For the Linux kernel, CVEs do not work at all given the rate of fixes being applied and rapidly backported and pushed to users through a huge variety of different ways. The average “request to fix” date for Linux CVEs is -100 days, showing that either no one cares about CVEs for Linux, or engineers are using them to game their internal release processes, or no one happens to notice when the kernel developers resolve an issue, or all of the above. This talk will go into the problems with CVEs when it comes to a fast moving project like Linux, and show the decentralized solution that we have been using for the past 14 years instead. All other open source projects are encouraged to use these same methods to help resolve the problems that CVEs have.
The document discusses the Linux kernel and its structure. The Linux kernel acts as the interface between hardware and software, contains device drivers for peripherals, handles resource allocation and tracking application access to files. It is also responsible for security and access controls for users. The kernel version numbers use even numbers to indicate stable releases.
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
The document discusses modern techniques for exploiting vulnerabilities in the Windows kernel memory pool. It provides an overview of the kernel pool structures and internals in Windows 7 and earlier versions. Specific topics covered include the pool descriptor, pool headers, free lists, lookaside lists, large allocations, and the use of bitmaps. The goal is to identify weaknesses that can be leveraged for privilege escalation attacks.
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Pierre-jean Texier
The document discusses adding new platform support for SWUpdate in 30 minutes using Yocto/OE. It provides an overview of SWUpdate and the update process. It then demonstrates how to generate a clean Yocto/OE setup for the Microchip SAMA5D27-SOM1-EK1 board using KAS. Specific steps are outlined for creating a partition scheme, machine configuration, and deployment/testing of SWUpdate on the target board.
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedAdrian Huang
This slide deck describes the Linux booting flow for x86_64 processors.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
This document provides an overview of Java input/output (I/O) concepts including reading from and writing to the console, files, and streams. It discusses different I/O stream classes like PrintStream, InputStream, FileReader, FileWriter, BufferedReader, and how to read/write characters, bytes and objects in Java. The document also introduces new I/O features in Java 7 like try-with-resources for automatic resource management.
Anatomy of the loadable kernel module (lkm)Adrian Huang
Talk about how Linux kernel invokes your module's init function.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
The document discusses toolchains and cross toolchains. It defines a toolchain as a collection of tools including a C compiler, C libraries, and binary utilities. A cross toolchain is a toolchain configured to compile code for a platform other than the one on which the toolchain is running. The document outlines steps for building a cross toolchain, including obtaining kernel headers, building binary utilities, compilers, and libraries. It also discusses automated build tools like Crosstool and testing the generated cross toolchain.
Build your own embedded linux distributions by yocto projectYen-Chin Lee
The document discusses the Yocto Project, an open-source collaboration project that provides templates, tools, and methods for creating custom Linux-based systems for embedded products. It provides an overview of the key components of Yocto including Poky, BitBake, and metadata. It also summarizes how to get started with Yocto including downloading Poky, setting up the build environment, and building a minimal image that can be run in QEMU for testing purposes.
The document discusses the Linux kernel and its structure. The Linux kernel acts as the interface between hardware and software, contains device drivers for peripherals, handles resource allocation and tracking application access to files. It is also responsible for security and access controls for users. The kernel version numbers use even numbers to indicate stable releases.
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
The document discusses modern techniques for exploiting vulnerabilities in the Windows kernel memory pool. It provides an overview of the kernel pool structures and internals in Windows 7 and earlier versions. Specific topics covered include the pool descriptor, pool headers, free lists, lookaside lists, large allocations, and the use of bitmaps. The goal is to identify weaknesses that can be leveraged for privilege escalation attacks.
Diving into SWUpdate: adding new platform support in 30minutes with Yocto/OE !Pierre-jean Texier
The document discusses adding new platform support for SWUpdate in 30 minutes using Yocto/OE. It provides an overview of SWUpdate and the update process. It then demonstrates how to generate a clean Yocto/OE setup for the Microchip SAMA5D27-SOM1-EK1 board using KAS. Specific steps are outlined for creating a partition scheme, machine configuration, and deployment/testing of SWUpdate on the target board.
Vmlinux: anatomy of bzimage and how x86 64 processor is bootedAdrian Huang
This slide deck describes the Linux booting flow for x86_64 processors.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
This document provides an overview of Java input/output (I/O) concepts including reading from and writing to the console, files, and streams. It discusses different I/O stream classes like PrintStream, InputStream, FileReader, FileWriter, BufferedReader, and how to read/write characters, bytes and objects in Java. The document also introduces new I/O features in Java 7 like try-with-resources for automatic resource management.
Anatomy of the loadable kernel module (lkm)Adrian Huang
Talk about how Linux kernel invokes your module's init function.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
The document discusses toolchains and cross toolchains. It defines a toolchain as a collection of tools including a C compiler, C libraries, and binary utilities. A cross toolchain is a toolchain configured to compile code for a platform other than the one on which the toolchain is running. The document outlines steps for building a cross toolchain, including obtaining kernel headers, building binary utilities, compilers, and libraries. It also discusses automated build tools like Crosstool and testing the generated cross toolchain.
Build your own embedded linux distributions by yocto projectYen-Chin Lee
The document discusses the Yocto Project, an open-source collaboration project that provides templates, tools, and methods for creating custom Linux-based systems for embedded products. It provides an overview of the key components of Yocto including Poky, BitBake, and metadata. It also summarizes how to get started with Yocto including downloading Poky, setting up the build environment, and building a minimal image that can be run in QEMU for testing purposes.
Most of this session will focus on Kernel Module Programming. We will briefly talk about the interaction of different layers of operating system from userspace to kernel space. Starting from simple Hello World kernel modules, we will learn the development of more sophisticated modules related to device drivers and interrupt handlers. We will also briefly touch upon the shell scripts and how they can be used to extract system level information. Since, this will be a hands on session, attendees are expected to try the examples on their machines. Basic understanding of operating systems and C programming is expected for the tutorial.
This document discusses bootloaders, specifically the Universal Boot Loader (U-Boot). It provides an overview of bootloader concepts, U-Boot specifics, the U-Boot initialization sequence, how U-Boot passes arguments to the kernel, hands-on with U-Boot commands, the U-Boot source code structure, configuring and compiling U-Boot for a board, and porting U-Boot to support a new board.
