 1 root disk 3, 1 Jul 5 2000 /dev/hda1 brw-rw---- 1 root disk 3, 2 Jul 5 2000 /dev/hda2 brw-rw---- 1 root disk 3, 3 Jul 5 2000 /dev/hda3 -
@@ -1395,11 +1397,11 @@ Devices are divided into two types: character devices and block devices. The dif
crw-rw---- 1 root dial 4, 64 Feb 18 23:34 /dev/ttyS0 ++crw-rw---- 1 root dial 4, 64 Feb 18 23:34 /dev/ttyS0 crw-r----- 1 root dial 4, 65 Nov 17 10:26 /dev/ttyS1 crw-rw---- 1 root dial 4, 66 Jul 5 2000 /dev/ttyS2 crw-rw---- 1 root dial 4, 67 Jul 5 2000 /dev/ttyS3 -
@@ -1419,10 +1421,10 @@ By the way, when I say `hardware', I mean something a bit more abstract than a P
% ls -l /dev/fd0 /dev/fd0u1680 ++% ls -l /dev/fd0 /dev/fd0u1680 brwxrwxrwx 1 root floppy 2, 0 Jul 5 2000 /dev/fd0 brw-rw---- 1 root floppy 2, 44 Jul 5 2000 /dev/fd0u1680 -
@@ -1434,13 +1436,13 @@ By now you can look at these two device files and know instantly that they are b
The file_operations structure is defined in /usr/include/linux/fs.h, and holds pointers to functions defined by the driver that perform various operations on the device. Each field of the structure corresponds to the address of some function defined by the driver to handle a requested operation.
@@ -1450,7 +1452,7 @@ For example, every character driver needs to define a function that reads from tstruct file_operations { ++struct file_operations { struct module *owner; loff_t (*llseek) (struct file *, loff_t, int); ssize_t (*read) (struct file *, char __user *, size_t, loff_t *); @@ -1480,7 +1482,7 @@ For example, every character driver needs to define a function that reads from t loff_t len); int (*show_fdinfo)(struct seq_file *m, struct file *f); }; -
@@ -1492,13 +1494,13 @@ There is a gcc extension that makes assigning to this structure more convenient.
struct file_operations fops = { ++struct file_operations fops = { read: device_read, write: device_write, open: device_open, release: device_release }; -
@@ -1506,13 +1508,13 @@ However, there's also a C99 way of assigning to elements of a structure, and thi
struct file_operations fops = { ++struct file_operations fops = { .read = device_read, .write = device_write, .open = device_open, .release = device_release }; -
@@ -1525,9 +1527,9 @@ An instance of struct file_operations containing pointers to functions that are
Each device is represented in the kernel by a file structure, which is defined in linux/fs.h. Be aware that a file is a kernel level structure and never appears in a user space program. It's not the same thing as a FILE, which is defined by glibc and would never appear in a kernel space function. Also, its name is a bit misleading; it represents an abstract open `file', not a file on a disk, which is represented by a structure named inode.
@@ -1542,9 +1544,9 @@ Go ahead and look at the definition of file. Most of the entries you see, like sAs discussed earlier, char devices are accessed through device files, usually located in /dev4. The major number tells you which driver handles which device file. The minor number is used only by the driver itself to differentiate which device it's operating on, just in case the driver handles more than one device.
@@ -1554,8 +1556,8 @@ Adding a driver to your system means registering it with the kernel. This is synint register_chrdev(unsigned int major, const char *name, struct file_operations *fops); -+
int register_chrdev(unsigned int major, const char *name, struct file_operations *fops);
+@@ -1572,9 +1574,9 @@ If you pass a major number of 0 to register_chrdev, the return value will be the
We can't allow the kernel module to be rmmod'ed whenever root feels like it. If the device file is opened by a process and then we remove the kernel module, using the file would cause a call to the memory location where the appropriate function (read/write) used to be. If we're lucky, no other code was loaded there, and we'll get an ugly error message. If we're unlucky, another kernel module was loaded into the same location, which means a jump into the middle of another function within the kernel. The results of this would be impossible to predict, but they can't be very positive.
