Tag Archives: kernel

Linux kernel hacking – one relay file for all CPUs

Posted on November 16, 2015 by

I wrote a post about kernel relay 2 years go (https://davejingtian.org/2013/06/29/relay-linux-kernel-relay-filesystem/). However, I have realized that I did not understand relay until recently when I was debugging a relay-related bug. Though I was working on RHEL 2.6.32 kernel, this post … Continue reading

Posted in Linux Distro, OS | Tagged , , , | Leave a comment

Linux kernel hacking – support SO_PEERCRED for local TCP socket connections

Posted on October 6, 2015 by

In my old post (https://davejingtian.org/2015/02/17/retrieve-pid-from-the-packet-in-unix-domain-socket-a-complete-use-case-for-recvmsgsendmsg/), we talked about how to retrieve the peer PID from Unix domain socket using struct ucred. A more smart way to do this is using getsockopt() syscall with option SO_PEERCRED directly. As you expected (or … Continue reading

Posted in Linux Distro, Network, OS | Tagged , , , , , , , , , , , , , , , , , | 6 Comments

How Linux kernel works – in 4 sentences

Posted on September 4, 2015 by

I found this in “Understanding the Linux Kernel” (ULK). I believe I have seen a lot of analogies in computer science. But this one is “Simply the Best”. I am not going to put anything here except the original analogy … Continue reading

Posted in OS | Tagged , , | Leave a comment

Linux kernel I/O Stack Diagram 2

Posted on August 21, 2015 by

https://www.thomas-krenn.com/en/wiki/Linux_Storage_Stack_Diagram

Posted in OS | Tagged , , , , | Leave a comment

Linux Kernel DSA and Provenance Release

Posted on August 21, 2015 by

Linux Provenance kernel (2.6.32) and tools for CentOS and RedHat Enterprise Linux https://github.com/daveti/prov-kernel https://github.com/daveti/prov-tools Linux kernel crypto – DSA https://github.com/daveti/kdsa During the development on kernel 2.6.32, we found a bug in mpi-pow.c which failed DSA.  The patch file has been included … Continue reading

Posted in Linux Distro, OS, Security | Tagged , , , , , , , , | Leave a comment

Linux kernel I/O Stack Diagram

Posted on August 5, 2015 by

Found this figure online. The title of this diagram may be biased as it is not the complete I/O stack but a concentration on block devices with a focus on SCSI layer. Some important missing stuffs, in my opinion, include … Continue reading

Posted in OS, Programming | Tagged , , | Leave a comment

Trustworthy Whole-System Provenance for the Linux Kernel

Posted on July 19, 2015 by

Our paper “Trustworthy Whole-System Provenance for the Linux Kernel” has been accepted by USENIX Security 2015. While details could be found in the paper (link below), I would like to talk about some background about LPM (a.k.a., Linux Provenance Module, … Continue reading

Posted in OS, Security | Tagged , , , , , , , , | Leave a comment

Kernel Hacking – use crypto API in the IRQ context

Posted on January 17, 2015 by

After my first post about Linux kernel crypto API, I keep playing with kernel crypto API for DSA and RSA implementations (will talk about these in my future posts). The truth is crypto API is NOT designed for IRQ context. … Continue reading

Posted in OS, Security | Tagged , , , , | 1 Comment

byte order – Linux kernel byte order APIs

Posted on August 23, 2014 by

Most of the time, user-space applications do not care about the endian of the running machine, like we call send() and recv() directly expecting the right order of the data and they work! However, things could be changed if you … Continue reading

Posted in OS, Programming | Tagged , , | 2 Comments

ksig – sending signals from the kernel space to the user space

Posted on August 23, 2014 by

While syscall kill() gives users the ability to send certain signal to certain process in the user space of Linux, the story is totally different if we want to send signals from the kernel space to the user space. After … Continue reading

Posted in Dave's Tools, OS, Programming | Tagged , , , | Leave a comment