Flipper: Lightweight Kernel Tailoring

Flipper can be used to gather information about the control flow in the kernel in order to generate a minimal use-case specific configuration. While ftrace causes quite a lot of overhead during the observation of the kernel, Flipper relies on small bit-setting instructions patched into the kernel to collect data. Its advantages and results are presented in the GPCE '14 paper (1) and Bernhard Heinloth's Master Thesis (2).

1.) Patch instructions into a Linux source tree

To prepare a kernel source directory, you need the semantic patch tool Coccinelle (spatch, more information at

With Coccinelle installed, you can prepare a Linux kernel source tree by running the following command:

	./flipper/ -i -b -B flipper/blacklist -m -o out.patch -v path/to/linux-src/

The resulting patch can then be applied to the kernel using the traditional patch util:

	patch -p1 -d path/to/linux-src/ < out.patch

2.) Integrate character device to read tracing information

Additionally, it is necessary to integrate the Flipper char device into the kernel.

First, copy the required source files into the source folder

	cp -r flipper/kernel/* path/to/linux-src/

Then you need to modify the following files to include the device into the build process:

In drivers/misc/Kconfig


			source "drivers/misc/flipper/Kconfig"


			[end of file]

In drivers/misc/Makefile


			obj-$(CONFIG_FLIPPER_TRACE)	+= flipper/

at the end of file

And in include/uapi/linux/Kbuild


			header-y	+= flipper.h

at the end of file

Now you are ready to build the kernel.

To enable this code point tracer, you have to enable the Flipper device in the kernel configuration (CONFIG_FLIPPER_TRACE). The value of CONFIG_FLIPPER_TRACE_ENTRIES must be equal or more than the number of injected codepoints (for simplicity the number of lines of the file). We strongly recommend to enable CONFIG_FLIPPER_TRACE_ONE_ENTRY_PER_INDEX since it not only avoids race-conditions but also uses less recording instructions (at the cost of an increased size).

3.) Use the system/run the target workload

Use your target device booted with the prepared kernel in a typical manner.

At the end, don't forget to save the recorded trace using

	cp -f /dev/flipper trace.bitmap

4.) Resolve tracing information to source code lines

You are able to resolve the source code points using the evaluateMap script and the mapping file generated by the script:

	./flipper/ trace.bitmap > trace.list

5.) Generate Linux kernel configuraion

This file can be processed with the undertaker-tailor utility to generate your linux configuration (maybe, more parameters will be needed, see the output of "undertaker-tailor -h" or the README in the tailor/ subdirectory for further details):

	undertaker-tailor -f trace.list


Additional information about the approach can be found in

Last modified 7 years ago Last modified on 10/12/14 21:23:56
Note: See TracWiki for help on using the wiki.