LinuxKernelStudy.md

LINUX KERNEL

Primary Functions

• CPU
• Memory
• I/O

Startup

1. BIOS
   • Basic Input/Output System
   • Set of instructions in firmware for the hardware i/o to be recognized
   • Initializes hardware
2. Bootloader (i.e. GRUB)
   • Loads your operating system
   • Handles cases where you have multiple OS to choose from
   • Runs the kernel
3. Kernel loads
   • Handles all hardware I/O interfacing
4. Spawns Process
   • init
     • Never will die because it's the root parent process
   • Other processes gets spawned from init
5. Runlevels set
   • i.e. 0 is shutdown
6. Everything else starts...

Operating System

• Kernel (Linux)
• Standard tools (GNU tools)
  • i.e. ls, gcc, adduser, grep
• Other tools
  • window manager
• Peripheral tools
  • music player, browser

Q: What is an operating system?

A: Could mean just the kernel but also include standard tools and even peripheral tools

What's inside the Linux Kernel

Power Management

Memory Management

• Each process gets it's own chunk of space so they don't step on each other
• Processes are usually given virtual addresses which the kernel has to map to the physical address

Device Drivers

• Examples
  • Keyboard
  • Network
  • Graphics card
• Process and Thread Scheduling & Execution
  • Fork
  • Exec
• File System (HD)
  • VFS (Virtual File System)
    • abstraction layer to interface on top of a concrete implementation of a file system
• Security Model (POSIX)
  • POSIX (Portable Operating System Interface)
    • Security standard
    • User and file permissions
• Virtual Machines
  • process runs in an isolated operating system and thinks it's running in another operating system
  • Kernel within a Kernel {Kernel-ception}
  • Sandbox container (won't effect anything outside)
• Networking
  • Protocols
    • TCP/IP, UDP, ICMP, RPC
  • Bridging
    • two or more networks with a middle machine that will route
  • Firewalls
  • Sockets
  • Wireless

Interprocess communication (IPC)

• Processes exchanging information want to access the same information (shared memory)
• Semaphores
• Locks (inter-thread keeping each other in check)
• Unix pipes
  • Example: ls | grep hackerschool
  • Shared memory (read and write same information)
  • Mutex
    • Locking when writing to the same memory space
    • Kernel provides semantics to lock
  • Remote Procedure Call (RPC)
    • call functions from other process

Signals

• Asynchronous notification sent to a process or a specific thread
• Examples: SIGINT, SIGKILL

Interrupt handler

• Signals attention to kernel
• Hardware
  • Handle events from hardware
  • Example: Keyboard press
  • Not all hardware uses interrupts (i.e. Direct Memory Access)
  • Timers
    • Example: Process calls sleep system calls for a certain amount of time
    • Interacts with High Performance Event Timer (HPET)
    • Time Keeping
  • Counter of timer interrupts (clock for 1000hz)
  • Packet
    • Network Interface Card (NIC) gets data and needs to signal to kernel it received data and needs something to be done with it

Process

• Memory
  • Multiple processes don't share address space
• Communication
  • Processes use Inter-Process Communication (IPC)
    • Share a certain address space to communicate
  • Usually use network connection (Unix domain sockets or TCP sockets)

Threads

• Memory
  • Multiple threads have access to shared memory space
• Communication
  • Threads can communicate with each other via the shared memory space

Scheduling

• Threads, process, or data flows are given access to system resources
  • processor time
  • communication bandwidth
• Used to load balance a system
• Needed to perform
  • Multitasking (more than one process at a time)
  • Multiplexing (transmit multiple flows simultaneously)
• Decides when each one gets to run
• When a process is "blocked" (waiting for input from user/network), it is temporarily taken off the list
• Linux uses one of several schedules, chosen at compile time
• Every process has a priority, chosen with nice/conice
• Scheduling strategies
  • Round Robin
  • First in first out (FIFO)
  • Shortest remaining time

Kernel Modules

• A chunk of code you can load and unload from the kernel at runtime
• Inside and Outside tree
  • Inside kernel tree can be compiled with kernel
  • Outside kernel tree (i.e. Graphics card drivers)
• modprobe
  • Find the module
  • Looks for dependencies
  • Can load modules in runtime while kernel is running (Cool!)
  • lls hooks from other parts of the kernel (i.e. network)
  • Usage: modprobe <module_name>
  • How it works
    • Notifies kernel that module requests to be loaded
    • module init function is run

Address Space

• Code (text)
• Data
  • Static variables
  • String
• Block Started by Symbol (BSS)
  • uninitialized static variables
• Heap
  • Runtime memory
  • Don't know how much memory to allocated beforehand
• Stack
  • method calls
  • function calls
  • variables (local & global)

Extras

Architecture Specific (examples)

• x86
• PowerPC
• ARM

How to be Evil

• Rootkit
• Malicious HD Firmware
  • Live CD and reinstall would not effect it

Resources

cd /usr/src/linux-version-number-goes-here

• Advanced Programming in the Unix Environment by Richard W. Stevens
  • How to use system interface (API) calls
• Operating System Concepts by Silberschatz, Galvin, Gagne
• kernel.org
• List of system calls

Advice

• Read up on earlier version of the Linux Kernel
• Follow Linus Torvalds on Google+