Re: regarding const variables/structures

2018-09-14 Thread Kenneth Adam Miller 
Don't be discouraged!

So, if you only read the code, it may appear to you that "in the small" you
are understanding the code. But, the possible states and paths are a large
combinatorial, and lots of things can happen at runtime that you will not
be able to predict, even after only reading the code once.

Therefore, the best thing to do is to set up some testing framework - that
would be highly useful. There isn't much testing capability for the linux
kernel itself, other than to have a dedicated machine (be it hardware or
qemu or other emulator). The only way to know if something works is to try
it, but when it comes to the linux kernel, it cannot be run except with the
special conditions that exist at the kernel level, which itself is a
problem.

I'm not sure if such as I am suggesting is really so feasible or realistic
(it certainly isn't possible for some portions of the kernel), but if you
could cut off any particular module that resides within the innards of the
kernel, and make it retargetably compilable so that you can produce
userland modules with it, that would make for a highly ambitious project
that would allow kernel developers to more quickly iterate and test their
work as they are changing things. You would have to provide, for the set of
interfaces that such an inner kernel module were to consume, a second
implementation, so that the same header can be reused and the service
guarantees maintained. There are lots of things to choose from within the
kernel land.

For example, there are many data structures that the kernel development
environment provides. You could pick one and create a series of sanity
checks, and some harness to run each of them safely to establish for
yourself testably what the properties are that such a structure or service
provides. Then, you could expose to others your tests which they could
consume and use to both help debug their code and to maintain it, and if
you did the faking of the implementation right so that you can compile it
for different targets, users would be able to have a subset of their code
produce both kernel and userland targets, where the userland targets have
some best effort one to one implementation (if not the real thing excised
from the kernel) to establish their correct operation.

It sounds like it isn't much if you think that the only thing to test is
lists. However, there's nothing stopping you from at least trying to do
this for whole portions of the kernel. It may comprise a lot of work, but
if you have a userland dummy that mocks out the behavior of something like
a scheduler or userland page alignment algorithm so that it can be
decoupled and safely run in some simulation capability, you will have made
a lot of developers much more productive.

On Fri, Sep 14, 2018 at 12:53 PM inventsekar  wrote:

> Hi, for the past three years I have been trying hard to do Linux kernel
> development, but, with No success.
>
> I don't know what is the exact reason...maybe, I didn't do much
> practical, all the times I was only reading reading reading... so you can
> understand my frustration, that I wanted to submit my first patch
> asap...and then slowly I can do concentrate on other areas of kernel
> development... ok thank you.
>
> On Thu 13 Sep, 2018, 11:37 AM Nicholas Mc Guire,  wrote:
>
>> On Thu, Sep 13, 2018 at 09:12:32AM +0530, inventsekar wrote:
>> > >>> A brute force grep in the kernel shows that there are 130493 "
>> const "
>> > in there
>> > Hi Hofrat,
>> > 1. may i know the command to do this above grep please..
>>
>> $ grep -cre " const " * | more
>>
>> will give you the " const " count per file - and then put a shell loop
>> around it
>>
>> $ SUM=0 ; for N in `grep -cre " const " * | cut -f 2 -d ":" ` ; do let
>> SUM=$SUM+$N ; done ; echo $SUM
>>
>> ...as noted "brute force"
>>
>> > 2. (and the opposite) may i know the command to grep other type of
>> > variables/structures
>>
>> well if you want to know how to do that then you do need to look at basics
>> if regular expressions are not clear then you might want to look at
>> those first. And grep really is not the right tool to search for specific
>> structures and their use use something like cscope.
>>
>> Try to focus on doing work you understand including the tools and
>> processes
>> around it - if you just are looking for a fast way of getting X patches
>> into the kernel you are wasting your time. What the work from Bhumika
>> Goyal
>> shows is that its not about the complexity of the change but about the
>> systematic approach based on using understanding a problem class,
>> translating
>> it to an abstract representation amenable to tools (coccinelle in this
>> case)
>> and documenting her understanding in the commit messages to each patch.
>>
>> thx!
>> hofrat
>>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>

Re: Fwd: Custom Linux Kernel Scheduler issue

2016-11-24 Thread Kenneth Adam Miller 
Thank you Greg. I got at least my unit tests to execute about as fast as my
host when I turned on KVM support with qemu while testing. I can't test
With the dedicated hardware or software yet, but now I have another test
case to run by changing the provisioned memory.

On Nov 24, 2016 1:47 PM, "Greg KH" <g...@kroah.com> wrote:

> On Thu, Nov 24, 2016 at 01:05:47PM -0500, Kenneth Adam Miller wrote:
> > So, I ran perf on my host and it came back far more true. The top
> consumers of
> > time were all atomics and some function called sse3, which I believe is
> a super
> > fast memcpy implementation provided the the arch. In addition, all the
> highest
> > time consumers are within my image- it stayed out of the kernel as
> designed and
> > it used additional extensions and features.
> >
> > I just thought of something-what if there is some kind of page size
> difference
> > between my host and my Linux kernel causing the performance problems?
>
> You tell me, are the page sizes different?  You have said that memory
> accesses are different, so of course performance is going to be
> different.  To expect otherwise is just crazy :)
>
> good luck!
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Fwd: Custom Linux Kernel Scheduler issue

2016-11-24 Thread Kenneth Adam Miller 
So, I ran perf on my host and it came back far more true. The top consumers
of time were all atomics and some function called sse3, which I believe is
a super fast memcpy implementation provided the the arch. In addition, all
the highest time consumers are within my image- it stayed out of the kernel
as designed and it used additional extensions and features.

I just thought of something-what if there is some kind of page size
difference between my host and my Linux kernel causing the performance
problems?

On Nov 24, 2016 11:33 AM, "Kenneth Adam Miller" <kennethadammil...@gmail.com>
wrote:
>
> On Thu, Nov 24, 2016 at 11:13 AM, Greg KH <g...@kroah.com> wrote:
> > On Thu, Nov 24, 2016 at 10:31:18AM -0500, Kenneth Adam Miller wrote:
> >> On Nov 24, 2016 2:18 AM, "Greg KH" <g...@kroah.com> wrote:
> >> >
> >> > On Thu, Nov 24, 2016 at 02:01:41AM -0500, Kenneth Adam Miller wrote:
> >> > > Hello,
> >> > >
> >> > >
> >> > > I have a scheduler issue in two different respects:
> >> > >
> >> > > 1) I have a process that is supposed to tight loop, and it is being
> >> > > given very very little time on the system. I don't want that - I
want
> >> > > those who would use the processor to be given the resources to run
as
> >> > > fast as they each can.
> >> >
> >> > What is causing it to give up its timeslice?  Is it waiting for I/O?
> >> > Doing something else to sleep?
> >>
> >> It's multithreaded, so it reads in a loop in one thread and writes in
> >> another thread. What I saw when I ran strace on it is each process
> >> would run for too long- the program is designed to try and stay out of
> >> the kernel on each side, so it checks some shared variables before it
> >> ever goes.
> >
> > So locking/cpu contention for those "shared variables" perhaps?
>
> I don't think that could possibly be it, because the shared variables
> are controlled by atomics. It's just some memory operation to check to
> see if it needs to go to the kernel, as in is there more data in the
> shm region for me to read? If not, I'll go wait on this OS semaphore.
> It's lightening fast on my host machine.
>
> >
> >> > > 2) I am seeing with perf that the maximum overhead at each section
> >> > > does not sum up to be more than 15 percent. Total, probably
something
> >> > > like 18% of cpu time is used, and my binary has rocketed in
slowness
> >> > > from about 2 seconds or less total to several minutes.
> >> >
> >> > What changed to make things slower?  Did you change kernel versions
or
> >> > did you change something in your userspace program?
> >> >
> >>
> >> The kernel versions specifically couldnt have anything to do with it
> >> but it was different kernels. The test runs in less that 2 seconds on
> >> my host. When I copy it to our custom linux, it takes minutes for it
> >> to run. I think it's some extra setting that we're missing while
> >> building the kernel, and I don't know what that is. I got a huge
> >> improvement when I changed the multicore scheduling to allow
> >> preemption "(desktop)" but there's still a problem as I've described
> >> with one of the processes not using the core as it should.
> >
> > What do you mean by "custom linux"?  Is this the exact same hardware as
> > your machine?  Or different?  If so, what is different?  What is
> > different between the different kernel versions you are using?  Does the
> > perf output look different from running on the two different machines?
> > If so, where?
>
> I am building with buildroot a linux that is meant to be really
> stripped down and only have the things we want. In my case, the what
> the bzImage sees is either what QEMU gives it or what it sees in our
> dedicated hardware, with is just off the shelf i7 and other stuff you
> get a market - nothing custom in the sense you are thinking. Custom as
> in, roll your own linux.
>
> The kernel versions between my host and the target are 3.13.x and
> 3.14.5x; they don't change so much, and certainly don't affect
> performance on their own. I'm missing some setting or something with
> how I'm configuring or building linux.
>
> I haven't had a chance to run perf on my host. I can't find what
> ubuntu package it is just yet, but I will search for it in a minute. I
> have to go somewhere and will be right back immediately.
>
> >
> > Have you changed the priority levels of your

Fwd: Custom Linux Kernel Scheduler issue

2016-11-24 Thread Kenneth Adam Miller 
On Nov 24, 2016 2:18 AM, "Greg KH" <g...@kroah.com> wrote:
>
> On Thu, Nov 24, 2016 at 02:01:41AM -0500, Kenneth Adam Miller wrote:
> > Hello,
> >
> >
> > I have a scheduler issue in two different respects:
> >
> > 1) I have a process that is supposed to tight loop, and it is being
> > given very very little time on the system. I don't want that - I want
> > those who would use the processor to be given the resources to run as
> > fast as they each can.
>
> What is causing it to give up its timeslice?  Is it waiting for I/O?
> Doing something else to sleep?

It's multithreaded, so it reads in a loop in one thread and writes in
another thread. What I saw when I ran strace on it is each process
would run for too long- the program is designed to try and stay out of
the kernel on each side, so it checks some shared variables before it
ever goes.

>
> > 2) I am seeing with perf that the maximum overhead at each section
> > does not sum up to be more than 15 percent. Total, probably something
> > like 18% of cpu time is used, and my binary has rocketed in slowness
> > from about 2 seconds or less total to several minutes.
>
> What changed to make things slower?  Did you change kernel versions or
> did you change something in your userspace program?
>

The kernel versions specifically couldnt have anything to do with it
but it was different kernels. The test runs in less that 2 seconds on
my host. When I copy it to our custom linux, it takes minutes for it
to run. I think it's some extra setting that we're missing while
building the kernel, and I don't know what that is. I got a huge
improvement when I changed the multicore scheduling to allow
preemption "(desktop)" but there's still a problem as I've described
with one of the processes not using the core as it should.

> > I think that
> > the linux scheduler isn't scheduling it, because this process is just
> > some unit tests that double as benchmarks in that they shm_open a file
> > and write into it with memcpy's.
>
> Are you sure that I/O isn't happening here like through swap or
> something else?
>

Well, we're using tmpfs and don't have a disk in the machine, but I
will say this process is using all lot of the address space. One
problem here is that the kernel has more ram than it thinks it does,
but what I want to emphasize is that I haven't changed the program to
allocate any more than it was previously. I'm not sure if that's a
kernel change or some setting, but it went from 85% to 98%. The reason
why is that there is a large latency even without that big program in
there; I can't run my standalone tests in qemu without it also taking
minutes. I understand qemu has to emulate, and that's its not just a
VM, but I'm going from host CPU to guest, and the settings are the
same.

> What does perf say is taking all of your time?

When I ran perf what it appeared to indicate is that the largest
consumer of time was my library, which should be right in either
scenario because it should use stay out of the kernel as I've designed
it. In addition, the work takes place there anyway, so that's right.
What's not right is the fact that the largest percent of time used is
around 15%, and all the others combined don't add up to anything near
100.

>
> thanks,
>
> greg k-h

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Fwd: Custom Linux Kernel Scheduler issue

2016-11-24 Thread Kenneth Adam Miller 
On Thu, Nov 24, 2016 at 11:13 AM, Greg KH <g...@kroah.com> wrote:
> On Thu, Nov 24, 2016 at 10:31:18AM -0500, Kenneth Adam Miller wrote:
>> On Nov 24, 2016 2:18 AM, "Greg KH" <g...@kroah.com> wrote:
>> >
>> > On Thu, Nov 24, 2016 at 02:01:41AM -0500, Kenneth Adam Miller wrote:
>> > > Hello,
>> > >
>> > >
>> > > I have a scheduler issue in two different respects:
>> > >
>> > > 1) I have a process that is supposed to tight loop, and it is being
>> > > given very very little time on the system. I don't want that - I want
>> > > those who would use the processor to be given the resources to run as
>> > > fast as they each can.
>> >
>> > What is causing it to give up its timeslice?  Is it waiting for I/O?
>> > Doing something else to sleep?
>>
>> It's multithreaded, so it reads in a loop in one thread and writes in
>> another thread. What I saw when I ran strace on it is each process
>> would run for too long- the program is designed to try and stay out of
>> the kernel on each side, so it checks some shared variables before it
>> ever goes.
>
> So locking/cpu contention for those "shared variables" perhaps?

I don't think that could possibly be it, because the shared variables
are controlled by atomics. It's just some memory operation to check to
see if it needs to go to the kernel, as in is there more data in the
shm region for me to read? If not, I'll go wait on this OS semaphore.
It's lightening fast on my host machine.

>
>> > > 2) I am seeing with perf that the maximum overhead at each section
>> > > does not sum up to be more than 15 percent. Total, probably something
>> > > like 18% of cpu time is used, and my binary has rocketed in slowness
>> > > from about 2 seconds or less total to several minutes.
>> >
>> > What changed to make things slower?  Did you change kernel versions or
>> > did you change something in your userspace program?
>> >
>>
>> The kernel versions specifically couldnt have anything to do with it
>> but it was different kernels. The test runs in less that 2 seconds on
>> my host. When I copy it to our custom linux, it takes minutes for it
>> to run. I think it's some extra setting that we're missing while
>> building the kernel, and I don't know what that is. I got a huge
>> improvement when I changed the multicore scheduling to allow
>> preemption "(desktop)" but there's still a problem as I've described
>> with one of the processes not using the core as it should.
>
> What do you mean by "custom linux"?  Is this the exact same hardware as
> your machine?  Or different?  If so, what is different?  What is
> different between the different kernel versions you are using?  Does the
> perf output look different from running on the two different machines?
> If so, where?

I am building with buildroot a linux that is meant to be really
stripped down and only have the things we want. In my case, the what
the bzImage sees is either what QEMU gives it or what it sees in our
dedicated hardware, with is just off the shelf i7 and other stuff you
get a market - nothing custom in the sense you are thinking. Custom as
in, roll your own linux.

The kernel versions between my host and the target are 3.13.x and
3.14.5x; they don't change so much, and certainly don't affect
performance on their own. I'm missing some setting or something with
how I'm configuring or building linux.

I haven't had a chance to run perf on my host. I can't find what
ubuntu package it is just yet, but I will search for it in a minute. I
have to go somewhere and will be right back immediately.

>
> Have you changed the priority levels of your application at all?  Have
> you thought about just forcing your app to a specific CPU and getting
> the kernel off of that CPU in order so that the kernel isn't even an
> option here at all (Linux allows you to do this, details are somewhere
> in the documentation, sorry, can't remember off the top of my head...)
>

No, that may be it or help though. I thought that binding an
application to a particular cpu had something to do with affinity and
that there was some C api for it or something. That would work for our
particular scenario, and we've even talked about it, I just don't know
how to do it yet.

> But really, you should track down what the differences are between your
> two machines/environments, as something is different that is causing the
> slow down.

True - the kernel configuration is most suspect based on everything I
know. The hardware differences between my host to the target we're
building for is each modern, and well supported

Custom Linux Kernel Scheduler issue

2016-11-23 Thread Kenneth Adam Miller 
Hello,


I have a scheduler issue in two different respects:

1) I have a process that is supposed to tight loop, and it is being
given very very little time on the system. I don't want that - I want
those who would use the processor to be given the resources to run as
fast as they each can.


