Post on 13-Aug-2020
transcript
Introduc)ontotheLinuxKernel
Prak)kumKernelProgrammingUniversityofHamburgScien)ficCompu)ng
Wintersemester2015/2016
Konstan)nosChasapisKonstan)nos.chasapis@informa)k.uni-hamburg.de
Outline
• Introduc)on(story,licence,versioning)• Mainparts• LoadableKernelModules• SystemCalls• Security
4/11/15 Linux Kernel Intro. 1
Introduc)on• DevelopedbyLinusTorvalds(1991)
– JustforFun:TheStoryofanAccidentalRevolu)onarybyLinusTorvalds
• BasedonUnix• 1stversionsupportedIntel80386• Currentlyvariouspla\ormsaresupported• ImplementedinGNUC• SeveralDistribu)ons(distro)
– RedHat,CentOS,Ubuntu,SUSE,Debian,Arch– Differentpackagesystem,configura)onetc.– Applydifferentpatches
4/11/15 Linux Kernel Intro. 2
Introduc)on(cont.)• X-ServerisnotimplementedwithintheKernel• Everythingrunin“Kernelmode”
– Privilegedaccesstohardware• Monolithicbutboastsmodulardesign
– Kernelpreemp)on(undercertaincondi)ons)• Theschedulerispermieedtoforciblyperforma
contextswitch– Supportskernelthreads– Dynamicloadandunloadbinaries(kernelmodules)– Reentrant,severalprocessescanbeinkernelmode
simultaneously
4/11/15 Linux Kernel Intro. 3
Introduc)on(cont.)• LicenseTerms
– islicensedundertheVersion2oftheGNUGeneralPublicLicense(GPL)
– AllowsanybodytoredistributeandevensellaproductcoveredbyGPLaslongastherecipienthasaccesstothesourceandisabletoexercisethesamerights
– AnysogwarederivedbyaproductcoveredbyGPLmustbereleasedundertheGPL
• Democra)ze,everyonecancontribute– Ifyouwantyourcodetogointothemainlineoryouhave
modifiedthekernelthenyouhavetouseGPL-compa)blelicense
4/11/15 Linux Kernel Intro. 4
Introduc)on(cont.)• UseofbinaryBlobs(Modules,firmware)
– Thesourceisnotgiven– Maycontainpartofthedriverfromanotherfilesystem– Ifthecodehasbeenportedfromanotheropera)ngsystem
islegal– Ifacompanywantstokeepthesourceprivate– Usingsuchsogwareisdiscourage
• Versioning– $uname–a
3 . 17 . 1
major . minor . revision 4/11/15 Linux Kernel Intro. 5
Outline
• Introduc)on(story,licence,versioning)• Mainparts• LoadableKernelModules• SystemCalls• Security
4/11/15 Linux Kernel Intro. 6
Αpplications
Linuxsystemoverview
Shell
Kernel
Hardware
4/11/15 Linux Kernel Intro. 7
Privileged mode
Requestflow
Applications
Shell
Kernel Hardware
4/11/15 Linux Kernel Intro. 8
Mainparts
Process Management (PM)
Memory Management (MM)
Network Stack
Virtual File System (VFS)
Device Drivers (DD) Arch
System Call Interface
4/11/15 Linux Kernel Intro. 9
Mainparts(cont.)• Systemcallinterface(SCI)
– Athinlayerthatprovidesamethodtointeractfromuserspacetokernelspace
• ProcessManagement(PM)– Create,destroyprocesses– Communica)onbetweendifferentprocesses(kernelthreads)– CPUscheduling
• MemoryManagement(MM)– Physicaltovirtualmemorymanagement– Memoryalloca)on– Swapping,frommemorytoharddisk
4/11/15 Linux Kernel Intro. 10
Mainparts--I/OPath• VirtualFileSystem(VFS)
– Eportsthecommonfileinterface– Abstractfilesystemfunc)onalityfrom
implementa)on
• FileSystems– Implementa)onofFSfunc)onality
• BufferCache– Asetoffunc)onstomanipulatemain
memorydesignedforFS• DeviceDriver• PhysicalDevice
– Wheredatalive
VFS
