• Linux
  • System Calls
  • Resources
  • Kernel
  • Security
  • Virtualization
  • Concurrency
• File System
• docker
• microkernels
• seL4
• Hypervisors
• Bootloaders
• Stuff

See also note on:

• Concurrency

Linux

Beej’s Guide to Network Programming Linux Kernel Development build the smallest possible linux system

Serial port programing https://www.cmrr.umn.edu/~strupp/serial.html https://en.wikibooks.org/wiki/Serial_Programming/termios termios

ioctl fcntl

System Calls

The Definitive Guide to Linux System Calls some nice info on how syscalls happens. Interrupt x80, syscall instruction etc. VDSO - v

• mmap
• connect
• open
• close
• read
• write

• sync

• select

• poll

• fork - make new process.

• futex fast userspace mutex https://www.collabora.com/news-and-blog/blog/2022/02/08/landing-a-new-syscall-part-what-is-futex/ https://news.ycombinator.com/item?id=30271902 futex tutorial

• epoll

• dnotify / inotify - be told when certain events happen

• ptrace a parent process can control another process. Gets to peek and poke memory. Control transferred on singals or system calls. Used by debuggers for example. Single step instructions

• io_uring I think this is a set of new system calls. Fast io using a ring buffer. liburing library

• io_ctl device specific control calls

Porting OpenBSD pledge() to Linux

Resources

Linux Kernel Labs https://linux-kernel-labs.github.io/refs/heads/master/index.html

https://training.linuxfoundation.org/training/a-beginners-guide-to-linux-kernel-development-lfd103/

kernel documentation https://www.kernel.org/doc/html/latest/

Locks

• pthreads

LWN

Kernel

no libc small pre-processed fixed size stack ~4kb no floating point?

processes are tracked processes own resources pids. ps

Security

seccomp

LSM linux security module selinux and apparmor are based on lsm

selinux is externally sandboxing a process. landlock is program developer voluntarily giving up access

ebpf

firejail? https://firejail.wordpress.com/

https://twitter.com/kees_cook cool links

landlock restrict ambient rights, global file system access https://lwn.net/Articles/859908/ https://news.ycombinator.com/item?id=27215563 discussion about landlock, incudes ocmparsion of some other features

openbsd pledge, unveil

security things in Linux v…

kmsan KernelMemorySanitizer, a detector of uses of uninitialized memory in the Linux kernel

Virtualization

Concurrency

libuv libev libevent

File System

Disk sectors. Disk rotation speed Disk Seek time

RAID - Redundant array of inexpensive disks. Copy data to multiple disks, or use error correction. RAID0 just interleaves disks for parallelism striping - put subsequent blocks on different disks RAID 1 - mirroring. Just rwwrite the same thing to multiple disks

https://github.com/klange/toaruos complete operating system from scratch

Hypervisors - like OS for OSes

https://twitter.com/Intel80x86/status/1560618407224963072?s=20&t=5ByjIVPCy80__MKWdWW1Aw hypervisor from scratch 5 Days To Virtualization: A Series On Hypervisor Development

How do programs start?

Syscalls

Memory management

Scheduling - interrupts

docker

microkernels

https://mirage.io/ mirage os

seL4

Microkernel Functional correctness But also binary level verification. Uses gcc but disassemblers result to verify

Hypervisors

Bootloaders

Booting is like a whole thing.

UEFI BIOS basic input output system - loads first sector and runs it. 16 bit code

UBOOT

https://superuser.com/questions/708196/what-is-difference-between-u-boot-and-bios

GRUB

POST - power on self test

MBR master boot record. 512 bytes. See sector lisp, sector forth, sector games

bootloader stages - more an more complex systems

TPM https://www.sweetwater.com/sweetcare/articles/tpm-and-secure-boot-what-are-they-and-how-do-i-enable-them/ secure boot So like malware can really fuck you by manipulating the boot process? I could see that.

Formal methods applied to booting

Formal Verification of a Modern Boot Loader 2018 - SABLE. Isabelle Towards a verified first-stage bootloader in Coq - 2020 - phd dissertation

SPIN 2009 Verified functional programming of an IoT operating system’s bootloader - 2021 Low* Riot Formally Verifying Security Properties for OpenTitan Boot Code with Uppaal - 2021

Model checking boot code from AWS data centers- 2020 - CBMC

Stuff

https://www.kernel.org/doc/Documentation/filesystems/proc.txt proc documentation

cat /proc/self/mems
cat /proc/self/status

https://osquery.readthedocs.io/en/stable/ query OS info as sqlite virtual table