I have doubt about the functioning of netlink socket in kernel-application interaction context. As I have read that netlink socket is used for event based notification from kernel to application. The benefit of this is Application is not required to poll. But as in case of netlink socket also, it will also be polling finally to check whether some data
Tag: linux-kernel
Is the sscanf function in the Linux kernel susceptible to buffer overflow attacks?
From what I understand, a typical buffer overflow attack occurs when an attack overflows a buffer of memory on the stack, thus allowing the attacker to inject malicious code and rewrite the return address on the stack to point to that code. This is a common concern when using functions (such as sscanf) that blindly copy data from one area
How to create a simple sysfs class attribute in Linux kernel v3.2
I’m learning how to use sysfs in my Linux modules, but I’m having the hardest time finding current documentation on these topics. The Linux Device Drivers 3rd Edition book I’ve been using seems to be rather dated in this area unfortunately (e.g. the class_device structure appears to be completely gone in current Linux versions). I’m simply trying to get an
How to extract the MAC address of an interface from witthin a driver code
I’m new to Linux Kernel programming and driver programming. I’m working with madwifi drivers, on Linux with kernel version 2.6.32-37 and wish to extract the MAC address of an interface inside the driver code. I know this information supposed to be found in the netdevice structure fields, but not quite sure which one of them is the right one. My
How to get the .config from a Linux kernel image?
I have a Linux kernel image in elf format and I want to find out what .config file was used to build this kernel. When I do an objdump of the image, I see a section called kernel_config_data that contains text but does not look like the config file. Is there a way to retrieve this information? Answer Assuming your
Where do the `[stack]`, `[vdso]` and `[vsyscall]` mmaps come from?
Consider the following program targeting Linux x86_64: inf.s: Which is basically an infinite loop. If I link and strip this I get an ELF executable: In the ELF executable the first program header LOAD contains the map that accounts for the first of the entry in the above mmaps (a.out). (Even if I strip everying but this header and code
kprobe vs uprobe system call interposition
I want to write a system call interposition by using Utrace. I understood that Utrace project has been abandoned, but part of its code is used on kprobe and uprobe. I haven’t understood really well how these work. Especially uprobe Can you explain what difference exists between them? And can I use uprobe without writing a module to check which
Use of floating point in the Linux kernel
I am reading Robert Love’s “Linux Kernel Development”, and I came across the following passage: No (Easy) Use of Floating Point When a user-space process uses floating-point instructions, the kernel manages the transition from integer to floating point mode. What the kernel has to do when using floating-point instructions varies by architecture, but the kernel normally catches a trap and
Writing to eventfd from kernel module
I have created an eventfd instance in a userspace program using eventfd(). Is there a way in which I can pass some reference (a pointer to its struct or pid+fd pair) to this created instance of eventfd to a kernel module so that it can update the counter value? Here is what I want to do: I am developing a
What is the meaning of question marks ‘?’ in Linux kernel panic call traces?
The Call Trace contains entries like that: What is the meaning of the ‘?’ mark before AnotherFunctionName? Answer ‘?’ means that the information about this stack entry is probably not reliable. The stack output mechanism (see the implementation of dump_trace() function) was unable to prove that the address it has found is a valid return address in the call stack.