Kernel Code Overview¶

This page will give you a brief overview of the Linux kernel code. This will help you since some eBPF programs will need to interact with the kernel code (for example via kprobes).

Where to find the kernel code¶

Your VM runs on a Linux kernel version 6.8.0. To navigate through the kernel code, you can either

Navigate an online version of the Linux kernel code at https://elixir.bootlin.com/linux/v6.8/source
Navigate a local version with the terminal or with your IDE. To download the kernel code, you can run the following commands (navigate to the directory where you want to download the kernel code before running the commands):
```
$ wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.8.tar.xz
$ tar -Jxvf linux-6.8.tar.xz
```
This will create a directory named linux-6.8 in your current directory which contains the Linux kernel source code.
Navigate the sources on GitHub

What you find in the kernel code¶

First go to the root of the source tree, you will find a lot of directories and files in them.

Directories are roughly organized as follows:

Directory	Description
arch	Architecture dependent code
block	Block device abstraction
drivers	Device drivers
fs	File systems
include	Header files
init	Initialization
kernel	Kernel core
lib	Misc libraries
mm	Memory management
net	Networking
virt	Virtualization

Note that in our case we will only focus on the intel x86 architecture (in arch/x86). All other architectures (e.g., ARM) can be omitted in our case.

Quickly have a look¶

All the behaviors of Linux is “defined” in the source code. Thus, you can find implementations of OS components that you learned in the theoretical course.

As an example, we consider the syscalls table. You can find the table for x86 architecture at arch/x86/entry/syscalls/syscall_64.tbl.

#
# 64-bit system call numbers and entry vectors
#
# The format is:
# <number> <abi> <name> <entry point>
#
# The __x64_sys_*() stubs are created on-the-fly for sys_*() system calls
#
# The abi is "common", "64" or "x32" for this file.
#
0       common  read                    sys_read
1       common  write                   sys_write
2       common  open                    sys_open
3       common  close                   sys_close
4       common  stat                    sys_newstat
5       common  fstat                   sys_newfstat
6       common  lstat                   sys_newlstat
.
.

We encourage you to take a look and investigate on your own.

Documentation of the kernel code¶

You can find the documentation of the kernel code either on this website or in the kernel source code itself under the Documentation directory.