How can I find out the field offsets of a kernel struct?
I sometimes need to figure out the layout (as in, field offsets) of some kernel structure or another. What is the easiest way to do this?An example usecase: A few days ago I wanted to attach a kprobe...
View ArticleHow ima handles authenticated user changes in a file?
I am a newbie in Integrity Measurement Architecture. I was referring to https://sourceforge.net/p/linux-ima/wiki/Home/ for how to configure ima in linux. My understanding is when a file is read, ima...
View ArticleMy Linux kernel module is not receiving the correct User-space Application PID
I am developing Linux kernel module which is communicating with my user-space C application. In this module, I am creating a thread. Besides, I need to know the pid of the user space process, so I am...
View ArticleUsing in user programs, or in driver module code...does it matter?
I'm developing a device driver module and associated user libraries to handle the ioctl() calls. The library takes the pertinent info and puts it into a struct, which gets passed into the driver module...
View ArticleYocto: patch kernel module Makefile
I have a Linux kernel for NXP i.MX6. There are some capture kernel modules in /driver/media/platform/mxc/capture.One of the files called mxc_v4l2_capture.c. I had to change this file for using it with...
View ArticleBinder thread IDs
I am just after a quick clarification from someone who has more of an idea than I. I am currently tracing binder transactions in the Android Kernel and comparing them to the binder logs as a sanity...
View Articlefailing to attach eBPF `kretprobes` to `napi_poll()` with bcc tools
Idea is to use argdist to measure latency duration of napi_poll() which returns number of packet processed (called work). Ratio of execution latency of napi_poll() to number of packets processed would...
View ArticleeBPF: How can the sockaddr struct be read when hooking into...
As proposed in the presentation Security Monitoring with eBPF I'm trying to hook into security_socket_connect.While my gobpf/bcc based code partly works, I seem not be able to read the IP address in...
View ArticleHow can I determine which namespaces a PID is in from kernel space?
I am trying to write an eBPF program to log every call of a particular syscall from containers running on the system. I am using bcc and can retrieve the PID using bpf_get_current_pid_tgid(). From...
View ArticleeBPF: reading the result of getaddrinfo
Similar to the gethostlatency.py tool in the the BPF Compiler Collection (bcc) I want to trace function calls to getaddrinfo. Additionally, I want to collect the returned values (IP addresses, address...
View ArticleWhy is a kretprobe on sys_futex called less often than a corresponding kprobe?
I am doing some tracing of various kernel functions and system calls, and establishing patterns between them which can be used for certain performance profiling.One thing that I noticed is that...
View ArticleWhat is the error of "linux unable to handle kernel paging request at...
I have written some Linux kernel code, which causes runtime error, and reports linux unable to handle kernel paging request at ffffffff00000010.It is just a code to hook the open system call in Linux...
View ArticleERROR showed when typed: yum install httpd
ERROR shows when typed yum install httpdfailed to simhronize cache for repo Appstream as well for BaseOS and extrass Please somebody tell me what to do ???
View ArticleSpin_lock and mutex lock order
I got test question (interview). You need to grab both spin_lock and mutex in order to do something. What is the correct order of acquiring? Why?I have some thoughts about this but no strong opinion...
View ArticleWhy does gdb does not show debug symbols of kernel with debug info?
I am trying to learn more about kernel and driver development, so for that purpose I thought to use KVM and gdb to establish debug session with custom installed kernel (v5.1.0). The kernel has debug...
View ArticleLinux scheduler operation on a multi-core system
Can a Linux scheduler in the kernel run simultaneously on multiple cores? Or is there only a single scheduler which will run on each processer as and when needed?
View ArticleHost/ server holding with Redhat 7.5, when we want to uplift to 7.6 / x. what...
when am uplifting RHEL server from 7.5 to 7.x, what are / files will be changed or updated, will it effect with application or services on servers.
View Articlewhy "asmlinkage" is needed in linux system calls implementation?
i am learning now about system calls on a linux OS, and i saw that every system call is implemented with the "asmlinkage" directive. i know it means that every parameter for the function is passed on...
View ArticleRead from /proc/
I understand, I think, that when reading from disk, the process gets put into uninterruptible sleep while disk IO is performed. But what happens during procfs readouts? The process goes into D state,...
View ArticleHow to get swapper_pg_dir address from an ARM64 program with kernel...
I have a program that can read and write to kernel memory and I want to get the address of swapper_pg_dir. The device in question is running Android with ARM64 architecture and has kASLR...
View Article