2) I am seeing with perf that the maximum overhead at each section
does not sum up to be more than 15 percent. Total, probably something
like 18% of cpu time is used, and my binary has rocketed in slowness
from about 2 seconds or less total to several minutes. I think that
the linux scheduler isn't scheduling it, because this process is just
some unit tests that double as benchmarks in that they shm_open a file
and write into it with memcpy's.

Can anybody help tell me what kind of linux kernel configuration could
cause this? The kernel is configured as SMP with preemption possible
as a desktop...

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: PCI drivers and interrupts

2016-11-04 Thread Kenneth Adam Miller 
Oh! It's just a particular memory addressed, and that's what is being
memory mapped into user land. Then I could just write a value in the
kernel land, just as I would from the user land, to the address that
is being memory mapped in. I should just read the device spec better
and test how to write to that memory with a function that I'll export.

On Fri, Nov 4, 2016 at 4:54 PM, Andrey Utkin  wrote:
> I've worked on a couple of PCI drivers for Linux, however I haven't
> studied actual PCI bus protocol and such fundamental details. Also I
> haven't read your post thoroughly and haven't visited your links. So I
> can be completely wrong...
>
> But I am very surprised that you want to send interrupts from kernel (to
> PCI peripheral device as I understand).
>
> It is peripheral device which sends interrupts usually, that's why
> there's no notion of interrups sending. To initiate some process on the
> device, which you really want I suppose, usual kernel driver for PCI
> device just writes to certain register of device.

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

PCI drivers and interrupts

2016-11-04 Thread Kenneth Adam Miller 
Hello,

I'm trying to author a driver that communicates over shared memory
within the kernel land between concurrent userland processes. I'm
using this as a base:

https://github.com/henning-schild/ivshmem-guest-code/blob/master/kernel_module/uio/uio_ivshmem.c

I've been able to build it and to insmod it into a linux that I have
built and started running in qemu. I need a way to send an interrupt,
as per the documentation mentions in the device_spec and in the guide.
But I'm looking in the uio_ivshmem driver and I don't see
functionality that corresponds to sending an interrupt at all. This
functionality is supposed to be demonstrated in
https://github.com/henning-schild/ivshmem-guest-code/tree/master/tests/Interrupts/VM,
but this is problematic because it seems to indicate that one of the
ioctls corresponds to an interrupt. Unless there's something I'm
missing, I think that the stub pci driver implementation that this
particular demo filled out implements some kind of interrupt, or else
it's actually implemented with one of the function calls on line 28 or
43. But those each seem to correspond to interrupt handlers for
receiving from other QEMU instances, with no sign of how they are
*sent*.


I need to write a function in the context of the driver that can be
compiled in the same code, meaning editing uio_ivshmem.c and yielding
some function interface like send_interrupt(int index), where index
corresponds to the BAR against which the driver registers irq handlers
anyway.

How can I send interrupts from the kernel land using a particular BAR entry?

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: QEMU?

2016-10-19 Thread Kenneth Adam Miller 
That doesn't work for our use case. We have special hardware for our use
case.

On Oct 19, 2016 12:21 PM, "Daniel." <danielhi...@gmail.com> wrote:

> Why not use networking?
>
> 2016-10-19 8:53 GMT-02:00 Kenneth Adam Miller <kennethadammil...@gmail.com
> >:
> > So, we can use qemu within our development system here, but the
> > problem is we have something that is a bit specialized in that the
> > machines talk to one another over a special interface. It's a bit like
> > named pipes, and to our applications, named pipes are a sufficient
> > interface to test over.
> >
> >
> > In any case, I was wondering, does anybody know of a way to share
> > memory between two QEMU instances? Or even to communicate between two
> > instances?
> >
> > ___
> > Kernelnewbies mailing list
> > Kernelnewbies@kernelnewbies.org
> > https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
>
> --
> "Do or do not. There is no try"
>   Yoda Master
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

QEMU?

2016-10-19 Thread Kenneth Adam Miller 
So, we can use qemu within our development system here, but the
problem is we have something that is a bit specialized in that the
machines talk to one another over a special interface. It's a bit like
named pipes, and to our applications, named pipes are a sufficient
interface to test over.


In any case, I was wondering, does anybody know of a way to share
memory between two QEMU instances? Or even to communicate between two
instances?

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Char device write repeating

2016-10-05 Thread Kenneth Adam Miller 
I didn't know it, but I had my poll and write messages switched in userland
under await and send signal implementations of types. Sorry, it works now,
it wasn't the kernel land repeatedly executing it. I wasn't sure, so I was
still debugging. Anyway, thanks a lot though.

On Oct 5, 2016 2:29 AM, "Martin Kletzander" <mklet...@redhat.com> wrote:

> On Tue, Oct 04, 2016 at 05:05:57PM +0200, Greg KH wrote:
>
>> On Tue, Oct 04, 2016 at 10:58:16AM -0400, Kenneth Adam Miller wrote:
>>
>>> I have a character device that I am calling write on and which is
>>> succeeding,
>>> but which is repeatedly executing. I have hard coded the return value to
>>> one,
>>>
>>
> Correct me if I'm wrong, I'm just a self-thought newbie, but this ^^
> sounds to me like the problem.  Because the write should return how many
> bytes were written (or error), the function is being called until it's
> been all written.  If you just want to be called once and you don't care
> what the data are (which is the weird thing in the first place), I think
> you should return the length you got as an argument.
>
> so I don't think the userland standard library is retrying but I could be
>>> wrong. Can anybody tell me why write would be re-executed by the kernel
>>> and how
>>> to fix it? I dont actually copy_from_user, I just need this in order to
>>> signal
>>> kernel land.
>>>
>>
>> Do you have a pointer to your code somewhere?  This is a very common bug
>> that people have...
>>
>> thanks,
>>
>> greg k-h
>>
>> ___
>> Kernelnewbies mailing list
>> Kernelnewbies@kernelnewbies.org
>> https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Char device write repeating

2016-10-04 Thread Kenneth Adam Miller 
I have a character device that I am calling write on and which is
succeeding, but which is repeatedly executing. I have hard coded the return
value to one, so I don't think the userland standard library is retrying
but I could be wrong. Can anybody tell me why write would be re-executed by
the kernel and how to fix it? I dont actually copy_from_user, I just need
this in order to signal kernel land.
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Driver duplicate?

2016-03-07 Thread Kenneth Adam Miller 
On Mon, Mar 7, 2016 at 4:49 PM, <valdis.kletni...@vt.edu> wrote:

> On Mon, 07 Mar 2016 16:08:01 -0500, Kenneth Adam Miller said:
>
> > Can't release it. It looks a lot like this though:
>
> Note that you're going to have a *really* hard time shipping hardware
> with a legal Linux driver you can't release source for.  You probably
> want to talk to your corporate legal eagles and explain the GPL to them,
> before somebody *else's* legal eagle explains the GPL to them, in the form
> of a injunction.
>

I have have an appreciation of the GPL too, and I love open source. I fight
with my organization all the time about what should and shouldn't be
released. I know that anybody that gets the binary will also get the source
code, but our distribution list is rather limited.
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Driver duplicate?

2016-03-07 Thread Kenneth Adam Miller 
On Mon, Mar 7, 2016 at 3:53 PM, Greg KH <g...@kroah.com> wrote:

> On Mon, Mar 07, 2016 at 03:37:24PM -0500, Kenneth Adam Miller wrote:
> >
> >
> > On Mon, Mar 7, 2016 at 3:29 PM, Greg KH <g...@kroah.com> wrote:
> >
> >     On Mon, Mar 07, 2016 at 03:21:44PM -0500, Kenneth Adam Miller wrote:
> > >
> > >
> > > On Mon, Mar 7, 2016 at 3:17 PM, Greg KH <g...@kroah.com> wrote:
> > >
> > > On Mon, Mar 07, 2016 at 03:00:50PM -0500, Kenneth Adam Miller
> wrote:
> > > > I have a driver that manages three sets of identical data
> > structures that
> > > > differ only in address values. Currently, I pray that the
> device
> > file to
> > > which
> > > > I have callbacks mapped for the driver gets called
> sequentially,
> > because
> > > there
> > > > are pairs of mmap's that need to be made. I know that this
> isn't
> > the most
> > > ideal
> > > > way to do it, so I'm searching for a better way rather than
> to swap
> > out
> > > the
> > > > values on each method call.
> > > >
> > > > There are several things I am aware of but for each one I
> have
> > questions:
> > > > 1) there are kernel module parameters
> > > > If I use kernel module parameters, I need to be able to
> insert the
> > kernel
> > > > module three times in order to have each one have a distinct
> set of
> > > global
> > > > memory and mapped callbacks to distinct files. Can that be
> done?
> > Second,
> > > I will
> > > > need to compile the driver statically later. How can I pass
> those
> > > parameters
> > > > that would otherwise be on the command line in statically?
> > >
> > > Never use kernel module parameters for a driver, nor for any
> other
> > > kernel module you create.  They are global and don't work for
> > > device-specific issues.
> > >
> > > > 2) I can compile the driver in three times with a compile
> time
> > flag. This
> > > is
> > > > the simplest and easiest, but it requires some buildroot and
> > makefile foo
> > > that
> > > > I think is a dirty hack.
> > >
> > > It's also never accepted, don't do that.
> > >
> > > > 3) I could have the init function create three separate
> files,
> > since it
> > > is on
> > > > init that I discover what my values are. But then I have to
> also
> > > associate
> > > > identical functions that reference global variables in the
> kernel
> > object.
> > > > Duplicating the code would be worse that compiling the same
> code
> > three
> > > times
> > > > with a kernel parameter, even though that would help me
> solve my
> > distinct
> > > > globals problem. So how could I parameterisze a char device
> with
> > data
> > > specific
> > > > to the instance?
> > >
> > > open() gives you the hook to do so, please just do that.
> There's a
> > > whole kernel tree full of examples of how to do this, take a
> look at
> > > existing code please.
> > >
> > >
> > > After I had the idea in the second email, I think that using the
> kernel
> > api to
> > > distinguish which char device a callback maps to in order to
> utilize the
> > > corresponding data is the best way.
> > >
> > > If I could do something along the lines of retrieving the file
> name, as
> > in a
> > > char *,
> >
> > There is no such "thing" in the kernel (think of symlinks, or
> different
> > names for the same major:minor pair).
> >
> > > from the file * that is passed in with the callback, or
> distinguish any
> > > one of these:
> > >
> > > static dev_t LSKSMM_dev;
> > > static struct cdev LSKSMM_cdev;
> > > static struct class *LSKSMM_class;
> > > static struct device *LS

Re: Driver duplicate?

2016-03-07 Thread Kenneth Adam Miller 
On Mon, Mar 7, 2016 at 3:29 PM, Greg KH <g...@kroah.com> wrote:

> On Mon, Mar 07, 2016 at 03:21:44PM -0500, Kenneth Adam Miller wrote:
> >
> >
> > On Mon, Mar 7, 2016 at 3:17 PM, Greg KH <g...@kroah.com> wrote:
> >
> >     On Mon, Mar 07, 2016 at 03:00:50PM -0500, Kenneth Adam Miller wrote:
> > > I have a driver that manages three sets of identical data
> structures that
> > > differ only in address values. Currently, I pray that the device
> file to
> > which
> > > I have callbacks mapped for the driver gets called sequentially,
> because
> > there
> > > are pairs of mmap's that need to be made. I know that this isn't
> the most
> > ideal
> > > way to do it, so I'm searching for a better way rather than to
> swap out
> > the
> > > values on each method call.
> > >
> > > There are several things I am aware of but for each one I have
> questions:
> > > 1) there are kernel module parameters
> > > If I use kernel module parameters, I need to be able to insert the
> kernel
> > > module three times in order to have each one have a distinct set of
> > global
> > > memory and mapped callbacks to distinct files. Can that be done?
> Second,
> > I will
> > > need to compile the driver statically later. How can I pass those
> > parameters
> > > that would otherwise be on the command line in statically?
> >
> > Never use kernel module parameters for a driver, nor for any other
> > kernel module you create.  They are global and don't work for
> > device-specific issues.
> >
> > > 2) I can compile the driver in three times with a compile time
> flag. This
> > is
> > > the simplest and easiest, but it requires some buildroot and
> makefile foo
> > that
> > > I think is a dirty hack.
> >
> > It's also never accepted, don't do that.
> >
> > > 3) I could have the init function create three separate files,
> since it
> > is on
> > > init that I discover what my values are. But then I have to also
> > associate
> > > identical functions that reference global variables in the kernel
> object.
> > > Duplicating the code would be worse that compiling the same code
> three
> > times
> > > with a kernel parameter, even though that would help me solve my
> distinct
> > > globals problem. So how could I parameterisze a char device with
> data
> > specific
> > > to the instance?
> >
> > open() gives you the hook to do so, please just do that.  There's a
> > whole kernel tree full of examples of how to do this, take a look at
> > existing code please.
> >
> >
> > After I had the idea in the second email, I think that using the kernel
> api to
> > distinguish which char device a callback maps to in order to utilize the
> > corresponding data is the best way.
> >
> > If I could do something along the lines of retrieving the file name, as
> in a
> > char *,
>
> There is no such "thing" in the kernel (think of symlinks, or different
> names for the same major:minor pair).
>
> > from the file * that is passed in with the callback, or distinguish any
> > one of these:
> >
> > static dev_t LSKSMM_dev;
> > static struct cdev LSKSMM_cdev;
> > static struct class *LSKSMM_class;
> > static struct device *LSKSMM_device;
>
> Those are all different things, none of them get passed into open().
>
> I don't think you have thought this through very far, where is your
> source code to take a look at it?
>
> > which are also created on module init, it would really make things
> convenient
> > and easy. I'm currently digging around in the kernel headers, but I think
> > probably somebody somewhere knows what I'm looking for. Some unique
> field that
> > I can retain on init that I can get back in my mmap/ioctl call to
> recognize
> > what data to use.
>
> Again, it's all provided directly to you in your open() call, what's
> wrong with that?
>

Currently, my kernel driver is opened twice and mmap'd twice by each
process. I have three processes, but I have to initialize them on startup
with a startup script. So they come up as daemons, racing, which is a
problem. I know that on init I can create three entries in /dev/,
distinguished by a number or something that makes the device unique. When a
mmap call hits is when I need to know what spec

Re: Driver duplicate?

2016-03-07 Thread Kenneth Adam Miller 
On Mon, Mar 7, 2016 at 3:17 PM, Greg KH <g...@kroah.com> wrote:

> On Mon, Mar 07, 2016 at 03:00:50PM -0500, Kenneth Adam Miller wrote:
> > I have a driver that manages three sets of identical data structures that
> > differ only in address values. Currently, I pray that the device file to
> which
> > I have callbacks mapped for the driver gets called sequentially, because
> there
> > are pairs of mmap's that need to be made. I know that this isn't the
> most ideal
> > way to do it, so I'm searching for a better way rather than to swap out
> the
> > values on each method call.
> >
> > There are several things I am aware of but for each one I have questions:
> > 1) there are kernel module parameters
> > If I use kernel module parameters, I need to be able to insert the kernel
> > module three times in order to have each one have a distinct set of
> global
> > memory and mapped callbacks to distinct files. Can that be done? Second,
> I will
> > need to compile the driver statically later. How can I pass those
> parameters
> > that would otherwise be on the command line in statically?
>
> Never use kernel module parameters for a driver, nor for any other
> kernel module you create.  They are global and don't work for
> device-specific issues.
>
> > 2) I can compile the driver in three times with a compile time flag.
> This is
> > the simplest and easiest, but it requires some buildroot and makefile
> foo that
> > I think is a dirty hack.
>
> It's also never accepted, don't do that.
>
> > 3) I could have the init function create three separate files, since it
> is on
> > init that I discover what my values are. But then I have to also
> associate
> > identical functions that reference global variables in the kernel object.
> > Duplicating the code would be worse that compiling the same code three
> times
> > with a kernel parameter, even though that would help me solve my distinct
> > globals problem. So how could I parameterisze a char device with data
> specific
> > to the instance?
>
> open() gives you the hook to do so, please just do that.  There's a
> whole kernel tree full of examples of how to do this, take a look at
> existing code please.
>

After I had the idea in the second email, I think that using the kernel api
to distinguish which char device a callback maps to in order to utilize the
corresponding data is the best way.