ext4 /proc XFS
Buffer Cache
Device Drivers
Physical Devices 4/11/15 Linux Kernel Intro. 11
Mainparts(cont.)• NetworkStack
– Implementthenetworkprotocols– Deliverpacketsacrossprogramsandnetworkinterfaces
• DeviceDrivers(DD)– Interactwiththehardware– Extractanabstrac)onofthedevicefunc)onali)es
• Arch– Architecturedependentcode
4/11/15 Linux Kernel Intro. 12
Outline
• Introduc)on(story,licence,versioning)• Mainparts• LoadableKernelModules• SystemCalls• Security
4/11/15 Linux Kernel Intro. 13
LKMs• LKMs(LoadableKernelModules)• Pre-compiledbinarypieces• Eachpieceiscalled“module”• Canbeloadedatrun)me• Extendthefunc)onalityofthesystem• Enforcemodularity
– Easytodevelop,debugandmaintain– Noneedtorebuildthekernel
• Cansavememory(loadonlythenecessary)
4/11/15 Linux Kernel Intro. 14
WhatareLKMsusedfor• Everythingthatisnotrequiredinthecore• 6maincategories
– Devicedrivers– Filesystemdrivers
• Implementa)onofaspecificfilesystem– Systemcalls– Networkstack
• Interpretsanetworkprotocol– TTYlinedisciplines– Executableinterpretersforthesupportedformats
4/11/15 Linux Kernel Intro. 15
CharacterDeviceDriver
• ReadorWriteabyteata)me• Accessedbyastreamofbytes• Usuallypermitonlysequen)alaccess• Implement:open,close,read,write• Similartoregularfiles
– /dev/console– /dev/eyS0
4/11/15 Linux Kernel Intro. 16
BlockDeviceDriver
• ReadorWriteblock-sizemul)ples• Permitrandomaccess• Accessedinthe/dev/• Filesystemscanbemountontop• HandleI/Oopera)ons• Differwiththecharmoduleinthewaythemanagedatainsidethekernel
• Differentinterfacetothekernelthancharmodules
4/11/15 Linux Kernel Intro. 17
NetworkDrivers• Handleanynetworktransac)onmade• Transferpacketsofdata• Independentofaspecificprotocol• Recep)onandTransmissioninsteadofRead/Write• Usuallytheinterfaceisahardwaredevicebutitcanalsobe
sogwareliketheloopback– loopbackisusedtocommunicatewiththeserversthat
runinthesamenode,debuggingetc.• Theyarenotmappedtothefilesystem;theyareiden)fied
byaname
4/11/15 Linux Kernel Intro. 18
Outline
• Introduc)on(story,licence,versioning)• Mainparts• LoadableKernelModules• SystemCalls• Security
4/11/15 Linux Kernel Intro. 19
Systemcalls• Asyscallcausesaprogrammedexcep)on(trap)ontheCPU
– syscall(number,arguments)• Withinthekernelyoucannotaccessuserspacebuffers
directly
Syscall Table
User Space
Kernel Space
write(fd, ptr, sz)
syscall(WRITE, fd, ptr,sz)
sys_write(f, up, sz)
vfs_write(f, p, sz) etx4_write(f, p, sz)
copy_from/to_user (to,from,sz)
4/11/15 Linux Kernel Intro. 20
Outline
• Introduc)on(story,licence,versioning)• Mainparts• LoadableKernelModules• SystemCalls• Security
4/11/15 Linux Kernel Intro. 21
Securityconsidera)ons• Securitycheckisenforcedbythekernel• IftheKernelhas„holes“Systemhasholes• Avoidintroducingtypicalprogrammingbugs
– Moduleparameters– Bufferoverrun– Memorycorrup)on
• Zeroorini)alizememorygiventouser• Runprecompiledkernelsfoundinyourdistro• Inofficialdistrosonlythesuperusercanloadandunload
modules
4/11/15 Linux Kernel Intro. 22
Kernel programming is vital for as long as new hardware is being
designed and produced or old-obsolete hardware is maintained.