Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization
  • Table Of Contents Toc
  • Feedback & Rating feedback
Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization

Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization

By : Kaiwan N. Billimoria
4.5 (6)
Buy this Book
close
close
Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization

Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization

4.5 (6)
By: Kaiwan N. Billimoria
Buy this Book

Overview of this book

Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization is an ideal companion guide to the Linux Kernel Programming book. This book provides a comprehensive introduction for those new to Linux device driver development and will have you up and running with writing misc class character device driver code (on the 5.4 LTS Linux kernel) in next to no time. You'll begin by learning how to write a simple and complete misc class character driver before interfacing your driver with user-mode processes via procfs, sysfs, debugfs, netlink sockets, and ioctl. You'll then find out how to work with hardware I/O memory. The book covers working with hardware interrupts in depth and helps you understand interrupt request (IRQ) allocation, threaded IRQ handlers, tasklets, and softirqs. You'll also explore the practical usage of useful kernel mechanisms, setting up delays, timers, kernel threads, and workqueues. Finally, you'll discover how to deal with the complexity of kernel synchronization with locking technologies (mutexes, spinlocks, and atomic/refcount operators), including more advanced topics such as cache effects, a primer on lock-free techniques, deadlock avoidance (with lockdep), and kernel lock debugging techniques. By the end of this Linux kernel book, you'll have learned the fundamentals of writing Linux character device driver code for real-world projects and products.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
1
Section 1: Character Device Driver Basics
Icon
Section 1: Character Device Driver Basics
Lock Free Chapter
2
Writing a Simple misc Character Device Driver
chevron up
Icon
Writing a Simple misc Character Device Driver
Icon
Technical requirements
Icon
Getting started with writing a simple misc character device driver
Icon
Understanding the device basics
Icon
A quick note on the Linux Device Model
Icon
Writing the misc driver code – part 1
Icon
Understanding the connection between the process, the driver, and the kernel
Icon
Handling unsupported methods
Icon
Writing the misc driver code – part 2
Icon
Writing the misc driver code – part 3
Icon
Testing our simple misc driver
Icon
Copying data from kernel to user space and vice versa
Icon
Leveraging kernel APIs to perform the data transfer
Icon
A misc driver with a secret
Icon
Writing the 'secret' misc device driver's code
Icon
Our secret driver – the init code
Icon
Our secret driver – the read method
Icon
Our secret driver – the write method
Icon
Our secret driver – cleanup
Icon
Our secret driver – the user space test app
Icon
Issues and security concerns
Icon
Hacking the secret driver
Icon
Bad driver – buggy read()
Icon
Bad driver – buggy write() – a privesc!
Icon
User space test app modifications
Icon
Device driver modifications
Icon
Let's get root now
Icon
Summary
Icon
Questions
Icon
Further reading
3
User-Kernel Communication Pathways
Icon
User-Kernel Communication Pathways
Icon
Technical requirements
Icon
Approaches to communicating/interfacing a kernel driver with a user space C app
Icon
Interfacing via the proc filesystem (procfs)
Icon
Understanding the proc filesystem
Icon
Directories under /proc
Icon
The purpose behind the proc filesystem
Icon
procfs is off-bounds to driver authors
Icon
Using procfs to interface with the user space
Icon
Basic procfs APIs
Icon
The four procfs files we will create
Icon
Trying out the dynamic debug_level procfs control
Icon
Dynamically controlling debug_level via procfs
Icon
A few misc procfs APIs
Icon
Interfacing via the sys filesystem (sysfs)
Icon
Creating a sysfs (pseudo) file in code
Icon
Creating a simple platform device
Icon
Platform devices
Icon
Tying it all together – setting up the device attributes and creating the sysfs file
Icon
The code for implementing our sysfs file and its callbacks
Icon
The "one value per sysfs file" rule
Icon
Interfacing via the debug filesystem (debugfs)
Icon
Checking for the presence of debugfs
Icon
Looking up the debugfs API documentation
Icon
An interfacing example with debugfs
Icon
Creating and using the first debugfs file
Icon
Creating and using the second debugfs file
Icon
Helper debugfs APIs for working on numeric globals
Icon
Removing the debugfs pseudo file(s)
Icon
Seeing a kernel bug – an Oops!
Icon
Debugfs – actual users
Icon
Interfacing via netlink sockets
Icon
Advantages using sockets
Icon
Understanding what a netlink socket is
Icon
Writing the user space netlink socket application
Icon
Writing the kernel-space netlink socket code as a kernel module
Icon
Trying out our netlink interfacing project
Icon
Interfacing via the ioctl system call
Icon
Using ioctl in the user and kernel space
Icon
User space – using the ioctl system call
Icon
Kernel space – using the ioctl system call
Icon
ioctl as a debug interface
Icon
Comparing the interfacing methods – a table
Icon
Summary
Icon
Questions
Icon
Further reading
4
Working with Hardware I/O Memory
Icon
Working with Hardware I/O Memory
Icon
Technical requirements
Icon
Accessing hardware I/O memory from the kernel
Icon
Understanding the issue with direct access
Icon
The solution – mapping via I/O memory or I/O port
Icon
Asking the kernel's permission
Icon
Understanding and using memory-mapped I/O
Icon
Using the ioremap*() APIs
Icon
The newer breed – the devm_* managed APIs
Icon
Obtaining the device resources
Icon
All in one with the devm_ioremap_resource() API
Icon
Looking up the new mapping via /proc/iomem
Icon
MMIO – performing the actual I/O
Icon
Performing 1- to 8-byte reads and writes on MMIO memory regions
Icon
Performing repeating I/O on MMIO memory regions
Icon
Setting and copying on MMIO memory regions
Icon
Understanding and using port-mapped I/O
Icon
PMIO – performing the actual I/O
Icon
A PIO example – the i8042
Icon
Looking up the port(s) via /proc/ioports
Icon
Port I/O – a few remaining points to note
Icon
Summary
Icon
Questions
Icon
Further reading
5
Handling Hardware Interrupts
Icon
Handling Hardware Interrupts
Icon
Technical requirements
Icon
Hardware interrupts and how the kernel handles them
Icon
Allocating the hardware IRQ
Icon
Allocating your interrupt handler with request_irq()
Icon
Freeing the IRQ line
Icon
Setting interrupt flags
Icon
Understanding level- and edge-triggered interrupts – a brief note
Icon
Code view 1 – the IXGB network driver
Icon
Implementing the interrupt handler routine
Icon
Interrupt context guidelines – what to do and what not to do
Icon
Don't block – spotting possibly blocking code paths
Icon
Interrupt masking – the defaults and controlling it
Icon
Keep it fast
Icon
Writing the interrupt handler routine itself
Icon
Code view 2 – the i8042 driver's interrupt handler
Icon
Code view 3 – the IXGB network driver's interrupt handler
Icon
IRQ allocation – the modern way – the managed interrupt facility
Icon
Working with the threaded interrupts model
Icon
Employing the threaded interrupt model – the API
Icon
Employing the managed threaded interrupt model – the recommended way
Icon
Code view 4 – the STM32 F7 microcontroller's threaded interrupt handler
Icon
Internally implementing the threaded interrupt
Icon
Why use threaded interrupts?
Icon
Threaded interrupts – to really make it real time
Icon
Constraints when using a threaded handler
Icon
Working with either hardirq or threaded handlers
Icon
Enabling and disabling IRQs
Icon
The NMI
Icon
Viewing all allocated interrupt (IRQ) lines
Icon
Understanding and using top and bottom halves
Icon
Specifying and using a tasklet
Icon
Initializing the tasklet
Icon
Running the tasklet
Icon
Understanding the kernel softirq mechanism
Icon
Available softirqs and what they are for
Icon
Understanding how the kernel runs softirqs
Icon
Running tasklets
Icon
Employing the ksoftirqd kernel threads
Icon
Softirqs and concurrency
Icon
Hardirqs, tasklets, and threaded handlers – what to use when
Icon
Fully figuring out the context
Icon
Viewing the context – examples
Icon
How Linux prioritizes activities
Icon
A few remaining FAQs answered
Icon
Load balancing interrupts and IRQ affinity
Icon
Does the kernel maintain separate IRQ stacks?
Icon
Measuring metrics and latency
Icon
Measuring interrupts with [e]BPF
Icon
Measuring time servicing individual hardirqs
Icon
Measuring time servicing individual softirqs
Icon
Using Ftrace to get a handle on system latencies
Icon
Finding the interrupts disabled worst-case time latency with Ftrace
Icon
Other tools
Icon
Summary
Icon
Questions
Icon
Further reading
6
Working with Kernel Timers, Threads, and Workqueues
Icon
Working with Kernel Timers, Threads, and Workqueues
Icon
Technical requirements
Icon
Delaying for a given time in the kernel
Icon
Understanding how to use the *delay() atomic APIs
Icon
Understanding how to use the *sleep() blocking APIs
Icon
Taking timestamps within kernel code
Icon
Let's try it – how long do delays and sleeps really take?
Icon
The "sed" drivers – to demo kernel timers, kthreads, and workqueues
Icon
Setting up and using kernel timers
Icon
Using kernel timers
Icon
Our simple kernel timer module – code view 1
Icon
Our simple kernel timer module – code view 2
Icon
Our simple kernel timer module – running it
Icon
sed1 – implementing timeouts with our demo sed1 driver
Icon
Deliberately missing the bus
Icon
Creating and working with kernel threads
Icon
A simple demo – creating a kernel thread
Icon
Running the kthread_simple kernel thread demo
Icon
The sed2 driver – design and implementation
Icon
sed2 – the design
Icon
sed2 driver – code implementation
Icon
sed2 – trying it out
Icon
Querying and setting the scheduling policy/priority of a kernel thread
Icon
Using kernel workqueues
Icon
The bare minimum workqueue internals
Icon
Using the kernel-global workqueue
Icon
Initializing the kernel-global workqueue for your task – INIT_WORK()
Icon
Having your work task execute – schedule_work()
Icon
Variations of scheduling your work task
Icon
Cleaning up – canceling or flushing your work task
Icon
A quick summary of the workflow
Icon
Our simple work queue kernel module – code view
Icon
Our simple work queue kernel module – running it
Icon
The sed3 mini project – a very brief look
Icon
Summary
Icon
Questions
Icon
Further reading
7
Section 2: Delving Deeper
Icon
Section 2: Delving Deeper
8
Kernel Synchronization - Part 1
Icon
Kernel Synchronization - Part 1
Icon
Critical sections, exclusive execution, and atomicity
Icon
What is a critical section?
Icon
A classic case – the global i ++
Icon
Concepts – the lock
Icon
A summary of key points
Icon
Concurrency concerns within the Linux kernel
Icon
Multicore SMP systems and data races
Icon
Preemptible kernels, blocking I/O, and data races
Icon
Hardware interrupts and data races
Icon
Locking guidelines and deadlocks
Icon
Mutex or spinlock? Which to use when
Icon
Determining which lock to use – in theory
Icon
Determining which lock to use – in practice
Icon
Using the mutex lock
Icon
Initializing the mutex lock
Icon
Correctly using the mutex lock
Icon
Mutex lock and unlock APIs and their usage
Icon
Mutex lock – via [un]interruptible sleep?
Icon
Mutex locking – an example driver
Icon
The mutex lock – a few remaining points
Icon
Mutex lock API variants
Icon
The mutex trylock variant
Icon
The mutex interruptible and killable variants
Icon
The mutex io variant
Icon
The semaphore and the mutex
Icon
Priority inversion and the RT-mutex
Icon
Internal design
Icon
Using the spinlock
Icon
Spinlock – simple usage
Icon
Spinlock – an example driver
Icon
Test – sleep in an atomic context
Icon
Testing on a 5.4 debug kernel
Icon
Testing on a 5.4 non-debug distro kernel
Icon
Locking and interrupts
Icon
Using spinlocks – a quick summary
Icon
Summary
Icon
Questions
Icon
Further reading
9
Kernel Synchronization - Part 2
Icon
Kernel Synchronization - Part 2
Icon
Using the atomic_t and refcount_t interfaces
Icon
The newer refcount_t versus older atomic_t interfaces
Icon
The simpler atomic_t and refcount_t interfaces
Icon
Examples of using refcount_t within the kernel code base
Icon
64-bit atomic integer operators
Icon
Using the RMW atomic operators
Icon
RMW atomic operations – operating on device registers
Icon
Using the RMW bitwise operators
Icon
Using bitwise atomic operators – an example
Icon
Efficiently searching a bitmask
Icon
Using the reader-writer spinlock
Icon
Reader-writer spinlock interfaces
Icon
A word of caution
Icon
The reader-writer semaphore
Icon
Cache effects and false sharing
Icon
Lock-free programming with per-CPU variables
Icon
Per-CPU variables
Icon
Working with per-CPU
Icon
Allocating, initialization, and freeing per-CPU variables
Icon
Performing I/O (reads and writes) on per-CPU variables
Icon
Per-CPU – an example kernel module
Icon
Per-CPU usage within the kernel
Icon
Lock debugging within the kernel
Icon
Configuring a debug kernel for lock debugging
Icon
The lock validator lockdep – catching locking issues early
Icon
Examples – catching deadlock bugs with lockdep
Icon
Example 1 – catching a self deadlock bug with lockdep
Icon
Fixing it
Icon
Example 2 – catching an AB-BA deadlock with lockdep
Icon
lockdep – annotations and issues
Icon
lockdep annotations
Icon
lockdep issues
Icon
Lock statistics
Icon
Viewing lock stats
Icon
Memory barriers – an introduction
Icon
An example of using memory barriers in a device driver
Icon
Summary
Icon
Questions
Icon
Further reading
10
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Hacking the secret driver

Think about this: we have the copy_to_user() helper routine; the first parameter is the destination to address, which should be a user space virtual address (a UVA), of course. Regular usage will comply with this and provide a legal and valid user space virtual address as the destination address, and all will be well.

But what if we don't? What if we pass another user space address, or, check this out – a kernel virtual address (a KVA) – in its place? The copy_to_user() code will now, running with kernel privileges, overwrite the destination with whatever data is in the source address (the second parameter) for the number of bytes in the third parameter! Indeed, hackers often attempt techniques such as this, to insert code posing as data into a user space buffer and execute it with kernel privilege, leading to a quite deadly privilege escalation (privesc) scenario.

To clearly demonstrate the adverse effects of not carefully designing and implementing a driver, we deliberately introduce errors (bugs, really!) into both the read and write methods of a 'bad' version of our previous driver (although here, we only consider the scenario with respect to the very common copy_[from|to]_user() routines and nothing else).

To get a more hands-on feel for this, we will write a "bad" version of our ch1/miscdrv_rdwr driver. We'll call it (ever so cleverly) ch1/bad_miscdrv. In this version, we deliberately have two buggy code paths built into it:

  • One within the driver's read method
  • The other, the more exciting one, as you shall soon see, within the write method.

Let's check both out. We'll begin with the buggy read.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Linux Kernel Programming Part 2 - Char Device Drivers and Kernel Synchronization
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon