Trinity A Linux kernel fuzz tester.
|
|
- Poppy Leonard
- 6 years ago
- Views:
Transcription
1 Trinity A Linux kernel fuzz tester. Presented by Dave Jones Red Hat. Slides license: CC-BY-SA
2 Syscall fuzzing.
3 A short history lesson.. Completely random. Circa 1991: Tsys. SVR4 Circa 2001: kg_crashme.
4 A short history lesson.. More intelligent. 2005: Ilja van Sprundel: 'sysfuzz' 2006: Clement LECIGNE: netusse 2006: 'scrashme' begins. Malformed, but good enough arguments.
5 A short history lesson.. Current state of the art. 2010: scrashme becomes 'Trinity'. 2010: Tavis Ormandy: iknowthis. A mix of malformed and plausible arguments.
6 How it works..
7 Trinity architecture. Give syscalls what they expect. Annotations. 'Address', 'length', 'file descriptor', 'filename'... Generic fuzz routines based on arg type. Generate 'things' on startup. Multi-process fuzzing using 'things'. Shared mmap between children.
8 Process model. Startup Main loop. Watchdog Child1 Child2 Child3 Child4
9 Watchdog. Keeps track of child progress. SIGKILL if 'stuck' Sanity check shm.
10 Types ARG_RANDOM_INT ARG_FD ARG_LEN ARG_ADDRESS ARG_NON_NULL_ADDRESS ARG_PID ARG_RANGE ARG_OP ARG_LIST ARG_RANDPAGE ARG_CPU ARG_PATHNAME ARG_IOVEC ARG_IOVECLEN ARG_SOCKADDR ARG_SOCKADDR_LEN
11 Syscall annotation example. struct syscall syscall_mmap = {.name = "mmap",.num_args = 6,.arg1name = "addr",.arg1type = ARG_ADDRESS,.arg2name = "len",.arg2type = ARG_LEN,.arg3name = "prot",.arg3type = ARG_LIST,.arg3list = {.num = 4,.values = { PROT_READ, PROT_WRITE, PROT_EXEC, PROT_SEM }, },.arg4name = "flags",.arg4type = ARG_OP,.arg4list = {.num = 2,.values = { MAP_SHARED, MAP_PRIVATE }, },.arg5name = "fd",.arg5type = ARG_FD,.arg6name = "off",.arg6type = ARG_LEN, };.sanitise = sanitise_mmap,
12 .sanitise routines. void sanitise_mmap(int childno) { /* no fd if anonymous mapping. */ if (shm->a4[childno] & MAP_ANONYMOUS) shm->a5[childno] = -1; } /* page align non-anonymous mappings. */ if (shm->a4[childno] & MAP_ANONYMOUS) shm->a6[childno] &= PAGE_MASK; else shm->a6[childno] = 0;
13 Interesting numbers. Instead of completely random numbers.. 0x x Rand() % 256; 0x00000fff // x // x // x x0000ffff 0x x x7fffffff 0x x x8fffffff 0xc xf xff xffff0000 0xffffe000 0xffffff00 (rand() % 256); 0xffffffff;
14 More interesting numbers.. Addresses. 0x ; 0x7fffffff ; 0x ; 0xffffffff ; 0x low; 0x00007fffffffffff; // x86-64 canonical addr end. 0x ; // First x86-64 non-canonical addr 0xffff (low << 4); // x86-64 canonical range 2 begin 0x7fffffff low; 0x low; 0xffff (low << 4); // x86-64 PAGE_OFFSET 0xffffffff (low & 0xffffff); // x86-64 kernel text 0xffffffffa (low & 0xffffff); // x86-64 module space 0xffffffffff (low & 0x0fffff); // x86-64 vdso
15 Struct fabrication. Struct size parameter checks or EINVAL Sockaddr Needs knowledge of every protocol. static void gen_ipv4(unsigned long *addr, unsigned long *addrlen) { struct sockaddr_in *ipv4; ipv4 = malloc(sizeof(struct sockaddr_in)); if (ipv4 == NULL) return; } ipv4->sin_family = PF_INET; ipv4->sin_addr.s_addr = random_ipv4_address(); ipv4->sin_port = rand() % 65535; *addr = (unsigned long) ipv4; *addrlen = sizeof(struct sockaddr_in);
16 Self Protection. Check addresses when passing them to syscalls Blocking syscalls. Trapping signals.
17 Mo' problems..
18 Did I break the fuzzer? Proving absence of kernel bug after fix.
19 Over-sanitising void sanitise_tee(int childno) { if ((rand() % 10) > 0) { shm->a1[childno] = shm->pipe_fds[rand() % MAX_PIPE_FDS]; shm->a2[childno] = shm->pipe_fds[rand() % MAX_PIPE_FDS]; } }
20 Multiplexed syscalls. Socketcall calls other syscalls. Fcntl, others...
21 Avoiding OOM. Leaks! Tracking allocations.
22 Reproducability. Periodic reseeding. System state on startup. Corrupting state.
23 The results..
24 Results: Over 150 bugs found last year. +more by others. Bugs in new code found very quickly. Once discovered, bugs usually are repeatable Bugs tend to mask other bugs.
25 Types of bugs found. Not just syscall code! Lots of networking bugs. VM bugs. Drivers.
26 Types of bugs found. Very old bugs. (Oldest: Nov setsockopt) only libfoo calls this mempolicy: (bug lifetime: 4+ years) VM under stress corner cases. page_alloc failures. OOM killer bugs.
27 Types of bugs found. CVE fix that needed a CVE. Error path memory leaks. Poor coverage tested code (Weirdo network protocols) Clearly untested code. Broken locks (ATM/BKL)
28 Types of bugs found. Hardware bugs. Marginal hardware shows up faults quickly under load. SMI handlers.
29 Types of bugs found. Trinity can break userspace too! trinity -c execve -V /bin
30 What next?
31 Next? Extending existing code New syscall support. More.sanitise routines. (currently just 10%) More struct fabrication. Lots to do here. More network protocol support. Most protos already done, but need improving. More flags for ARG_OP/ARG_LIST
32 Next? Syscall chains. Destructors. Root mode.
33 Ioctl Worst interface known to man. int ioctl(int fd, int request,...); The second argument is a device-dependent request code. The third argument is an untyped pointer to memory. request has encoded in it whether the argument is an in parameter or out parameter, and the size of the argument argp in bytes Need to annotate every ioctl. Pass down correct structures to right fd. Need to be very careful.
34 Demo time!
35 Questions? Contact: Slides license: CC-BY-SA
Fault Injection in System Calls
Fault Injection in System Calls Angelo Haller 2015-05-28 Fault Injection in System Calls 1 Angelo Haller 1 Why System Calls? 2 Trinity Bugs Found Inner Workings Fuzzing Process 3 Demo Annotated System
More informationPerf: From Profiling to Kernel Mobile Threat Response Team
Perf: From Profiling to Kernel Exploiting @Wish_Wu Mobile Threat Response Team 0 The Perf Performance counters: = hardware features (CPU/PMU, Performance Monitoring Unit) + software features (software
More informationApplications of. Virtual Memory in. OS Design
Applications of Virtual Memory in OS Design Nima Honarmand Introduction Virtual memory is a powerful level of indirection Indirection: IMO, the most powerful concept in Computer Science Fundamental Theorem
More informationVirtual Memory: Systems
Virtual Memory: Systems 5-23: Introduction to Computer Systems 8 th Lecture, March 28, 27 Instructor: Franz Franchetti & Seth Copen Goldstein Recap: Hmmm, How Does This Work?! Process Process 2 Process
More informationLab 09 - Virtual Memory
Lab 09 - Virtual Memory Due: November 19, 2017 at 4:00pm 1 mmapcopy 1 1.1 Introduction 1 1.1.1 A door predicament 1 1.1.2 Concepts and Functions 2 1.2 Assignment 3 1.2.1 mmap copy 3 1.2.2 Tips 3 1.2.3
More informationOutline. 1 Details of paging. 2 The user-level perspective. 3 Case study: 4.4 BSD 1 / 19
Outline 1 Details of paging 2 The user-level perspective 3 Case study: 4.4 BSD 1 / 19 Some complications of paging What happens to available memory? - Some physical memory tied up by kernel VM structures
More informationCMSC 412 Project #4 Virtual Memory Due Friday April 11, 2014, at 5:00pm
CMSC 412 Project #4 Virtual Memory Due Friday April 11, 2014, at 5:00pm Overview Introduction The purpose of this project is to add paging to your GeekOS kernel. This will require many small, but difficult,
More informationAPI 퍼징을통한취약점탐지 카이스트 차상길
API 퍼징을통한취약점탐지 카이스트 차상길 API Fuzzing? void foo(int x) // This is an API function { // (side-effect-free) //... } void fuzz() { while (1) { foo(rand()); } } // Fuzzer MAIN Found a crash in foo when x = 42
More informationProcesses and Threads
