Muli Ben-Yehuda's journal

March 17, 2004

Filed under: Uncategorized — Muli Ben-Yehuda @ 4:31 AM

Kernel Workshop post mortem

Great lecture, I had a lot of fun. The exercise was totally cool – I
didn’t imagine you’d give us something this nifty.

It went quite well, if I may so myself. We started with a slight
delay (my fault, traffic), and then a longer delay (not my
fault, InFocus projector
that would only eventually work with hydra the Linux laptop at
640×480 resolution). I started with the
, including introducing myself (always embarrassing),
and then moved into the
Kernel Overview
talk. I had a great audience, knowledgeable
and interested, and the discussion flowed. After the Kernel
Overview talk (which needs updating when I give it again, mental
note), I gave the
Introduction to Writing Linux Device Drivers
talk. I had to
fairly rush through that one because we were behind schedule. We
braked in the middle for lunch, which was about as good as one would
expect, considering the location, but the conversation more than made
up for it.

After lunch, I went through the mmap and timer interrupt code
for klife, and then gave the “10 Things Every
Linux Programmer Should Know”
talk. I was a bit apprehensive about
that one, thinking it might be too contentious, but the audience
took it very well and we had a great discussion. Then I gave the
“Syscalls for the Discerning Programmer” talk, which I didn’t
deliver too well, since I had a splitting headache. Now that I
think of it, I forgot to talk about sysenter and
, too. I’ll have to remember that next time.

Then I decided to skip the Kernel
talk (schedule constraints) and gave them the
exercise, or rather, both of the exercises. I had one team
design and implement a way to subvert the unlink syscall
(syscall hijacking by any other name…), and the other team
design and implement a way of detecting when unlink had been
subverted. In the end two teams worked on hijacking, and one on
detecting. Much fun was had, even though no one got either
actually working, due to b0rkeness of the gcc we were using when
combined with Mandrake’s kernel sources that took too long to
figure out. One of the hijacking team subverted may_delete(),
and the other team hijacked ext2’s inode_operations unlink
function pointer. The detecting team hashed the sys_call_table’s
entries, which is the rather obvious thing to do, but I did tell
them to get something working first, and then build upon
that. All in all, as can be seen from the quote at the top of
the entry, I guess it went rather well…

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: