Init Call Mechanism in the Linux Kernel

The Linux Kernel has for a long time (at least since v2.1.23) contained a clever and well optimised mechanism for calling initialisation code in drivers. It’s clever because its functionality is largely abstracted from the driver developer and well optimised because after initialisation, memory containing the initialisation code is released. This post explores how the mechanism works.

We’ll start by seeing how driver developers make use of this functionality; the following code has come from v2.6.27.6/drivers/net/smc911x.c and is the driver for a common Ethernet chipset.

2206: static int __init smc911xinit(void)
2207: {
2208: return platform_driver_register(&smc911x_driver);
2209: }
...
2216: module_init(smc911x_init);
Continue Reading →

Multiple Network Interface Gotcha in Linux

Ok here’s a recipe to try:

  • Get a development board or PC that has two or more network interfaces,
  • Assign each of them with a unique IP address,
  • Connect the interfaces to a common network,
  • Finally, ping one of the IP addresses from another machine.

Now, depending on which IP address you chose to ping, you may find that your pings will suddenly fail to respond and timeout when you disconnect the other interface (i.e. the interface you are not pinging). Bizarre, isn’t it?

However, as my colleague and I recently discovered whilst debugging a new Ethernet driver, this gotcha is actually correct behaviour for Linux – and in fact it is correct behaviour as defined by the relevant RFC’s. I thought I’d use this post to discover what is going on and why this is OK.

Continue Reading →

Privilege Escalation in uClinux

The main difference between Linux and uClinux is that the latter is designed to work with systems without an MMU (Memory Management Unit). The main benefit of an MMU is that systems that utilise them can provide each process with it’s own virtual address space – by doing so each process is prevented from causing disruption to others.

uClinux systems do not have an MMU, all processes share a common address space and so there is often – but not always (see comments at the end of this post), no protection from processes interfering with each other. The security implications of this are widely known and understood – the applications of uClinux systems are usually such that this isn’t of great concern. However I wanted to see this for myself – I wanted to put the theory in practice and see how easy it is to disrupt another process and to see if privilege escalation can be achieved.

Continue Reading →

Digging Deeper into Weak Symbols

Following on from my last post, I thought I’d dig a bit deeper into GCC’s weak symbols and use the NM utility from GNU’s Binutils package to help understand a bit better how it works.

I probably don’t use the Binutils package as often as I should when debugging and thought this post would be a perfect opportunity to do so – for those that are unfamiliar with it, it’s a package that usually comes with your compiler and provides the ability to explore and manipulate the object code of various binaries. It consists of things like readelf, objdump, nm, etc – sound familiar?

Continue Reading →