If I could do something along the lines of retrieving the file name, as in
a char *, from the file * that is passed in with the callback, or
distinguish any one of these:

static dev_t LSKSMM_dev;
static struct cdev LSKSMM_cdev;
static struct class *LSKSMM_class;
static struct device *LSKSMM_device;

which are also created on module init, it would really make things
convenient and easy. I'm currently digging around in the kernel headers,
but I think probably somebody somewhere knows what I'm looking for. Some
unique field that I can retain on init that I can get back in my mmap/ioctl
call to recognize what data to use.


>
> thanks,
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Driver duplicate?

2016-03-07 Thread Kenneth Adam Miller 
Actually, I just realized that there is probably a way to look up the
character device name with the file* that is passed in with the mmap call.
Can anybody say how?

On Mon, Mar 7, 2016 at 3:00 PM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

> I have a driver that manages three sets of identical data structures that
> differ only in address values. Currently, I pray that the device file to
> which I have callbacks mapped for the driver gets called sequentially,
> because there are pairs of mmap's that need to be made. I know that this
> isn't the most ideal way to do it, so I'm searching for a better way rather
> than to swap out the values on each method call.
>
> There are several things I am aware of but for each one I have questions:
> 1) there are kernel module parameters
> If I use kernel module parameters, I need to be able to insert the kernel
> module three times in order to have each one have a distinct set of global
> memory and mapped callbacks to distinct files. Can that be done? Second, I
> will need to compile the driver statically later. How can I pass those
> parameters that would otherwise be on the command line in statically?
>
> 2) I can compile the driver in three times with a compile time flag. This
> is the simplest and easiest, but it requires some buildroot and makefile
> foo that I think is a dirty hack.
>
> 3) I could have the init function create three separate files, since it is
> on init that I discover what my values are. But then I have to also
> associate identical functions that reference global variables in the kernel
> object. Duplicating the code would be worse that compiling the same code
> three times with a kernel parameter, even though that would help me solve
> my distinct globals problem. So how could I parameterisze a char device
> with data specific to the instance?
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Driver duplicate?

2016-03-07 Thread Kenneth Adam Miller 
I have a driver that manages three sets of identical data structures that
differ only in address values. Currently, I pray that the device file to
which I have callbacks mapped for the driver gets called sequentially,
because there are pairs of mmap's that need to be made. I know that this
isn't the most ideal way to do it, so I'm searching for a better way rather
than to swap out the values on each method call.

There are several things I am aware of but for each one I have questions:
1) there are kernel module parameters
If I use kernel module parameters, I need to be able to insert the kernel
module three times in order to have each one have a distinct set of global
memory and mapped callbacks to distinct files. Can that be done? Second, I
will need to compile the driver statically later. How can I pass those
parameters that would otherwise be on the command line in statically?

2) I can compile the driver in three times with a compile time flag. This
is the simplest and easiest, but it requires some buildroot and makefile
foo that I think is a dirty hack.

3) I could have the init function create three separate files, since it is
on init that I discover what my values are. But then I have to also
associate identical functions that reference global variables in the kernel
object. Duplicating the code would be worse that compiling the same code
three times with a kernel parameter, even though that would help me solve
my distinct globals problem. So how could I parameterisze a char device
with data specific to the instance?
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Books Regarding Linux Kernel

2016-02-21 Thread Kenneth Adam Miller 
Those are the popular three, but the documentation provided by kernel
authors themselves as well as source code is also expected.

Lastly, semantics of the machine are often a required read. The intel
manual might be something that belongs on your list, if you want to truly
understand.

But no book is really enough to completely understand the linux kernel.
Those just help you get started.

On Mon, Feb 22, 2016 at 12:56 AM, Anil Nair  wrote:

> Hi,
>
> Can anyone suggest any good book for understanding the Linux Kernel?
>
> Are these books enough for understanding workings of Linux Kernel?
>
> 1.Linux Kernel in a Nutshell
> 2.Linux Device Drivers, Third Edition
> 3.Linux Kernel Development (3rd Edition)
>
>
> --
> --
> Regards,
> Anil Nair
>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

How to statically build kernel module?

2016-01-22 Thread Kenneth Adam Miller 
Is there a guidance anywhere? I know my question is simple and
straightforward, but I've looked around a bit and I can't find a direct way
to statically build a kernel module into the kernel.
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-16 Thread Kenneth Adam Miller 
Ok, so you think that the format of the binary would influence the kernel
to change the permissions on the user's behalf? There's not much prose
explanation here, and I don't understand why the kernel would do something
like this. I just wanted to use a static binary to eliminate library
dependency issues between my host machine and the target machine. I had no
idea that settings like this would carry over to my task at hand.

On Sat, Jan 16, 2016 at 1:08 PM, Mike Krinkin <krinkin@gmail.com> wrote:

> On Sat, Jan 16, 2016 at 12:45:17PM -0500, Kenneth Adam Miller wrote:
> > I got the strace output of my non-C binary (I filtered the noise out of
> the
> > output for you):
> >
> > mmap(NULL, 8192, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0)
> >
> > I also have readelf -l output:
> >
> > Elf file type is EXEC (Executable file)
> > Entry point 0x401311
> > There are 7 program headers, starting at offset 64
> >
> > Program Headers:
> >   Type   Offset VirtAddr   PhysAddr
> >  FileSizMemSiz  Flags  Align
> >   LOAD   0x 0x0040 0x0040
> >  0x000db604 0x000db604  R E1000
> >   LOAD   0x000dc1c0 0x004dd1c0 0x004dd1c0
> >  0x6220 0x91dc  RW 1000
> >   NOTE   0x01c8 0x004001c8 0x004001c8
> >  0x0024 0x0024  R  4
> >   GNU_EH_FRAME   0x000d5680 0x004d5680 0x004d5680
> >  0x5f84 0x5f84  R  4
> >   GNU_STACK  0x 0x 0x
> >  0x 0x  RWE0
>
> Well, probably this is a bit more relevant:
> http://lxr.free-electrons.com/source/mm/mmap.c#L1281
>
> As far as i can see, kernel sets READ_IMPLIES_EXEC flag here:
> http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L844
>
> if executable_stack != EXSTACK_DISABLE_X, and executable_stack initialized
> here:
> http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L781
>
> if GNU_STACK has an executable flag set (and i suppose, that RWE means,
> that
> in your case GNU_STACK indeed has exectuable flag set).
>
> It may be a reason, i'm not shure though. May be this can help:
> http://man7.org/linux/man-pages/man2/personality.2.html
>
>
> >   TLS0x000dc1c0 0x004dd1c0 0x004dd1c0
> >  0x0100 0x0100  R  10
> >   GNU_RELRO  0x000dc1c0 0x004dd1c0 0x004dd1c0
> >  0x5e40 0x5e40  RW 20
> >
> >  Section to Segment mapping:
> >   Segment Sections...
> >00 .note.gnu.build-id .init .text .fini .gcc_except_table .rodata
> > .debug_gdb_scripts .eh_frame .eh_frame_hdr
> >01 .tdata .data.rel.ro.local .data.rel.ro .init_array .got
> .got.plt
> > .data .bss
> >02 .note.gnu.build-id
> >03 .eh_frame_hdr
> >04
> >05 .tdata
> >06 .tdata .data.rel.ro.local .data.rel.ro .init_array .got
> .got.plt
> >
> > Some notes:
> >
> > As a test, I changed the non-C binary's target device file to /dev/zero,
> > and then I could see that the non-C mmap attempt would succeed just fine.
> >
> > After further verification and debugging based on guidance from another
> > forum, I have convinced that the vm_flags change must be occuring
> somewhere
> > in kernel land after control flow has left user land. Now I need to
> figure
> > out how to use a kernel debugger or kprobes to walk through the execution
> > of mmap callback delegation and see where the flags parameter is being
> > changed.
> >
> > I was pointed out to this:
> > http://lxr.free-electrons.com/source/mm/mmap.c#L1312
> >
> > But why would my vm_flags be changed by the kernel? And what can I do to
> > get this to stop? Why is the kernel changing the vm_flags for a non-C
> > binary using my device file, but not for either a C binary using my
> device
> > file or any type of binary that's not using my device file?
> >
> > On Thu, Jan 14, 2016 at 12:28 PM, Kenneth Adam Miller <
> > kennethadammil...@gmail.com> wrote:
> >
> > >
> > >
> > > On Thu, Jan 14, 2016 at 12:00 PM, Mike Krinkin <krinkin@gmail.com>
> > > wrote:
> > >
> > >> Hi, i have

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-16 Thread Kenneth Adam Miller 
The particular non-C binary that I'm using is rust with musl support, so
that I can statically compile the binary in order to eliminate all library
dependencies and then run it on a buildroot based linux.

On Sat, Jan 16, 2016 at 1:32 PM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

> Wait, are you assuming that I'm using the latest kernel? Because I'm using
> 3.14.56...
>
> On Sat, Jan 16, 2016 at 1:31 PM, Mike Krinkin <krinkin@gmail.com>
> wrote:
>
>> On Sat, Jan 16, 2016 at 01:16:42PM -0500, Kenneth Adam Miller wrote:
>> > Ok, so you think that the format of the binary would influence the
>> kernel
>> > to change the permissions on the user's behalf? There's not much prose
>> > explanation here, and I don't understand why the kernel would do
>> something
>> > like this.
>>
>> That personality falg was introduced here with quite a detail explanation
>> (which i don't understand though):
>> http://lwn.net/Articles/94068/
>>
>> > I just wanted to use a static binary to eliminate library
>> > dependency issues between my host machine and the target machine. I had
>> no
>> > idea that settings like this would carry over to my task at hand.
>>
>> I compiled simple hello world with -static flag, and GNU_STACK in the
>> binary
>> has no executable flag set, so static has probably nothing to do with
>> this.
>>
>> >
>> > On Sat, Jan 16, 2016 at 1:08 PM, Mike Krinkin <krinkin@gmail.com>
>> wrote:
>> >
>> > > On Sat, Jan 16, 2016 at 12:45:17PM -0500, Kenneth Adam Miller wrote:
>> > > > I got the strace output of my non-C binary (I filtered the noise
>> out of
>> > > the
>> > > > output for you):
>> > > >
>> > > > mmap(NULL, 8192, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>> -1,
>> > > 0)
>> > > >
>> > > > I also have readelf -l output:
>> > > >
>> > > > Elf file type is EXEC (Executable file)
>> > > > Entry point 0x401311
>> > > > There are 7 program headers, starting at offset 64
>> > > >
>> > > > Program Headers:
>> > > >   Type   Offset VirtAddr   PhysAddr
>> > > >  FileSizMemSiz  Flags  Align
>> > > >   LOAD   0x 0x0040
>> 0x0040
>> > > >  0x000db604 0x000db604  R E1000
>> > > >   LOAD   0x000dc1c0 0x004dd1c0
>> 0x004dd1c0
>> > > >  0x6220 0x91dc  RW 1000
>> > > >   NOTE   0x01c8 0x004001c8
>> 0x004001c8
>> > > >  0x0024 0x0024  R  4
>> > > >   GNU_EH_FRAME   0x000d5680 0x004d5680
>> 0x004d5680
>> > > >  0x5f84 0x5f84  R  4
>> > > >   GNU_STACK  0x 0x
>> 0x
>> > > >  0x 0x  RWE0
>> > >
>> > > Well, probably this is a bit more relevant:
>> > > http://lxr.free-electrons.com/source/mm/mmap.c#L1281
>> > >
>> > > As far as i can see, kernel sets READ_IMPLIES_EXEC flag here:
>> > > http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L844
>> > >
>> > > if executable_stack != EXSTACK_DISABLE_X, and executable_stack
>> initialized
>> > > here:
>> > > http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L781
>> > >
>> > > if GNU_STACK has an executable flag set (and i suppose, that RWE
>> means,
>> > > that
>> > > in your case GNU_STACK indeed has exectuable flag set).
>> > >
>> > > It may be a reason, i'm not shure though. May be this can help:
>> > > http://man7.org/linux/man-pages/man2/personality.2.html
>> > >
>> > >
>> > > >   TLS0x000dc1c0 0x004dd1c0
>> 0x004dd1c0
>> > > >  0x0100 0x0100  R  10
>> > > >   GNU_RELRO  0x000dc1c0 0x004dd1c0
>> 0x004dd1c0
>> > > >  0x5e40 0x5e40  RW 20
>> > > >
&

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-16 Thread Kenneth Adam Miller 
Wait, are you assuming that I'm using the latest kernel? Because I'm using
3.14.56...

On Sat, Jan 16, 2016 at 1:31 PM, Mike Krinkin <krinkin@gmail.com> wrote:

> On Sat, Jan 16, 2016 at 01:16:42PM -0500, Kenneth Adam Miller wrote:
> > Ok, so you think that the format of the binary would influence the kernel
> > to change the permissions on the user's behalf? There's not much prose
> > explanation here, and I don't understand why the kernel would do
> something
> > like this.
>
> That personality falg was introduced here with quite a detail explanation
> (which i don't understand though):
> http://lwn.net/Articles/94068/
>
> > I just wanted to use a static binary to eliminate library
> > dependency issues between my host machine and the target machine. I had
> no
> > idea that settings like this would carry over to my task at hand.
>
> I compiled simple hello world with -static flag, and GNU_STACK in the
> binary
> has no executable flag set, so static has probably nothing to do with this.
>
> >
> > On Sat, Jan 16, 2016 at 1:08 PM, Mike Krinkin <krinkin@gmail.com>
> wrote:
> >
> > > On Sat, Jan 16, 2016 at 12:45:17PM -0500, Kenneth Adam Miller wrote:
> > > > I got the strace output of my non-C binary (I filtered the noise out
> of
> > > the
> > > > output for you):
> > > >
> > > > mmap(NULL, 8192, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
> -1,
> > > 0)
> > > >
> > > > I also have readelf -l output:
> > > >
> > > > Elf file type is EXEC (Executable file)
> > > > Entry point 0x401311
> > > > There are 7 program headers, starting at offset 64
> > > >
> > > > Program Headers:
> > > >   Type   Offset VirtAddr   PhysAddr
> > > >  FileSizMemSiz  Flags  Align
> > > >   LOAD   0x 0x0040
> 0x0040
> > > >  0x000db604 0x000db604  R E1000
> > > >   LOAD   0x000dc1c0 0x004dd1c0
> 0x004dd1c0
> > > >  0x6220 0x91dc  RW 1000
> > > >   NOTE   0x01c8 0x004001c8
> 0x004001c8
> > > >  0x0024 0x0024  R  4
> > > >   GNU_EH_FRAME   0x000d5680 0x004d5680
> 0x004d5680
> > > >  0x5f84 0x5f84  R  4
> > > >   GNU_STACK  0x 0x
> 0x
> > > >  0x 0x  RWE0
> > >
> > > Well, probably this is a bit more relevant:
> > > http://lxr.free-electrons.com/source/mm/mmap.c#L1281
> > >
> > > As far as i can see, kernel sets READ_IMPLIES_EXEC flag here:
> > > http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L844
> > >
> > > if executable_stack != EXSTACK_DISABLE_X, and executable_stack
> initialized
> > > here:
> > > http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L781
> > >
> > > if GNU_STACK has an executable flag set (and i suppose, that RWE means,
> > > that
> > > in your case GNU_STACK indeed has exectuable flag set).
> > >
> > > It may be a reason, i'm not shure though. May be this can help:
> > > http://man7.org/linux/man-pages/man2/personality.2.html
> > >
> > >
> > > >   TLS0x000dc1c0 0x004dd1c0
> 0x004dd1c0
> > > >  0x0100 0x0100  R  10
> > > >   GNU_RELRO  0x000dc1c0 0x004dd1c0
> 0x004dd1c0
> > > >  0x5e40 0x5e40  RW 20
> > > >
> > > >  Section to Segment mapping:
> > > >   Segment Sections...
> > > >00 .note.gnu.build-id .init .text .fini .gcc_except_table
> .rodata
> > > > .debug_gdb_scripts .eh_frame .eh_frame_hdr
> > > >01 .tdata .data.rel.ro.local .data.rel.ro .init_array .got
> > > .got.plt
> > > > .data .bss
> > > >02 .note.gnu.build-id
> > > >03 .eh_frame_hdr
> > > >04
> > > >05 .tdata
> > > >06 .tdata .data.rel.ro.local .data.rel.ro .init_array .got
> > > .got.plt
> > > >
> > >

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-16 Thread Kenneth Adam Miller 
Astonishing. I changed my non-C based binary to remove PROT_READ, and I
found that the mmap test completed successfully! Now I just have to figure
out how to edit the binary headers to remove the READ_IMPLIES_EXEC option
and then test it.