Process Processes and Threads A process is an abstraction that represent an executing program A program in execution An instance of a program running on a computer The entity that can be assigned to and
More informationCMPSC 311 Exam 2. March 27, 2015
Name: Section: 11:15 1:25 CMPSC 311 Exam 2 March 27, 2015 Closed book, closed neighbor, no electronic tools or additional papers. You may not share or discuss exam questions with anyone. 1 Short Questions
More informationDissecting a 17-year-old kernel bug
Dissecting a 17-year-old kernel bug Vitaly Nikolenko bevx 2018 - Hong Kong https://www.beyondsecurity.com/bevxcon/ Agenda Vulnerability analysis CVE-2018-6554^ - memory leak CVE-2018-6555^ - privilege
More informationPrinceton University. Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management
Princeton University Computer Science 217: Introduction to Programming Systems Dynamic Memory Management 1 Agenda The need for DMM DMM using the heap section DMMgr 1: Minimal implementation DMMgr 2: Pad
More informationECE 650 Systems Programming & Engineering. Spring 2018
ECE 650 Systems Programming & Engineering Spring 2018 Inter-process Communication (IPC) Tyler Bletsch Duke University Slides are adapted from Brian Rogers (Duke) Recall Process vs. Thread A process is
More informationFile Systems: Consistency Issues
File Systems: Consistency Issues File systems maintain many data structures Free list/bit vector Directories File headers and inode structures res Data blocks File Systems: Consistency Issues All data
More informationECEN 449 Microprocessor System Design. Review of C Programming. Texas A&M University
ECEN 449 Microprocessor System Design Review of C Programming 1 Objectives of this Lecture Unit Review C programming basics Refresh programming skills 2 Basic C program structure # include main()
More informationTutorial 1: C-Language
Tutorial 1: C-Language Problem 1: Data Type What are the ranges of the following data types? int 32 bits 2 31..2 31-1 OR -2147483648..2147483647 (0..4294967295 if unsiged) in some machines int is same
More informationCSCE 548 Building Secure Software Dirty COW Race Condition Attack
CSCE 548 Building Secure Software Dirty COW Race Condition Attack Professor Lisa Luo Spring 2018 Outline Dirty COW vulnerability Memory Mapping using mmap() Map_shared, Map_Private Mapping Read-Only Files
More informationCAN STRACE MAKE YOU FAIL?
CAN STRACE MAKE YOU FAIL? Nahim El Atmani @brokenpi_pe July 15, 2016 1 DEFINITION 1.0 strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor interactions
More informationSystem Calls and Signals: Communication with the OS. System Call. strace./hello. Kernel. Context Switch
System Calls and Signals: Communication with the OS Jonathan Misurda jmisurda@cs.pitt.edu System Call An operation (function) that an OS provides for running applications to use CS 1550 2077 strace./hello
More informationECEN 449 Microprocessor System Design. Review of C Programming
ECEN 449 Microprocessor System Design Review of C Programming 1 Objectives of this Lecture Unit Review C programming basics Refresh es programming g skills s 2 1 Basic C program structure # include
More informationCSE 124 Discussion Section Sockets Programming 10/10/17
CSE 124 Discussion Section Sockets Programming 10/10/17 Topics What s a socket? Creating a socket Connecting a socket Sending data Receiving data Resolving URLs to IPs Advanced socket options Live code
More informationPrinceton University Computer Science 217: Introduction to Programming Systems. Dynamic Memory Management
Princeton University Computer Science 217: Introduction to Programming Systems Dynamic Memory Management 1 Goals of this Lecture Help you learn about: The need for dynamic* memory mgmt (DMM) Implementing
More informationIntroduction to Linux, for Embedded Engineers Tutorial on Virtual Memory. Feb. 22, 2007 Tetsuyuki Kobayashi Aplix Corporation. [translated by ikoma]
Introduction to Linux, for Embedded Engineers Tutorial on Virtual Memory Feb. 22, 2007 Tetsuyuki Kobayashi Aplix Corporation [translated by ikoma] 1 Target Audience of this Presentation People who have
More informationFoundations of Computer Systems
8-6 Foundations of Computer Systems Lecture 5: Virtual Memory Concepts and Systems October 8, 27 8-6 SE PL OS CA Required Reading Assignment: Chapter 9 of CS:APP (3 rd edition) by Randy Bryant & Dave O
More informationCLIENT-SIDE PROGRAMMING
CLIENT-SIDE PROGRAMMING George Porter Apr 11, 2018 ATTRIBUTION These slides are released under an Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) Creative Commons license These slides
More informationlibnetfilter_log Reference Manual
libnetfilter_log Reference Manual x.y Generated by Doxygen 1.4.6 Tue Mar 21 13:47:12 2006 CONTENTS 1 Contents 1 libnetfilter_log File Index 1 2 libnetfilter_log File Documentation 1 1 libnetfilter_log
More informationVirtual Memory. Alan L. Cox Some slides adapted from CMU slides
Alan L. Cox alc@rice.edu Some slides adapted from CMU 5.23 slides Objectives Be able to explain the rationale for VM Be able to explain how VM is implemented Be able to translate virtual addresses to physical
More informationTIP675-SW-82. Linux Device Driver. 48 TTL I/O Lines with Interrupts Version 1.2.x. User Manual. Issue November 2013
The Embedded I/O Company TIP675-SW-82 Linux Device Driver 48 TTL I/O Lines with Interrupts Version 1.2.x User Manual Issue 1.2.5 November 2013 TEWS TECHNOLOGIES GmbH Am Bahnhof 7 25469 Halstenbek, Germany
More informationTCP: Three-way handshake
Sockets in C 1 Sockets in C The slides by themselves will not be sufficient to learn how to write socket code. If you did not attend class, then you will want to review the relevant chapters in Kerrisk
More informationPage Which had internal designation P5
Intel P6 Internal Designation for Successor to Pentium Which had internal designation P5 Fundamentally Different from Pentium 1 Out-of-order, superscalar operation Designed to handle server applications
More informationHaving fun with apple s IOKit. Ilja van sprundel
Having fun with apple s IOKit Ilja van sprundel who am I Ilja van sprundel IOActive netric blogs.23.nu/ilja Introduction what is the IOKit why UserClients entry points marshaling
More informationCSC209H Lecture 9. Dan Zingaro. March 11, 2015
CSC209H Lecture 9 Dan Zingaro March 11, 2015 Socket Programming (Kerrisk Ch 56, 57, 59) Pipes and signals are only useful for processes communicating on the same machine Sockets are a general interprocess
More informationProject 2-1 User Programs
Project 2-1 User Programs Prof. Jin-Soo Kim ( jinsookim@skku.edu) T.A. Sejun Kwon (sejun000@csl.skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Supporting User Programs
More informationUser Programs. Computer Systems Laboratory Sungkyunkwan University
Project 2: User Programs Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Supporting User Programs What should be done to run user programs? 1. Provide
More informationThe Embedded I/O Company TIP700-SW-82 Linux Device Driver User Manual TEWS TECHNOLOGIES GmbH TEWS TECHNOLOGIES LLC
The Embedded I/O Company TIP700-SW-82 Linux Device Driver Digital Output 24V DC Version 1.2.x User Manual Issue 1.2.1 February 2009 TEWS TECHNOLOGIES GmbH Am Bahnhof 7 Phone: +49 (0) 4101 4058 0 25469
More information1 Do not confuse the MPU with the Nios II memory management unit (MMU). The MPU does not provide memory mapping or management.
Nios II MPU Usage March 2010 AN-540-1.0 Introduction This application note covers the basic features of the Nios II processor s optional memory protection unit (MPU), describing how to use it without the
More informationMemory management. Johan Montelius KTH
Memory management Johan Montelius KTH 2017 1 / 22 C program # include int global = 42; int main ( int argc, char * argv []) { if( argc < 2) return -1; int n = atoi ( argv [1]); int on_stack
More informationIntel P The course that gives CMU its Zip! P6/Linux Memory System November 1, P6 memory system. Review of abbreviations
15-213 The course that gives CMU its Zip! P6/Linux ory System November 1, 01 Topics P6 address translation Linux memory management Linux fault handling memory mapping Intel P6 Internal Designation for
More informationTDDB68 Lesson 2 Pintos Assignments 3 & 4. Mattias Eriksson 2010 (or
TDDB68 Lesson 2 Pintos Assignments 3 & 4 Mattias Eriksson 2010 mater@ida.liu.se (or mattias.eriksson@liu.se) some slides by Viacheslav Izosimov 2007-2008 Instead of Motivation Plan for something like this:
More informationOperating systems. Lecture 9
Operating systems. Lecture 9 Michał Goliński 2018-11-27 Introduction Recall Reading and writing wiles in the C/C++ standard libraries System calls managing processes (fork, exec etc.) Plan for today fork
More informationP6 memory system P6/Linux Memory System October 31, Overview of P6 address translation. Review of abbreviations. Topics. Symbols: ...
