DOCSLIB.ORG

Evaluating Approaches for Detecting and Eliminating Memory Safety Errors in Linux Kernel Programming

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Evaluating Approaches for Detecting and Eliminating Memory Safety Errors in Linux Kernel Programming Ilja Sidoroff Master’s Thesis June 2019 School of Technology, Communication and Transport Degree Programme in Information Technology Cyber Security Description Author(s) Type of publication Date Sidoroff, Ilja Master’s Thesis June 2019 Language of publication English Number of pages 77 Permission for web publi- cation: yes Title of publication Evaluating Approaches for Detecting and Eliminating Memory Safety Errors in Linux Kernel Programming Degree programme Information Technology Supervisor(s) Mika Rantonen Mika Karjalainen Assigned by - Abstract Memory Safety means that a program cannot access unintended memory regions. Lack of memory safety continues to be a major source of security related software errors. The problems arising from the use of memory unsafe C programming language are reviewed, both in general and Linux kernel programming context. Various methods for detecting and eliminating memory safety problems are then evaluated. Methods chosen for testing were static and dynamic analysis, and using a memory safe language as a programming language. The methods were tested during a process of writing a Linux kernel module. Unfortunately, none of the methods tested proved to be a comprehensive solution to the problem of memory unsafety. Each method had their own strengths. Static analysis is easy to include in the development process; however, it does not detect problems very efficiently. Dynamic analysis, on the other hand, is good at finding bugs; yet it requires manual testing. Memory safe languages are very promising; however, they would require significant, changes to the existing code which can be difficult to achieve in practice both due to economic and social reasons. Keywords/tags Memory Safety, Spatial and Temporal Memory Safety, C-programming Language, Rust Programming Language, Linux Kernel Programming Miscellaneous Kuvailulehti Tekijä(t) Julkaisun laji Päivämäärä Sidoroff, Ilja Opinnäytetyö, ylempi Toukokuu 2019 AMK Julkaisun kieli Englanti Sivumäärä 77 Verkkojulkaisulupa myön- netty: kyllä Työn nimi Muistiturvallisuudesta johtuvien virheiden havaitseminen ja ehkäisy Linux-kernel-ohjelmoinnissa Tutkinto-ohjelma Insinööri (YAMK), Kyberturvallisuus Työn ohjaaja(t) Rantonen, Mika (JAMK) Karjalainen, Mika (JAMK) Toimeksiantaja(t) - Tiivistelmä Muistiturvallisuus tarkoittaa sitä, että ohjelma ei voi käyttää väärää muistialuetta. Muistiturvallisuuden puute on edelleen merkittävä tietoturvaa vaarantavien ohjelmistovirheiden lähde. Opinnäytteessä tutkittiin ongelmia, jotka aiheutuvat C-ohjelmointikielen muistiturvattomuudesta, niin yleisellä tasolla kuin Linux-kernel ohjelmoinnin-yhteydessä. Lisäksi tutkittiin erilaisia menetelmiä, joilla muistiturvattomuutta voidaan havaita ja ehkäistä. Tutkittavat menetelmät olivat staattinen ja dynaaminen analyysi, sekä muistiturvallisen ohjelmointi- kielen käyttäminen. Menetelmiä testattiin Linux-kernel modulin ohjelmointi- prosessissa. Valitettavasti mikään testatuista menetelmistä ei osoittautunut kaikenkatta- vaksi ratkaisuksi muistiturvattomuuden aiheuttamiin ongelmiin. Jokaisella testatulla menetelmällä oli omat vahvat puolensa. Staattinen analyysi voidaan integroida helposti ohjelmistokehitysprosessiin, mutta se ei havaitse ongelmia kovin tehokkaasti. Dynaaminen analyysi on tehokas menetelmä virheiden löytämiseen mutta edellyttää erillistä testausta. Muistiturvalliset ohjelmointi- kielet ovat erittäin lupaavia, mutta niiden käyttö edellyttäisi suuria muutoksia olemassa olevaan koodiin, mikä voi olla käytännössä vaikeaa sekä taloudellisisten että sosiaalisisten tekijöiden vuoksi. Avainsanat Muistiturvallisuus, Paikallinen ja ajallinen muistiturvallisuus C-ohjelmointikieli, Rust-ohjelmointikieli, Linux-kernel -ohjelmointi Muut tiedot 1 Contents 1 Introduction 4 1.1 Motivation and Overview ....................... 4 1.2 Security in Linux Kernel Development ................ 5 1.3 Research Problem and Methodology ................. 6 2 Memory Safety as Security Problem 8 2.1 Definition of Memory Safety ...................... 8 2.2 Unsafe features of C Programming Language ............. 10 2.3 Stack Corruption and Arbitratry Code Execution .......... 12 2.4 Heap misuse and corruption ...................... 19 2.5 Other Types Common of Vulnerabilities ............... 23 2.6 Code Reuse Attacks .......................... 27 3 Memory Safety Issues in Linux Kernel 30 3.1 Linux Kernel Specific Considerations ................. 30 3.2 Stack and Buffer Overflows ...................... 31 3.3 Dynamic Memory Allocation ..................... 35 3.4 Data Races ............................... 36 3.5 Other Vulnerability Classes ...................... 38 4 Detecting and Eliminating Memory Safety Violations and Other Errors 39 4.1 A Faulty Kernel Module ........................ 40 4.2 Static analysis .............................. 42 4.3 Dynamic Analysis ............................ 46 4.4 Memory-Safe Languages ........................ 48 5 Conclusions 54 2 References 56 Appendices 68 Figures Figure 1 Spatial memory safety violation ............... 9 Figure 2 Temporal memory safety violation .............. 9 Figure 3 Eliminated null pointer check in Linux kernel ........ 12 Figure 4 An example of stack overflow ................. 13 Figure 5 Stack overflow ......................... 14 Figure 6 A program spawning shell ................... 14 Figure 7 Assembly code for shell-spawning program ......... 15 Figure 8 Shellcode as Cstring ...................... 16 Figure 9 Stack canary .......................... 17 Figure 10 Heap and stack layout ..................... 20 Figure 11 Heap and stack layout with guard page ........... 20 Figure 12 An example of use after free ................. 21 Figure 13 Heap with three empty bins ................. 23 Figure 14 Heap with two empty and one used bin ........... 23 Figure 15 Examples of stack layouts in format string attacks ..... 25 Figure 16 Stack in return-to-libc -attack. ................ 28 Figure 17 Partial patch for CVE-2017-1000251 ............. 31 Figure 18 Kernel process stack ...................... 33 Figure 19 Virtually mapped stack .................... 34 Figure 20 Slab allocator ......................... 36 Figure 21 A patch adding lock for CVE-2018-1000004 ......... 38 Figure 22 A Partial KASAN output for stack buffer overflow ..... 49 Figure 23 Redefinitions of C constants and functions inRust ..... 52 3 Figure 24 Stack buffer overflow in Rust ................. 53 Tables Table 1 Fault types ........................... 40 Table 2 Fault detection by basic static analysis ............ 44 Table 3 Tool versions used for static analysis ............. 44 Table 4 Fault detection by dynamic analysis .............. 48 Table 5 Faults prevented in Rust port of C module and reasons for unsafety ................................. 54 4 1 Introduction 1.1 Motivation and Overview Operating systems and their kernels are one of the central points of attacks in the computing environment. They control access to the underlying hardware, and with hardware assistance, they also enforce the separation between user space processes, and privileged kernel code. If the operating system or its kernel is compromised or subverted, the applications running on the operating system can no longer guarantee their confidentially, integrity nor availability. Current operating systems and their kernels are typically very complex. The Linux kernel currently consists of approximately 20 million (Löhner 2017) lines of C and assembly code. The complexity means that it is very difficult to ensure that there are no security critical bugs in the kernels (see below for a brief discussion on kernel security). There have been various attempts to create kernels, which can provide more secu- rity guarantees. On the one end of the spectrum, there is seL4, which a formally verified microkernel (G. Klein et al. 2009). OpenBSD, on the other hand, is a more traditional, monolithic kernel and operating system, which states explicitly its goal to be security oriented (OpenBSD Developers 2017). However, the most popular and widely used operating system kernels remain to be based on the tra- ditional monolithic and complex architecture. The most prominent examples are various versions of Microsoft Windows and Linux kernels, but even Apple’s macOS and iOS, although partly based on Mach microkernels, share the same monolithic architecture (Chisnall 2010). Since the operating systems landscape moves slowly and current operating systems are not likely to be replaced by e.g. seL4, OpenBSD or other variants, securing the current operating systems will probably have more short term utility, than creating new systems, and there is interest in exploring and implementing techniques, which can make the traditional systems more secure. The purpose of this thesis is to review and compare some of the mitigations that can be used to eliminate some of the bug classes in the Linux kernel. Linux was chosen as the target of this study for two reasons. First, following the growing number of security critical bugs in the Linux kernel, there has been an increasing interest in developing new solutions for eliminating different error classes, and not 5 just single bugs (see below for more discussion). Secondly, since the Linux kernel is free and open source software, testing these solutions is much easier than it would be in the case of Microsoft Windows or Apple macOS. 1.2 Security in Linux Kernel Development Safety and
Recommended publications
  • Security Assurance Requirements for Linux Application Container Deployments

    Security Assurance Requirements for Linux Application Container Deployments

    NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments Ramaswamy Chandramouli This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 NISTIR 8176 Security Assurance Requirements for Linux Application Container Deployments Ramaswamy Chandramouli Computer Security Division Information Technology Laboratory This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 October 2017 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology NISTIR 8176 SECURITY ASSURANCE FOR LINUX CONTAINERS National Institute of Standards and Technology Internal Report 8176 37 pages (October 2017) This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8176 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose. This p There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each ublication is available free of charge from: http publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST.
  • Measuring Software Performance on Linux Technical Report

    Measuring Software Performance on Linux Technical Report

    Measuring Software Performance on Linux Technical Report November 21, 2018 Martin Becker Samarjit Chakraborty Chair of Real-Time Computer Systems Chair of Real-Time Computer Systems Technical University of Munich Technical University of Munich Munich, Germany Munich, Germany [email protected] [email protected] OS program program CPU .text .bss + + .data +/- + instructions cache branch + coherency scheduler misprediction core + pollution + migrations data + + interrupt L1i$ miss access + + + + + + context mode + + (TLB flush) TLB + switch data switch miss L1d$ +/- + (KPTI TLB flush) miss prefetch +/- + + + higher-level readahead + page cache miss walk + + multicore + + (TLB shootdown) TLB coherency page DRAM + page fault + cache miss + + + disk + major minor I/O Figure 1. Event interaction map for a program running on an Intel Core processor on Linux. Each event itself may cause processor cycles, and inhibit (−), enable (+), or modulate (⊗) others. Abstract that our measurement setup has a large impact on the results. Measuring and analyzing the performance of software has More surprisingly, however, they also suggest that the setup reached a high complexity, caused by more advanced pro- can be negligible for certain analysis methods. Furthermore, cessor designs and the intricate interaction between user we found that our setup maintains significantly better per- formance under background load conditions, which means arXiv:1811.01412v2 [cs.PF] 20 Nov 2018 programs, the operating system, and the processor’s microar- chitecture. In this report, we summarize our experience on it can be used to improve high-performance applications. how performance characteristics of software should be mea- CCS Concepts • Software and its engineering → Soft- sured when running on a Linux operating system and a ware performance; modern processor.
  • Writing Kernel Exploits

    Writing Kernel Exploits

    Writing kernel exploits Keegan McAllister January 27, 2012 Keegan McAllister Writing kernel exploits Why attack the kernel? Total control of the system Huge attack surface Subtle code with potential for fun bugs Keegan McAllister Writing kernel exploits Kernel security Kernel and user code coexist in memory Kernel integrity depends on a few processor features: Separate CPU modes for kernel and user code Well-defined transitions between these modes Kernel-only instructions and memory Keegan McAllister Writing kernel exploits User vs. kernel exploits Typical userspace exploit: Manipulate someone's buggy program, locally or remotely Payload runs in the context of that user Typical kernel exploit: Manipulate the local kernel using system calls Payload runs in kernel mode Goal: get root! Remote kernel exploits exist, but are much harder to write Keegan McAllister Writing kernel exploits Scope We'll focus on the Linux kernel and 32-bit x86 hardware. Most ideas will generalize. References are on the last slides. Keegan McAllister Writing kernel exploits Let's see some exploits! We'll look at Two toy examples Two real exploits in detail Some others in brief How to harden your kernel Keegan McAllister Writing kernel exploits NULL dereference Keegan McAllister Writing kernel exploits A simple kernel module Consider a simple Linux kernel module. It creates a file /proc/bug1. It defines what happens when someone writes to that file. Keegan McAllister Writing kernel exploits bug1.c void (*my_funptr)(void); int bug1_write(struct file *file, const char *buf, unsigned long len) { my_funptr(); return len; } int init_module(void){ create_proc_entry("bug1", 0666, 0) ->write_proc = bug1_write; return 0; } Keegan McAllister Writing kernel exploits The bug $ echo foo > /proc/bug1 BUG: unable to handle kernel NULL pointer dereference Oops: 0000 [#1] SMP Pid: 1316, comm: bash EIP is at 0x0 Call Trace : [<f81ad009>] ? bug1_write+0x9/0x10 [bug1] [<c10e90e5>] ? proc_file_write+0x50/0x62 ..
  • Linux Kernel and Driver Development Training Slides

    Linux Kernel and Driver Development Training Slides

    Linux Kernel and Driver Development Training Linux Kernel and Driver Development Training © Copyright 2004-2021, Bootlin. Creative Commons BY-SA 3.0 license. Latest update: October 9, 2021. Document updates and sources: https://bootlin.com/doc/training/linux-kernel Corrections, suggestions, contributions and translations are welcome! embedded Linux and kernel engineering Send them to [email protected] - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 1/470 Rights to copy © Copyright 2004-2021, Bootlin License: Creative Commons Attribution - Share Alike 3.0 https://creativecommons.org/licenses/by-sa/3.0/legalcode You are free: I to copy, distribute, display, and perform the work I to make derivative works I to make commercial use of the work Under the following conditions: I Attribution. You must give the original author credit. I Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. I For any reuse or distribution, you must make clear to others the license terms of this work. I Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. Document sources: https://github.com/bootlin/training-materials/ - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 2/470 Hyperlinks in the document There are many hyperlinks in the document I Regular hyperlinks: https://kernel.org/ I Kernel documentation links: dev-tools/kasan I Links to kernel source files and directories: drivers/input/ include/linux/fb.h I Links to the declarations, definitions and instances of kernel symbols (functions, types, data, structures): platform_get_irq() GFP_KERNEL struct file_operations - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 3/470 Company at a glance I Engineering company created in 2004, named ”Free Electrons” until Feb.
  • An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K

    An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K

    An Evolutionary Study of Linux Memory Management for Fun and Profit Jian Huang, Moinuddin K. Qureshi, and Karsten Schwan, Georgia Institute of Technology https://www.usenix.org/conference/atc16/technical-sessions/presentation/huang This paper is included in the Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC ’16). June 22–24, 2016 • Denver, CO, USA 978-1-931971-30-0 Open access to the Proceedings of the 2016 USENIX Annual Technical Conference (USENIX ATC ’16) is sponsored by USENIX. An Evolutionary Study of inu emory anagement for Fun and rofit Jian Huang, Moinuddin K. ureshi, Karsten Schwan Georgia Institute of Technology Astract the patches committed over the last five years from 2009 to 2015. The study covers 4587 patches across Linux We present a comprehensive and uantitative study on versions from 2.6.32.1 to 4.0-rc4. We manually label the development of the Linux memory manager. The each patch after carefully checking the patch, its descrip- study examines 4587 committed patches over the last tions, and follow-up discussions posted by developers. five years (2009-2015) since Linux version 2.6.32. In- To further understand patch distribution over memory se- sights derived from this study concern the development mantics, we build a tool called MChecker to identify the process of the virtual memory system, including its patch changes to the key functions in mm. MChecker matches distribution and patterns, and techniues for memory op- the patches with the source code to track the hot func- timizations and semantics. Specifically, we find that tions that have been updated intensively.
  • Review Der Linux Kernel Sourcen Von 4.9 Auf 4.10

    Review Der Linux Kernel Sourcen Von 4.9 Auf 4.10

    Review der Linux Kernel Sourcen von 4.9 auf 4.10 Reviewed by: Tested by: stecan stecan Period of Review: Period of Test: From: Thursday, 11 January 2018 07:26:18 o'clock +01: From: Thursday, 11 January 2018 07:26:18 o'clock +01: To: Thursday, 11 January 2018 07:44:27 o'clock +01: To: Thursday, 11 January 2018 07:44:27 o'clock +01: Report automatically generated with: LxrDifferenceTable, V0.9.2.548 Provided by: Certified by: Approved by: Account: stecan Name / Department: Date: Friday, 4 May 2018 13:43:07 o'clock CEST Signature: Review_4.10_0_to_1000.pdf Page 1 of 793 May 04, 2018 Review der Linux Kernel Sourcen von 4.9 auf 4.10 Line Link NR. Descriptions 1 .mailmap#0140 Repo: 9ebf73b275f0 Stephen Tue Jan 10 16:57:57 2017 -0800 Description: mailmap: add codeaurora.org names for nameless email commits ----------- Some codeaurora.org emails have crept in but the names don't exist for them. Add the names for the emails so git can match everyone up. Link: http://lkml.kernel.org/r/[email protected] 2 .mailmap#0154 3 .mailmap#0160 4 CREDITS#2481 Repo: 0c59d28121b9 Arnaldo Mon Feb 13 14:15:44 2017 -0300 Description: MAINTAINERS: Remove old e-mail address ----------- The ghostprotocols.net domain is not working, remove it from CREDITS and MAINTAINERS, and change the status to "Odd fixes", and since I haven't been maintaining those, remove my address from there. CREDITS: Remove outdated address information ----------- This address hasn't been accurate for several years now.
  • OMV Crash 25Feb2020 Syslog

    OMV Crash 25Feb2020 Syslog

    Feb 25 00:00:00 prometheus rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="858" x-info="https://www.rsyslog.com"] rsyslogd was HUPed Feb 25 00:00:00 prometheus systemd[1]: logrotate.service: Succeeded. Feb 25 00:00:00 prometheus systemd[1]: Started Rotate log files. Feb 25 00:00:01 prometheus CRON[10420]: (root) CMD (/usr/sbin/omv- mkrrdgraph >/dev/null 2>&1) Feb 25 00:09:00 prometheus systemd[1]: Starting Clean php session files... Feb 25 00:09:00 prometheus sessionclean[10668]: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/pam.so' - /usr/lib/php/20151012/pam.so: cannot open shared object file: No such file or directory in Unknown on line 0 Feb 25 00:09:00 prometheus sessionclean[10668]: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/pam.so' - /usr/lib/php/20151012/pam.so: cannot open shared object file: No such file or directory in Unknown on line 0 Feb 25 00:09:00 prometheus sessionclean[10668]: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/pam.so' - /usr/lib/php/20151012/pam.so: cannot open shared object file: No such file or directory in Unknown on line 0 Feb 25 00:09:00 prometheus systemd[1]: phpsessionclean.service: Succeeded. Feb 25 00:09:00 prometheus systemd[1]: Started Clean php session files. Feb 25 00:09:01 prometheus CRON[10770]: (root) CMD ( [ -x /usr/lib/ php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/ php/sessionclean; fi) Feb 25 00:15:01 prometheus CRON[10858]: (root) CMD (/usr/sbin/omv- mkrrdgraph >/dev/null 2>&1) Feb 25 00:17:01 prometheus CRON[10990]: (root) CMD ( cd / && run- parts --report /etc/cron.hourly) Feb 25 00:17:01 prometheus postfix/postsuper[10993]: fatal: scan_dir_push: open directory hold: No such file or directory Feb 25 00:30:01 prometheus CRON[11200]: (root) CMD (/usr/sbin/omv- mkrrdgraph >/dev/null 2>&1) Feb 25 00:39:00 prometheus systemd[1]: Starting Clean php session files..
  • Open Source Practice of LG Electronics

