Last updated: 06/03/2004 8:45 PM by Wilson
Please email cs170-admin and not Wilson directly if you have questions
Setting up the env. and quota issues
I am having trouble compiling the kernel, and I think my qouta
was not adjusted. What should I do?
Please run the command
quota
and email the output to cs170-admin@lists.cs.ucsb.edu and
DO NOT email support@cs.ucsb.edu. The TA's will see if your
account was adjusted and help you in office hour or through
email. You can also try to remove linux-2.4.26.tar.bz2 to save
you 30 MB of disk space.
If CS support adjusted my quota for the assignment? Why am I still
running out of disk space?
It is very possible that although the quota was adjusted properly,
you are use more disk space because of your Browser's cache or the
core files from Seg. Faults. Try removing those files if needed.
I am a CS major student and for some reason starting 05/21, when I run
quota it says
quota: Error while getting quota from zeus:/fs.real/spool for 1635:
Connection refused
Disk quotas for user john_cs (uid 1635): none
does that mean I don't have enough space for the assignment?
I have not confirmed with CS support the reason for the above output,
but it means you have no quota restrictions.
Does it matter which CS/CE machine I use for this assignment?
Yes and no, do not use csil.cs.ucsb.edu or any computer that
you will not be able to restart. If you are using ssh from
home, ssh into hosts like calvin, garfield, and lisa.
Do I have to patch everytime I modify the kernel, which steps
do I keep repeating?
You only have to patch the kernel for UML once. The steps
you will be repeating are
modify the kernel source
make menuconfig ARCH=um A menu will appear, then press x, then press y
make linux ARCH=um
./linux
Using UML and root filesystems
How do I specify which root file system to boot?
./linux ubd0=/somewhere/somepath/root_fs_slack
./linux ubd0=/somewhere/somepath/root_fs
How do I shut down the UML system?
Open up another terminal and issue the command
killall linux
Do not keep any important files on the root_fs, by using
killall linux, it is possible that a file you created will
be erased the next time you boot up the filesystem.
What if I accidently used 'shutdown -r now' or 'halt' and now
the root_fs is locked?
If you don't have any important data in the root_fs file
you can simply remove it then issue the command
cp ~cs170/files/root_fs .
To copy the original filesystem into your directory.
For some reason, I am getting kernel panic when I try to bootup ./linux,
how should I debug this?
First, make sure this is not a root_fs or root_fs_slack corruption issue.
Go through all the messages during ./linux's bootup process and search for
something similar to this
F_SETLK failed, file already locked by pid 9108
Failed to lock 'root_fs', err = 11
The only solutions we have are:
1. If you have enough disk space left, remove the root file system and
get a fresh copy from ~cs170/files READ NOTE BELOW
2. If there are no other users logged into that machine, restart the
computer. That lock should be released then.
3. Put the root filesystem in /tmp but rememeber that directory is not
backed up and is local to the computer. (not part of the nfs) and when
there is no one on that machine, reboot it.
NOTE: AS I DISCUSSED IN CLASS ON 5/25/2004, BECAUSE THERE IS A LOCK ON THE
ROOT FILESYSTEM, IF YOU REMOVE THAT FILE, YOUR ARE STILL CHARGED
FOR THAT DISK SPACE UNTIL YOU RESTART THAT COMPUTER. THIS MEANS THAT YOU
WILL REACH YOUR FILESIZE QUOTA REALLY QUICK IF YOU KEEP CORRUPTING ROOT
FILE SYSTEMS. ALSO, IF YOU CORRUPTED
A SLACKWARE ROOT FILE SYSTEM, YOU MOST LIKELY CANNOT USE SOL. 1 ABOVE.
(because one slackware root_fs is 200MB)
SO REMEMBER WHICH COMPUTER YOU ARE ON AND MAKE SURE YOU REBOOT IT AT SOME
POINT NO MATTER WHICH SOLUTION YOU USE FROM ABOVE.
How do I copy a file from the host machine into the UML filesystem?
Make sure ./linux is not running when you modifying the
root file system through debugfs or it will corrupt it
Use this command on the host machine
/sbin/debugfs -w (root_fs or root_fs_slack)
then use the command
write file_on_hostmachine file_to_be_on_uml
type q to exit the program.
Which root file system do I use when I am working on the kernel module
part of the assignment?
Please use root_fs_slack it is located at ~cs170/files just like all
the other files. root_fs does not have the tools we need for kernel
modules so you NEED to use root_fs_slack to load and unload a module.
Compiling and modules
There is no gcc or g++ on either root_fs or root_fs_slack, so how do I
compile a usermode program to test my syscall ifork?
You would compile the binary/object file on the host machine and then
use debugfs (mentioned above) to move the file into UML.
To compile your binary/object file, you need to run the following from
the linux-2.4.26 directory
make script 'SCRIPT=@echo $(CFLAGS)' ARCH=um
then append the output to the end of your gcc command.
You must also use the -static flag.
You need the -c flag if you are compiling an object file (for kernel module)
I would recommend setting up a Makefile to make your life easier.