Embitude's Linux SPI Drivers Training Slides. Contains the details of AM335X specific low level programming, SPI components such as SPI Master Driver, SPI Client Driver, Device Tree for SPI
Buildroot is a tool that generates embedded Linux systems by automating the configuration, compilation, and packaging of the system. It produces a root filesystem image ready to deploy on the target architecture. The build process compiles packages and a cross-compilation toolchain, then generates images containing the root filesystem, kernel, and other files needed by the target system. The output of Buildroot is organized into subdirectories containing the built images, toolchain, target and host files, and a staging area simulating the target filesystem.
Slides from my workshop at Hack.LU 2010 in Luxembourg. This workshop introduced the basic concepts of Return Oriented Programming with some hands-on exercises.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
The document discusses the architecture of the Linux kernel. It describes the user space and kernel space components. In user space are the user applications, glibc library, and each process's virtual address space. In kernel space are the system call interface, architecture-independent kernel code, and architecture-dependent code. It then covers several kernel subsystems like process management, memory management, virtual file system, network stack, and device drivers.
How to do Test-Driven Development in C illustrated by solving a Recently Used List kata.
Similar slides can be found here http://www.olvemaudal.com/talks
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
As the name would suggest, a Non-Maskable Interrupt (NMI) is an interrupt-like feature that is unaffected by the disabling of classic interrupts. In Linux, NMIs are involved in some features such as performance event monitoring, hard-lockup detector, on demand state dumping, etc… Their potential to fire when least expected can fill the most seasoned kernel hackers with dread.
AArch64 (aka arm64 in the Linux tree) does not provide architected NMIs, a consequence being that features benefiting from NMIs see their use limited on AArch64. However, the Arm Generic Interrupt Controller (GIC) supports interrupt prioritization and masking, which, among other things, provides a way to control whether or not a set of interrupts can be signaled to a CPU.
This talk will cover how, using the GIC interrupt priorities, we provide a way to configure some interrupts to behave in an NMI-like manner on AArch64. We’ll discuss the implementation, some of the complications that ensued and also some of the benefits obtained from it.
Julien Thierry
Not a Security Boundary: Bypassing User Account Controlenigma0x3
This document summarizes the evolution of techniques for bypassing Windows User Account Control (UAC) without user interaction. It begins with an overview of UAC and integrity levels, then discusses early bypass techniques that abused objects like scheduled tasks and COM interfaces that elevate privileges silently. It traces the progression of bypass methods, from registry modifications and race conditions to more sophisticated approaches like token manipulation. The document emphasizes that mitigating UAC bypasses requires stopping the use of local administrator accounts and practicing least privilege. It directs the audience to additional resources on UAC bypass research.
Virtual File System in Linux Kernel
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.
This document is a tutorial on makefiles that introduces their purpose for managing complex compilations across multiple source files. It covers topics such as targets, dependencies, macros, naming conventions, phony targets, automatic variables, and default compilation rules. An example makefile is provided to demonstrate these concepts.
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.
The document summarizes how to write a character device driver in Linux. It covers the anatomy of a device driver including the user interface via device files, and kernel interfaces via file operations and major/minor numbers. It describes registering a character driver by defining file operations, reserving major/minor numbers, and associating them. Open and release functions handle initialization and cleanup. Read/write functions transfer data between userspace and hardware. Ioctl allows extending functionality.
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
The document provides an introduction to operating systems and key concepts such as processes, virtual memory, and multitasking. It discusses how the CPU uses registers to perform computations and access memory. It explains that an operating system allows multiple programs to run simultaneously through time-slicing and context-switching between processes. Each process has its own virtual address space and sees its own "virtual machine" presented by the operating system.
The document discusses how covering indexes can provide orders-of-magnitude improvements in query performance over table scans. It provides an example of a query on a fact table with 1 billion rows that is 1300x faster when using a covering index instead of a table scan. The document also discusses how clustering indexes can further optimize queries by materializing tables in a different order based on the index.
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
Most of this session will focus on Kernel Module Programming. We will briefly talk about the interaction of different layers of operating system from userspace to kernel space. Starting from simple Hello World kernel modules, we will learn the development of more sophisticated modules related to device drivers and interrupt handlers. We will also briefly touch upon the shell scripts and how they can be used to extract system level information. Since, this will be a hands on session, attendees are expected to try the examples on their machines. Basic understanding of operating systems and C programming is expected for the tutorial.
This document discusses bootloaders, specifically the Universal Boot Loader (U-Boot). It provides an overview of bootloader concepts, U-Boot specifics, the U-Boot initialization sequence, how U-Boot passes arguments to the kernel, hands-on with U-Boot commands, the U-Boot source code structure, configuring and compiling U-Boot for a board, and porting U-Boot to support a new board.
Embitude's Linux SPI Drivers Training Slides. Contains the details of AM335X specific low level programming, SPI components such as SPI Master Driver, SPI Client Driver, Device Tree for SPI
Buildroot is a tool that generates embedded Linux systems by automating the configuration, compilation, and packaging of the system. It produces a root filesystem image ready to deploy on the target architecture. The build process compiles packages and a cross-compilation toolchain, then generates images containing the root filesystem, kernel, and other files needed by the target system. The output of Buildroot is organized into subdirectories containing the built images, toolchain, target and host files, and a staging area simulating the target filesystem.
Slides from my workshop at Hack.LU 2010 in Luxembourg. This workshop introduced the basic concepts of Return Oriented Programming with some hands-on exercises.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
The document discusses the architecture of the Linux kernel. It describes the user space and kernel space components. In user space are the user applications, glibc library, and each process's virtual address space. In kernel space are the system call interface, architecture-independent kernel code, and architecture-dependent code. It then covers several kernel subsystems like process management, memory management, virtual file system, network stack, and device drivers.
How to do Test-Driven Development in C illustrated by solving a Recently Used List kata.
Similar slides can be found here http://www.olvemaudal.com/talks
Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMIAnne Nicolas
As the name would suggest, a Non-Maskable Interrupt (NMI) is an interrupt-like feature that is unaffected by the disabling of classic interrupts. In Linux, NMIs are involved in some features such as performance event monitoring, hard-lockup detector, on demand state dumping, etc… Their potential to fire when least expected can fill the most seasoned kernel hackers with dread.
AArch64 (aka arm64 in the Linux tree) does not provide architected NMIs, a consequence being that features benefiting from NMIs see their use limited on AArch64. However, the Arm Generic Interrupt Controller (GIC) supports interrupt prioritization and masking, which, among other things, provides a way to control whether or not a set of interrupts can be signaled to a CPU.
This talk will cover how, using the GIC interrupt priorities, we provide a way to configure some interrupts to behave in an NMI-like manner on AArch64. We’ll discuss the implementation, some of the complications that ensued and also some of the benefits obtained from it.
Julien Thierry
Not a Security Boundary: Bypassing User Account Controlenigma0x3
This document summarizes the evolution of techniques for bypassing Windows User Account Control (UAC) without user interaction. It begins with an overview of UAC and integrity levels, then discusses early bypass techniques that abused objects like scheduled tasks and COM interfaces that elevate privileges silently. It traces the progression of bypass methods, from registry modifications and race conditions to more sophisticated approaches like token manipulation. The document emphasizes that mitigating UAC bypasses requires stopping the use of local administrator accounts and practicing least privilege. It directs the audience to additional resources on UAC bypass research.
Virtual File System in Linux Kernel
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
Eksploitasi kerentanan pada hypervisor semakin banyak diperbincangkan di beberapa tahun ini, dimulai dari kompetisi hacking Pwn2Own pada 2017 yang mengadakan kategori Virtual Machine dalam ajang lombanya, dan juga teknologi-teknologi terkini yang banyak menggunakan hypervisor seperti Cloud Computing, Malware Detection, dll. Hal tersebut menjadi ketertarikan bagi sebagian hacker, security researcher untuk mencari kelemahan dan mengeksploitasi hypervisor. Tulisan ini menjelaskan mengenai proses Vulnerability Research dan VM Escape exploitation pada VirtualBox.
This document is a tutorial on makefiles that introduces their purpose for managing complex compilations across multiple source files. It covers topics such as targets, dependencies, macros, naming conventions, phony targets, automatic variables, and default compilation rules. An example makefile is provided to demonstrate these concepts.
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.
The document summarizes how to write a character device driver in Linux. It covers the anatomy of a device driver including the user interface via device files, and kernel interfaces via file operations and major/minor numbers. It describes registering a character driver by defining file operations, reserving major/minor numbers, and associating them. Open and release functions handle initialization and cleanup. Read/write functions transfer data between userspace and hardware. Ioctl allows extending functionality.
Page cache mechanism in Linux kernel.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
The document provides an introduction to operating systems and key concepts such as processes, virtual memory, and multitasking. It discusses how the CPU uses registers to perform computations and access memory. It explains that an operating system allows multiple programs to run simultaneously through time-slicing and context-switching between processes. Each process has its own virtual address space and sees its own "virtual machine" presented by the operating system.
The document discusses how covering indexes can provide orders-of-magnitude improvements in query performance over table scans. It provides an example of a query on a fact table with 1 billion rows that is 1300x faster when using a covering index instead of a table scan. The document also discusses how clustering indexes can further optimize queries by materializing tables in a different order based on the index.
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
Moving from Jenkins 1 to 2 declarative pipeline adventuresFrits Van Der Holst
T-Dose 2017 presentation, Sunday 19 November 2017. Adventures building a declarative pipeline script for a traditional (non-java/non-cloud) installable windows/Linux application. Video will hopefully be available later.
This document provides an introduction to Linux kernel development. It discusses the basics of the kernel including its responsibilities and types. It covers the process of building the kernel using Kconfig and Makefiles. It also describes the kernel API and common data structures used for threading, modules, and devices. Finally, it discusses best practices for patching the kernel including code style checks and signing off on changes.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
In both business and academia, reproducibility is the root of trust in computational results. Software engineering is critical to consistently support the work. Basic practices including systematic build, automatic tests, version control, and documentation will be discussed. The practices and a mix of programming languages enable developers to address the challenges in scientific computing by creating a flexible and high-performance platform. The fundamental idea is to generalize and segregate common constructs so that they can be reinforced during the whole cycles of code development, to enhance the confidence in the produced results. It is also necessary to engage in software development communities, as a means to improve productivity and give back.
introduction-infra-as-a-code using terraformniyof97
This document provides a summary of the challenges faced when manually configuring and deploying infrastructure and applications without using infrastructure as code tools. It describes issues that arose when installing dependencies for a Ruby on Rails application locally and on Amazon EC2 instances. It then introduces infrastructure as code using Docker to containerize applications and define environments as code. Docker images for a Sinatra backend and Rails frontend are built and linked together using Docker Compose. The document advocates for using infrastructure as code tools like Docker and Terraform to avoid manual configuration issues and facilitate consistent deployments across environments.
Working in Web Operations means dealing with production systems that in most cases needs to be operational 24×7x365.
To reach 99.99999% uptime, you must fail as little as possible.
This talk will go through a few real-world incidents and failures experienced by our small WebOps team, and outline what we are learning (the hard way), and how we’re trying to improve.
What could possibly go wrong? :-)
When Node.js Goes Wrong: Debugging Node in Production
The event-oriented approach underlying Node.js enables significant concurrency using a deceptively simple programming model, which has been an important factor in Node's growing popularity for building large scale web services. But what happens when these programs go sideways? Even in the best cases, when such issues are fatal, developers have historically been left with just a stack trace. Subtler issues, including latency spikes (which are just as bad as correctness bugs in the real-time domain where Node is especially popular) and other buggy behavior often leave even fewer clues to aid understanding. In this talk, we will discuss the issues we encountered in debugging Node.js in production, focusing upon the seemingly intractable challenge of extracting runtime state from the black hole that is a modern JIT'd VM.
We will describe the tools we've developed for examining this state, which operate on running programs (via DTrace), as well as VM core dumps (via a postmortem debugger). Finally, we will describe several nasty bugs we encountered in our own production environment: we were unable to understand these using existing tools, but we successfully root-caused them using these new found abilities to introspect the JavaScript VM.
The document provides instructions for setting up the file structure and dependencies needed to run WebRTC on iOS. It involves creating a disk image, checking out various plugins and dependencies, and modifying files in specific WebRTC modules and third party libraries to add iOS compatibility and address iOS-specific issues like threading and input handling. Key changes include adding iOS-compatible audio and video capture, modifying tests to work without stdin, and addressing OpenGL rendering differences between iOS and other platforms.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
The document discusses exploiting TrueType font (TTF) vulnerabilities to achieve kernel code execution on Windows systems. It begins by describing the discovery of exploitable bugs in a TTF fuzzer. Despite mitigations like KASLR, NX, SMAP, and CFG, the researchers were able to bypass these protections through techniques like controlled overflows, abusing plain kernel structures, and function-driven attacks. They show how to leverage wild overflows, control kernel memory layout, and hijack control flow to achieve arbitrary code execution. The document emphasizes that OS design weaknesses allow bypassing modern defenses through clever bug chaining and memory manipulation.
- Systemd is now the most widely used Linux init system, replacing sysVinit. It has a superior design with tight integration with the Linux kernel.
- Systemd aims to extract duplicate functionality from individual daemons and replace init scripts with declarative configuration files. It provides a single daemon, systemd, to manage all system services.
- While systemd exemplifies needed modernization of Linux, its rapid development and deprecation of features could cause problems during the transition by distributions.
The document introduces the Linux-ready Firmware Developer Kit, an open source project that provides a bootable CD for testing firmware against Linux. It allows firmware developers to easily test and validate their firmware's compatibility with Linux. The kit runs automated tests on the firmware and displays results to help uncover bugs and issues. It aims to improve Linux support in firmware and lower the barrier for firmware developers to test with Linux. A demo of the kit is shown, highlighting some of its automated tests and capabilities.
Jemalloc can help debug memory leaks in ATS plugins. It provides memory profiling by sampling memory allocations and dumping profiles to files. These profiles can then be viewed as gifs to analyze the call graph. The author provides two case studies where jemalloc helped identify leaks - a leak over months in ATS fronting APIs, and a 12 hour leak from a bug in their Brotli plugin. Jemalloc also improved ATS scalability by addressing issues with memory operations and plugins stressing the CPU to higher utilization.
Easier, Better, Faster, Safer Deployment with Docker and Immutable ContainersC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1W22OMy.
Jerome Petazzoni explains in detail the advantages of immutable servers, then how to implement them with containers in general, and Docker in particular. Filmed at qconnewyork.com.
Jerome Petazzoni is a senior engineer at Docker, where he helps others to containerize all the things. In another life he built and operated Xen clouds when EC2 was just the name of a plane, developed a GIS to deploy fiber interconnects through the French subway, managed commando deployments of large-scale video streaming systems in bandwidth-constrained environments such as conference centers.
Ryan Goulding and Colin Dixon's presentation from the 2017 Open Networking Summit on Making Strongly-typed NETCONF Usable.
NETCONF's use of strongly-typed YANG to describe device configuration makes safe and robust device configuration possible, but also exposes complexities in operation. Most deployments choose to use a controller or management system to help with issues of inventory and credential management. Further, this controller often does sanity checks to ensure that operations are likely to be successful on devices and, if not, there is useful debugging information. Frustratingly, this exposes trade-offs between relying on strict enforcement of YANG to catching errors early and more relaxed behavior to enable compatibility with imperfect NETCONF implementations in the real world. We show how we navigated these trade-offs to provide a flexible, open-source NETCONF solution that is strongly-typed and enables simple configuration changes for compatibility with imperfect NETCONF implementations.
Learn why you should put your blackbox (or system/integration) tests into Docker Containers.
Brief (remedial) overview of Docker for software testers who don't know docker, and only need to know the basics to wrap their regression tests inside of a container.
It’s 2021. Why are we -still- rebooting for patches? A look at Live Patching.All Things Open
Presented by: Igor Seletskiy
Presented at the All Things Open 2021
Raleigh, NC, USA
Raleigh Convention Center
Abstract: IT Teams know the drill. New security bulletins, new issues, new patches to deploy. Schedule another maintenance operation and prepare for system downtime.
There is a better way to do things. Live patching has been around in the Linux Kernel for some time now, but adoption has not been ideal so far - either because of a lack of trust in the technology or just lack of awareness - or sysadmins just enjoy interrupting their workloads or users.
Live patching consists of two aspects. First, there has to be a mechanism for function redirection in the kernel. As in many things, the kernel actually provides three different subset of tools that provide this functionality - kprobes, fprobes and Livepatching. Secondly, Live Patching relies on a set of tools to generate the actual patches to deploy, replacing the old code with new one. This is arguably the most involved part: you need to fit your new code in the proper space, you can’t overwrite other unrelated code and you need to maintain compatibility with other functions. If you change your parameter list, for example, its game over - something will break in the worst possible way.
In this talk we’ll go over issues like Consistency model, patch generation, deployment mechanisms and identify situations that are ideal candidates for live patching instead of traditional patching operations.
This document discusses Linux kernel crash capture and analysis. It begins with an overview of what constitutes a kernel crash and reasons crashes may occur, both from hardware and software issues. It then covers using kdump to capture virtual memory cores (vmcores) when a crash happens, and configuring kdump for optimal core collection. Finally, it discusses analyzing vmcores after collection using the crash utility, including commands to inspect system information, backtraces, logs, and more.
Similar to Kernel Recipes 2019 - CVEs are dead, long live the CVE! (20)
Kernel Recipes 2019 - Driving the industry toward upstream firstAnne Nicolas
This document discusses the benefits of contributing device drivers and other code to the Linux kernel upstream first instead of maintaining private branches. It outlines Chrome OS's strategy of picking long-term stable kernels and contributing hardware support to upstream. While challenging, working upstream provides many benefits like free code reviews, bugfixes, and easier updates. The document shows that Chrome OS contributions have helped increase upstream support for vendors' devices and that there is still work remaining to upstream GPU and other drivers. It demos mainlining the Samsung Chromebook Plus by using the open source Panfrost GPU driver instead of a vendor driver.
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
At a rate of almost 9 changes per hour (24/7), the Linux kernel is definitely a scary beast. Bugs are introduced on a daily basis and, through the use of multiple code analyzers, *some* of them are detected and fixed before they hit mainline. Over the course of the last few years, Gustavo has been fixing such bugs and many different issues in every corner of the Linux kernel. Recently, he was in charge of leading the efforts to globally enable -Wimplicit-fallthrough; which appears by default in Linux v5.3. This presentation is a report on all the stuff Gustavo has found and fixed in the kernel with the support of the Core Infrastructure Initiative.
Gustavo A.R. Silva
Kernel Recipes 2019 - Metrics are moneyAnne Nicolas
In I.T. we all use all kinds of metrics. Operations teams rely heavily on these, especially when things go south. These metrics are sometimes overrated. Let’s dive into a few real life stories together.
Aurélien Rougemont
Kernel Recipes 2019 - Kernel documentation: past, present, and futureAnne Nicolas
This document discusses the current state and future plans for Linux kernel documentation. It notes that documentation has transitioned from DocBook to Sphinx/RST, improving formatting and integration. There are now over 3,000 documentation files and many kerneldoc comments. Future plans include converting remaining text files, updating ancient documents, improving organization by topic, integrating documentation better, and enhancing the documentation toolchain. The goal is to improve documentation to better help kernel developers, users and the community.
Embedded Recipes 2019 - Knowing your ARM from your ARSE: wading through the t...Anne Nicolas
Modern SoC designs incorporate technologies from numerous vendors, each with their own inconsistent, confusing, undocumented and even contradictory terminology. The result is a mess of acronyms and product names which have a surprising impact on the ability to develop reusable, modular code thanks to the nature of the underlying IP being obscured.
This presentation will dive into some of the misnomers plaguing the Arm ecosystem, with the aim of explaining why things are like they are, how they fit together under the architectural umbrella and how you, as a developer, can decipher the baffling ingredients list of your next SoC design!
Will Deacon
Kernel Recipes 2019 - GNU poke, an extensible editor for structured binary dataAnne Nicolas
GNU poke is a new interactive editor for binary data. Not limited to editing basic ntities such as bits and bytes, it provides a full-fledged procedural, interactive programming language designed to describe data structures and to operate on them. Once a user has defined a structure for binary data (usually matching some file format) she can search, inspect, create, shuffle and modify abstract entities such as ELF relocations, MP3 tags, DWARF expressions, partition table entries, and so on, with primitives resembling simple editing of bits and bytes. The program comes with a library of already written descriptions (or “pickles” in poke parlance) for many binary formats.
GNU poke is useful in many domains. It is very well suited to aid in the development of programs that operate on binary files, such as assemblers and linkers. This was in fact the primary inspiration that brought me to write it: easily injecting flaws into ELF files in order to reproduce toolchain bugs. Also, due to its flexibility, poke is also very useful for reverse engineering, where the real structure of the data being edited is discovered by experiment, interactively. It is also good for the fast development of prototypes for programs like linkers, compressors or filters, and it provides a convenient foundation to write other utilities such as diff and patch tools for binary files.
This talk (unlike Gaul) is divided into four parts. First I will introduce the program and show what it does: from simple bits/bytes editing to user-defined structures. Then I will show some of the internals, and how poke is implemented. The third block will cover the way of using Poke to describe user data, which is to say the art of writing “pickles”. The presentation ends with a status of the project, a call for hackers, and a hint at future works.
Jose E. Marchesi
Kernel Recipes 2019 - Analyzing changes to the binary interface exposed by th...Anne Nicolas
Operating system distributors often face challenges that are somewhat different from that of upstream kernel developers. For instance, some kernel updates often need to stay at least binary compatible with modules that might be “out of tree” for some time.
In that context, being able to automatically detect and analyze changes to the binary interface exposed by the kernel to its module does have some noticeable value.
The Libabigail framework is capable of analyzing ELF binaries along with their accompanying debug info in the DWARF format, detect and report changes in types, functions, variables and ELF symbols. It has historically supported that for user space shared libraries and application so we worked to make it understand the Linux kernel
binaries.
In this presentation, we are going to present the current support of ABI analysis for Linux Kernel binaries, the challenges we face, how we address them and the plans we have for the future.
Dodji Seketeli, Jessica Yu, Matthias Männich
Embedded Recipes 2019 - Remote update adventures with RAUC, Yocto and BareboxAnne Nicolas
Different upgrade and update strategies exist when it comes to embedded Linux system. If at development time none of these strategies have been chosen, adding them afterwards can be tedious task.
Even harder it gets when the system is already deployed in the field and only accessible via a 3G connection.
This talk is a developer experience of putting in place exactly that. Giving a return of experience on one way of doing it on a system running Barebox and a Yocto-based distribution.
Patrick Boettcher
Embedded Recipes 2019 - Making embedded graphics less specialAnne Nicolas
Open-source graphics drivers are helping to make embedded systems less specialized by standardizing interfaces like KMS, DRI, and Mesa. Mesa provides implementations of graphics APIs like OpenGL and Vulkan via drivers for different GPUs. Combined with Wayland, this allows applications to run on embedded systems like a modern Linux desktop without platform-specific code. Current open-source drivers like Freedreno, Etnaviv, and Panfrost support GPUs from vendors like Qualcomm and ARM and are under active development by their respective communities.
Embedded Recipes 2019 - Linux on Open Source Hardware and Libre SiliconAnne Nicolas
This talk will explore Open Source Hardware projects relevant to Linux, including boards like BeagleBone, Olimex OLinuXino, Giant board and more. Looking at the benefits and challenges of designing Open Source Hardware for a Linux system, along with BeagleBoard.org’s experience of working with community, manufacturers, and distributors to create an Open Source Hardware platform. In closing also looking at the future, Libre Silicon like RISC-V designs, and where this might take Linux.
Drew Fustini
Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas
The I2C subsystem is not the shiniest part of the Linux Kernel. For embedded devices, though, it is one of the many puzzle pieces which just have to work. Wolfram Sang has the experience of maintaining this subsystem for nearly 7 years now. This talk gives a short overview of how maintaining works in general and specifically in this subsystem. But mainly, it will highlight noteworthy points in the timeline and lessons learnt from that. It will present trends, not so much regarding I2C but more the Linux Kernel and the embedded ecosystem in general. And of course, there will be plenty of anecdotes and bits from behind the scenes for your entertainment.
Wolfram Sang
Embedded Recipes 2019 - Testing firmware the devops wayAnne Nicolas
ITRenew is selling recertified OCP servers under the Sesame brand, those servers come either with their original UEFI BIOS or with LinuxBoot. The LinuxBoot project is pushing the Linux kernel inside bios flash and using userland programs as bootloader.
To achieve quality on our software stack, as any project, we need to test it. Traditional BIOS are tested by hand, this is 2019 we need to do it automatically! We already presented the hardware setup behind the LinuxBoot CI, this talk will focus on the software.
We use u-root for our userland bootloader; this software is written in Go so we naturally choose to use Go for our testing too. We will present how we are using and extending the Go native test framework `go test` for testing embedded systems (serial console) and improving the report format for integration to a CI.
Julien Viard de Galbert
Embedded Recipes 2019 - Herd your socs become a matchmakerAnne Nicolas
This document discusses device tree matching for embedded systems. It covers:
- The history of device matching in Linux, from architecture-specific to discoverable buses to the modern device framework.
- How device trees improved the situation by providing a standardized hardware description and stable ABI, separating this from OS configuration.
- Best practices for designing compatible value schemes and supporting a variety of similar devices across SoC families in device trees and drivers.
- Different techniques for matching devices and drivers like compatible values, soc_device_match(), and quirk handling classes.
- Examples of implementing matching for Renesas SoCs and addressing differences across revisions.
Embedded Recipes 2019 - LLVM / Clang integrationAnne Nicolas
This document discusses the integration of LLVM and Clang into Buildroot. It provides an overview of LLVM and Clang, the objectives of integrating them into Buildroot, and the initial integration work done. It then covers cross-compiling Linux with Clang and some conclusions. Some key points include:
- LLVM is an open source compiler infrastructure that includes the Clang C/C++ compiler. It uses an intermediate representation and focuses on compile time and code generation performance.
- The initial integration into Buildroot included LLVM, Clang, and Mesa 3D driver support. It aimed to enable OpenCL and add new packages.
- Cross-compiling Linux and userspace applications with Clang
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Embedded Recipes 2019 - Pipewire a new foundation for embedded multimediaAnne Nicolas
PipeWire is an open source project that aims to greatly improve audio and video handling under Linux. Utilising a fresh design, it bridges use cases that have been previously addressed by different tools – or not addressed at all -, providing ground for building complex, yet secure and efficient, multimedia systems.
In this talk, Julien is going to present the PipeWire project and the concepts that make up its design. In addition, he is going to give an update of the current and future work going on around PipeWire, both upstream and in Automotive Grade Linux, an early adopter that Julien is actively working on.
Julian Bouzas
Kernel Recipes 2019 - ftrace: Where modifying a running kernel all startedAnne Nicolas
The document describes the ftrace function tracing tool in Linux kernels. It allows attaching to functions in the kernel to trace function calls. It works by having the GCC compiler insert indirect function entry calls. These calls are recorded during linking and replaced with nops at boot time for efficiency. This allows function tracing with low overhead by tracing the indirect function entry calls.
Kernel Recipes 2019 - Suricata and XDPAnne Nicolas
Suricata is a network threat detection engine using network packets capture to reconstruct the traffic till the application layer and find threats on the network using rules that define behavior to detect. This task is really CPU intensive and discarding non interesting traffic is a solution to enable a scaling of Suricata to 40gbps and other.
This talk will present the latest evolution of Suricata that knows uses eBPF and XDP to bypass traffic. Suricata 5.0 is supporting the hardware XDP to provide ypass with network card such as Netronome. It also takes advantage of pinned maps to get persistance of the bypassed flows. This talk will cover the different usage of XDP and eBPF in Suricata and shows how it impact performance and usability. If development time permit, the talk will also cover AF_XDP and the impact on this new capture method on Suricata.
Eric Leblond
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
System memory configuration is a transparent operation nowadays, something that we all came to expect to just work out of the box. Still, it does happen behind the scenes every single time we boot our computers. This requires the cooperation of hardware components on the mainboard and on memory modules themselves, as well as firmware code to drive these. While it is possible to just let it happen, having a deeper understanding of how it works makes it possible to access valuable information from the operating system at run-time.
I will take you through the history of system memory configuration from the mid 70s to now. We will explore the different types of memory modules, how their configuration data is stored and how the firmware can access them. We will see which problems had to be solved along the way and how they were solved. Lastly we will see how Linux supports reading the memory configuration information and what you can do with that information.
Jean Delvare
Kernel Recipes 2019 - Formal modeling made easyAnne Nicolas
Modeling parts of Linux has become a recurring topic. For instance, the memory model, the model for PREEMPT_RT synchronization, and so on. But the term "formal model" causes panic for most of the developers. Mainly because of the complex notations and reasoning that involves formal languages. It seems to be a very theoretical thing, far from our day-by-day reality.
Believe me. Modeling can be more practical than you might guess!
This talk will discuss the challenges and benefits of modeling, based on the experience of developing the PREEMPT_RT model. It will present a methodology for modeling the Linux behavior as Finite-State Machines (automata), using terms that are very known by kernel developers: tracing events! With the particular focus on how to use models for the formal verification of Linux kernel, at runtime, with low overhead, and in many cases, without even modifying Linux kernel!
Daniel Bristot de Oliveira
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
When it is all about ERP solutions, companies typically meet their needs with common ERP solutions like SAP, Oracle, and Microsoft Dynamics. These big players have demonstrated that ERP systems can be either simple or highly comprehensive. This remains true today, but there are new factors to consider, including a promising new contender in the market that’s Odoo. This blog compares Odoo ERP with traditional ERP systems and explains why many companies now see Odoo ERP as the best choice.
What are ERP Systems?
An ERP, or Enterprise Resource Planning, system provides your company with valuable information to help you make better decisions and boost your ROI. You should choose an ERP system based on your company’s specific needs. For instance, if you run a manufacturing or retail business, you will need an ERP system that efficiently manages inventory. A consulting firm, on the other hand, would benefit from an ERP system that enhances daily operations. Similarly, eCommerce stores would select an ERP system tailored to their needs.
Because different businesses have different requirements, ERP system functionalities can vary. Among the various ERP systems available, Odoo ERP is considered one of the best in the ERp market with more than 12 million global users today.
Odoo is an open-source ERP system initially designed for small to medium-sized businesses but now suitable for a wide range of companies. Odoo offers a scalable and configurable point-of-sale management solution and allows you to create customised modules for specific industries. Odoo is gaining more popularity because it is built in a way that allows easy customisation, has a user-friendly interface, and is affordable. Here, you will cover the main differences and get to know why Odoo is gaining attention despite the many other ERP systems available in the market.
Top 9 Trends in Cybersecurity for 2024.pptxdevvsandy
Security and risk management (SRM) leaders face disruptions on technological, organizational, and human fronts. Preparation and pragmatic execution are key for dealing with these disruptions and providing the right cybersecurity program.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Kernel Recipes 2019 - CVEs are dead, long live the CVE!
1. CVEs are dead, long live the CVE!
Greg Kroah-Hartman
gregkh@linuxfoundation.org
github.com/gregkh/presentation-cve
2. Disclaimer
All of this is just my personal opinion,
based on working with CVEs since they
were first created in 1999.
Nothing in here reflects the opinion of
the Linux Foundation or any other Linux
kernel developer. But hopefully I can
convince them to agree with me.