On Sat, Jan 16, 2016 at 1:33 PM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

> The particular non-C binary that I'm using is rust with musl support, so
> that I can statically compile the binary in order to eliminate all library
> dependencies and then run it on a buildroot based linux.
>
> On Sat, Jan 16, 2016 at 1:32 PM, Kenneth Adam Miller <
> kennethadammil...@gmail.com> wrote:
>
>> Wait, are you assuming that I'm using the latest kernel? Because I'm
>> using 3.14.56...
>>
>> On Sat, Jan 16, 2016 at 1:31 PM, Mike Krinkin <krinkin@gmail.com>
>> wrote:
>>
>>> On Sat, Jan 16, 2016 at 01:16:42PM -0500, Kenneth Adam Miller wrote:
>>> > Ok, so you think that the format of the binary would influence the
>>> kernel
>>> > to change the permissions on the user's behalf? There's not much prose
>>> > explanation here, and I don't understand why the kernel would do
>>> something
>>> > like this.
>>>
>>> That personality falg was introduced here with quite a detail explanation
>>> (which i don't understand though):
>>> http://lwn.net/Articles/94068/
>>>
>>> > I just wanted to use a static binary to eliminate library
>>> > dependency issues between my host machine and the target machine. I
>>> had no
>>> > idea that settings like this would carry over to my task at hand.
>>>
>>> I compiled simple hello world with -static flag, and GNU_STACK in the
>>> binary
>>> has no executable flag set, so static has probably nothing to do with
>>> this.
>>>
>>> >
>>> > On Sat, Jan 16, 2016 at 1:08 PM, Mike Krinkin <krinkin@gmail.com>
>>> wrote:
>>> >
>>> > > On Sat, Jan 16, 2016 at 12:45:17PM -0500, Kenneth Adam Miller wrote:
>>> > > > I got the strace output of my non-C binary (I filtered the noise
>>> out of
>>> > > the
>>> > > > output for you):
>>> > > >
>>> > > > mmap(NULL, 8192, PROT_READ | PROT_WRITE,
>>> MAP_PRIVATE|MAP_ANONYMOUS, -1,
>>> > > 0)
>>> > > >
>>> > > > I also have readelf -l output:
>>> > > >
>>> > > > Elf file type is EXEC (Executable file)
>>> > > > Entry point 0x401311
>>> > > > There are 7 program headers, starting at offset 64
>>> > > >
>>> > > > Program Headers:
>>> > > >   Type   Offset VirtAddr   PhysAddr
>>> > > >  FileSizMemSiz  Flags
>>> Align
>>> > > >   LOAD   0x 0x0040
>>> 0x0040
>>> > > >  0x000db604 0x000db604  R E1000
>>> > > >   LOAD   0x000dc1c0 0x004dd1c0
>>> 0x004dd1c0
>>> > > >  0x6220 0x91dc  RW 1000
>>> > > >   NOTE   0x01c8 0x004001c8
>>> 0x004001c8
>>> > > >  0x0024 0x0024  R  4
>>> > > >   GNU_EH_FRAME   0x000d5680 0x004d5680
>>> 0x004d5680
>>> > > >  0x5f84 0x5f84  R  4
>>> > > >   GNU_STACK  0x 0x
>>> 0x
>>> > > >  0x 0x  RWE0
>>> > >
>>> > > Well, probably this is a bit more relevant:
>>> > > http://lxr.free-electrons.com/source/mm/mmap.c#L1281
>>> > >
>>> > > As far as i can see, kernel sets READ_IMPLIES_EXEC flag here:
>>> > > http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L844
>>> > >
>>> > > if executable_stack != EXSTACK_DISABLE_X, and executable_stack
>>> initialized
>>> > > here:
>>> > > http://lxr.free-electrons.com/source/fs/binfmt_elf.c#L781
>>> > >
>>> > > if GNU_STACK has an executable flag set (and i suppose, that RWE
>>> means,
>>> >

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-16 Thread Kenneth Adam Miller 
I got the strace output of my non-C binary (I filtered the noise out of the
output for you):

mmap(NULL, 8192, PROT_READ | PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)

I also have readelf -l output:

Elf file type is EXEC (Executable file)
Entry point 0x401311
There are 7 program headers, starting at offset 64

Program Headers:
  Type   Offset VirtAddr   PhysAddr
 FileSizMemSiz  Flags  Align
  LOAD   0x 0x0040 0x0040
 0x000db604 0x000db604  R E1000
  LOAD   0x000dc1c0 0x004dd1c0 0x004dd1c0
 0x6220 0x91dc  RW 1000
  NOTE   0x01c8 0x004001c8 0x004001c8
 0x0024 0x0024  R  4
  GNU_EH_FRAME   0x000d5680 0x004d5680 0x004d5680
 0x5f84 0x5f84  R  4
  GNU_STACK  0x 0x 0x
 0x 0x  RWE0
  TLS0x000dc1c0 0x004dd1c0 0x004dd1c0
 0x0100 0x0100  R  10
  GNU_RELRO  0x000dc1c0 0x004dd1c0 0x004dd1c0
 0x5e40 0x5e40  RW 20

 Section to Segment mapping:
  Segment Sections...
   00 .note.gnu.build-id .init .text .fini .gcc_except_table .rodata
.debug_gdb_scripts .eh_frame .eh_frame_hdr
   01 .tdata .data.rel.ro.local .data.rel.ro .init_array .got .got.plt
.data .bss
   02 .note.gnu.build-id
   03 .eh_frame_hdr
   04
   05 .tdata
   06 .tdata .data.rel.ro.local .data.rel.ro .init_array .got .got.plt

Some notes:

As a test, I changed the non-C binary's target device file to /dev/zero,
and then I could see that the non-C mmap attempt would succeed just fine.

After further verification and debugging based on guidance from another
forum, I have convinced that the vm_flags change must be occuring somewhere
in kernel land after control flow has left user land. Now I need to figure
out how to use a kernel debugger or kprobes to walk through the execution
of mmap callback delegation and see where the flags parameter is being
changed.

I was pointed out to this:
http://lxr.free-electrons.com/source/mm/mmap.c#L1312

But why would my vm_flags be changed by the kernel? And what can I do to
get this to stop? Why is the kernel changing the vm_flags for a non-C
binary using my device file, but not for either a C binary using my device
file or any type of binary that's not using my device file?

On Thu, Jan 14, 2016 at 12:28 PM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

>
>
> On Thu, Jan 14, 2016 at 12:00 PM, Mike Krinkin <krinkin@gmail.com>
> wrote:
>
>> Hi, i have a couple of questions to clarify, if you don't mind
>>
>> On Thu, Jan 14, 2016 at 11:04:28AM -0500, Kenneth Adam Miller wrote:
>> > I have a custom drive and userland program pair that I'm using for a
>> very
>> > special use case at my workplace where we are mapping specific physical
>> > address ranges into userland memory with a mmap callback. Everything
>> works
>> > together well with a C userland program that calls into our driver's
>> ioctl
>> > and mmap definitions, but for our case we are using an alternative
>> systems
>> > language just for the userland program.
>>
>> So you have userland app written in C, and another not written in C?
>> The former works well while the latter doesn't, am i right?
>>
>
> Yes, the former works in so much as mmap completes successfully. I've
> verified that the
> parameters are identical in the non-C program. The issue of just using the
> C only program
> is that the actual implementation of interest is in the non-C program, and
> that's because
> that language facilitates other features that are *required* on our end.
>
>
>>
>> > That mmap call is failing (properly
>> > as we want) out from the driver's mmap implementation due to the fact
>> that
>> > the vm_flags have the VM_EXEC flag set. We do not want users to be able
>> to
>> > map the memory range as executable, so the driver should check for this
>> as
>> > it does. The issue is in the fact that somewhere between where mmap is
>> > called and when the parameters are given to the driver, the
>> vma->vm_flags
>> > are being set to 255. I've manually checked the values being given to
>> the
>> > mmap call in our non-C binary, and they are *equivalent* in value to
>> that
>> > of the C program.
>>
>> By "m

Inexplicable PROT_EXEC flag set on mmap callback

2016-01-14 Thread Kenneth Adam Miller 
I have a custom drive and userland program pair that I'm using for a very
special use case at my workplace where we are mapping specific physical
address ranges into userland memory with a mmap callback. Everything works
together well with a C userland program that calls into our driver's ioctl
and mmap definitions, but for our case we are using an alternative systems
language just for the userland program. That mmap call is failing (properly
as we want) out from the driver's mmap implementation due to the fact that
the vm_flags have the VM_EXEC flag set. We do not want users to be able to
map the memory range as executable, so the driver should check for this as
it does. The issue is in the fact that somewhere between where mmap is
called and when the parameters are given to the driver, the vma->vm_flags
are being set to 255. I've manually checked the values being given to the
mmap call in our non-C binary, and they are *equivalent* in value to that
of the C program.

My question is, is there anything that can cause the vma->vm_flags to be
changed in the trip between when the user land program calls mmap and when
control is delivered to the mmap callback?
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-14 Thread Kenneth Adam Miller 
On Thu, Jan 14, 2016 at 12:00 PM, Mike Krinkin <krinkin@gmail.com>
wrote:

> Hi, i have a couple of questions to clarify, if you don't mind
>
> On Thu, Jan 14, 2016 at 11:04:28AM -0500, Kenneth Adam Miller wrote:
> > I have a custom drive and userland program pair that I'm using for a very
> > special use case at my workplace where we are mapping specific physical
> > address ranges into userland memory with a mmap callback. Everything
> works
> > together well with a C userland program that calls into our driver's
> ioctl
> > and mmap definitions, but for our case we are using an alternative
> systems
> > language just for the userland program.
>
> So you have userland app written in C, and another not written in C?
> The former works well while the latter doesn't, am i right?
>

Yes, the former works in so much as mmap completes successfully. I've
verified that the
parameters are identical in the non-C program. The issue of just using the
C only program
is that the actual implementation of interest is in the non-C program, and
that's because
that language facilitates other features that are *required* on our end.


>
> > That mmap call is failing (properly
> > as we want) out from the driver's mmap implementation due to the fact
> that
> > the vm_flags have the VM_EXEC flag set. We do not want users to be able
> to
> > map the memory range as executable, so the driver should check for this
> as
> > it does. The issue is in the fact that somewhere between where mmap is
> > called and when the parameters are given to the driver, the vma->vm_flags
> > are being set to 255. I've manually checked the values being given to the
> > mmap call in our non-C binary, and they are *equivalent* in value to that
> > of the C program.
>
> By "manually" do you mean strace? Could you show strace output for
> both apps? And also could you show readelf -l output for both binaries?
>

By manually, I mean with a print call just before the mmap call in each of
the
programs. Right now, I'm working on getting a strace output, but I have to
run that in qemu.
To be able to run it in qemu in order to isolate the driver and all from my
host, I have to build
with buildroot. So I'll email that when I get it, but it'll be a while.


>
> >
> > My question is, is there anything that can cause the vma->vm_flags to be
> > changed in the trip between when the user land program calls mmap and
> when
> > control is delivered to the mmap callback?
>
> > ___
> > Kernelnewbies mailing list
> > Kernelnewbies@kernelnewbies.org
> > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Inexplicable PROT_EXEC flag set on mmap callback

2016-01-14 Thread Kenneth Adam Miller 
In fact, it's being set to 0xff exactly, not just the VM_EXEC flag being
set. vma->vm_flags & VM_EXEC resolves true, because vma->vm_flags is 0xff

On Thu, Jan 14, 2016 at 11:04 AM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

> I have a custom drive and userland program pair that I'm using for a very
> special use case at my workplace where we are mapping specific physical
> address ranges into userland memory with a mmap callback. Everything works
> together well with a C userland program that calls into our driver's ioctl
> and mmap definitions, but for our case we are using an alternative systems
> language just for the userland program. That mmap call is failing (properly
> as we want) out from the driver's mmap implementation due to the fact that
> the vm_flags have the VM_EXEC flag set. We do not want users to be able to
> map the memory range as executable, so the driver should check for this as
> it does. The issue is in the fact that somewhere between where mmap is
> called and when the parameters are given to the driver, the vma->vm_flags
> are being set to 255. I've manually checked the values being given to the
> mmap call in our non-C binary, and they are *equivalent* in value to that
> of the C program.
>
> My question is, is there anything that can cause the vma->vm_flags to be
> changed in the trip between when the user land program calls mmap and when
> control is delivered to the mmap callback?
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Mapping IO memory read-write

2016-01-13 Thread Kenneth Adam Miller 
In this case, have you tried reading and writing to the memory segment
being mmap'd from userland?

Here's an example mmap'ing device driver if you need to see that:
https://github.com/claudioscordino/mmap_alloc

On Tue, Jan 12, 2016 at 6:10 PM, Jethro Beekman  wrote:

> I'm writing a device driver for a memory-mapped device on x86-64. I'm
> mapping
> the device in the kernel using ioremap_cache(). My file_operations.mmap
> function
> is as follows:
>
> static int dev_mmap(struct file *filep, struct vm_area_struct *vma) {
> vma->vm_page_prot.pgprot|=_PAGE_BIT_RW;
> return vm_iomap_memory(vma,START,LEN);
> }
>
> The user process calls mmap(..,PROT_READ|PROT_WRITE|PROT_EXEC,..). The
> mapping
> in /proc/[pid]/maps shows the write bit. However, when looking at the
> actual
> page table entry does not have the RW bit set. For example:
>
> virtual address = _0001_8000_
> cr3 = __700a_e000
> phys:__700a_e000 = __7e05_5067 (P|RW|US|A|D)
> phys:__7e05_5030 = _0001_66e2_9067 (P|RW|US|A|D)
> phys:_0001_66e2_9000 = _0001_69db_3067 (P|RW|US|A|D)
> phys:_0001_69db_3000 = __8020_0225 (P|US|A|SOFTW1)
>
> Am I doing something wrong?
>
> Jethro
>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Customizing UIO mmap'ing

2015-12-18 Thread Kenneth Adam Miller 
On Fri, Dec 18, 2015 at 9:20 AM, Henry Gomersall <
henry.gomers...@smartacoustics.co.uk> wrote:

> On 18/12/15 14:15, Kenneth Adam Miller wrote:
>
>
> On Fri, Dec 18, 2015 at 7:05 AM, Henry Gomersall <
> henry.gomers...@smartacoustics.co.uk> wrote:
>
>> On 17/12/15 21:35, Kenneth Adam Miller wrote:
>>
>> Generally uio_dmem_genirq.c builds on top of uio.c, which provides a
>> common module basis for isolating code common to the other specific
>> modules. But for a specific purpose, uio_dmem_genirq.c has be either
>> customized or extended in order that specific memory regions can be set as
>> accessible. Most easily, this is done in a first come first serve approach
>> by filling out the details (which exactly?) left missing in
>> uio_dmem_genirq.c, and to start, that would be in uio_of_genirq_match
>> <https://proxy-us.hide.me/go.php?u=zWvu%2Fc4k0RUgdQesK%2F26T4EuwcXktyOuOa%2F3x1F0nLo5r0d9WlQEzfN928BYniutwGWnnJXkaBWcsA6D=29>
>> .
>>
>> Am I correct?
>>
>>
>> It's not always necessary to modify uio_dmem_genirq.
>>
>>
> Is it correct though, that I can use another module to stack on top of
> uio_dmem_genirq, and that the correct thing to modify is in fact the
> variable I mentioned?
>
>
> I don't know the answer to this. I'm pretty new to it myself :)
>

Well for any other readers of this conversation, compared to my previous
(perceived) requirements, I now only need to mmap a specific region of
hardware addresses - nothing about custom allocation within that region. I
can use /dev/mem, but that's perceived to be a potential security issue
that we want to keep mitigated. So, we have decided that a uio driver that
filters for the specific hardware address regions that we allow is
desirable. I think that uio_dmem_genirq would be the way to go about it,
but I am not sure there is any example that exists demonstrating how to
edit and then use it.