@@ -1594,16 +1596,16 @@ It's important to keep the counter accurate; if you ever do lose track of the coThe next code sample creates a char driver named chardev. You can cat its device file.
cat /proc/devices -+
cat /proc/devices
+@@ -1611,7 +1613,7 @@ The next code sample creates a char driver named chardev. You can cat its device
/* ++/* * chardev.c: Creates a read-only char device that says how many times * you've read from the dev file */ @@ -1779,14 +1781,14 @@ The next code sample creates a char driver named chardev. You can cat its device printk(KERN_ALERT "Sorry, this operation isn't supported.\n"); return -EINVAL; } -
The system calls, which are the major interface the kernel shows to the processes, generally stay the same across versions. A new system call may be added, but usually the old ones will behave exactly like they used to. This is necessary for backward compatibility – a new kernel version is not supposed to break regular processes. In most cases, the device files will also remain the same. On the other hand, the internal interfaces within the kernel can and do change between versions.
@@ -1810,9 +1812,9 @@ You might already have noticed that recent kernels look different. In case you hIn Linux, there is an additional mechanism for the kernel and kernel modules to send information to processes — the /proc file system. Originally designed to allow easy access to information about processes (hence the name), it is now used by every bit of the kernel which has something interesting to report, such as /proc/modules which provides the list of modules and /proc/meminfo which stats memory usage statistics.
@@ -1842,13 +1844,13 @@ Each time, everytime the file /proc/helloworld is read, the function proc# cat /proc/helloworld ++# cat /proc/helloworld HelloWorld! -
/* ++/* procfs1.c */ @@ -1898,13 +1900,13 @@ HelloWorld! proc_remove(Our_Proc_File); printk(KERN_INFO "/proc/%s removed\n", procfs_name); } -
We have seen a very simple example for a /proc file where we only read the file /proc/helloworld. It's also possible to write in a /proc file. It works the same way as read, a function is called when the /proc file is written. But there is a little difference with read, data comes from user, so you have to import data from user space to kernel space (with copy_from_user or get_user)
@@ -1918,7 +1920,7 @@ The only memory segment accessible to a process is its own, so when writing regu/** ++/** * procfs2.c - create a "file" in /proc * */ @@ -2016,14 +2018,14 @@ The only memory segment accessible to a process is its own, so when writing regu proc_remove(Our_Proc_File); printk(KERN_INFO "/proc/%s removed\n", PROCFS_NAME); } -
We have seen how to read and write a /proc file with the /proc interface. But it's also possible to manage /proc file with inodes. The main concern is to use advanced functions, like permissions.
@@ -2041,7 +2043,7 @@ It's important to note that the standard roles of read and write are reversed in/* ++/* procfs3.c */ @@ -2124,7 +2126,7 @@ It's important to note that the standard roles of read and write are reversed in remove_proc_entry(PROCFS_ENTRY_FILENAME, NULL); printk(KERN_DEBUG "/proc/%s removed\n", PROCFS_ENTRY_FILENAME); } -
@@ -2133,9 +2135,9 @@ Still hungry for procfs examples? Well, first of all keep in mind, there are rum
As we have seen, writing a /proc file may be quite "complex". So to help people writting /proc file, there is an API named seq_file that helps @@ -2170,7 +2172,7 @@ Seq_file provides basic functions for file_operations, as seq_read, seq_lseek, a
/** ++/** * procfs4.c - create a "file" in /proc * This program uses the seq_file library to manage the /proc file. * @@ -2304,7 +2306,7 @@ MODULE_LICENSE("GPL"); remove_proc_entry(PROC_NAME, NULL); printk(KERN_DEBUG "/proc/%s removed\n", PROC_NAME); } -
@@ -2325,16 +2327,16 @@ You can also read the code of fs/seq_file.c in the linux kernel.
sysfs allows you to interact with the running kernel from userspace by reading or setting variables inside of modules. This can be useful for debugging purposes, or just as an interface for applications or scripts. You can find sysfs directories and files under the sys directory on your system.
ls -l /sys -+
ls -l /sys
+@@ -2342,7 +2344,7 @@ An example of a hello world module which includes the creation of a variable acc
/* ++/* * hello-sysfs.c sysfs example */ @@ -2410,7 +2412,7 @@ MODULE_AUTHOR("Bob Mottram"); module_init(mymodule_init); module_exit(mymodule_exit); -
@@ -2418,9 +2420,9 @@ Make and install the module:
make ++make sudo insmod hello-sysfs.ko -
@@ -2428,8 +2430,8 @@ Check that it exists:
sudo lsmod | grep hello_sysfs -+
sudo lsmod | grep hello_sysfs
+@@ -2437,8 +2439,8 @@ What is the current value of myvariable ?
