Kprobes and Maemo (N800)

[Eugene Teo <eteo at redhat dot com>]

Kprobes and Maemo (N800)
http://eugeneteo.livejournal.com/6172.html

Kprobes is a mechanism in the kernel that allows you to write modules to insert a probe by
dynamically writing breakpoint instructions at a given address in the running kernel.

Right now the stock kernel for Nokia N800 does not have kprobes support. In order to use
kprobes, you need to patch the stock kernel with my backported kernel patch[1] for the ARM
kprobes implementation[2]. Also, you need to enable RD mode[3] on your device, and have
Scratchbox and maemo development environment[4] installed.

After you have the necessary prerequisites needed, download the stock kernel source

apt-get source kernel-source-rx-34

Go to the kernel sources directory, and apply the kprobes kernel patch

cd kernel-source-rx-34-2.6.18
patch -p1 < ../kprobes-arm-rx-34-2.6.18-A2

Create the default .config file for the kernel

make n800_defconfig

Make the following modification to the .config file

sed -i 's/# CONFIG_KPROBES is not set/CONFIG_KPROBES=y/' .config

Next, run make oldconfig so that the configurations become effective

make oldconfig

After that, compile the actual kernel image

make zImage

Now that you have compiled a new zImage file, you can flash your N800 with the new kernel

# 0xFFFF -p ./arch/arm/boot/zImage -R
Waiting for device... \found n770 (0421:0105)
HW revision string: 'prod_code RX-34 hw_rev 1301'
Root device is: flash
Device's USB mode is 'client'
RD mode is: on
Current rd flag setting:
disable OMAP watchdog : not set
disable RETU watchdog : not set
disable lifeguard reset: not set
enable serial console : not set
disable USB timeout : not set
SWVERSION GOT: version:sw-release
NOLO Version 1.1.6
Flashing kernel (/home/eteo/zImage)
| hash: 0xf498 size: 1326328 (00 14 3c f8)
[=] Bulkwriting the kernel piece...
100% [#################################################################]
Flash done succesfully.
Mobo rebooted!

Login to your N800 via dropbear server or osso-xterm, type the following commands to verify
that you have a new kernel with kprobes support

~ $ uname -a
Linux Nokia-N800-26 2.6.18-omap1 #1 Sat Jul 7 16:01:10 SGT 2007 armv6l unknown
~ $ grep kprobes /proc/kallsyms
c000f468 T arch_init_kprobes
c00152f8 t init_kprobes
c00200e0 t __initcall_init_kprobes
c02064d8 T __kprobes_text_start
c0208dc4 T kprobes_inc_nmissed_count
c0209894 T __kprobes_text_end

I reused the trace-exec.c example from the OLS 2006 Kprobes tutorial[5] to test if it works.

[sbox-ARM: ~] > make
make -C /home/eteo/maemo_kernel/kernel-source-rx-34-2.6.18/ SUBDIRS=/home/eteo modules
make[1]: Entering directory `/home/eteo/maemo_kernel/kernel-source-rx-34-2.6.18'

WARNING: Symbol version dump /home/eteo/maemo_kernel/kernel-source-rx-34-2.6.18/Module.symvers
is missing; modules will have no dependencies and modversions.

CC [M] /home/eteo/trace-exec.o
Building modules, stage 2.
MODPOST
CC /home/eteo/trace-exec.mod.o
LD [M] /home/eteo/trace-exec.ko
make[1]: Leaving directory `/home/eteo/maemo_kernel/kernel-source-rx-34-2.6.18'

Transfer trace-exec.ko to N800 via USB or NFS or your preferred method. I choose to copy it
to my sd-card.

Next, insmod the kernel module

sudo gainroot
cd /media/mmc1
tail -f /var/log/syslog &
insmod trace-exec.ko

You should be able to see some output

kernel: [ 95.268341] Planted jprobe at c009f18c, handler addr bf056000
ke_recv[1575]: handle_kevent:327: i|m|p: org.kernel.kevent|add|/org/kernel/module/trace_exec
ke_recv[1575]: ke-recv.c:375: i|m|p:
com.nokia.mce.signal|display_status_ind|/com/nokia/mce/signal

Type lsmod to see the status of the kernel modules in the running kernel

# lsmod
Module Size Used by
trace_exec 1696 0 - Live 0xbf056000
g_file_storage 24456 0 - Live 0xbf04f000
cx3110x 50632 0 - Live 0xbf041000
umac 258596 1 cx3110x, Live 0xbf000000

When I tried to run osso-xterm, the following commands were executed

kernel: [ 317.945709] do_execve for /usr/bin/osso-xterm from dbus-daemon
maemo-launcher[2335]: invoking '/usr/bin/osso-xterm.launch'
iap_conndlg 1.3.51[1824]: NameownerChanged(:1.51, , :1.51)
icd 1.1.29[1601]: Service ':1.51' belongs now to base service ':1.51'.
iap_conndlg 1.3.51[1824]: NameownerChanged(:1.52, , :1.52)
icd 1.1.29[1601]: Service ':1.52' belongs now to base service ':1.52'.
iap_conndlg 1.3.51[1824]: NameownerChanged(com.nokia.xterm, , :1.51)
icd 1.1.29[1601]: Service 'com.nokia.xterm' belongs now to base service ':1.51'.
kernel: [ 319.202819] do_execve for /usr/lib/libvte4/gnome-pty-helper from maemo-launcher
kernel: [ 319.245971] do_execve for /bin/sh from maemo-launcher
kernel: [ 319.380187] do_execve for /usr/bin/whoami from sh
kernel: [ 319.411163] EAC mode: play disabled, rec disabled
kernel: [ 319.548309] EAC mode: play enabled, rec enabled
maemo_af_desktop[1791]: GLIB DEBUG default - HildonHome is background: 1

Once you are done with it, you can remove the kernel module

rmmod trace-exec.ko

Try it out, and share with me your kprobes experiences!

[1] http://www.kernel.org/pub/linux/kernel/people/eugeneteo/kprobes/
[2] http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=4447
[3] http://eugeneteo.livejournal.com/5922.html
[4] http://maemo.org/development/documentation/tutorials/Maemo_tutorial_bora.html#settingup
[5] http://www-users.cs.umn.edu/~boutcher/kprobes/