Operating Systems 2022F Lecture 17
Video
Video from the lecture given on November 15, 2022 is now available:
Video is also available through Brightspace (Resources->Zoom meeting->Cloud Recordings tab)
Notes
Lecture 17 ---------- - midterms, A2 are graded - feedback under Progress->Class Progress - hopefully you got notifications? Also, there are now midterm interviews! - I've made a spreadsheet in the annoucements channel, see the Interviews tab - you can just sign up if you want to volunteer - I will add slots as they fill up, or if people tell me they want to sign up but can't make any of the available slots - this afternoon I'll be sending out messages regarding randomized/selected interviews If you want to discuss your midterm grade, sign up for an interview Class average for the midterm was around 67% (so C+), which isn't bad - but there was a huge spread The final exam can substitute for the midterm, and I change the weights of assignments, tutorials at the end with different grading schemes - so there is still a chance to bring your grade up - but the material doesn't get any easier! So now let's talk about the kernel First, when doing the tutorial, if you see a message about "system restart required", run "sudo reboot" to reboot your VM - after doing a backup! Because that means there's a new kernel to be run, so if you build modules they won't necessarily load until you reboot - and while you are at it, run as root: apt update; apt -y dist-upgrade; apt clean; apt autoremove For tutorial 8, for the simple module: - download the code to the VM using wget - unzip, cd into new dir, run "make" - then install the module using insmod, e.g. "sudo insmod simple.ko" - to see results, look in the kernel log, /var/log/kern.log When I did this just now, I got these messages in the log: Nov 15 12:02:06 comp3000 kernel: [ 122.454585] simple: loading out-of-tree module taints kernel. Nov 15 12:02:06 comp3000 kernel: [ 122.454932] simple: module verification failed: signature and/or required key missing - tainting kernel Nov 15 12:02:06 comp3000 kernel: [ 122.455765] Hello kernel world! Last one came from the code itself, but the other two are warnings "Tainting" the kernel means that unverified code has been loaded - so the kernel may have been corrupted - because remember a module can do essentially ANYTHING to the kernel How would you avoid this tainting message? - module would have to be digitally signed by a key that is trusted by the kernel - in practice, you'd need to build an entire kernel on your own and then build modules, with all of them being signed using the same key Signed modules are part of a "trusted boot" system - that all OS and application code come from an authorized source - good side: make sure rootkits and other malware can't run on your system - bad side: enforces DRM On phones, signatures are checked on boot and strictly enforced - you can't install an OS on a device unless it is properly signed - exception: unlocked bootloaders (which many devices don't allow) PCs also have the same mechanisms - default config on many systems is to only allow booting of trusted bootloaders (from trusted operating systems) - who has the keys for this? Microsoft! - you can turn off trusted boot to allow any OS to be installed - many Linux distributions can be installed on PCs with trusted boot enabled - either by installing your own keys, or... - because Microsoft has signed the Linux distribution's bootloader You can leave trusted boot enabled and run custom kernels...but you need to add your own keys to your PC's EFI so it will trust your kernel In looking at the code for simple.c, note a few things: - the #include's aren't for standard libraries - in fact, the C library ISN'T AVAILABLE for kernel code - because you can't even make system calls in kernel modules! - makes sense if you realize the kernel is what implements system calls - and, you really don't want to switch from user mode to supervisor mode when you're already in supervisor mode - so instead of doing a system call, the kernel just calls the right functions (but the API is more complex and delicate, because the kernel code assumes it is working on behalf of a process, not the kernel itself) - always need to have init and exit function - designated by module_init() and module_exit() - init can potentially fail, it should return 0 on success - exit has no return value, assumed to always work - the pr_info are macros for printk's (NOT printf's!) - how the kernel writes log messages - the "info" part designates the importance of the log message (can be warn, others) There is no main function in a kernel module, just init - remember, a module doesn't continuously run, instead it adds code to the kernel that is run when certain conditions occur Pro tip: remove modules when you are done with them - class modules may interfere with each other - if things seem weird, reboot your VM Go to a Linux cross reference website to look at the Linux kernel source - that's how I figured out how to build kernel modules - there are also random web pages, but they are often out of date - the authoritative source is the Linux kernel source code - you can see system calls defined in the source with SYSCALL_DEFINE? where ? is the number of arguments the system call takes The Linux kernel is the Linux kernel - all that varies are the options it is built with, what modules are included - embedded systems use the same kernel, just maybe with fewer modules, some different features enabled/disabled, but it is mostly the same - userland is very different, is much more compact Remember that kernel modules are tied to a specific version of the Linux kernel - when you install a new version of the kernel, new modules must accompany it - this is because the internals of the kernel change all the time, and Linux, by design, has no stable internal interfaces - the stable interface is the system call interface! the ones module installs a custom device a device is just a "file" that has custom file operations - when you do a read or a write to this file, you are running special functions, not just reading data from a device - those functions *could* get data from an outside source, but they can just make it up (fill buffers with 1's)