cat /sys/kernel/mymodule/myvariable -+
cat /sys/kernel/mymodule/myvariable
+@@ -2446,9 +2448,9 @@ Set the value of myvariable and check that it changed.
echo "32" > /sys/kernel/mymodule/myvariable ++echo "32" > /sys/kernel/mymodule/myvariable cat /sys/kernel/mymodule/myvariable -
@@ -2456,15 +2458,15 @@ Finally, remove the test module:
sudo rmmod hello_sysfs -+
sudo rmmod hello_sysfs
+Device files are supposed to represent physical devices. Most physical devices are used for output as well as input, so there has to be some mechanism for device drivers in the kernel to get the output to send to the device from processes. This is done by opening the device file for output and writing to it, just like writing to a file. In the following example, this is implemented by device_write.
@@ -2486,7 +2488,7 @@ If you want to use ioctls in your own kernel modules, it is best to receive an o/* ++/* * chardev2.c - Create an input/output character device */ @@ -2762,11 +2764,11 @@ If you want to use ioctls in your own kernel modules, it is best to receive an o */ unregister_chrdev(MAJOR_NUM, DEVICE_NAME); } -
/* ++/* * chardev.h - the header file with the ioctl definitions. * * The declarations here have to be in a header file, because @@ -2832,11 +2834,11 @@ If you want to use ioctls in your own kernel modules, it is best to receive an o #define DEVICE_FILE_NAME "char_dev" #endif -
/* ++/* * ioctl.c - the process to use ioctl's to control the kernel module * * Until now we could have used cat for input and output. But now @@ -2940,14 +2942,14 @@ If you want to use ioctls in your own kernel modules, it is best to receive an o close(file_desc); return 0; } -
So far, the only thing we've done was to use well defined kernel mechanisms to register /proc files and device handlers. This is fine if you want to do something the kernel programmers thought you'd want, such as write a device driver. But what if you want to do something unusual, to change the behavior of the system in some way? Then, you're mostly on your own.
@@ -2993,7 +2995,7 @@ Note that all the related problems make syscall stealing unfeasiable for product/* ++/* * syscall.c * * System call "stealing" sample. @@ -3148,18 +3150,18 @@ module_init(syscall_start); module_exit(syscall_end); MODULE_LICENSE("GPL"); -
What do you do when somebody asks you for something you can't do right away? If you're a human being and you're bothered by a human being, the only thing you can say is: "Not right now, I'm busy. Go away!". But if you're a kernel module and you're bothered by a process, you have another possibility. You can put the process to sleep until you can service it. After all, processes are being put to sleep by the kernel and woken up all the time (that's the way multiple processes appear to run on the same time on a single CPU).
@@ -3186,7 +3188,7 @@ There is one more point to remember. Some times processes don't want to sleep, thostname:~/lkmpg-examples/09-BlockingProcesses# insmod sleep.ko ++hostname:~/lkmpg-examples/09-BlockingProcesses# insmod sleep.ko hostname:~/lkmpg-examples/09-BlockingProcesses# cat_noblock /proc/sleep Last input: hostname:~/lkmpg-examples/09-BlockingProcesses# tail -f /proc/sleep & @@ -3206,11 +3208,11 @@ hostname:~/lkmpg-examples/09-BlockingProcesses# kill %1 hostname:~/lkmpg-examples/09-BlockingProcesses# cat_noblock /proc/sleep Last input: hostname:~/lkmpg-examples/09-BlockingProcesses# -
/* ++/* * sleep.c - create a /proc file, and if several processes try to open it at * the same time, put all but one to sleep */ @@ -3475,11 +3477,11 @@ DECLARE_WAIT_QUEUE_HEAD(WaitQ); remove_proc_entry(PROC_ENTRY_FILENAME, NULL); printk(KERN_DEBUG "/proc/%s removed\n", PROC_ENTRY_FILENAME); } -
/* cat_noblock.c - open a file and display its contents, but exit rather than ++/* cat_noblock.c - open a file and display its contents, but exit rather than * wait for input */ /* Copyright (C) 1998 by Ori Pomerantz */ @@ -3544,14 +3546,14 @@ DECLARE_WAIT_QUEUE_HEAD(WaitQ); } while (bytes > 0); return 0; } -
Sometimes one thing should happen before another within a module having multiple threads. Rather than using /proc/sleep commands the kernel has another way to do this which allows timeouts or interrupts to also happen.
@@ -3561,7 +3563,7 @@ In the following example two threads are started, but one needs to start before#include <linux/init.h> ++#include <linux/init.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/kthread.h> @@ -3638,7 +3640,7 @@ module_exit(completions_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Completions example"); MODULE_LICENSE("GPL"); -
@@ -3656,22 +3658,22 @@ There are other variations upon the wait_for_completion function, which i
If processes running on different CPUs or in different threads try to access the same memory then it's possible that strange things can happen or your system can lock up. To avoid this various types of mutual exclusion kernel functions are available. These indicate if a section of code is "locked" or "unlocked" so that simultaneous attempts to run it can't happen.
You can use kernel mutexes (mutual exclusions) in much the same manner that you might deploy them in userland. This may be all that's needed to avoid collisions in most cases.
#include <linux/kernel.h> ++#include <linux/kernel.h> #include <linux/module.h> #include <linux/init.h> #include <linux/mutex.h> @@ -3711,13 +3713,13 @@ module_exit(example_mutex_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Mutex example"); MODULE_LICENSE("GPL"); -
As the name suggests, spinlocks lock up the CPU that the code is running on, taking 100% of its resources. Because of this you should only use the spinlock mechanism around code which is likely to take no more than a few milliseconds to run and so won't noticably slow anything down from the user's point of view.
@@ -3727,7 +3729,7 @@ The example here is "irq safe" in that if interrupts happen during the lo#include <linux/kernel.h> ++#include <linux/kernel.h> #include <linux/module.h> #include <linux/init.h> #include <linux/spinlock.h> @@ -3790,20 +3792,20 @@ module_exit(example_spinlock_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Spinlock example"); MODULE_LICENSE("GPL"); -
Read and write locks are specialised kinds of spinlocks so that you can exclusively read from something or write to something. Like the earlier spinlocks example the one below shows an "irq safe" situation in which if other functions were triggered from irqs which might also read and write to whatever you are concerned with then they wouldn't disrupt the logic. As before it's a good idea to keep anything done within the lock as short as possible so that it doesn't hang up the system and cause users to start revolting against the tyranny of your module.
#include <linux/kernel.h> ++#include <linux/kernel.h> #include <linux/module.h> #include <linux/interrupt.h> @@ -3856,7 +3858,7 @@ module_exit(example_rwlock_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Read/Write locks example"); MODULE_LICENSE("GPL"); -
@@ -3864,15 +3866,15 @@ Of course if you know for sure that there are no functions triggered by irqs whi
If you're doing simple arithmetic: adding, subtracting or bitwise operations then there's another way in the multi-CPU and multi-hyperthreaded world to stop other parts of the system from messing with your mojo. By using atomic operations you can be confident that your addition, subtraction or bit flip did actually happen and wasn't overwritten by some other shenanigans. An example is shown below.
#include <linux/kernel.h> ++#include <linux/kernel.h> #include <linux/module.h> #include <linux/interrupt.h> @@ -3948,18 +3950,18 @@ module_exit(example_atomic_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Atomic operations example"); MODULE_LICENSE("GPL"); -
In Section 1.2.1.2, I said that X and kernel module programming don't mix. That's true for developing kernel modules, but in actual use, you want to be able to send messages to whichever tty12 the command to load the module came from.
@@ -3969,7 +3971,7 @@ The way this is done is by using current, a pointer to the currently running tas/* ++/* * print_string.c - Send output to the tty we're running on, regardless if it's * through X11, telnet, etc. We do this by printing the string to the tty * associated with the current task. @@ -4077,14 +4079,14 @@ MODULE_AUTHOR("Peter Jay Salzman"); module_init(print_string_init); module_exit(print_string_exit); -
In certain conditions, you may desire a simpler and more direct way to communicate to the external world. Flashing keyboard LEDs can be such a solution: It is an immediate way to attract attention or to display a status condition. Keyboard LEDs are present on every hardware, they are always visible, they do not need any setup, and their use is rather simple and non-intrusive, compared to writing to a tty or a file.
