Skip to main content

Posts

Linux Kernel Internals - File operation in a character device driver

What does a user-space application generally do w.r.t the other file-system resource (other then interacting with user)? Reading some configuration file, or flushing logs.  Let's say we are browsing internet in our chrome, then chrome would be ultimately operating on the network socket files (there may be some hierarchy).  Let's say we played some song in VLC player, ultimately our VLC will read the mp3 file, write the data to some audio device file, after which the audio driver will get the data and configs the corresponding CODEC register to get the audio output. Now, for all the operation above, for an user-space the resources (mp3, device file, socket file, log file) will look like a file. Thus the application would do nothing more then calling open, read, write which are file based operations. For a user-space application, a kernel device driver also looks like a file ( /dev/demochardrv ) In this article we will focus on how to achieve these file based operation i
Recent posts

Linux Kernel Internals - creating a bare minimal device driver

To start with writing a linux kernel driver, we need to know about some of the fundamentals. This post (or series of post) will deal with starting with a basic kernel module with writing Kconfig, IOCTL's. memory address (virtual & physical), dynamic memory allocation, mutex/spinlock way of synchronization, kernel data structure, sys/class interface of a module, etc. 1. Types of Linux kernel Drivers Based on the access of amount of data, the Kernel drivers are classified into two types: Character Driver Block Driver Character driver provides access of data only as a stream, generally of character i.e bytes. Block Driver on the other hand are addressable in device specific chunks (also called blocks).  Example of Character driver may be an I2C driver, which provides data at a byte at a time. On the other hand a filesystem driver (say ext3, ext4) is a good example of a block driver where access of data is done on chunk basis like 1KB, 512MB etc. Infact all the d

Best Linux Kernel References

In this post I will keep on adding the best references for the stuffs related to Linux Kernel like powerful tools and utilities, memory related stuffs, vulnerabilities & hacks, process, kernel internals etc. 1. How to translate the virtual into physical address through /proc/pid/pagemap http://fivelinesofcode.blogspot.com/2014/03/how-to-translate-virtual-to-physical.html This I tried, but I am not sure if the physical address that has been read from the pagemap is proven. I was getting a 64-Bit long address. 2. Understanding how insmod works http://gomathikumar1006.blogspot.com/2013/09/linux-kernel-module-internals-of-insmod.html

ARM Trustzone - An overview on how SMC calls are handled by the EL3 Monitor

In this write up, we will focus mainly on the ARMv8-A exceptions, the role of ARM Trusted Firmware (that provides Secure Monitor functionality) and how the World Switch happens between Secure and Normal. If we look on the the architectural diagram of ARM Trustzone w.r.t ARMv8-A, the Execution Level is divided into four levels namely: EL0 (Secure & Non-Secure) - User Application EL1 (Secure & Non-Secure) - Kernel EL2 - Hypervisor for running different OS's simuntaneously EL3 - Security Monitor Now, whenever a normal world User Application calls for some Secure Operation, the calls goes via IOCTL call to the Linux Driver, which ultimately calls the smc instruction. To understand what the smc instruction, we have to look on the Exceptions in ARMv8 ARMv8 Exceptions In ARMv8 the exceptions are divided into two categories: Synchronous & Asynchronous.  An exception is described as synchronous if it is generated as a result of execution or attempted executi

An overview of ARM Memory Management Unit

The scope of this documentation is to understand the Memory Management Unit for ARMv8 Based processor. Memory management Unit converts the virtual Address (in CPU's logical space) into Physical Address. For an example let us suppose in the following program: int variable; printf("Addrss of variable = 0x%x\n", &variable); The address could be anything (Let's assume  0x40000200 ). Now 0x40000200 may or may not the actual memory address in the Physical Memory (RAM). It could be anything thing (lets assume  0xA0000200 ). Thus the CPU produce the logical address 0x40000200 which is converted into the physical address 0xA0000200 by the Memory Management Unit. Now the question remains Why we require an Address Translation, or in other word in the above program why we don't operate on actual physical memory 0xA0000200? Let us suppose a program that requires a huge amount of contagious memory in the RAM. Now our external memory would have that much memory requ

A demonstration to Stack Overflow attack using exploiting the vulnerability

What if you write some piece of code that consist of VULNERABILITIES , that could lead to undesirable behavior of the flow of execution, if exploited by the hacker. One of the most common attack or exploit that is used today is a Stack Overflow type attack. Stack Overflow is an undesirable situation when the program tends to use more memory space then the call stack available. If we take a simple C program, that copies the memory from source to destination using memcpy function: #define STRING "I LOVE HACKING" char buffer[10]; memcpy(buffer, STRING, strlen(STRING)); In the above program, the actual size of buffer is 10, while memcpy will tend to copy 14 bytes of data to buffer. This will lead to overwrite some stack area that don't belong to the  buffer . In simple word, this is a vulnerability in the program, that can be exploited and which might lead to change the actual behavior of the program. Now let's see how the stacks are organized in an actual p