    Open Source Practice of LG Electronics

    Open Source Practice of LG Electronics Hyo Jun Im Software Platform Laboratory, LG Electronics Introduction to LG Electronics LG Electronics is a global leader and technology innovator in consumer electronics, mobile communications and home appliances. Overview This presentation covers both the open source compliance and open source engagement Compliance LG Community Engagement Open Source Compliance How LG Electronics built the open source compliance process from scratch. Steps for Building Up Open Source Compliance Process | Kick-starting open source compliance | Raising awareness | Setting up the process | Filling holes in the process | Efficient open source compliance Kick-starting Open Source Compliance | Challenges > Lack of knowledge on open source compliance > Lack of verification tools | What we did > Just rushed into writing the open source software notice in the user manual > Manual open source identification and verification | What we got > Basic knowledge of popular open source licenses > Need for automated verification tools > Knowledge on practical issues with open source compliance Raising Awareness | Introduction to relevant lawsuit case | Online / Offline training | Escalation of the open source compliance issues to management | Help from outside experts Industry Lawsuit Case • 2006 Set the precedent that the sale of a product can be prohibited 2007 • Distributors can be held responsible, and lawsuits filed against them • 2008 Similar to the case with Skype • 2010 Forced to give TVs to charity organizations as well as
  • Red Hat Enterprise Linux Roadmap

    Red Hat Enterprise Linux Roadmap

    RED HAT ENTERPRISE LINUX ROADMAP Transforming Application Delivery While Protecting Your Application Investments Ron Pacheco, Director, Product Management Karen Noel, Director of Engineering May 2, 2017 Disclaimer The content set forth herein does not constitute in any way a binding or legal agreement or impose any legal obligation or duty on Red Hat. This information is provided for discussion purposes only and is subject to change for any or no reason. MARKET REQUIREMENTS “Light up my hardware.” “Enable my operations.” Circa 2002 Circa 2017 ● Light up my hardware ● Everything I’m used to and... ● Award winning support ● More software available ● Vast ecosystem ● Less software installed ● Peerless security ● Non-disruptive updates ● Lifecycle options ● More automation BRIEF HISTORY OF RED HAT ENTERPRISE LINUX Not pictured: tens of thousands of incremental improvements Control Groups Mandatory access controls Secure Virtualization IBM Power Automated security Real-time kernel IBM Z Series RHEL is born. audits ‘02 ‘03 ‘05 ‘07 ‘10 ‘11 ‘12 ‘13 ‘15 Virtualization Containers Software-defined Cluster file Software-defined Networking systems storage FLEXIBILITY ACROSS DEPLOYMENT TARGETS via a Trusted, Consistent Host Environment RED HAT ENTERPRISE LINUX IS THE FOUNDATION RED HAT ENTERPRISE LINUX ROADMAP Red Hat CY2016 CY2017 Summit CY2018 CY2019 CY2020 2017 RHEL 7 RHEL ATOMIC HOST RHEL FOR REAL TIME .2 .3 .4 .5 .6.5 .7 RHEL FOR SAP APPLICATIONS RHEL FOR SAP HANA RHEL 6 RHEL FOR SAP APPLICATIONS .8 .9 .10 RHEL FOR SAP HANA RHEL 5 .11 SOFTWARE
  • New Security Enhancements in Red Hat Enterprise Linux V.3, Update 3

    New Security Enhancements in Red Hat Enterprise Linux V.3, Update 3

    New Security Enhancements in Red Hat Enterprise Linux v.3, update 3 By Arjan van de Ven Abstract This whitepaper describes the new security features that have been added to update 3 of Red Hat Enterprise Linux v.3: ExecShield and support for NX technology. August 2004 Table of Contents Introduction 2 Types of Security Holes 2 Buffer Overflows 3 Countering Buffer Overflows 4 Randomization 6 Remaining Randomization: PIE Binaries 7 Compatibility 8 How Well Does it Work? 9 Future Work 10 ¢¡¤£¦¥¨§ © ¤ ¦ ¨¢ ¨ ! ¨! "¨ $#!© ¨%¦&¨¦ ¨! ¤' ¨¡(*)+¤-, ¡ ¡¤.!+ !£§ ¡¤%/ 01, © 02 ".§ + § ¨.)+.§ 3¦01¡.§4§ .© 02 .§ + § ¨.)+.§ 3¦01¡54¢! . !! !© 6¢'7.!"¡ .§.8¡.%¨¦ § © ¨0 #© %8&9© 0:§ ¨ ¨© 02 .§ ¨+ § ¨.)+¤§ 3;¡!54#!© %!0;<=¡.§ >!¨, ¨0 ¦?@BA$¨C.6B'ED8F ! Introduction The world of computer security has changed dramatically in the last few years. Network security used to be about one dedicated hacker trying to get into one government computer, but now it is often about automated mass attacks. The SQL Slammer and Code Red worms were the first wide-scale computer security incidents to get mainstream press coverage. Linux has had similar, less-invasive worms in the past, such as the Slapper worm of 2002. Another relatively new phenomenon is that compromised computers are primarily being used for other purposes, including sending spam or participating in Distributed Denial of Service (DDOS) attacks. A contributing factor to the mass-compromise problem is that a large portion1 of users and system administrators generally do not apply the security fixes that are provided by the operating system vendor. This leaves a significant number of vulnerable machines connected to the Internet at all times. Providing security updates after the fact, however, is not sufficient.
  • Architecture of the Linux Kernel