>
>
> Henry
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Customizing UIO mmap'ing

2015-12-18 Thread Kenneth Adam Miller 
On Fri, Dec 18, 2015 at 7:05 AM, Henry Gomersall <
henry.gomers...@smartacoustics.co.uk> wrote:

> On 17/12/15 21:35, Kenneth Adam Miller wrote:
>
> Generally uio_dmem_genirq.c builds on top of uio.c, which provides a
> common module basis for isolating code common to the other specific
> modules. But for a specific purpose, uio_dmem_genirq.c has be either
> customized or extended in order that specific memory regions can be set as
> accessible. Most easily, this is done in a first come first serve approach
> by filling out the details (which exactly?) left missing in
> uio_dmem_genirq.c, and to start, that would be in uio_of_genirq_match
> <https://proxy-us.hide.me/go.php?u=zWvu%2Fc4k0RUgdQesK%2F26T4EuwcXktyOuOa%2F3x1F0nLo5r0d9WlQEzfN928BYniutwGWnnJXkaBWcsA6D=29>
> .
>
> Am I correct?
>
>
> It's not always necessary to modify uio_dmem_genirq.
>
>
Is it correct though, that I can use another module to stack on top of
uio_dmem_genirq, and that the correct thing to modify is in fact the
variable I mentioned?


> Certainly in cases where the hardware capability can be specified by a
> device tree (e.g. ARM systems), it is possible to specify an address space
> and an IRQ that can be immediately used from userspace with the
> uio_dmem_genirq driver with no modifications.
>
>
This is not our case. I have to programmatically retrieve the regions when
the driver is loaded (I know that's just a matter of putting the right code
in the right callback), and allow that to serve as a match.


> Henry
>
>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Customizing UIO mmap'ing

2015-12-17 Thread Kenneth Adam Miller 
So, previously I think I misunderstood how to use uio_dmem_genirq. Let me
explain the way I think it currently works (bare with me, I departed from
looking at this driver after only about a week of looking at it):

Generally uio_dmem_genirq.c builds on top of uio.c, which provides a common
module basis for isolating code common to the other specific modules. But
for a specific purpose, uio_dmem_genirq.c has be either customized or
extended in order that specific memory regions can be set as accessible.
Most easily, this is done in a first come first serve approach by filling
out the details (which exactly?) left missing in uio_dmem_genirq.c, and to
start, that would be in uio_of_genirq_match

.

Am I correct?
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Query Hard Memory Addresses

2015-10-22 Thread Kenneth Adam Miller 
So, previously it was discussed that /dev/mem could be used to mmap a
specific hardware memory into a process. Now I need to unit test some
userland code that does exactly that, but I need to make sure that the unit
test selects a small page that is always free in kernel land. How can I
query mem to just grab the location of a free page?

(my development setup is different from my other deployment; in deployment
these values are hard coded, in development they occur on a qemu emulator)
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Query Hard Memory Addresses

2015-10-22 Thread Kenneth Adam Miller 
On Thu, Oct 22, 2015 at 3:38 PM, Jeff Haran <jeff.ha...@citrix.com> wrote:

>
>
>
>
> *From:* kernelnewbies-boun...@kernelnewbies.org [mailto:
> kernelnewbies-boun...@kernelnewbies.org] *On Behalf Of *Kenneth Adam
> Miller
> *Sent:* Thursday, October 22, 2015 12:14 PM
> *To:* Kernelnewbies
> *Subject:* Query Hard Memory Addresses
>
>
>
> So, previously it was discussed that /dev/mem could be used to mmap a
> specific hardware memory into a process. Now I need to unit test some
> userland code that does exactly that, but I need to make sure that the unit
> test selects a small page that is always free in kernel land. How can I
> query mem to just grab the location of a free page?
>
>
>
> (my development setup is different from my other deployment; in deployment
> these values are hard coded, in development they occur on a qemu emulator)
>
>
>
> I suppose it might work to write a kernel module that allocates a page in
> its init routine and then provides the address to user space via a /proc
> entry.
>
>
>

Well see now we're back to where I was before finding out about /dev/mem.

In any case, I think I can isolate my userland tests with some shared
memory regions at the process level, and then in the production environment
serve up a buffer grabbed by mmap.


> Jeff Haran
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

UIO Kernel Driver with Buildroot and QEMU

2015-10-20 Thread Kenneth Adam Miller 
So I'm building a uio kernel driver with buildroot, and I've gotten the
driver to compile, installed it and can insmod it in the final buildroot
target after booting the image with QEMU.

I'm on linux kernel version 3.14, and I followed the guide here:

https://www.kernel.org/doc/htmldocs/uio-howto/userspace_driver.html

And it describes the location on where the device file that should be
opened by userland code as either one of two locations:

/dev/uioX, with X being a number

or /sys/class/uio/uioX

But the each of following returns nothing:

ls /dev/uio*
ls /sys/class/uio/

After I compile the uio example that is provided in the linux source at
source/drivers/uio/uio.c and uio_dmem_genirq.c, and insmod them, I do
modprobe uio and modprobe uio_dmem_genirq and each of those return nothing.
However, I do see that /sys/modules/uio and /sys/modules/uio_dmem_genirq


What am I doing wrong? Or where are the respective device files that I'm
supposed to use in my userland driver process?

int fd = open("where is it!!?");
mmap(, fd,..);
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Kernel Driver with Buildroot and QEMU

2015-10-20 Thread Kenneth Adam Miller 
Am I missing something? Are those drivers, uio, and uio_dmem_genirq not
supposed to created device files in the linux VFS, either /dev or some
subfolder /sys?

I am using mdev (
http://buildroot.org/downloads/manual/manual.html#_dev_management), I can
 see the tty devices in /dev, so I know that the devices are being
recognized by the kernel. In addition, insmod'ing the same device more than
once gives an error where the kernel says that the file already exists.

I considered the possibility that these .c files are in fact skeleton
files, where users are supposed to create their own uio driver and rely on
the services or functions that these provide. But it doesn't explicitly say
that anywhere in the guide that I read; if this were the case, why wouldn't
it?

On Tue, Oct 20, 2015 at 11:58 AM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

> So I'm building a uio kernel driver with buildroot, and I've gotten the
> driver to compile, installed it and can insmod it in the final buildroot
> target after booting the image with QEMU.
>
> I'm on linux kernel version 3.14, and I followed the guide here:
>
> https://www.kernel.org/doc/htmldocs/uio-howto/userspace_driver.html
>
> And it describes the location on where the device file that should be
> opened by userland code as either one of two locations:
>
> /dev/uioX, with X being a number
>
> or /sys/class/uio/uioX
>
> But the each of following returns nothing:
>
> ls /dev/uio*
> ls /sys/class/uio/
>
> After I compile the uio example that is provided in the linux source at
> source/drivers/uio/uio.c and uio_dmem_genirq.c, and insmod them, I do
> modprobe uio and modprobe uio_dmem_genirq and each of those return nothing.
> However, I do see that /sys/modules/uio and /sys/modules/uio_dmem_genirq
>
>
> What am I doing wrong? Or where are the respective device files that I'm
> supposed to use in my userland driver process?
>
> int fd = open("where is it!!?");
> mmap(, fd,..);
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Kernel Driver with Buildroot and QEMU

2015-10-20 Thread Kenneth Adam Miller 
Thanks! To anyone else that might know the answer thanks also (in advance)
:D

On Tue, Oct 20, 2015 at 5:56 PM, Mandeep Sandhu  wrote:

> >> I'm on linux kernel version 3.14, and I followed the guide here:
> >>
> >> https://www.kernel.org/doc/htmldocs/uio-howto/userspace_driver.html
> >>
> >> And it describes the location on where the device file that should be
> >> opened by userland code as either one of two locations:
> >>
> >> /dev/uioX, with X being a number
> >>
> >> or /sys/class/uio/uioX
> >>
> >> But the each of following returns nothing:
> >>
> >> ls /dev/uio*
> >> ls /sys/class/uio/
> >>
> >> After I compile the uio example that is provided in the linux source at
> >> source/drivers/uio/uio.c and uio_dmem_genirq.c, and insmod them, I do
> >> modprobe uio and modprobe uio_dmem_genirq and each of those return
> nothing.
> >> However, I do see that /sys/modules/uio and /sys/modules/uio_dmem_genirq
>
> Have a look at this sample driver I wrote sometime back to trigger a UIO
> issue:
>
> https://github.com/mandeepsandhu/uio-hotplug-test
>
> I have not had the time to look at where it differs from your
> implemntation, but I'll leave that to you to figure out :)
>
> This create the /devuioX device file which the userspace code is opening.
>
> HTH,
> -mandeep
>
>
> >>
> >>
> >> What am I doing wrong? Or where are the respective device files that I'm
> >> supposed to use in my userland driver process?
> >>
> >> int fd = open("where is it!!?");
> >> mmap(, fd,..);
> >
> >
> >
> > ___
> > Kernelnewbies mailing list
> > Kernelnewbies@kernelnewbies.org
> > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> >
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Kernel Driver with Buildroot and QEMU

2015-10-20 Thread Kenneth Adam Miller 
On Tue, Oct 20, 2015 at 8:17 PM, Greg KH <g...@kroah.com> wrote:

> On Tue, Oct 20, 2015 at 07:40:37PM -0400, Kenneth Adam Miller wrote:
> >
> > On Tue, Oct 20, 2015 at 6:54 PM, Greg KH <g...@kroah.com> wrote:
> >
> > On Tue, Oct 20, 2015 at 11:58:21AM -0400, Kenneth Adam Miller wrote:
> > > So I'm building a uio kernel driver with buildroot, and I've
> gotten the
> > driver
> > > to compile, installed it and can insmod it in the final buildroot
> target
> > after
> > > booting the image with QEMU.
> > >
> > > I'm on linux kernel version 3.14, and I followed the guide here:
> > >
> > >
> https://www.kernel.org/doc/htmldocs/uio-howto/userspace_driver.html
> > >
> > > And it describes the location on where the device file that should
> be
> > opened by
> > > userland code as either one of two locations:
> > >
> > > /dev/uioX, with X being a number
> > >
> > > or /sys/class/uio/uioX
> > >
> > > But the each of following returns nothing:
> > >
> > > ls /dev/uio*
> > > ls /sys/class/uio/
> > >
> > > After I compile the uio example that is provided in the linux
> source at
> > source/
> > > drivers/uio/uio.c and uio_dmem_genirq.c, and insmod them, I do
> modprobe
> > uio and
> > > modprobe uio_dmem_genirq and each of those return nothing.
> However, I do
> > see
> > > that /sys/modules/uio and /sys/modules/uio_dmem_genirq
> >
> > uio.ko is the uio "core", you need a uio driver in order to actually
> use
> > it.
> >
> > uio_dmem_genirq is a uio driver, have you added the needed device
> tree
> > entries to have it actually create a device for you?  Without them,
> this
> > driver can not find any hardware to bind to, and as such, no device
> node
> > will ever be created.
> >
> >
> > I didn't know about that. How do I do that? I'm using buildroot; I guess
> > there's something missing in menuconfig or linux-menuconfig.
>
> Um, no, device tree doesn't have anything to do with buildroot, other
> than the fact that you need such a thing for your platform to work
> properly.
>

Well, often there are options and relation configurations that are
implicitly required by the target development objective that have to be
enabled by buildroot. For instance, right now I'm using devtempfs, and I
know that because one of the things I considered was that it was possible
that it was a silent failure on the part of the module insertion that it
wasn't creating the current /dev entry because it was static. But I
followed up in buildroot to make sure that I had it.


>
> > I would suggest reading the UIO documentation, it should explain all
> of
> > this for you already.  If not, specific questions are always gladly
> > answered.
> >
> >
> > The one that I linked? I read that repeatedly. What other documentation
> is
> > there to read? I also read from Essential Linux Device Drivers, and none
> of
> > them explained that. There has to be something I'm missing.
>
> Step back, what exactly are you trying to do here that you think UIO is
> the answer?  Where is the uio driver that you want to run for your
> hardware platform?  UIO is a _very_ hardware-specific solution to a
> _very_ specific problem that people have, are you sure it's what you
> need?
>
>
Right now, we are building a security solution that requires that
communication be fully isolated by subject. We don't have special devices,
we actually have very special, extra security software that we're trying to
support. One of those is a permissions capability that can be set beneath
the guest that determines what memory can be observed or written to. If a
violation occurs, the guest is killed. We like this model because only the
data makes it through. The problem with doing it the old way was 1) it was
too slow. 2) it was very hard to write in a kernel module context, and
therefore it was overkill 3) all we really wanted was to facilitate the
ability to access special limited access memory.

So effectively, we are moving code that is currently in a driver, out of a
driver. In fact, all we want to do is map memory into user space, and then
access that memory as though it were an array in the user land code.


> thanks,
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Kernel Driver with Buildroot and QEMU

2015-10-20 Thread Kenneth Adam Miller 
On Tue, Oct 20, 2015 at 8:43 PM, Greg KH <g...@kroah.com> wrote:

> On Tue, Oct 20, 2015 at 08:28:20PM -0400, Kenneth Adam Miller wrote:
> > On Tue, Oct 20, 2015 at 8:17 PM, Greg KH <g...@kroah.com> wrote:
> > On Tue, Oct 20, 2015 at 07:40:37PM -0400, Kenneth Adam Miller wrote:
> > > I didn't know about that. How do I do that? I'm using buildroot; I
> guess
> > > there's something missing in menuconfig or linux-menuconfig.
> >
> > Um, no, device tree doesn't have anything to do with buildroot, other
> > than the fact that you need such a thing for your platform to work
> > properly.
> >
> > Well, often there are options and relation configurations that are
> implicitly
> > required by the target development objective that have to be enabled by
> > buildroot. For instance, right now I'm using devtempfs, and I know that
> because
> > one of the things I considered was that it was possible that it was a
> silent
> > failure on the part of the module insertion that it wasn't creating the
> current
> > /dev entry because it was static. But I followed up in buildroot to make
> sure
> > that I had it.
>
> Again, device tree is not a kernel build "option", it is provided by the
> firmware of your platform and handed to the kernel.  It describes your
> hardware to the kernel for systems that do not have discoverable
> hardware (like USB or PCI).
>
> > > I would suggest reading the UIO documentation, it should
> explain all
> > of
> > > this for you already.  If not, specific questions are always
> gladly
> > > answered.
> > >
> > >
> > > The one that I linked? I read that repeatedly. What other
> documentation
> > is
> > > there to read? I also read from Essential Linux Device Drivers,
> and none
> > of
> > > them explained that. There has to be something I'm missing.
> >
> > Step back, what exactly are you trying to do here that you think UIO
> is
> > the answer?  Where is the uio driver that you want to run for your
> > hardware platform?  UIO is a _very_ hardware-specific solution to a
> > _very_ specific problem that people have, are you sure it's what you
> > need?
> >
> > Right now, we are building a security solution that requires that
> communication
> > be fully isolated by subject. We don't have special devices, we actually
> have
> > very special, extra security software that we're trying to support. One
> of
> > those is a permissions capability that can be set beneath the guest that
> > determines what memory can be observed or written to. If a violation
> occurs,
> > the guest is killed. We like this model because only the data makes it
> through.
> > The problem with doing it the old way was 1) it was too slow. 2) it was
> very
> > hard to write in a kernel module context, and therefore it was overkill
> 3) all
> > we really wanted was to facilitate the ability to access special limited
> access
> > memory.
>
> How does that relate to UIO?
>
> The kernel already provides userspace isolation to memory, no need to
> add anything else, the hardware of the CPU does this for you
> automatically.
>
>
It provides some isolation. But there is no guarantee that any of the
machine code is perfect, be it our own or the kernel's. So we take a policy
where we just assume that it will have some kind of critical bug. In this
case, the whole program stops - OS included.

The OS does provide a version of each of the above, separation and memory
isolation. But we have our own. The unique requirement that the software
places on us is that we have specific hardware address regions that must be
mapped to specific processes. To do that, we want to have a kernel driver
map that back into user space memory.


> > So effectively, we are moving code that is currently in a driver, out of
> a
> > driver. In fact, all we want to do is map memory into user space, and
> then
> > access that memory as though it were an array in the user land code.
>
> You don't need UIO for that, just use /dev/mem/ or other such
> functionality for that.  UIO is to allow userspace access to physical
> hardware that is memory-backed, and interrupts for that hardware.  If
> you just want access to real memory, no need to use UIO for that at all.
>
>
So dev/mem would allow the user space process to access a specific memory
region? Wow, I had no idea about that. If that's the case, you've helped us
tremendously because now we don't even have to write a driver at all.


> good luck!
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Kernel Driver with Buildroot and QEMU

2015-10-20 Thread Kenneth Adam Miller 
On Tue, Oct 20, 2015 at 6:54 PM, Greg KH <g...@kroah.com> wrote:

> On Tue, Oct 20, 2015 at 11:58:21AM -0400, Kenneth Adam Miller wrote:
> > So I'm building a uio kernel driver with buildroot, and I've gotten the
> driver
> > to compile, installed it and can insmod it in the final buildroot target
> after
> > booting the image with QEMU.
> >
> > I'm on linux kernel version 3.14, and I followed the guide here:
> >
> > https://www.kernel.org/doc/htmldocs/uio-howto/userspace_driver.html
> >
> > And it describes the location on where the device file that should be
> opened by
> > userland code as either one of two locations:
> >
> > /dev/uioX, with X being a number
> >
> > or /sys/class/uio/uioX
> >
> > But the each of following returns nothing:
> >
> > ls /dev/uio*
> > ls /sys/class/uio/
> >
> > After I compile the uio example that is provided in the linux source at
> source/
> > drivers/uio/uio.c and uio_dmem_genirq.c, and insmod them, I do modprobe
> uio and
> > modprobe uio_dmem_genirq and each of those return nothing. However, I do
> see
> > that /sys/modules/uio and /sys/modules/uio_dmem_genirq
>
> uio.ko is the uio "core", you need a uio driver in order to actually use
> it.
>
> uio_dmem_genirq is a uio driver, have you added the needed device tree
> entries to have it actually create a device for you?  Without them, this
> driver can not find any hardware to bind to, and as such, no device node
> will ever be created.
>

I didn't know about that. How do I do that? I'm using buildroot; I guess
there's something missing in menuconfig or linux-menuconfig.


>
> I would suggest reading the UIO documentation, it should explain all of
> this for you already.  If not, specific questions are always gladly
> answered.
>

The one that I linked? I read that repeatedly. What other documentation is
there to read? I also read from Essential Linux Device Drivers, and none of
them explained that. There has to be something I'm missing.

Thanks a lot!


>
> thanks,
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: How to reserve physical address space region

2015-10-19 Thread Kenneth Adam Miller 
Have you looked at the uio driver examples?

Also, LDD3 may be old, but the API is at least still relevant. The
explanation is too long to include here, but the book is free :D

On Thu, Oct 15, 2015 at 11:53 PM, sahlot arvind  wrote:

> Hi,
>
> Is there an API kernel exposes to use for a driver in order to reserve
> physical address space?
> I mean I want to reserve 5GB (or more if allowed) of contiguous physical
> address space anywhere in the address range (wherever it is available..
> doesn't matter) and then I want to map that physical address range in the
> kernel to get a virtual address so that my driver can dereference that
> virtual pointer to access the mapped physical address range.
>
> Thanks in advance!
> Sahlot
>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Devices and user processes

2015-10-07 Thread Kenneth Adam Miller 
Well I don't think I'll have to write a custom allocator. Existing
allocators allow you to have placement allocation, or rather more
precisely, manage sub-buffers within a static buffer. By this I mean that
the sub buffer is treated as though it were an existing slab given to the
process by the OS, but instead of actually servicing it with new and free,
you place a table in it that acts just like the table that libc manages and
coalesces during regular management with typical use. In any case, I think
I don't have to do this because it's just a regular consumer producer
issue, and I can use ring buffers for that.

On Wed, Oct 7, 2015 at 1:02 PM, Greg KH <g...@kroah.com> wrote:

> On Tue, Oct 06, 2015 at 10:46:49AM -0400, Kenneth Adam Miller wrote:
> > Let me be more precise in general to the overall original question:
> >
> > I want a userland process that I designate to only use a specific hard
> coded
> > region physical of memory for it's heap. A UIO driver is the means by
> which
> > I've gone about seeking to achieve this.
>
> Use LD_PRELOAD to hook into your custom library that handles the
> allocation to this special portion of memory that you grabbed from the
> hardware using the UIO kernel interface instead of the "normal" libc
> allocator, and you will be fine.  But you will have to write a custom
> allocator, there's no other way around that.
>
> The kernel gives you the ability to do this today, no kernel changes
> needed, it's all "just" userspace code you will have to do on your own.
>
> Best of luck, that's going to be some "fun" work :)
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Devices and user processes

2015-10-06 Thread Kenneth Adam Miller 
On Tue, Oct 6, 2015 at 11:04 AM, Yann Droneaud <ydrone...@opteya.com> wrote:

> Hi,
>
> Le mardi 06 octobre 2015 à 10:46 -0400, Kenneth Adam Miller a écrit :
> > Let me be more precise in general to the overall original question:
> >
> > I want a userland process that I designate to only use a specific
> > hard coded region physical of memory for it's heap. A UIO driver is
> > the means by which I've gone about seeking to achieve this.
> >
>
> You want brk() and mmap(..., MAP_ANONYMOUS, ...)  to allocate pages
> from a contigous physical memory region.
>
> You don't give the reason for such requirement. Without a proper reason
> it's difficult to understand what's your trying to achieve.
>
> I can only propose you to use something like CONFIG_MMU=n, but as it's
> a system wide choice with multiple drawbacks, I don't think it's
> something you want to investigate into.
>
>
At our workplace, we are using separation kernel and software fault
isolation technologies to trap process capabilities down to specific
limitations. With these technologies, we can basically trigger the failure
of a process if it tries to violate the sandbox. A process subverting the
kernel doesn't make a difference because our enforcement mechanisms preside
beneath even that. I can't say much else about why, but using a UIO
approach is very attractive to us because we can then develop our IRM in
userland, and have actual writes and operations mapped to the address they
need to be. Right now that is not the case for our legacy software.


> Regards.
>
> --
> Yann Droneaud
> OPTEYA
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Devices and user processes

2015-10-06 Thread Kenneth Adam Miller 
Let me be more precise in general to the overall original question:

I want a userland process that I designate to only use a specific hard
coded region physical of memory for it's heap. A UIO driver is the means by
which I've gone about seeking to achieve this.

On Tue, Oct 6, 2015 at 10:41 AM, Kenneth Adam Miller <
kennethadammil...@gmail.com> wrote:

>
> On Tue, Oct 6, 2015 at 10:32 AM, Yann Droneaud <ydrone...@opteya.com>
> wrote:
>
>> Le mardi 06 octobre 2015 à 10:13 -0400, Kenneth Adam Miller a écrit :
>> >
>> >
>> > On Tue, Oct 6, 2015 at 9:58 AM, Yann Droneaud <ydrone...@opteya.com>
>> > wrote:
>> > > Le mardi 06 octobre 2015 à 09:26 -0400, Kenneth Adam Miller a écrit
>> > > :
>> > >
>> > > > Any body know about the issue of assigning a process a region of
>> > > > physical memory to use for it's malloc and free? I'd like to just
>> > > > have the process call through to a UIO driver with an ioctl, and
>> > > then
>> > > > once that's done it gets all it's memory from a specific region.
>> > > >
>> > >
>> > > You mean CONFIG_UIO_DMEM_GENIRQ (drivers/uio/uio_dmem_genirq.c)
>> > >
>> > > See:
>> > > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/comm
>> > > it/?id=0a0c3b5a24bd802b1ebbf99e0b01296647b8199b
>> > > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/comm
>> > > it/?id=b533a83008c3fb4983c1213276790cacd39b518f
>> > > https://www.kernel.org/doc/htmldocs/uio-howto/using-uio_dmem_genirq
>> > > .html
>> > >
>> > >
>> > Well I don't think that does exactly what I would like, although I've
>> > got that on my machine and I've been compiling it and learning from
>> > it. Here's my understanding of the process of the way mmap works:
>> >
>> > Mmap is called from userland and it maps a region of memory of a
>> > certain size according to the parameters given to it, and the return
>> > value it has is the address at which the block requested starts, if
>> > it was successful (which I'm not addressing the unsuccessful case
>> > here for brevity). The userland process now has only a pointer to a
>> > region of space, as if they had allocated something with new or
>> > malloc. Further calls to new or malloc don't mean that the pointers
>> > returned will preside within the new mmap'd chunk, they are just
>> > separate regions also mapped into the process.
>> >
>>
>> You have to write your own custom allocator using the mmap()'ed memory
>> your retrieved from UIO.
>>
>
> I know about C++'s placement new. But I'd prefer to not have to write my
> userland code in such a way-I want my userland code to remain agnostic of
> where it gets the memory from. I just want to put a small prologue in my
> main, and then have the rest of the program oblivious to the change.
>
>
>>
>> > What I would like is a region of memory that, once mapped to a
>> > process, further calls to new/malloc return pointers that preside
>> > within this chunk. Calls to new/malloc and delete/free only edit the
>> > process's internal table, which is fine.
>> >
>> > Is that wrong? Or is it that mmap already does the latter?
>>
>> It's likely wrong. glibc's malloc() using brk() and mmap() to allocate
>> anonymous pages. Tricking this implementation to use another mean to
>> retrieve memory is left to the reader.
>>
>>
>
>
>
>> Anyway, are you sure you want any random calls to malloc() (from glibc
>> itself or any other linked-in libraries) to eat UIO allocated buffers ?
>> I don't think so: such physically contiguous, cache coherent buffers
>> are premium ressources, you don't want to distribute them gratuitously.
>>
>>
> Yes - we have a hard limit on memory for our processes, and if they try to
> use more than what we mmap to them, they die, and we're more than fine with
> that. In fact, that's part of our use case and model, we've planned to
> allocate just 5 or so processes on our behemoth machine with gigabytes of
> memory. So they aren't so premium to us.
>
>
>> Regards.
>>
>> --
>> Yann Droneaud
>> OPTEYA
>>
>>
>>
>>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Devices and user processes

2015-10-06 Thread Kenneth Adam Miller 
On Tue, Oct 6, 2015 at 10:32 AM, Yann Droneaud <ydrone...@opteya.com> wrote:

> Le mardi 06 octobre 2015 à 10:13 -0400, Kenneth Adam Miller a écrit :
> >
> >
> > On Tue, Oct 6, 2015 at 9:58 AM, Yann Droneaud <ydrone...@opteya.com>
> > wrote:
> > > Le mardi 06 octobre 2015 à 09:26 -0400, Kenneth Adam Miller a écrit
> > > :
> > >
> > > > Any body know about the issue of assigning a process a region of
> > > > physical memory to use for it's malloc and free? I'd like to just
> > > > have the process call through to a UIO driver with an ioctl, and
> > > then
> > > > once that's done it gets all it's memory from a specific region.
> > > >
> > >
> > > You mean CONFIG_UIO_DMEM_GENIRQ (drivers/uio/uio_dmem_genirq.c)
> > >
> > > See:
> > > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/comm
> > > it/?id=0a0c3b5a24bd802b1ebbf99e0b01296647b8199b
> > > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/comm
> > > it/?id=b533a83008c3fb4983c1213276790cacd39b518f
> > > https://www.kernel.org/doc/htmldocs/uio-howto/using-uio_dmem_genirq
> > > .html
> > >
> > >
> > Well I don't think that does exactly what I would like, although I've
> > got that on my machine and I've been compiling it and learning from
> > it. Here's my understanding of the process of the way mmap works:
> >
> > Mmap is called from userland and it maps a region of memory of a
> > certain size according to the parameters given to it, and the return
> > value it has is the address at which the block requested starts, if
> > it was successful (which I'm not addressing the unsuccessful case
> > here for brevity). The userland process now has only a pointer to a
> > region of space, as if they had allocated something with new or
> > malloc. Further calls to new or malloc don't mean that the pointers
> > returned will preside within the new mmap'd chunk, they are just
> > separate regions also mapped into the process.
> >
>
> You have to write your own custom allocator using the mmap()'ed memory
> your retrieved from UIO.
>

I know about C++'s placement new. But I'd prefer to not have to write my
userland code in such a way-I want my userland code to remain agnostic of
where it gets the memory from. I just want to put a small prologue in my
main, and then have the rest of the program oblivious to the change.


>
> > What I would like is a region of memory that, once mapped to a
> > process, further calls to new/malloc return pointers that preside
> > within this chunk. Calls to new/malloc and delete/free only edit the
> > process's internal table, which is fine.
> >
> > Is that wrong? Or is it that mmap already does the latter?
>
> It's likely wrong. glibc's malloc() using brk() and mmap() to allocate
> anonymous pages. Tricking this implementation to use another mean to
> retrieve memory is left to the reader.
>
>



> Anyway, are you sure you want any random calls to malloc() (from glibc
> itself or any other linked-in libraries) to eat UIO allocated buffers ?
> I don't think so: such physically contiguous, cache coherent buffers
> are premium ressources, you don't want to distribute them gratuitously.
>
>
Yes - we have a hard limit on memory for our processes, and if they try to
use more than what we mmap to them, they die, and we're more than fine with
that. In fact, that's part of our use case and model, we've planned to
allocate just 5 or so processes on our behemoth machine with gigabytes of
memory. So they aren't so premium to us.


> Regards.
>
> --
> Yann Droneaud
> OPTEYA
>
>
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Devices and user processes

2015-10-06 Thread Kenneth Adam Miller 
No, I didn't try it. I just wanted to ask before I got started. Thanks that
answers everything.

Any body know about the issue of assigning a process a region of physical
memory to use for it's malloc and free? I'd like to just have the process
call through to a UIO driver with an ioctl, and then once that's done it
gets all it's memory from a specific region.

On Tue, Oct 6, 2015 at 1:21 AM, Greg KH <g...@kroah.com> wrote:

> On Mon, Oct 05, 2015 at 07:07:51PM -0400, Kenneth Adam Miller wrote:
> > So, I'm reading about UIO devices and user processes for mapping memory
> into
> > userland, and basically I have just a couple questions:
> >
> > What happens when a userland processes has allocated some resource from a
> > driver that is facilitating UIO, but then subsequently crashes? I'd like
> to
> > know that the driver can (or how you would enable such) recover the
> resources
> > so that the next user process can acquire them, instead of them being
> lost.
>
> Have you tried this?  All of your resources should be freed properly, if
> not, let the uio maintainers know.
>
> thanks,
>
> greg k-h
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: UIO Devices and user processes

2015-10-06 Thread Kenneth Adam Miller 
On Tue, Oct 6, 2015 at 9:58 AM, Yann Droneaud <ydrone...@opteya.com> wrote:

> Le mardi 06 octobre 2015 à 09:26 -0400, Kenneth Adam Miller a écrit :
>
> > Any body know about the issue of assigning a process a region of
> > physical memory to use for it's malloc and free? I'd like to just
> > have the process call through to a UIO driver with an ioctl, and then
> > once that's done it gets all it's memory from a specific region.
> >
>
> You mean CONFIG_UIO_DMEM_GENIRQ (drivers/uio/uio_dmem_genirq.c)
>
> See:
>
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0c3b5a24bd802b1ebbf99e0b01296647b8199b
>
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b533a83008c3fb4983c1213276790cacd39b518f
> https://www.kernel.org/doc/htmldocs/uio-howto/using-uio_dmem_genirq.html
>
>
>
Well I don't think that does exactly what I would like, although I've got
that on my machine and I've been compiling it and learning from it. Here's
my understanding of the process of the way mmap works:

Mmap is called from userland and it maps a region of memory of a certain
size according to the parameters given to it, and the return value it has
is the address at which the block requested starts, if it was successful
(which I'm not addressing the unsuccessful case here for brevity). The
userland process now has only a pointer to a region of space, as if they
had allocated something with new or malloc. Further calls to new or malloc
don't mean that the pointers returned will preside within the new mmap'd
chunk, they are just separate regions also mapped into the process.

What I would like is a region of memory that, once mapped to a process,
further calls to new/malloc return pointers that preside within this chunk.
Calls to new/malloc and delete/free only edit the process's internal table,
which is fine.

Is that wrong? Or is it that mmap already does the latter?