15-213 P6/Linux ory System October 31, 00 Topics P6 address translation Linux memory management Linux fault handling memory mapping DRAM bus interface unit instruction fetch unit processor package P6 memory
More informationlpengfei Ding & Chenfu Bao lsecurity Researcher & Baidu X-Lab lfocused on Mobile, IoT and Linux kernel security
lpengfei Ding & Chenfu Bao lsecurity Researcher & Developer @ Baidu X-Lab lfocused on Mobile, IoT and Linux kernel security l Introduction l Past Compat Vulnerabilities l Newly Identified Compat Vulnerabilities
More informationCS 31: Intro to Systems Pointers and Memory. Martin Gagne Swarthmore College February 16, 2016
CS 31: Intro to Systems Pointers and Memory Martin Gagne Swarthmore College February 16, 2016 So we declared a pointer How do we make it point to something? 1. Assign it the address of an existing variable
More informationCSC C69: OPERATING SYSTEMS
CSC C69: OPERATING SYSTEMS Tutorial 1 Thursday, Jan 17, 2013 TA: Ioan Stefanovici (ioan@cs.toronto.edu) HOW DO YOU SUCCEED IN THIS COURSE? Show up to lectures & tutorials (way too much material) Work on
More informationVirtual Memory: Systems
Virtual Memory: Systems 5-23 / 8-23: Introduc2on to Computer Systems 7 th Lecture, Mar. 22, 22 Instructors: Todd C. Mowry & Anthony Rowe Today Virtual memory ques7ons and answers Simple memory system example
More informationMemory Mapping. Sarah Diesburg COP5641
Memory Mapping Sarah Diesburg COP5641 Memory Mapping Translation of address issued by some device (e.g., CPU or I/O device) to address sent out on memory bus (physical address) Mapping is performed by
More informationPOSIX Shared Memory. Linux/UNIX IPC Programming. Outline. Michael Kerrisk, man7.org c 2017 November 2017
Linux/UNIX IPC Programming POSIX Shared Memory Michael Kerrisk, man7.org c 2017 mtk@man7.org November 2017 Outline 10 POSIX Shared Memory 10-1 10.1 Overview 10-3 10.2 Creating and opening shared memory
More informationPROJECT 2 - MEMORY ALLOCATOR Computer Systems Principles. October 1, 2010
PROJECT 2 - MEMORY ALLOCATOR Computer Systems Principles Emery Berger Mark Corner October 1, 2010 1 Overview The purpose of this project is to acquaint you with how memory allocators provide virtual memory
More informationOther array problems. Integer overflow. Outline. Integer overflow example. Signed and unsigned
Other array problems CSci 5271 Introduction to Computer Security Day 4: Low-level attacks Stephen McCamant University of Minnesota, Computer Science & Engineering Missing/wrong bounds check One unsigned
More informationA Client-Server Exchange
Socket programming A Client-Server Exchange A server process and one or more client processes Server manages some resource. Server provides service by manipulating resource for clients. 1. Client sends
More informationProcesses. Dr. Yingwu Zhu
Processes Dr. Yingwu Zhu Process Growing Memory Stack expands automatically Data area (heap) can grow via a system call that requests more memory - malloc() in c/c++ Entering the kernel (mode) Hardware
More informationFinal Exam, Spring 2012 Date: May 14th, 2012
Full Name: Final Exam, Spring 2012 Date: May 14th, 2012 Instructions: This final exam takes 1 hour and 30 minutes. Read through all the problemsandcompletetheeasy ones first. This exam is OPEN BOOK. You
More informationOperating System Labs. Yuanbin Wu
Operating System Labs Yuanbin Wu CS@ECNU Operating System Labs Project 2 Due 21:00, Oct. 24 Project 3 Group of 3 If you can not find a partner, drop us an email You now have 3 late days, but start early!
More informationSYSTEM CALL IMPLEMENTATION. CS124 Operating Systems Fall , Lecture 14
SYSTEM CALL IMPLEMENTATION CS124 Operating Systems Fall 2017-2018, Lecture 14 2 User Processes and System Calls Previously stated that user applications interact with the kernel via system calls Typically
More informationLecture 24. Thursday, November 19 CS 375 UNIX System Programming - Lecture 24 1
Lecture 24 Log into Linux. Copy directory /home/hwang/cs375/lecture24 Final project posted. Due during finals week. Reminder: No class next Tuesday (11/24) Questions? Thursday, November 19 CS 375 UNIX
More informationMoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation. Shankara Pailoor, Andrew Aday, Suman Jana Columbia University
MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation Shankara Pailoor, Andrew Aday, Suman Jana Columbia University 1 OS Fuzzing Popular technique to find OS vulnerabilities Primarily
More informationScaling CQUAL to millions of lines of code and millions of users p.1
Scaling CQUAL to millions of lines of code and millions of users Jeff Foster, Rob Johnson, John Kodumal and David Wagner {jfoster,rtjohnso,jkodumal,daw}@cs.berkeley.edu. UC Berkeley Scaling CQUAL to millions
More informationEL2310 Scientific Programming
Lecture 11: Memory, Files and Bitoperations (yaseminb@kth.se) Overview Overview Lecture 11: Memory, Files and Bit operations Main function; reading and writing Bitwise Operations Lecture 11: Memory, Files
More informationChangelog. Corrections made in this version not in first posting: 1 April 2017: slide 13: a few more %c s would be needed to skip format string part
1 Changelog 1 Corrections made in this version not in first posting: 1 April 2017: slide 13: a few more %c s would be needed to skip format string part OVER questions? 2 last time 3 memory management problems
More informationLinux TCP Bind Shell from Scratch with Intel x86 Assembly
Linux TCP Bind Shell from Scratch with Intel x86 Assembly Amonsec https://amonsec.com Jun 13, 2017 (V 1.0) 1 1 7 This blog post has been created for completing the requirements of the SecurityTube Linux
More informationInside ptmalloc2. Peng Xu Sep 14, 2013
Inside ptmalloc2 Peng Xu peng.p.xu@ericsson.com Sep 14, 2013 Part I basic concept and data structure Memory Translation process memory layout kernel space command line and environment variables stack heap
More informationSockets. Dong-kun Shin Embedded Software Laboratory Sungkyunkwan University Embedded Software Lab.
1 Sockets Dong-kun Shin Embedded Software Laboratory Sungkyunkwan University http://nyx.skku.ac.kr Internet Connections (1) 2 Connection Clients and servers communicate by sending streams of bytes over
More informationProcess Address Spaces and Binary Formats
Process Address Spaces and Binary Formats Don Porter Background We ve talked some about processes This lecture: discuss overall virtual memory organizafon Key abstracfon: Address space We will learn about
More informationPorts under 1024 are often considered special, and usually require special OS privileges to use.
1 2 Turns out that besides an IP address (used by the IP layer), there is another address that is used by TCP (stream sockets) and, coincidentally, by UDP (datagram sockets). It is the port number. It's
More informationMy malloc: mylloc and mhysa. Johan Montelius HT2016
1 Introduction My malloc: mylloc and mhysa Johan Montelius HT2016 So this is an experiment where we will implement our own malloc. We will not implement the world s fastest allocator, but it will work
More informationHuawei Frame Buffer Driver Arbitrary Memory Write
Huawei Frame Buffer Driver Arbitrary Memory Write 18/07/2017 Software Affected Versions Author Severity Vendor Vendor Response MediaTek Frame Buffer Driver Huawei Y6 Pro Dual SIM (TIT-L01C576B115) Mateusz
More informationShared Memory Memory mapped files
Shared Memory Memory mapped files 1 Shared Memory Introduction Creating a Shared Memory Segment Shared Memory Control Shared Memory Operations Using a File as Shared Memory 2 Introduction Shared memory
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 10: Paging Geoffrey M. Voelker Lecture Overview Today we ll cover more paging mechanisms: Optimizations Managing page tables (space) Efficient
More informationMMAP AND PIPE. UNIX Programming 2015 Fall by Euiseong Seo
MMAP AND PIPE UNIX Programming 2015 Fall by Euiseong Seo Memory Mapping mmap(2) system call allows mapping of a file into process address space Instead of using read() and write(), just write to memory
More informationProcesses COMPSCI 386
Processes COMPSCI 386 Elements of a Process A process is a program in execution. Distinct processes may be created from the same program, but they are separate execution sequences. call stack heap STACK
More informationProject 2 Overview: Part A: User space memory allocation
Project 2 Overview: Once again, this project will have 2 parts. In the first part, you will get to implement your own user space memory allocator. You will learn the complexities and details of memory
More informationContiguous memory allocation in Linux user-space
Contiguous memory allocation in Linux user-space Guy Shattah, Christoph Lameter Linux Plumbers Conference 2017 Contents Agenda Existing User-Space Memory Allocation Methods Fragmented Memory vs Contiguous
More informationMemory Mapped I/O. Michael Jantz. Prasad Kulkarni. EECS 678 Memory Mapped I/O Lab 1
Memory Mapped I/O Michael Jantz Prasad Kulkarni EECS 678 Memory Mapped I/O Lab 1 Introduction This lab discusses various techniques user level programmers can use to control how their process' logical
More informationDesign Overview of the FreeBSD Kernel CIS 657
Design Overview of the FreeBSD Kernel CIS 657 Organization of the Kernel Machine-independent 86% of the kernel (80% in 4.4BSD) C code Machine-dependent 14% of kernel Only 0.6% of kernel in assembler (2%
More informationSignal Example 1. Signal Example 2
Signal Example 1 #include #include void ctrl_c_handler(int tmp) { printf("you typed CTL-C, but I don't want to die!\n"); int main(int argc, char* argv[]) { long i; signal(sigint, ctrl_c_handler);
More informationCSE 306/506 Operating Systems Process Address Space. YoungMin Kwon
CSE 306/506 Operating Systems Process Address Space YoungMin Kwon Process s Address Space Memory allocation for user processes On request, a right to use a new range of linear address is given to the process
More informationDesign Overview of the FreeBSD Kernel. Organization of the Kernel. What Code is Machine Independent?
Design Overview of the FreeBSD Kernel CIS 657 Organization of the Kernel Machine-independent 86% of the kernel (80% in 4.4BSD) C C code Machine-dependent 14% of kernel Only 0.6% of kernel in assembler
More informationIntel P6 (Bob Colwell s Chip, CMU Alumni) The course that gives CMU its Zip! Memory System Case Studies November 7, 2007.
class.ppt 15-213 The course that gives CMU its Zip! ory System Case Studies November 7, 07 Topics P6 address translation x86-64 extensions Linux memory management Linux fault handling ory mapping Intel
More informationBINDER THE ANDROID IPC FRAMEWORK. Antoine 'xdbob' Damhet. July 15, 2016
BINDER THE ANDROID IPC FRAMEWORK Antoine 'xdbob' Damhet July 15, 2016 1 THE INTERPROCESS COMMUNICATION Share memory Share privileges Call a remote functions (RPC) Synchronize the processes 2 THE GOAL 3
More informationCS 31: Intro to Systems Pointers and Memory. Kevin Webb Swarthmore College October 2, 2018
CS 31: Intro to Systems Pointers and Memory Kevin Webb Swarthmore College October 2, 2018 Overview How to reference the location of a variable in memory Where variables are placed in memory How to make
More informationOptimizing Dynamic Memory Management
Optimizing Dynamic Memory Management 1 Goals of this Lecture Help you learn about: Details of K&R heap mgr Heap mgr optimizations related to Assignment #5 Faster free() via doubly-linked list, redundant
More informationSession NM056. Programming TCP/IP with Sockets. Geoff Bryant Process software
Session NM056 Programming TCP/IP with Sockets Geoff Bryant Process software Course Roadmap Slide 57 NM055 (11:00-12:00) Important Terms and Concepts TCP/IP and Client/Server Model Sockets and TLI Client/Server
More informationLecture 7. Followup. Review. Communication Interface. Socket Communication. Client-Server Model. Socket Programming January 28, 2005
Followup symbolic link (soft link): pathname, can be across file systems, replacement of file will be active on all symbolic links, consumes at least an inode. hard link: pointers to an inode, only in
More informationArchitecture and Drivers for Smartphones Introduction Labo 2
Architecture and Drivers for Smartphones Introduction Labo 2 Cours APS Salvatore Valenza Version 1.0 (2012-2013) 1 Cours APS - Institut REDS/HEIG-VD - Introduction Linux User Space vs Kernel Space Application
More informationSUPPORTING NATIVE PTHREADS IN SYSCALL EMULATION MODE BRANDON POTTER JUNE 14 TH, 2015
SUPPORTING NATIVE PTHREADS IN SYSCALL EMULATION MODE BRANDON POTTER JUNE 14 TH, 2015 WHAT ARE M5THREADS PROBLEMS? Gem5 currently supports pthreadsusing the gem5-specific m5threads library. M5threads is
More informationCS61, Fall 2012 Midterm Review Section
CS61, Fall 2012 Midterm Review Section (10/16/2012) Q1: Hexadecimal and Binary Notation - Solve the following equations and put your answers in hex, decimal and binary. Hexadecimal Decimal Binary 15 +
More informationMidterm Exam Nov 8th, COMS W3157 Advanced Programming Columbia University Fall Instructor: Jae Woo Lee.
