Device Driver Basics

-

 What is device driver ? 

 is piece of software that controls a particular type of device which connected to the computer system 

Diff b/w kernel moulde and Device driver?

    A kernel module is a piece of the code that can be added loaded/inserted and unloaded/removed as per the demand/need. 

what happened we do insmod on a module?

  • it calls init_module() to intimate the kernel that a module is attempted to be loaded and transfers the control to the kernel.
  • In the kernel, sys_init_module is run. It does a sequence of operations as follows:
    • Verifies if the user who attempts to load the module has permission to do so or not
    • After verification, the load_moudle function is called
    • The load_module function assigns temporary memory and copies the elf module from userspace to kernel memory using copy_from_user. 
    •  It then checks the sanity of the ELF file (verification if it is a proper ELF file) 
    • Then based on the ELF file interpretation, it generates an offset in the temporary memory space allocated. These are called convenience variables. 
    • User arguments to the module are also copied to the kernel memory. 
    • symbol resolution is done. 
    • the load_module function returns a reference to the kernel module 
  • The reference to the module returned by the load module is added to a doubly-linked list that has a list of all modules loaded in the system. 
  • Then the module_init function in the module is called. 
what happened we return -1 from init function?
  • It'll fail with an error operation not permitted
  • The module will not be loaded.
Can we load two or more modules at a time with help of insmod? 
  • No, it's not possible.
Can we remove two or more modules at a time with help of rmmod? 
  • yes. it is possible.
what is the need for kernel ring buffer ? why can't we store it in the file?
  • During the kernel boot time, we don't have any file system to store the kernel boot up logs.
  • Once the system up, the Syslog daemon starts and collects the content of ring buffers and stores them in /var/log/dmesg. 
can a module will work without an exit function? 
  • Yes, without exit function also kernel module will compile and run. 
  • But when you try to do the delete module (with help of the rmmod command) will end with a Device or resource busy error.
  • There is a check in the implementation to strictly have an exit function if there is a init function if it failed to find an exit function. it throws -EBUSY. (FYI :  delete_module fun )
what is the symbol table? 
  • Data Structure created by compiler containing all the symbols used in the program.
  • Every kernel image that you build has a symbol table with it. 
  • The Linux kernel symbol table contains the names and addresses of all the kernel symbols. 
  • When you install the kernel it will be present in /boot/System.map-<linux_version>
What is a Symbol? 
  • A symbol is a name given to a space in the memory which stores
    • data (Variables, For reading and writing)
    • instructions (Functions, for executing)
  • So symbol in the programming language is either a variable or function.
How to Export your symbols?
  • When you define a new function in your module, the default behaviour of this function is local, only the module in which the function is defined can access it, cannot be accessed by other modules.
  • To export this module we need to use EXPORT_SYMBOL or EXPORT_SYMBOL_GPL.
  • Once you export them, they will be available to other modules to use.
Difference between EXPORT_SYMBOL and EXPORT_SYMBOL_GPL?
  • EXPORT_SYMBOL: The exported symbol can be used by any kernel module
  • EXPORT_SYMBOL_GPL: The exported symbol can be used by only GPL licensed code.
What is the difference between System.map and /proc/kallsyms?
  • /proc/kallsyms: Contains symbols of dynamically loaded modules as well as builtin modules
  • System.map:  Contains symbols of only builtin modules.
    • $cat /boot/System.map-* | grep ttyprintk_exit
    • $cat /proc/kallsyms | grep ttyprintk_exit
What is module stacking?
  • New modules using the symbols exported by old modules.
what is Vermagic?
  • This is used to verify whether the kernel module was compiled for the particular kernel version or not.
  • when loading a module, the strings in the vermagic value are checked if they match. if they don't match you will get an error and the kernel refuses to load the module
what is module stacking?
  • A new module is using the symbols exported by the old modules.
How to find the version of the compiled kernel module given by 3rd party vendor?
  • by using the modinfo will get the kernel module details. 
  • or 
  • strings <file_name.ko> will give the info about the kernel module
what is the Spectre bug? 