> PS: please don't top post reply as it makes it difficult to parse the
> discussion.
>
>
> > On Tue, Oct 6, 2015 at 1:21 AM, Greg KH <g...@kroah.com> wrote:
> > > On Mon, Oct 05, 2015 at 07:07:51PM -0400, Kenneth Adam Miller
> > > wrote:
> > > > So, I'm reading about UIO devices and user processes for mapping
> > > memory into
> > > > userland, and basically I have just a couple questions:
> > > >
> > > > What happens when a userland processes has allocated some
> > > resource from a
> > > > driver that is facilitating UIO, but then subsequently crashes?
> > > I'd like to
> > > > know that the driver can (or how you would enable such) recover
> > > the resources
> > > > so that the next user process can acquire them, instead of them
> > > being lost.
> > >
> > > Have you tried this?  All of your resources should be freed
> > > properly, if
> > > not, let the uio maintainers know.
> > >
> > > thanks,
> > >
>
> Regards.
>
> --
> Yann Droneaud
> OPTEYA
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

UIO Devices and user processes

2015-10-05 Thread Kenneth Adam Miller 
So, I'm reading about UIO devices and user processes for mapping memory
into userland, and basically I have just a couple questions:

What happens when a userland processes has allocated some resource from a
driver that is facilitating UIO, but then subsequently crashes? I'd like to
know that the driver can (or how you would enable such) recover the
resources so that the next user process can acquire them, instead of them
being lost.

We have a specific region of memory that we'd like to allocate to a
process, and we'd like effectively all new and delete or malloc and free
operations to be done against this target area. We'd like to not have to
use placement new in C++-just transparently for the requesting user process
to receive chunks from a specific real region of memory.

Thanks in advance.
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Accessing pointers inside struct passed as argument to ioctl calls

2015-09-28 Thread Kenneth Adam Miller 
You are right, and thank you for bringing this to the mailing list to be
sure about it.

There are several catastrophic vulnerabilities I can see waiting to happen.

First, you should be sure that the pointer that they passed in is checked,
as in the pointer to the buffer should only reside in the mapped memory for
their process.

Second, you trust the size that they pass in with tx_size. You should take
the minimum of tx_siz and size of your kbuf (which is a static 100). Be
careful that when you record a static value to stub out this size, a number
is implicitly by default a signed word size int to the compiler. So a
#define would be signed, but if  you change the type of int tx_siz, be
careful. Also, likely you don't want negative buffer sizes. size_t or
uint16_t should suit your purposes.

On Mon, Sep 28, 2015 at 12:51 PM, Daniel.  wrote:

> Hi all, I have a doubt about using pointers inside structs that are
> passed (as pointers) to ioctl argument. Since pointers passed from
> userspace can't be trusted, I need to copy they to kernel before
> accessing they. In this case I have a pointer inside a struct that is
> passed to the ioctl call also as pointer. So I need to copy the whole
> struct to kernel space and only then dereference the pointer. If this
> is true, two copy_from_user is needed right?
>
> Suppose I have a struct like this
>
> struct myioctl_arg {
> char *tx_buf;
> int tx_siz;
> }
>
> and this ioctl definition
>
> #define MYIOCTL_TX _IOWR(MY_MAGIC, MY_BASE, struct myioctl_arg *);
>
> At userspace program I do something like this:
>
> struct myioctl_arg arg = { .tx_buf = somebuf, .tx_siz = 32 }
> ioctl(fd, MYIOCTL_TX, );
>
> And in my ioclt implementation
> static ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
> {
> struct myioctl_arg karg;
> char   kbuf[100];
> ...
> case MYIOCTL_TX:
>   copy_from_user(, arg, sizeof(karg));
>   copy_from_user(kbuf, karg.tx_buf, karg.tx_siz);
>   // now kbuf has the same contents of somebuf in userspace
>...
> }
>
>
> I'm in doubt if this is the right way to access the userspace tx_buf.
> Since the .tx_buf from arg is a userspace pointer, accessible from
> userspace pointer arg, I can't type arg->tx_buf directly, doing this
> is dereferencing a userspace pointer inside kernel. So I need to copy
> the whole struct and dereference from the kernel space copy of it. So
> this two calls of copy_from_user() is the right way to do it? They are
> needed at all or is there better way of doing it?
>
> Cheers,
> --
> "Do or do not. There is no try"
>   Yoda Master
>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Accessing pointers inside struct passed as argument to ioctl calls

2015-09-28 Thread Kenneth Adam Miller 
I'm pretty sure that exchanging ownership of memory pages between the
kernel and userland is a really huge no-go for security as well. If you do
that, you've implicitly given the user control of the memory map table
contents, so you have to think like a malicious abuser of your api would.
Copy from user exists for a reason, and I'm pretty sure that every budding
kernel developer has suggested what you have because we want performance.
But keep in mind you can only be as performant as reasonable without
sacrificing your user's data on their behalf.

On Mon, Sep 28, 2015 at 6:59 PM, Daniel.  wrote:

> Hi Yann, thank you, as I said this isn't real code, I just use to show my
> case. Anyway I will take the considerations in account. Thank you so much!
> And this get_user_page is new to me, thanks for pointing me out, I will
> read about it.
>
> The real thing is a driver to nrf24l01+ driver from Nordic. I may use this
> non copying aproach to exchange lot of frames without copying. This would
> improve driver's performance. :)
>
> Best regards!
> -dhs
> Em 28/09/2015 17:08, "Yann Droneaud"  escreveu:
>
>> Hi,
>>
>> Le lundi 28 septembre 2015 à 13:51 -0300, Daniel. a écrit :
>> > Hi all, I have a doubt about using pointers inside structs that are
>> > passed (as pointers) to ioctl argument. Since pointers passed from
>> > userspace can't be trusted, I need to copy they to kernel before
>> > accessing they. In this case I have a pointer inside a struct that is
>> > passed to the ioctl call also as pointer. So I need to copy the whole
>> > struct to kernel space and only then dereference the pointer. If this
>> > is true, two copy_from_user is needed right?
>> >
>> > Suppose I have a struct like this
>> >
>> > struct myioctl_arg {
>> > char *tx_buf;
>>
>> __u8 __user *tx_buf;
>>
>> > int tx_siz;
>>
>> __u32 tx_siz;
>>
>> > }
>> >
>> > and this ioctl definition
>> >
>> > #define MYIOCTL_TX _IOWR(MY_MAGIC, MY_BASE, struct myioctl_arg *);
>> >
>>
>> #define MYIOCTL_TX _IOWR(MY_MAGIC, MY_BASE, struct myioctl_arg);
>>
>> > At userspace program I do something like this:
>> >
>> > struct myioctl_arg arg = { .tx_buf = somebuf, .tx_siz = 32 }
>> > ioctl(fd, MYIOCTL_TX, );
>> >
>> > And in my ioclt implementation
>> > static ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
>> > {
>> > struct myioctl_arg karg;
>> > char   kbuf[100];
>> > ...
>> > case MYIOCTL_TX:
>> >   copy_from_user(, arg, sizeof(karg));
>>
>> if (copy_from_user(, (const void __user *)arg, sizeof(karg))
>> return -EFAULT;
>>
>> if (!karg.tx_siz)
>> return -EINVAL;
>>
>> if (karg.tx_siz > sizeof(kbuf))
>> return -EINVAL;
>>
>> >   copy_from_user(kbuf, karg.tx_buf, karg.tx_siz);
>>
>> if (copy_from_user(kbuf, karg.tx_buf, karg.tx_siz))
>> return -EFAULT;
>>
>> >   // now kbuf has the same contents of somebuf in userspace
>> >...
>> > }
>> >
>> >
>> > I'm in doubt if this is the right way to access the userspace tx_buf.
>> > Since the .tx_buf from arg is a userspace pointer, accessible from
>> > userspace pointer arg, I can't type arg->tx_buf directly, doing this
>> > is dereferencing a userspace pointer inside kernel. So I need to copy
>> > the whole struct and dereference from the kernel space copy of it. So
>> > this two calls of copy_from_user() is the right way to do it? They are
>> > needed at all or is there better way of doing it?
>> >
>>
>> They are needed. Add __user annotation, install sparse and build with
>> make C=1.
>>
>> For the second one, if the tx_buf is large enough, you may be well using
>> something like get_user_page() to pin userspace memory inside the kernel
>> memory so that you don't have to copy the memory to access it.
>>
>> Regards.
>>
>> --
>> Yann Droneaud
>> OPTEYA
>>
>>
>>
> ___
> Kernelnewbies mailing list
> Kernelnewbies@kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>
>
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Planning to write a patch

2015-08-26 Thread Kenneth Adam Miller 
Well, to do that you would have to read the specifications of the
particular hardware. In which case the driver becomes specialized to it-not
useful for anything but your own monitor. But if your monitor provides that
support, then I guess when the ioctl receives a requested change in
brightness you could use that facility of the monitor to retain the setting.

On Wed, Aug 26, 2015 at 2:16 PM, Umair Khan omerj...@gmail.com wrote:



 On Wed, Aug 26, 2015 at 11:21 PM, Kenneth Adam Miller 
 kennethadammil...@gmail.com wrote:

 Well, it's probably worth doing for the sake of your learning. However,
 if you are going to get into the source, I think it's highly likely that
 you are going to see that the driver provides such a feature to userspace
 code through means of an ioctl, and in that case, you will probably be able
 to set the brightness programmatically without ever having to interfere
 with the driver code itself. So for that matter, the objective doesn't
 really fit with the complexity you're taking on. If what I'm saying is
 right, you could easily implement this entirely in userland code by writing
 a binary and then putting a script in the startup execution so that it
 calls your binary.

 If you really want to hack the driver, another way to do it is to just
 put the brightness setting in the driver's init function, so that when the
 module is loaded it turns up the brightness. In that case, you *should* get
 what you want because the driver will be loaded at system boot.

 On Wed, Aug 26, 2015 at 1:45 PM, Umair Khan omerj...@gmail.com wrote:

 Hello everyone,

 I've been thinking of writing a patch a lot lately. But with my level of
 knowledge I cannot do something groundbreaking.
 One thing which came to my mind is to write a patch related to the
 driver which controls the brightness of the display.
 What happens now is I lower down the brightness, and when I restart the
 laptop, it's back to the highest amount.
 I'm using Ubuntu 14.04 LTS on top of Linux Kernel 4.2 rc3+.
 I was thinking of writing the current brightness to sysfs and read that
 value when the driver is started during the boot.

 So, my question is that is it already implemented in the driver and just
 that Ubuntu resets it on every reboot from userspace ?
 And if it is not implemented, is it worth implementing ?

 Thanks
 Umair
 Delhi, India




 I do get this that, most probably this feature would have been provided
 via ioctl. And it is better handled inside the userspace.
 But it'd be just like the hardware is intelligent enough to keep the value
 persistent across reboot. Like the monitor of my PC keeps the brightness,
 and all the different values for that matter, persistent across reboot.
 Userspace can always override this behavior anyways.

 Thoughts ?

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Planning to write a patch

2015-08-26 Thread Kenneth Adam Miller 
Well, it's probably worth doing for the sake of your learning. However, if
you are going to get into the source, I think it's highly likely that you
are going to see that the driver provides such a feature to userspace code
through means of an ioctl, and in that case, you will probably be able to
set the brightness programmatically without ever having to interfere with
the driver code itself. So for that matter, the objective doesn't really
fit with the complexity you're taking on. If what I'm saying is right, you
could easily implement this entirely in userland code by writing a binary
and then putting a script in the startup execution so that it calls your
binary.

If you really want to hack the driver, another way to do it is to just put
the brightness setting in the driver's init function, so that when the
module is loaded it turns up the brightness. In that case, you *should* get
what you want because the driver will be loaded at system boot.

On Wed, Aug 26, 2015 at 1:45 PM, Umair Khan omerj...@gmail.com wrote:

 Hello everyone,

 I've been thinking of writing a patch a lot lately. But with my level of
 knowledge I cannot do something groundbreaking.
 One thing which came to my mind is to write a patch related to the driver
 which controls the brightness of the display.
 What happens now is I lower down the brightness, and when I restart the
 laptop, it's back to the highest amount.
 I'm using Ubuntu 14.04 LTS on top of Linux Kernel 4.2 rc3+.
 I was thinking of writing the current brightness to sysfs and read that
 value when the driver is started during the boot.

 So, my question is that is it already implemented in the driver and just
 that Ubuntu resets it on every reboot from userspace ?
 And if it is not implemented, is it worth implementing ?

 Thanks
 Umair
 Delhi, India

 ___
 Kernelnewbies mailing list
 Kernelnewbies@kernelnewbies.org
 http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies


___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Placement Allocation within the kernel

2015-08-20 Thread Kenneth Adam Miller 
Suppose I want to do something analogous to C++'s new in userspace. But
instead, I want an entirely new page table to be constructed at the
location of my choosing. In addition, I want a specific region for that
page table to manage, and this requires that this region no longer be
available to the rest of kernel code in order that it cannot be served for
allocation elsewhere.

To illustrate what I want to do, I think it would be ok to imagine that I
allocate a very large contiguous region of memory within which to do this.
Once that region of memory is allocated, it can't be served elsewhere, so
that serves my purpose. Then what I want to do is have an equivalent of
kmalloc and free that not only takes size and a pointer respectively, but
also the table which to reference in order to do the allocation from. To
begin with, before I do work allocation with this table, I need a function
that will construct such a table correctly at the location of my choosing
within the large block that I mentioned that I've allocated before.

The end result is what I need, and from which I've derived the above
requirements: I can have the default memory management facilities within
the kernel reused to suit my needs. Kmalloc and kfree will coalesce the
table behind the scenes for me, which is what I want to avoid.

Is the above possible? I'm pretty sure that it is.
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Safety in Kernel Development

2015-08-19 Thread Kenneth Adam Miller 
Ok, agreed. I hadn't known that much - I apologize for getting this to the
wrong list. I've not at all proposed any kernel overhaul effort, only how
to affect my own code. :)


Thank you to all mentors who gave advice. :)

On Wed, Aug 19, 2015 at 3:23 AM, Ruben Safir ru...@mrbrklyn.com wrote:

 On 08/18/2015 08:30 PM, Kenneth Adam Miller wrote:
  | this is not a rational approach
 
  I'm very strongly confident the approach of achieving stronger guarantees


 Off topic

 ___
 Kernelnewbies mailing list
 Kernelnewbies@kernelnewbies.org
 http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Safety in Kernel Development

2015-08-18 Thread Kenneth Adam Miller 
My interest is clearly on approaches that can be taken to do hardened
kernel module development.

Excuse me, I didn't say I was interested in editing the linux kernel, and
for that matter as I understand the kernel newbies mailing list is general
across the entirety of kernel programming, whether editing it directly or
writing driver modules. If you read what I wrote closely, I'm not at all
interested in changing anybody else's code or in changing the development
habits of other people or organizations. What I am interested in is
ensuring that the code *I* write is as safe as possible.

I don't think it's at all applicable to restrict the conversation to a
specific language. I see kernel programming as being very strongly
pragmatist in nature. I don't care what you call it, it has to work, and
for our requirements it has to be safe as well. I'm not alone in wanting
stronger security. Since I don't see any one person given authority to
dictate what can or can't be discussed here, I'm just going to go about my
business hardening my code and finding others from whom I can learn and
share with.

To me a language is a tool, not an idol. But if you read further into the
chain, you can also see I brought in the possibility of a passive Control
Flow Integrity approach woven by compiler or alternatively a safer compiler
that wouldn't even need to be trusted to emit code that does not segfault
or leak memory.

| this is not a rational approach

I'm very strongly confident the approach of achieving stronger guarantees
at the language level are both very rational and pragmatic, and I have the
sources and information to back it up. Let me address what I think is the
root of the response here however: kmemleak is a good idea and useful tool,
and I plan to use it if I can get the time. So I appreciate any helpful
mention that has been given here to tools I can use, I just happen to make
a note about viability that crossed my mind for that particular tool. We
just want the strongest guarantees we can get, so I didn't intend to be
snarky.

On Tue, Aug 18, 2015 at 6:27 PM, Ruben Safir ru...@mrbrklyn.com wrote:

 On 08/18/2015 09:25 AM, Kenneth Adam Miller wrote:
  Ok- so I know that C is the defacto standard for kernel development.


 That about sums it up.  did you have some question about kernel
 development.  This is a mailing list on mentoring and skills
 developments in writing the Linux Kernel.  We know it is written mostly
 in C.  YOU KNOW it is written in C.  So after this, nothing else you
 wrote is relevant to THIS mailing list.

 ___
 Kernelnewbies mailing list
 Kernelnewbies@kernelnewbies.org
 http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Safety in Kernel Development

2015-08-18 Thread Kenneth Adam Miller 
Has anybody seen the new verified C compiler that came out of inria? I
think it's supposed to show that if it does not give a warning, that there
can be no segfault. But I'm not sure about leakage and other concerns.