3. CVE
●
One identifier for one vulnerability / exposure
● One description for that vulnerability
●
Dictionary not a database
●
“The way to interoperability and better security
coverage”
Common Vulnerabilities & Exposures
13. CVE/NVD problems
●
Missing or rejected vulnerabilities
●
Delayed assignment of identifiers
●
Poor descriptions of vulnerabilities
● Over/Under-inflated vulnerability scores
●
Abuse by engineers to circumvent internal procedures
●
Abuse by developers to pad resumes
●
Difficulty in revoking invalid identifiers
●
Inability to handle ongoing/complex problems
requiring multiple fixes over extended periods of time
●
Run by USA Government
15. CVE/NVD problems
●
Inability to handle ongoing/complex problems
requiring multiple fixes over extended periods of
time
– Spectre 1 has 1 CVE entry (CVE-2017-5753)
– Took 10+ original patches
– 100+ more patches over the past 2 years
– Still being fixed
– NVD does NOT point to the fixes needed
17. CVE-2019-12379
“An issue was discovered in con_insert_unipair in
drivers/tty/vt/consolemap.c in the Linux kernel
through 5.1.5. There is a memory leak in a certain
case of an ENOMEM outcome of kmalloc.”
18. commit 84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac
Author: Gen Zhang <blackgod016574@gmail.com>
Date: Thu May 23 08:34:52 2019 +0800
consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c
In function con_insert_unipair(), when allocation for p2 and p1[n]
fails, ENOMEM is returned, but previously allocated p1 is not freed,
remains as leaking memory. Thus we should free p1 as well when this
allocation fails.
Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index b28aa0d289f8..79fcc96cc7c0 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -489,7 +489,11 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)
p2 = p1[n = (unicode >> 6) & 0x1f];
if (!p2) {
p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL);
- if (!p2) return -ENOMEM;
+ if (!p2) {
+ kfree(p1);
+ p->uni_pgdir[n] = NULL;
+ return -ENOMEM;
+ }
memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the characters (yet) */
}
19. CVE-2019-12379 timeline
27/05/2019 – CVE published
28/05/2019 – NVD analyzed, score “Medium”
06/06/2019 – Fedora 5.1.6 kernel release
09/06/2019 – Fedora 5.1.7 kernel release
02/07/2019 – *DISPUTED*, link to revert
10/07/2019 – Netapp advisory for 5.1.3 kernel release
(5.1.3 was released 16/05/2019)
20. commit 15b3cd8ef46ad1b100e0d3c7e38774f330726820
Author: Ben Hutchings <ben@decadent.org.uk>
Date: Tue Jun 4 19:00:39 2019 +0100
Revert "consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c"
This reverts commit 84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac.
con_insert_unipair() is working with a sparse 3-dimensional array:
- p->uni_pgdir[] is the top layer
- p1 points to a middle layer
- p2 points to a bottom layer
If it needs to allocate a new middle layer, and then fails to allocate
a new bottom layer, it would previously free only p2, and now it frees
both p1 and p2. But since the new middle layer was already registered
in the top layer, it was not leaked.
However, if it looks up an *existing* middle layer and then fails to
allocate a bottom layer, it now frees both p1 and p2 but does *not*
free any other bottom layers under p1. So it *introduces* a memory
leak.
The error path also cleared the wrong index in p->uni_pgdir[],
introducing a use-after-free.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: 84ecc2f6eb1c ("consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index 79fcc96cc7c0..b28aa0d289f8 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -489,11 +489,7 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)
p2 = p1[n = (unicode >> 6) & 0x1f];
if (!p2) {
p2 = p1[n] = kmalloc_array(64, sizeof(u16), GFP_KERNEL);
- if (!p2) {
- kfree(p1);
- p->uni_pgdir[n] = NULL;
- return -ENOMEM;
- }
+ if (!p2) return -ENOMEM;
memset(p2, 0xff, 64*sizeof(u16)); /* No glyphs for the characters (yet) */
}
21. CVE-2019-12379 timeline
21/05/2019 – original patch sent to lkml
23/05/2019 – v2 of patch sent based on review
24/05/2019 – v2 of patch sent again (v3???)
24/05/2019 – patch merged to tty-next tree
24/05/2019 – “probably the patch should just be removed...”
27/05/2019 – CVE issued
28/05/2019 – NVD analyzed, score “Medium”
04/06/2019 – Revert patch sent to lkml
04/06/2019 – Revert patch applied to tty-next tree
06/06/2019 – Fedora 5.1.7 kernel release
09/06/2019 – Fedora 5.1.8 kernel release
02/07/2019 – *DISPUTED*, link to revert
10/07/2019 – Netapp advisory for 5.1.3 kernel release
21/07/2019 – 5.3-rc1 is released with patch and revert applied
24. Linux kernel CVEs
●
2006-2018, 1005 CVEs assigned
– 41% (414) had a negative “fix date”
– 12 never fixed
– Average fix date, -100 days
– Longest fix dates, -3897 and 2348
– 88 fixed within 1 week
– Standard deviation 405 days
25. Linux bug fixes
●
≈22 a day
●
5% of upstream commits
●
Stable/longterm releases happen 1-2 times a week
●
Fully tested as unified release
●
Given to you for free!
26. Linux security fixes
●
Happen at least once a week
●
Look like any other bugfix
●
Many bugs not known to be security “related”
●
No differentiation between bug types
– “bug is a bug is a bug”
●
Very few CVEs ever get assigned for kernel issues
27. Linux security fixes != CVEs
●
Small fraction of kernel fixes get CVEs
●
If you only cherry-pick CVEs you have an insecure
system
●
CVEs have follow-on fixes not documented
anywhere
28. “If you are not using a supported
Linux distribution kernel, or a
stable / longterm kernel, you have
an insecure system.”
– me
29. “If you are not using a supported
Linux distribution kernel, or a
stable / longterm kernel, you have
an insecure system.”
– me
30. “popular phone” - March 2019, 4.14.85
●
8.785 files changed, 3.380.040 lines added, 159.366 lines
removed
●
Compared to 4.14.108 (May 2019)
– 1759 patches behind
– 36 patches taken
●
f2fs, thermal, mm logging cleanups, exynos specific fixes
– Missed:
●
12 documented CVEs!
– HID and networking
●
Bugfixes for mm core, networking vulnerabilities, wireless fixes,
HID, f2fs, ext4, ARM core, sound, input, USB, spinlock fixes!!!,
netfilter, crypto, UFS, video, and more.
