Operating Systems 2018F: Assignment 3

Please submit the answers to the following questions via CULearn by 2:30 PM on Friday, November 9, 2018. There are 20 points in 11 questions.

Submit your answers as a single text file named "<username>-comp3000-assign3.txt" (where username is your MyCarletonOne username). The first four lines of this file should be "COMP 3000 Assignment 3", your name, student number, and the date of submission. You may wish to format your answers in Markdown to improve their appearance.

No other formats will be accepted. Submitting in another format will likely result in your assignment not being graded and you receiving no marks for this assignment. In particular do not submit an MS Word or OpenOffice file as your answers document!

Don't forget to include what outside resources you used to complete each of your answers, including other students, man pages, and web resources. You do not need to list help from the instructor, TA, or information found in the textbook.

Questions

1. [2] Are man pages a good documentation source when developing kernel modules? Why or why not?
2. [2] When you load a kernel module, what code is guaranteed to run? (Which functions will definitely be called?) With what privileges will this code run?
3. [3] You attach a new USB webcam to your computer that is running Linux. The webcam is recognized and works properly.
   • How could you find out what kernel module(s) were loaded, if any, when you attached the webcam?
   • What is a simple way you could prevent those modules from being loaded in the future?
   • What sort of problems could the webcam drivers (modules) cause if they sometimes use dynamically allocated memory improperly (say, by using a buffer after it had been freed)?
4. [2] What would changing CLASS_NAME in newgetpid.c to "carleton" change in the observable behavior of newgetpid?
5. [2] How do you safely access userspace memory from a kernel module? Give an example of where we do this in a kernel module covered in class.
6. [2] What changes need to be made to newgetpid.c to allow it to respond to write requests? Hint: How does newgetpid.c respond to read requests?
7. [1] If you destroy all of the superblocks in a filesystem, will fsck be able to recover the filesystem? Explain.
8. [1] When would you expect to find files in the lost+found directory?
9. [2] When first connecting to a remote host via ssh, you will normally get a message saying something similar to this: "The authenticity of host 'access.scs.carleton.ca (134.117.29.72)' can't be established. RSA key fingerprint is SHA256:MexEKZF0Os0Vl6VTObN70lRf2DFsGfD8DTQ7FKKqVJ4. Are you sure you want to continue connecting (yes/no)?"
   • Why is this question important?
   • What is the "fingerprint" for?
10. [2] As user student (uid=1000), you run "sshfs <scs-username>@access.scs.carleton.ca:. scs-files", where <scs-username> is your username.
    • Will the files in scs-files have a uid=1000? Why or why not?
    • Assume a file in scs-files is marked as being readable only by the owner. Will you be able to read the contents of this file? Why or why not?
11. [1] How can you make a file that is 20 GB in size (you can read 20 GB of information from it) but takes up essentially no space on disk?

Solutions

1. Man pages are not a good source of documentation on kernel APIs because most kernel APIs are, in effect, private - the Linux kernel doesn't maintain a stable internal interface. Any man pages that would be created would need to be continuously updated in order to stay up to date. To figure out how to call kernel routines, you ultimately have to consult the code of the kernel itself.
2. The functions designated by module_init() and module_exit() are guaranteed to be called, with the module_init()-designated function being called when the module is loaded and module_exit()-designated function called when the module is unloaded. These functions run with the same privileges as all kernel code, allowing them to modify anything on the system.
3. USB webcam answers:
   • To find out what modules were loaded, you could run lsmod before and after the webcam was attached and compare the results.
   • You could prevent those module(s) from loading by making their files inaccessible (say, by deleting them). You can find the files in /lib/modules/<kernel-version> (in some subdirectory).
   • If the webcam modules didn't use dynamically allocated memory properly, they could corrupt the kernel and cause the system to crash or otherwise malfunction.
4. It wouldn't change the behavior of /dev/newgetpid; however, it would change the names of the directories created in /sys/class/ and /sys/devices/virtual/. (Note: you could find these files by running 'find /sys -name "*carleton*"'
5. put_user() is used in /dev/ones to write to userspace, specifically to write to the buffer supplied to ones_write. Also, copy_from_user() and copy_to_user() are used for /dev/remember to read data from userspace (in remember_write) and write data to userspace (in remember_read), respectively.
6. See how /dev/remember responds to write requests. The key changes that have to be made is adding a .write to the file_operations struct, creating the appropriate write function, and changing the permissions of the device file to allow for writing (in the _devnode function).
7. If you destroy all the superblocks in a filesystem (including the backup ones), you normally would not be able to recover the filesystem as the superblock is needed in order to determine the filesystems block size, the location of inodes, and other aspects of the filesystem layout. Having said that, in principle you could recover the filesystem by re-creating its superblock, but this could be very difficult depending on how dynamic the layout of the filesystem is.
8. lost+found is used by fsck to store inodes that have been found to be allocated but which have no corresponding directory entries. This situation can happen if the filesystem is corrupted, say by erasing the blocks of a directory.
9. This question is important because it helps you determine whether an attacker is attempting to intercept the connection (i.e., is performing an intruder-in-the-middle attack). To prevent such an attack, you should have gotten the server's host key fingerprint previously so you can compare it to the one presented on first connection. (After the first connection, .ssh/known_hosts will have the remote server's host key. If the server ever presents a different key ssh will warn of a potential intruder in the middle attack.)
10. The files in scs-files won't have a uid=1000; instead, it will have whatever uid you have on access.scs.carleton.ca. If the files are marked as readable by the owner, you will be able to access them because the ssh process spawned on access.scs.carleton.ca (to send data to the local sshfs process) will be running as "you", and so it will have access to all of "your" files.
11. To create foo with a logical size of 20 GiB but taking up no space on disk, run "truncate -s 20G foo". (You don't want to use dd as then you'd have a file that actually takes up 20GiB.)