Midterm Exam Nov 8th, 2012 COMS W3157 Advanced Programming Columbia University Fall 2012 Instructor: Jae Woo Lee About this exam: - There are 4 problems totaling 100 points: problem 1: 30 points problem
More informationAsynchronous Events on Linux
Asynchronous Events on Linux Frederic.Rossi@Ericsson.CA Open System Lab Systems Research June 25, 2002 Ericsson Research Canada Introduction Linux performs well as a general purpose OS but doesn t satisfy
More informationPentium/Linux Memory System March 17, 2005
15-213 The course that gives CMU its Zip! Topics Pentium/Linux Memory System March 17, 2005 P6 address translation x86-64 extensions Linux memory management Linux page fault handling Memory mapping 17-linuxmem.ppt
More informationECE 598 Advanced Operating Systems Lecture 10
ECE 598 Advanced Operating Systems Lecture 10 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 22 February 2018 Announcements Homework #5 will be posted 1 Blocking vs Nonblocking
More informationLinux Kernel Futex Fun: Exploiting CVE Dougall Johnson
Linux Kernel Futex Fun: Exploiting CVE-2014-3153 Dougall Johnson Overview Futex system call Kernel implementation CVE-2014-3153 My approach to exploiting it Futexes Fast user-space mutexes 32-bit integer
More informationExploiting Concurrency Vulnerabilities in System Call Wrappers
Exploiting Concurrency Vulnerabilities in System Call Wrappers Robert N. M. Watson Security Research Group Computer Laboratory University of Cambridge USENIX WOOT07 August 6, 2007 The Plan A brief history
More informationA Socket Example. Haris Andrianakis & Angelos Stavrou George Mason University
A Socket Example & George Mason University Everything is a file descriptor Most socket system calls operate on file descriptors Server - Quick view socket() bind() listen() accept() send(), recv() close()
More informationbytes per disk block (a block is usually called sector in the disk drive literature), sectors in each track, read/write heads, and cylinders (tracks).
Understanding FAT 12 You need to address many details to solve this problem. The exercise is broken down into parts to reduce the overall complexity of the problem: Part A: Construct the command to list
More informationsottotitolo Socket Programming Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani
Titolo presentazione Piattaforme Software per la Rete sottotitolo Socket Programming Milano, XX mese 20XX A.A. 2016/17 Outline 1) Introduction to Sockets 2) UDP communication 3) TCP communication 4) RAW
More informationC Structures in Practice
CS 2060 Use of C Structures in Unix/Linux To further illustrate C structures, we will review some uses of struct in system calls. Here is a function from BSD to get the current time (found in sys/time.h):
More informationRecitation Processes, Signals,UNIX error handling
15-213 Recitation Processes, Signals,UNIX error handling Section X - TA name 18 March 2019 Bryant and O Hallaron, Computer Systems: A Programmer s Perspective, Third Edition 1 Outline Logistics Process
More informationEECS 482 Introduction to Operating Systems
EECS 482 Introduction to Operating Systems Winter 2018 Harsha V. Madhyastha Recap: Page Replacement LRU OPT for realistic workloads Leverage temporal locality to reduce page faults Clock replacement is
More informationCSC369 Lecture 2. Larry Zhang
CSC369 Lecture 2 Larry Zhang 1 Announcements Lecture slides Midterm timing issue Assignment 1 will be out soon! Start early, and ask questions. We will have bonus for groups that finish early. 2 Assignment
More informationBACKGROUND & TWI_CLKDIV
BACKGROUND & TWI_CLKDIV I have one TS7500 and I2C sensors. The communication between TS7500 and sensors fail. I probed the i2c communication between the sensors and one Arduino and it was OK. This communication
More information