31. LTS kernels fix problems
●
Bugs are fixed before you realize it
●
Google security team requests for Pixel phones in
2018:
– 92% (201/218) problems were already fixed in an
LTS kernel
– No need for cherry-picking at all
– Remaining issues were due to out-of-tree code
36. commit 15b3cd8ef46ad1b100e0d3c7e38774f330726820
Author: Ben Hutchings <ben@decadent.org.uk>
Date: Tue Jun 4 19:00:39 2019 +0100
Revert "consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c"
This reverts commit 84ecc2f6eb1cb12e6d44818f94fa49b50f06e6ac.
con_insert_unipair() is working with a sparse 3-dimensional array:
- p->uni_pgdir[] is the top layer
- p1 points to a middle layer
- p2 points to a bottom layer
If it needs to allocate a new middle layer, and then fails to allocate
a new bottom layer, it would previously free only p2, and now it frees
both p1 and p2. But since the new middle layer was already registered
in the top layer, it was not leaked.
However, if it looks up an *existing* middle layer and then fails to
allocate a bottom layer, it now frees both p1 and p2 but does *not*
free any other bottom layers under p1. So it *introduces* a memory
leak.
The error path also cleared the wrong index in p->uni_pgdir[],
introducing a use-after-free.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Fixes: 84ecc2f6eb1c ("consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
index 79fcc96cc7c0..b28aa0d289f8 100644
--- a/drivers/tty/vt/consolemap.c
+++ b/drivers/tty/vt/consolemap.c
@@ -489,11 +489,7 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)
37.
38. commit 7caac62ed598a196d6ddf8d9c121e12e082cac3a
Author: Wen Huang <huangwenabc@gmail.com>
Date: Wed Aug 28 10:07:51 2019 +0800
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
mwifiex_update_vs_ie(),mwifiex_set_uap_rates() and
mwifiex_set_wmm_params() call memcpy() without checking
the destination size.Since the source is given from
user-space, this may trigger a heap buffer overflow.
Fix them by putting the length check before performing memcpy().
This fix addresses CVE-2019-14814,CVE-2019-14815,CVE-2019-14816.
Signed-off-by: Wen Huang <huangwenabc@gmail.com>
Acked-by: Ganapathi Bhat <gbhat@marvell.comg>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
39. commit 941431c491a68e0428bdfb46bbe4cbc52f7bfabb
Author: Wen Huang <huangwenabc@gmail.com>
Date: Wed Aug 28 10:07:51 2019 +0800
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
commit 7caac62ed598a196d6ddf8d9c121e12e082cac3a upstream.
mwifiex_update_vs_ie(),mwifiex_set_uap_rates() and
mwifiex_set_wmm_params() call memcpy() without checking
the destination size.Since the source is given from
user-space, this may trigger a heap buffer overflow.
Fix them by putting the length check before performing memcpy().
This fix addresses CVE-2019-14814,CVE-2019-14815,CVE-2019-14816.
Signed-off-by: Wen Huang <huangwenabc@gmail.com>
Acked-by: Ganapathi Bhat <gbhat@marvell.comg>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
44. Something “new” requirements
● Unique identifier
● Distributed
● Able to be ‘revised’ over time
● Searchable
●
Public
Git commit id!!!
45. Something “new” requirements
● Unique identifier
● Distributed
● Able to be ‘revised’ over time
● Searchable
●
Public
●
No one knows what this is
Git commit id!!!
48. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
49. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
● Linux Commit id (LCI)
50. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
● Linux Commit id (LCI)
● Kernel Git id (KGI)
51. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
● Linux Commit id (LCI)
● Kernel Git id (KGI)
●
Git Kernel id (GKI)
52. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
● Linux Commit id (LCI)
● Kernel Git id (KGI)
●
Git Kernel id (GKI)
●
Git Kernel Hash (GKH)
53. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
● Linux Commit id (LCI)
● Kernel Git id (KGI)
●
Git Kernel id (GKI)
●
Git Kernel Hash (GKH)
●
Git Hash id (GHI)
54. Marketing to the rescue!
● Linux Git Kernel id (LGKI)
● Linux Kernel id (LKI)
● Linux Commit id (LCI)
● Kernel Git id (KGI)
●
Git Kernel id (GKI)
●
Git Kernel Hash (GKH)
●
Git Hash id (GHI)
●
Change id (CID)
56. ~/linux/stable/linux-stable $ generate_cid.sh v4.19..v4.19.1^
CID-0fe5119e267f ("net: bridge: remove ipv6 zero address check in mcast queries")
CID-1f2b5b8e2df4 ("sparc64: Wire up compat getpeername and getsockname.")
CID-5b4fc3882a64 ("sparc64: Make corrupted user stacks more debuggable.")
CID-2b4792eaa9f5 ("sparc64: Export __node_distance.")
CID-713358369382 ("sctp: check policy more carefully when getting pr status")
CID-5ef79151c2fb ("Revert "be2net: remove desc field from be_eq_obj"")
CID-649f0837a8cc ("r8169: fix broken Wake-on-LAN from S5 (poweroff)")
CID-ece23711dd95 ("net: Properly unlink GRO packets on overflow.")
CID-7de414a9dd91 ("net: drop skb on failure in ip_check_defrag()")
CID-a22712a96291 ("mlxsw: core: Fix devlink unregister flow")
CID-ad0b9d94182b ("mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs")
CID-fb692ec4117f ("net/smc: fix smc_buf_unuse to use the lgr pointer")
CID-4ed591c8ab44 ("net/ipv6: Allow onlink routes to have a device mismatch if it is the default route")
CID-46ebe2834ba5 ("openvswitch: Fix push/pop ethernet validation")
CID-414dd6fb9a1a ("bonding: fix length of actor system")
CID-ff002269a4ee ("vhost: Fix Spectre V1 vulnerability")
CID-da71577545a5 ("rtnetlink: Disallow FDB configuration for non-Ethernet device")
CID-89ab066d4229 ("Revert "net: simplify sock_poll_wait"")
CID-db4f1be3ca9b ("net: udp: fix handling of CHECKSUM_COMPLETE packets")
CID-30549aab146c ("net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules")
CID-38b4f18d5637 ("net: sched: gred: pass the right attribute to gred_change_table_def()")
CID-d48051c5b837 ("net/mlx5e: fix csum adjustments caused by RXFCS")
CID-ee1abcf68935 ("ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called")
CID-5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
~/linux/stable/linux-stable $
57. How to “fix” CVEs
●
Ignore them!
●
Burn them down!
●
Create something new
58. How to “fix” CVEs
●
Ignore them!
●
Burn them down!
●
Create something new
●
Re-brand what we have been doing for 14 years
59. How to “fix” CVEs
●
Ignore them!
●
Burn them down!
●
Create something new
●
Re-brand what we have been doing for 14 years
Change ID
●
CID-[12 digit hexadecimal number]
●
CID-7caac62ed598