what are the steps you will follow if you get the kernel module (ko) form 3rd party?
  • 1st I will check the modinfo of given ko.
  • licence version.
  • vermagic version.
  • src version.
  • if any new symbols used in the ko (by using strings command) 
what is ring buffer length?
  • kernel config: CONFIG_LOG_BUF_SHIFT=18. i.e 1<<18 i.e 256K bytes.
  • To increase the  buffer size we can also use the kernel command line:
    • log_buf_len=4M
What is BUG() WARN() kernel panic and oops?
  • kernel panic 
    • On kernel panic, the kernel stops running immediately to avoid data loss or other damage.
  • BUG() -> will give 5000 plus count
    • prints the content of the register 
    • prints stack trace 
    • current process dies
  • WARN()
    • prints the contents of the registers.
    • prints stack trace
  •   oops
    • kernel throws an oops message when an exception such as accessing an invalid memory location happens in the kernel code.
what happens during kernel panic?
  • when the kernel decides to panic, it calls the panic() function which dumps some debug information and depending on the configuration reboots the system. 

Printf() vs Printk() 

  • printf() is a function in the C standard library.
  • Printk is a kernel-level function.
  • printk(KERN_log_priority "this is kernel printk testing msg \n");
  • here KERN_log_priority is one of the 8 values 
    • EMERG
    • ALERT
    • CRIT
    • ERR
    • WARNING
    • NOTICE 
    • INFO 
    • DEBUG
  • Printk() writes to a kernel buffer, whereas printf() writes on standard output
what is kernel API to take a dump of the kernel. 
    dump_stack();

What are the reasons for kernel tented?
 whenever we are loading a kernel module which is not having the proper kernel license and other info, that time, there a chance of tented.
 out of the tree module also will tent the kernel. 


    what is address space?
    Address space is nothing a virtual area, where we have a code segment, Data segment, stack segment, heap segment, Env variable store.  
    

 

    

Tips:

  • lsmod is reading /sys/module file. 
  • modinfo gives the module information. 






Comments

Post a Comment

Popular posts from this blog

Cryptography and Encryption Basics - I

-
Image
Cryptography and Encryption Basics I What is encryption Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized can't.  Converts information from plain text into encrypted ciphertext. But how...? Encryption used algorithm! An algorithm is a procedure that the encryption process follows. The specific algorithm is called the ciper or code. there are many types so encryption algorithms. The encryption's goal and level of security determine the most effective solution. Triple DES, RSA and Blowfish are some examples of encryption algorithms or Ciphers. What is Decryption? Decryption is the process of taking encoded or encrypted text or other data and converting it back into text that you or the computer can read and understand.  converts information from encrypted ciphertext into plain text  Basic Example  Private key vs Public Key Private Key (symmetric key): This means that ...
Read more

Overview of ISO/SAE 21434 Standard

-
Image
ISO/SAE 21434, jointly published by the International Standardization Organization (ISO) and the Society of Automotive Engineers (SAE), serves as a comprehensive cybersecurity framework for electronic systems within road vehicles. Developed to bolster cybersecurity across the entire lifecycle of automotive products, this standard outlines essential vocabulary, objectives, requirements, and guidelines. Purpose and Scope: The primary objective of ISO/SAE 21434 is to enhance cybersecurity measures for vehicles throughout their lifecycle. By providing a standardized framework, this standard facilitates the establishment of cybersecurity policies, risk management practices, and a cybersecurity-oriented culture within organizations operating in the automotive industry. Three Pillars: ISO/SAE 21434 is structured around three main pillars: Cyber Security Governance:   Establishing policies, processes, and cultural norms to govern cybersecurity activities within organizations. Risk Man...
Read more

UDS Protocol Interview Question

-
UDS Protocol Interview Question  Functional Group in UDS Diagnostic and communicatio management Data Transmission Stored Data Transmission Input/Output Control Remote Activation of Rountine Upload / Download Total (27 )services untill 2020,As Per ISO 14229 2020 there are (28) services. Why it is called UDS Unified       - Term 'Unified' in this context mens  that it is an international and not a Company- Specific Standard Diagnostic - Finding Root cause Service       - checking with existing content What are the types of request in UDS Valid request  Invalid request What are types for Responce in UDS. Positive responce Negative Responce What are type of NRC ISO Specific (0x12,0x13,0x22) ISO Reserved or Manufacture Specific (0x32,0x84 etc) What are the commonly used NRC 0x12 0x13 0x22 0x24 0x33 In Default which session will be active UDS supports different Operating session, which can be changed using the "Diagnostic Session control". Dependi...
Read more