    Architecture of the Linux Kernel

    Architecture of the Linux kernel Gerion Entrup Felix Herrmann Sophie Matter Elias Entrup Matthias Jakob Jan Eberhardt Mathias Casselt March 21, 2018 Contents 1 Introduction 7 1.1 Overview of Linux components ................................... 7 1.2 License ................................................. 9 2 Process Management 11 2.1 Processes ............................................... 11 2.2 Process creation - Forking a process ................................ 13 2.3 Threads ................................................ 16 3 Scheduling in Linux 17 3.1 Scheduling-Classes .......................................... 17 3.2 Process Categories .......................................... 17 3.3 O(1)-Scheduler ............................................ 18 3.4 Priorities and Timeslices ....................................... 18 3.5 Completely Fair Scheduler ...................................... 19 3.5.1 Implementation details .................................... 20 3.6 Kernel Preemption .......................................... 21 4 Interrupts 23 4.1 Interrupt processing ......................................... 23 4.2 Interrupt entry ............................................ 23 4.3 Event handler ............................................. 24 4.3.1 Example: Generic Top Halve ................................ 24 4.3.2 Example: Handler ...................................... 24 4.4 /proc/interrupts ........................................... 25 4.5 Conclusion .............................................. 25 5 Bottom Halves 27 5.1
  • Slab Allocators in the Linux Kernel: SLAB, SLOB, SLUB

    Slab Allocators in the Linux Kernel: SLAB, SLOB, SLUB

    Slab allocators in the Linux Kernel: SLAB, SLOB, SLUB Christoph Lameter, LinuxCon/Düsseldorf 2014 (Revision Oct 3, 2014) The Role of the Slab allocator in Linux • PAGE_SIZE (4k) basic allocation unit via page allocator. • Allows fractional allocation. Frequently needed for small objects that the kernel allocates f.e. for network descriptors. • Slab allocation is very performance sensitive. • Caching. • All other subsystems need the services of the slab allocators. • Terminology: SLAB is one of the slab allocator. • A SLAB could be a page frame or a slab cache as a whole. It's confusing. Yes. System Components around Slab Allocators kmalloc(size, flags) Device kfree(object) Page Drivers kzalloc(size, flags) Allocator kmem_cache_alloc(cahe, flags) kmem_cache_free(object) s Slab e kmalloc_node(size, flags, node) m File allocator a kmem_cache_alloc_node(cache, r F Systems flags, node) s e t c g e a j b P o l l a m S Memory Management User space code Slab allocators available • SLOB: K&R allocator (1991-1999) • SLAB: Solaris type allocator (1999-2008) • SLUB: Unqueued allocator (2008-today) • Design philosophies – SLOB: As compact as possible – SLAB: As cache friendly as possible. Benchmark friendly. – SLUB: Simple and instruction cost counts. Superior Debugging. Defragmentation. Execution time friendly. 1991 1991 Initial K&R allocator 1996 SLAB allocator development subsystem Slab line: Time 2000 2003 SLOB allocator 2004 NUMA SLAB 2007 SLUB allocator 2008 SLOB multilist 2010 2011 SLUB fastpath rework 2013 Common slab code 2014 2014 SLUBification of SLAB Maintainers • Manfred Spraul <SLAB Retired> • Matt Mackall <SLOB Retired> • Pekka Enberg • Christoph Lameter <SLUB, SLAB NUMA> • David Rientjes • Joonsoo Kim Contributors • Alokk N Kataria SLAB NUMA code • Shobhit Dayal SLAB NUMA architecture • Glauber Costa Cgroups support • Nick Piggin SLOB NUMA support and performance optimizations.