Operating Systems
See also note on:
- Concurrency
Linux
Beej’s Guide to Network Programming Linux Kernel Development build the smallest possible linux system
Serial port programing https://www.cmrr.umn.edu/~strupp/serial.html https://en.wikibooks.org/wiki/Serial_Programming/termios termios
ioctl fcntl
System Calls
The Definitive Guide to Linux System Calls some nice info on how syscalls happens. Interrupt x80, syscall instruction etc. VDSO - v
mmapconnectopenclosereadwrite-
sync select-
poll -
fork- make new process. -
futexfast userspace mutex https://www.collabora.com/news-and-blog/blog/2022/02/08/landing-a-new-syscall-part-what-is-futex/ https://news.ycombinator.com/item?id=30271902 futex tutorial epoll-
dnotify/inotify- be told when certain events happen -
ptracea parent process can control another process. Gets to peek and poke memory. Control transferred on singals or system calls. Used by debuggers for example. Single step instructions -
io_uringI think this is a set of new system calls. Fast io using a ring buffer. liburing library io_ctldevice specific control calls
Porting OpenBSD pledge() to Linux
Resources
Linux Kernel Labs https://linux-kernel-labs.github.io/refs/heads/master/index.html
https://training.linuxfoundation.org/training/a-beginners-guide-to-linux-kernel-development-lfd103/
kernel documentation https://www.kernel.org/doc/html/latest/
Locks
- pthreads
LWN
Kernel
no libc small pre-processed fixed size stack ~4kb no floating point?
processes are tracked
processes own resources
pids. ps
Security
seccomp
LSM linux security module selinux and apparmor are based on lsm
selinux is externally sandboxing a process. landlock is program developer voluntarily giving up access
ebpf
firejail? https://firejail.wordpress.com/
https://twitter.com/kees_cook cool links
landlock restrict ambient rights, global file system access https://lwn.net/Articles/859908/ https://news.ycombinator.com/item?id=27215563 discussion about landlock, incudes ocmparsion of some other features
openbsd pledge, unveil
kmsan KernelMemorySanitizer, a detector of uses of uninitialized memory in the Linux kernel
Virtualization
Concurrency
libuv libev libevent
File System
Disk sectors. Disk rotation speed Disk Seek time
RAID - Redundant array of inexpensive disks. Copy data to multiple disks, or use error correction. RAID0 just interleaves disks for parallelism striping - put subsequent blocks on different disks RAID 1 - mirroring. Just rwwrite the same thing to multiple disks
https://github.com/klange/toaruos complete operating system from scratch
Hypervisors - like OS for OSes
https://twitter.com/Intel80x86/status/1560618407224963072?s=20&t=5ByjIVPCy80__MKWdWW1Aw hypervisor from scratch 5 Days To Virtualization: A Series On Hypervisor Development
How do programs start?
Syscalls
Memory management
Scheduling - interrupts
docker
microkernels
https://mirage.io/ mirage os
seL4
Microkernel Functional correctness But also binary level verification. Uses gcc but disassemblers result to verify
Hypervisors
Bootloaders
Booting is like a whole thing.
UEFI BIOS basic input output system - loads first sector and runs it. 16 bit code
https://superuser.com/questions/708196/what-is-difference-between-u-boot-and-bios
GRUB
POST - power on self test
MBR master boot record. 512 bytes. See sector lisp, sector forth, sector games
bootloader stages - more an more complex systems
TPM https://www.sweetwater.com/sweetcare/articles/tpm-and-secure-boot-what-are-they-and-how-do-i-enable-them/ secure boot So like malware can really fuck you by manipulating the boot process? I could see that.
Formal methods applied to booting
Formal Verification of a Modern Boot Loader 2018 - SABLE. Isabelle Towards a verified first-stage bootloader in Coq - 2020 - phd dissertation
SPIN 2009 Verified functional programming of an IoT operating system’s bootloader - 2021 Low* Riot Formally Verifying Security Properties for OpenTitan Boot Code with Uppaal - 2021