Programming Project 1 Linux Kernel Hacking CS502 Operating
- Slides: 37
Programming Project #1 Linux Kernel Hacking CS-502, Operating Systems Fall 2007 CS-502 Fall 2007 Project #1, Linux Kernel Modifications 1
Objective • To learn how to work with an operating system kernel • To understand some of the constraints and techniques of programming in a kernel (versus user space) CS-502 Fall 2007 Project #1, Linux Kernel Modifications 2
Method • To add a new system call to the Linux kernel • To get useful information from the data structures of a Linux kernel CS-502 Fall 2007 Project #1, Linux Kernel Modifications 3
Background – User vs. Kernel mode • Hardware provides two modes – Indicated by bit in PSW • Allows OS to protect itself & system components against – Faulty and malicious processes • Some instructions designated as privileged – Only executable in kernel mode • System call, all traps, & interrupts change mode from user to kernel – return from system call resets mode to user CS-502 Fall 2007 Project #1, Linux Kernel Modifications 4
Transition from User to Kernel Mode • Note: each different system call has its own number or other identity. • Kernel trap handler uses syscall number to index into table of syscall routines CS-502 Fall 2007 Project #1, Linux Kernel Modifications 5
Inside Kernel, the OS can … • Read and modify data structures not in user address space • Control devices and hardware settings forbidden to user processes • Invoke operating system functions not available to user processes • … CS-502 Fall 2007 Project #1, Linux Kernel Modifications 6
Accessing the Kernel via System Call • Normally embedded within a library routine • User API never makes system calls directly • System call mechanism is machine specific • Different CPU architectures make system calls in different ways • System call numbers different for various architectures • Even for same operating system & version! • E. g. , poll system call is #167 on Power. PC but #168 on Intel 386 platforms (in SUSE Linux 9. 3) CS-502 Fall 2007 Project #1, Linux Kernel Modifications 7
Accessing Kernel via Library interface CS-502 Fall 2007 Project #1, Linux Kernel Modifications 8
Accessing Kernel via Library interface CS-502 Fall 2007 Project #1, Linux Kernel Modifications 9
In this project, we will … • Add a new system call to the Linux kernel – It does nothing except announce its presence • Add a second system call to provide information about the calling process – Information not readily available via existing system calls • Follow Linux naming & numbering conventions CS-502 Fall 2007 Project #1, Linux Kernel Modifications 10
In this project, we won’t … • … bother to make a library to encapsulate our systems calls • … try to support them on all machine architectures CS-502 Fall 2007 Project #1, Linux Kernel Modifications 11
Part 1: Adding a System Call • See Silbershatz, pp 74 -78 • Similar problem statement • Many details are different (due to version of Linux) • Many how-to details in Robert Love, ch. 5 • System Calls • Clone a new kernel tree as in Project 0 • cp –al /usr/src/linux-2. 6. 18. 8 -0. 5 kernel. Src • Remember to build to a destination – e. g. ~/kernel. Dst CS-502 Fall 2007 Project #1, Linux Kernel Modifications 12
Linux Conventions (all versions) • If your library routine is alarm, … • … then the corresponding system call is sys_alarm • … and the corresponding function prototype for its kernel implementation is asmlinkage unsigned long sys_alarm (unsigned int seconds) • Note that asmlinkage is a compiler directive that tells gcc how to compile calls to the function sys_alarm within the kernel CS-502 Fall 2007 Project #1, Linux Kernel Modifications 13
Linux Conventions (continued) • To invoke alarm system call from a library routine in user space, use macro _syscall 1(unsigned long, alarm, unsigned int seconds) • _syscalln has n+2 arguments • Return type • Name of actual system call (in user space) • Arguments to system call function • This macro defines the function unsigned long alarm(unsigned int seconds) CS-502 Fall 2007 Project #1, Linux Kernel Modifications 14
Hello, World! • Our first system call will be helloworld • No arguments • Return int CS-502 Fall 2007 Project #1, Linux Kernel Modifications 15
helloworld System Call • /* This is the text of the helloworld system call implementation */ asmlinkage long sys_helloworld(void) { printk(KERN_EMERG “Hello, world!n”); return 0; } • Add to the file kernel. Src/kernel/sys. c CS-502 Fall 2007 Project #1, Linux Kernel Modifications 16
helloworld System Call • /* This is the text of the helloworld system call */ asmlinkage long sys_helloworld(void) { printk(KERN_EMERG “Hello, world!n”); return 0; No } te : N oc om m ah • Add to the file er kernel. Src/kernel/sys. c CS-502 Fall 2007 Project #1, Linux Kernel Modifications 17 e!
printk(), the Kernel Debug Print Tool • Very robust • • May be called from (almost) anywhere in kernel Same calling convention as printf() Writes to system log Output survives crashes (almost all of the time) • To read output, see • /var/log/messages • Needs root privileges to read • Circular log, newest messages at end • See Linux Kernel Development, 2 nd edition, by Robert Love, Chapter 18. CS-502 Fall 2007 Project #1, Linux Kernel Modifications 18
More on reading the syslog • SUSE Linux implements syslog-ng • Newer, more powerful logging tool • Filters messages, etc. • Difficulty seeing our printk() messages • Try instead • /bin/dmesg • cat /proc/kmsg in another shell window (with root privileges) CS-502 Fall 2007 Project #1, Linux Kernel Modifications 19
helloworld System Call • /* This is the text of the helloworld system call implementation */ asmlinkage long sys_helloworld(void) { printk(KERN_EMERG “Hello, world!n”); return 0; } • Add to the file kernel. Src/kernel/sys. c CS-502 Fall 2007 Project #1, Linux Kernel Modifications 20
Registering your System Call • include/asm-i 386/unistd. h – Add entry for your call number – Increment total number of calls • arch/i 386/kernel/syscall_table. S – Lists entry points for system calls – Must be kept in numerical order! – Number must correspond to entry in unistd. h • Rebuild and install your kernel CS-502 Fall 2007 Project #1, Linux Kernel Modifications 21
Note #1 • On i 386 architecture, the syscall table has moved since • Robert Love’s book • CS-502 last fall • It used to be in – arch/i 386/kernel/entry. S • But now it is in – arch/i 386/kernel/syscall_table. S – … which is included by entry. S CS-502 Fall 2007 Project #1, Linux Kernel Modifications 22
Note #2 • The x 86_64 architecture does it differently – Everything is in include/asm-x 86_64/unistd. h – Add to the list #define 251 /*next number in list*/ __SYSCALL(__NR_helloworld, sys_helloworld) • No need to edit entry. S CS-502 Fall 2007 Project #1, Linux Kernel Modifications 23
Note #3 • Remember: – to edit a source file foo. h in your kernel tree – Move it to foo. h~ – Make changes and save to foo. h CS-502 Fall 2007 Project #1, Linux Kernel Modifications 24
Testing your System Call • #include <linux/errno. h> <sys/syscall. h> <linux/unistd. h> <stdio. h> #define __NR_helloworld 288 whatever you set it in unistd. h */ /* or _syscall 0(long, helloworld); main () { printf(“The return code from the helloworld system call is %dn”, helloworld()); } • Check log for the printk() message! CS-502 Fall 2007 Project #1, Linux Kernel Modifications 25
Creating a Patch File • One level above kernel source tree, do diff –ur. N /usr/src/linux-2. 6. 18. 8 -0. 5 kernel. Src > patch 1 • To recreate your directory from patch – cp –al usr/src/linux-2. 6. 18. 8 -0. 5 new. Src – cd new. Src – patch –p 1 < patch 1 • Do not prefix name of kernel. Src directory or use fully qualified name – E. g, ~/kernel. Src, . /kernel. Src CS-502 Fall 2007 Project #1, Linux Kernel Modifications 26
Submission – Part 1 • Patch 1 • Test program and Makefile • Short write-up explaining what you observed • Via web-based turnin – http: //turnin. cs. wpi. edu: 8088/servlets/turnin. ss – This is “Project 1, Part 1” – Part 1 is due by Monday, September 24 CS-502 Fall 2007 Project #1, Linux Kernel Modifications 27
End of Part 1 Questions? CS-502 Fall 2007 Project #1, Linux Kernel Modifications 28
Part 2: Get Process Information • Modify your kernel of Part 1 to add another system call to get information about process • Please leave helloworld system call in place! • System call is – long getprinfo(struct prinfo *info) – info is pointer to caller area to store results – Returns zero if successful, error code if not • See handout for definition of struct CS-502 Fall 2007 Project #1, Linux Kernel Modifications 29 prinfo
