Kernel Code Overview
====================

This page will give you a brief overview of the Linux kernel code. This will
help you since some eBPF programs will need to interact with the kernel code
(for example via kprobes).

Where to find the kernel code
-----------------------------

Your VM runs on a Linux kernel version 6.8.0. To navigate through the kernel
code, you can either

- Navigate an online version of the Linux kernel code at
  https://elixir.bootlin.com/linux/v6.8/source

- Navigate a local version with the terminal or with your IDE. To download the
  kernel code, you can run the following commands (navigate to the directory
  where you want to download the kernel code before running the commands):

  .. code-block:: bash

    $ wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.8.tar.xz
    $ tar -Jxvf linux-6.8.tar.xz

  This will create a directory named ``linux-6.8`` in your current directory
  which contains the Linux kernel source code.

- Navigate the sources on `GitHub
  <https://github.com/torvalds/linux/tree/v6.8>`_

What you find in the kernel code
--------------------------------

First go to the root of the source tree, you will find a lot of directories and
files in them.

Directories are roughly organized as follows:

========= ===========================
Directory Description
========= ===========================
arch      Architecture dependent code
block     Block device abstraction
drivers   Device drivers
fs        File systems
include   Header files
init      Initialization
kernel    Kernel core
lib       Misc libraries
mm        Memory management
net       Networking
virt      Virtualization
========= ===========================

Note that in our case we will only focus on the intel x86 architecture (in
``arch/x86``). All other architectures (e.g., ARM) can be omitted in our case.

Quickly have a look
-------------------

All the behaviors of Linux is "defined" in the source code. Thus, you can find
implementations of OS components that you learned in the theoretical course.

As an example, we consider the syscalls table. You can find the table for x86
architecture at ``arch/x86/entry/syscalls/syscall_64.tbl``.

.. code-block:: c

  #
  # 64-bit system call numbers and entry vectors
  #
  # The format is:
  # <number> <abi> <name> <entry point>
  #
  # The __x64_sys_*() stubs are created on-the-fly for sys_*() system calls
  #
  # The abi is "common", "64" or "x32" for this file.
  #
  0       common  read                    sys_read
  1       common  write                   sys_write
  2       common  open                    sys_open
  3       common  close                   sys_close
  4       common  stat                    sys_newstat
  5       common  fstat                   sys_newfstat
  6       common  lstat                   sys_newlstat
  .
  .

We encourage you to take a look and investigate on your own.


Documentation of the kernel code
--------------------------------

You can find the documentation of the kernel code either on `this website
<https://www.kernel.org/doc/html/v6.8/index.html>`_ or in the kernel source
code itself under the ``Documentation`` directory.