For example, I have a test program called iforked.c (NOT A KERNEL MODULE) and
ifork.c (can be found 2 posts down) which makes an assembly call of the sys_ifork
I would execute
gcc iforked.c ifork.c -static -D__KERNEL__ -I/fake_dir_change_me/linux-2.4.26/include
-Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing
-fno-common -U__i386__ -Ui386 -g -D__arch_um__ -DSUBARCH="i386"
-D_LARGEFILE64_SOURCE
-I/fake_dir_change_me/linux-2.4.26/arch/um/include
-Derrno=kernel_errno
-I/fake_dir_change_me/linux-2.4.26/arch/um/kernel/tt/include
-I/fake_dir_change_me/linux-2.4.26/arch/um/kernel/skas/include
In Week 8's Friday section, Wilson could not get the kernel module
to compile following the directions above, why is that?
Because he forgot he was compiling a kernel module and needed a -c flag
for gcc.
Can you explain how the kernel module that intercepts read/write will work
with our ifork syscall?
First of all, we are providing you with a program that is called
iforked which consists of the following files (Thanks to a student in the
prof's research group)
iforked.c (server code that calls ifork)
ifork.h
ifork.c (ifork() syscall userspace implementation, assume ifork is
syscall 253)
to get these files execute cp ~cs170/files/ifork* .
when you are running gcc, you need to compile both iforked.c and ifork.c
at the same time
The program creates a server that is listening on port
31337. The program takes one parameter and that parameter is the
IP address of a trusted host. The program calls the ifork system
call to service each request it receives.
So let's say your module that intercepts read/write operations is
called secure_rw. If the module is not loaded, any host can connect
to the localhost at port 31337. However, if the secure_rw module was
loaded, only the trusted host can connect to port 31337. Let's look
at an example, I am putting my comments below in {}.
Ignore the segfaults when running iforked, the server is still running.
root@darkstar:~/user# ./iforked 10.0.0.1
Segmentation fault
{created a server. host with IP 10.0.0.1 is a trusted host}
root@darkstar:~/user# cat /proc/`pgrep iforked`/ifork
10.0.0.1
{Inside /proc there is a directory that is the same as the PID
of the iforked server. Inside that directory, there is a file
called ifork that contains the trusted host's IP
If you have not done task 3 of the assignment,updating /proc,
this would not work.}
root@darkstar:~/user# telnet localhost 31337
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
blah
Read from 127.0.0.1: blah
Connection closed by foreign host.
{Connecting to the localhost at port 31337, so my source IP is also
127.0.0.1. Because secure_rw is not loaded, this read operating is
allowed.}
root@darkstar:~/user# insmod ./secure_rw
{Now I load the secure_rw module}
root@darkstar:~/user# telnet localhost 31337
Trying 127.0.0.1...
ERROR: denied read from 127.0.0.1
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.
{Because the only trusted host is 10.0.0.1, other IPs cannot read/write
to the localhost at port 31337.}
root@darkstar:~/user# dmesg | tail -1
secure_rw: denied access 127.0.0.1 -> iforked [10.0.0.1]
{dmesg outputs kernel logfile, since the logfile can be very long, we just
want to see the last line. The output says that a host with ip 127.0.0.1
tried to connect to localhost and it was denied because the iforked server
only has 10.0.0.1 as a trusted IP/host}
root@darkstar:~/user# rmmod secure_rw
{removing the module, so sys_read and sys_write do not check for the
source ip anymore}
root@darkstar:~/user# killall iforked
{killing the server that was listening at 31337}
root@darkstar:~/user# ./iforked 10.0.0.1
Segmentation fault
{Starting a new server that is listening at 31337 and the only trusted
host is 10.0.0.1}
root@darkstar:~/user# telnet localhost 31337
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
blah
Read from 127.0.0.1: blah
Connection closed by foreign host.
{Once again, because secure_rw is not loaded, any IP can connect to the
localhost and read/write from port 31337}
What are the steps to create a loadable kernel module that intercepts
read/write operation?
This is a little harder than the syscall ifork, but here is the big
picture.
-You are going to change the system call table so that when the module
is loaded, the system will will use your read/write functions
-You need to check if the host is a trusted host (look at the sample
run above if you don't know what trusted host is). If it is a trusted
host, then you allow it to access the normal read/write function.
Otherwise, you deny access and use printk to generate some output
conforming to the sample run above.
-When you unload the module, you need to revert the system call table
to what it was before.
With the info. above it should be a lot easier and please do not email
Chris or me and expect us to give you the answer to the intercept
problem (Specific questions are welcome)
For the read/write interceptions, are we only concerned about network I/O and
not file I/O? (example of file I/O would be when you run "cat file")
That is correct, we are only concerned about network I/O. So there is no trusted
list or any predefined hosts that are trusted.
Making a patch file
I believe I have finished the assignment, so how do I make the patch file now?
Make sure that your linux tree is located at the same directory depth as
the original UML patched kernel source. By this, I mean
the orignial source is at /cs/class/cs170/files/uml/linux-2.4.26
you need to make sure that your linux-2.4.26 is the 6th directory level from /
(starting index is 1) Here are some possiblities
/cs/student/random_student/cs170/hw3/linux-2.4.26
/cs/student/random_student/kernel/my/linux-2.4.26
/cs/student/random_student/kernel/170/linux-2.4.26
Notice how the 4th and 5th level names can be anything.
go into your linux-2.4.26 directory
make clean
make mrproper
diff -Nur /cs/class/cs170/files/uml/linux-2.4.26 /cs/student/change_me/change_me/change_me/linux_2.4.26 > ifork_patch
If your patch is bigger than 50 KB, you have done something wrong or you have
duplicate files, or files ending in ~, like file.c~ You must remove these temp.
and backup files.
If you have been using your own linux box, you still need to run the patch process
on a department machine.