@@ -4094,7 +4096,7 @@ The following source code illustrates a minimal kernel module which, when loaded/* ++/* * kbleds.c - Blink keyboard leds until the module is unloaded. */ @@ -4189,7 +4191,7 @@ MODULE_LICENSE("GPL"); module_init(kbleds_init); module_exit(kbleds_cleanup); -
@@ -4203,23 +4205,23 @@ While you have seen lots of stuff that can be used to aid debugging here, there
There are two main ways of running tasks: tasklets and work queues. Tasklets are a quick and easy way of scheduling a single function to be run, for example when triggered from an interrupt, whereas work queues are more complicated but also better suited to running multiple things in a sequence.
Here's an example tasklet module. The tasklet_fn function runs for a few seconds and in the mean time execution of the example_tasklet_init function continues to the exit point.
#include <linux/kernel.h> ++#include <linux/kernel.h> #include <linux/module.h> #include <linux/delay.h> #include <linux/interrupt.h> @@ -4254,7 +4256,7 @@ module_exit(example_tasklet_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Tasklet example"); MODULE_LICENSE("GPL"); -
@@ -4262,17 +4264,17 @@ So with this example loaded dmesg should show:
tasklet example init ++tasklet example init Example tasklet starts Example tasklet init continues... Example tasklet ends -
Very often, we have "housekeeping" tasks which have to be done at a certain time, or every so often. If the task is to be done by a process, we do it by putting it in the crontab file. If the task is to be done by a kernel module, we have two possibilities. The first is to put a process in the crontab file which will wake up the module by a system call when necessary, for example by opening a file. This is terribly inefficient, however – we run a new process off of crontab, read a new executable to memory, and all this just to wake up a kernel module which is in memory anyway.
@@ -4286,7 +4288,7 @@ There's one more point we need to remember here. When a module is removed by rmm/* ++/* * sched.c - schedule a function to be called on every timer interrupt. * * Copyright (C) 2001 by Peter Jay Salzman @@ -4450,19 +4452,19 @@ MODULE_LICENSE("GPL"); * routine it's time to die. */ } -
Except for the last chapter, everything we did in the kernel so far we've done as a response to a process asking for it, either by dealing with a special file, sending an ioctl(), or issuing a system call. But the job of the kernel isn't just to respond to process requests. Another job, which is every bit as important, is to speak to the hardware connected to the machine.
@@ -4485,9 +4487,9 @@ The way to implement this is to call request_irq() to get your interruptMany popular single board computers, such as Raspberry Pis or Beagleboards, have a bunch of GPIO pins. Attaching buttons to those and then having a button press do something is a classic case in which you might need to use interrupts so that instead of having the CPU waste time and battery power polling for a change in input state it's better for the input to trigger the CPU to then run a particular handling function.
@@ -4497,7 +4499,7 @@ Here's an example where buttons are connected to GPIO numbers 17 and 18 and an L/* +-/* * intrpt.c - Handling GPIO with interrupts * * Copyright (C) 2017 by Bob Mottram @@ -4648,29 +4650,206 @@ Here's an example where buttons are connected to GPIO numbers 17 and 18 and an L MODULE_LICENSE("GPL"); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Handle some GPIO interrupts"); -
+Suppose you want to do a bunch of stuff inside of an interrupt routine. A common way to do that without rendering the interrupt unavailable for a significant duration is to combine it with a tasklet. This pushes the bulk of the work off into the scheduler. +
+ +/*
+ * bottomhalf.c -
+ *
+ * Copyright (C) 2017 by Bob Mottram
+ * Based upon the Rpi example by Stefan Wendler (devnull@kaltpost.de)
+ * from:
+ * https://github.com/wendlers/rpi-kmod-samples
+ *
+ * Press one button to turn on a LED and another to turn it off
+ */
+
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/gpio.h>
+#include <linux/delay.h>
+#include <linux/interrupt.h>
+
+static int button_irqs[] = { -1, -1 };
+
+/* Define GPIOs for LEDs.