On Tue, Aug 18, 2015 at 11:01 AM, Victor Rodriguez vm.ro...@gmail.com
wrote:

 +1 to coverity we use that :)


 On Tue, Aug 18, 2015 at 9:01 AM, leo kirotawa kirot...@gmail.com wrote:
  For memory leaks kernel has a clever mechanism to verify it that you
  can enable in .config for use [1].
  You can also uses Sparse in kernel for static analyze purpose.
 
  There are others out there such as coverity scan, coccinelle, etc.
 
  [1] https://www.kernel.org/doc/Documentation/kmemleak.txt
 
  []'s
 
 
  On Tue, Aug 18, 2015 at 10:45 AM, Kenneth Adam Miller
  kennethadammil...@gmail.com wrote:
  Why? That's what the vast majority of the kernel is written in (besides
  assembler, but what I'm looking for isn't a way to write safe
 assembler).
  Plus, tons of people in the kernel development community *must* have
 some
  concern or interest in security. I don't care if the kernel is written
 in C,
  but I sure would like my kernel module to be safer. If I can get it I
 don't
  care what language it's in-it just has to work and *be secure*.
 
  On Tue, Aug 18, 2015 at 9:40 AM, Robert P. J. Day 
 rpj...@crashcourse.ca
  wrote:
 
  On Tue, 18 Aug 2015, Kenneth Adam Miller wrote:
 
   Ok- so I know that C is the defacto standard for kernel
   development...
 
and that's probably where you should have stopped typing. :-)
 
  rday
 
  --
 
 
 
  Robert P. J. Day Ottawa, Ontario,
 CANADA
  http://crashcourse.ca
 
  Twitter:
 http://twitter.com/rpjday
  LinkedIn:
 http://ca.linkedin.com/in/rpjday
 
 
 
 
 
  ___
  Kernelnewbies mailing list
  Kernelnewbies@kernelnewbies.org
  http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
 
 
 
 
  --
 
  --
  Leônidas S. Barbosa (Kirotawa)
  blog: corecode.wordpress.com
 
  ___
  Kernelnewbies mailing list
  Kernelnewbies@kernelnewbies.org
  http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Safety in Kernel Development

2015-08-18 Thread Kenneth Adam Miller 
Why? That's what the vast majority of the kernel is written in (besides
assembler, but what I'm looking for isn't a way to write safe assembler).
Plus, tons of people in the kernel development community *must* have some
concern or interest in security. I don't care if the kernel is written in
C, but I sure would like my kernel module to be safer. If I can get it I
don't care what language it's in-it just has to work and *be secure*.

On Tue, Aug 18, 2015 at 9:40 AM, Robert P. J. Day rpj...@crashcourse.ca
wrote:

 On Tue, 18 Aug 2015, Kenneth Adam Miller wrote:

  Ok- so I know that C is the defacto standard for kernel
  development...

   and that's probably where you should have stopped typing. :-)

 rday

 --

 
 Robert P. J. Day Ottawa, Ontario, CANADA
 http://crashcourse.ca

 Twitter:   http://twitter.com/rpjday
 LinkedIn:   http://ca.linkedin.com/in/rpjday
 


___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Safety in Kernel Development

2015-08-18 Thread Kenneth Adam Miller 
@leo If kmemleak is not a language based approach, I ardently question the
completeness of such a verification. For example, users of valgrind might
make such promises of verification of user land code, but valgrind is
limited by it's approach in that execution paths that do not occur cannot
be checked.

Thanks for that, however-I didn't have it before. Drk is also good if you
haven't heard of it :-)

On Tue, Aug 18, 2015 at 10:01 AM, leo kirotawa kirot...@gmail.com wrote:

 For memory leaks kernel has a clever mechanism to verify it that you
 can enable in .config for use [1].
 You can also uses Sparse in kernel for static analyze purpose.

 There are others out there such as coverity scan, coccinelle, etc.

 [1] https://www.kernel.org/doc/Documentation/kmemleak.txt

 []'s


 On Tue, Aug 18, 2015 at 10:45 AM, Kenneth Adam Miller
 kennethadammil...@gmail.com wrote:
  Why? That's what the vast majority of the kernel is written in (besides
  assembler, but what I'm looking for isn't a way to write safe assembler).
  Plus, tons of people in the kernel development community *must* have some
  concern or interest in security. I don't care if the kernel is written
 in C,
  but I sure would like my kernel module to be safer. If I can get it I
 don't
  care what language it's in-it just has to work and *be secure*.
 
  On Tue, Aug 18, 2015 at 9:40 AM, Robert P. J. Day rpj...@crashcourse.ca
 
  wrote:
 
  On Tue, 18 Aug 2015, Kenneth Adam Miller wrote:
 
   Ok- so I know that C is the defacto standard for kernel
   development...
 
and that's probably where you should have stopped typing. :-)
 
  rday
 
  --
 
  
  Robert P. J. Day Ottawa, Ontario, CANADA
  http://crashcourse.ca
 
  Twitter:
 http://twitter.com/rpjday
  LinkedIn:
 http://ca.linkedin.com/in/rpjday
  
 
 
 
  ___
  Kernelnewbies mailing list
  Kernelnewbies@kernelnewbies.org
  http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
 



 --

 --
 Leônidas S. Barbosa (Kirotawa)
 blog: corecode.wordpress.com

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Safety in Kernel Development

2015-08-18 Thread Kenneth Adam Miller 
Ok- so I know that C is the defacto standard for kernel development. What
I'm not saying is that we should all move away from it or that it should be
adopted internally. What I am saying is related to security concerns in
developing a kernel driver. What may come of it may generally allow for
better quality, but that's a separate topic.


So kernel programming is very hard. It has both a high bar to entrance and
even just getting code to compile and run is not really any guarantee at
all that you've done a good job of authoring a kernel driver. I don't
really believe that things like Klee really find all errors, but I think
that a defense in depth approach would be good. So, when I can get my
kernel object to compile, I know that I can test that it runs, but I would
also like to have the confidence to know that it won't leak kernel memory
or other resources and for that matter will not deference an invalid
pointer.

Things like Rust allow for better type safety help. In userland programs,
SFI is good as a passive backup to type safety but I don't think that SFI
is applicable to kernel land because the execution boundaries are not set
up under a specific virtual memory scheme. CFI would also be good, but I
don't know of any compiler implementation that I can use off the shelf in a
kernel programming environment.

I guess the best option IMHO is some way to codify the restrictions and
semantics of operation somehow into an expressive language that can be
checked at compile time. So, in the case of re-entrancy, I'd like an error
at compilation time that could just prevent the entrance of bad code. In
our case, we'd rather have some good code than a lot of bad code.

Does anybody have any recommendations? Or shared interest?
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Safety in Kernel Development

2015-08-18 Thread Kenneth Adam Miller 
@nick Ah! Cool, well thank you. Module signing protects against a different
set of attack vectors than what I'm interested in. Like in the case of
heartbleed, it didn't matter that traffic was encrypted because once an
attack gains execution control they can wait until the payload is
decrypted. Likewise, it doesn't matter that you can have the kernel only
load signed modules-if an attacker gains execution control flow they can
execute with ROP/JIT-ROP or whatever payload they send. So I still need
language based security.

@Victor Thank you so much. Gosh, it seems like there's some kind of
psychological resistance to adopting language based approaches to security.
They really aren't so bad. Thank you for the tip about the selftest
framework.

Some of the other real questions I have about using Rust (I don't care what
language really) specifically concern binary format constraints and typing
mechanism expressiveness. I am concerned that compilers other than gcc (C
specifically) will not produce code specific to the kernel as needed, and
that later upgrades of the compiler backends (Rust with LLVM) might lead to
code produced for userland being executed in a kernel context. This might
not sound bad at first, but I fear it would lead to things like userland
protection mechanisms stumbling over implicit assumptions not held in
kernel land or otherwise kernel code requirements. Also, I don't know that
I can codify the restrictions of kernel programming in the typing mechanism
to ensure that issues not present in userland are appropriately addressed.
Interrupt handling and re-entrancy are things I really don't think that
userland code addresses much.

Does anybody have any thoughts? It really can be any language, utility, or
mechanism to make kernel code harder to break.

On Tue, Aug 18, 2015 at 9:52 AM, Victor Rodriguez vm.ro...@gmail.com
wrote:

 On Tue, Aug 18, 2015 at 8:25 AM, Kenneth Adam Miller
 kennethadammil...@gmail.com wrote:
  Ok- so I know that C is the defacto standard for kernel development. What
  I'm not saying is that we should all move away from it or that it should
 be
  adopted internally. What I am saying is related to security concerns in
  developing a kernel driver. What may come of it may generally allow for
  better quality, but that's a separate topic.
 
 
  So kernel programming is very hard. It has both a high bar to entrance
 and
  even just getting code to compile and run is not really any guarantee at
 all
  that you've done a good job of authoring a kernel driver. I don't really
  believe that things like Klee really find all errors, but I think that a
  defense in depth approach would be good. So, when I can get my kernel
 object
  to compile, I know that I can test that it runs, but I would also like to
  have the confidence to know that it won't leak kernel memory or other
  resources and for that matter will not deference an invalid pointer.
 
  Things like Rust allow for better type safety help. In userland programs,
  SFI is good as a passive backup to type safety but I don't think that
 SFI is
  applicable to kernel land because the execution boundaries are not set up
  under a specific virtual memory scheme. CFI would also be good, but I
 don't
  know of any compiler implementation that I can use off the shelf in a
 kernel
  programming environment.
 
  I guess the best option IMHO is some way to codify the restrictions and
  semantics of operation somehow into an expressive language that can be
  checked at compile time. So, in the case of re-entrancy, I'd like an
 error
  at compilation time that could just prevent the entrance of bad code. In
 our
  case, we'd rather have some good code than a lot of bad code.
 
  Does anybody have any recommendations? Or shared interest?


 Security in Kernel matters . I am Clera Linux OS developer and we care
 a lot about security . How much as much that we check 100 times the
 security of the OS per day.

 There are many ways to check the security , the standard CVE list is
 the first place to check . We do have a tool that check that:

 https://github.com/ikeydoherty/cve-check-tool/

 However what you are asking for is a way to prevent the coder to
 create security holes in the driver he is creating, thats the question
 right ? . I think is a fair question and despite the fact that there
 are some efrors to check quality in the kernel like LTSI test suite
 and internal test suite in kernel

 Linux Kernel Selftest Framework


 Hope it helps

 Regards

 Victor Rodriguez
 clearlinux.org

  ___
  Kernelnewbies mailing list
  Kernelnewbies@kernelnewbies.org
  http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
 

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Best approach to explore the linux source code

2015-08-15 Thread Kenneth Adam Miller 
Well, if you really only want to find bugs in kernel code (specifically
linux drivers) there was a recent white paper that came out that used
Dynamo Rio to instrument and analyze the kernel. You can (I think) trigger
simulated events to the kernel and compose a sort of fuzzing environment
against any given kernel code.

The problem with Dynamo Rio is there's currently really no Pin++, so if you
were to wish for something like a mature taint analysis or symbolic
emulation (or whatever else...) facilities that you can embed within your
own custom analyses it would be a costly manual labor operation.

On Sat, Aug 15, 2015 at 1:17 PM, victorascr...@gmail.com wrote:

 On 15-08-15 12:28:06, Umair Khan wrote:
  Hi everyone,
 
  I'm a final year undergraduate student. I've been spending a lot of
  time with OS books these days.
  I've been reading about the internals of the Linux kernel and drivers
  in the books. But, I've never really seen them in action except the
  drivers. Hacking a driver is easy.

 Hacking a driver is easy? :)

 
  Is there any good approach/tutorial to walk me through the source code
  of the kernel ?

 There is only one approach to understanding any code. Reading the code
 and understanding how different things interact. If you have doubts
 you can always ask here.

 Read Linux Device Drivers? Though that will still not prepare you
 for actual code. Eudyptula Challenge?

 
  Also, I'm using a self built linux kernel 4.2 on my laptop. Is there
  any way that I can contribute upstream to the kernel. I'm using 4.2 in
  the hope to find bugs in driver stuffs. I haven't found any yet.

 http://lxr.free-electrons.com/source/Documentation/SubmittingDrivers
 http://lxr.free-electrons.com/source/Documentation/SubmittingPatches

 Just running the kernel might not always point out bugs.

 ___
 Kernelnewbies mailing list
 Kernelnewbies@kernelnewbies.org
 http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Reusable Memory Manager

2015-04-22 Thread Kenneth Adam Miller 
So, I have a particular use case that has a lot to do with security.

Basically, we have a intended secure kernel version with grsecurity and
other patches on it, and we have a specific application that has to do data
filtering as an inline reference monitor.

The problem is, there is throughput and design considerations that are
limiting efficiency in the sense that it is highly difficult to make the
system concurrent and also highly difficult to scale-all while also being
secure.

Basically, the memory regions have to be encoded at compile time because of
the way kernel segregation works. This makes the security proof of the
system far more simple and manageable; it's easy to say that no userland
monitor which is being given access to a specific memory region can access
outside of the region to which it is allocated, because it's statically
set. The tradeoff here is pretty severe, because the static settings that
have to be adopted pretty much mean that each particular monitor is given a
specific memory region; if there's a lot of traffic to a specific monitor
type, then that one type will be overwhelmed, but not even at the rate that
the machine itself could support. This is because all the other cores are
potentially sitting unused while the one in this worst case scenario is
running out of memory and not able to dispatch work to more cores.

So my ultimate question is: is there some reusable, dynamic memory
allocation manager that can be used? I'm thinking that there has to, at the
least, be the constructs by which user land processes are managed and
divvied memory by the kernel itself. Does anybody know where that source
would be? Where I can go in order to learn more about that?

What we want is a secure way to dynamically allocate memory from these
static memory page boundaries such that
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Kernel Mocking

2015-02-20 Thread Kenneth Adam Miller 
Thanks for your expedient answer!

So, I was discussing an alternative to mocking; function hooking. But in a
benign way. Is there any way to, at runtime replace the functionality of
code in order that you specify what it does for any given kernel function?

On Fri, Feb 20, 2015 at 3:24 PM, Greg KH g...@kroah.com wrote:

 On Fri, Feb 20, 2015 at 02:51:25PM -0500, Kenneth Adam Miller wrote:
  So, in userland development, the idea of mocking is used to isolate
 context
  management and machine configuration into a single class or set of
 functions
  that can be reused, and also facilitate testing much easier. Google mock
 is a
  great example.
 
  Say I develop a kernel module, and I want that module to have some
 result X
  after some returned result, whatever that might be. Is there anything
 similar
  for kernel code?

 Not really, sorry.  Running in the kernel means you don't have much room
 for simulation.  But you can use qemu, or other virtual machines and a
 debugger to test your code if you really want to.

 Good luck!

 greg k-h

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Re: Kernel Mocking

2015-02-20 Thread Kenneth Adam Miller 
Well I think that a function or system call semantics replacement facility
would be useful to unit testers everywhere. It would be benign of course,
requiring that the unit testing framework request of the kernel that it
replace the kernel facilities specified prior to the test, and
automatically replace them afterward. So, this isn't anything akin to doing
anything malicious, it requires user cooperation in order to hook. It's not
like something forcibly done. I'm thinking of an intel pin for kernel level
code.

On Fri, Feb 20, 2015 at 3:45 PM, Greg KH g...@kroah.com wrote:

 On Fri, Feb 20, 2015 at 03:26:40PM -0500, Kenneth Adam Miller wrote:
  Thanks for your expedient answer!
 
  So, I was discussing an alternative to mocking; function hooking. But in
 a
  benign way. Is there any way to, at runtime replace the functionality of
 code
  in order that you specify what it does for any given kernel function?

 Not really, but there are some hacks you can do if you _really_ know
 what you are doing.

 Hint, don't do this, just write normal tests for your kernel code, we
 have lots of them already in the source tree, look in tools/selftests/.

 Best of luck,

 greg k-h

___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Kernel Mocking

2015-02-20 Thread Kenneth Adam Miller 
So, in userland development, the idea of mocking is used to isolate context
management and machine configuration into a single class or set of
functions that can be reused, and also facilitate testing much easier.
Google mock is a great example.

Say I develop a kernel module, and I want that module to have some result X
after some returned result, whatever that might be. Is there anything
similar for kernel code?
___
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies