In this paper, a runtime self-diagnosis and self-recovery infrastructure is presented for embedded systems. Different from existing methods of off-line tracing system logs, our research focuses on analyzing system kernel data structures from runtime memory periodically against predefined constraints. If any violations have been detected, recovery functions are invoked. The prototype system is developed based on a system virtualization layer, above on which the guest operating system, diagnosis and recovery services run simultaneously. The infrastructure requires few modifications to the source code of operating system kernel, thus it can be easily adopted into existing embedded systems for quick implementation. It is also fully software-based without introducing any specific hardware; therefore it is costefficient. The experiments indicate that it can correctly detect and recover from several kernel security attacks with acceptable penalty to system performance.