Information needed for prinfo • See task_struct in include/linux/sched. h • See getuid and getpid for examples of simple system calls • See include/asm/current. h to find current process information • Use copy_to_user to safely copy data from kernel to user space (next slide) • Return EFAULT error code if info argument is not valid pointer in user space CS-502 Fall 2007 Project #1, Linux Kernel Modifications 30
copy_to_user and copy_from_user • Functions to safely copy data to/from user space • Check validity of pointer arguments for your • Return zero if successful, number of bytes that fail if there is a problem • Immune to page faults, pre-emption, null pointers, other errors, etc. CS-502 Fall 2007 Project #1, Linux Kernel Modifications 31
Implementing getprinfo System Call • Add after helloworld system call from Part 1 • Create and implement in – kernel/prinfo. c, with Makefile edits • Register in unistd. h – And in syscall_table. S if i 386 • Use printk() to print debugging statements to system log – For your debugging convenience CS-502 Fall 2007 Project #1, Linux Kernel Modifications 32
Testing getprinfo • Write test program in user space • Must have own user space version of prinfo. h • Must have own Makefile • Run multiple times from same shell, different processes • Note differences in results • Compare with what you can find about processes from ps command CS-502 Fall 2007 Project #1, Linux Kernel Modifications 33
Submission – Part 2 • Patch 2 – Difference between original source tree and Part 2 kernel. • User space test program – Include file(s) – Test program itself – Makefile • Short writeup with results • Submit using web-based turnin program – http: //turnin. cs. wpi. edu: 8088/servlets/turnin. ss CS-502 Fall 2007 Project #1, Linux Kernel Modifications 34
Submission (continued) • Put your name on all documents and at top of every edited file! CS-502 Fall 2007 Project #1, Linux Kernel Modifications 35
Due Dates • Pace yourself: – – Part 1 is due by Monday, September 24 – Part 2 is due by Monday, October 1 • Part 1 should not take all week • Part 2 may take more than one week – Start on Part 2 before September 24! • Report to instructor any difficulties CS-502 Fall 2007 Project #1, Linux Kernel Modifications 36
Questions? CS-502 Fall 2007 Project #1, Linux Kernel Modifications 37
- Linux kernel hacking
- Linux kernel hacking
- Linux security modules
- Ethical hacking: hacking web servers and web applications
- Linux kernel delay
- Linux kernel internals
- Linux kernel data structures
- Declare_tasklet
- Eclipse linux kernel
- Berikut ini adalah bagian dari kernel linux
- Lts kernel
- Linux kernel backdoor
- Linux kernel synchronization
- Linux kernel timeline
- Block diagram of kernel
- Compile linux with clang
- Remap_pfn_range example
- Linux kernel debugging techniques
- History of the firewall
- Debugger message panic
- Linux
- Linux synchronization primitives
- Linux kernel map data structure
- Linux kernel eol
- Introduction to windows operating system
- Embedded linux vs desktop linux
- Linux system design principles
- Shrijana singh
- Linux operating system concepts
- Linux operating system
- Linux operating system security features
- Presentation on linux operating system
- Low level programming language
- Linux gui development
- Perbedaan linear programming dan integer programming
- Greedy vs dynamic
- Runtime programming
- Linear vs integer programming