+ Change the numbers for the GPIO on your board. */
+static struct gpio leds[] = {
+ { 4, GPIOF_OUT_INIT_LOW, "LED 1" }
+};
+
+/* Define GPIOs for BUTTONS
+ Change the numbers for the GPIO on your board. */
+static struct gpio buttons[] = {
+ { 17, GPIOF_IN, "LED 1 ON BUTTON" },
+ { 18, GPIOF_IN, "LED 1 OFF BUTTON" }
+};
+
+/* Tasklet containing some non-trivial amount of processing */
+static void bottomhalf_tasklet_fn(unsigned long data)
+{
+ printk("Bottom half tasklet starts\n");
+ /* do something which takes a while */
+ mdelay(500);
+ printk("Bottom half tasklet ends\n");
+}
+
+DECLARE_TASKLET(buttontask, bottomhalf_tasklet_fn, 0L);
+
+/*
+ * interrupt function triggered when a button is pressed
+ */
+static irqreturn_t button_isr(int irq, void *data)
+{
+ /* Do something quickly */
+ if (irq == button_irqs[0] && !gpio_get_value(leds[0].gpio))
+ gpio_set_value(leds[0].gpio, 1);
+ else if(irq == button_irqs[1] && gpio_get_value(leds[0].gpio))
+ gpio_set_value(leds[0].gpio, 0);
+
+ /* Do the rest at leasure via the scheduler */
+ tasklet_schedule(&buttontask);
+
+ return IRQ_HANDLED;
+}
+
+int init_module()
+{
+ int ret = 0;
+
+ printk(KERN_INFO "%s\n", __func__);
+
+ /* register LED gpios */
+ ret = gpio_request_array(leds, ARRAY_SIZE(leds));
+
+ if (ret) {
+ printk(KERN_ERR "Unable to request GPIOs for LEDs: %d\n", ret);
+ return ret;
+ }
+
+ /* register BUTTON gpios */
+ ret = gpio_request_array(buttons, ARRAY_SIZE(buttons));
+
+ if (ret) {
+ printk(KERN_ERR "Unable to request GPIOs for BUTTONs: %d\n", ret);
+ goto fail1;
+ }
+
+ printk(KERN_INFO "Current button1 value: %d\n",
+ gpio_get_value(buttons[0].gpio));
+
+ ret = gpio_to_irq(buttons[0].gpio);
+
+ if (ret < 0) {
+ printk(KERN_ERR "Unable to request IRQ: %d\n", ret);
+ goto fail2;
+ }
+
+ button_irqs[0] = ret;
+
+ printk(KERN_INFO "Successfully requested BUTTON1 IRQ # %d\n",
+ button_irqs[0]);
+
+ ret = request_irq(button_irqs[0], button_isr,
+ IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING,
+ "gpiomod#button1", NULL);
+
+ if (ret) {
+ printk(KERN_ERR "Unable to request IRQ: %d\n", ret);
+ goto fail2;
+ }
+
+
+ ret = gpio_to_irq(buttons[1].gpio);
+
+ if (ret < 0) {
+ printk(KERN_ERR "Unable to request IRQ: %d\n", ret);
+ goto fail2;
+ }
+
+ button_irqs[1] = ret;
+
+ printk(KERN_INFO "Successfully requested BUTTON2 IRQ # %d\n",
+ button_irqs[1]);
+
+ ret = request_irq(button_irqs[1], button_isr,
+ IRQF_TRIGGER_RISING | IRQF_TRIGGER_FALLING,
+ "gpiomod#button2", NULL);
+
+ if (ret) {
+ printk(KERN_ERR "Unable to request IRQ: %d\n", ret);
+ goto fail3;
+ }
+
+ return 0;
+
+/* cleanup what has been setup so far */
+fail3:
+ free_irq(button_irqs[0], NULL);
+
+fail2:
+ gpio_free_array(buttons, ARRAY_SIZE(leds));
+
+fail1:
+ gpio_free_array(leds, ARRAY_SIZE(leds));
+
+ return ret;
+}
+
+void cleanup_module()
+{
+ int i;
+
+ printk(KERN_INFO "%s\n", __func__);
+
+ /* free irqs */
+ free_irq(button_irqs[0], NULL);
+ free_irq(button_irqs[1], NULL);
+
+ /* turn all LEDs off */
+ for (i = 0; i < ARRAY_SIZE(leds); i++)
+ gpio_set_value(leds[i].gpio, 0);
+
+ /* unregister */
+ gpio_free_array(leds, ARRAY_SIZE(leds));
+ gpio_free_array(buttons, ARRAY_SIZE(buttons));
+}
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Bob Mottram");
+MODULE_DESCRIPTION("Interrupt with top and bottom half");
+At the dawn of the internet everybody trusted everybody completely…but that didn't work out so well. When this guide was originally written it was a more innocent era in which almost nobody actually gave a damn about crypto - least of all kernel developers. That's certainly no longer the case now. To handle crypto stuff the kernel has its own API enabling common methods of encryption, decryption and your favourite hash functions.
Calculating and checking the hashes of things is a common operation. Here is a demonstration of how to calculate a sha256 hash within a kernel module.
#include <linux/module.h> ++#include <linux/module.h> #include <crypto/internal/hash.h> #define SHA256_LENGTH (256/8) @@ -4734,7 +4913,7 @@ module_exit(cryptosha256_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("sha256 hash test"); MODULE_LICENSE("GPL"); -
@@ -4742,10 +4921,10 @@ Make and install the module:
make ++make sudo insmod cryptosha256.ko dmesg -
@@ -4757,20 +4936,20 @@ Finally, remove the test module:
sudo rmmod cryptosha256 -+
sudo rmmod cryptosha256
+Here is an example of symmetrically encrypting a string using the AES algorithm and a password.
#include <crypto/internal/skcipher.h> ++#include <crypto/internal/skcipher.h> #include <linux/module.h> #include <linux/crypto.h> @@ -4950,20 +5129,20 @@ module_exit(cryptoapi_exit); MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Symmetric key encryption example"); MODULE_LICENSE("GPL"); -
Up to this point we've seen all kinds of modules doing all kinds of things, but there was no consistency in their interfaces with the rest of the kernel. To impose some consistency such that there is at minimum a standardised way to start, suspend and resume a device a device model was added. An example is show below, and you can use this as a template to add your own suspend, resume or other interface functions.
#include <linux/kernel.h> ++#include <linux/kernel.h> #include <linux/module.h> #include <linux/platform_device.h> @@ -5059,39 +5238,39 @@ MODULE_DESCRIPTION("Linux Device Model example") module_init(devicemodel_init); module_exit(devicemodel_exit); -
Before I send you on your way to go out into the world and write kernel modules, there are a few things I need to warn you about. If I fail to warn you and something bad happens, please report the problem to me for a full refund of the amount I was paid for your copy of the book.
You can't do that. In a kernel module you can only use kernel functions, which are the functions you can see in /proc/kallsyms.
You might need to do this for a short time and that is OK, but if you don't enable them afterwards, your system will be stuck and you'll have to power it off.
I probably don't have to warn you about this, but I figured I will anyway, just in case.
@@ -5099,9 +5278,9 @@ I probably don't have to warn you about this, but I figured I will anyway, justI could easily have squeezed a few more chapters into this book. I could have added a chapter about creating new file systems, or about adding new protocol stacks (as if there's a need for that – you'd have to dig underground to find a protocol stack not supported by Linux). I could have added explanations of the kernel mechanisms we haven't touched upon, such as bootstrapping or the disk interface.
diff --git a/4.9.11/LKMPG-4.9.11.org b/4.9.11/LKMPG-4.9.11.org index b859459..d40b060 100644 --- a/4.9.11/LKMPG-4.9.11.org +++ b/4.9.11/LKMPG-4.9.11.org @@ -3550,6 +3550,176 @@ MODULE_AUTHOR("Bob Mottram"); MODULE_DESCRIPTION("Handle some GPIO interrupts"); #+END_SRC +** Bottom Half +Suppose you want to do a bunch of stuff inside of an interrupt routine. A common way to do that without rendering the interrupt unavailable for a significant duration is to combine it with a tasklet. This pushes the bulk of the work off into the scheduler. + +#+begin_src C file:bottomhalf.c +/* + * bottomhalf.c - + * + * Copyright (C) 2017 by Bob Mottram + * Based upon the Rpi example by Stefan Wendler (devnull@kaltpost.de) + * from: + * https://github.com/wendlers/rpi-kmod-samples + * + * Press one button to turn on a LED and another to turn it off + */ + +#include